Re: New Version Notification for draft-ietf-bfd-vxlan-11.txt

Greg Mirsky <gregimirsky@gmail.com> Wed, 06 May 2020 00:11 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03FE83A0C6C; Tue, 5 May 2020 17:11:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-3sEpQRzaOp; Tue, 5 May 2020 17:11:07 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D933F3A0C68; Tue, 5 May 2020 17:11:06 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id 188so2869590lfa.10; Tue, 05 May 2020 17:11:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KvDFSr1FJ9C2YH3TOAMHFxm7lDQlgHYPgu+zMplq5BM=; b=MSgsG1kERo3Z0gtuttYvlsqkzjZue1BW9O05CLYNLzrM4f1wE4IsTyu375BmY6xdIB Wq8Rwz6BQAioc3DnaE6R1G8Uofr/qoUPjgL/N4J9LhxCUqV/afWzTrgPKArcIMw5etla ev8iQ4nfLyG7NYnS1rpST9PJa/ow2wRcEPG+KgK3gFoFHrxG2F9YVo5LStLCMe5pHpEg owxLqwhZmkWHE/uGIM5o0wjwNkjmPFGL+/CflYUGuUzVAUXnM9MkCktfm4FFaiTqTNET 9UqmfzB2gn/fFnAa5HpYjqXCXrcJd4HB8i5jYsHiKE4zgnivblRvnS0p27rKmblzDfgj FTnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KvDFSr1FJ9C2YH3TOAMHFxm7lDQlgHYPgu+zMplq5BM=; b=KwUV/APgGmnf0r1ocLoJ264WqeAL2uVhrqOWz8gkVwH+rohLmo2YGtCfBOY6ltmn00 lfBa6bJ7N3gICtv5OgN8HUHrnpEfgScEPLRnRoJ2iysXAv7JLEQESboPN6/GGu3YNnzE N2tW9094Tv+9rskRI555/kk6//WoKMEeQodgDb3eC+bWN/+3giIZxqVb9FV4/6tytLx3 UUC3l7BD/7e0dea3Y2gQxkjinIt6vNVN0dnzUqvFwxVrchsjf4JnAO9ngmlpX/28oJGl xrJFqC7WPy9w0kJw0ThMoc06bxj7csHkizoIPLPFgO3OjELn7XgaLBcaa7X/qE8VcU+a mw9Q==
X-Gm-Message-State: AGi0PuYir4d5+84aPIw6ThrJnaCYO4G0ImMfaUNRb+ujXGS1hB8jew9v Q/U6/kETU6eWBR6rnZ52QB/EkKa6vdY/g2gmOUA=
X-Google-Smtp-Source: APiQypJOgX1LDI2eec1jomQiwRG2luoZTcbYQJSH2u908O0RJrpVLfpja+AbA4mBKFEWJWuOgPFxP6V/nXG1TMRZ7KI=
X-Received: by 2002:a05:6512:308c:: with SMTP id z12mr3146961lfd.195.1588723864892; Tue, 05 May 2020 17:11:04 -0700 (PDT)
MIME-Version: 1.0
References: <158863263846.21115.1621770081697874195@ietfa.amsl.com> <CA+RyBmWxv7E+LRejhnbW0CjRYb6VGpdEm5Hq92UYrKoz6qGaBA@mail.gmail.com> <039E96B8-40E5-46B4-A519-434C2AEEAE47@cisco.com> <CA+RyBmXcRE1JmOSPcSq6ZFvpuaifssZOSqOPOvEppP7eW6QwXw@mail.gmail.com> <2BB0F1AC-3F6F-45CA-BF7E-93335D7C5106@cisco.com>
In-Reply-To: <2BB0F1AC-3F6F-45CA-BF7E-93335D7C5106@cisco.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 5 May 2020 17:10:53 -0700
Message-ID: <CA+RyBmVY10AFjLjzKQPp__JvBsuvdM2yZ+rM2C7m0Sir_DuKVw@mail.gmail.com>
Subject: Re: New Version Notification for draft-ietf-bfd-vxlan-11.txt
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, "bfd-chairs@ietf.org" <bfd-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009cfc4d05a4ef995f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/C1ETXMq5HAyhGrc7kZurf_25oBs>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 00:11:10 -0000

Dear Carlos,
I'll do top-posting to highlight the remaining points of discussion. Please
correct me if my understanding is not correct:

   - the reference to Section 5 RFC 5881 in the following sentence:

   Validation of TTL or Hop Limit of the inner IP packet is performed as
described in Section 5 [RFC5881].

I expect that a reader of BFD over VXLAN document is able to find the
relevant information in Section 5 of RFC 5881. Do you think that the
reference to Section 5 RFC 5881 might be confusing to the reader? Would you
suggest to use another reference without replicating the text from RFC 5881
in this document?


   - Security Considerations section

You've suggested:
Currently the security considerations does not say “security considerations
of 5881 apply here”, nor does it say “the ttl/hl protection isn’t useful in
foobar “

I think it should say both.

This draft discusses the use of BFD over VXLAN. Do you mean that 'foobar'
is BFD over VXLAN? Since security considerations in RFC 7348 are applicable
in this draft, I don't think that GTSM is not useful in the case of BFD
over VXLAN. Or I misinterpreted 'foobar'? Could you please clarify it?

 Would the following update is acceptable:
OLD TEXT:
   Other than requiring control of the number of BFD sessions between
   the same pair of VTEPs, this specification does not raise any
   additional security issues beyond those discussed in [RFC5880],
   [RFC5881], and [RFC7348].
NEW TEXT:
   Other than requiring control of the number of BFD sessions between
   the same pair of VTEPs, this specification does not raise any
   additional security issues beyond those discussed in [RFC5880],
   [RFC5881], and [RFC7348] that apply to this document.


   - Acknowledgments

Thank you. I'll thoroughly look through all the relevant discussion threads
in the mail archive.


Regards,
Greg


On Mon, May 4, 2020 at 7:52 PM Carlos Pignataro (cpignata) <
cpignata@cisco.com> wrote:

> Dear Greg,
>
> As I said, I did *not* review the updated version (or the changes)
> thoroughly (or superficially for that matter)
>
> Please do not count this as a review of the new revision, and instead
> consider the context that I laid for my reply.
>
> I only checked the changes for one comment I had made.
>
> Please see inline.
>
> Thumb typed by Carlos Pignataro.
> Excuze typofraphicak errows
>
> 2020/05/04 午後10:15、Greg Mirsky <gregimirsky@gmail.com>のメールt;のメール:
>
> Dear Carlos,
> thank you for your thorough review of the updated version,
>
>
> I didn’t. This is what I had said:
>
> I have not checked the diff and the new text regarding the Eth MAC and
> mgmt VNI.
>
> Assuming that was clear...
>
> helpful and
> constructive suggestions.
>
>
> Thanks. That was the intent, but only for the TTL/HL change.
>
> Please find my answers in-line tagged GIM>>.
>
> Regards,
> Greg
>
> On Mon, May 4, 2020 at 5:49 PM Carlos Pignataro (cpignata)
> <cpignata@cisco.com> wrote:
>
>
> Dear Greg,
>
>
> I have not checked the diff and the new text regarding the Eth MAC and
> mgmt VNI.
>
>
> However, these diffs also include a change that you did not mention: TTL /
> Hop Limit handling, which is one of the comments I had made.
>
>
> In that context, thank you very much! since this update partially
> (although largely) addresses my comment.
>
>
> Still missing:
>
>
>         TTL or Hop Limit: MUST be set to 255 in accordance with the
>
>         Generalized TTL Security Mechanism [RFC5881].
>
>
> CMP: this is an incorrect citation. The GTSM is RFC 5082, not RFC 5881. I
> recommend adding a Reference to RFC 5082 (as I’d suggested before).
>
> GIM>> Agreed, will change the reference to RFC 5082
>
>
> Thanks.
>
>
>   Validation of TTL or Hop Limit of the inner IP packet is performed as
>
>   described in Section 5 [RFC5881].
>
>
> CMP: This is an oversimplification. S5 of RFC 5881 explains not only how
> to validate TTL/HL, but also about demultiplexing tulles in presence of
> auth and various header fields.
>
> GIM>> I've compared Section 3 of RFC 5082 and Section 5 of RFC 5881
> and still believe that for this document the reference to Section 5 of
> RFC 5881 is more helpful to a reader and an implementor.
>
>
> Yes, I agree with this. I did not say “change this reference to 5082” —
> that was the previous comment on a different passage.
>
> Section 5
> provides an explicit specification on handling TTL/HC != 255 by a
> receiving BFD system. I think that it is important to reference
> Section 5, as the handling of TTL/HC != 255 is different depending on
> whether the BFD session is in unauthenticated or authenticated mode.
> Would you agree?
>
>
> Yes, but that’s orthogonal to my comment.
>
> My point is that the relevant text from section 5 does more than simply “
> Validation of TTL or Hop Limit ”
>
>
> 9.  Security Considerations
>
>
> CMP: A discussion on the positive impact of using GTSM would help here.
>
> GIM>> The Security Consideration section in RFC 5881 provides the
> excellent text on the benefit of using GTSM in both, unauthenticated
> and authenticated, modes. the last para in the Security Consideration
> section of this document mentioned the discussion in several RFCs,
> including in RFC 5881. Do you think that an additional text about the
> use of GTSM in single-hop BFD should be added in this document?
>
>
> Yes, that’s why I made the comment!
>
> Currently the security considerations does not say “security
> considerations of 5881 apply here”, nor does it say “the ttl/hl protection
> isn’t useful in foobar “
>
> I think it should say both.
>
> Could
> you suggest some text?
>
>
> 11.  Acknowledgments
>
>
> CMP: Both professional courtesy as well as proper record and provenance
> tracking suggest keeping an updated Acknowledgements section.
>
> GIM>> My apologies, I've updated the working version accordingly.
>
>
> To be clear, I’m not talking about me but about others who invested more
> time helping with this doc, like Joel and others. It would be useful to go
> through the list archive (to also ensure all comments are captured, since
> they were made SO long ago)
>
> Best,
>
> Carlos.
>
>
> Best,
>
>
> —
>
> Carlos Pignataro, carlos@cisco.com
>
>
> “Sometimes I use big words that I do not fully understand, to make myself
> sound more photosynthesis."
>
>
> 2020/05/04 午後6:58、Greg Mirsky <gregimirsky@gmail.com>のメールt;のメール:
>
>
> Dear All,
>
> my apologies for holding off this upload. The update is to address a
>
> set of comments related to the use of destination Ethernet MAC in the
>
> inner Ethernet frame that encapsulates a BFD control message. A new
>
> section on the use of the Management VNI has been added and the
>
> document now considers only the case of using the Management VNI to
>
> transmitted receive BFD control messages.
>
> Always welcome your questions and comments.
>
>
> Regards,
>
> Greg
>
>
> ---------- Forwarded message ---------
>
> From: <internet-drafts@ietf.org>
>
> Date: Mon, May 4, 2020 at 3:50 PM
>
> Subject: New Version Notification for draft-ietf-bfd-vxlan-11.txt
>
> To: Mallik Mudigonda <mmudigon@cisco.com>om>, Sudarsan Paragiri
>
> <sudarsan.225@gmail.com>om>, Greg Mirsky <gregimirsky@gmail.com>om>, Santosh
>
> Pallagatti <santosh.pallagatti@gmail.com>om>, Vengada Prasad Govindan
>
> <venggovi@cisco.com>
>
>
>
>
> A new version of I-D, draft-ietf-bfd-vxlan-11.txt
>
> has been successfully submitted by Greg Mirsky and posted to the
>
> IETF repository.
>
>
> Name:           draft-ietf-bfd-vxlan
>
> Revision:       11
>
> Title:          BFD for VXLAN
>
> Document date:  2020-05-04
>
> Group:          bfd
>
> Pages:          11
>
> URL:
> https://www.ietf.org/internet-drafts/draft-ietf-bfd-vxlan-11.txt
>
> Status:         https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
>
> Htmlized:       https://tools.ietf.org/html/draft-ietf-bfd-vxlan-11
>
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan
>
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-vxlan-11
>
>
> Abstract:
>
>  This document describes the use of the Bidirectional Forwarding
>
>  Detection (BFD) protocol in point-to-point Virtual eXtensible Local
>
>  Area Network (VXLAN) tunnels used to form an overlay network.
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
>
> until the htmlized version and diff are available at tools.ietf.org.
>
>
> The IETF Secretariat
>
>
>
>