Re: Level of standardization of the Echo mode of BFD [Re: Tsvart last call review of draft-ietf-bfd-vxlan-07]

Greg Mirsky <gregimirsky@gmail.com> Wed, 10 July 2019 23:42 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B046B12009E; Wed, 10 Jul 2019 16:42:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.702
X-Spam-Level:
X-Spam-Status: No, score=-0.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u7bUPHw9aoCg; Wed, 10 Jul 2019 16:42:41 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24829120073; Wed, 10 Jul 2019 16:42:41 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id v18so3822598ljh.6; Wed, 10 Jul 2019 16:42:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z0GAKc8ckYJuN1cJiimhiTzce0ZmlFUQ9E1hoMXdul4=; b=SZSMNDuJXwRMgo3CIvYNC+8RkPrtrRwuhI1JNdr2oyFSKBigxrcr392fdUV7VAmgrc 7Yt07L2o/VqRtyfSCVvt4t9QOOMKmFO6sfqKl3HYUZvBDLbEcPKEU4wFZ11KWFc9Xn4v iPsJtnki8zBSKn9YGopAEPYQ9HbjjuvX0C8ecErvcf9YHIYGZiPxz9dZ/AjUNSB5Hkfn AL5JlV8ijOx6R0yEwJWz/CprwOunktxKzJjLRhVTnU2MeBEJbNSL9koEjLVlOUjTt9aF /RbGG4vggR3n76Z9+V/heZKRFtwXsxlQQV8ncG6GciOEjfPf3hfkGFvJC2wrm4tNHP5R vRUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z0GAKc8ckYJuN1cJiimhiTzce0ZmlFUQ9E1hoMXdul4=; b=dqyX0E2wp95otGmOhLgFDTF6iKx6+i4RFOsTdMhjg1sC0zCzrSyKLOFxPxr9lvR9Gs vVX334DWFzN2I3xyDW/HWzlk8e4uTCIpFqIt3gvwr9hb0Wultpq8Tq99CT8RHsWS+t5A ++qJTKjeGc3fbAFXHPusD7p8Ut9yprmVrrHtQz7yVAp7jUN9pmaZ8dSoSrV8yaUqvSM5 hxVte+oZJvVBXv277nHJxyrktKyWOGmv5n3ffGCvEhGm2H0q3VNes6JwANZchcjV8YEq xttvsuxOl7z2JtFaqcRgy5N7ClIG+nsVm6p+ZqbuLmCK50erdtiaQ6pIBd7BkdKFJ4Z9 DR6Q==
X-Gm-Message-State: APjAAAVarY9Pr2x5S6n21+RbPNgQGBBojPoupOvxrNzKMQoljfKrj7kq F7Xkj7v0ivilitBTzCMVZ0MUa0bIUGHMZqQuJeM=
X-Google-Smtp-Source: APXvYqxY4KUjrQjIRIFswq+0F0Qah+LrVckYVG0j4iEj7/GlYs3F3/Rg+qkSn2EQVG6e5LolJ8JN+JC8kEdWEhaAThM=
X-Received: by 2002:a2e:7614:: with SMTP id r20mr506727ljc.42.1562802158978; Wed, 10 Jul 2019 16:42:38 -0700 (PDT)
MIME-Version: 1.0
References: <155933149484.6565.7386019489022348116@ietfa.amsl.com> <CA+RyBmXu-F0cWDkBydE_aJaVpUv=k1otqUCc7NdRW4pnBK3tgA@mail.gmail.com> <14822B96-D3C6-495E-8661-198068F72ABA@cisco.com> <CA+RyBmUMbW=B3FNmqiQNmMLM27f9G+MeRL5MrAnCd04EP3vmrQ@mail.gmail.com> <8237FE8D-937E-4BCB-B1A3-89C2B3CDC51C@cisco.com> <CA+RyBmXAQ1esWKa8C6cgnn93YTyTh=JFUt187TS56bNND1OJOA@mail.gmail.com> <0B9FDA17-7F13-4FEC-AE97-40BC9D72C87B@cisco.com> <CA+RyBmVgQ8VXZ-A0-0jKqAmSRvJxg4DbZiRhW67jN224tsS3+Q@mail.gmail.com> <BADB8CA6-FCAC-47A3-8B06-F82E98A89549@cisco.com> <CA+RyBmVgV31+Zi+AkaOakm9FwbHUgr4OoYcUhfJtSVGPC-m5_A@mail.gmail.com> <BCEA05ED-5921-4E0D-B76E-2024F3B78ED7@cisco.com> <CA+RyBmWODaxGUYDEjAOaLzJCR6qx3w1yet1Y0BeP7RAqusExJQ@mail.gmail.com> <B976AA48-2C90-48CC-B087-B2528797AF35@cisco.com>
In-Reply-To: <B976AA48-2C90-48CC-B087-B2528797AF35@cisco.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Wed, 10 Jul 2019 16:42:27 -0700
Message-ID: <CA+RyBmWHr1yYjGZC5QTWViuuc=-tnL1yUn6tbcVJnyDryReXSQ@mail.gmail.com>
Subject: Re: Level of standardization of the Echo mode of BFD [Re: Tsvart last call review of draft-ietf-bfd-vxlan-07]
To: "Carlos Pignataro (cpignata)" <cpignata@cisco.com>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, rtg-bfd WG <rtg-bfd@ietf.org>, "draft-ietf-bfd-vxlan.all@ietf.org" <draft-ietf-bfd-vxlan.all@ietf.org>, Olivier Bonaventure <Olivier.Bonaventure@uclouvain.be>, IETF list <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a4a2a058d5c3b7f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/Gqs67dmjMeATKj6v96X8EbRIAqQ>
X-Mailman-Approved-At: Thu, 11 Jul 2019 06:25:32 -0700
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 23:42:47 -0000

Hi Carlos,
apologies for the delayed response. Please find my answers in-line tagged
GIM>>.

Regards,
Greg

On Wed, Jul 3, 2019 at 9:35 AM Carlos Pignataro (cpignata) <
cpignata@cisco.com>; wrote:

> Hello, Greg,
>
> Before you asked about RFC 5884, now RFC 5885, neither of which are
> references in draft-ietf-bfd-vxlan-07. Your new request is:
>
> > I hope that you can help me to answer a question related to the scope of
> RFC 5885.
>
> Asking about RFC 5885, published 9 years ago, is another distraction from
> the question at hand. It seems like a third-order red-herring, hasty
> generalization, or a “you also” if you are citing RFCs I co-authored.
>
> Once again, in my opinion, this does not get you closer to improving or
> furthering draft-ietf-bfd-vxlan-07, which should be the common goal on this
> thread.
>
> As a refresher, this was my initial question:
>
> > >>> > 4. Section 7 says that “ Support for echo BFD is outside the scope
> of this document”.
> > >>> >
> > >>> > Assuming this means “BFD Echo mode”, why is this out of scope?
>
>
> I am really interested in understanding what the reason(s) is (are) for
> out-scoping BFD Echo. Is it because of technical limitations? Lack of
> market demand? Lack of time to know the answer to this question?
>
> I am not asking for any change, just a question of whether the authors and
> WG considering the ROI of adding BFD Echo.
>
GIM>> The question of BFD Echo support over VXLAN, to the best of my
recollection, never came up. That sentence was added very early before WG
adopted the work. And, as I can recall, there were no questions, nor
suggestions to revisit the statement. Said that I propose the following
update to the document:

   - remove section Echo BFD
   - append Introduction section with

"This specification describes procedures only for BFD asynchronous mode."

Would these changes be acceptable and sufficient to address your concern
with the scope of the document?

>
> Best,
>
> Carlos.
>
>
> > On Jun 26, 2019, at 9:22 PM, Greg Mirsky <gregimirsky@gmail.com>; wrote:
> >
> > Hello Carlos,
> > I hope that you can help me to answer a question related to the scope of
> RFC 5885. In RFC 5885 is stated:
> >    This specification describes procedures only for BFD asynchronous
> mode.
> > Neither demand mode, nor Echo function of BFD is explicitly mentioned in
> RFC 5885. Hence my question If BFD over VXLAN changes from explicitly
> excluding the Echo function from the scope of the document to the
> definition of the scope like used in RFC 5885, would that address your
> concern?
> >
> > Regards,
> > Greg
> >
> > On Fri, Jun 21, 2019 at 5:19 PM Carlos Pignataro (cpignata) <
> cpignata@cisco.com>; wrote:
> > Hello, Greg,
> >
> > Thank you for having split this thread. I’ll note for ease of tracking
> that this specific issue is issue #4 our of the six quick comments I sent.
> >
> > Now, questions you ask like this one quoted from below:
> > > Would you suggest that the scope of RFC 5884 must include the BFD Echo
> function?
> >
> >
> > Are now second-order red herrings and, once again, not relevant to the
> issue — instead they avoid responding and prevent convergence. In my
> comment, I’m just asking for a technical explanation of why BFD Echo is out
> of scope.
> >
> >
> > Please see inline, your response is incorrect in 3 technical areas that
> I enumerate.
> >
> >
> > > On Jun 20, 2019, at 1:30 AM, Greg Mirsky <gregimirsky@gmail.com>;
> wrote:
> > >
> > > Hi Carlos,
> > > thank you for clarifying your opinion on the applicability of the BFD
> Echo mode.
> >
> > For correctness, I have not issued an "opinion on the applicability of
> the BFD Echo mode.” (Again, please do not mischaracterize!)
> >
> > My initial question was “why is this out of scope?” I believe scoping
> should be deliberate and intentional, and hence seeking to understand.
> >
> >
> > > I've split this thread to help us and others to follow the discussion
> on this particular issue. I'll note that RFC 5880 does not prohibit the
> remote system to perform any kind of processing on the packet received in
> the BFD Echo mode.
> >
> > This is technical mistake #1.
> >
> > RFC 5880 says:
> >
> >    The Echo function has the advantage of truly testing only the
> >    forwarding path on the remote system.
> >
> >
> > No other processing on the remote system — that is the benefit of Echo.
> >
> >
> > > Even more, Section 6.8.8 explicitly points out that a received Echo
> packet is likely to be processed:
> > >    A means of detecting missing Echo packets
> > >    MUST be implemented, which most likely involves processing of the
> > >    Echo packets that are received.  The processing of received Echo
> > >    packets is otherwise outside the scope of this specification.
> >
> >
> > This is technical mistake #2.
> >
> > What you are quoting is referring to the reception of Echo packet by the
> Echo packet *sender*. That is, the local system, not the remote system. The
> Echo packet is received by the same system that sent it (by definition of
> Echo!), and thus the node itself needs to demultiplex its own context...
> >
> >
> > > Thus, interoperability is one of the underspecified issues for BFD
> Echo.
> >
> > No. This is technical mistake #2b.
> >
> > There is no interoperability spec considerations between a system and
> itself (unless the sender of BFD Echo has split personality :-)
> >
> >
> >
> > > Secondly, the Echo BFD mode has been excluded from the scope of RFC
> 5884:
> > > Further, the use of the Echo function is outside the scope of this
> specification.
> >
> > This is technical mistake #3.
> >
> > It is really irrelevant to the question whether RFC 5884, which talks
> about BFD for unidirectional MPLS LSPs, scopes out BFD Echo.
> >
> > As I mentioned in my initial email, "If this is a single logical hop
> underneath VXLAN, what’s preventing the use of Echo?” RFC 5884 is different
> than (and not useful for or relevant to) the scenario in
> draft-ietf-bfd-vxlan.
> >
> >
> >
> > > Would you suggest that the scope of RFC 5884 must include the BFD Echo
> function?
> >
> >
> > I do not understand the context of this question. But as I mentioned,
> these questions take the thread in a direction that diverges from
> resolution.
> >
> > I have not suggested that any document includes anything. My comment is:
> what is the reason why BFD Echo is out of scope? Technically, this is a
> single hop at the VXLAN level for BFD.
> >
> >
> > Best,
> >
> > Carlos.
> >
> > >
> > > Regards,
> > > Greg
> > >
> > > On Thu, Jun 20, 2019 at 2:08 PM Carlos Pignataro (cpignata) <
> cpignata@cisco.com>; wrote:
> > > Hello, Greg,
> > >
> > > Yes, happy too answer your question.
> > >
> > > First, however, let me make two quick observations on the exchange:
> > >       • You seem to be picking very specific fragments or sub-topics
> from my comments, and following up on those only.
> > >       • I’m happy to continue answering these questions, but they are
> orthogonal to (and consequently a distraction from) the initial comments I
> raised.
> > >
> > > Now, your question: the BFD Echo packet format is generically spec’ed
> and defined in Section 5 of RFC 5880:
> > > https://tools.ietf.org/html/rfc5880#section-5
> > >
> > > The most relevant part is this:
> > >
> > >    The payload of a BFD Echo packet is a local matter, since only the
> > >    sending system ever processes the content.  The only requirement is
> > >    that sufficient information is included to demultiplex the received
> > >    packet to the correct BFD session after it is looped back to the
> > >    sender.
> > >
> > > Since the remote system does not process the echo packet content, it
> is a local matter only. And given the fact that, as such, there is no
> interoperability implications, there is no need to over-specify the packet
> format. The only requirement is that the sending system needs to be able to
> map it to a session when it boomerangs back.
> > >
> > > No, it is generally not (i.e., does not need to be, but there’s
> freedom to potentially be) a BFD control packet.
> > > Yes, it can be something else.
> > >
> > > That said, the packet format for BFD Echo has, to my analysis and
> understanding, no relevancy on the questions below.
> > >
> > > Best,
> > >
> > > Carlos.
> > >
> > >> On Jun 20, 2019, at 12:50 AM, Greg Mirsky <gregimirsky@gmail.com>;
> wrote:
> > >>
> > >> Hello Carlos,
> > >> could you please refer me to the specification of BFD that defines
> the message format that is used in the Echo mode of BFD. Is it the BFD
> control packet? Something else?
> > >>
> > >> Regards,
> > >> Greg
> > >>
> > >>
> > >> On Thu, Jun 20, 2019 at 11:09 AM Carlos Pignataro (cpignata) <
> cpignata@cisco.com>; wrote:
> > >> Hello, Greg,
> > >>
> > >> Please see inline.
> > >>
> > >>> On Jun 19, 2019, at 9:58 PM, Greg Mirsky <gregimirsky@gmail.com>;
> wrote:
> > >>>
> > >>> Hello Carlos,
> > >>> thank you for the expedient clarification.
> > >>> To your questions on demultiplexing BFD control packets with the
> zero value of the Your Discriminator field:
> > >>>     • only BFD control packets with the zero value of the Your
> Discriminator field are demultiplexed using the information of the inner IP
> header. I believe that the text is clear and requires that all fields of
> the inner IP header must be used to demultiplex a received BFD control
> packet with the zero value in the Your Discriminator field. Which of the
> fields an implementation uses to create multiple BFD sessions between the
> pair of VTEPs is implementation specific.
> > >> This text is repeating was is in the draft, but does not answer any
> of my questions.
> > >>
> > >> For example:
> > >> 1. "that all fields of the inner IP header must be used to
> demultiplex a received BFD control packet”
> > >>     -> The text does not say “all fields”, but regardless, do you
> mean the DSCP and the Evil Bit? IPv6 Flow Label? How *exactly*?
> > >> 2. How is the mapping of IP (not UDP?) fields to BFD session done?
> > >> 3. How is this state created and maintained?
> > >> 4. Since this is a set of fields on which two systems need to agree
> (which fields from the inner IP/UDP are mapped needs to be understood by
> both systems), it cannot be “implementation specific”. Further, the text
> does not say so.
> > >>
> > >>> To your point on the level Echo mode of BFD is specified in RFC 5880
> I'll quote the opinion of Jeffrey Haas from the discussion of comments from
> Shawn Emery on behalf of the SecDir. Shawn had commented:
> > >>> Echo BFD is out of scope for the document, but does not describe the
> reason for this or why state
> > >>> this at all?
> > >>> I've responded:
> > >>> GIM>> I think that the main reason is that the BFD Echo mode is
> underspecified. RFC 5880 defined some of the mechanisms related to the Echo
> mode, but more standardization work may be required.
> > >>> And Jeffrey Haas had added:
> > >>> Speaking as a BFD chair, this is the relevant observation.  BFD Echo
> is
> > >>> underspecified to the point where claiming compliance is difficult
> at best.
> > >>> In general, it relies on single-hop and the ability to have the
> remote Echo
> > >>> client loop the packets.
> > >>
> > >> BFD Echo cannot be specified in RFC 5880 base spec because it is
> application specific.
> > >>
> > >>>
> > >>> This packet loop may not be practical for several encapsulations and
> thus is
> > >>> out of scope for such encapsulations.  Whether this is practical for
> vxlan
> > >>> today, or in the presence of future extensions to vxlan is left out
> of scope
> > >>> for the core proposal.
> > >>
> > >> The question remains: for VXLAN encapsulation, this is like a single
> hop as far as BFD is concerned (single hop VXLAN tunnel).
> > >>
> > >> Since RFC 5881 defines Echo for single hop, can you please elaborate
> (in the document) why is out of scope or how it can work?
> > >>
> > >> Best,
> > >>
> > >> Carlos.
> > >>
> > >>>
> > >>> Will respond to other questions in a separate mail.
> > >>>
> > >>> Regards,
> > >>> Greg
> > >>>
> > >>>
> > >>> On Thu, Jun 20, 2019 at 10:31 AM Carlos Pignataro (cpignata) <
> cpignata@cisco.com>; wrote:
> > >>> Hello, Greg,
> > >>>
> > >>> > On Jun 19, 2019, at 9:09 PM, Greg Mirsky <gregimirsky@gmail.com>;
> wrote:
> > >>> >
> > >>> > Hi Carlos,
> > >>> > thank you for reminding of our continued discussion with Joel. We
> are seeking comments from VXLAN experts and much appreciate if you have
> insights on VXLAN to share.
> > >>> > I've got some clarifying questions before I can respond to you.
> > >>>
> > >>> Sure.
> > >>>
> > >>> > To which stage of the three-way handshake you refer as "initial
> demultiplexing"? I couldn't find this term in RFC 5880.
> > >>>
> > >>> “Initial demultiplexing" is a well-known term in BFD, referring to
> the "demultiplexing of the initial packets", BFD Control packet with
> YourDisc being zero.
> > >>>
> > >>> In RFC 5880, see Section 6.3.
> > >>> https://tools.ietf.org/html/rfc5880#section-6.3
> > >>>
> > >>>    The method of demultiplexing the initial packets (in which Your
> > >>>    Discriminator is zero) is application dependent, and is thus
> outside
> > >>>    the scope of this specification.
> > >>>
> > >>> Since initial demultiplexing is indeed application specific,
> different for one-hop versus multi-hop and dependent upon whether a single
> or multiple sessions are allowed between a pair of endpoints, I added below
> two other relevant citations, from application specific BFD specs:
> > >>> 1. https://tools.ietf.org/html/rfc5883#section-4
> > >>> 2. https://tools.ietf.org/html/rfc5882#section-6
> > >>>
> > >>>
> > >>> > Regarding the applicability of the Echo mode, thank you for
> pointing to the need for stricter terminology, the Echo mode, as defined in
> RFC 5880, is underspecified and it will require additional standardization.
> > >>>
> > >>> No. BFD Echo is not underspecified in RFC 5880.
> > >>>
> > >>> Please read S5: https://tools.ietf.org/html/rfc5880#section-5
> > >>>
> > >>>    BFD Echo packets are sent in an encapsulation appropriate to the
> > >>>    environment.  See the appropriate application documents for the
> > >>>    specifics of particular environments.
> > >>>
> > >>>
> > >>> BFD Echo is application dependent.
> > >>>
> > >>> Therefore, for example, single-hop BFD in RFC 5881 specifies BFD
> Echo for that application.
> > >>>
> > >>> Hence, my question stands: why is this draft claiming BFD Echo is
> out of scope for this BFD application document?
> > >>>
> > >>>
> > >>> > Future drafts may explore and define how the Echo mode of BFD is
> used over VXLAN tunnels.
> > >>> >
> > >>>
> > >>> See above.
> > >>>
> > >>> > Will review and respond to the remaining questions soon.
> > >>>
> > >>> Thank you.
> > >>>
> > >>> The "remaining questions" are still all the questions below :-)
> > >>>
> > >>> Best,
> > >>>
> > >>> Carlos.
> > >>>
> > >>> >
> > >>> > Regards,
> > >>> > Greg
> > >>> >
> > >>> >
> > >>> > On Thu, Jun 20, 2019 at 9:14 AM Carlos Pignataro (cpignata) <
> cpignata@cisco.com>; wrote:
> > >>> > Hi,
> > >>> >
> > >>> > I have not reviewed this draft before, but triggered by this
> email, and briefly scanning through a couple of sections, it is unclear to
> me how some of the mechanics work.
> > >>> >
> > >>> > There are some major issues with the Mac usage and association, as
> Joel Halpern mentioned in his Rtg Dir review.
> > >>> >
> > >>> > And, additionally, please consider the following comments and
> questions:
> > >>> >
> > >>> >
> > >>> > 1. Underspecification for initialization and initial
> demultiplexing.
> > >>> >
> > >>> > This document allows multiple BFD sessions between a single pair
> of VTEPs:
> > >>> >
> > >>> >    An
> > >>> >    implementation that supports this specification MUST be able to
> > >>> >    control the number of BFD sessions that can be created between
> the
> > >>> >    same pair of VTEPs.
> > >>> >
> > >>> > The implication of this is that BFD single-hop initialization
> procedures will not work. Instead, there is a need to map the initial
> demultiplexing.
> > >>> >
> > >>> > This issue is explained in RFCs 5882 and 5883:
> https://tools.ietf.org/html/rfc5883#section-4 and
> https://tools.ietf.org/html/rfc5882#section-6
> > >>> >
> > >>> > Section 5.1 says:
> > >>> >
> > >>> >    For such packets, the BFD session MUST be identified
> > >>> >    using the inner headers, i.e., the source IP, the destination
> IP, and
> > >>> >    the source UDP port number present in the IP header carried by
> the
> > >>> >    payload of the VXLAN encapsulated packet.  The VNI of the packet
> > >>> >    SHOULD be used to derive interface-related information for
> > >>> >    demultiplexing the packet.
> > >>> >
> > >>> > But this does not really explain how to do the initial
> demultiplexing. Does each BFD session need to have a separate inner source
> IP address? Or source UDP port? And how ofter are they recycled or kept as
> state? How are these mapped?
> > >>> > Equally importantly, which side is Active?
> > >>> > And what if there’s a race condition with both sides being Active
> and setting up redundant sessions?
> > >>> >
> > >>> > 1.b. By the way, based on this, using S-BFD [RFC 7880] might be
> easier to demux.
> > >>> >
> > >>> >
> > >>> > 2. Security
> > >>> >
> > >>> > This document says that the TTL in the inner packet carrying BFD
> is set to 1. However, RFC 5880 says to use GTSM [RFC 5082], i.e., a value
> of 255..
> > >>> >
> > >>> > Why is GTSM not used here?
> > >>> >
> > >>> >
> > >>> > 3. ECMP and fate-sharing under-specification:
> > >>> >
> > >>> > Section 4.1. says:
> > >>> >
> > >>> >    The Outer IP/UDP
> > >>> >    and VXLAN headers MUST be encoded by the sender as defined in
> > >>> >    [RFC7348].
> > >>> >
> > >>> >
> > >>> > And RFC 7348 says:
> > >>> >
> > >>> >       -  Source Port:  It is recommended that the UDP source port
> number
> > >>> >          be calculated using a hash of fields from the inner
> packet --
> > >>> >          one example being a hash of the inner Ethernet frame's
> headers.
> > >>> >          This is to enable a level of entropy for the ECMP/load-
> > >>> >          balancing of the VM-to-VM traffic across the VXLAN
> overlay.
> > >>> >          When calculating the UDP source port number in this
> manner, it
> > >>> >          is RECOMMENDED that the value be in the dynamic/private
> port
> > >>> >          range 49152-65535 [RFC6335].
> > >>> >
> > >>> >
> > >>> > Based on this, depending on the hashing calculation, the outer
> source UDP port can be different leading to different ECMP treatment. Does
> something else need to be specified here in regards to the outer UDP source
> port?
> > >>> >
> > >>> >
> > >>> > 4. Section 7 says that “ Support for echo BFD is outside the scope
> of this document”.
> > >>> >
> > >>> > Assuming this means “BFD Echo mode”, why is this out of scope? If
> this is a single logical hop underneath VXLAN, what’s preventing the use of
> Echo? Echo’s benefits are huge.
> > >>> >
> > >>> >
> > >>> > 5. Terminology
> > >>> >
> > >>> >    Implementations SHOULD ensure that the BFD
> > >>> >    packets follow the same lookup path as VXLAN data packets
> within the
> > >>> >    sender system.
> > >>> >
> > >>> > What is a “look up path within a sender system”?
> > >>> >
> > >>> >
> > >>> > 6. Deployment scenarios
> > >>> >
> > >>> > S3 says:
> > >>> >    Figure 1 illustrates the scenario with two servers, each of them
> > >>> >    hosting two VMs.  The servers host VTEPs that terminate two
> VXLAN
> > >>> > […]
> > >>> >                      Figure 1: Reference VXLAN Domain
> > >>> >
> > >>> >
> > >>> > However, RFC 7348 Figure 3 lists that as one deployment scenario,
> not as “the scenario” and “The Reference VXLAN Domain”.
> > >>> >
> > >>> > Best,
> > >>> >
> > >>> > Carlos.
> > >>> >
> > >>> >> On Jun 17, 2019, at 12:58 AM, Greg Mirsky <gregimirsky@gmail.com>;
> wrote:
> > >>> >>
> > >>> >> Hi Oliver,
> > >>> >> thank you for your thorough review, clear and detailed questions.
> My apologies for the delay to respond. Please find my answers below in-line
> tagged GIM>>.
> > >>> >>
> > >>> >> Regards,
> > >>> >> Greg
> > >>> >>
> > >>> >> On Fri, May 31, 2019 at 12:38 PM Olivier Bonaventure via
> Datatracker <noreply@ietf.org>; wrote:
> > >>> >> Reviewer: Olivier Bonaventure
> > >>> >> Review result: Ready with Issues
> > >>> >>
> > >>> >> This document has been reviewed as part of the transport area
> review team's
> > >>> >> ongoing effort to review key IETF documents. These comments were
> written
> > >>> >> primarily for the transport area directors, but are copied to the
> document's
> > >>> >> authors and WG to allow them to address any issues raised and
> also to the IETF
> > >>> >> discussion list for information.
> > >>> >>
> > >>> >> When done at the time of IETF Last Call, the authors should
> consider this
> > >>> >> review as part of the last-call comments they receive. Please
> always CC
> > >>> >> tsv-art@ietf.org if you reply to or forward this review.
> > >>> >>
> > >>> >> I have only limited knowledge of VXLAN and do not know all
> subtleties of BFD.
> > >>> >> This review is thus more from a generalist than a specialist in
> this topic.
> > >>> >>
> > >>> >> Major issues
> > >>> >>
> > >>> >> Section 4 requires that " Implementations SHOULD ensure that the
> BFD
> > >>> >>    packets follow the same lookup path as VXLAN data packets
> within the
> > >>> >>    sender system."
> > >>> >>
> > >>> >> Why is this requirement only relevant for the lookup path on the
> sender system
> > >>> >> ? What does this sentence really implies ?
> > >>> >> GIM>> RFC 5880 set the scope of the fault detection of BFD
> protocol as
> > >>> >>    ... the bidirectional path between two forwarding engines,
> including
> > >>> >>    interfaces, data link(s), and to the extent possible the
> forwarding
> > >>> >>    engines themselves ...
> > >>> >> The requirement aimed to the forwarding engine of a BFD system
> that transmits BFD control packets over VXLAN tunnel.
> > >>> >>
> > >>> >> Is it a requirement that the BFD packets follow the same path as
> the data
> > >>> >> packet for a given VXLAN ? I guess so. In this case, the document
> should
> > >>> >> discuss how Equal Cost Multipath could affect this.
> > >>> >> GIM>> I think that ECMP environment is more likely to be
> experienced by a transit node in the underlay. If the BFD session is used
> to monitor the specific underlay path, then, I agree, we should explain
> that using the VXLAN payload information to draw path entropy may cause
> data and BFD packets following different underlay routes. But, on the other
> hand, that is the case for OAM and fault detection in all overlay networks
> in general.
> > >>> >>
> > >>> >> Minor issues
> > >>> >>
> > >>> >> Section 1
> > >>> >>
> > >>> >> You write "The asynchronous mode of BFD, as defined in [RFC5880],
> > >>> >>  can be used to monitor a p2p VXLAN tunnel."
> > >>> >>
> > >>> >> Why do you use the word can ? It is a possibility or a
> requirement ?
> > >>> >> GIM>> In principle, BFD Demand mode may be used to monitor p2p
> paths as well, I agree, will re-word to more assertive:
> > >>> >>  The asynchronous mode of BFD, as defined in [RFC5880],
> > >>> >>  is used to monitor a p2p VXLAN tunnel.
> > >>> >>
> > >>> >> NVE has not been defined before and is not in the terminology.
> > >>> >> GIM>> Will add to the Terminology and expand as:
> > >>> >> NVE        Network Virtualization Endpoint
> > >>> >>
> > >>> >> This entire section is not easy to read for an outsider.
> > >>> >>
> > >>> >> Section 3
> > >>> >>
> > >>> >> VNI has not been defined
> > >>> >> GIM>> Will add to the Terminology section:
> > >>> >> VNI    VXLAN Network Identifier (or VXLAN Segment ID)
> > >>> >>
> > >>> >> Figure 1 could take less space
> > >>> >> GIM>> Yes, can make it bit denser. Would the following be an
> improvement?
> > >>> >>
> > >>> >>       +------------+-------------+
> > >>> >>       |        Server 1          |
> > >>> >>       | +----+----+  +----+----+ |
> > >>> >>       | |VM1-1    |  |VM1-2    | |
> > >>> >>       | |VNI 100  |  |VNI 200  | |
> > >>> >>       | |         |  |         | |
> > >>> >>       | +---------+  +---------+ |
> > >>> >>       | Hypervisor VTEP (IP1)    |
> > >>> >>       +--------------------------+
> > >>> >>                             |
> > >>> >>                             |   +-------------+
> > >>> >>                             |   |   Layer 3   |
> > >>> >>                             +---|   Network   |
> > >>> >>                                 +-------------+
> > >>> >>                                     |
> > >>> >>                                     +-----------+
> > >>> >>                                                 |
> > >>> >>
> +------------+-------------+
> > >>> >>                                          |    Hypervisor VTEP
> (IP2) |
> > >>> >>                                          | +----+----+
> +----+----+ |
> > >>> >>                                          | |VM2-1    |  |VM2-2
> | |
> > >>> >>                                          | |VNI 100  |  |VNI 200
> | |
> > >>> >>                                          | |         |  |
>  | |
> > >>> >>                                          | +---------+
> +---------+ |
> > >>> >>                                          |      Server 2
>   |
> > >>> >>
> +--------------------------+
> > >>> >>
> > >>> >>
> > >>> >> Section 4
> > >>> >>
> > >>> >> I do not see the benefits of having one paragraph in Section 4
> followed by only
> > >>> >> Section 4.1
> > >>> >> GIM>> Will merge Section 4.1 into 4 with minor required
> re-wording:
> > >>> >> 4.  BFD Packet Transmission over VXLAN Tunnel
> > >>> >>
> > >>> >>    BFD packet MUST be encapsulated and sent to a remote VTEP as
> > >>> >>    explained in this section.  Implementations SHOULD ensure that
> the
> > >>> >>    BFD packets follow the same lookup path as VXLAN data packets
> within
> > >>> >>    the sender system.
> > >>> >>
> > >>> >>    BFD packets are encapsulated in VXLAN as described below.  The
> VXLAN
> > >>> >>    packet format is defined in Section 5 of [RFC7348].  The Outer
> IP/UDP
> > >>> >>    and VXLAN headers MUST be encoded by the sender as defined in
> > >>> >>    [RFC7348].
> > >>> >>
> > >>> >> Section 4.1
> > >>> >>
> > >>> >> The document does not specify when a dedicated MAC address or the
> MAC address
> > >>> >> of the destination VTEP must be used. This could affect the
> interoperability of
> > >>> >> implementations. Should all implementations support both the
> dedicated MAC
> > >>> >> address and the destination MAC address ?
> > >>> >> GIM>> After further discussion, authors decided to remove the
> request for the dedicated MAC address allocation. Only the MAC address of
> the remote VTEP must be used as the destination MAC address in the inner
> Ethernet frame. Please check the attached diff between the -07 and the
> working versions or the working version of the draft.
> > >>> >>
> > >>> >> It is unclear from this section whether IPv4 inside IPv6 and the
> opposite
> > >>> >> should be supported or not.
> > >>> >> GIM>> Any combination of outer IPvX and inner IPvX is possible.
> > >>> >>
> > >>> >> Section 5.
> > >>> >>
> > >>> >> If the received packet does not match the dedicated MAC address
> nor the MAC
> > >>> >> address of the VTEP, should the packet be silently discarded or
> treated
> > >>> >> differently ?
> > >>> >> GIM>> As I've mentioned earlier, authors have decided to remove
> the use of the dedicated MAC address for BFD over VXLAN.
> > >>> >>
> > >>> >> Section 5.1
> > >>> >>
> > >>> >> Is this a modification to section 6.3 of RFC5880 ? This is not
> clear
> > >>> >> GIM>> I think that this section is not modification but the
> definition of the application-specific procedure that is outside the scope
> of RFC 5880:
> > >>> >>    The method of demultiplexing the initial packets (in which Your
> > >>> >>    Discriminator is zero) is application dependent, and is thus
> outside
> > >>> >>    the scope of this specification.
> > >>> >>
> > >>> >> Section 9
> > >>> >>
> > >>> >> The sentence " Throttling MAY be relaxed for BFD packets
> > >>> >>    based on port number." is unclear.
> > >>> >> GIM>> Yes, thank you for pointing to this. The updated text, in
> the whole paragraph, is as follows:
> > >>> >> NEW TEXT:
> > >>> >>    The document requires setting the inner IP TTL to 1, which
> could be
> > >>> >>    used as a DDoS attack vector.  Thus the implementation MUST
> have
> > >>> >>    throttling in place to control the rate of BFD control packets
> sent
> > >>> >>    to the control plane.  On the other hand, over aggressive
> throttling
> > >>> >>    of BFD control packets may become the cause of the inability
> to form
> > >>> >>    and maintain BFD session at scale.  Hence, throttling of BFD
> control
> > >>> >>    packets SHOULD be adjusted to permit BFD to work according to
> its
> > >>> >>    procedures.
> > >>> >> <draft-ietf-bfd-vxlan-08.txt><Diff_ draft-ietf-bfd-vxlan-07.txt -
> draft-ietf-bfd-vxlan-08.txt.html>
> > >>> >
> > >>>
> > >>
> > >
> >
>
>