| < draft-ietf-bfd-vxlan-11.txt | draft-ietf-bfd-vxlan-12.txt > | |||
|---|---|---|---|---|
| BFD S. Pallagatti, Ed. | BFD S. Pallagatti, Ed. | |||
| Internet-Draft VMware | Internet-Draft VMware | |||
| Intended status: Standards Track S. Paragiri | Intended status: Standards Track S. Paragiri | |||
| Expires: November 5, 2020 Individual Contributor | Expires: November 8, 2020 Individual Contributor | |||
| V. Govindan | V. Govindan | |||
| M. Mudigonda | M. Mudigonda | |||
| Cisco | Cisco | |||
| G. Mirsky | G. Mirsky | |||
| ZTE Corp. | ZTE Corp. | |||
| May 4, 2020 | May 7, 2020 | |||
| BFD for VXLAN | BFD for VXLAN | |||
| draft-ietf-bfd-vxlan-11 | draft-ietf-bfd-vxlan-12 | |||
| Abstract | Abstract | |||
| This document describes the use of the Bidirectional Forwarding | This document describes the use of the Bidirectional Forwarding | |||
| Detection (BFD) protocol in point-to-point Virtual eXtensible Local | Detection (BFD) protocol in point-to-point Virtual eXtensible Local | |||
| Area Network (VXLAN) tunnels used to form an overlay network. | Area Network (VXLAN) tunnels used to form an overlay network. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 5, 2020. | This Internet-Draft will expire on November 8, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 27 ¶ | skipping to change at page 2, line 27 ¶ | |||
| 5. BFD Packet Transmission over VXLAN Tunnel . . . . . . . . . . 6 | 5. BFD Packet Transmission over VXLAN Tunnel . . . . . . . . . . 6 | |||
| 6. Reception of BFD Packet from VXLAN Tunnel . . . . . . . . . . 8 | 6. Reception of BFD Packet from VXLAN Tunnel . . . . . . . . . . 8 | |||
| 7. Echo BFD . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 7. Echo BFD . . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9 | 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 12.2. Informational References . . . . . . . . . . . . . . . . 10 | 12.2. Informational References . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| "Virtual eXtensible Local Area Network" (VXLAN) [RFC7348] provides an | "Virtual eXtensible Local Area Network" (VXLAN) [RFC7348] provides an | |||
| encapsulation scheme that allows building an overlay network by | encapsulation scheme that allows building an overlay network by | |||
| decoupling the address space of the attached virtual hosts from that | decoupling the address space of the attached virtual hosts from that | |||
| of the network. | of the network. | |||
| One use of VXLAN is in data centers interconnecting virtual machines | One use of VXLAN is in data centers interconnecting virtual machines | |||
| (VMs) of a tenant. VXLAN addresses requirements of the Layer 2 and | (VMs) of a tenant. VXLAN addresses requirements of the Layer 2 and | |||
| skipping to change at page 8, line 22 ¶ | skipping to change at page 8, line 22 ¶ | |||
| Destination IP: IP address MUST NOT be of one of tenant's IP | Destination IP: IP address MUST NOT be of one of tenant's IP | |||
| addresses. The IP address SHOULD be selected from the range | addresses. The IP address SHOULD be selected from the range | |||
| 127/8 for IPv4, for IPv6 - from the range ::ffff:127.0.0.0/104. | 127/8 for IPv4, for IPv6 - from the range ::ffff:127.0.0.0/104. | |||
| Alternatively, the destination IP address MAY be set to VTEP's | Alternatively, the destination IP address MAY be set to VTEP's | |||
| IP address. | IP address. | |||
| Source IP: IP address of the originating VTEP. | Source IP: IP address of the originating VTEP. | |||
| TTL or Hop Limit: MUST be set to 255 in accordance with the | TTL or Hop Limit: MUST be set to 255 in accordance with the | |||
| Generalized TTL Security Mechanism [RFC5881]. | Generalized TTL Security Mechanism [RFC5082]. | |||
| The fields of the UDP header and the BFD Control packet are | The fields of the UDP header and the BFD Control packet are | |||
| encoded as specified in [RFC5881]. | encoded as specified in [RFC5881]. | |||
| 6. Reception of BFD Packet from VXLAN Tunnel | 6. Reception of BFD Packet from VXLAN Tunnel | |||
| Once a packet is received, the VTEP MUST validate the packet. If the | Once a packet is received, the VTEP MUST validate the packet. If the | |||
| packet is received on the management VNI and is identified as BFD | packet is received on the management VNI and is identified as BFD | |||
| control packet addressed to the VTEP, and then the packet can be | control packet addressed to the VTEP, and then the packet can be | |||
| processed further. Processing of BFD control packets received on | processed further. Processing of BFD control packets received on | |||
| non-management VNI is outside the scope of this specification. | non-management VNI is outside the scope of this specification. | |||
| Validation of TTL or Hop Limit of the inner IP packet is performed as | Validation of TTL / Hop Limit of the inner IP packet, as long as the | |||
| described in Section 5 [RFC5881]. | related considerations for BFD control packet demultiplexing and | |||
| authentication, is performed as described in Section 5 [RFC5881]. | ||||
| 7. Echo BFD | 7. Echo BFD | |||
| Support for echo BFD is outside the scope of this document. | Support for echo BFD is outside the scope of this document. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| This specification has no IANA action requested. This section may be | This specification has no IANA action requested. This section may be | |||
| deleted before the publication. | deleted before the publication. | |||
| 9. Security Considerations | 9. Security Considerations | |||
| Security issues discussed in [RFC5880], [RFC5881], and [RFC7348] | ||||
| apply to this document. | ||||
| This document recommends using an address from the Internal host | This document recommends using an address from the Internal host | |||
| loopback addresses 127/8 range for IPv4 or an IP4-mapped IPv4 | loopback addresses 127/8 range for IPv4 or an IP4-mapped IPv4 | |||
| loopback address from ::ffff:127.0.0.0/104 range for IPv6 as the | loopback address from ::ffff:127.0.0.0/104 range for IPv6 as the | |||
| destination IP address in the inner IP header. Using such an address | destination IP address in the inner IP header. Using such an address | |||
| prevents the forwarding of the encapsulated BFD control message by a | prevents the forwarding of the encapsulated BFD control message by a | |||
| transient node in case the VXLAN tunnel is broken as according to | transient node in case the VXLAN tunnel is broken as according to | |||
| [RFC1812]: | [RFC1812]: | |||
| A router SHOULD NOT forward, except over a loopback interface, any | A router SHOULD NOT forward, except over a loopback interface, any | |||
| packet that has a destination address on network 127. A router | packet that has a destination address on network 127. A router | |||
| MAY have a switch that allows the network manager to disable these | MAY have a switch that allows the network manager to disable these | |||
| checks. If such a switch is provided, it MUST default to | checks. If such a switch is provided, it MUST default to | |||
| performing the checks. | performing the checks. | |||
| If the implementation supports establishing multiple BFD sessions | If the implementation supports establishing multiple BFD sessions | |||
| between the same pair of VTEPs, there SHOULD be a mechanism to | between the same pair of VTEPs, there SHOULD be a mechanism to | |||
| control the maximum number of such sessions that can be active at the | control the maximum number of such sessions that can be active at the | |||
| same time. | same time. | |||
| Other than requiring control of the number of BFD sessions between | ||||
| the same pair of VTEPs, this specification does not raise any | ||||
| additional security issues beyond those discussed in [RFC5880], | ||||
| [RFC5881], and [RFC7348]. | ||||
| 10. Contributors | 10. Contributors | |||
| Reshad Rahman | Reshad Rahman | |||
| rrahman@cisco.com | rrahman@cisco.com | |||
| Cisco | Cisco | |||
| 11. Acknowledgments | 11. Acknowledgments | |||
| Authors would like to thank Jeff Haas of Juniper Networks for his | Authors would like to thank Jeff Haas of Juniper Networks for his | |||
| reviews and feedback on this material. | reviews and feedback on this material. | |||
| Authors would also like to thank Nobo Akiya, Marc Binderberger, | Authors would also like to thank Nobo Akiya, Marc Binderberger, | |||
| Shahram Davari, Donald E. Eastlake 3rd, and Anoop Ghanwani for the | Shahram Davari, Donald E. Eastlake 3rd, Anoop Ghanwani, Dinesh Dutt, | |||
| extensive reviews and the most detailed and helpful comments. | Joel Halpern, and Carlos Pignataro for the extensive reviews and the | |||
| most detailed and constructive comments. | ||||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", | [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", | |||
| RFC 1812, DOI 10.17487/RFC1812, June 1995, | RFC 1812, DOI 10.17487/RFC1812, June 1995, | |||
| <https://www.rfc-editor.org/info/rfc1812>. | <https://www.rfc-editor.org/info/rfc1812>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. | ||||
| Pignataro, "The Generalized TTL Security Mechanism | ||||
| (GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5082>. | ||||
| [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
| (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | |||
| <https://www.rfc-editor.org/info/rfc5880>. | <https://www.rfc-editor.org/info/rfc5880>. | |||
| [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
| (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, | (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, | |||
| DOI 10.17487/RFC5881, June 2010, | DOI 10.17487/RFC5881, June 2010, | |||
| <https://www.rfc-editor.org/info/rfc5881>. | <https://www.rfc-editor.org/info/rfc5881>. | |||
| [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, | [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, | |||
| End of changes. 11 change blocks. | ||||
| 15 lines changed or deleted | 20 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||