Re: [nvo3] New Version Notification for draft-ietf-bfd-vxlan-08.txt

Dinesh Dutt <didutt@gmail.com> Wed, 06 November 2019 00:29 UTC

Return-Path: <didutt@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA8FD1200C3; Tue, 5 Nov 2019 16:29:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.537
X-Spam-Level:
X-Spam-Status: No, score=-0.537 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 597sGkcQ95Uj; Tue, 5 Nov 2019 16:29:28 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E0DC12011B; Tue, 5 Nov 2019 16:29:13 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id a18so9407100plm.10; Tue, 05 Nov 2019 16:29:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:subject:to:cc:message-id:in-reply-to:references :mime-version; bh=ois6+6H6iJvXE3l8hcUiW2YOXoJPFuR1lijEP3W4lKs=; b=aTMxJoKPQxjhcUao8vvb+73AMUwwWdwIQ/PRONn73puUmPLqK1QVQy7XBBfNPWJfwj uWlhg39e3B2+VEJWUYzqJE+urwPKC8Cx4EsonF8JZmOxXKxeDh9F8yjH1CfIOh1PyVci rDkYXzXcJv9tZQIB65kb6IOPbdIx5vKkYuYODL2BHVMOBUkc/89F0ei/VRCPvf6qH5LK lO1ORA97ttRKEKDy69iVYTZ5+grPKWoPNnCnLsptCX3I4hdU+7dA7x+GeCL+1hWrmnnb V9DsJ2feF3Rkqcelk0+VhfqV+Sfe2AEsrmUkAxtkIkTV7iHw/oFlu/GXJoq/5xIAZMpN 2NHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:subject:to:cc:message-id:in-reply-to :references:mime-version; bh=ois6+6H6iJvXE3l8hcUiW2YOXoJPFuR1lijEP3W4lKs=; b=DRSzOEdkyFZpLI4Y1I0RUwnoqdv5IyZuNmFBT/7sYphu1dr/IWSDTrdVTv9F56B+DX DPJjir3G7Poi1r9UyJeCSUSdXsfAOj+nUql3zHi2mzgDTzKn7DDahSqatWVVy2MYGbwp 1Qng3gQ9BxpDqqbUI4C4SNDUo7bR/xtIKUcVciU/YgEvCJ6xF5IEC13gY9U5vI8BUzNC wK0MDbG0XGOoptwf/GviqMLrC7FA0gv41Z2HbhGYwYQ6mee2DapcHY0PTuLvvIVHQirM Z18q+i8CrQyCTBEF5lAEyO6V4EceKLlJ0GX2Ybr14d94hwMfSUt14JT14KDgdUs6mEyM 3AvQ==
X-Gm-Message-State: APjAAAXoURsa57PAJsFCacRFewSCMPymZYh51LMX5d9LAgbRH+R2mqIa EjQY0SldGS+A21V8cJYmdKk=
X-Google-Smtp-Source: APXvYqzfwFfQ1RLNVJJOUl2ojByibp7f2Ee7cNzEo3Y+JDnj4N6XLPThPETAMNCjJCyIFy3z1RzwFA==
X-Received: by 2002:a17:902:758a:: with SMTP id j10mr9338087pll.29.1573000152374; Tue, 05 Nov 2019 16:29:12 -0800 (PST)
Received: from [192.168.0.105] ([61.2.196.166]) by smtp.gmail.com with ESMTPSA id h8sm1204296pjp.1.2019.11.05.16.29.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Nov 2019 16:29:11 -0800 (PST)
Date: Wed, 06 Nov 2019 05:29:05 +0500
From: Dinesh Dutt <didutt@gmail.com>
Subject: Re: [nvo3] New Version Notification for draft-ietf-bfd-vxlan-08.txt
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: Anoop Ghanwani <anoop@alumni.duke.edu>, Santosh P K <santosh.pallagatti@gmail.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, rtg-bfd WG <rtg-bfd@ietf.org>, NVO3 <nvo3@ietf.org>
Message-Id: <1573000145.25948.19@smtp.gmail.com>
In-Reply-To: <CA+RyBmX3Y_dBih9_E=n2_qPkLHHFqWNN1OtNMYvsEataebyoSQ@mail.gmail.com>
References: <157263030423.31830.4277364795812171214.idtracker@ietfa.amsl.com> <CA+RyBmUn2zSME51_rDW+y-GdWTmOXQiV7BKkRbNwcy12q8ZjxA@mail.gmail.com> <CA+-tSzxvknwYwvh-s-UK_C7YoF04eiFhyBvVxoNmT=52=EUnWw@mail.gmail.com> <CA+RyBmU0FViBV8TrwpLN7hUVMkbp9h4E-N048T4BM7a=7F6MdA@mail.gmail.com> <CA+-tSzxNHF0pRq1-7sPz4eWqCVVpf52jDhhqq0iNFu02Eso1pQ@mail.gmail.com> <c5ff1b1f-4b07-9be5-0519-de3849ea5ce8@joelhalpern.com> <CA+-tSzw4TwmC_qxBX8Q4inWswMTS2nBmSVCJVcCN9PRpDa-ghw@mail.gmail.com> <CACi9rdvzrDXO=stf=fiiEOk_en=nTEvBhXYk33gdyjmRPJes-w@mail.gmail.com> <CA+-tSzy1zyrozrB17OmcG67QauU6Z5V3T0a-a9B9zQnFLjvnYg@mail.gmail.com> <1572888977.25948.5@smtp.gmail.com> <CA+RyBmX3Y_dBih9_E=n2_qPkLHHFqWNN1OtNMYvsEataebyoSQ@mail.gmail.com>
X-Mailer: geary/0.12.4
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-7Br5iMthCyzCS1LOjYfE"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/PplyP3ApFccrLSgNdYXaK8JE8Y8>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 00:29:31 -0000

I understand Greg. Maybe suggest a value, rather than recommend it? Its 
just to reduce configuration. The key parts are to not change the 
existing VXLAN forwarding behavior and ensure that BFD between VTEPs 
doesn't leak to tenants (which typically don't exist in case of a 
management VNI).

Dinesh

On Tue, Nov 5, 2019 at 11:24 PM, Greg Mirsky <gregimirsky@gmail.com> 
wrote:
> Hi Dinesh,
> I agree that using a particular MAC over the Management VNI will 
> minimize configuration and thus reduce the operator's headache. I'm 
> concerned that adding RECOMMENDATION to use the specific MAC address 
> over the Management VNI comes very close to requesting the assignment 
> of the MAC for the Management VNI.
> 
> Regards,
> Greg
> 
> On Mon, Nov 4, 2019 at 9:36 AM Dinesh Dutt <didutt@gmail.com> wrote:
>> I didn't suggest the use of a multicast MAC, any MAC would be fine 
>> in the management VNI since there can be no tenant VMs on a 
>> management VNI. I was recommending specifying a unicast MAC.
>> 
>> Santosh, as I mentioned to Joel, I don't want to add additional 
>> forwarding requirements--such as VNI-specific behavior--in VXLAN. 
>> The existing mechanism is sufficient for the case we're discussing 
>> here. Just pick a MAC in management VNI for the sake of 
>> configuration simplicity.
>> 
>> Dinesh
>> 
>> On Mon, Nov 4, 2019 at 8:30 PM, Anoop Ghanwani 
>> <anoop@alumni.duke.edu> wrote:
>>> Hi Santosh,
>>> 
>>> I'm not aware of any implementation that uses a multicast MAC for 
>>> this.  The closest thing that I'm aware of that helps alleviate the 
>>> need for knowing the MAC of the remote VTEP is what's done in open 
>>> vswitch:
>>> http://www.openvswitch.org/support/dist-docs/vtep.5.html
>>>    bfd_config_remote : bfd_dst_mac: optional string
>>>               Set  to an Ethernet address in the form 
>>> xx:xx:xx:xx:xx:xx to set
>>>               the destination MAC to be used for transmitted BFD 
>>> packets.  The
>>>               default is 00:23:20:00:00:01.
>>> That OUI belongs to Nicira/VMware.  An IANA assigned unicast MAC 
>>> would be the equivalent.
>>> 
>>> Anoop
>>> 
>>> On Mon, Nov 4, 2019 at 5:14 AM Santosh P K 
>>> <santosh.pallagatti@gmail.com> wrote:
>>>> Anoop,
>>>>    Thanks for your comments. For non-managment VNI why do we need 
>>>> to have multicast MAC address for backward compatibility for 
>>>> existing implementation or there are any use cases such that we 
>>>> can avoid learning of remote end VTEP?
>>>> 
>>>> Thanks
>>>> Santosh P K
>>>> 
>>>> On Mon, Nov 4, 2019 at 10:41 AM Anoop Ghanwani 
>>>> <anoop@alumni.duke.edu> wrote:
>>>>> Hi Joel,
>>>>> 
>>>>> In that case I would propose the following text:
>>>>> 
>>>>> "Destination MAC: If the BFD session is not using the Management 
>>>>> VNI,
>>>>> the destination MAC address MUST be the address
>>>>> associated with the destination VTEP.  If the BFD session uses
>>>>> the Management VNI, it may use any MAC address, since use of the
>>>>> Management VNI ensures that these packets will never be forwarded 
>>>>> to a VM.
>>>>> The MAC address may be configured, or it may be learned via
>>>>> a control plane protocol. The details of how the MAC address
>>>>> to be used is obtained are outside the scope of this document."
>>>>> 
>>>>> That said, for non-Management VNI, do we want to allow for 
>>>>> flexibility
>>>>> for an implementation to use a multicast MAC of their choosing?  
>>>>> If so, we
>>>>> should probably add a sentence for that too.
>>>>> 
>>>>> Thanks,
>>>>> Anoop
>>>>> 
>>>>> 
>>>>> On Sun, Nov 3, 2019 at 7:52 PM Joel M. Halpern 
>>>>> <jmh@joelhalpern.com> wrote:
>>>>>> Anoop, I think I at least am misunderstanding you.
>>>>>> If one is using the management VNI, as I understand it there is 
>>>>>> no
>>>>>> tenant.  So there are no tenant MAC addresses.  (This is one of 
>>>>>> the
>>>>>> reasons I like using the management VNI.)
>>>>>> 
>>>>>> 
>>>>>> Yours,
>>>>>> Joel
>>>>>> 
>>>>>> On 11/3/2019 10:32 PM, Anoop Ghanwani wrote:
>>>>>> > Hi Greg,
>>>>>> >
>>>>>> > In the case of the management VNI, are we trying to say that 
>>>>>> we would
>>>>>> > allow any MAC address other than a tenant MAC address?  I 
>>>>>> would suggest
>>>>>> > some more text be added to clarify what is permitted on the 
>>>>>> management
>>>>>> > VLAN.  Assuming that we want to allow any MAC other than a 
>>>>>> tenant MAC,
>>>>>> > how does this get enforced?  In other words, what can be done 
>>>>>> for the
>>>>>> > network to protect itself if a sender violates this?
>>>>>> >
>>>>>> > One possible answer is to restrict the MAC address that may be 
>>>>>> used to
>>>>>> > one that is owned by the VTEP or a "agreed on" multicast MAC 
>>>>>> address.
>>>>>> > That means the receiver only needs to validate for those, and 
>>>>>> just
>>>>>> > treats everything else as data.
>>>>>> >
>>>>>> > Also, for interoperability purposes, it would be best to 
>>>>>> specify that a
>>>>>> > receiver MUST be able to handle any valid MAC address for the 
>>>>>> BFD
>>>>>> > session, while a sender MAY pick any of them.
>>>>>> >
>>>>>> > Thanks,
>>>>>> > Anoop
>>>>>> >
>>>>>> > On Sun, Nov 3, 2019 at 6:50 PM Greg Mirsky 
>>>>>> <gregimirsky@gmail.com
>>>>>> > <mailto:gregimirsky@gmail.com>> wrote:
>>>>>> >
>>>>>> >     Hi Anoop,
>>>>>> >     thank you for your comments and questions. Please find my 
>>>>>> notes
>>>>>> >     in-line tagged GIM>>.
>>>>>> >
>>>>>> >     Regards,
>>>>>> >     Greg
>>>>>> >
>>>>>> >     On Fri, Nov 1, 2019 at 4:24 PM Anoop Ghanwani 
>>>>>> <anoop@alumni.duke..edu
>>>>>> >     <mailto:anoop@alumni.duke.edu>> wrote:
>>>>>> >
>>>>>> >         Hi Greg,
>>>>>> >
>>>>>> >         A few comments.
>>>>>> >
>>>>>> >         The draft has nits, specifically around the way the 
>>>>>> IPv6 address
>>>>>> >         is written.
>>>>>> >
>>>>>> >         In section 4:
>>>>>> >
>>>>>> >         BFD packet MUST be encapsulated ->
>>>>>> >
>>>>>> >         BFD packets MUST be encapsulated
>>>>>> >
>>>>>> >     GIM>> Thanks, will do.
>>>>>> >
>>>>>> >
>>>>>> >          >>>
>>>>>> >
>>>>>> >         Destination MAC: This MUST NOT be of one of tenant's 
>>>>>> MAC
>>>>>> >                   addresses.  The destination MAC address MAY 
>>>>>> be the address
>>>>>> >                   associated with the destination VTEP.  The 
>>>>>> MAC address MAY be
>>>>>> >                   configured, or it MAY be learned via a 
>>>>>> control plane protocol.
>>>>>> >                   The details of how the MAC address is 
>>>>>> obtained are outside the
>>>>>> >                   scope of this document.
>>>>>> >
>>>>>> >          >>>
>>>>>> >         It looks like we have removed the option of using a 
>>>>>> well-known
>>>>>> >         IANA assigned MAC.  If so, why is the above a MAY and 
>>>>>> not a
>>>>>> >         MUST?  What else can it be?  One interpretation is 
>>>>>> that it can
>>>>>> >         be anything unicast, or multicast, as long as it's not 
>>>>>> a tenant
>>>>>> >         MAC.  Is that the intent?  If so, it would be better 
>>>>>> to state it
>>>>>> >         that way.  Also (and this is purely editorial), I 
>>>>>> think it would
>>>>>> >         be better if the first sentence above were moved to 
>>>>>> the end of
>>>>>> >         the paragraph.
>>>>>> >
>>>>>> >     GIM>> Yes, you're right, we've removed that option and 
>>>>>> have removed
>>>>>> >     the request to IANA. I also agree that " MAY be the address
>>>>>> >     associated with the destination VTEP" is not the right 
>>>>>> choice of
>>>>>> >     normative language. On the other hand, MUST might be too 
>>>>>> restrictive
>>>>>> >     if BFD session is using the Management VNI. Would the 
>>>>>> following
>>>>>> >     update address your concern:
>>>>>> >     OLD TEXT:
>>>>>> >               Destination MAC: This MUST NOT be of one of 
>>>>>> tenant's MAC
>>>>>> >               addresses.  The destination MAC address MAY be 
>>>>>> the address
>>>>>> >               associated with the destination VTEP.  The MAC 
>>>>>> address MAY be
>>>>>> >               configured, or it MAY be learned via a control 
>>>>>> plane protocol.
>>>>>> >               The details of how the MAC address is obtained 
>>>>>> are outside the
>>>>>> >               scope of this document.
>>>>>> >     NEW TEXT:
>>>>>> >               Destination MAC: If the BFD session is not using 
>>>>>> the
>>>>>> >     Management VNI,
>>>>>> >               the destination MAC address MUST be the address
>>>>>> >               associated with the destination VTEP.  The 
>>>>>> Destination MAC
>>>>>> >               MUST NOT be one of the tenant's MAC addresses.
>>>>>> >              The MAC address MAY be configured, or it MAY be 
>>>>>> learned via
>>>>>> >              a control plane protocol. The details of how the 
>>>>>> MAC address
>>>>>> >              is obtained are outside the scope of this 
>>>>>> document.
>>>>>> >
>>>>>> >
>>>>>> >         "The inner Ethernet frame carrying the BFD
>>>>>> >             Control packet- has the following format:"
>>>>>> >
>>>>>> >         Extraneous '-' after packet.
>>>>>> >
>>>>>> >     GIM>> Thanks, will do that too.
>>>>>> >
>>>>>> >
>>>>>> >         Thanks,
>>>>>> >         Anoop
>>>>>> >
>>>>>> >         On Fri, Nov 1, 2019 at 10:53 AM Greg Mirsky
>>>>>> >         <gregimirsky@gmail.com <mailto:gregimirsky@gmail.com>> 
>>>>>> wrote:
>>>>>> >
>>>>>> >             Dear All,
>>>>>> >             the new version includes updates resulting from the
>>>>>> >             discussions of Joel's comments in the RtrDir 
>>>>>> review of BFD
>>>>>> >             over VXLAN draft, comments from Anoop, and Dinesh. 
>>>>>> On behalf
>>>>>> >             of editors, thank you for your constructive 
>>>>>> comments and for
>>>>>> >             sharing your expertise, all much appreciated.
>>>>>> >             I hope we've addressed all your comments, and the 
>>>>>> draft can
>>>>>> >             proceed further.
>>>>>> >
>>>>>> >             Regards,
>>>>>> >             Greg
>>>>>> >
>>>>>> >             ---------- Forwarded message ---------
>>>>>> >             From: <internet-drafts@ietf.org
>>>>>> >             <mailto:internet-drafts@ietf.org>>
>>>>>> >             Date: Fri, Nov 1, 2019 at 10:45 AM
>>>>>> >             Subject: New Version Notification for
>>>>>> >             draft-ietf-bfd-vxlan-08..txt
>>>>>> >             To: Gregory Mirsky <gregimirsky@gmail.com
>>>>>> >             <mailto:gregimirsky@gmail.com>>, Mallik Mudigonda
>>>>>> >             <mmudigon@cisco.com <mailto:mmudigon@cisco.com>>, 
>>>>>> Sudarsan
>>>>>> >             Paragiri <sudarsan.225@gmail.com
>>>>>> >             <mailto:sudarsan.225@gmail.com>>, Vengada Prasad 
>>>>>> Govindan
>>>>>> >             <venggovi@cisco.com <mailto:venggovi@cisco.com>>, 
>>>>>> Santosh
>>>>>> >             Pallagatti <santosh.pallagatti@gmail.com
>>>>>> >             <mailto:santosh.pallagatti@gmail.com>>
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >             A new version of I-D, draft-ietf-bfd-vxlan-08.txt
>>>>>> >             has been successfully submitted by Greg Mirsky and 
>>>>>> posted to the
>>>>>> >             IETF repository.
>>>>>> >
>>>>>> >             Name:           draft-ietf-bfd-vxlan
>>>>>> >             Revision:       08
>>>>>> >             Title:          BFD for VXLAN
>>>>>> >             Document date:  2019-11-01
>>>>>> >             Group:          bfd
>>>>>> >             Pages:          11
>>>>>> >             URL:
>>>>>> >             
>>>>>> https://www.ietf.org/internet-drafts/draft-ietf-bfd-vxlan-08.txt
>>>>>> >             Status: 
>>>>>> https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
>>>>>> >             Htmlized: 
>>>>>> https://tools.ietf.org/html/draft-ietf-bfd-vxlan-08
>>>>>> >             Htmlized:
>>>>>> >             
>>>>>> https://datatracker.ietf.org/doc/html/draft-ietf-bfd-vxlan
>>>>>> >             Diff: 
>>>>>> https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-vxlan-08
>>>>>> >
>>>>>> >             Abstract:
>>>>>> >                 This document describes the use of the 
>>>>>> Bidirectional
>>>>>> >             Forwarding
>>>>>> >                 Detection (BFD) protocol in point-to-point 
>>>>>> Virtual
>>>>>> >             eXtensible Local
>>>>>> >                 Area Network (VXLAN) tunnels forming up an 
>>>>>> overlay network.
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >             Please note that it may take a couple of minutes 
>>>>>> from the
>>>>>> >             time of submission
>>>>>> >             until the htmlized version and diff are available 
>>>>>> at
>>>>>> >             tools.ietf.org <http://tools.ietf.org>.
>>>>>> >
>>>>>> >             The IETF Secretariat
>>>>>> >
>>>>> _______________________________________________
>>>>> nvo3 mailing list
>>>>> nvo3@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/nvo3