Re: Update to BFD over VXLAN

Jeffrey Haas <jhaas@pfrc.org> Wed, 27 November 2019 20:26 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0B9E1208B8; Wed, 27 Nov 2019 12:26:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJayXGWnqJZT; Wed, 27 Nov 2019 12:26:48 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 6E67C120908; Wed, 27 Nov 2019 12:26:48 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 3F3D41E2F8; Wed, 27 Nov 2019 15:30:55 -0500 (EST)
Date: Wed, 27 Nov 2019 15:30:55 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, bfd-chairs@ietf.org, Martin Vigoureux <martin.vigoureux@nokia.com>
Subject: Re: Update to BFD over VXLAN
Message-ID: <20191127203055.GC18175@pfrc.org>
References: <CA+RyBmWaeTZknMAdXBTeok3DOTUZdtKxnReD76ad9X9S+cROwQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+RyBmWaeTZknMAdXBTeok3DOTUZdtKxnReD76ad9X9S+cROwQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/Q0KjV3G_Mq9RzcWCb1XMch9yERQ>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Nov 2019 20:26:51 -0000

Greg,


On Wed, Nov 20, 2019 at 10:41:46AM +0800, Greg Mirsky wrote:
> Dear All,
> as was decided at the meeting, an explanation of using an address from the
> Internal host loopback interface address range has been added into the
> Security Consideration section:
> NEW TEXT:
>    This document recommends using an address from the Internal host
>    loopback addresses range as the destination IP address in the inner
>    IP header. Using such address prevents the forwarding of the
>    encapsulated BFD control message by a transient node in case the
>    VXLAN tunnel is broken as according to [RFC1812]:
> 
>       A router SHOULD NOT forward, except over a loopback interface, any
>       packet that has a destination address on network 127.  A router
>       MAY have a switch that allows the network manager to disable these
>       checks.  If such a switch is provided, it MUST default to
>       performing the checks.

I think the text above is largely right.

There's a slight level of ambiguity since elsewhere in the document, we
don't use the RFC 4379 notation, i.e. 0:0:0:0:0:FFFF:127/104:


:
: loopback addresses (127/8 range for IPv4 and
:    0:0:0:0:0:FFFF:7F00:0/104 range for IPv6).

I think if you explicitly call it out in the 7400 format, we may be all set.

-- Jeff