Re: Rtgdir last call review of draft-ietf-bfd-vxlan-07

"Joel M. Halpern" <jmh@joelhalpern.com> Wed, 05 June 2019 21:47 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E43A12009E; Wed, 5 Jun 2019 14:47:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A__qTXbEvuWL; Wed, 5 Jun 2019 14:47:51 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41CA412008B; Wed, 5 Jun 2019 14:47:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 45K2TL6bB2z1rq6f; Wed, 5 Jun 2019 14:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1559771270; bh=INLPkialerR+o9HUBMTp7zdvlHZ/laBnllZk7Mk4eQM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=VBJvw8YDVpsdDdUQJW8l0SzpUCuxCmbPOw9eNKYmrV04KuuFPEat5V0OaiopGK9kj ogBhkGYxs1LT4wiNEzRGE2XGvkeFPCUePhKWs396987zQa75njPBspNbwrb+x49T4a Y0GSATrbo9GInGu1zv7X2u2XXhMuyb3DEymNBlYQ=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 45K2TL0Nbtz1rq6X; Wed, 5 Jun 2019 14:47:49 -0700 (PDT)
Subject: Re: Rtgdir last call review of draft-ietf-bfd-vxlan-07
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: rtg-dir@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>, draft-ietf-bfd-vxlan.all@ietf.org, IETF list <ietf@ietf.org>
References: <155864919758.8626.11137277913302380197@ietfa.amsl.com> <CA+RyBmXO5tYtrm_79KOKJmTp2mbYwynze20EoJA=2gGnJ5jEsw@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <98825f67-6958-8845-d5d5-3e0ac5e996e1@joelhalpern.com>
Date: Wed, 05 Jun 2019 17:47:49 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
In-Reply-To: <CA+RyBmXO5tYtrm_79KOKJmTp2mbYwynze20EoJA=2gGnJ5jEsw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/R4ugrL6pLKj2ed2fsUgZ9mTVyuc>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2019 21:47:54 -0000

The inner packet of a VxLAN header with a VNI is a tenant packet for the 
tenant identified by the VNI.  That is the meaning of the inner packet.

If you declare that the flag bits change that meaning, then that flag 
bit has to adjust the packet processing at the VTEP such taht it will 
intercept the packet.  As such, it doesn;t need special inner source or 
dest mac addresses or IP addresses.  In fact, the inner packet can just 
be OAM payload.

If that is not what you intend, then how is it that the VTEP knows that 
the inner addresses are for it to examine, rather than belonging to the 
tenant.  As far as I know we are not free to take addresses away from 
the tenant.

It may be that I am completely missing how this is supposed to work.  If 
so, it needs better explanation.

Yours,
Joel

On 6/5/19 5:20 PM, Greg Mirsky wrote:
> Hi Joel,
> thank you for your review and the pointed questions. Please find my 
> answers, comments in-line and tagged GIM>>.
> 
> Regards,
> Greg
> 
> 
> On Thu, May 23, 2019 at 3:06 PM Joel Halpern via Datatracker 
> <noreply@ietf.org <mailto:noreply@ietf.org>> wrote:
> 
>     Reviewer: Joel Halpern
>     Review result: Has Issues
> 
>     Hello,
> 
>     I have been selected as the Routing Directorate reviewer for this
>     draft. The
>     Routing Directorate seeks to review all routing or routing-related
>     drafts as
>     they pass through IETF last call and IESG review, and sometimes on
>     special
>     request. The purpose of the review is to provide assistance to the
>     Routing ADs.
>     For more information about the Routing Directorate, please see
>     http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir
> 
>     Although these comments are primarily for the use of the Routing
>     ADs, it would
>     be helpful if you could consider them along with any other IETF Last
>     Call
>     comments that you receive, and strive to resolve them through
>     discussion or by
>     updating the draft.
> 
>     Document: ddraft-ietf-bfd-vxlan-07
>     Reviewer: your-name
>     Review Date: date
>     IETF LC End Date: date-if-known
>     Intended Status: copy-from-I-D
> 
>     Summary: This document does not appear to be ready for publication as a
>     Proposed Standard RFC.
> 
>     Major issues:
>          The scoping of the BFD usage is unclear.  In places, this looks
>     like it is
>          intended to be used by the underlay service provider,  who will
>     monitor the
>          connectivity between VTEPs. 
> 
> GIM>> I think that the DCI provider would not be able to instantiate a 
> BFD session using VXLAN encapsulation and, possibly, monitor that VXLAN 
> part of forwarding operates properly. Such BFD session may monitor the 
> path between the two VTEP but, if there exists ECMP environment in the 
> transport, ensuring that that BFD session follows the same path as VXLAN 
> data may be challenging.
> 
>     In other places it seems to be aimed at
>          monitoring individual VNIs. 
> 
> GIM>> The BFD session between VTEPs is not actually used to monitor the 
> particular VNI but MAY be used to communicate, as concatenated path 
> state signaling, the change of VNI state using the method described in 
> Section 6.8.17 RFC 5880 
> <https://tools.ietf.org/html/rfc5880#section-6.8.17>.
> 
>     This is made worse when the packet format is
>          laid out.  The inner packet is an Ethernet Packet with an IP
>     packet (with
>          UDP, with BFD).  This means that it is a tenant packet. 
> 
> GIM>> Could you please point to the text which suggests that the BFD 
> control packet is a tenant packet? Meant to be delivered to a tenant?
> 
>     The IP address is
>          a tenant IP. 
> 
> GIM>> The explanation of the format states in regard to the inner IP header:
>         IP header:
> 
>           Source IP: IP address of the originating VTEP.
> 
>           Destination IP: IP address of the terminating VTEP.
> 
>     But the diagram shows this as being the IP address of the
>          VTEP.  Which is not a tenant entity.
> 
>         There is further confusion as to whether the processing is
>     driven by the VNI
>         the packet arrived with, or the VNI is ignored.
> 
> GIM>> The use of VNI is implementation specific. Section 6 states:
>   6.  Use of the Specific VNI
> 
>     In most cases, a single BFD session is sufficient for the given VTEP
>     to monitor the reachability of a remote VTEP, regardless of the
>     number of VNIs in common.  When the single BFD session is used to
>     monitor the reachability of the remote VTEP, an implementation SHOULD
>     choose any of the VNIs but MAY choose VNI = 0.
> 
> 
>     Minor Issues:
>         N/A
> 
>     Nits: N/A
>