IETF Logo Mail Archive

Re: draft-ietf-bfd-vxlan IESG status

Greg Mirsky <gregimirsky@gmail.com> Mon, 27 January 2020 22:44 UTC

Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 674683A0FAB; Mon, 27 Jan 2020 14:44:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.696
X-Spam-Level:
X-Spam-Status: No, score=-0.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fkyGLHNY3fFf; Mon, 27 Jan 2020 14:44:16 -0800 (PST)
Received: from mail-lj1-x244.google.com (mail-lj1-x244.google.com [IPv6:2a00:1450:4864:20::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C70F13A0FA8; Mon, 27 Jan 2020 14:44:14 -0800 (PST)
Received: by mail-lj1-x244.google.com with SMTP id r19so12700213ljg.3; Mon, 27 Jan 2020 14:44:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5FHZ9xZQRofDUSpCDZrszJ8fs4IrwjgK/enmzkiOMB0=; b=CyuNvHXokQxJxdh6ZC4MmclF91FsVUycyHb0XWYS1NyE57pDgxiPvge8Pvk+GzQpa4 WYHIhs3S9nx+ATsCzjtZmvPglWTNpYg8Y00msNd9G2FCijfOmM4SiToQBa+E9qzNFcv0 aoXqcRRpC/5jS5EI1JZSwtBh5b5KmhDFApyHcyUlrBzaWunqcnFAMi6UBPuHUQd9wo7e +Jgic8JK/iyADygGPlQpXGKRNg3YRVq8Ibt4KhyWd5sw4qpuXDclNy1DslXC13BH36gc 3fqwAheHxaOypJp55yJ8TWLJHyL/9PQVZ64wJ6qNURSmFSZCLXu/ahE08F2rDvKfPNK7 /S8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5FHZ9xZQRofDUSpCDZrszJ8fs4IrwjgK/enmzkiOMB0=; b=SHBSnvRYBEffbOC0rHcF6cyLD8IK6HSCkR6kFEe39K1Txe4NgMGGnRTsncmoRvfhD3 TpjR+58+8Djw731TwWWkSkbnqdLHWY3S97n1dokGRB4Rd8PszmcUzzkF07WOGpOVMEnz 7Pzy2cuWkIdLvBGzOGaeXlc1xinBWipq0Qi4X5DNF2AJa25JSDdUf8vL2sDrVwCsjLaX NCYYnixC25swN6bNysDsG63wbqrbn8NdoG6j/v8M8CM0pOVFAySdEnZfR6dKOgtg6vOY /7visHM7JecVwSlaMkon+K8H0XnD0MG8J9sqNtacTT/MOcLkV/bXx0m/iH25NP7b8yvb mtYA==
X-Gm-Message-State: APjAAAXDZtmVJss9XMn27ugMqh7NT0a6zygpCZ6kubgjBi/UfVlENF3F sgnS+yvyq90TIYHDOhQ/YWP7n/NHoukMVMtmOdQ4Mg==
X-Google-Smtp-Source: APXvYqymDl0ia3rrCqw/dXCzQDenGMUUAGWDNCdRmqh8vWhmskjBm+obp5nbQ/krf1NzJhkJXs+WpYGfF1NT5X1VsxQ=
X-Received: by 2002:a2e:9f52:: with SMTP id v18mr10842626ljk.30.1580165052664; Mon, 27 Jan 2020 14:44:12 -0800 (PST)
MIME-Version: 1.0
References: <157660542458.26499.3977878811671361973.idtracker@ietfa.amsl.com> <CA+RyBmUPCrj_ahxa098vj__niNndjbOJEccA-KwoopgKp5C51Q@mail.gmail.com> <CAMMESszAax2AjRvw4wSS1ydBsDhEepyz3XASach46rxzGknX4g@mail.gmail.com> <20200127221705.GB17622@pfrc.org>
In-Reply-To: <20200127221705.GB17622@pfrc.org>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Mon, 27 Jan 2020 14:44:01 -0800
Message-ID: <CA+RyBmWTUks=Y2rPFmpgpXFDNSMjz92Csd7MfNeaaYWGA_ZpcQ@mail.gmail.com>
Subject: Re: draft-ietf-bfd-vxlan IESG status
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: The IESG <iesg@ietf.org>, bfd-chairs@ietf.org, draft-ietf-bfd-vxlan@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000a6abf9059d26d845"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/qzitzAFfuKqOLqAx8_BNWKQGpto>
X-Mailman-Approved-At: Mon, 27 Jan 2020 15:05:54 -0800
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 22:44:20 -0000

Dear Jeff,
thank you for the most detailed caption of the IESG reviews and clear
action points to address the outstanding issues.

Dear All,
below are the proposed changes to address the IP TTL/Hop Limit open issue
(also could be reviewed in the attached diff or the new working version of
the draft):
Section 4:
OLD TEXT:
         TTL or Hop Limit: MUST be set to 1 to ensure that the BFD
         packet is not routed within the Layer 3 underlay network.  This
         addresses the scenario when the inner IP destination address is
         of VXLAN gateway and there is a router in underlay which
         removes the VXLAN header, then it is possible to route the
         packet as VXLAN  gateway address is routable address.
NEW TEXT:
         TTL or Hop Limit: MUST be set to 255 in accordance with the
         Generalized TTL Security Mechanism (GTSM) [RFC5082].

Section 5:
appended the last paragraph with:
NEW TEXT:
   Validation of TTL or Hop Limit of the inner IP
   packet is performed as described in Section 5 [RFC5881].

Section 9:
removed the first paragraph:
OLD TEXT:
   The document requires setting the inner IP TTL to 1, which could be
   used as a DDoS attack vector.  Thus the implementation MUST have
   throttling in place to control the rate of BFD Control packets sent
   to the control plane.  On the other hand, over-aggressive throttling
   of BFD Control packets may become the cause of the inability to form
   and maintain BFD session at scale.  Hence, throttling of BFD Control
   packets SHOULD be adjusted to permit BFD to work according to its
   procedures.

Updated the last paragraph:
OLD TEXT:
   Other than inner IP TTL set to 1 and limit the number of BFD sessions
   between the same pair of VTEPs, this specification does not raise any
   additional security issues beyond those of the specifications
   referred to in the list of normative references.
NEW TEXT:
   Other than requiring control of the number of BFD sessions between
   the same pair of VTEPs, this specification does not raise any
   additional security issues beyond those discussed in [RFC5880],
   [RFC5881], and [RFC7348].


On Mon, Jan 27, 2020 at 2:11 PM Jeffrey Haas <jhaas@pfrc.org> wrote:

> Much like the BFD Working Group discussion on the BFD for vxlan feature,
> the
> IESG review for the draft has reached a stage where it is difficult to
> determine what the related actions are.  (IESG take note for tools
> discussion!)
>
> This email is an attempt to kick the conversation back into gear.
>
> My notes here are based on the current status of the document tracked here:
> https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/ballot/
>
> My comments on the draft are based on the -10 version of the draft as
> currently published.
>
> ---
>
> Open Issue 1: Discussion on TTL/Hop Limit = 1
>
> Proposed Action: Greg has proposed text he will send to the working group
> suggesting GTSM procedures be utilized.  The expected concern is how this
> impacts existing implementations.
>
> ---
>
> Open Issue 2: Document Status should be Informational rather than Proposed
> Standard.
>
> Proposed Action: Greg should make the document Informational.  Prior WG
> discussion suggested that we don't really care what level it should be at,
> and had actually requested IESG guidance long ago via our AD.
>
> ---
>
> Open Issue 3: dst IP/MAC assignment procedures for inner VXLAN headers.
> (DISCUSS via Benjamin K.)  Specifically per-VNI form rather than strictly
> VTEP-to-VTEP mode.
>
> Issue Comment 1 (Benjamin K.): This is "a namespace grab in what is
> essentially the tenant's namespace".
>
> Issue Comment 2 (Jeff H.): Joel Halpern flagged this repeatedly as well as
> part of directorate review.
>
> Issue Comment 3 (Benjamin K.): "management VNI does not suffer from this
> namespacing issue".
>
> Issue Comment 4 (Jeff H./Benjamin K.): The concept of a "management VNI" is
> not supported by existing standards work, but is accepted as a common
> implementation behavior.
>
> Issue Comment 5: A significant exploration of this set of issues is
> documented in the following thread:
> https://mailarchive.ietf.org/arch/msg/rtg-bfd/SfXfu3pCh9BxaRFrXbEOgGt6xjE/
>
> Proposed Action: Limit the Internet-Draft's applicability to verifying
> connectivity to the management VNI.  "All other uses of the specification
> to
> test toward other vxlan endpoints are out of scope."
>
> In reviewing the thread, my reading of the comments from Santosh, Anoop,
> and
> Dinesh are effectively "don't break existing implementations".  There is
> acknowledge among those in the discusssion that numbering space collisions
> between the protocol codepoints chosen to run as endpoints for the BFD for
> vxlan session and the tenant space are undesirable.  It is generally agreed
> in the thread (IMO) that for the "management VNI" case that this is not
> problematic, although the details of provisioning are still specific to the
> implementation.
>
> By setting the case aside where a test to a specific VTEP may have tenant
> namespace collisions, the document can be cleaned of a lot of unnecessary
> edge cases that are difficult to generally resolve.  Implementations that
> may choose to permit sessions to non-management VNIs will have need to
> resolve how to deal with collisions.
>
> ---
>
> Open Issue 4: "multicast service node" text (COMMENT via Benjamin K.)
>
> Proposed Action: Incorporate suggested text from Benjamin K. to clarify
> text
> in -10.
>
> ---
>
> Open Issue 5: Comma parsing issue (COMMENT via Benjamin K.)
>
> Proposed Action: Accept Benjamin's suggested changes.  (RFC Editor will win
> the day here though!)
>
> ---
>
> Open Issue 6: "Section 3, MUST NOT be forwarded to a VM" (COMMENT via
> Benjamin K.)
>
> Proposed Action: The fate of this issue is tied to Open Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 7: "::FFFF:7F00:0/104 IPv6 range" (COMMENT via Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 8: "Section 4: MUST ensure that the BFD Control packet is not
> forwarded to a tenant but is processed locally at the remote VTEP" (COMMENT
> via Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 9: "Destination MAC: This MUST NOT be of one of tenant's MAC
> addresses." (COMMENT via Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 10: "The details of how the MAC address is obtained are outside
> the scope of this document." (COMMENT via Benjamin K.)
>
> Proposed Action: None.  Reason 1: If we go with only the management VNI,
> provisioning remains an easy answer.  Reason 2: If we go with VNI-to-VNI
> mode, it's not unreasonable for the environment to claim a MAC address.
> This is no different than a switch itself.  Collisions would be handled via
> updated configuration.
>
> ---
>
> Open Issue 11: "dst IP header MUST NOT be one of tenant's" (COMMENT via
> Benjamin
> K.)
>
> Comment 1 (Jeff H.): The loopback range as a destination would serve to
> catch BFD traffic in either VNI-to-VNI or VTEP-to-VTEP mode.  I think this
> is more clearly understood after the IESG reviewed the existing mechanisms
> using the loopback address range in existing RFCs.
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 12: "Section 5, BFD dst mac collision with tenant" (COMMENT via
> Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 13: "The UDP destination port and the TTL of the inner IP packet
> MUST be validated to determine if the received packet can be processed by
> BFD." (COMMENT via Benjamin K.)
>
> Proposed Action: Provide reference to RFC 5880/5881 sections covering
> existing BFD procedure.  Do not copy and paste from them.
>
> ---
>
> Open Issue 14: "nits ... then the BFD session" (COMMENT via Benjamin K.)
>
> Proposed Action: Accept grammar correction.
>
> ---
>
> Open Issue 15: "Section 6" (COMMENT via Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.  In particular, this section attempts to
> justify VNI-to-VNI mode poorly.
>
> ---
>
> Open Issue 16: "Section 9" regarding mis-forwarding/filtering of BFD
> traffic
> toward tenant (COMMENT via Benjamin K.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> (Alvaro's DISCUSSes are covered by the above.)
>
> (Alvaro acknowledged that his COMMENTS were cleared on December 25, 2019)
>
> (Eric V's DISCUSS points are covered by prior open points regarding:
>  - TTL (see Open Issue 1)
>  - Mapped IPv6 addresses were covered in discussion with IESG about
> existing
>    RFC behavior for this range.
>  - The mismatch between document IANA action and shepherd writeup is an
>    artifact of document changes since the shepherd writeup had happened.
>    The document currently has no open IANA actions.
>  - Section 9 issues about TTL were addressed in -09 of the document.)
>
> ---
>
> Open Issue 17: "RFC 5881 (BFD) states that it applies to IPv4/IPv6 tunnels,
> may I infer that this document is only required to address the Ethernet
> encapsulation ? I.e.  specifying the Ethernet MAC addresses?" (COMMENT via
> Eric V.)
>
> Comment 1 (Jeff H.): RFC 5881 addresses single-hop "that is associated with
> an incoming interface".  vxlan requires additional demultiplexing based on
> packet contents and thus the comment is not fully applicable.  This
> document
> (draft-ietf-bfd-vxlan) is intended to cover the vxlan protocol
> encapsulation
> for BFD.
>
> Proposed Action: No action required.
>
> ---
>
> Open Issue 18: "BFD session per VXLAN VNI" (COMMENT via Eric V.)
>
> Proposed Action: I believe this issue's fate is similarly tied to Open
> Issue 3.
> If the proposal is limited solely to management VNI, this text is not
> relevant and may be deleted.
>
> ---
>
> Open Issue 19: "Section 4...FCS" (COMMENT via Eric V.)
>
> Proposed Action: Accept suggested change to "Outer Ethernet FCS"?
>
> ---
>
> Open Issue 20: "using the src mac as the dst mac" (COMMENT via Eric V.)
>
> Proposed Action: ?  I'm unclear what the proposal and comment is here.
>
> ---
>
> (TTL issues noted by Eric V. addressed in Open Issue 1.)
>
> ---
>
> Open Issue 21: "throttling of BFD control packets" (COMMENT via Roman D.)
>
> Proposed Action: The section on throttling is written in a confusing manner
> and is in need of a re-write.
>
> In particular, what's unclear is what is doing the throttling and why?  If
> the comment is intended to say that some forms of rate-limiting of the
> vxlan
> traffic between two systems is in place that it may impact BFD, it should
> say that.  And perhaps once said, omit giving "advice".  "If it hurts,
> don't
> do that."
>
> ---
>
> (COMMENTS from Roman D. addressed in -10 and earlier:
>  - citing specific security considerations applicability
>  - nits
> )
>
> (COMMENT from Suresh K. covered in open issues above.)
>
> (COMMENT from Warren K. regardig loopback network range discussed above.)
>
> ---
>
> Open Issue 22: "terminology isn't" (COMMENT via Warren K.)
>
> Proposed Action: Either rename the section "acronyms used in this document"
> or expand the section to cover the terminology.
>
> ---
>
> (Mirja K. indirects a number of issues to "See Olivier's TSV-ART review",
> which is present in this message:
> https://mailarchive.ietf.org/arch/msg/rtg-bfd/y3xDkvpT-ZodhcaBRHNOSDVByA8/
> )
>
> Open Issue 23: "follow same lookup path needs more explanation"
>
> Proposed Action: Add a sentence explaining that this is to ensure that the
> encapsulated BFD traffic requires following the equivalent data path to
> protect the resource"
>
> ---
>
> Open Issue 24: "Discuss ECMP considerations" (TSV-ART via Olivier B.)
>
> Comment 1 (Jeff H.): I believe this came up in the message thread, but base
> BFD also has similar unclear ECMP behaviors.  The working group has avoided
> trying to standardize anything regarding ECMP since it gets very
> implementation specific.  Some vendors will go out of their way to do
> things
> to mitigate ECMP considerations when BFD is in place; others simply ignore
> it.
>
> Proposed Action: Unclear.  None?
>
> ---
>
> (Minor issues report by Olivier B. that have been addressed in -10 or
>  earlier:
>  - p2p vxlan tunnel wording
>  - VNI has been added to section 2.1
>  - "figure 1 could take less space" - not addressed.
>  - section 4 flattened to remove unnecessary sub-sections
>  - "dedicated mac" address no longer in current versions of document
>  - "v4 in v6 / v6 in v4, etc." - intentionally unspecified since arbitrary
>    encapsulations are supported by specification.  Implementations may have
>    specific limitations.
>  - "section 5 dedicated mac" no longer in the document
>  - "decapsulation procedure reference" I believe has been clarified.)
>
> (Mirja's comment on status is covered by Open Issue 2)
>
> (Comments from Barry L. addressed:
>  - "forming up"
>  - bfd packet/vtep packets/vteps plurality agreement.
>  - "may be configured" clarified.
>  - Section 4.1 "of")
>
> ---
>
> Open Issue 25: "leading to a false negative" (COMMENT via Barry L.)
>
> Proposed Action: The underlying concern in this sentence is that BFD
> packets
> must not be mis-delivered to VMs since there will be no BFD machinery
> present in that VM to execute the BFD procedures and thus sessions will
> drop.  Possible action is to simply delete this sentence since it
> prematurely anticipates procedures later described in the document.
>
> ---
>
> Open Issue 26: "loopback range through a firewall" (COMMENT via Barry L.)
>
> Proposed Action: Accept suggested rewording.
>
> ---
>
> Open Issue 27: "Section 4...addresses the scenario" (COMMENT via Barry L.)
>
> Proposed Action: This sentence needs to be reworded.
>
> ---
>
> (Comments from Adam R. addressed:
>  - Form of ipv6 mapped address.
>  - Usage of loopback network  addresses compared to prior RFCs discussed in
>    thread with IESG.)
>
>
>
>
>
> -- Jeff
>

v2.23.0 | Report a Bug | By Email