< draft-ietf-bfd-vxlan-10.txt | draft-ietf-bfd-vxlan-11.txt > | |||
---|---|---|---|---|
BFD S. Pallagatti, Ed. | BFD S. Pallagatti, Ed. | |||
Internet-Draft VMware | Internet-Draft VMware | |||
Intended status: Standards Track S. Paragiri | Intended status: Standards Track S. Paragiri | |||
Expires: July 11, 2020 Individual Contributor | Expires: July 25, 2020 Individual Contributor | |||
V. Govindan | V. Govindan | |||
M. Mudigonda | M. Mudigonda | |||
Cisco | Cisco | |||
G. Mirsky | G. Mirsky | |||
ZTE Corp. | ZTE Corp. | |||
January 8, 2020 | January 22, 2020 | |||
BFD for VXLAN | BFD for VXLAN | |||
draft-ietf-bfd-vxlan-10 | draft-ietf-bfd-vxlan-11 | |||
Abstract | Abstract | |||
This document describes the use of the Bidirectional Forwarding | This document describes the use of the Bidirectional Forwarding | |||
Detection (BFD) protocol in point-to-point Virtual eXtensible Local | Detection (BFD) protocol in point-to-point Virtual eXtensible Local | |||
Area Network (VXLAN) tunnels used to form an overlay network. | Area Network (VXLAN) tunnels used to form an overlay network. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on July 11, 2020. | This Internet-Draft will expire on July 25, 2020. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 14 ¶ | skipping to change at page 2, line 14 ¶ | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
2. Conventions used in this document . . . . . . . . . . . . . . 3 | 2. Conventions used in this document . . . . . . . . . . . . . . 3 | |||
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 4 | |||
3. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
4. BFD Packet Transmission over VXLAN Tunnel . . . . . . . . . . 6 | 4. BFD Packet Transmission over VXLAN Tunnel . . . . . . . . . . 6 | |||
5. Reception of BFD Packet from VXLAN Tunnel . . . . . . . . . . 8 | 5. Reception of BFD Packet from VXLAN Tunnel . . . . . . . . . . 8 | |||
5.1. Demultiplexing of the BFD Packet . . . . . . . . . . . . 9 | 5.1. Demultiplexing of the BFD Packet . . . . . . . . . . . . 8 | |||
6. Use of the Specific VNI . . . . . . . . . . . . . . . . . . . 9 | 6. Use of the Specific VNI . . . . . . . . . . . . . . . . . . . 9 | |||
7. Echo BFD . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 7. Echo BFD . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 | 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
12.1. Normative References . . . . . . . . . . . . . . . . . . 10 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 10 | |||
12.2. Informational References . . . . . . . . . . . . . . . . 11 | 12.2. Informational References . . . . . . . . . . . . . . . . 11 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
skipping to change at page 3, line 32 ¶ | skipping to change at page 3, line 32 ¶ | |||
availability of a replicator multicast service node. | availability of a replicator multicast service node. | |||
2. Conventions used in this document | 2. Conventions used in this document | |||
2.1. Terminology | 2.1. Terminology | |||
BFD Bidirectional Forwarding Detection | BFD Bidirectional Forwarding Detection | |||
CC Continuity Check | CC Continuity Check | |||
GTSM Generalized TTL Security Mechanism | ||||
p2p Point-to-point | p2p Point-to-point | |||
MSN Multicast Service Node | MSN Multicast Service Node | |||
NVE Network Virtualization Endpoint | NVE Network Virtualization Endpoint | |||
VFI Virtual Forwarding Instance | VFI Virtual Forwarding Instance | |||
VM Virtual Machine | VM Virtual Machine | |||
skipping to change at page 8, line 24 ¶ | skipping to change at page 8, line 24 ¶ | |||
IP header: | IP header: | |||
Destination IP: IP address MUST NOT be of one of tenant's IP | Destination IP: IP address MUST NOT be of one of tenant's IP | |||
addresses. The IP address SHOULD be selected from the range | addresses. The IP address SHOULD be selected from the range | |||
127/8 for IPv4, for IPv6 - from the range ::ffff:127.0.0.0/104. | 127/8 for IPv4, for IPv6 - from the range ::ffff:127.0.0.0/104. | |||
Alternatively, the destination IP address MAY be set to VTEP's | Alternatively, the destination IP address MAY be set to VTEP's | |||
IP address. | IP address. | |||
Source IP: IP address of the originating VTEP. | Source IP: IP address of the originating VTEP. | |||
TTL or Hop Limit: MUST be set to 1 to ensure that the BFD | TTL or Hop Limit: MUST be set to 255 in accordance with the | |||
packet is not routed within the Layer 3 underlay network. This | Generalized TTL Security Mechanism (GTSM) [RFC5082]. | |||
addresses the scenario when the inner IP destination address is | ||||
of the VXLAN gateway and there is a router in the underlay | ||||
which removes the VXLAN header, then it is possible to route | ||||
the packet as VXLAN gateway address is routable address. | ||||
The fields of the UDP header and the BFD Control packet are | The fields of the UDP header and the BFD Control packet are | |||
encoded as specified in [RFC5881]. | encoded as specified in [RFC5881]. | |||
5. Reception of BFD Packet from VXLAN Tunnel | 5. Reception of BFD Packet from VXLAN Tunnel | |||
Once a packet is received, the VTEP MUST validate the packet. If the | Once a packet is received, the VTEP MUST validate the packet. If the | |||
Destination MAC of the inner Ethernet frame matches one of the MAC | Destination MAC of the inner Ethernet frame matches one of the MAC | |||
addresses associated with the VTEP the packet MUST be processed | addresses associated with the VTEP the packet MUST be processed | |||
further. If the Destination MAC of the inner Ethernet frame doesn't | further. If the Destination MAC of the inner Ethernet frame doesn't | |||
match any of VTEP's MAC addresses, then the processing of the | match any of VTEP's MAC addresses, then the processing of the | |||
received VXLAN packet MUST follow the procedures described in | received VXLAN packet MUST follow the procedures described in | |||
Section 4.1 of [RFC7348]. If the BFD session is using the Management | Section 4.1 of [RFC7348]. If the BFD session is using the Management | |||
VNI (Section 6), BFD Control packets with unknown MAC address MUST | VNI (Section 6), BFD Control packets with unknown MAC address MUST | |||
NOT be forwarded to VMs. | NOT be forwarded to VMs. | |||
The UDP destination port and the TTL or Hop Limit of the inner IP | The UDP destination port and the TTL or Hop Limit of the inner IP | |||
packet MUST be validated to determine if the received packet can be | packet MUST be validated to determine if the received packet can be | |||
processed by BFD. | processed by BFD. Validation of TTL or Hop Limit of the inner IP | |||
packet is performed as described in Section 5 [RFC5881]. | ||||
5.1. Demultiplexing of the BFD Packet | 5.1. Demultiplexing of the BFD Packet | |||
Demultiplexing of IP BFD packet has been defined in Section 3 of | Demultiplexing of IP BFD packet has been defined in Section 3 of | |||
[RFC5881]. Since multiple BFD sessions may be running between two | [RFC5881]. Since multiple BFD sessions may be running between two | |||
VTEPs, there needs to be a mechanism for demultiplexing received BFD | VTEPs, there needs to be a mechanism for demultiplexing received BFD | |||
packets to the proper session. For demultiplexing packets with Your | packets to the proper session. For demultiplexing packets with Your | |||
Discriminator equal to 0, a BFD session MUST be identified using the | Discriminator equal to 0, a BFD session MUST be identified using the | |||
logical link over which the BFD Control packet is received. In the | logical link over which the BFD Control packet is received. In the | |||
case of VXLAN, the VNI number identifies that logical link. If BFD | case of VXLAN, the VNI number identifies that logical link. If BFD | |||
skipping to change at page 9, line 43 ¶ | skipping to change at page 9, line 36 ¶ | |||
Support for echo BFD is outside the scope of this document. | Support for echo BFD is outside the scope of this document. | |||
8. IANA Considerations | 8. IANA Considerations | |||
This specification has no IANA action requested. This section may be | This specification has no IANA action requested. This section may be | |||
deleted before the publication. | deleted before the publication. | |||
9. Security Considerations | 9. Security Considerations | |||
The document requires setting the inner IP TTL or Hop Limit to 1, | ||||
which could be used as a DDoS attack vector. Thus the implementation | ||||
MUST have throttling in place to control the rate of BFD Control | ||||
packets sent to the control plane. On the other hand, over- | ||||
aggressive throttling of BFD Control packets may become the cause of | ||||
the inability to form and maintain BFD session at scale. Hence, | ||||
throttling of BFD Control packets SHOULD be adjusted to permit BFD to | ||||
work according to its procedures. | ||||
This document recommends using an address from the Internal host | This document recommends using an address from the Internal host | |||
loopback addresses 127/8 range for IPv4 or an IP4-mapped IPv4 | loopback addresses 127/8 range for IPv4 or an IP4-mapped IPv4 | |||
loopback address from ::ffff:127.0.0.0/104 range for IPv6 as the | loopback address from ::ffff:127.0.0.0/104 range for IPv6 as the | |||
destination IP address in the inner IP header. Using such an address | destination IP address in the inner IP header. Using such an address | |||
prevents the forwarding of the encapsulated BFD control message by a | prevents the forwarding of the encapsulated BFD control message by a | |||
transient node in case the VXLAN tunnel is broken as according to | transient node in case the VXLAN tunnel is broken as according to | |||
[RFC1812]: | [RFC1812]: | |||
A router SHOULD NOT forward, except over a loopback interface, any | A router SHOULD NOT forward, except over a loopback interface, any | |||
packet that has a destination address on network 127. A router | packet that has a destination address on network 127. A router | |||
MAY have a switch that allows the network manager to disable these | MAY have a switch that allows the network manager to disable these | |||
checks. If such a switch is provided, it MUST default to | checks. If such a switch is provided, it MUST default to | |||
performing the checks. | performing the checks. | |||
If the implementation supports establishing multiple BFD sessions | If the implementation supports establishing multiple BFD sessions | |||
between the same pair of VTEPs, there SHOULD be a mechanism to | between the same pair of VTEPs, there SHOULD be a mechanism to | |||
control the maximum number of such sessions that can be active at the | control the maximum number of such sessions that can be active at the | |||
same time. | same time. | |||
Other than setting the value of inner IP TTL or Hop Limit to 1 and | Other than requiring control of the number of BFD sessions between | |||
limit the number of BFD sessions between the same pair of VTEPs, this | the same pair of VTEPs, this specification does not raise any | |||
specification does not raise any additional security issues beyond | additional security issues beyond those discussed in [RFC5880], | |||
those discussed in [RFC5880], [RFC5881], and [RFC7348]. | [RFC5881], and [RFC7348]. | |||
10. Contributors | 10. Contributors | |||
Reshad Rahman | Reshad Rahman | |||
rrahman@cisco.com | rrahman@cisco.com | |||
Cisco | Cisco | |||
11. Acknowledgments | 11. Acknowledgments | |||
Authors would like to thank Jeff Haas of Juniper Networks for his | Authors would like to thank Jeff Haas of Juniper Networks for his | |||
skipping to change at page 11, line 10 ¶ | skipping to change at page 10, line 40 ¶ | |||
[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", | [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", | |||
RFC 1812, DOI 10.17487/RFC1812, June 1995, | RFC 1812, DOI 10.17487/RFC1812, June 1995, | |||
<https://www.rfc-editor.org/info/rfc1812>. | <https://www.rfc-editor.org/info/rfc1812>. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., Ed., and C. | ||||
Pignataro, "The Generalized TTL Security Mechanism | ||||
(GTSM)", RFC 5082, DOI 10.17487/RFC5082, October 2007, | ||||
<https://www.rfc-editor.org/info/rfc5082>. | ||||
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, | |||
<https://www.rfc-editor.org/info/rfc5880>. | <https://www.rfc-editor.org/info/rfc5880>. | |||
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection | |||
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, | (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, | |||
DOI 10.17487/RFC5881, June 2010, | DOI 10.17487/RFC5881, June 2010, | |||
<https://www.rfc-editor.org/info/rfc5881>. | <https://www.rfc-editor.org/info/rfc5881>. | |||
[RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, | [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, | |||
End of changes. 12 change blocks. | ||||
26 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |