Re: BFD over VXLAN: Trapping BFD Control packet at VTEP
Dinesh Dutt <didutt@gmail.com> Wed, 07 August 2019 21:25 UTC
Return-Path: <didutt@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9BB1200DF; Wed, 7 Aug 2019 14:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KjihEJsMDVyu; Wed, 7 Aug 2019 14:25:40 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7022B12003F; Wed, 7 Aug 2019 14:25:39 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id p17so92757162wrf.11; Wed, 07 Aug 2019 14:25:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4LPuOHTp9nUMJ85OpFGrZX2jNLhkr5BOfOuRqolkh30=; b=FAsHnJqjzFUlsSnaUGgvKOzGhFt62CaTXoMDwbNnon+N29vnv+Dtt6PO7fW5TBARlY WPWlHPRS3fpzyu38Zu+tK4na8NYbJoptZIObhF8Lx9TS43yCGudY8l5rpJ4oTtF6dMl2 vhDyQ88Aq65oHLWJ7ri7i4luMDzj6tXTytYF5kVrVd5e1SS3ULPwao8qXOT7akojLUn3 ZpDIgK4IOFrYG2pRRLxzzZKuUuDniHadFvNYtY7guWqIRKE8yIcw4/Ca4KTcoCCJrEY8 1BbDFdL8UWKQKH17o7SNhFuqJqB4Icl1AQYMFXj3MNlweO4e3W3oaMJhTxa8kJ2qQZpm /LnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4LPuOHTp9nUMJ85OpFGrZX2jNLhkr5BOfOuRqolkh30=; b=opWeGHUZi/ualRghXD5mOJvoVmRtigch587M13iSZcZTts2J8MGVKYXWuNs1fdfKL0 f90NU2vnBlefVm7qLmnbJB99D6y59V0fo5Yw8goM4h0NesfH5iL8iRPgHknJlc64x9us b9QHkPtKs99cnrrG2L5G0MAzW0gsSnMiwq0y2eBbMVz2w7btH5ETASy2E5f8shf9V9aP RH9gSx96ARSe/V46vCdfyK1VUwDVN3TOc4OOTbHclkG4unJAi3HEJzEmU6Q/KujfIgtY //po2yX92rcima4TBVCUUY2+Rrt0NWw/3yb5VrxQ9zPoO9t8OTrMBoMVJQv8eRJ3JVLM Ih+w==
X-Gm-Message-State: APjAAAVRvBwYu0zV/RVgQx1VL3PA3NQbPy8cC1uKxyk5TH0f3bo2j4om HaK7xAGumAL4hGwT+cuehSuPk4z0jSD5Bzt4UdI=
X-Google-Smtp-Source: APXvYqyMLdI1SAobb5MQN2CASp7vpp7VjNmMNiQlVk+u15XDYuaVsA+TCcbxVVogrmc9Zq1/a5tXzmSAmdhj4DsqGP8=
X-Received: by 2002:a5d:4b83:: with SMTP id b3mr7568655wrt.104.1565213137569; Wed, 07 Aug 2019 14:25:37 -0700 (PDT)
MIME-Version: 1.0
References: <CA+RyBmW=byLBNfVQSdaEoMf-QnJtj13k788XhbZ9tqH4bcgqNQ@mail.gmail.com> <CAOPNUTBJztjmNgrDyHgMo8-nRazAaXACGJJZ6Lx8z8aRVBM+GA@mail.gmail.com> <CA+RyBmWrM3v37BO8O_VOGG-NJ+UbrtSVQ_2GwW0R+vLkxbtvHw@mail.gmail.com> <CACi9rdvKTLwBQn9mcJksGTW79QTFj0d45DOpDT1Jee4QpGnv3Q@mail.gmail.com> <c57a3cf3-ab77-99df-0f78-104edef3275c@joelhalpern.com> <CACi9rdubTnzgCVZK0syRf3fsrpTU45SpQV57n2rNcNCqk+3+7Q@mail.gmail.com> <CACi9rdsmP8SFwP+Her45XKFwQZ3SQgwLpr62kAY-kP4vZtnFnQ@mail.gmail.com> <CAOPNUTD4nQ4YROxUA9hxdTFOtv4XpmazA=apm2ceuCxt3yM=XA@mail.gmail.com> <bf019ac6-2580-7f9e-66c4-5a24c1b2eb2b@joelhalpern.com> <CAOPNUTC=q4O=QUhFFiuv8UnU1uuCjHYkJV-Oha07NTJ_X7SODQ@mail.gmail.com> <7437a61e-133c-c53e-fd1d-c3a31e4e90a9@joelhalpern.com> <CAOPNUTB+fNXmB8jctUrVh5aAYd-R=CC6cv=1QpzMoYcVs0EUtw@mail.gmail.com> <df39e2b9-598a-5121-525c-f435d72e2184@joelhalpern.com> <CAOPNUTDHu2Ywy2=1eNzM-1jAmSOxOrHXGC2uZ3x7jVb7+vhoig@mail.gmail.com> <7500b927-4b05-0e65-0afc-4bf57770f15c@joelhalpern.com> <CAOPNUTAD9-CSBz2dFvRzyggM2JgemN54JK5p=Qj7weni7QKrHQ@mail.gmail.com> <CAOPNUTCSXm5maOmYnh8_7oxZsCn=9rJPFS7O9P+1a8ie-u=7Cg@mail.gmail.com> <CA+RyBmWqB0oAAgjq5TYTZt9xce=dMzbRrDw8=O-UjWF8ovDLNg@mail.gmail.com> <CAOPNUTCmnEMMN1nvAaMuU+uiREBpLr-86=Ujo+ppdccpFk0kpw@mail.gmail.com> <CA+RyBmW38DY2xaebViT3goj=g3bHY5QrR7ttvKxyB=JmfYW0qg@mail.gmail.com> <CAOPNUTDmhnrrUeJbrQzf=1BT=ezaUkNLqNmkgCNtiGmn148n9g@mail.gmail.com> <CA+RyBmWO-u+xon55UhDkmj-+nS2ogP4WOMR9jdL2RQbQ+JLb4A@mail.gmail.com> <CAOPNUTAUvhVcXAKD9yLW7NJP6T4sM3y_sJpuWJ2L899oswScTQ@mail.gmail.com> <CA+RyBmVYuyVUXWYtwDQsPbvgP88dSanOdTNj=MWVU_-MGvadJA@mail.gmail.com>
In-Reply-To: <CA+RyBmVYuyVUXWYtwDQsPbvgP88dSanOdTNj=MWVU_-MGvadJA@mail.gmail.com>
From: Dinesh Dutt <didutt@gmail.com>
Date: Wed, 07 Aug 2019 14:25:24 -0700
Message-ID: <CAOPNUTD0+Nf61WOzbynFgj9vhM6ADPoA7f16fn4wWpEQgYdhzQ@mail.gmail.com>
Subject: Re: BFD over VXLAN: Trapping BFD Control packet at VTEP
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: "Joel M. Halpern" <jmh@joelhalpern.com>, Santosh P K <santosh.pallagatti@gmail.com>, rtg-bfd WG <rtg-bfd@ietf.org>, "T. Sridhar" <tsridhar@vmware.com>, bfd-chairs@ietf.org, Martin Vigoureux <martin.vigoureux@nokia.com>, draft-ietf-bfd-vxlan@ietf.org
Content-Type: multipart/alternative; boundary="000000000000100f99058f8d9595"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/X2Nitxo-tcrfPDpF_KpJ-DJ1C8M>
X-Mailman-Approved-At: Wed, 07 Aug 2019 14:32:34 -0700
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 21:25:46 -0000
Looks god to me Greg. Thank you for your hard work in this, Dinesh On Wed, Aug 7, 2019 at 9:25 AM Greg Mirsky <gregimirsky@gmail.com> wrote: > Hi Dinesh, Joel, Sridhar, et al., > much appreciate the help you've given me sharing your expertise. I hope > that the updates you will find in the attached diff and the working copy of > the draft be closer to the acceptable solution for VTEP-VTEP BFD. Please > note, that I'll shortly start a new discussion thread to address one of > Carlos's questions on the ambiguity of the text on multiple concurrent > sessions between the same pair of VTEPs. > Please review the changes to Sections 4 and 6 and share your feedback, > suggestions, and questions. > > Regards, > Greg > > On Mon, Aug 5, 2019 at 6:03 PM Dinesh Dutt <didutt@gmail.com> wrote: > >> >> >> On Mon, Aug 5, 2019 at 5:56 PM Greg Mirsky <gregimirsky@gmail.com> wrote: >> >>> Hi Dinesh, >>> thank you for your expedient detailed response. >>> I believe that the ability to run BFD session up to a tenant >>> (VTEP-VTEP-tenant or tenant-tenant) was never in jeopardy from this >>> specification. >>> I'm trying to provide precise specification on what can be used ad the >>> destination MAC and IP addresses in the inner frame/packet as I believe >>> that likely will help to avoid interoperability issues. >>> I'm interested to learn some more about the "martian checking" function. >>> As you know, martian addresses have been used as destination IP address in >>> LSP Ping and BFD over MPLS LSP and PW. I haven't heard that any silicon >>> feature caused problems for operators using these tools. >>> >> >> Interesting. I didn't know this aspect of use with MPLS ping. Did those >> packets ever go through a firewall though? In any case, maybe suggest the >> use of those addresses with a statement that this is how LSP does it, but >> that other MAC/IP pairs are possible as long as the conditions of the >> endpoint owning the MAC/IP was honored. >> >> Dinesh >> >>> >>> Regards, >>> Greg >>> >>> On Mon, Aug 5, 2019 at 3:59 PM Dinesh Dutt <didutt@gmail.com> wrote: >>> >>>> Hi Greg, >>>> >>>> That we agree on the problem definition is the first step forward. Your >>>> original document had my cases covered and so I was surprised by the track >>>> this thread took. It doesn't matter, we're back on track. >>>> >>>> My recommendation is to not worry about specifying the precise MAC/IP >>>> address used in the inner header. The addresses chosen MUST ensure that the >>>> packet is trapped to the control plane of the VTEP and not escape to the >>>> tenant if the BFD is to the VTEP. Any solution MUST also not preclude the >>>> use of the BFD by tenant systems for that VNI. There are many ways an >>>> implementer can choose to implement this. For example, the inner MAC >>>> address is whatever the VTEP implementer would return if ARP'd for the IP >>>> address used in the inner header in the given VNI. The implementer can pick >>>> a fixed MAC address, one that they own etc. Multiple BFD sessions can be >>>> run for testing path connectivity on more than one VNIs. Limits should be >>>> in place to avoid overwhelming the receiver with BFD messages (you had >>>> words about this in your currently published draft). If the VNI is >>>> irrelevant in the test i.e. only the VXLAN pipe at the VTEP is being >>>> tested. the user can use any VNI active on the VTEP on which the VTEP owns >>>> an IP address. >>>> >>>> I'm concerned about the use of 127/8 address only because of firewalls >>>> or implementations that drop packets with these addresses as either the >>>> source or destination. For example, on many merchant silicon, I don't >>>> believe you can turn off martian checking and drops *only* for >>>> VXLAN-encapsulated BFD packets. I don't know what the Linux kernel does >>>> today on such packets, for example (or Hyper-V). I'd like a solution that >>>> doesn't demand additional or new chip functionality or require additional >>>> middle-box hole punch. >>>> >>>> Why do you feel you MUST to specify the MAC/IP address on the inner >>>> packet? What am I missing here? >>>> >>>> Dinesh >>>> >>>> On Mon, Aug 5, 2019 at 3:04 PM Greg Mirsky <gregimirsky@gmail.com> >>>> wrote: >>>> >>>>> Hi Dinesh, >>>>> what do you see as the way forward? I agree, that the proposed text >>>>> doesn't work for multi-VNI concurrent monitoring because these VNIs are >>>>> tenant's VNIs. And in that case, we need to specify another mechanism to >>>>> trap the BFD Control packet at VTEP. It seems that VTEP's Ethernet address >>>>> must be used as the destination MAC address in the inner Ethernet frame. >>>>> The destination IP address may be either VTEP's address of martian (I do >>>>> prefer martian). Let me give it try: >>>>> NEW TEXT: >>>>> >>>>> To monitor continuity of the path between two VTEPs, an operator MUST >>>>> select a VNI number to be used as Management VNI. Management VNI number >>>>> MUST NOT be one of the tenant's VNIs to prevent sending VXLAN packets >>>>> received on Management VNI to a tenant. VNI number 1 is RECOMMENDED as the >>>>> default for Management VNI. [Ed.note: What we set the Destination MAC to? >>>>> Can it be invalid MAC that MUST be ignored on receipt?] >>>>> >>>>> If an implementation supports concurrent monitoring of multiple VNIs, >>>>> then the value of VNI number MAY be one of tenant's VNIs. The destination >>>>> MAC address in the inner Ethernet frame encapsulating BFD Control packet >>>>> MUST be MAC associated with the remote VTEP. >>>>> The destination IP address of the inner IP packet MUST be selected >>>>> from the range 127/8 for IPv4, and for IPv6 from the range >>>>> 0:0:0:0:0:FFFF:7F00:0/104. The TTL value in the inner IP header MUST be set >>>>> to 1. >>>>> >>>>> Regards, >>>>> Greg >>>>> >>>>> On Sun, Aug 4, 2019 at 9:07 AM Dinesh Dutt <didutt@gmail.com> wrote: >>>>> >>>>>> Hi Greg, >>>>>> >>>>>> Thanks for your clarifications. I agree with your sentiment on why >>>>>> you're running BFD over VXLAN between VTEPs. I wasn't arguing against it at >>>>>> all. All I was saying was pointing to the limitations of the use of >>>>>> management VNI. I spoke to some operators who're running EVPN and mentioned >>>>>> the discussion on this thread. They concur that they're using specific VNIs >>>>>> to test connectivity over that VNI between VTEPs to ensure misconfiguration >>>>>> doesn't lead to blackholes. My statements are based in real world operator >>>>>> experience. And I was providing language that ensured packets didn't leak >>>>>> across to tenants when they were destined to VTEPs. >>>>>> >>>>>> Dinesh >>>>>> >>>>>> On Sat, Aug 3, 2019 at 10:34 AM Greg Mirsky <gregimirsky@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Hi Dinesh, >>>>>>> many thanks for your detailed updates on how some implementations >>>>>>> process VXLAN header and the inner Ethernet frame. These are very helpful >>>>>>> in achieving the workable solution for the problem at hand. >>>>>>> You've noted that a path between VTEPs may be monitored in the >>>>>>> underlay network by merely establishing a BFD session. That is true, but by >>>>>>> using BFD with VXLAN encapsulation between the pair of VTEPs we are >>>>>>> extending the OAM domain by including, to some extent, VXLAN forwarding >>>>>>> engine. Abstract in RFC 5880 defines the goal and the domain in which BFD >>>>>>> protocol can detect a fault as: >>>>>>> This document describes a protocol intended to detect faults in >>>>>>> the >>>>>>> bidirectional path between two forwarding engines, including >>>>>>> interfaces, data link(s), and to the extent possible the >>>>>>> forwarding >>>>>>> engines themselves, with potentially very low latency. >>>>>>> Thus, BFD in the underlay will exercise a part of IP forwarding >>>>>>> engine while BFD with VXLAN encapsulation, ran between the same pair of >>>>>>> VTEPs, extends the OAM domain. At the same time, defining BFD between >>>>>>> tenant systems in outside the goal of this specification. But VXLAN BFD >>>>>>> session between VTEPs may be useful in monitoring e2e path between tenants, >>>>>>> as described in the update to -07: >>>>>>> At the same time, a service layer BFD session may be used between >>>>>>> the >>>>>>> tenants of VTEPs IP1 and IP2 to provide end-to-end fault >>>>>>> management. >>>>>>> In such case, for VTEPs BFD control packets of that session are >>>>>>> indistinguishable from data packets. If end-to-end defect >>>>>>> detection >>>>>>> is realized as the set of concatenated OAM domains, e.g., VM1-1 - >>>>>>> IP1 >>>>>>> -- IP2 - VM2-1, then the BFD session over VXLAN between VTEPs >>>>>>> SHOULD >>>>>>> follow the procedures described in Section 6.8.17 [RFC5880]. >>>>>>> I've attached the current working version of the draft. >>>>>>> >>>>>>> Regards, >>>>>>> Greg >>>>>>> >>>>>>> >>>>>>> On Fri, Aug 2, 2019 at 5:43 PM Dinesh Dutt <didutt@gmail.com> wrote: >>>>>>> >>>>>>>> What I mean is "How do you infer that it excludes the case I'm >>>>>>>> talking about?". >>>>>>>> >>>>>>>> Dinesh >>>>>>>> >>>>>>>> On Fri, Aug 2, 2019 at 5:41 PM Dinesh Dutt <didutt@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> The abstract reads this: " >>>>>>>>> >>>>>>>>> This document describes the use of the Bidirectional Forwarding >>>>>>>>> Detection (BFD) protocol in point-to-point Virtual eXtensible Local >>>>>>>>> Area Network (VXLAN) tunnels forming up an overlay network." >>>>>>>>> >>>>>>>>> How do you infer what you said? >>>>>>>>> >>>>>>>>> Dinesh >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Aug 2, 2019 at 5:38 PM Joel M. Halpern < >>>>>>>>> jmh@joelhalpern.com> wrote: >>>>>>>>> >>>>>>>>>> I am going by what the draft says its purpose is. If you >>>>>>>>>> (Dinesh) want >>>>>>>>>> the draft to fulfill a different purpose, then either ask the >>>>>>>>>> chairs to >>>>>>>>>> take this draft back to the WG, or write a separate draft. >>>>>>>>>> As currently written, the behavior Greg proposed meets the needs, >>>>>>>>>> and >>>>>>>>>> does so in a way that is consistent with VxLAN. >>>>>>>>>> >>>>>>>>>> Yours, >>>>>>>>>> Joel >>>>>>>>>> >>>>>>>>>> On 8/2/2019 8:30 PM, Dinesh Dutt wrote: >>>>>>>>>> > What is the stated purpose of this BFD session? The VTEP >>>>>>>>>> reachability is >>>>>>>>>> > determined by the underlay, I don't need VXLAN-encaped packet >>>>>>>>>> for that. >>>>>>>>>> > Do we agree? >>>>>>>>>> > >>>>>>>>>> > If I want to test the VXLAN encap/decap functionality alone, >>>>>>>>>> picking any >>>>>>>>>> > single VNI maybe fine. But is this all any network operator >>>>>>>>>> wants? Why? >>>>>>>>>> > In what situations has this been a problem? I suspect operators >>>>>>>>>> also >>>>>>>>>> > want to verify path continuity over a specific VNI. If you say >>>>>>>>>> this is >>>>>>>>>> > not defined by the document, I disagree because the current >>>>>>>>>> version >>>>>>>>>> > talks about controlling the number of BFD sessions between the >>>>>>>>>> VTEPs >>>>>>>>>> > (see section 3). More importantly, this is a real problem that >>>>>>>>>> operators >>>>>>>>>> > like to verify. >>>>>>>>>> > >>>>>>>>>> > Dinesh >>>>>>>>>> > >>>>>>>>>> > On Fri, Aug 2, 2019 at 5:08 PM Joel M. Halpern < >>>>>>>>>> jmh@joelhalpern.com >>>>>>>>>> > <mailto:jmh@joelhalpern.com>> wrote: >>>>>>>>>> > >>>>>>>>>> > What is special about the management VNI is precisely that >>>>>>>>>> it is NOT a >>>>>>>>>> > tenant VNI. The VxLAN administration does know how it >>>>>>>>>> allocates VNI to >>>>>>>>>> > tenants, and which VNI it has allocated. In contrast, it >>>>>>>>>> does not know >>>>>>>>>> > which IP addresses or MAC adddresses teh tenant is using or >>>>>>>>>> may plan >>>>>>>>>> > to use. >>>>>>>>>> > >>>>>>>>>> > Yours, >>>>>>>>>> > Joel >>>>>>>>>> > >>>>>>>>>> > On 8/2/2019 6:41 PM, Dinesh Dutt wrote: >>>>>>>>>> > > The assumption of an IP address within any VNI is >>>>>>>>>> suspect that way. >>>>>>>>>> > > What's special about a single VNI, the management VNI? >>>>>>>>>> The VTEP IP >>>>>>>>>> > > address does not belong in reality in any VNI. >>>>>>>>>> > > >>>>>>>>>> > > Dinesh >>>>>>>>>> > > >>>>>>>>>> > > On Fri, Aug 2, 2019 at 3:17 PM Joel M. Halpern >>>>>>>>>> > <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> >>>>>>>>>> > > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>> >>>>>>>>>> wrote: >>>>>>>>>> > > >>>>>>>>>> > > Your response seems to miss two points: >>>>>>>>>> > > >>>>>>>>>> > > First, the problem you describe is not what the >>>>>>>>>> document says >>>>>>>>>> > it is >>>>>>>>>> > > solving. To the degree it discusses it at all, the >>>>>>>>>> document >>>>>>>>>> > says " >>>>>>>>>> > > In >>>>>>>>>> > > most cases, a single BFD session is sufficient for >>>>>>>>>> the given >>>>>>>>>> > VTEP to >>>>>>>>>> > > monitor the reachability of a remote VTEP, >>>>>>>>>> regardless of the >>>>>>>>>> > number of >>>>>>>>>> > > VNIs in common. " >>>>>>>>>> > > >>>>>>>>>> > > Second, you assume the existence of an IP address >>>>>>>>>> for a VTEP >>>>>>>>>> > within a >>>>>>>>>> > > VNI. As with the MAC address, the VTEP does not >>>>>>>>>> have an IP >>>>>>>>>> > address >>>>>>>>>> > > within the VNI. Some implementations may have >>>>>>>>>> created such a >>>>>>>>>> > thing, >>>>>>>>>> > > but >>>>>>>>>> > > the general construct, as defined to date, does not >>>>>>>>>> support such. >>>>>>>>>> > > >>>>>>>>>> > > In short, you are requiring a behavior that violates >>>>>>>>>> the >>>>>>>>>> > architectural >>>>>>>>>> > > structure of overlay / underlay separation, and >>>>>>>>>> common >>>>>>>>>> > usage. And you >>>>>>>>>> > > are doing so to support a use case that the working >>>>>>>>>> group has not >>>>>>>>>> > > indicated in the document as important. >>>>>>>>>> > > >>>>>>>>>> > > Yours, >>>>>>>>>> > > Joel >>>>>>>>>> > > >>>>>>>>>> > > On 8/2/2019 5:01 PM, Dinesh Dutt wrote: >>>>>>>>>> > > > Joel, >>>>>>>>>> > > > >>>>>>>>>> > > > You understood correctly. >>>>>>>>>> > > > >>>>>>>>>> > > > The VNIs may not share fate due to >>>>>>>>>> misconfiguration. And I >>>>>>>>>> > strongly >>>>>>>>>> > > > suspect someone will want to use BFD for that >>>>>>>>>> because its >>>>>>>>>> > about >>>>>>>>>> > > checking >>>>>>>>>> > > > path continuity as stated by the draft. As long >>>>>>>>>> as there's a >>>>>>>>>> > > valid IP >>>>>>>>>> > > > (because it's BFD) owned by the VTEP in that VNI, >>>>>>>>>> you can >>>>>>>>>> > use BFD in >>>>>>>>>> > > > that VNI. Thats all that you need to dictate. >>>>>>>>>> That IP address >>>>>>>>>> > > has a MAC >>>>>>>>>> > > > address and you can use that on the inner frame. >>>>>>>>>> That is >>>>>>>>>> > all normal >>>>>>>>>> > > > VXLAN processing. The outer IP is always that of >>>>>>>>>> the VTEP. >>>>>>>>>> > > > >>>>>>>>>> > > > Dinesh >>>>>>>>>> > > > >>>>>>>>>> > > > On Fri, Aug 2, 2019 at 11:03 AM Joel M. Halpern >>>>>>>>>> > > <jmh@joelhalpern.com <mailto:jmh@joelhalpern.com> >>>>>>>>>> > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>> >>>>>>>>>> > > > <mailto:jmh@joelhalpern.com <mailto: >>>>>>>>>> jmh@joelhalpern.com> >>>>>>>>>> > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>>> >>>>>>>>>> wrote: >>>>>>>>>> > > > >>>>>>>>>> > > > If I am reading your various emails correctly >>>>>>>>>> Dinesh >>>>>>>>>> > (and I >>>>>>>>>> > > may have >>>>>>>>>> > > > missed something) you are trying to use the >>>>>>>>>> MAC address >>>>>>>>>> > > because you >>>>>>>>>> > > > want >>>>>>>>>> > > > to be able to send these BFD packets over >>>>>>>>>> arbitrary VNI to >>>>>>>>>> > > monitor the >>>>>>>>>> > > > VNI. That is not a requirement identified in >>>>>>>>>> the >>>>>>>>>> > document. >>>>>>>>>> > > It is not >>>>>>>>>> > > > even a problem I understand, since all the >>>>>>>>>> VNI between an >>>>>>>>>> > > ingress and >>>>>>>>>> > > > egress VTEP share fate. >>>>>>>>>> > > > >>>>>>>>>> > > > Yours, >>>>>>>>>> > > > Joel >>>>>>>>>> > > > >>>>>>>>>> > > > On 8/2/2019 1:44 PM, Dinesh Dutt wrote: >>>>>>>>>> > > > > Thanks for verifying this. On Linux and >>>>>>>>>> hardware >>>>>>>>>> > routers >>>>>>>>>> > > that I'm >>>>>>>>>> > > > aware >>>>>>>>>> > > > > of (Cisco circa 2012 and Cumulus), the >>>>>>>>>> physical MAC >>>>>>>>>> > address is >>>>>>>>>> > > > reused >>>>>>>>>> > > > > across the VNIs on the VTEP. Did you check >>>>>>>>>> on a non-VMW >>>>>>>>>> > > device? >>>>>>>>>> > > > This is >>>>>>>>>> > > > > more for my own curiosity. >>>>>>>>>> > > > > >>>>>>>>>> > > > > To address the general case, can we not >>>>>>>>>> define a >>>>>>>>>> > > well-known (or >>>>>>>>>> > > > reserve >>>>>>>>>> > > > > one) unicast MAC address for use with >>>>>>>>>> VTEP? If the MAC >>>>>>>>>> > > address is >>>>>>>>>> > > > > configurable in BFD command, this can be >>>>>>>>>> moot. >>>>>>>>>> > > > > >>>>>>>>>> > > > > Dinesh >>>>>>>>>> > > > > >>>>>>>>>> > > > > On Fri, Aug 2, 2019 at 10:27 AM Santosh P K >>>>>>>>>> > > > > <santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>>>>> wrote: >>>>>>>>>> > > > > >>>>>>>>>> > > > > I have cross checked point raised >>>>>>>>>> about MAC address >>>>>>>>>> > > usage. It is >>>>>>>>>> > > > > possible that tenant could be using >>>>>>>>>> physical MAC >>>>>>>>>> > > address and >>>>>>>>>> > > > when a >>>>>>>>>> > > > > packet comes with valid VNI with a MAC >>>>>>>>>> address >>>>>>>>>> > that is >>>>>>>>>> > > being >>>>>>>>>> > > > used by >>>>>>>>>> > > > > tenant then packet will be sent to >>>>>>>>>> that tenant. >>>>>>>>>> > This rules >>>>>>>>>> > > > out the >>>>>>>>>> > > > > fact that we could use physical MAC >>>>>>>>>> address as >>>>>>>>>> > inner >>>>>>>>>> > > MAC to >>>>>>>>>> > > > ensure >>>>>>>>>> > > > > packets get terminated at VTEP itself. >>>>>>>>>> > > > > >>>>>>>>>> > > > > Thanks >>>>>>>>>> > > > > Santosh P K >>>>>>>>>> > > > > >>>>>>>>>> > > > > On Wed, Jul 31, 2019 at 11:00 AM >>>>>>>>>> Santosh P K >>>>>>>>>> > > > > <santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>> >>>>>>>>>> > > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com> >>>>>>>>>> > > <mailto:santosh.pallagatti@gmail.com >>>>>>>>>> > <mailto:santosh.pallagatti@gmail.com>>>>> >>>>>>>>>> > > > > wrote: >>>>>>>>>> > > > > >>>>>>>>>> > > > > Joel, >>>>>>>>>> > > > > Thanks for your inputs. I >>>>>>>>>> checked >>>>>>>>>> > > implementation within >>>>>>>>>> > > > > Vmware. Perhaps I should have been >>>>>>>>>> more clear >>>>>>>>>> > > about MAC >>>>>>>>>> > > > address >>>>>>>>>> > > > > space while checking internally. I >>>>>>>>>> will cross >>>>>>>>>> > > check again for >>>>>>>>>> > > > > the same and get back on this list. >>>>>>>>>> > > > > >>>>>>>>>> > > > > Thanks >>>>>>>>>> > > > > Santosh P K >>>>>>>>>> > > > > >>>>>>>>>> > > > > On Wed, Jul 31, 2019 at 10:54 AM >>>>>>>>>> Joel M. >>>>>>>>>> > Halpern >>>>>>>>>> > > > > <jmh@joelhalpern.com >>>>>>>>>> > <mailto:jmh@joelhalpern.com> <mailto:jmh@joelhalpern.com >>>>>>>>>> > <mailto:jmh@joelhalpern.com>> >>>>>>>>>> > > <mailto:jmh@joelhalpern.com <mailto: >>>>>>>>>> jmh@joelhalpern.com> >>>>>>>>>> > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>> >>>>>>>>>> > > > <mailto:jmh@joelhalpern.com >>>>>>>>>> > <mailto:jmh@joelhalpern.com> <mailto:jmh@joelhalpern.com >>>>>>>>>> > <mailto:jmh@joelhalpern.com>> >>>>>>>>>> > > <mailto:jmh@joelhalpern.com <mailto: >>>>>>>>>> jmh@joelhalpern.com> >>>>>>>>>> > <mailto:jmh@joelhalpern.com <mailto:jmh@joelhalpern.com>>>>> >>>>>>>>>> wrote: >>>>>>>>>> > > > > >>>>>>>>>> > > > > Sorry to ask a stupid >>>>>>>>>> question. Whose >>>>>>>>>> > > implementation? >>>>>>>>>> > > > > >>>>>>>>>> > > > > The reason I ask is that as >>>>>>>>>> far as I >>>>>>>>>> > can tell, >>>>>>>>>> > > since the >>>>>>>>>> > > > > tenant does not >>>>>>>>>> > > > > have any control access to the >>>>>>>>>> VTEP, >>>>>>>>>> > there is no >>>>>>>>>> > > > reason for >>>>>>>>>> > > > > the VTEP to >>>>>>>>>> > > > > have a MAC address in the >>>>>>>>>> tenant >>>>>>>>>> > space. Yes, the >>>>>>>>>> > > > device has >>>>>>>>>> > > > > a physical >>>>>>>>>> > > > > MAC address. But the tenant >>>>>>>>>> could well be >>>>>>>>>> > > using that MAC >>>>>>>>>> > > > > address. Yes, >>>>>>>>>> > > > > they would be violating the >>>>>>>>>> Ethernet spec. >>>>>>>>>> > > But the whole >>>>>>>>>> > > > > point of >>>>>>>>>> > > > > segregation is not to care >>>>>>>>>> about such >>>>>>>>>> > issues. >>>>>>>>>> > > > > >>>>>>>>>> > > > > On the other hand, if you tell >>>>>>>>>> me that >>>>>>>>>> > the VMWare >>>>>>>>>> > > > > implementation has an >>>>>>>>>> > > > > Ethernet address that is part >>>>>>>>>> of the tenant >>>>>>>>>> > > space, well, >>>>>>>>>> > > > > they made up >>>>>>>>>> > > > > this particular game. >>>>>>>>>> > > > > >>>>>>>>>> > > > > Yours, >>>>>>>>>> > > > > Joel >>>>>>>>>> > > > > >>>>>>>>>> > > > > On 7/31/2019 1:44 PM, Santosh >>>>>>>>>> P K wrote: >>>>>>>>>> > > > > > I have checked with >>>>>>>>>> implementation >>>>>>>>>> > in data >>>>>>>>>> > > path. >>>>>>>>>> > > > When we >>>>>>>>>> > > > > receive a >>>>>>>>>> > > > > > packet with valid VNI then >>>>>>>>>> lookup >>>>>>>>>> > for MAC will >>>>>>>>>> > > > happen and >>>>>>>>>> > > > > it is VTEP own >>>>>>>>>> > > > > > MAC then it will be trapped >>>>>>>>>> to control >>>>>>>>>> > > plane for >>>>>>>>>> > > > > processing. I think we >>>>>>>>>> > > > > > can have following options >>>>>>>>>> > > > > > 1. Optional managment VNI >>>>>>>>>> > > > > > 2. Mandatory inner MAC set >>>>>>>>>> to VTEP mac >>>>>>>>>> > > > > > 3. Inner IP TTL set to 1 to >>>>>>>>>> avoid >>>>>>>>>> > > forwarding of packet >>>>>>>>>> > > > > via inner IP >>>>>>>>>> > > > > > address. >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Thoughts? >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Thansk >>>>>>>>>> > > > > > Santosh P K >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > On Wed, Jul 31, 2019 at >>>>>>>>>> 9:20 AM Greg >>>>>>>>>> > Mirsky >>>>>>>>>> > > > > <gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > <mailto:gregimirsky@gmail.com <mailto:gregimirsky@gmail.com >>>>>>>>>> > >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com> >>>>>>>>>> > <mailto:gregimirsky@gmail.com <mailto:gregimirsky@gmail.com >>>>>>>>>> >>>> >>>>>>>>>> > > > > > <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>> >>>>>>>>>> > > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>>>>> wrote: >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Hi Dinesh, >>>>>>>>>> > > > > > thank you for your >>>>>>>>>> consideration >>>>>>>>>> > of the >>>>>>>>>> > > > proposal and >>>>>>>>>> > > > > questions. What >>>>>>>>>> > > > > > would you see as the >>>>>>>>>> scope of >>>>>>>>>> > testing the >>>>>>>>>> > > > > connectivity for the >>>>>>>>>> > > > > > specific VNI? If it is >>>>>>>>>> > > tenant-to-tenant, then >>>>>>>>>> > > > VTEPs >>>>>>>>>> > > > > will treat these >>>>>>>>>> > > > > > packets as regular user >>>>>>>>>> frames. More >>>>>>>>>> > > likely, these >>>>>>>>>> > > > > could be Layer 2 >>>>>>>>>> > > > > > OAM, e.g. CCM frames. >>>>>>>>>> The reason >>>>>>>>>> > to use >>>>>>>>>> > > 127/8 for >>>>>>>>>> > > > > IPv4, and >>>>>>>>>> > > > > > >>>>>>>>>> 0:0:0:0:0:FFFF:7F00:0/104 for >>>>>>>>>> > IPv6 is >>>>>>>>>> > > to safeguard >>>>>>>>>> > > > > from leaking >>>>>>>>>> > > > > > Ethernet frames with >>>>>>>>>> BFD Control >>>>>>>>>> > packet >>>>>>>>>> > > to a >>>>>>>>>> > > > tenant. >>>>>>>>>> > > > > > You've suggested using >>>>>>>>>> a MAC >>>>>>>>>> > address to >>>>>>>>>> > > trap the >>>>>>>>>> > > > > control packet at >>>>>>>>>> > > > > > VTEP. What that address >>>>>>>>>> could be? We >>>>>>>>>> > > had proposed >>>>>>>>>> > > > > using the >>>>>>>>>> > > > > > dedicated MAC and >>>>>>>>>> VTEP's MAC and >>>>>>>>>> > both >>>>>>>>>> > > raised >>>>>>>>>> > > > concerns >>>>>>>>>> > > > > among VXLAN >>>>>>>>>> > > > > > experts. The idea of >>>>>>>>>> using >>>>>>>>>> > Management >>>>>>>>>> > > VNI may >>>>>>>>>> > > > be more >>>>>>>>>> > > > > acceptable >>>>>>>>>> > > > > > based on its similarity >>>>>>>>>> to the >>>>>>>>>> > practice >>>>>>>>>> > > of using >>>>>>>>>> > > > > Management VLAN. >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Regards, >>>>>>>>>> > > > > > Greg >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > On Wed, Jul 31, 2019 at >>>>>>>>>> 12:03 PM >>>>>>>>>> > Dinesh >>>>>>>>>> > > Dutt >>>>>>>>>> > > > > <didutt@gmail.com >>>>>>>>>> > <mailto:didutt@gmail.com> <mailto:didutt@gmail.com >>>>>>>>>> > <mailto:didutt@gmail.com>> >>>>>>>>>> > > <mailto:didutt@gmail.com <mailto:didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>>> >>>>>>>>>> > > > <mailto:didutt@gmail.com <mailto: >>>>>>>>>> didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>> >>>>>>>>>> > > <mailto:didutt@gmail.com <mailto:didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>>>> >>>>>>>>>> > > > > > <mailto: >>>>>>>>>> didutt@gmail.com >>>>>>>>>> > <mailto:didutt@gmail.com> >>>>>>>>>> > > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>> >>>>>>>>>> > > > <mailto:didutt@gmail.com <mailto: >>>>>>>>>> didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>>> >>>>>>>>>> > > <mailto:didutt@gmail.com <mailto:didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>> >>>>>>>>>> > > > <mailto:didutt@gmail.com <mailto: >>>>>>>>>> didutt@gmail.com> >>>>>>>>>> > <mailto:didutt@gmail.com <mailto:didutt@gmail.com>>>>>> >>>>>>>>>> > > > > wrote: >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Hi Greg, >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > As long as the >>>>>>>>>> inner MAC >>>>>>>>>> > address is >>>>>>>>>> > > such >>>>>>>>>> > > > that the >>>>>>>>>> > > > > packet is >>>>>>>>>> > > > > > trapped to the CPU, >>>>>>>>>> it should be >>>>>>>>>> > > fine for >>>>>>>>>> > > > use as >>>>>>>>>> > > > > an inner MAC is >>>>>>>>>> > > > > > it not? Stating >>>>>>>>>> that is >>>>>>>>>> > better than >>>>>>>>>> > > trying to >>>>>>>>>> > > > > force a management >>>>>>>>>> > > > > > VNI. What if >>>>>>>>>> someone wants >>>>>>>>>> > to test >>>>>>>>>> > > > connectivity >>>>>>>>>> > > > > on a specific >>>>>>>>>> > > > > > VNI? I would not >>>>>>>>>> pick a >>>>>>>>>> > loopback IP >>>>>>>>>> > > > address for >>>>>>>>>> > > > > this since that >>>>>>>>>> > > > > > address range is >>>>>>>>>> host/node local >>>>>>>>>> > > only. Is >>>>>>>>>> > > > there a >>>>>>>>>> > > > > reason you're >>>>>>>>>> > > > > > not using the VTEP >>>>>>>>>> IP as the >>>>>>>>>> > inner IP >>>>>>>>>> > > > address ? >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Dinesh >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > On Wed, Jul 31, >>>>>>>>>> 2019 at 5:48 AM >>>>>>>>>> > > Greg Mirsky >>>>>>>>>> > > > > > < >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>> >>>>>>>>>> > > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>>> <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> <mailto: >>>>>>>>>> gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>> >>>>>>>>>> > > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com <mailto: >>>>>>>>>> gregimirsky@gmail.com>> >>>>>>>>>> > > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com> >>>>>>>>>> > > <mailto:gregimirsky@gmail.com >>>>>>>>>> > <mailto:gregimirsky@gmail.com>>>>>> wrote: >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Dear All, >>>>>>>>>> > > > > > thank you for >>>>>>>>>> your comments, >>>>>>>>>> > > > suggestions on >>>>>>>>>> > > > > this issue, >>>>>>>>>> > > > > > probably the >>>>>>>>>> most >>>>>>>>>> > challenging >>>>>>>>>> > > for this >>>>>>>>>> > > > > specification. In the >>>>>>>>>> > > > > > course of our >>>>>>>>>> discussions, >>>>>>>>>> > > we've agreed to >>>>>>>>>> > > > > abandon the >>>>>>>>>> > > > > > request to >>>>>>>>>> allocate the >>>>>>>>>> > > dedicated MAC >>>>>>>>>> > > > address >>>>>>>>>> > > > > to be used as >>>>>>>>>> > > > > > the destination >>>>>>>>>> MAC >>>>>>>>>> > address in >>>>>>>>>> > > the inner >>>>>>>>>> > > > > Ethernet frame. >>>>>>>>>> > > > > > Also, earlier >>>>>>>>>> using VNI >>>>>>>>>> > 0 was >>>>>>>>>> > > changed from >>>>>>>>>> > > > > mandatory to one >>>>>>>>>> > > > > > of the options >>>>>>>>>> an >>>>>>>>>> > > implementation may >>>>>>>>>> > > > offer to >>>>>>>>>> > > > > an operator. >>>>>>>>>> > > > > > The most recent >>>>>>>>>> > discussion was >>>>>>>>>> > > whether >>>>>>>>>> > > > VTEP's >>>>>>>>>> > > > > MAC address >>>>>>>>>> > > > > > might be used >>>>>>>>>> as the >>>>>>>>>> > > destination MAC >>>>>>>>>> > > > address >>>>>>>>>> > > > > in the inner >>>>>>>>>> > > > > > Ethernet frame. >>>>>>>>>> As I >>>>>>>>>> > recall it, the >>>>>>>>>> > > > comments >>>>>>>>>> > > > > from VXLAN >>>>>>>>>> > > > > > experts equally >>>>>>>>>> split >>>>>>>>>> > with one >>>>>>>>>> > > for it >>>>>>>>>> > > > and one >>>>>>>>>> > > > > against. Hence >>>>>>>>>> > > > > > I would like to >>>>>>>>>> propose >>>>>>>>>> > a new >>>>>>>>>> > > text to >>>>>>>>>> > > > resolve >>>>>>>>>> > > > > the issue. The >>>>>>>>>> > > > > > idea is to let >>>>>>>>>> an >>>>>>>>>> > operator select >>>>>>>>>> > > > Management >>>>>>>>>> > > > > VNI and use >>>>>>>>>> > > > > > that VNI in >>>>>>>>>> VXLAN >>>>>>>>>> > encapsulation >>>>>>>>>> > > of BFD >>>>>>>>>> > > > > Control packets: >>>>>>>>>> > > > > > NEW TEXT: >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > An operator >>>>>>>>>> MUST >>>>>>>>>> > select a VNI >>>>>>>>>> > > > number to >>>>>>>>>> > > > > be used as >>>>>>>>>> > > > > > Management >>>>>>>>>> VNI. VXLAN >>>>>>>>>> > > packet for >>>>>>>>>> > > > > Management VNI MUST NOT >>>>>>>>>> > > > > > be sent to >>>>>>>>>> a tenant. VNI >>>>>>>>>> > > number 1 is >>>>>>>>>> > > > > RECOMMENDED as the >>>>>>>>>> > > > > > default for >>>>>>>>>> > Management VNI. >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > With that new >>>>>>>>>> text, what >>>>>>>>>> > can be the >>>>>>>>>> > > > value of >>>>>>>>>> > > > > the destination >>>>>>>>>> > > > > > MAC in the >>>>>>>>>> inner Ethernet? I >>>>>>>>>> > > tend to >>>>>>>>>> > > > believe >>>>>>>>>> > > > > that it can be >>>>>>>>>> > > > > > anything and >>>>>>>>>> ignored by the >>>>>>>>>> > > reciever VTEP. >>>>>>>>>> > > > > Also, if the >>>>>>>>>> > > > > > trapping is >>>>>>>>>> based on VNI >>>>>>>>>> > > number, the >>>>>>>>>> > > > > destination IP address >>>>>>>>>> > > > > > of the inner IP >>>>>>>>>> packet >>>>>>>>>> > can from >>>>>>>>>> > > the range >>>>>>>>>> > > > > 127/8 for IPv4, >>>>>>>>>> > > > > > and for IPv6 >>>>>>>>>> from the range >>>>>>>>>> > > > > 0:0:0:0:0:FFFF:7F00:0/104. And >>>>>>>>>> > > > > > lastly, the TTL >>>>>>>>>> to be >>>>>>>>>> > set to 1 (no >>>>>>>>>> > > > change here). >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Much appreciate >>>>>>>>>> your >>>>>>>>>> > comments, >>>>>>>>>> > > > questions, and >>>>>>>>>> > > > > suggestions. >>>>>>>>>> > > > > > >>>>>>>>>> > > > > > Best regards, >>>>>>>>>> > > > > > Greg >>>>>>>>>> > > > > > >>>>>>>>>> > > > > >>>>>>>>>> > > > >>>>>>>>>> > > >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>
- BFD over VXLAN: Trapping BFD Control packet at VT… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Dinesh Dutt
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… T. Sridhar
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: BFD over VXLAN: Trapping BFD Control packet a… Greg Mirsky
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re:BFD over VXLAN: Trapping BFD Control packet at… xiao.min2
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: BFD over VXLAN: Trapping BFD Control packet a… Santosh P K
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:BFD over VXLAN: Trapping BFD Control packet at… xiao.min2
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: BFD over VXLAN: Trapping BFD Control packet a… Jeffrey Haas
- Re: BFD over VXLAN: Trapping BFD Control packet a… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- RE: [nvo3] BFD over VXLAN: Trapping BFD Control p… John E Drake
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel Halpern Direct
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re:[nvo3] BFD over VXLAN: Trapping BFD Control pa… xiao.min2
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Jeffrey Haas
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Jeffrey Haas
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Dinesh Dutt
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Jeffrey Haas
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Selvakumar Sivaraj
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Jeffrey Haas
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Selvakumar Sivaraj
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Jeffrey Haas
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Anoop Ghanwani
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Joel M. Halpern
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Greg Mirsky
- Re: [nvo3] BFD over VXLAN: Trapping BFD Control p… Santosh P K