< draft-ietf-bfd-vxlan-09.txt   draft-ietf-bfd-vxlan-10.txt >
BFD S. Pallagatti, Ed. BFD S. Pallagatti, Ed.
Internet-Draft VMware Internet-Draft VMware
Intended status: Standards Track S. Paragiri Intended status: Standards Track S. Paragiri
Expires: June 1, 2020 Individual Contributor Expires: June 19, 2020 Individual Contributor
V. Govindan V. Govindan
M. Mudigonda M. Mudigonda
Cisco Cisco
G. Mirsky G. Mirsky
ZTE Corp. ZTE Corp.
November 29, 2019 December 17, 2019
BFD for VXLAN BFD for VXLAN
draft-ietf-bfd-vxlan-09 draft-ietf-bfd-vxlan-10
Abstract Abstract
This document describes the use of the Bidirectional Forwarding This document describes the use of the Bidirectional Forwarding
Detection (BFD) protocol in point-to-point Virtual eXtensible Local Detection (BFD) protocol in point-to-point Virtual eXtensible Local
Area Network (VXLAN) tunnels forming up an overlay network. Area Network (VXLAN) tunnels forming up an overlay network.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 1, 2020. This Internet-Draft will expire on June 19, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 8 skipping to change at page 3, line 8
hypervisors. However, the concepts are equally applicable to non- hypervisors. However, the concepts are equally applicable to non-
virtualized hosts attached to VTEPs in switches. virtualized hosts attached to VTEPs in switches.
In the absence of a router in the overlay, a VM can communicate with In the absence of a router in the overlay, a VM can communicate with
another VM only if they are on the same VXLAN segment. VMs are another VM only if they are on the same VXLAN segment. VMs are
unaware of VXLAN tunnels as a VXLAN tunnel is terminated on a VTEP. unaware of VXLAN tunnels as a VXLAN tunnel is terminated on a VTEP.
VTEPs are responsible for encapsulating and decapsulating frames VTEPs are responsible for encapsulating and decapsulating frames
exchanged among VMs. exchanged among VMs.
Ability to monitor path continuity, i.e., perform proactive The ability to monitor path continuity, i.e., perform proactive
continuity check (CC) for point-to-point (p2p) VXLAN tunnels, is continuity check (CC) for point-to-point (p2p) VXLAN tunnels, is
important. The asynchronous mode of BFD, as defined in [RFC5880], is important. The asynchronous mode of BFD, as defined in [RFC5880], is
used to monitor a p2p VXLAN tunnel. used to monitor a p2p VXLAN tunnel.
In the case where a Multicast Service Node (MSN) (as described in In the case where a Multicast Service Node (MSN) (as described in
Section 3.3 of [RFC8293]) resides behind a Network Virtualization Section 3.3 of [RFC8293]) resides behind a Network Virtualization
Endpoint (NVE), the mechanisms described in this document apply and Endpoint (NVE), the mechanisms described in this document apply and
can, therefore, be used to test the connectivity from the source NVE can, therefore, be used to test the connectivity from the source NVE
to the MSN. to the MSN.
skipping to change at page 5, line 11 skipping to change at page 5, line 11
+--------------------------+ +--------------------------+
Figure 1: Reference VXLAN Domain Figure 1: Reference VXLAN Domain
At the same time, a service layer BFD session may be used between the At the same time, a service layer BFD session may be used between the
tenants of VTEPs IP1 and IP2 to provide end-to-end fault management. tenants of VTEPs IP1 and IP2 to provide end-to-end fault management.
In such case, for VTEPs BFD Control packets of that session are In such case, for VTEPs BFD Control packets of that session are
indistinguishable from data packets. indistinguishable from data packets.
As per Section 4, the inner destination IP address SHOULD be set to As per Section 4, the inner destination IP address SHOULD be set to
one of the loopback addresses (127/8 range for IPv4 and one of the loopback addresses from 127/8 range for IPv4 or to one of
0:0:0:0:0:FFFF:7F00:0/104 range for IPv6). There could be a firewall IPv4-mapped IPv4 loopback addresses from ::ffff:127.0.0.0/104 range
configured on VTEP to block loopback addresses if set as the for IPv6. There could be a firewall configured on VTEP to block
destination IP in the inner IP header. It is RECOMMENDED to allow loopback addresses if set as the destination IP in the inner IP
addresses from the loopback range through a firewall only if it is header. It is RECOMMENDED to allow addresses from the loopback range
used as the destination IP address in the inner IP header, and the through a firewall only if it is used as the destination IP address
destination UDP port is set to 3784 [RFC5881]. in the inner IP header, and the destination UDP port is set to 3784
[RFC5881].
4. BFD Packet Transmission over VXLAN Tunnel 4. BFD Packet Transmission over VXLAN Tunnel
BFD packet MUST be encapsulated and sent to a remote VTEP as BFD packets MUST be encapsulated and sent to a remote VTEP as
explained in this section. Implementations SHOULD ensure that the explained in this section. Implementations SHOULD ensure that the
BFD packets follow the same lookup path as VXLAN data packets within BFD packets follow the same lookup path as VXLAN data packets within
the sender system. the sender system.
BFD packets are encapsulated in VXLAN as described below. The VXLAN BFD packets are encapsulated in VXLAN as described below. The VXLAN
packet format is defined in Section 5 of [RFC7348]. The Outer IP/UDP packet format is defined in Section 5 of [RFC7348]. The Outer IP/UDP
and VXLAN headers MUST be encoded by the sender as defined in and VXLAN headers MUST be encoded by the sender as defined in
[RFC7348]. [RFC7348].
0 1 2 3 0 1 2 3
skipping to change at page 7, line 18 skipping to change at page 7, line 18
configured, or it MAY be learned via a control plane protocol. configured, or it MAY be learned via a control plane protocol.
The details of how the MAC address is obtained are outside the The details of how the MAC address is obtained are outside the
scope of this document. scope of this document.
Source MAC: MAC address associated with the originating VTEP Source MAC: MAC address associated with the originating VTEP
IP header: IP header:
Destination IP: IP address MUST NOT be of one of tenant's IP Destination IP: IP address MUST NOT be of one of tenant's IP
addresses. The IP address SHOULD be selected from the range addresses. The IP address SHOULD be selected from the range
127/8 for IPv4, for IPv6 - from the range 127/8 for IPv4, for IPv6 - from the range ::ffff:127.0.0.0/104.
0:0:0:0:0:FFFF:7F00:0/104. Alternatively, the destination IP Alternatively, the destination IP address MAY be set to VTEP's
address MAY be set to VTEP's IP address. IP address.
Source IP: IP address of the originating VTEP. Source IP: IP address of the originating VTEP.
TTL or Hop Limit: MUST be set to 1 to ensure that the BFD TTL or Hop Limit: MUST be set to 1 to ensure that the BFD
packet is not routed within the Layer 3 underlay network. This packet is not routed within the Layer 3 underlay network. This
addresses the scenario when the inner IP destination address is addresses the scenario when the inner IP destination address is
of VXLAN gateway and there is a router in underlay which of VXLAN gateway and there is a router in underlay which
removes the VXLAN header, then it is possible to route the removes the VXLAN header, then it is possible to route the
packet as VXLAN gateway address is routable address. packet as VXLAN gateway address is routable address.
skipping to change at page 8, line 52 skipping to change at page 8, line 52
The document requires setting the inner IP TTL to 1, which could be The document requires setting the inner IP TTL to 1, which could be
used as a DDoS attack vector. Thus the implementation MUST have used as a DDoS attack vector. Thus the implementation MUST have
throttling in place to control the rate of BFD Control packets sent throttling in place to control the rate of BFD Control packets sent
to the control plane. On the other hand, over-aggressive throttling to the control plane. On the other hand, over-aggressive throttling
of BFD Control packets may become the cause of the inability to form of BFD Control packets may become the cause of the inability to form
and maintain BFD session at scale. Hence, throttling of BFD Control and maintain BFD session at scale. Hence, throttling of BFD Control
packets SHOULD be adjusted to permit BFD to work according to its packets SHOULD be adjusted to permit BFD to work according to its
procedures. procedures.
This document recommends using an address from the Internal host This document recommends using an address from the Internal host
loopback addresses (127/8 range for IPv4 and loopback addresses 127/8 range for IPv4 or an IP4-mapped IPv4
0:0:0:0:0:FFFF:7F00:0/104 range for IPv6) as the destination IP loopback address from ::ffff:127.0.0.0/104 range for IPv6 as the
address in the inner IP header. Using such address prevents the destination IP address in the inner IP header. Using such address
forwarding of the encapsulated BFD control message by a transient prevents the forwarding of the encapsulated BFD control message by a
node in case the VXLAN tunnel is broken as according to [RFC1812]: transient node in case the VXLAN tunnel is broken as according to
[RFC1812]:
A router SHOULD NOT forward, except over a loopback interface, any A router SHOULD NOT forward, except over a loopback interface, any
packet that has a destination address on network 127. A router packet that has a destination address on network 127. A router
MAY have a switch that allows the network manager to disable these MAY have a switch that allows the network manager to disable these
checks. If such a switch is provided, it MUST default to checks. If such a switch is provided, it MUST default to
performing the checks. performing the checks.
If the implementation supports establishing multiple BFD sessions If the implementation supports establishing multiple BFD sessions
between the same pair of VTEPs, there SHOULD be a mechanism to between the same pair of VTEPs, there SHOULD be a mechanism to
control the maximum number of such sessions that can be active at the control the maximum number of such sessions that can be active at the
 End of changes. 9 change blocks. 
21 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/