Re: Opsdir last call review of draft-ietf-bfd-vxlan-07

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Wed, 05 June 2019 09:40 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DB1A12063C; Wed, 5 Jun 2019 02:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yYrSq7Llh5Nn; Wed, 5 Jun 2019 02:40:38 -0700 (PDT)
Received: from atlas5.jacobs-university.de (atlas5.jacobs-university.de [212.201.44.20]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 419E4120105; Wed, 5 Jun 2019 02:40:38 -0700 (PDT)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by atlas5.jacobs-university.de (Postfix) with ESMTP id E7D3765C; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from atlas5.jacobs-university.de ([10.70.0.198]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10032) with ESMTP id oG71iHoSDlUG; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by atlas5.jacobs-university.de (Postfix) with ESMTPS; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
Received: from localhost (demetrius5.irc-it.jacobs-university.de [10.70.0.222]) by hermes.jacobs-university.de (Postfix) with ESMTP id CCB2120129; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius5.jacobs-university.de [10.70.0.222]) (amavisd-new, port 10028) with ESMTP id ZRuXq7jwyAG6; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
Received: from exchange.jacobs-university.de (SXCHMB02.jacobs.jacobs-university.de [10.70.0.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "exchange.jacobs-university.de", Issuer "DFN-Verein Global Issuing CA" (verified OK)) by hermes.jacobs-university.de (Postfix) with ESMTPS id 5520720128; Wed, 5 Jun 2019 11:40:35 +0200 (CEST)
Received: from anna.localdomain (10.50.218.117) by sxchmb03.jacobs.jacobs-university.de (10.70.0.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Wed, 5 Jun 2019 11:40:34 +0200
Received: by anna.localdomain (Postfix, from userid 501) id 719FA3009DB2C0; Wed, 5 Jun 2019 11:40:33 +0200 (CEST)
Date: Wed, 5 Jun 2019 11:40:33 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: Greg Mirsky <gregimirsky@gmail.com>
CC: <ops-dir@ietf.org>, rtg-bfd WG <rtg-bfd@ietf.org>, <draft-ietf-bfd-vxlan.all@ietf.org>, IETF list <ietf@ietf.org>
Subject: Re: Opsdir last call review of draft-ietf-bfd-vxlan-07
Message-ID: <20190605094033.g25ailxjsrhmy4i7@anna.jacobs.jacobs-university.de>
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
Mail-Followup-To: Greg Mirsky <gregimirsky@gmail.com>, ops-dir@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>, draft-ietf-bfd-vxlan.all@ietf.org, IETF list <ietf@ietf.org>
References: <155842371303.2459.12357511675299405749@ietfa.amsl.com> <CA+RyBmXL7AOv5pJpsOzLZ-_G9TUSO579sf_DqxXgiR8yWJhV_Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
In-Reply-To: <CA+RyBmXL7AOv5pJpsOzLZ-_G9TUSO579sf_DqxXgiR8yWJhV_Q@mail.gmail.com>
User-Agent: NeoMutt/20180716
X-ClientProxiedBy: SXCHMB04.jacobs.jacobs-university.de (10.70.0.156) To sxchmb03.jacobs.jacobs-university.de (10.70.0.155)
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/hKCs4QhQvl7ESgKl8g-Gyokjk50>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2019 09:40:42 -0000

On Tue, Jun 04, 2019 at 01:40:13PM -0700, Greg Mirsky wrote:
> Hi Jurgen,
> thank you for your review, detailed and precise questions. Please find my
> answers in-line and tagged GIM>>.
> 
> Regards,
> Greg
> 
> On Tue, May 21, 2019 at 12:28 AM Jürgen Schönwälder via Datatracker <
> noreply@ietf.org>; wrote:
> 
> > Reviewer: Jürgen Schönwälder
> > Review result: Has Issues
> >
> > I only have a very limited understanding of VXLAN ands BFD technology.
> > Hence, some of my question may look odd to the insiders.
> >
> > - RFC 7348 defining VXLAN is informational, why would BFD for VXLAN be
> >   standards track?
> >
> GIM>> That has been somewhat of the way to bring the de-facto standard into
> the IETF standardization process.

I leave this to the IESG.
 
> - Section 2.1 "Terminology" expands acronyms but it does say where
> >   these "terms" are actually defined. Some pointers to the relevant
> >   RFCs may be useful.
> >
> GIM>> That might be useful, thank you. But, AFAIK, at IETF that is not the
> traditional format (though I know that other SDOs refer to the source of
> the definition used in the document.)

Perhaps conventions different between different parts of the IETF, as
a review, I find it helpful to know where things are actually defined
(and I assume the same is true for implementors).

> > - I am not familiar with VXLAN but I wonder how the endpoints
> >   addresses are obtained in practice. This BFD document says for
> >   example "The details of how the MAC address of the destination VTEP
> >   is obtained are outside the scope of this document." Well, OK, but
> >   how does this work? Is there a document where this is explained?
> >   Well, I am actually less concerned about how the inner address is
> >   obtained, I think I am more urgently missing how the VTEP determines
> >   the remote tunnel endpoint address.
> >
> GIM>> One of the ways could be through exchange of the BFD packets when the
> DA MAC is the dedicated MAC. More on that below.
> 
> >
> > - Why do you need a special MAC address? The text says I can use this
> >   address or the address of the destination VTEP but there is no
> >   reasoning when to use what or why a dedicated address is needed.
> >
> GIM> Would the following text added at the end of Section 4.1 address your
> question:
> NEW TEXT:
> The use of the dedicated MAC allows starting BFD session before
>  learning the MAC address of the remote VTEP. As a result, after the
>  BFD session has reached the Up state the operational state of the
>  VXLAN tunnel to may be set to Up.

Not sure I managed to parse the second sentence. So is the idea that
the dedicated MAC address is only do be used until the MAC address has
been discovered? But yes, any text that helps readers to understand
this is appreciated.

> > - What is a 'reasonable upper bound' on the number of BFD sessions
> >   that can be created between the same pair of VTEPs? 1? 2? 8? 64?
> >   256? 4096? How does the choice of this upper bound impact security?
> >
> GIM>> I agree, that is too vague. Would changing the  text to recommend
> that the control mechanism be provided if multiple BFD sessions between the
> same piar of VTEP allowed:
> OLD TEXT:
>    The implementation SHOULD have a reasonable upper bound on the number
>    of BFD sessions that can be created between the same pair of VTEPs.
> NEW TEXT:
>    If the implementation supports establishing multiple BFD sessions
>    between the same pair of VTEPs, there SHOULD be a mechanism to control
>    the maximum number of such session that can be active at the same
>    time.

Works for me. I read this as "the maximum number of such session
should be configurable", which is great advice for implementors.

> > - Which BFD mode is assumed to be used, asynchronous or demand? Or
> >   does this not matter for this usage of BFD, i.e., both work just
> >   fine and will be interoperable?
> >
> GIM>> For p2p VXLAN tunnel, the Asynchronous mode of BFD is recommended:
> The asynchronous mode of BFD, as defined in [RFC5880],
>    can be used to monitor a p2p VXLAN tunnel.
> The Demand mode is used in RFC 8293 that is recommended if the Multicast
> Service Node resides behind the NVE:
>    In the case where a Multicast Service Node (MSN) (as described in
>    Section 3.3 of [RFC8293]) resides behind an NVE, the mechanisms
>    described in this document apply and can, therefore, be used to test
>    the connectivity from the source NVE to the MSN.

Perhaps say more explicitely that in the Multicast Service Node case,
demand mode of BFD is used?
 
> >
> > - Why is echo BFD outside the scope of this document? Can I just turn
> >   on echo mode or will extra specifications be needed?
> >
> GIM>> The BFD Echo mode is underspecified in RFC 5880. To achieve
> interoperability we need to standardize it first.

OK

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1 | 28759 Bremen | Germany
Fax:   +49 421 200 3103         <https://www.jacobs-university.de/>