IETF Logo Mail Archive

Re: [nvo3] BFD over VXLAN: Trapping BFD Control packet at VTEP

Dinesh Dutt <didutt@gmail.com> Wed, 23 October 2019 02:48 UTC

Return-Path: <didutt@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE8DB12006D; Tue, 22 Oct 2019 19:48:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.796
X-Spam-Level:
X-Spam-Status: No, score=-0.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NH5ClVmFzZgC; Tue, 22 Oct 2019 19:47:58 -0700 (PDT)
Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C8951200B1; Tue, 22 Oct 2019 19:47:58 -0700 (PDT)
Received: by mail-pf1-x433.google.com with SMTP id c184so2408881pfb.0; Tue, 22 Oct 2019 19:47:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:subject:to:cc:message-id:in-reply-to:references :mime-version; bh=kM32p0GZSMzaBgiDtQSS1LNP07LY8VbtU3prL78LsMU=; b=WER0tL64ApVedDRUdDr1C2mdZTSLVx3peQvMWrGWsoqUmutjBmj+nzUo6M0Xf/MDIZ kPEKdKC/++AUbiTGu90mvtDc5lnjK7k4i3NBbOwr1QV01u9KsF2JfdINEAeZ+ASzAutN dj5ZEA+jerhg6hJmHXxKnNJUIX5kvq0aIvQTKojqGvyF5Txng9QpOOLA/zM8PtgV6DZJ OzI3MxwBDesXS78Xr5qMNdjRQUKQY3lDVD0/QScTf6Ld9G7rBmARQCD6FaFwnJcBAwb6 OfUug8nKBlE6UhH9BrpvBtCMXb9hhjV/g3wjp4xl8nqjzul+tbf8SZaNVp2b0YeXnLrP vwlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:subject:to:cc:message-id:in-reply-to :references:mime-version; bh=kM32p0GZSMzaBgiDtQSS1LNP07LY8VbtU3prL78LsMU=; b=sP3rCP2hP6H7Hn1pTDp/7YY5TE89eeZIvIrQpj49568+fMITIiMRXppIFN2CqQTOJr KQMz6LdKSsZaq872QcQl3rJiTZmzLSGQVM67ITWNYLN1nGKaWE5cN5av0Vho7i1ZSqQD 0baUs06q378+kLqYhT9MYfDYKhTSwmImd90eTR9BurV9Wz63gpheJFnzoT8qwonYfMbU SQ4ArSqGmtNmd626KmzOxkAFQDBsrfSAl1rmgVy0Yi23S9MKnL4O9uFkjpjFtJKp4Koa tjcpCqyo3IfjE3WaJbefMjgj+kexjt4RYnXXUKtkiSc+i1whbEKE3I85+lwTZZ4VPYNv 0vCA==
X-Gm-Message-State: APjAAAWo4pftpdMQyJICFZNKExApqzMJwozKZlG+rZSybxZbDERy0xM+ LXhWwmYbaK88FyUA/w4ZFOs=
X-Google-Smtp-Source: APXvYqywSn5oYECDRAjlqDPU1Zy8Nxwh3Gs6eYuf7hb0dvpPna/zgAia6lv67JYrlTWFVXVR/XI73w==
X-Received: by 2002:a63:fa4a:: with SMTP id g10mr7046317pgk.432.1571798877869; Tue, 22 Oct 2019 19:47:57 -0700 (PDT)
Received: from [192.168.0.108] ([117.216.128.128]) by smtp.gmail.com with ESMTPSA id y126sm4946512pfg.74.2019.10.22.19.47.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 19:47:56 -0700 (PDT)
Date: Wed, 23 Oct 2019 07:47:49 +0500
From: Dinesh Dutt <didutt@gmail.com>
Subject: Re: [nvo3] BFD over VXLAN: Trapping BFD Control packet at VTEP
To: Greg Mirsky <gregimirsky@gmail.com>
Cc: Anoop Ghanwani <anoop@alumni.duke.edu>, "Joel M. Halpern" <jmh@joelhalpern.com>, Jeffrey Haas <jhaas@pfrc.org>, Santosh P K <santosh.pallagatti@gmail.com>, NVO3 <nvo3@ietf.org>, draft-ietf-bfd-vxlan@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>, "T. Sridhar" <tsridhar@vmware.com>, xiao.min2@zte.com.cn
Message-Id: <1571798869.2855.1@smtp.gmail.com>
In-Reply-To: <CA+RyBmXkyQMumeCDxM6OSzdn=DCL=aeyQ+tJmUiyEg0VZuUpRg@mail.gmail.com>
References: <CACi9rdu8PKsLW_Pq4ww5DEwLL8Bs6Hq1Je_jmAjES4LKBuE8MQ@mail.gmail.com> <201909251039413767352@zte.com.cn> <CACi9rdv-760M8WgZ1mOOOa=yoJqQFP=vdc3xJKLe7wCR18NSvA@mail.gmail.com> <20191021210752.GA8916@pfrc.org> <0e99a541-b2ca-85d4-4a8f-1165cf7ac01e@joelhalpern.com> <CA+-tSzziDc+Tk8AYfOr5-Xn6oO_uqW2C1dRA9LLOBBVmzVhWEQ@mail.gmail.com> <CA+RyBmVcBgeoGc2z5Gv0grv8OY34tyw+T-T-W2vn1O3AxCSQ9Q@mail.gmail.com> <CA+-tSzyHgspKBfLWZ3C69EBb+-k-POqJ7vG7VoN=g077+qzGBA@mail.gmail.com> <1571795542.10436.5@smtp.gmail.com> <CA+RyBmXkyQMumeCDxM6OSzdn=DCL=aeyQ+tJmUiyEg0VZuUpRg@mail.gmail.com>
X-Mailer: geary/0.12.4
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-VCz6XgBqXY+m7aiGKe4k"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/pF71GOq0zQOSD4u7kzDX0WJVKA4>
X-Mailman-Approved-At: Wed, 23 Oct 2019 11:02:10 -0700
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Oct 2019 02:48:02 -0000

Greg,

Two comments, one minor and one maybe not.

- In section 3, there's a sentence that is: "BFD packets intended for a 
Hypervisor VTEP MUST NOT..". I recommend getting rid of the word 
"Hypervisor" ashe logic applies to any VTEP.

- You already explained the precedence of the use of 127/8 address in 
the inner header in MPLS. I have no specific comments in that area. I 
have only two questions:
   - Has anybody verified that the use of 127/8 address (and the right 
MAC) works with existing implementations, including the silicon ones? 
If this doesn't work there, is it worth adding the possibilit y of 
another address, one that is owned by the VTEP node?
   - Do we know if Firewalls stop such VXLAN packets? I ask this 
because VXLAN has an IP header and I don't know if firewalls stop 
packets with 127/8 in the inner header. If not, is it worth adding a 
sentence to say that firewalls  allow such packets? The use of a 
non-127/8 address may alleviate this case as well.

The rest of the draft looks good to me,

Dinesh

On Wed, Oct 23, 2019 at 7:58 AM, Greg Mirsky <gregimirsky@gmail.com> 
wrote:
> Hi Dinesh,
> I greatly appreciate your comments. Please heave a look at the 
> attached copy of the working version and its diff to -07 (latest in 
> the datatracker).
> 
> Regards,
> Greg
> 
> On Tue, Oct 22, 2019 at 9:52 PM Dinesh Dutt <didutt@gmail.com> wrote:
>> I have the same feeling as Anoop. Greg, can you please point me to 
>> the latest draft so that I can quickly glance through it to be 
>> doubly sure,
>> 
>> Dinesh
>> 
>> On Wed, Oct 23, 2019 at 4:35 AM, Anoop Ghanwani 
>> <anoop@alumni.duke.edu> wrote:
>>> Greg,
>>> 
>>> I think the draft is fine as is.
>>> 
>>> I discussion with Xiao Min was about #3 and I see that as 
>>> unnecessary until we have a draft that explains why that is needed 
>>> in the context of the NVO3 architecture.
>>> 
>>> Anoop
>>> 
>>> On Tue, Oct 22, 2019 at 11:17 AM Greg Mirsky 
>>> <gregimirsky@gmail.com> wrote:
>>>> Hi Anoop, et al.,
>>>> I agree with your understanding of what is being defined in the 
>>>> current version of the BFD over VxLAN specification. But, as I 
>>>> understand, the WG is discussing the scope before the WGLC is 
>>>> closed. I believe there are three options:
>>>> single BFD session between two VTEPs
>>>> single BFD session per VNI between two VTEPs
>>>> multiple BFD sessions per VNI between two VTEPs
>>>> The current text reflects #2. Is WG accepts this scope? If not, 
>>>> which option WG would accept?
>>>> 
>>>> Regards,
>>>> Greg
>>>> 
>>>> On Tue, Oct 22, 2019 at 2:09 PM Anoop Ghanwani 
>>>> <anoop@alumni.duke.edu> wrote:
>>>>> I concur with Joel's assessment with the following clarifications.
>>>>> 
>>>>> The current document is already capable of monitoring multiple 
>>>>> VNIs between VTEPs.
>>>>> 
>>>>> The issue under discussion was how do we use BFD to monitor 
>>>>> multiple VAPs that use the same VNI between a pair of VTEPs.  The 
>>>>> use case for this is not clear to me, as from my understanding, 
>>>>> we cannot have a situation with multiple VAPs using the same 
>>>>> VNI--there is 1:1 mapping between VAP and VNI.
>>>>> 
>>>>> Anoop
>>>>> 
>>>>> On Tue, Oct 22, 2019 at 6:06 AM Joel M. Halpern 
>>>>> <jmh@joelhalpern.com> wrote:
>>>>>>  From what I can tell, there are two separate problems.
>>>>>> The document we have is a VTEP-VTEP monitoring document.  There 
>>>>>> is no
>>>>>> need for that document to handle the multiple VNI case.
>>>>>> If folks want a protocol for doing BFD monitoring of things 
>>>>>> behind the
>>>>>> VTEPs (multiple VNIs), then do that as a separate document.   The
>>>>>> encoding will be a tenant encoding, and thus sesparate from what 
>>>>>> is
>>>>>> defined in this document.
>>>>>> 
>>>>>> Yours,
>>>>>> Joel
>>>>>> 
>>>>>> On 10/21/2019 5:07 PM, Jeffrey Haas wrote:
>>>>>> > Santosh and others,
>>>>>> >
>>>>>> > On Thu, Oct 03, 2019 at 07:50:20PM +0530, Santosh P K wrote:
>>>>>> >>     Thanks for your explanation. This helps a lot. I would 
>>>>>> wait for more
>>>>>> >> comments from others to see if this what we need in this 
>>>>>> draft to be
>>>>>> >> supported based on that we can provide appropriate sections 
>>>>>> in the draft.
>>>>>> >
>>>>>> > The threads on the list have spidered to the point where it is 
>>>>>> challenging
>>>>>> > to follow what the current status of the draft is, or should 
>>>>>> be.  :-)
>>>>>> >
>>>>>> > However, if I've followed things properly, the question below 
>>>>>> is really the
>>>>>> > hinge point on what our encapsulation for BFD over vxlan 
>>>>>> should look like.
>>>>>> > Correct?
>>>>>> >
>>>>>> > Essentially, do we or do we not require the ability to permit 
>>>>>> multiple BFD
>>>>>> > sessions between distinct VAPs?
>>>>>> >
>>>>>> > If this is so, do we have a sense as to how we should proceed?
>>>>>> >
>>>>>> > -- Jeff
>>>>>> >
>>>>>> > [context preserved below...]
>>>>>> >
>>>>>> >> Santosh P K
>>>>>> >>
>>>>>> >> On Wed, Sep 25, 2019 at 8:10 AM <xiao.min2@zte.com.cn> wrote:
>>>>>> >>
>>>>>> >>> Hi Santosh,
>>>>>> >>>
>>>>>> >>>
>>>>>> >>> With regard to the question whether we should allow multiple 
>>>>>> BFD sessions
>>>>>> >>> for the same VNI or not, IMHO we should allow it, more 
>>>>>> explanation as
>>>>>> >>> follows.
>>>>>> >>>
>>>>>> >>> Below is a figure derived from figure 2 of RFC8014 (An 
>>>>>> Architecture for
>>>>>> >>> Data-Center Network Virtualization over Layer 3 (NVO3)).
>>>>>> >>>
>>>>>> >>>                      |         Data Center Network (IP)      
>>>>>>   |
>>>>>> >>>                      |                                       
>>>>>>   |
>>>>>> >>>                      
>>>>>> +-----------------------------------------+
>>>>>> >>>                           |                           |
>>>>>> >>>                           |       Tunnel Overlay      |
>>>>>> >>>              +------------+---------+       
>>>>>> +---------+------------+
>>>>>> >>>              | +----------+-------+ |       | 
>>>>>> +-------+----------+ |
>>>>>> >>>              | |  Overlay Module  | |       | |  Overlay 
>>>>>> Module  | |
>>>>>> >>>              | +---------+--------+ |       | 
>>>>>> +---------+--------+ |
>>>>>> >>>              |           |          |       |           |    
>>>>>>       |
>>>>>> >>>       NVE1   |           |          |       |           |    
>>>>>>       | NVE2
>>>>>> >>>              |  +--------+-------+  |       |  
>>>>>> +--------+-------+  |
>>>>>> >>>              |  |VNI1 VNI2  VNI1 |  |       |  | VNI1 VNI2 
>>>>>> VNI1 |  |
>>>>>> >>>              |  +-+-----+----+---+  |       |  
>>>>>> +-+-----+-----+--+  |
>>>>>> >>>              |VAP1| VAP2|    | VAP3 |       |VAP1| VAP2|     
>>>>>> | VAP3|
>>>>>> >>>              +----+-----+----+------+       
>>>>>> +----+-----+-----+-----+
>>>>>> >>>                   |     |    |                   |     |     
>>>>>> |
>>>>>> >>>                   |     |    |                   |     |     
>>>>>> |
>>>>>> >>>                   |     |    |                   |     |     
>>>>>> |
>>>>>> >>>            
>>>>>> -------+-----+----+-------------------+-----+-----+-------
>>>>>> >>>                   |     |    |     Tenant        |     |     
>>>>>> |
>>>>>> >>>              TSI1 | TSI2|    | TSI3          TSI1| TSI2|     
>>>>>> |TSI3
>>>>>> >>>                  +---+ +---+ +---+             +---+ +---+   
>>>>>> +---+
>>>>>> >>>                  |TS1| |TS2| |TS3|             |TS4| |TS5|   
>>>>>> |TS6|
>>>>>> >>>                  +---+ +---+ +---+             +---+ +---+   
>>>>>> +---+
>>>>>> >>>
>>>>>> >>> To my understanding, the BFD sessions between NVE1 and NVE2 
>>>>>> are actually
>>>>>> >>> initiated and terminated at VAP of NVE.
>>>>>> >>>
>>>>>> >>> If the network operator want to set up one BFD session 
>>>>>> between VAP1 of
>>>>>> >>> NVE1 and VAP1of NVE2, at the same time another BFD session 
>>>>>> between VAP3 of
>>>>>> >>> NVE1 and VAP3 of NVE2, although the two BFD sessions are for 
>>>>>> the same
>>>>>> >>> VNI1, I believe it's reasonable, so that's why I think we 
>>>>>> should allow it
>>>>>> 
>>>>>> _______________________________________________
>>>>>> nvo3 mailing list
>>>>>> nvo3@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email