Re: Adam Roach's No Objection on draft-ietf-bfd-vxlan-09: (with COMMENT)
Greg Mirsky <gregimirsky@gmail.com> Tue, 17 December 2019 22:36 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78B92120047; Tue, 17 Dec 2019 14:36:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.596
X-Spam-Level:
X-Spam-Status: No, score=-0.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mAJv62Qm-uf; Tue, 17 Dec 2019 14:35:58 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6331120013; Tue, 17 Dec 2019 14:35:57 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id u17so12791087lja.4; Tue, 17 Dec 2019 14:35:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xlcYdMiEAdC/RGk/MZAYFc0i0xTLpEVk9WK0OFHN+Cw=; b=Af1EtljPVRD11zr8T3BmKZYaiG4StlCYHRwe73rIEaSzD4MVxuqFLtS50gTaUmQ7YB OlDDDmEK7JZy2kC4N250XaizppDalBMO4LMmfeOPKxdIt41wbT572p3loF4HRMN2BcSo v+Tsl0HRIDRooHs0vM50p238SLq1hG/ZWNZlz6uPeSk7zsVlgBEvYXgmRFaM9mJ71nxp IEsZAUZ6V32PPBPQaAZZluQ1M9c7ZhbA59l0GCmy8u+RT+Gn9Cm7UQI8Z1G4v1vLwysQ 7Y6NZQe7OPV3NzW/Fwtn9SLvdQ0+OV/mVBR93TSIeH2BglmvIV4cD+7y4bHOPrqRy4F9 wuJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xlcYdMiEAdC/RGk/MZAYFc0i0xTLpEVk9WK0OFHN+Cw=; b=PPd7f+ZpHAvwJBhgd6m0KRAw2Hwl2WhbXgYEEDGC38XvIciY1cLyd0C10wVuze0eVT uoAcFgQWGJ/ihGyO1fz90dHxSsg/0tyNmwwVFUHD5+q2OT8PWybzpJM1q/W8TTqNtpw2 F7t6N0IKD8YtU885wql+sZ37rxD78MvVhKZZAIQx1BEQIUEvnCPACvi7MZb1QZfX/s+s kLojtgs+9SBDBtC+ubqTr8vR8SYJqkIqkXONgl2LsnUSo+tjzz9Znlax8scDMisHUR6u O3kW5enazdN+34I5ilg9LG8VRT3SFjj/3tihfEAFE5tCFGMj5/y1rCUpRNvu0Ev8alr3 qazA==
X-Gm-Message-State: APjAAAUQtBIuHSnzeSmtmteTDUiTkQg3FExiHodmNnyddKa0Gsg0yL5H IkcfC9tjIVnG7RbTj90jpC0zB7Ov73qPINZz22o=
X-Google-Smtp-Source: APXvYqwLm7z34T6UHczxApuzzGe+Rc2NOVCOHW/tbfyT18fYjWSBkSCR69rebBBxDM3E9BDl6pxGa5ZMmsWvRUF87Fg=
X-Received: by 2002:a2e:9cd8:: with SMTP id g24mr90942ljj.243.1576622155184; Tue, 17 Dec 2019 14:35:55 -0800 (PST)
MIME-Version: 1.0
References: <157656670090.24465.17703971379844970449.idtracker@ietfa.amsl.com>
In-Reply-To: <157656670090.24465.17703971379844970449.idtracker@ietfa.amsl.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Tue, 17 Dec 2019 14:35:44 -0800
Message-ID: <CA+RyBmXq2ZmLm0CfOcykSPowQrx6TYfWNyVi9gPvXgDpnZY4Ow@mail.gmail.com>
Subject: Re: Adam Roach's No Objection on draft-ietf-bfd-vxlan-09: (with COMMENT)
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-bfd-vxlan@ietf.org, Jeffrey Haas <jhaas@pfrc.org>, bfd-chairs@ietf.org, rtg-bfd WG <rtg-bfd@ietf.org>
Content-Type: multipart/mixed; boundary="000000000000869c780599edf3e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/pa2Cppx0_LfenyyJMRP5iW7etc8>
X-Mailman-Approved-At: Wed, 18 Dec 2019 06:31:12 -0800
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Dec 2019 22:36:02 -0000
Hi Adam, thank you for your review and the very clear suggestions, all is the most helpful. I've followed your recommendations and applied changes to the working version of the draft. Attached, please find the diff that highlights updates. Also, please find my notes in-line tagged GIM>>. Best regards, Greg On Mon, Dec 16, 2019 at 11:11 PM Adam Roach via Datatracker < noreply@ietf.org> wrote: > Adam Roach has entered the following ballot position for > draft-ietf-bfd-vxlan-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for the work that everyone has put into this document. I have > a couple of relatively important, related comments that should be > taken into account prior to publication. > > --------------------------------------------------------------------------- > > §3: > > > As per Section 4, the inner destination IP address SHOULD be set to > > one of the loopback addresses (127/8 range for IPv4 and > > 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6). > > Please consider reformatting this IPv6 address according to the > recommendations > of RFC 5952 (paying particular attention to sections 4.2.1, 4.3, and 5): > > ::ffff:127.0.0.0/104 > > It's also worth noting that, as a practical matter, modern operating > systems do > not seem to bind to anything in the IPv4-mapped range assigned to IPv4 > loopback: > > Linux: > > ~$ ping6 ::ffff:127.0.0.1 > PING ::ffff:127.0.0.1(::ffff:127.0.0.1) 56 data bytes > ^C > --- ::ffff:127.0.0.1 ping statistics --- > 14 packets transmitted, 0 received, 100% packet loss, time 13316ms > > MacOS: > > ~$ ping6 ::ffff:127.0.0.1 > PING6(56=40+8+8 bytes) ::ffff:127.0.0.1 --> ::ffff:127.0.0.1 > ping6: sendmsg: Invalid argument > ping6: wrote ::ffff:127.0.0.1 16 chars, ret=-1 > > > It is not clear to me whether this poses an issue for your intended usage. > GIM>> Thank you for sharing very interesting facts on the handling of these addresses. I don't think that implementation on the egress BFD node would listen on the particular address, more likely it would be on the value of the well-known UDP port. The goal of using one of the addresses from this range is to prevent leaking packets from a broken VXLAN tunnel (as was the original goal in RFC 4379/8029 and RFC 5884). > > In any case, please do not refer to ::ffff:127.0.0.0/104 as "loopback > addresses": IPv6 has only one loopback address defined (::1). The range > you cite is best described as "IPv4-mapped IPv4 loopback addresses." > Alternately -- and this is probably better -- use "::1/128" instead of > "::ffff:127.0.0.0/104" for the inner IP header destination address. > > As an aside, I share Benjamin's unease around the use of loopback addresses > in this fashion. It may be worth noting that IETF protocols can reserve > addresses in the 192.0.0.0/24 and 2001::/23 blocks if necessary, and such > reserved addresses won't ever correspond to a valid destination. > > (There is corresponding text in section 4 that all of the preceding > pertains > to as well) > > --------------------------------------------------------------------------- > > §9: > > > This document recommends using an address from the Internal host > > loopback addresses (127/8 range for IPv4 and > > 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6) as the destination IP > > address in the inner IP header. Using such address prevents the > > forwarding of the encapsulated BFD control message by a transient > > node in case the VXLAN tunnel is broken as according to [RFC1812]: > > > > A router SHOULD NOT forward, except over a loopback interface, any > > packet that has a destination address on network 127. A router > > MAY have a switch that allows the network manager to disable these > > checks. If such a switch is provided, it MUST default to > > performing the checks. > > In addition to the comments above about IPv6 address formatting, the > improper use of "loopback" terminology as it applies to IPv6, and > concerns about using localhost: it's worth noting that this text in > RFC 1812 refers to IPv4 routers -- RFC 8504 has no equivalent language, > and so the use of ::ffff:127.0.0.0/104 implies no special router handling. > ::1 *probably* does, at least as a practical matter. > GIM>> As noted above, the reason of using addresses from this range was to prevent packets from being routed in case a tunnel is broken. Do you think that the lack of the wording similar to RFC 1812 should be a concern for RFC 8029 and RFC 5884 that use the same range for the destination IP address?
- Adam Roach's No Objection on draft-ietf-bfd-vxlan… Adam Roach via Datatracker
- Re: Adam Roach's No Objection on draft-ietf-bfd-v… Greg Mirsky
- Re: Adam Roach's No Objection on draft-ietf-bfd-v… Adam Roach
- Re: Adam Roach's No Objection on draft-ietf-bfd-v… Jeffrey Haas