draft-ietf-bfd-vxlan-02.txt   draft-ietf-bfd-vxlan-03.txt 
Internet Engineering Task Force S. Pallagatti, Ed. Internet Engineering Task Force S. Pallagatti, Ed.
Internet-Draft Rtbrick Internet-Draft Rtbrick
Intended status: Standards Track S. Paragiri Intended status: Standards Track S. Paragiri
Expires: February 18, 2019 Juniper Networks Expires: April 11, 2019 Juniper Networks
V. Govindan V. Govindan
M. Mudigonda M. Mudigonda
Cisco Cisco
G. Mirsky G. Mirsky
ZTE Corp. ZTE Corp.
August 17, 2018 October 8, 2018
BFD for VXLAN BFD for VXLAN
draft-ietf-bfd-vxlan-02 draft-ietf-bfd-vxlan-03
Abstract Abstract
This document describes the use of the Bidirectional Forwarding This document describes the use of the Bidirectional Forwarding
Detection (BFD) protocol in Virtual eXtensible Local Area Network Detection (BFD) protocol in Virtual eXtensible Local Area Network
(VXLAN) overlay networks. (VXLAN) overlay networks.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 18, 2019. This Internet-Draft will expire on April 11, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 7, line 37 skipping to change at page 7, line 37
The fields of the UDP header and the BFD control packet are The fields of the UDP header and the BFD control packet are
encoded as specified in [RFC5881] for p2p VXLAN tunnels. encoded as specified in [RFC5881] for p2p VXLAN tunnels.
6. Reception of BFD packet from VXLAN Tunnel 6. Reception of BFD packet from VXLAN Tunnel
Once a packet is received, VTEP MUST validate the packet as described Once a packet is received, VTEP MUST validate the packet as described
in Section 4.1 of [RFC7348]. If the Destination MAC of the inner MAC in Section 4.1 of [RFC7348]. If the Destination MAC of the inner MAC
frame matches the dedicated MAC or the MAC address of the VTEP the frame matches the dedicated MAC or the MAC address of the VTEP the
packet MUST be processed further. packet MUST be processed further.
The UDP destination port and the TTL of the inner Ethernet frame MUST The UDP destination port and the TTL of the inner IP packet MUST be
be validated to determine if the received packet can be processed by validated to determine if the received packet can be processed by
BFD. BFD packet with inner MAC set to VTEP or dedicated MAC address BFD. BFD packet with inner MAC set to VTEP or dedicated MAC address
MUST NOT be forwarded to VMs. MUST NOT be forwarded to VMs.
To ensure BFD detects the proper configuration of VXLAN Network To ensure BFD detects the proper configuration of VXLAN Network
Identifier (VNI) in a remote VTEP, a lookup SHOULD be performed with Identifier (VNI) in a remote VTEP, a lookup SHOULD be performed with
the MAC-DA and VNI as key in the Virtual Forwarding Instance (VFI) the MAC-DA and VNI as key in the Virtual Forwarding Instance (VFI)
table of the originating/terminating VTEP to exercise the VFI table of the originating/terminating VTEP to exercise the VFI
associated with the VNI. associated with the VNI.
6.1. Demultiplexing of the BFD packet 6.1. Demultiplexing of the BFD packet
skipping to change at page 8, line 27 skipping to change at page 8, line 27
aggregate BFD sessions between VTEP's is to establish a BFD session aggregate BFD sessions between VTEP's is to establish a BFD session
with VNI 0. A VTEP MAY also use VNI 0 to establish a BFD session with VNI 0. A VTEP MAY also use VNI 0 to establish a BFD session
with a service node. with a service node.
8. Echo BFD 8. Echo BFD
Support for echo BFD is outside the scope of this document. Support for echo BFD is outside the scope of this document.
9. IANA Considerations 9. IANA Considerations
IANA has assigned TBA as a dedicated MAC address to be used as the IANA has assigned TBA as a dedicated MAC address from the IANA 8-bit
Destination MAC address of the inner Ethernet of VXLAN when carrying unicast MAC address registry to be used as the Destination MAC
BFD control packets. address of the inner Ethernet of VXLAN when carrying BFD control
packets.
10. Security Considerations 10. Security Considerations
The document recommends setting the inner IP TTL to 1 which could The document requires setting the inner IP TTL to 1 which could be
lead to a DDoS attack. Thus the implementation MUST have throttling used as a DDoS attack vector. Thus the implementation MUST have
in place. Throttling MAY be relaxed for BFD packets based on port throttling in place to control the rate of BFD control packets sent
number. to the control plane. Throttling MAY be relaxed for BFD packets
based on port number.
Other than inner IP TTL set to 1 this specification does not raise Other than inner IP TTL set to 1 this specification does not raise
any additional security issues beyond those of the specifications any additional security issues beyond those of the specifications
referred to in the list of normative references. referred to in the list of normative references.
11. Contributors 11. Contributors
Reshad Rahman Reshad Rahman
rrahman@cisco.com rrahman@cisco.com
Cisco Cisco
 End of changes. 7 change blocks. 
13 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/