draft-ietf-nvo3-geneve-13.txt   draft-ietf-nvo3-geneve-14.txt 
Network Working Group J. Gross, Ed. Network Working Group J. Gross, Ed.
Internet-Draft Internet-Draft
Intended status: Standards Track I. Ganga, Ed. Intended status: Standards Track I. Ganga, Ed.
Expires: September 27, 2019 Intel Expires: March 15, 2020 Intel
T. Sridhar, Ed. T. Sridhar, Ed.
VMware VMware
March 26, 2019 September 12, 2019
Geneve: Generic Network Virtualization Encapsulation Geneve: Generic Network Virtualization Encapsulation
draft-ietf-nvo3-geneve-13 draft-ietf-nvo3-geneve-14
Abstract Abstract
Network virtualization involves the cooperation of devices with a Network virtualization involves the cooperation of devices with a
wide variety of capabilities such as software and hardware tunnel wide variety of capabilities such as software and hardware tunnel
endpoints, transit fabrics, and centralized control clusters. As a endpoints, transit fabrics, and centralized control clusters. As a
result of their role in tying together different elements in the result of their role in tying together different elements in the
system, the requirements on tunnels are influenced by all of these system, the requirements on tunnels are influenced by all of these
components. Flexibility is therefore the most important aspect of a components. Flexibility is therefore the most important aspect of a
tunnel protocol if it is to keep pace with the evolution of the tunnel protocol if it is to keep pace with the evolution of the
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2019. This Internet-Draft will expire on March 15, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 38 skipping to change at page 2, line 38
3.3. UDP Header . . . . . . . . . . . . . . . . . . . . . . . 12 3.3. UDP Header . . . . . . . . . . . . . . . . . . . . . . . 12
3.4. Tunnel Header Fields . . . . . . . . . . . . . . . . . . 13 3.4. Tunnel Header Fields . . . . . . . . . . . . . . . . . . 13
3.5. Tunnel Options . . . . . . . . . . . . . . . . . . . . . 14 3.5. Tunnel Options . . . . . . . . . . . . . . . . . . . . . 14
3.5.1. Options Processing . . . . . . . . . . . . . . . . . 16 3.5.1. Options Processing . . . . . . . . . . . . . . . . . 16
4. Implementation and Deployment Considerations . . . . . . . . 17 4. Implementation and Deployment Considerations . . . . . . . . 17
4.1. Applicability Statement . . . . . . . . . . . . . . . . . 17 4.1. Applicability Statement . . . . . . . . . . . . . . . . . 17
4.2. Congestion Control Functionality . . . . . . . . . . . . 18 4.2. Congestion Control Functionality . . . . . . . . . . . . 18
4.3. UDP Checksum . . . . . . . . . . . . . . . . . . . . . . 18 4.3. UDP Checksum . . . . . . . . . . . . . . . . . . . . . . 18
4.3.1. UDP Zero Checksum Handling with IPv6 . . . . . . . . 19 4.3.1. UDP Zero Checksum Handling with IPv6 . . . . . . . . 19
4.4. Encapsulation of Geneve in IP . . . . . . . . . . . . . . 20 4.4. Encapsulation of Geneve in IP . . . . . . . . . . . . . . 20
4.4.1. IP Fragmentation . . . . . . . . . . . . . . . . . . 20 4.4.1. IP Fragmentation . . . . . . . . . . . . . . . . . . 21
4.4.2. DSCP, ECN and TTL . . . . . . . . . . . . . . . . . . 21 4.4.2. DSCP, ECN and TTL . . . . . . . . . . . . . . . . . . 21
4.4.3. Broadcast and Multicast . . . . . . . . . . . . . . . 22 4.4.3. Broadcast and Multicast . . . . . . . . . . . . . . . 22
4.4.4. Unidirectional Tunnels . . . . . . . . . . . . . . . 22 4.4.4. Unidirectional Tunnels . . . . . . . . . . . . . . . 23
4.5. Constraints on Protocol Features . . . . . . . . . . . . 23 4.5. Constraints on Protocol Features . . . . . . . . . . . . 23
4.5.1. Constraints on Options . . . . . . . . . . . . . . . 23 4.5.1. Constraints on Options . . . . . . . . . . . . . . . 23
4.6. NIC Offloads . . . . . . . . . . . . . . . . . . . . . . 24 4.6. NIC Offloads . . . . . . . . . . . . . . . . . . . . . . 24
4.7. Inner VLAN Handling . . . . . . . . . . . . . . . . . . . 24 4.7. Inner VLAN Handling . . . . . . . . . . . . . . . . . . . 24
5. Interoperability Issues . . . . . . . . . . . . . . . . . . . 25 5. Interoperability Issues . . . . . . . . . . . . . . . . . . . 25
6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 6. Security Considerations . . . . . . . . . . . . . . . . . . . 25
6.1. Data Confidentiality . . . . . . . . . . . . . . . . . . 26 6.1. Data Confidentiality . . . . . . . . . . . . . . . . . . 26
6.1.1. Inter-Data Center Traffic . . . . . . . . . . . . . . 26 6.1.1. Inter-Data Center Traffic . . . . . . . . . . . . . . 26
6.2. Data Integrity . . . . . . . . . . . . . . . . . . . . . 27 6.2. Data Integrity . . . . . . . . . . . . . . . . . . . . . 27
6.3. Authentication of NVE peers . . . . . . . . . . . . . . . 27 6.3. Authentication of NVE peers . . . . . . . . . . . . . . . 27
skipping to change at page 18, line 41 skipping to change at page 18, line 41
a network that is traffic managed to avoid congestion (TMCE). An a network that is traffic managed to avoid congestion (TMCE). An
operator of a traffic managed network (TMCE) may avoid congestion by operator of a traffic managed network (TMCE) may avoid congestion by
careful provisioning of their networks, rate-limiting of user data careful provisioning of their networks, rate-limiting of user data
traffic and traffic engineering according to path capacity. traffic and traffic engineering according to path capacity.
4.3. UDP Checksum 4.3. UDP Checksum
In order to provide integrity of Geneve headers, options and payload, In order to provide integrity of Geneve headers, options and payload,
for example to avoid mis-delivery of payload to different tenant for example to avoid mis-delivery of payload to different tenant
systems in case of data corruption, outer UDP checksum SHOULD be used systems in case of data corruption, outer UDP checksum SHOULD be used
with Geneve when transported over IPv4. An operator MAY choose to with Geneve when transported over IPv4. The UDP checksum provides a
disable UDP checksum and use zero checksum if Geneve packet integrity statistical guarantee that a payload was not corrupted in transit.
is provided by other data integrity mechanisms such as IPsec or These integrity checks are not strong from a coding or cryptographic
additional checksums or if one of the conditions in Section 4.3.1 a, perspective and are not designed to detect physical-layer errors or
b, c are met. malicious modification of the datagram (see Section 3.4 of
[RFC8085]). In deployments where such a risk exists, an operator
SHOULD use additional data integrity mechanisms such as offered by
IPSec (see Section 6.2).
An operator MAY choose to disable UDP checksum and use zero checksum
if Geneve packet integrity is provided by other data integrity
mechanisms such as IPsec or additional checksums or if one of the
conditions in Section 4.3.1 a, b, c are met.
By default, UDP checksum MUST be used when Geneve is transported over By default, UDP checksum MUST be used when Geneve is transported over
IPv6. A tunnel endpoint MAY be configured for use with zero UDP IPv6. A tunnel endpoint MAY be configured for use with zero UDP
checksum if additional requirements in Section 4.3.1 are met. checksum if additional requirements in Section 4.3.1 are met.
4.3.1. UDP Zero Checksum Handling with IPv6 4.3.1. UDP Zero Checksum Handling with IPv6
When Geneve is used over IPv6, UDP checksum is used to protect IPv6 When Geneve is used over IPv6, UDP checksum is used to protect IPv6
headers, UDP headers and Geneve headers, options and payload from headers, UDP headers and Geneve headers, options and payload from
potential data corruption. As such by default Geneve MUST use UDP potential data corruption. As such by default Geneve MUST use UDP
skipping to change at page 32, line 26 skipping to change at page 32, line 26
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
10.2. Informative References 10.2. Informative References
[ETYPES] The IEEE Registration Authority, "IEEE 802 Numbers", 2013, [ETYPES] The IEEE Registration Authority, "IEEE 802 Numbers", 2013,
<http://www.iana.org/assignments/ieee-802-numbers/ <http://www.iana.org/assignments/ieee-802-numbers/ieee-
ieee-802-numbers.xml>. 802-numbers.xml>.
[I-D.ietf-intarea-tunnels] [I-D.ietf-intarea-tunnels]
Touch, J. and M. Townsley, "IP Tunnels in the Internet Touch, J. and M. Townsley, "IP Tunnels in the Internet
Architecture", draft-ietf-intarea-tunnels-09 (work in Architecture", draft-ietf-intarea-tunnels-09 (work in
progress), July 2018. progress), July 2018.
[I-D.ietf-nvo3-dataplane-requirements] [I-D.ietf-nvo3-dataplane-requirements]
Bitar, N., Lasserre, M., Balus, F., Morin, T., Jin, L., Bitar, N., Lasserre, M., Balus, F., Morin, T., Jin, L.,
and B. Khasnabish, "NVO3 Data Plane Requirements", draft- and B. Khasnabish, "NVO3 Data Plane Requirements", draft-
ietf-nvo3-dataplane-requirements-03 (work in progress), ietf-nvo3-dataplane-requirements-03 (work in progress),
 End of changes. 8 change blocks. 
13 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/