idnits 2.17.1 draft-ietf-nvo3-bfd-geneve-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (15 May 2022) is 712 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-10) exists of draft-ietf-nvo3-geneve-oam-04 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NVO3 Working Group X. Min 3 Internet-Draft ZTE Corp. 4 Intended status: Standards Track G. Mirsky 5 Expires: 16 November 2022 Ericsson 6 S. Pallagatti 7 VMware 8 J. Tantsura 9 Microsoft 10 S. Aldrin 11 Google 12 15 May 2022 14 BFD for Geneve 15 draft-ietf-nvo3-bfd-geneve-06 17 Abstract 19 This document describes the use of the Bidirectional Forwarding 20 Detection (BFD) protocol in point-to-point Generic Network 21 Virtualization Encapsulation (Geneve) tunnels used to make up an 22 overlay network. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on 16 November 2022. 41 Copyright Notice 43 Copyright (c) 2022 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 48 license-info) in effect on the date of publication of this document. 49 Please review these documents carefully, as they describe your rights 50 and restrictions with respect to this document. Code Components 51 extracted from this document must include Revised BSD License text as 52 described in Section 4.e of the Trust Legal Provisions and are 53 provided without warranty as described in the Revised BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Conventions Used in This Document . . . . . . . . . . . . . . 3 59 2.1. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 60 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 61 3. BFD Packet Transmission over Geneve Tunnel . . . . . . . . . 3 62 3.1. BFD Encapsulation With Inner Ethernet/IP/UDP Header . . . 4 63 3.2. BFD Encapsulation With Inner IP/UDP Header . . . . . . . 6 64 4. Reception of BFD packet from Geneve Tunnel . . . . . . . . . 8 65 4.1. Demultiplexing of the BFD packet . . . . . . . . . . . . 9 66 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 67 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 68 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 69 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 70 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 71 8.2. Informative References . . . . . . . . . . . . . . . . . 10 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 74 1. Introduction 76 "Generic Network Virtualization Encapsulation" (Geneve) [RFC8926] 77 provides an encapsulation scheme that allows building an overlay 78 network by decoupling the address space of the attached virtual hosts 79 from that of the network. 81 This document describes the use of Bidirectional Forwarding Detection 82 (BFD) protocol [RFC5880] to enable monitoring continuity of the path 83 between two Geneve tunnel endpoints, which may be NVE (Network 84 Virtualization Edge) or other device acting as a Geneve tunnel 85 endpoint. Specifically, the asynchronous mode of BFD, as defined in 86 [RFC5880], is used to monitor a p2p Geneve tunnel, and support for 87 BFD Echo function is outside the scope of this document. For 88 simplicity, in this document, NVE is used to represent Geneve tunnel 89 endpoint, TS (Tenant System) is used to represent the physical or 90 virtual device attached to a Geneve tunnel endpoint from the outside. 91 VAP (Virtual Access Point) is the NVE side of the interface between 92 the NVE and the TS, and a VAP is a logical network port (virtual or 93 physical) into a specific virtual network. For detailed definitions 94 and descriptions of NVE, TS and VAP, please refer to [RFC7365] and 95 [RFC8014]. 97 The use cases and the deployment of BFD for Geneve are consistent 98 with what's described in Section 1 and 3 of [RFC8971] ("Bidirectional 99 Forwarding Detection (BFD) for Virtual eXtensible Local Area Network 100 (VXLAN)"), except for the usage of Management VNI, which in the case 101 of Geneve is described in [I-D.ietf-nvo3-geneve-oam], and outside the 102 scope of this document. The major difference between Geneve and 103 VXLAN [RFC7348] is that Geneve supports multi-protocol payload and 104 variable length options. 106 2. Conventions Used in This Document 108 2.1. Abbreviations 110 BFD: Bidirectional Forwarding Detection 112 Geneve: Generic Network Virtualization Encapsulation 114 NVE: Network Virtualization Edge 116 TS: Tenant System 118 VAP: Virtual Access Point 120 VNI: Virtual Network Identifier 122 VXLAN: Virtual eXtensible Local Area Network 124 2.2. Requirements Language 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 128 "OPTIONAL" in this document are to be interpreted as described in BCP 129 14 [RFC2119] [RFC8174] when, and only when, they appear in all 130 capitals, as shown here. 132 3. BFD Packet Transmission over Geneve Tunnel 134 Concerning whether the Geneve data packets include an Ethernet frame 135 or an IP packet, this document defines two formats of BFD packet 136 encapsulation in Geneve. BFD session is originated and terminated at 137 VAP of an NVE, selection of the BFD packet encapsulation is based on 138 how the VAP encapsulates the data packets. 140 3.1. BFD Encapsulation With Inner Ethernet/IP/UDP Header 142 If the VAP that originates the BFD packets is used to encapsulate 143 Ethernet data frames, then BFD packets are encapsulated in Geneve as 144 described below. The Geneve packet formats over IPv4 and IPv6 are 145 defined in Section 3.1 and 3.2 of [RFC8926] respectively. The Outer 146 IP/UDP and Geneve headers MUST be encoded by the sender as defined in 147 [RFC8926]. Note that the outer IP header and the inner IP header may 148 not be of the same address family, in other words, outer IPv6 header 149 accompanied with inner IPv4 header and outer IPv4 header accompanied 150 with inner IPv6 header are both possible. 152 0 1 2 3 153 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 154 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 | | 156 ~ Outer Ethernet Header ~ 157 | | 158 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 159 | | 160 ~ Outer IPvX Header ~ 161 | | 162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 | | 164 ~ Outer UDP Header ~ 165 | | 166 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 167 | | 168 ~ Geneve Header ~ 169 | | 170 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 171 | | 172 ~ Inner Ethernet Header ~ 173 | | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 | | 176 ~ Inner IPvX Header ~ 177 | | 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 | | 180 ~ Inner UDP Header ~ 181 | | 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 | | 184 ~ BFD Control Packet ~ 185 | | 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 187 | Outer Ethernet FCS | 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 Figure 1: Geneve Encapsulation of BFD Control Packet With the Inner 191 Ethernet/IP/UDP Header 193 The BFD packet MUST be carried inside the inner Ethernet frame of the 194 Geneve packet. The inner Ethernet frame carrying the BFD Control 195 packet has the following format: 197 Ethernet Header: 199 - Source MAC: MAC address of a VAP of the originating NVE. 201 - Destination MAC: MAC address of a VAP of the terminating NVE. 203 IP Header: 205 - Source IP: IP address of a VAP of the originating NVE. If the 206 VAP of the originating NVE has no IP address, then the IP 207 address 0.0.0.0 for IPv4 or ::/128 for IPv6 MUST be used. 209 - Destination IP: IP address of a VAP of the terminating NVE. If 210 the VAP of the terminating NVE has no IP address, then the IP 211 address 127.0.0.1 for IPv4 or ::1/128 for IPv6 MUST be used. 213 - TTL or Hop Limit: MUST be set to 255 in accordance with 214 [RFC5881]. 216 The fields of the UDP header and the BFD Control packet are 217 encoded as specified in [RFC5881]. 219 When the BFD packets are encapsulated in Geneve in this way, the 220 Geneve header defined in [RFC8926] follows the value set below. 222 Opt Len field SHOULD be set to 0, which indicates there isn't any 223 variable length option. 225 O bit MUST be set to 1, which indicates this packet contains a 226 control message. 228 C bit MUST be set to 0, which indicates there isn't any critical 229 option. 231 Protocol Type field MUST be set to 0x6558 (Ethernet frame). 233 Virtual Network Identifier (VNI) field SHOULD be set to the VNI 234 number that the originating VAP is mapped to. 236 3.2. BFD Encapsulation With Inner IP/UDP Header 238 If the VAP that originates the BFD packets is used to encapsulate IP 239 data packets, then BFD packets are encapsulated in Geneve as 240 described below. The Geneve packet formats over IPv4 and IPv6 are 241 defined in Section 3.1 and 3.2 of [RFC8926] respectively. The Outer 242 IP/UDP and Geneve headers MUST be encoded by the sender as defined in 243 [RFC8926]. Note that the outer IP header and the inner IP header may 244 not be of the same address family, in other words, outer IPv6 header 245 accompanied with inner IPv4 header and outer IPv4 header accompanied 246 with inner IPv6 header are both possible. 248 0 1 2 3 249 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 | | 252 ~ Ethernet Header ~ 253 | | 254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 | | 256 ~ Outer IPvX Header ~ 257 | | 258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 259 | | 260 ~ Outer UDP Header ~ 261 | | 262 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 263 | | 264 ~ Geneve Header ~ 265 | | 266 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 267 | | 268 ~ Inner IPvX Header ~ 269 | | 270 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 271 | | 272 ~ Inner UDP Header ~ 273 | | 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | | 276 ~ BFD Control Packet ~ 277 | | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | FCS | 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 Figure 2: Geneve Encapsulation of BFD Control Packet With the 283 Inner IP/UDP Header 285 The BFD packet MUST be carried inside the inner IP packet of the 286 Geneve packet. The inner IP packet carrying the BFD Control packet 287 has the following format: 289 IP header: 291 - Source IP: IP address of a VAP of the originating NVE. 293 - Destination IP: IP address of a VAP of the terminating NVE. 295 - TTL or Hop Limit: MUST be set to 255 in accordance with 296 [RFC5881]. 298 The fields of the UDP header and the BFD Control packet are 299 encoded as specified in [RFC5881]. 301 When the BFD packets are encapsulated in Geneve in this way, the 302 Geneve header defined in [RFC8926] follows the value set below. 304 Opt Len field SHOULD be set to 0, which indicates there isn't any 305 variable length option. 307 O bit MUST be set to 1, which indicates this packet contains a 308 control message. 310 C bit MUST be set to 0, which indicates there isn't any critical 311 option. 313 Protocol Type field MUST be set to 0x0800 (IPv4) or 0x86DD (IPv6), 314 depending on the address family of the inner IP packet. 316 Virtual Network Identifier (VNI) field SHOULD be set to the VNI 317 number that the originating VAP is mapped to. 319 4. Reception of BFD packet from Geneve Tunnel 321 Once a packet is received, the NVE MUST validate the packet as 322 described in [RFC8926]. 324 If the Protocol Type field equals 0x6558 (Ethernet frame), and the 325 Destination MAC of the inner Ethernet frame matches the MAC 326 address of a VAP which is mapped to the same as received VNI, then 327 the Destination IP, the UDP destination port and the TTL or Hop 328 Limit of the inner IP packet MUST be validated to determine 329 whether the received packet can be processed by BFD. 331 If the Protocol Type field equals 0x0800 (IPv4) or 0x86DD (IPv6), 332 and the Destination IP of the inner IP packet matches the IP 333 address of a VAP which is mapped to the same as received VNI, then 334 the UDP destination port and the TTL or Hop Limit of the inner IP 335 packet MUST be validated to determine whether the received packet 336 can be processed by BFD. 338 4.1. Demultiplexing of the BFD packet 340 In BFD over Geneve, a BFD session is originated and terminated at 341 VAP, usually one NVE owns multiple VAPs, so multiple BFD sessions may 342 be running between two NVEs, there needs to be a mechanism for 343 demultiplexing received BFD packets to the proper session. 344 Furthermore, due to the fact that [RFC8014] allows for N-to-1 mapping 345 between VAP and VNI at one NVE, multiple BFD sessions between two 346 NVEs for the same VNI are allowed. Also note that a BFD session can 347 only be established between two VAPs that are mapped to the same VNI 348 and use the same way to encapsulate data packets. 350 If the BFD packet is received with Your Discriminator equals to 0, 351 for different BFD encapsulation, the procedure for demultiplexing the 352 received BFD packets is different. 354 When the BFD Encapsulation With Inner Ethernet/IP/UDP Header is 355 used, the BFD session MUST be identified using the VNI number, and 356 the inner Ethernet/IP/UDP Header, i.e., the source MAC, the source 357 IP, the destination MAC, the destination IP, and the source UDP 358 port number present in the inner Ethernet/IP/UDP header. 360 When the BFD Encapsulation With Inner IP/UDP Header is used, the 361 BFD session MUST be identified using the VNI number, and the inner 362 IP/UDP header, i.e., the source IP, the destination IP, and the 363 source UDP port number present in the inner IP/UDP header. 365 If the BFD packet is received with non-zero Your Discriminator, then 366 the BFD session MUST be demultiplexed only with Your Discriminator as 367 the key. 369 5. Security Considerations 371 Security issues discussed in [RFC5880], [RFC5881], and [RFC8926] 372 apply to this document. 374 This document supports establishing multiple BFD sessions between the 375 same pair of NVEs, each BFD session over a pair of VAPs residing in 376 the same pair of NVEs, there SHOULD be a mechanism to control the 377 maximum number of such sessions that can be active at the same time. 379 6. IANA Considerations 381 This document has no IANA action requested. 383 7. Acknowledgements 385 The authors would like to acknowledge Reshad Rahman, Jeffrey Haas and 386 Matthew Bocci for their guidance on this work. 388 The authors would like to acknowledge David Black for his explanation 389 on the mapping relation between VAP and VNI. 391 8. References 393 8.1. Normative References 395 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 396 Requirement Levels", BCP 14, RFC 2119, 397 DOI 10.17487/RFC2119, March 1997, 398 . 400 [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 401 (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, 402 . 404 [RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection 405 (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, 406 DOI 10.17487/RFC5881, June 2010, 407 . 409 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 410 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 411 May 2017, . 413 [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., 414 "Geneve: Generic Network Virtualization Encapsulation", 415 RFC 8926, DOI 10.17487/RFC8926, November 2020, 416 . 418 8.2. Informative References 420 [I-D.ietf-nvo3-geneve-oam] 421 Mirsky, G., Boutros, S., Black, D., and S. Pallagatti, 422 "OAM for use in GENEVE", Work in Progress, Internet-Draft, 423 draft-ietf-nvo3-geneve-oam-04, 3 May 2022, 424 . 427 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 428 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 429 eXtensible Local Area Network (VXLAN): A Framework for 430 Overlaying Virtualized Layer 2 Networks over Layer 3 431 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 432 . 434 [RFC7365] Lasserre, M., Balus, F., Morin, T., Bitar, N., and Y. 435 Rekhter, "Framework for Data Center (DC) Network 436 Virtualization", RFC 7365, DOI 10.17487/RFC7365, October 437 2014, . 439 [RFC8014] Black, D., Hudson, J., Kreeger, L., Lasserre, M., and T. 440 Narten, "An Architecture for Data-Center Network 441 Virtualization over Layer 3 (NVO3)", RFC 8014, 442 DOI 10.17487/RFC8014, December 2016, 443 . 445 [RFC8971] Pallagatti, S., Ed., Mirsky, G., Ed., Paragiri, S., 446 Govindan, V., and M. Mudigonda, "Bidirectional Forwarding 447 Detection (BFD) for Virtual eXtensible Local Area Network 448 (VXLAN)", RFC 8971, DOI 10.17487/RFC8971, December 2020, 449 . 451 Authors' Addresses 453 Xiao Min 454 ZTE Corp. 455 Nanjing 456 China 457 Phone: +86 25 88013062 458 Email: xiao.min2@zte.com.cn 460 Greg Mirsky 461 Ericsson 462 United States of America 463 Email: gregimirsky@gmail.com 465 Santosh Pallagatti 466 VMware 467 India 468 Email: santosh.pallagatti@gmail.com 469 Jeff Tantsura 470 Microsoft 471 United States of America 472 Email: jefftant.ietf@gmail.com 474 Sam Aldrin 475 Google 476 United States of America 477 Email: aldrin.ietf@gmail.com