rfc9521.original   rfc9521.txt 
NVO3 Working Group X. Min Internet Engineering Task Force (IETF) X. Min
Internet-Draft ZTE Corp. Request for Comments: 9521 ZTE Corp.
Intended status: Standards Track G. Mirsky Category: Standards Track G. Mirsky
Expires: 25 February 2024 Ericsson ISSN: 2070-1721 Ericsson
S. Pallagatti S. Pallagatti
VMware VMware
J. Tantsura J. Tantsura
Nvidia Nvidia
S. Aldrin S. Aldrin
Google Google
24 August 2023 January 2024
BFD for Geneve Bidirectional Forwarding Detection (BFD) for Generic Network
draft-ietf-nvo3-bfd-geneve-13 Virtualization Encapsulation (Geneve)
Abstract Abstract
This document describes the use of the Bidirectional Forwarding This document describes the use of the Bidirectional Forwarding
Detection (BFD) protocol in point-to-point Generic Network Detection (BFD) protocol in point-to-point Generic Network
Virtualization Encapsulation (Geneve) unicast tunnels used to make up Virtualization Encapsulation (Geneve) unicast tunnels used to make up
an overlay network. an overlay network.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 25 February 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9521.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Please review these documents carefully, as they describe your rights carefully, as they describe your rights and restrictions with respect
and restrictions with respect to this document. Code Components to this document. Code Components extracted from this document must
extracted from this document must include Revised BSD License text as include Revised BSD License text as described in Section 4.e of the
described in Section 4.e of the Trust Legal Provisions and are Trust Legal Provisions and are provided without warranty as described
provided without warranty as described in the Revised BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Conventions Used in This Document . . . . . . . . . . . . . . 3 2. Conventions Used in This Document
2.1. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Abbreviations
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2.2. Requirements Language
3. BFD Packet Transmission over Geneve Tunnel . . . . . . . . . 4 3. BFD Packet Transmission over a Geneve Tunnel
4. BFD Encapsulation With Inner Ethernet/IP/UDP Header . . . . . 4 4. BFD Encapsulation with the Inner Ethernet/IP/UDP Header
4.1. Demultiplexing BFD packet when payload is Ethernet . . . 6 4.1. Demultiplexing a BFD Packet When the Payload Is Ethernet
5. BFD Encapsulation With Inner IP/UDP Header . . . . . . . . . 7 5. BFD Encapsulation with the Inner IP/UDP Header
5.1. Demultiplexing BFD packet when payload is IP . . . . . . 9 5.1. Demultiplexing a BFD Packet When the Payload Is IP
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 6. Security Considerations
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 8. References
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.1. Normative References
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 8.2. Informative References
9.2. Informative References . . . . . . . . . . . . . . . . . 11 Acknowledgements
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses
1. Introduction 1. Introduction
"Generic Network Virtualization Encapsulation" (Geneve) [RFC8926] "Geneve: Generic Network Virtualization Encapsulation" [RFC8926]
provides an encapsulation scheme that allows building an overlay provides an encapsulation scheme that allows building an overlay
network of tunnels by decoupling the address space of the attached network of tunnels by decoupling the address space of the attached
virtual hosts from that of the network. virtual hosts from that of the network.
This document describes the use of Bidirectional Forwarding Detection This document describes the use of the Bidirectional Forwarding
(BFD) protocol [RFC5880] to enable monitoring the continuity of the Detection (BFD) protocol [RFC5880] to enable monitoring the
path between two Geneve tunnel endpoints, which may be a NVE (Network continuity of the path between two Geneve tunnel endpoints, which may
Virtualization Edge) or another device acting as a Geneve tunnel be a Network Virtualization Edge (NVE) or another device acting as a
endpoint. Specifically, the asynchronous mode of BFD, as defined in Geneve tunnel endpoint. Specifically, the asynchronous mode of BFD,
[RFC5880], is used to monitor a P2P Geneve tunnel. The support for as defined in [RFC5880], is used to monitor a point-to-point (P2P)
BFD Echo function is outside the scope of this document. For Geneve tunnel. The support for the BFD Echo function is outside the
simplicity, NVE is used to represent the Geneve tunnel endpoint. TS scope of this document. For simplicity, an NVE is used to represent
(Tenant System) is used to represent the physical or virtual device the Geneve tunnel endpoint. A Tenant System (TS) is used to
attached to a Geneve tunnel endpoint from the outside. VAP (Virtual represent the physical or virtual device attached to a Geneve tunnel
Access Point) is the NVE side of the interface between the NVE and endpoint from the outside. A Virtual Access Point (VAP) is the NVE
the TS, and a VAP is a logical network port (virtual or physical) side of the interface between the NVE and the TS, and a VAP is a
into a specific virtual network. For detailed definitions and logical network port (virtual or physical) into a specific virtual
descriptions of NVE, TS and VAP, please refer to [RFC7365] and network. For detailed definitions and descriptions of NVE, TS, and
[RFC8014]. VAP, please refer to [RFC7365] and [RFC8014].
The use cases and the deployment of BFD for Geneve are mostly The use cases and the deployment of BFD for Geneve are mostly
consistent with what's described in Section 1 and 3 of [RFC8971] consistent with what's described in Sections 1 and 3 of [RFC8971].
("Bidirectional Forwarding Detection (BFD) for Virtual eXtensible One exception is the usage of the Management Virtual Network
Local Area Network (VXLAN)"). One exception is on the usage of Identifier (VNI), which is described in [GENEVE-OAM] and is outside
Management VNI, which is described in [I-D.ietf-nvo3-geneve-oam] and the scope of this document.
outside the scope of this document.
As specified in Section 4.2 of [RFC8926], Geneve MUST be used with As specified in Section 4.2 of [RFC8926], Geneve MUST be used with
congestion-controlled traffic or within a traffic-managed controlled congestion controlled traffic or within a Traffic-Managed Controlled
environment (TMCE) to avoid congestion, that requirement applies to Environment (TMCE) to avoid congestion; that requirement also applies
BFD traffic too. Specifically, considering the complexity and to BFD traffic. Specifically, considering the complexity and
immaturity of BFD congestion control mechanism, BFD for Geneve MUST immaturity of the BFD congestion control mechanism, BFD for Geneve
be used within a TMCE unless BFD is really congestion controlled. As MUST be used within a TMCE unless BFD is really congestion
an alternative to a real congestion control, an operator of a TMCE controlled. As an alternative to a real congestion control, an
deploying BFD for Geneve is required to provision the rates at which operator of a TMCE deploying BFD for Geneve is required to provision
BFD is transmitted to avoid congestion and false failure detection. the rates at which BFD is transmitted to avoid congestion and false
failure detection.
2. Conventions Used in This Document 2. Conventions Used in This Document
2.1. Abbreviations 2.1. Abbreviations
BFD: Bidirectional Forwarding Detection BFD: Bidirectional Forwarding Detection
FCS: Frame Check Sequence FCS: Frame Check Sequence
Geneve: Generic Network Virtualization Encapsulation Geneve: Generic Network Virtualization Encapsulation
NVE: Network Virtualization Edge NVE: Network Virtualization Edge
TMCE: Traffic-Managed Controlled Environment TMCE: Traffic-Managed Controlled Environment
TS: Tenant System TS: Tenant System
VAP: Virtual Access Point VAP: Virtual Access Point
VNI: Virtual Network Identifier VNI: Virtual Network Identifier
VXLAN: Virtual eXtensible Local Area Network VXLAN: Virtual eXtensible Local Area Network
2.2. Requirements Language 2.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. BFD Packet Transmission over Geneve Tunnel 3. BFD Packet Transmission over a Geneve Tunnel
Since the Geneve data packet payload may be either an Ethernet frame Since the Geneve data packet payload may be either an Ethernet frame
or an IP packet, this document defines two formats of BFD packet or an IP packet, this document defines two formats of BFD packet
encapsulation in Geneve. The BFD session is originated and encapsulation in Geneve. The BFD session is originated and
terminated at the VAP of an NVE. The selection of the BFD packet terminated at the VAP of an NVE. The selection of the BFD packet
encapsulation is based on how the VAP encapsulates the data packets. encapsulation is based on how the VAP encapsulates the data packets.
If the payload is IP, then BFD over IP is carried in the payload. If If the payload is IP, then BFD over IP is carried in the payload. If
the payload is Ethernet, then BFD over IP over Ethernet is carried in the payload is Ethernet, then BFD over IP over Ethernet is carried in
the payload, in the same manner as BFD over IP in the IP payload the payload. This occurs in the same manner as BFD over IP in the IP
case, regardless of what the Ethernet payload might normally carry. payload case, regardless of what the Ethernet payload might normally
carry.
4. BFD Encapsulation With Inner Ethernet/IP/UDP Header 4. BFD Encapsulation with the Inner Ethernet/IP/UDP Header
If the VAP that originates the BFD packets is used to encapsulate If the VAP that originates the BFD packets is used to encapsulate
Ethernet data frames, then the BFD packets are encapsulated in Geneve Ethernet data frames, then the BFD packets are encapsulated in Geneve
as described below. The Geneve packet formats over IPv4 and IPv6 are as described below. The Geneve packet formats over IPv4 and IPv6 are
defined in Section 3.1 and 3.2 of [RFC8926] respectively. The Outer defined in Sections 3.1 and 3.2 of [RFC8926], respectively. The
IP/UDP and Geneve headers are encoded by the sender as defined in outer IP/UDP and Geneve headers are encoded by the sender as defined
[RFC8926]. Note that the outer IP header and the inner IP header may in [RFC8926]. Note that the outer IP header and the inner IP header
not be of the same address family. In other words, an outer IPv6 may not be of the same address family. In other words, an outer IPv6
header accompanied by an inner IPv4 header and an outer IPv4 header header accompanied by an inner IPv4 header and an outer IPv4 header
accompanied by an inner IPv6 header are both possible. accompanied by an inner IPv6 header are both possible.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ Outer Ethernet Header ~ ~ Outer Ethernet Header ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 5, line 43 skipping to change at line 205
~ Inner UDP Header ~ ~ Inner UDP Header ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ BFD Control Packet ~ ~ BFD Control Packet ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Outer Ethernet FCS | | Outer Ethernet FCS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Geneve Encapsulation of BFD Control Packet With the Inner Figure 1: Geneve Encapsulation of a BFD Control Packet with the Inner
Ethernet/IP/UDP Header Ethernet/IP/UDP Header
The BFD packet MUST be carried inside the inner Ethernet frame of the The BFD packet MUST be carried inside the inner Ethernet frame of the
Geneve packet. The inner Ethernet frame carrying the BFD Control Geneve packet. The inner Ethernet frame carrying the BFD Control
packet has the following format: packet has the following format:
Inner Ethernet Header: Inner Ethernet Header:
Destination MAC: Media Access Control (MAC) address of a VAP of
- Destination MAC: MAC address of a VAP of the terminating NVE. the terminating NVE.
- Source MAC: MAC address of a VAP of the originating NVE.
IP Header: Source MAC: MAC address of a VAP of the originating NVE.
- Source IP: IP address of a VAP of the originating NVE. If the IP Header:
Source IP: IP address of a VAP of the originating NVE. If the
VAP of the originating NVE has no IP address, then the IP VAP of the originating NVE has no IP address, then the IP
address 0.0.0.0 for IPv4 or ::/128 for IPv6 MUST be used. address 0.0.0.0 for IPv4 or ::/128 for IPv6 MUST be used.
- Destination IP: IP address of a VAP of the terminating NVE. If Destination IP: IP address of a VAP of the terminating NVE. If
the VAP of the terminating NVE has no IP address, then the IP the VAP of the terminating NVE has no IP address, then the IP
address 127.0.0.1 for IPv4 or ::1/128 for IPv6 MUST be used. address 127.0.0.1 for IPv4 or ::1/128 for IPv6 MUST be used.
- TTL or Hop Limit: MUST be set to 255 in accordance with TTL or Hop Limit: The TTL for IPv4 or Hop Limit for IPv6 MUST be
[RFC5881] that specifies the IPv4/IPv6 single-hop BFD. set to 255 in accordance with [RFC5881], which specifies the
IPv4/IPv6 single-hop BFD.
The fields of the UDP header and the BFD Control packet are The fields of the UDP header and the BFD Control packet are
encoded as specified in [RFC5881]. encoded as specified in [RFC5881].
When the BFD packets are encapsulated in Geneve in this way, the When the BFD packets are encapsulated in Geneve in this way, the
Geneve header defined in [RFC8926] follows the value set below. Geneve header defined in [RFC8926] follows the value set below.
Opt Len field MUST be set consistent with the Geneve specification * The Opt Len field MUST be set as consistent with the Geneve
[RFC8926] depending on whether or not Geneve options are present specification ([RFC8926]) depending on whether or not Geneve
in the frame. The use of Geneve options with BFD is beyond the options are present in the frame. The use of Geneve options with
scope of this document. BFD is beyond the scope of this document.
O bit MUST be set to 1, which indicates this packet contains a * The O bit MUST be set to 1, which indicates this packet contains a
control message. control message.
C bit MUST be set to 0, which indicates there isn't any critical * The C bit MUST be set to 0, which indicates there isn't any
option. critical option.
Protocol Type field MUST be set to 0x6558 (Ethernet frame). * The Protocol Type field MUST be set to 0x6558 (Ethernet frame).
Virtual Network Identifier (VNI) field MUST be set to the VNI * The Virtual Network Identifier (VNI) field MUST be set to the VNI
number that the originating VAP is mapped to. number that the originating VAP is mapped to.
4.1. Demultiplexing BFD packet when payload is Ethernet 4.1. Demultiplexing a BFD Packet When the Payload Is Ethernet
Once a packet is received, the NVE validates the packet as described Once a packet is received, the NVE validates the packet as described
in [RFC8926]. When the payload is Ethernet, the Protocol Type field in [RFC8926]. When the payload is Ethernet, the Protocol Type field
equals 0x6558. The Destination MAC address of the inner Ethernet equals 0x6558. The destination MAC address of the inner Ethernet
frame matches the MAC address of a VAP which is mapped to the same frame matches the MAC address of a VAP, which is mapped to the same
VNI as the received VNI. Then the Destination IP, the UDP VNI as the received VNI. Then, the destination IP, the UDP
destination port and the TTL or Hop Limit of the inner IP packet MUST destination port, and the TTL or Hop Limit of the inner IP packet
be validated to determine whether the received packet can be MUST be validated to determine whether the received packet can be
processed by BFD, i.e., the three field values of the inner IP packet processed by BFD (i.e., the three field values of the inner IP packet
MUST be in compliance with what's defined in Section 4 of this MUST be in compliance with what's defined in Section 4 of this
document, as well as Section 4 of [RFC5881]. If the validation document, as well as Section 4 of [RFC5881]). If the validation
fails, the received packet MUST NOT be processed by BFD. fails, the received packet MUST NOT be processed by BFD.
In BFD over Geneve, a BFD session is originated and terminated at a In BFD over Geneve, a BFD session is originated and terminated at a
VAP. Usually one NVE owns multiple VAPs. Since multiple BFD VAP. Usually one NVE owns multiple VAPs. Since multiple BFD
sessions may be running between two NVEs, there needs to be a sessions may be running between two NVEs, there needs to be a
mechanism for demultiplexing received BFD packets to the proper mechanism for demultiplexing received BFD packets to the proper
session. Furthermore, due to the fact that [RFC8014] allows for session. Furthermore, due to the fact that [RFC8014] allows for
N-to-1 mapping between VAP and VNI at one NVE, multiple BFD sessions N-to-1 mapping between VAPs and VNIs at one NVE, multiple BFD
between two NVEs for the same VNI are allowed. Also note that a BFD sessions between two NVEs for the same VNI are allowed. Also, note
session can only be established between two VAPs that are mapped to that a BFD session can only be established between two VAPs that are
the same VNI and use the same way to encapsulate data packets. mapped to the same VNI and that use the same way to encapsulate data
packets.
If the BFD packet is received with Your Discriminator equals to 0, If the BFD packet is received with the value of the Your
then the BFD session SHOULD be identified using the VNI number and Discriminator field set to 0, then the BFD session SHOULD be
the inner Ethernet/IP header. The inner Ethernet/IP header stands identified using the VNI number and the inner Ethernet/IP header.
for the source MAC, the source IP, the destination MAC, and the The inner Ethernet/IP header stands for the source MAC, the source
destination IP. An implementation MAY use the inner UDP port source IP, the destination MAC, and the destination IP. An implementation
number to aid in demultiplexing incoming BFD Control packets. If it MAY use the inner UDP port source number to aid in demultiplexing
fails to identify the BFD session, the incoming BFD Control packets incoming BFD Control packets. If it fails to identify the BFD
MUST be dropped, and an exception event indicating the failure should session, the incoming BFD Control packets MUST be dropped, and an
be reported to the management. exception event indicating the failure should be reported to the
management.
If the BFD packet is received with non-zero Your Discriminator, then If the BFD packet is received with a non-zero Your Discriminator,
the BFD session MUST be demultiplexed only with Your Discriminator as then the BFD session MUST be demultiplexed only with the Your
the key. Discriminator as the key.
5. BFD Encapsulation With Inner IP/UDP Header 5. BFD Encapsulation with the Inner IP/UDP Header
If the VAP that originates the BFD packets is used to encapsulate IP If the VAP that originates the BFD packets is used to encapsulate IP
data packets, then the BFD packets are encapsulated in Geneve as data packets, then the BFD packets are encapsulated in Geneve as
described below. The Geneve packet formats over IPv4 and IPv6 are described below. The Geneve packet formats over IPv4 and IPv6 are
defined in Section 3.1 and 3.2 of [RFC8926] respectively. The Outer defined in Sections 3.1 and 3.2 of [RFC8926], respectively. The
IP/UDP and Geneve headers are encoded by the sender as defined in outer IP/UDP and Geneve headers are encoded by the sender as defined
[RFC8926]. Note that the outer IP header and the inner IP header may in [RFC8926]. Note that the outer IP header and the inner IP header
not be of the same address family. In other words, an outer IPv6 may not be of the same address family. In other words, an outer IPv6
header accompanied by an inner IPv4 header and an outer IPv4 header header accompanied by an inner IPv4 header and an outer IPv4 header
accompanied by an inner IPv6 header are both possible. accompanied by an inner IPv6 header are both possible.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ Ethernet Header ~ ~ Ethernet Header ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 8, line 39 skipping to change at line 339
~ Inner UDP Header ~ ~ Inner UDP Header ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
~ BFD Control Packet ~ ~ BFD Control Packet ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FCS | | FCS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Geneve Encapsulation of BFD Control Packet With the Figure 2: Geneve Encapsulation of a BFD Control Packet with the
Inner IP/UDP Header Inner IP/UDP Header
The BFD packet MUST be carried inside the inner IP packet of the The BFD packet MUST be carried inside the inner IP packet of the
Geneve packet. The inner IP packet carrying the BFD Control packet Geneve packet. The inner IP packet carrying the BFD Control packet
has the following format: has the following format:
Inner IP header: Inner IP Header:
Source IP: IP address of a VAP of the originating NVE.
- Source IP: IP address of a VAP of the originating NVE.
- Destination IP: IP address of a VAP of the terminating NVE. Destination IP: IP address of a VAP of the terminating NVE.
- TTL or Hop Limit: MUST be set to 255 in accordance with TTL or Hop Limit: The TTL for IPv4 or Hop Limit for IPv6 MUST be
[RFC5881] that specifies the IPv4/IPv6 single-hop BFD. set to 255 in accordance with [RFC5881], which specifies the
IPv4/IPv6 single-hop BFD.
The fields of the UDP header and the BFD Control packet are The fields of the UDP header and the BFD Control packet are
encoded as specified in [RFC5881]. encoded as specified in [RFC5881].
When the BFD packets are encapsulated in Geneve in this way, the When the BFD packets are encapsulated in Geneve in this way, the
Geneve header defined in [RFC8926] follows the value set below. Geneve header defined in [RFC8926] follows the value set below.
Opt Len field MUST be set consistent with the Geneve specification * The Opt Len field MUST be set as consistent with the Geneve
[RFC8926] depending on whether or not Geneve options are present specification ([RFC8926]) depending on whether or not Geneve
in the frame. The use of Geneve options with BFD is beyond the options are present in the frame. The use of Geneve options with
scope of this document. BFD is beyond the scope of this document.
O bit MUST be set to 1, which indicates this packet contains a * The O bit MUST be set to 1, which indicates this packet contains a
control message. control message.
C bit MUST be set to 0, which indicates there isn't any critical * The C bit MUST be set to 0, which indicates there isn't any
option. critical option.
Protocol Type field MUST be set to 0x0800 (IPv4) or 0x86DD (IPv6), * The Protocol Type field MUST be set to 0x0800 (IPv4) or 0x86DD
depending on the address family of the inner IP packet. (IPv6), depending on the address family of the inner IP packet.
Virtual Network Identifier (VNI) field MUST be set to the VNI * The Virtual Network Identifier (VNI) field MUST be set to the VNI
number that the originating VAP is mapped to. number that the originating VAP is mapped to.
5.1. Demultiplexing BFD packet when payload is IP 5.1. Demultiplexing a BFD Packet When the Payload Is IP
Once a packet is received, the NVE validates the packet as described Once a packet is received, the NVE validates the packet as described
in [RFC8926]. When the payload is IP, the Protocol Type field equals in [RFC8926]. When the payload is IP, the Protocol Type field equals
0x0800 or 0x86DD. The Destination IP address of the inner IP packet 0x0800 or 0x86DD. The destination IP address of the inner IP packet
matches the IP address of a VAP which is mapped to the same VNI as matches the IP address of a VAP, which is mapped to the same VNI as
the received VNI. Then the UDP destination port and the TTL or Hop the received VNI. Then, the UDP destination port and the TTL or Hop
Limit of the inner IP packet MUST be validated to determine whether Limit of the inner IP packet MUST be validated to determine whether
the received packet can be processed by BFD, i.e., the two field or not the received packet can be processed by BFD (i.e., the two
values of the inner IP packet MUST be in compliance with what's field values of the inner IP packet MUST be in compliance with what's
defined in Section 5 of this document, as well as Section 4 of defined in Section 5 of this document as well as Section 4 of
[RFC5881]. If the validation fails, the received packet MUST NOT be [RFC5881]). If the validation fails, the received packet MUST NOT be
processed by BFD. processed by BFD.
If the BFD packet is received with Your Discriminator equals to 0, If the BFD packet is received with the value of the Your
then the BFD session SHOULD be identified using the VNI number and Discriminator field set to 0, then the BFD session SHOULD be
the inner IP header. The inner IP header stands for the source IP identified using the VNI number and the inner IP header. The inner
and the destination IP. An implementation MAY use the inner UDP port IP header stands for the source IP and the destination IP. An
source number to aid in demultiplexing incoming BFD Control packets. implementation MAY use the inner UDP port source number to aid in
If it fails to identify the BFD session, the incoming BFD Control demultiplexing incoming BFD Control packets. If it fails to identify
packets MUST be dropped, and an exception event indicating the the BFD session, the incoming BFD Control packets MUST be dropped,
failure should be reported to the management. and an exception event indicating the failure should be reported to
the management.
If the BFD packet is received with non-zero Your Discriminator, then If the BFD packet is received with a non-zero Your Discriminator,
the BFD session MUST be demultiplexed only with Your Discriminator as then the BFD session MUST be demultiplexed only with the Your
the key. Discriminator as the key.
6. Security Considerations 6. Security Considerations
Security issues discussed in [RFC8926] and [RFC5880] apply to this Security issues discussed in [RFC8926] and [RFC5880] apply to this
document. Particularly, the BFD is an application that is run at the document. Particularly, the BFD is an application that is run at the
two Geneve tunnel endpoints. The IP underlay network and/or the two Geneve tunnel endpoints. The IP underlay network and/or the
Geneve option can provide security between the peers, which are Geneve option can provide security between the peers, which are
subject to the issue of overload described below. The BFD introduces subject to the issue of overload described below. The BFD introduces
no security vulnerabilities when run in this manner. Considering no security vulnerabilities when run in this manner. Considering
Geneve does not have any inherent security mechanisms, BFD Geneve does not have any inherent security mechanisms, BFD
authentication as specified in [RFC5880] is RECOMMENDED to be authentication as specified in [RFC5880] is RECOMMENDED to be
utilized. utilized.
This document supports establishing multiple BFD sessions between the This document supports establishing multiple BFD sessions between the
same pair of NVEs, each BFD session over a pair of VAPs residing in same pair of NVEs. For each BFD session over a pair of VAPs residing
the same pair of NVEs, there SHOULD be a mechanism to control the in the same pair of NVEs, there SHOULD be a mechanism to control the
maximum number of such sessions that can be active at the same time. maximum number of such sessions that can be active at the same time.
Particularly, assuming an example that each NVE of the pair of NVEs Particularly, assuming an example that each NVE of the pair of NVEs
has N VAPs using Ethernet as the payload, then there could be N has N VAPs using Ethernet as the payload, then there could be N
squared BFD sessions running between the pair of NVEs. Considering N squared BFD sessions running between the pair of NVEs. Considering N
could be a high number, the N squared BFD sessions could result in could be a high number, the N squared BFD sessions could result in
overload of the NVE. In this case, it's recommended that N BFD overload of the NVE. In this case, it's recommended that N BFD
sessions covering all N VAPs are run for the pair of NVEs. Generally sessions covering all N VAPs are run for the pair of NVEs. Generally
speaking, the number of BFD sessions is supposed to be enough as long speaking, the number of BFD sessions is supposed to be enough as long
as all VAPs of the pair of NVEs are covered. as all VAPs of the pair of NVEs are covered.
7. IANA Considerations 7. IANA Considerations
This document has no IANA action requested. This document has no IANA actions.
8. Acknowledgements
The authors would like to acknowledge Reshad Rahman, Jeffrey Haas,
and Matthew Bocci for their guidance on this work.
The authors would like to acknowledge David Black for his explanation
on the mapping relation between VAP and VNI.
The authors would like to acknowledge Stewart Bryant, Anoop Ghanwani, 8. References
Jeffrey Haas, Reshad Rahman, Matthew Bocci, Andrew Alston, Magnus
Westerlund, Paul Kyzivat, Sheng Jiang, Carl Wallace, Roman Danyliw,
John Scudder, Donald Eastlake, Eric Vyncke, Zaheduzzaman Sarker, and
Lars Eggert for their thorough review and very helpful comments.
9. References 8.1. Normative References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>. <https://www.rfc-editor.org/info/rfc5880>.
skipping to change at page 11, line 29 skipping to change at line 462
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed., [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed.,
"Geneve: Generic Network Virtualization Encapsulation", "Geneve: Generic Network Virtualization Encapsulation",
RFC 8926, DOI 10.17487/RFC8926, November 2020, RFC 8926, DOI 10.17487/RFC8926, November 2020,
<https://www.rfc-editor.org/info/rfc8926>. <https://www.rfc-editor.org/info/rfc8926>.
9.2. Informative References 8.2. Informative References
[I-D.ietf-nvo3-geneve-oam] [GENEVE-OAM]
Mirsky, G., Boutros, S., Black, D. L., and S. Pallagatti, Mirsky, G., Boutros, S., Black, D., and S. Pallagatti,
"OAM for use in GENEVE", Work in Progress, Internet-Draft, "OAM for use in GENEVE", Work in Progress, Internet-Draft,
draft-ietf-nvo3-geneve-oam-07, 27 June 2023, draft-ietf-nvo3-geneve-oam-09, 6 December 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-nvo3- <https://datatracker.ietf.org/doc/html/draft-ietf-nvo3-
geneve-oam-07>. geneve-oam-09>.
[RFC7365] Lasserre, M., Balus, F., Morin, T., Bitar, N., and Y. [RFC7365] Lasserre, M., Balus, F., Morin, T., Bitar, N., and Y.
Rekhter, "Framework for Data Center (DC) Network Rekhter, "Framework for Data Center (DC) Network
Virtualization", RFC 7365, DOI 10.17487/RFC7365, October Virtualization", RFC 7365, DOI 10.17487/RFC7365, October
2014, <https://www.rfc-editor.org/info/rfc7365>. 2014, <https://www.rfc-editor.org/info/rfc7365>.
[RFC8014] Black, D., Hudson, J., Kreeger, L., Lasserre, M., and T. [RFC8014] Black, D., Hudson, J., Kreeger, L., Lasserre, M., and T.
Narten, "An Architecture for Data-Center Network Narten, "An Architecture for Data-Center Network
Virtualization over Layer 3 (NVO3)", RFC 8014, Virtualization over Layer 3 (NVO3)", RFC 8014,
DOI 10.17487/RFC8014, December 2016, DOI 10.17487/RFC8014, December 2016,
<https://www.rfc-editor.org/info/rfc8014>. <https://www.rfc-editor.org/info/rfc8014>.
[RFC8971] Pallagatti, S., Ed., Mirsky, G., Ed., Paragiri, S., [RFC8971] Pallagatti, S., Ed., Mirsky, G., Ed., Paragiri, S.,
Govindan, V., and M. Mudigonda, "Bidirectional Forwarding Govindan, V., and M. Mudigonda, "Bidirectional Forwarding
Detection (BFD) for Virtual eXtensible Local Area Network Detection (BFD) for Virtual eXtensible Local Area Network
(VXLAN)", RFC 8971, DOI 10.17487/RFC8971, December 2020, (VXLAN)", RFC 8971, DOI 10.17487/RFC8971, December 2020,
<https://www.rfc-editor.org/info/rfc8971>. <https://www.rfc-editor.org/info/rfc8971>.
Acknowledgements
The authors would like to acknowledge Reshad Rahman, Jeffrey Haas,
and Matthew Bocci for their guidance on this work.
The authors would like to acknowledge David Black for his explanation
on the mapping relation between VAPs and VNIs.
The authors would like to acknowledge Stewart Bryant, Anoop Ghanwani,
Jeffrey Haas, Reshad Rahman, Matthew Bocci, Andrew Alston, Magnus
Westerlund, Paul Kyzivat, Sheng Jiang, Carl Wallace, Roman Danyliw,
John Scudder, Donald Eastlake 3rd, Éric Vyncke, Zaheduzzaman Sarker,
and Lars Eggert for their thorough review and very helpful comments.
Authors' Addresses Authors' Addresses
Xiao Min Xiao Min
ZTE Corp. ZTE Corp.
Nanjing Nanjing
China China
Phone: +86 18061680168 Phone: +86 18061680168
Email: xiao.min2@zte.com.cn Email: xiao.min2@zte.com.cn
Greg Mirsky Greg Mirsky
 End of changes. 69 change blocks. 
200 lines changed or deleted 202 lines changed or added

This html diff was produced by rfcdiff 1.48.