Hello Magnus,
Thanks for your review and comments. Please see below for our responses inline, enclosed within <Response> </Response>. Let us know if you are satisfied with this resolution. Regards, Ilango Ganga Geneve Editor -----Original Message----- From: nvo3 <[email protected]> On Behalf Of Magnus Westerlund via Datatracker Sent: Thursday, December 5, 2019 6:16 AM To: The IESG <[email protected]> Cc: [email protected]; [email protected]; [email protected]; [email protected] Subject: [nvo3] Magnus Westerlund's Discuss on draft-ietf-nvo3-geneve-14: (with DISCUSS) Magnus Westerlund has entered the following ballot position for draft-ietf-nvo3-geneve-14: Discuss ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I want to discuss the implications of the source port usage and if that needs a bit more consideration of failure cases and ICMP. So Section 3.3 says: Source port: A source port selected by the originating tunnel endpoint. This source port SHOULD be the same for all packets belonging to a single encapsulated flow to prevent reordering due to the use of different paths. To encourage an even distribution of flows across multiple links, the source port SHOULD be calculated using a hash of the encapsulated packet headers using, for example, a traditional 5-tuple. Since the port represents a flow identifier rather than a true UDP connection, the entire 16-bit range MAY be used to maximize entropy. I think using the different source ports to enable flow hashing is a nice idea. However, I am a bit worried over the implications of using the full 16-bit range without caveats. Specifically in cases where a network error or other failure to forward the Geneve encapsulated packet and that result in any form a return traffic towards the tunnel ingress. Such as ICMP Packet Too Big messages or Port / Host unreachable. These messages needs to be consumed by the Geneve tunneling endpoint to affect the right response to them. However, if the source port is corresponding to any port where there exist a listenser or bi-directional server on the tunnel ingress host, such as SSH, Echo etc. the ICMP messages may be consumed by the wrong entity that only filter on source port and not the destination port. I believe this issue may require at least a explicit consideration in the document. Otherwise thanks for thinking through many transport issues for tunnels. IG>> <Response> In Geneve, the source port is used to encode an entropy value and the destination port is used to identify Geneve tunnel. We will add the following text to the end of this paragraph in Section 3.3 to address your point that the generation of source port value and handling of return traffic should be managed by the tunnel end point implementation: "The generation of the UDP source port (e.g. hash value) and the handling of return traffic to appropriate entity within the end point is managed by the tunnel end point implementation. Actual mechanisms to manage this is out of scope of this document." </Response> <End of Responses> _______________________________________________ nvo3 mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
