Greg,
On Wed, Nov 20, 2019 at 10:41:46AM +0800, Greg Mirsky wrote: > Dear All, > as was decided at the meeting, an explanation of using an address from the > Internal host loopback interface address range has been added into the > Security Consideration section: > NEW TEXT: > This document recommends using an address from the Internal host > loopback addresses range as the destination IP address in the inner > IP header. Using such address prevents the forwarding of the > encapsulated BFD control message by a transient node in case the > VXLAN tunnel is broken as according to [RFC1812]: > > A router SHOULD NOT forward, except over a loopback interface, any > packet that has a destination address on network 127. A router > MAY have a switch that allows the network manager to disable these > checks. If such a switch is provided, it MUST default to > performing the checks. I think the text above is largely right. There's a slight level of ambiguity since elsewhere in the document, we don't use the RFC 4379 notation, i.e. 0:0:0:0:0:FFFF:127/104: : : loopback addresses (127/8 range for IPv4 and : 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6). I think if you explicitly call it out in the 7400 format, we may be all set. -- Jeff
