Hi Jeff, thank you for your suggestion. I've updated the text and will publish the new version of the draft shortly.
Regards, Greg On Wed, Nov 27, 2019 at 12:26 PM Jeffrey Haas <[email protected]> wrote: > Greg, > > > On Wed, Nov 20, 2019 at 10:41:46AM +0800, Greg Mirsky wrote: > > Dear All, > > as was decided at the meeting, an explanation of using an address from > the > > Internal host loopback interface address range has been added into the > > Security Consideration section: > > NEW TEXT: > > This document recommends using an address from the Internal host > > loopback addresses range as the destination IP address in the inner > > IP header. Using such address prevents the forwarding of the > > encapsulated BFD control message by a transient node in case the > > VXLAN tunnel is broken as according to [RFC1812]: > > > > A router SHOULD NOT forward, except over a loopback interface, any > > packet that has a destination address on network 127. A router > > MAY have a switch that allows the network manager to disable these > > checks. If such a switch is provided, it MUST default to > > performing the checks. > > I think the text above is largely right. > > There's a slight level of ambiguity since elsewhere in the document, we > don't use the RFC 4379 notation, i.e. 0:0:0:0:0:FFFF:127/104: > > > : > : loopback addresses (127/8 range for IPv4 and > : 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6). > > I think if you explicitly call it out in the 7400 format, we may be all > set. > > -- Jeff >
