On 12/17/19 4:35 PM, Greg Mirsky wrote:
Hi Adam,
thank you for your review and the very clear suggestions, all is the
most helpful. I've followed your recommendations and applied changes
to the working version of the draft. Attached, please find the diff
that highlights updates. Also, please find my notes in-line tagged GIM>>.
Best regards,
Greg
On Mon, Dec 16, 2019 at 11:11 PM Adam Roach via Datatracker
<[email protected] <mailto:[email protected]>> wrote:
Adam Roach has entered the following ballot position for
draft-ietf-bfd-vxlan-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut
this
introductory paragraph, however.)
Please refer to
https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-bfd-vxlan/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thanks for the work that everyone has put into this document. I have
a couple of relatively important, related comments that should be
taken into account prior to publication.
---------------------------------------------------------------------------
§3:
> As per Section 4, the inner destination IP address SHOULD be set to
> one of the loopback addresses (127/8 range for IPv4 and
> 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6).
Please consider reformatting this IPv6 address according to the
recommendations
of RFC 5952 (paying particular attention to sections 4.2.1, 4.3,
and 5):
::ffff:127.0.0.0/104 <http://127.0.0.0/104>
It's also worth noting that, as a practical matter, modern
operating systems do
not seem to bind to anything in the IPv4-mapped range assigned to
IPv4 loopback:
Linux:
~$ ping6 ::ffff:127.0.0.1
PING ::ffff:127.0.0.1(::ffff:127.0.0.1) 56 data bytes
^C
--- ::ffff:127.0.0.1 ping statistics ---
14 packets transmitted, 0 received, 100% packet loss, time 13316ms
MacOS:
~$ ping6 ::ffff:127.0.0.1
PING6(56=40+8+8 bytes) ::ffff:127.0.0.1 --> ::ffff:127.0.0.1
ping6: sendmsg: Invalid argument
ping6: wrote ::ffff:127.0.0.1 16 chars, ret=-1
It is not clear to me whether this poses an issue for your
intended usage.
GIM>> Thank you for sharing very interesting facts on the handling of
these addresses. I don't think that implementation on the egress BFD
node would listen on the particular address, more likely it would be
on the value of the well-known UDP port. The goal of using one of the
addresses from this range is to prevent leaking packets from a broken
VXLAN tunnel (as was the original goal in RFC 4379/8029 and RFC 5884).
I'm a little unclear about the scope of leakage that is causing concern
here. If you simply want to prevent the packets from making it to an end
host, there are a lot of choices you can make that guarantee an address
that has no ultimate destination.
If the concern is, instead, that the packet might be sent to one or more
other routers when the tunnel is broken (even if it never reaches a
host), then what you're doing here is unlikely to achieve your goals. As
I attempted to highlight below, there is no reason to believe that an
IPv6 router is going to treat ::ffff:127.0.0.0/104 any differently than
any other IPv4-mapped address. Unless you're in the default-free zone,
It's either heading towards a default router or a v6/v4 gateway, and
probably won't be dropped until it reaches an ingress to the v4 network.
On the other hand, if you *are* in the DFZ, my my understanding (and I'm
not a routing person, so it's kind of a lay understanding) is that
guaranteeing a packet drop in the default-free zone simply requires that
the corresponding prefix isn't configured or announced. The IETF
protocol IP blocks I mention below have that property.
In short, I don't think your solution addresses your implied threat
model (regardless of which of the preceding two situations apply), and
at the same time is an abuse of the semantic meaning of loopback addresses.
I'm feeling like I might not understand the problem being addressed by
this approach. Perhaps if you explained the exact nature of the bad
things that might happen when a tunnel breaks and some other inner
address is used (with the assumption that such inner address would never
correspond to a real host, and would never correspond to an advertised
route, as would be true for my suggestions below), it would help.
In any case, please do not refer to ::ffff:127.0.0.0/104
<http://127.0.0.0/104> as "loopback
addresses": IPv6 has only one loopback address defined (::1). The
range
you cite is best described as "IPv4-mapped IPv4 loopback addresses."
Alternately -- and this is probably better -- use "::1/128" instead of
"::ffff:127.0.0.0/104 <http://127.0.0.0/104>" for the inner IP
header destination address.
As an aside, I share Benjamin's unease around the use of loopback
addresses
in this fashion. It may be worth noting that IETF protocols can
reserve
addresses in the 192.0.0.0/24 <http://192.0.0.0/24> and 2001::/23
blocks if necessary, and such
reserved addresses won't ever correspond to a valid destination.
(There is corresponding text in section 4 that all of the
preceding pertains
to as well)
---------------------------------------------------------------------------
§9:
> This document recommends using an address from the Internal host
> loopback addresses (127/8 range for IPv4 and
> 0:0:0:0:0:FFFF:7F00:0/104 range for IPv6) as the destination IP
> address in the inner IP header. Using such address prevents the
> forwarding of the encapsulated BFD control message by a transient
> node in case the VXLAN tunnel is broken as according to [RFC1812]:
>
> A router SHOULD NOT forward, except over a loopback
interface, any
> packet that has a destination address on network 127. A router
> MAY have a switch that allows the network manager to disable
these
> checks. If such a switch is provided, it MUST default to
> performing the checks.
In addition to the comments above about IPv6 address formatting, the
improper use of "loopback" terminology as it applies to IPv6, and
concerns about using localhost: it's worth noting that this text in
RFC 1812 refers to IPv4 routers -- RFC 8504 has no equivalent
language,
and so the use of ::ffff:127.0.0.0/104 <http://127.0.0.0/104>
implies no special router handling.
::1 *probably* does, at least as a practical matter.
GIM>> As noted above, the reason of using addresses from this range
was to prevent packets from being routed in case a tunnel is broken.
Do you think that the lack of the wording similar to RFC 1812 should
be a concern for RFC 8029 and RFC 5884 that use the same range for the
destination IP address?
