Internet DRAFT - draft-spallagatti-bfd-vxlan
draft-spallagatti-bfd-vxlan
Internet Engineering Task Force S. Pallagatti, Ed.
Internet-Draft Independent Contributor
Intended status: Standards Track S. Paragiri
Expires: April 16, 2018 Juniper Networks
V. Govindan
M. Mudigonda
Cisco
G. Mirsky
ZTE Corp.
October 13, 2017
BFD for VXLAN
draft-spallagatti-bfd-vxlan-06
Abstract
This document describes use of Bidirectional Forwarding Detection
(BFD) protocol in Virtual eXtensible Local Area Network (VXLAN)
overlay network.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 16, 2018.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Pallagatti, et al. Expires April 16, 2018 [Page 1]
�
Internet-Draft BFD for VXLAN October 2017
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions used in this document . . . . . . . . . . . . . . 3
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3
3. Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Deployment . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. BFD Packet Transmission over VXLAN Tunnel . . . . . . . . . . 5
5.1. BFD Packet Encapsulation in VXLAN . . . . . . . . . . . . 6
6. Reception of BFD packet from VXLAN Tunnel . . . . . . . . . . 7
6.1. Demultiplexing of the BFD packet . . . . . . . . . . . . 8
7. Use of reserved VNI . . . . . . . . . . . . . . . . . . . . . 8
8. Echo BFD . . . . . . . . . . . . . . . . . . . . . . . . . . 8
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
10. Security Considerations . . . . . . . . . . . . . . . . . . . 8
11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9
13. Normative References . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction
"Virtual eXtensible Local Area Network (VXLAN)" has been described in
[RFC7348]. VXLAN provides an encapsulation scheme that allows
virtual machines (VMs) to communicate in a data center network.
VXLAN is typically deployed in data centers interconnecting
virtualized hosts, which may be spread across multiple racks. The
individual racks may be part of a different Layer 3 network or they
could be in a single Layer 2 network. The VXLAN segments/overlay
networks are overlaid on top of these Layer 2 or Layer 3 networks.
A VM can communicate with another VM only if they are on the same
VXLAN. VMs are unaware of VXLAN tunnels as VXLAN tunnel is
terminated on VXLAN Tunnel End Point (VTEP) (hypervisor/TOR). VTEPs
(hypervisor/TOR) are responsible for encapsulating and decapsulating
frames exchanged among VMs.
Since underlay is a L3 network, ability to monitor path continuity,
i.e. perform proactive continuity check (CC) for these tunnels is
important. Asynchronous mode of BFD, as defined in [RFC5880], can be
Pallagatti, et al. Expires April 16, 2018 [Page 2]
�
Internet-Draft BFD for VXLAN October 2017
used to monitor a VXLAN tunnel. Use of [I-D.ietf-bfd-multipoint] is
for future study.
Also BFD in VXLAN can be used to monitor special service nodes that
are designated to properly handle Layer 2 broadcast, unknown unicast,
and multicast traffic. Such nodes, often referred "replicators", are
usually virtual VTEPs can be monitored by physical VTEPs in order to
minimize BUM traffic directed to unavialable replicator.
This document describes use of Bidirectional Forwarding Detection
(BFD) protocol VXLAN to enable continuity monitoring between Network
Virtualization Edges (NVEs) and/or availability of a replicator
service node using BFD.
2. Conventions used in this document
2.1. Terminology
BFD - Bidirectional Forwarding Detection
CC - Continuity Check
NVE - Network Virtualization Edge
TOR - Top of Rack
VM - Virtual Machine
VTEP - VXLAN Tunnel End Point
VXLAN - Virtual eXtensible Local Area Network
2.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Use cases
Main use case of BFD for VXLAN is for continuity check of a tunnel.
By exchanging BFD control packets between VTEPs an operator exercises
the VXLAN path in both in underlay and overlay thus ensuring the
VXLAN path availability and VTEPs reachability. BFD failure
detection can be used for maintenance. There are other use cases
such as
Pallagatti, et al. Expires April 16, 2018 [Page 3]
�
Internet-Draft BFD for VXLAN October 2017
Layer 2 VMs:
Most deployments will have VMs with only L2 capabilities that
may not support L3. BFD being a L3 protocol can be used as
tunnel CC mechanism, where BFD will start and terminate at the
NVEs, e.g. VTEPs.
It is possible to aggregate the CC sessions for multiple
tenants by running a BFD session between the VTEPs over VxLAN
tunnel. In rest of this document terms NVE and VTEP are used
interchangeably.
Fault localization:
It is also possible that VMs are L3 aware and can possibly host
a BFD session. In these cases BFD sessions can be established
among VMs for CC. In addition, BFD sessions can be established
among VTEPs for tunnel CC. Having a hierarchical OAM model
helps localize faults though requires additional consideration.
Service node reachability:
Service node is responsible for sending BUM traffic. In case
of service node tunnel terminates at VTEP and it might not even
host VM. BFD session between TOR/hypervisor and service node
can be used to monitor service node reachability.
4. Deployment
Figure 1 illustrates the scenario with two servers, each of them
hosting two VMs. These servers host VTEPs that terminate two VXLAN
tunnels with VNI number 100 and 200. Separate BFD sessions can be
established between the VTEPs (IP1 and IP2) for monitoring each of
the VXLAN tunnels (VNI 100 and 200). No BFD packets, intended to
Hypervisor VTEP, should be forwarded to a VM as VM may drop BFD
packets leading to false negative. This method is applicable whether
VTEP is a virtual or physical device.
Pallagatti, et al. Expires April 16, 2018 [Page 4]
�
Internet-Draft BFD for VXLAN October 2017
+------------+-------------+
| Server 1 |
| |
| +----+----+ +----+----+ |
| |VM1-1 | |VM1-2 | |
| |VNI 100 | |VNI 200 | |
| | | | | |
| +---------+ +---------+ |
| Hypervisor VTEP (IP1) |
+--------------------------+
|
|
|
| +-------------+
| | Layer 3 |
|---| Network |
| |
+-------------+
|
|
+-----------+
|
|
+------------+-------------+
| Hypervisor VTEP (IP2) |
| +----+----+ +----+----+ |
| |VM2-1 | |VM2-2 | |
| |VNI 100 | |VNI 200 | |
| | | | | |
| +---------+ +---------+ |
| Server 2 |
+--------------------------+
Figure 1: Reference VXLAN domain
5. BFD Packet Transmission over VXLAN Tunnel
BFD packet MUST be encapsulated and sent to a remote VTEP as
explained in Section 5.1. Implementations SHOULD ensure that the BFD
packets follow the same lookup path of VXLAN packets within the
sender system.
Pallagatti, et al. Expires April 16, 2018 [Page 5]
�
Internet-Draft BFD for VXLAN October 2017
5.1. BFD Packet Encapsulation in VXLAN
VXLAN packet format has been described in Section 5 of [RFC7348].
The Outer IP/UDP and VXLAN headers MUST be encoded by the sender as
per [RFC7348].
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Outer Ethernet Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Outer IPvX Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Outer UDP Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ VXLAN Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Inner Ethernet Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Inner IPvX Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ Inner UDP Header ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ BFD Control Message ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FCS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: VXLAN Encapsulaion of BFD Control Message
Pallagatti, et al. Expires April 16, 2018 [Page 6]
�
Internet-Draft BFD for VXLAN October 2017
The BFD packet MUST be carried inside the inner MAC frame of the
VXLAN packet. The inner MAC frame carrying the BFD payload has the
following format:
Ethernet Header:
Destination MAC: This MUST be a dedicated MAC (TBA) Section 9
or the MAC address of the destination VTEP. The details of how
the MAC address of the destination VTEP is obtained are outside
the scope of this document.
Source MAC: MAC address of the originating VTEP
IP header:
Source IP: IP address of the originating VTEP.
Destination IP: IP address of the terminating VTEP.
TTL: This MUST be set to 1. This is to ensure that the BFD
packet is not routed within the L3 underlay network.
[Ed.Note]:Use of inner source and destination IP addresses
needs more discussion by the WG.
The fields of the UDP header and the BFD control packet are
encoded as specified in [RFC5881] for p2p VXLAN tunnels.
6. Reception of BFD packet from VXLAN Tunnel
Once a packet is received, VTEP MUST validate the packet as described
in Section 4.1 of [RFC7348]. If the Destination MAC of the inner MAC
frame matches the dedicated MAC or the MAC address of the VTEP the
packet MUST be processed further.
The UDP destination port and the TTL of the inner Ethernet frame MUST
be validated to determine if the received packet can be processed by
BFD. BFD packet with inner MAC set to VTEP or dedicated MAC address
MUST NOT be forwarded to VMs.
To ensure BFD detects the proper configuration of VXLAN Network
Identifier (VNI) in a remote VTEP, a lookup SHOULD be performed with
the MAC-DA and VNI as key in the Virtual Forwarding Instance (VFI)
table of the originating/ terminating VTEP in order to exercise the
VFI associated with the VNI.
Pallagatti, et al. Expires April 16, 2018 [Page 7]
�
Internet-Draft BFD for VXLAN October 2017
6.1. Demultiplexing of the BFD packet
Demultiplexing of IP BFD packet has been defined in Section 3 of
[RFC5881]. Since multiple BFD sessions may be running between two
VTEPs, there needs to be a mechanism for demultiplexing received BFD
packets to the proper session. The procedure for demultiplexing
packets with Your Discriminator equal to 0 is different from
[RFC5880]. For such packets, the BFD session MUST be identified
using the inner headers, i.e. the source IP and the destination IP
present in the IP header carried by the payload of the VXLAN
encapsulated packet. The VNI of the packet SHOULD be used to derive
interface related information for demultiplexing the packet. If BFD
packet is received with non-zero Your Discriminator then BFD session
MUST be demultiplexed only with Your Discriminator as the key.
7. Use of reserved VNI
BFD session MAY be established for the reserved VNI 0. One way to
aggregate BFD sessions between VTEP's is to establish a BFD session
with VNI 0. A VTEP MAY also use VNI 0 to establish a BFD session
with a service node.
8. Echo BFD
Support for echo BFD is outside the scope of this document.
9. IANA Considerations
IANA is requested to assign a dedicated MAC address to be used as the
Destination MAC address of the inner Ethernet which carries BFD
control packet in IP/UDP encapsulation.
10. Security Considerations
Document recommends setting of inner IP TTL to 1 which could lead to
DDoS attack, implementation MUST have throttling in place.
Throttling MAY be relaxed for BFD packets based on port number.
Other than inner IP TTL set to 1 this specification does not raise
any additional security issues beyond those of the specifications
referred to in the list of normative references.
11. Contributors
Pallagatti, et al. Expires April 16, 2018 [Page 8]
�
Internet-Draft BFD for VXLAN October 2017
Reshad Rahman
rrahman@cisco.com
Cisco
12. Acknowledgments
Authors would like to thank Jeff Hass of Juniper Networks for his
reviews and feedback on this material.
Authors would also like to thank Nobo Akiya, Marc Binderberger and
Shahram Davari for the extensive review.
13. Normative References
[I-D.ietf-bfd-multipoint]
Katz, D., Ward, D., and J. Networks, "BFD for Multipoint
Networks", draft-ietf-bfd-multipoint-10 (work in
progress), April 2017.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.
[RFC5881] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881,
DOI 10.17487/RFC5881, June 2010,
<https://www.rfc-editor.org/info/rfc5881>.
[RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
eXtensible Local Area Network (VXLAN): A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<https://www.rfc-editor.org/info/rfc7348>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Pallagatti, et al. Expires April 16, 2018 [Page 9]
�
Internet-Draft BFD for VXLAN October 2017
Authors' Addresses
Santosh Pallagatti (editor)
Independent Contributor
Email: santosh.pallagatti@gmail.com
Sudarsan Paragiri
Juniper Networks
1194 N. Mathilda Ave.
Sunnyvale, California 94089-1206
USA
Email: sparagiri@juniper.net
Vengada Prasad Govindan
Cisco
Email: venggovi@cisco.com
Mallik Mudigonda
Cisco
Email: mmudigon@cisco.com
Greg Mirsky
ZTE Corp.
Email: gregimirsky@gmail.com
Pallagatti, et al. Expires April 16, 2018 [Page 10]
