<?xml version="1.0"encoding="iso-8859-1"?> <?rfc toc="yes"?> <?rfc symrefs="yes" ?> <?rfc sortrefs="yes" ?> <?rfc compact="yes" ?> <?rfc subcompact="no" ?>encoding="UTF-8"?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std"ipr="trust200902" docName="draft-ietf-nvo3-bfd-geneve-13"consensus="true"submissionType="IETF">docName="draft-ietf-nvo3-bfd-geneve-13" number="9521" ipr="trust200902" tocInclude="true" symRefs="true" sortRefs="true" updates="" obsoletes="" xml:lang="en" version="3"> <!-- xml2rfc v2v3 conversion 3.18.0 --> <front> <title abbrev="BFD forGeneve"> BFDGeneve">Bidirectional Forwarding Detection (BFD) forGeneve </title>Generic Network Virtualization Encapsulation (Geneve)</title> <seriesInfo name="RFC" value="9521"/> <author fullname="Xiao Min" initials="X" surname="Min"> <organization>ZTE Corp.</organization> <address> <postal> <street/><!-- Reorder these if your country does things differently --><city>Nanjing</city> <region/> <code/> <country>China</country> </postal> <phone>+86 18061680168</phone> <email>xiao.min2@zte.com.cn</email><!-- uri and facsimile elements may also be added --></address> </author> <author fullname="Greg Mirsky" initials="G" surname="Mirsky"> <organization>Ericsson</organization> <address> <postal><street></street> <!-- Reorder these if your country does things differently --> <city></city> <region></region> <code></code><street/> <city/> <region/> <code/> <country>United States of America</country> </postal><phone></phone><phone/> <email>gregimirsky@gmail.com</email><!-- uri and facsimile elements may also be added --></address> </author> <author fullname="Santosh Pallagatti" initials="S" surname="Pallagatti"> <organization>VMware</organization> <address> <postal> <street/><!-- Reorder these if your country does things differently --> <city></city><city/> <region/> <code/> <country>India</country> </postal><phone></phone><phone/> <email>santosh.pallagatti@gmail.com</email><!-- uri and facsimile elements may also be added --></address> </author> <author fullname="Jeff Tantsura" initials="J" surname="Tantsura"> <organization>Nvidia</organization> <address> <postal> <street/><!-- Reorder these if your country does things differently --> <city></city><city/> <region/> <code/> <country>United States of America</country> </postal><phone></phone><phone/> <email>jefftant.ietf@gmail.com</email><!-- uri and facsimile elements may also be added --></address> </author> <author fullname="Sam Aldrin" initials="S" surname="Aldrin"> <organization>Google</organization> <address> <postal> <street/><!-- Reorder these if your country does things differently --> <city></city><city/> <region/> <code/> <country>United States of America</country> </postal><phone></phone><phone/> <email>aldrin.ietf@gmail.com</email><!-- uri and facsimile elements may also be added --></address> </author> <dateyear="2023"/> <area>Routing</area> <workgroup>NVO3 Working Group</workgroup> <keyword>Request for Comments</keyword> <keyword>RFC</keyword> <keyword>Internet Draft</keyword> <keyword>I-D</keyword>year="2024" month="January" /> <area>rtg</area> <workgroup>nvo3</workgroup> <abstract> <t> This document describes the use of the Bidirectional Forwarding Detection (BFD) protocol in point-to-point Generic Network Virtualization Encapsulation (Geneve) unicast tunnels used to make up an overlay network. </t> </abstract> </front> <middle><section title="Introduction"> <t> "Generic<section> <name>Introduction</name> <t>"Geneve: Generic Network Virtualization Encapsulation"(Geneve)<xreftarget="RFC8926"/>target="RFC8926" format="default"/> provides an encapsulation scheme that allows building an overlay network of tunnels by decoupling the address space of the attached virtual hosts from that of the network. </t> <t> This document describes the use of the Bidirectional Forwarding Detection (BFD) protocol <xref target="RFC5880"/> to enable monitoring the continuity of the path between two Geneve tunnel endpoints, which may be aNVE (NetworkNetwork VirtualizationEdge)Edge (NVE) or another device acting as a Geneve tunnel endpoint. Specifically, the asynchronous mode of BFD, as defined in <xref target="RFC5880"/>, is used to monitor aP2Ppoint-to-point (P2P) Geneve tunnel. The support for the BFD Echo function is outside the scope of this document. For simplicity, an NVE is used to represent the Geneve tunnel endpoint.TS (Tenant System)A Tenant System (TS) is used to represent the physical or virtual device attached to a Geneve tunnel endpoint from the outside.VAP (VirtualA Virtual AccessPoint)Point (VAP) is the NVE side of the interface between the NVE and the TS, and a VAP is a logical network port (virtual or physical) into a specific virtual network. For detailed definitions and descriptions of NVE,TSTS, and VAP, please refer to <xref target="RFC7365"/> and <xref target="RFC8014"/>. </t> <t> The use cases and the deployment of BFD for Geneve are mostly consistent with what's described inSection 1Sections <xref target="RFC8971" section="1" sectionFormat="bare"/> and3<xref target="RFC8971" section="3" sectionFormat="bare"/> of <xreftarget="RFC8971"/> ("Bidirectional Forwarding Detection (BFD) for Virtual eXtensible Local Area Network (VXLAN)").target="RFC8971"/>. One exception isonthe usage of the ManagementVNI,Virtual Network Identifier (VNI), which is described in <xref target="I-D.ietf-nvo3-geneve-oam"/> and is outside the scope of this document. </t> <t> As specified inSection 4.2 of<xreftarget="RFC8926"/>,target="RFC8926" sectionFormat="of" section="4.2"/>, GeneveMUST<bcp14>MUST</bcp14> be used withcongestion-controlledcongestion controlled traffic or within atraffic-managed controlled environmentTraffic-Managed Controlled Environment (TMCE) to avoidcongestion,congestion; that requirement also applies to BFDtraffic too.traffic. Specifically, considering the complexity and immaturity of the BFD congestion control mechanism, BFD for GeneveMUST<bcp14>MUST</bcp14> be used within a TMCE unless BFD is really congestion controlled. As an alternative to a real congestion control, an operator of a TMCE deploying BFD for Geneve is required to provision the rates at which BFD is transmitted to avoid congestion and false failure detection. </t> </section><section title="Conventions<section> <name>Conventions Used in ThisDocument"> <section title="Abbreviations"> <t> BFD: BidirectionalDocument</name> <section> <name>Abbreviations</name> <dl newline="false" spacing="normal"> <dt>BFD:</dt><dd>Bidirectional ForwardingDetection</t> <t> FCS: FrameDetection</dd> <dt>FCS:</dt><dd>Frame CheckSequence</t> <t> Geneve: GenericSequence</dd> <dt>Geneve:</dt><dd>Generic Network VirtualizationEncapsulation</t> <t> NVE: NetworkEncapsulation</dd> <dt>NVE:</dt><dd>Network VirtualizationEdge</t> <t> TMCE: Traffic-ManagedEdge</dd> <dt>TMCE:</dt><dd>Traffic-Managed ControlledEnvironment</t> <t> TS: Tenant System</t> <t> VAP: VirtualEnvironment</dd> <dt>TS:</dt><dd>Tenant System</dd> <dt>VAP:</dt><dd>Virtual AccessPoint</t> <t> VNI: VirtualPoint</dd> <dt>VNI:</dt><dd>Virtual NetworkIdentifier</t> <t> VXLAN: VirtualIdentifier</dd> <dt>VXLAN:</dt><dd>Virtual eXtensible Local AreaNetwork</t>Network</dd> </dl> </section><section title="Requirements Language"><section> <name>Requirements Language</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> </section><section title="BFD<section> <name>BFD Packet Transmission over a GeneveTunnel">Tunnel</name> <t> Since the Geneve data packet payload may be either an Ethernet frame or an IP packet, this document defines two formats of BFD packet encapsulation in Geneve. The BFD session is originated and terminated at the VAP of an NVE. The selection of the BFD packet encapsulation is based on how the VAP encapsulates the data packets. If the payload is IP, then BFD over IP is carried in the payload. If the payload is Ethernet, then BFD over IP over Ethernet is carried in thepayload,payload. This occurs in the same manner as BFD over IP in the IP payload case, regardless of what the Ethernet payload might normally carry.</t> </section> <sectionanchor="ethernet-ip-encaps-section" title="BFDanchor="ethernet-ip-encaps-section"> <name>BFD EncapsulationWithwith the Inner Ethernet/IP/UDPHeader">Header</name> <t> If the VAP that originates the BFD packets is used to encapsulate Ethernet data frames, then the BFD packets are encapsulated in Geneve as described below. The Geneve packet formats over IPv4 and IPv6 are defined inSection 3.1Sections <xref target="RFC8926" sectionFormat="bare" section="3.1"/> and3.2<xref target="RFC8926" sectionFormat="bare" section="3.2"/> of <xreftarget="RFC8926"/>target="RFC8926"/>, respectively. TheOuterouter IP/UDP and Geneve headers are encoded by the sender as defined in <xref target="RFC8926"/>. Note that the outer IP header and the inner IP header may not be of the same address family. In other words, an outer IPv6 header accompanied by an inner IPv4 header and an outer IPv4 header accompanied by an inner IPv6 header are both possible. </t> <figureanchor="Figure_1" title="Geneveanchor="Figure_1"> <name>Geneve Encapsulation of a BFD Control PacketWithwith the Inner Ethernet/IP/UDPHeader">Header</name> <artwork align="left"><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Outer Ethernet Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Outer IPvX Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Outer UDP Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Geneve Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Inner Ethernet Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Inner IPvX Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Inner UDP Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ BFD Control Packet ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Outer Ethernet FCS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork> </figure> <t> The BFD packetMUST<bcp14>MUST</bcp14> be carried inside the inner Ethernet frame of the Geneve packet. The inner Ethernet frame carrying the BFD Control packet has the following format:<list> <t>Inner</t> <dl newline="true" spacing="normal"> <dt>Inner EthernetHeader: <list> <t>Destination MAC: MACHeader:</dt> <dd> <dl newline="false" spacing="normal"> <dt>Destination MAC:</dt> <dd>Media Access Control (MAC) address of a VAP of the terminatingNVE.</t> <t>Source MAC: MACNVE.</dd> <dt>Source MAC:</dt> <dd>MAC address of a VAP of the originatingNVE.</t> </list> </t> <t>IP Header: <list> <t>Source IP: IPNVE.</dd> </dl> </dd> </dl> <dl newline="true" spacing="normal"> <dt>IP Header:</dt> <dd> <dl newline="false" spacing="normal"> <dt>Source IP:</dt> <dd>IP address of a VAP of the originating NVE. If the VAP of the originating NVE has no IP address, then the IP address 0.0.0.0 for IPv4 or ::/128 for IPv6MUST<bcp14>MUST</bcp14> beused.</t> <t>Destination IP: IPused.</dd> <dt>Destination IP:</dt> <dd>IP address of a VAP of the terminating NVE. If the VAP of the terminating NVE has no IP address, then the IP address 127.0.0.1 for IPv4 or ::1/128 for IPv6MUST<bcp14>MUST</bcp14> beused.</t> <t>TTLused.</dd> <dt>TTL or Hop Limit:</dt> <dd>The TTL for IPv4 or HopLimit: MUSTLimit for IPv6 <bcp14>MUST</bcp14> be set to 255 in accordance with <xreftarget="RFC5881"/> thattarget="RFC5881"/>, which specifies the IPv4/IPv6 single-hopBFD.</t> </list> </t> <t> TheBFD.</dd> </dl> <t>The fields of the UDP header and the BFD Control packet are encoded as specified in <xref target="RFC5881"/>.</t></list> </t></dd> </dl> <t> When the BFD packets are encapsulated in Geneve in this way, the Geneve header defined in <xref target="RFC8926"/> follows the value set below.</t><t> <list> <t><ul spacing="normal"> <li>The Opt Len fieldMUST<bcp14>MUST</bcp14> be set as consistent with the Geneve specification<xref target="RFC8926"/>(<xref target="RFC8926"/>) depending on whether or not Geneve options are present in the frame. The use of Geneve options with BFD is beyond the scope of thisdocument.</t> <t>document.</li> <li>The O bitMUST<bcp14>MUST</bcp14> be set to 1, which indicates this packet contains a controlmessage.</t> <t>message.</li> <li>The C bitMUST<bcp14>MUST</bcp14> be set to 0, which indicates there isn't any criticaloption.</t> <t>option.</li> <li>The Protocol Type fieldMUST<bcp14>MUST</bcp14> be set to 0x6558 (Ethernetframe).</t> <t>frame).</li> <li>The Virtual Network Identifier (VNI) fieldMUST<bcp14>MUST</bcp14> be set to the VNI number that the originating VAP is mappedto.</t> </list> </t> <section title="Demultiplexingto.</li> </ul> <section> <name>Demultiplexing a BFDpacket when payload is Ethernet">Packet When the Payload Is Ethernet</name> <t> Once a packet is received, the NVE validates the packet as described in <xref target="RFC8926"/>. When the payload is Ethernet, the Protocol Type field equals 0x6558. TheDestinationdestination MAC address of the inner Ethernet frame matches the MAC address of aVAPVAP, which is mapped to the same VNI as the received VNI.ThenThen, theDestinationdestination IP, the UDP destinationportport, and the TTL or Hop Limit of the inner IP packetMUST<bcp14>MUST</bcp14> be validated to determine whether the received packet can be processed byBFD, i.e.,BFD (i.e., the three field values of the inner IP packetMUST<bcp14>MUST</bcp14> be in compliance with what's defined inSection 4<xref target="ethernet-ip-encaps-section"/> of this document, as well asSection 4 of<xreftarget="RFC5881"/>.target="RFC5881" sectionFormat="of" section="4"/>). If the validation fails, the received packetMUST NOT<bcp14>MUST NOT</bcp14> be processed by BFD.</t> <t> In BFD over Geneve, a BFD session is originated and terminated at a VAP. Usually one NVE owns multiple VAPs. Since multiple BFD sessions may be running between two NVEs, there needs to be a mechanism for demultiplexing received BFD packets to the proper session. Furthermore, due to the fact that <xref target="RFC8014"/> allows for N-to-1 mapping betweenVAPVAPs andVNIVNIs at one NVE, multiple BFD sessions between two NVEs for the same VNI are allowed.AlsoAlso, note that a BFD session can only be established between two VAPs that are mapped to the same VNI and that use the same way to encapsulate data packets. </t> <t> If the BFD packet is received with the value of the Your Discriminatorequalsfield set to 0, then the BFD sessionSHOULD<bcp14>SHOULD</bcp14> be identified using the VNI number and the inner Ethernet/IP header. The inner Ethernet/IP header stands for the source MAC, the source IP, the destination MAC, and the destination IP. An implementationMAY<bcp14>MAY</bcp14> use the inner UDP port source number to aid in demultiplexing incoming BFD Control packets. If it fails to identify the BFD session, the incoming BFD Control packetsMUST<bcp14>MUST</bcp14> be dropped, and an exception event indicating the failure should be reported to the management.</t> <t> If the BFD packet is received with a non-zero Your Discriminator, then the BFD sessionMUST<bcp14>MUST</bcp14> be demultiplexed only with the Your Discriminator as the key. </t> </section> </section> <sectionanchor="ip-encaps-section" title="BFDanchor="ip-encaps-section"> <name>BFD EncapsulationWithwith the Inner IP/UDPHeader">Header</name> <t> If the VAP that originates the BFD packets is used to encapsulate IP data packets, then the BFD packets are encapsulated in Geneve as described below. The Geneve packet formats over IPv4 and IPv6 are defined inSection 3.1Sections <xref target="RFC8926" sectionFormat="bare" section="3.1"/> and3.2<xref target="RFC8926" sectionFormat="bare" section="3.2"/> of <xreftarget="RFC8926"/>target="RFC8926"/>, respectively. TheOuterouter IP/UDP and Geneve headers are encoded by the sender as defined in <xref target="RFC8926"/>. Note that the outer IP header and the inner IP header may not be of the same address family. In other words, an outer IPv6 header accompanied by an inner IPv4 header and an outer IPv4 header accompanied by an inner IPv6 header are both possible. </t> <figureanchor="Figure_2" title="Geneveanchor="Figure_2"> <name>Geneve Encapsulation of a BFD Control PacketWithwith the Inner IP/UDPHeader">Header</name> <artwork align="left"><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Ethernet Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Outer IPvX Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Outer UDP Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Geneve Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Inner IPvX Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Inner UDP Header ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ BFD Control Packet ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FCS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ]]></artwork> </figure> <t> The BFD packetMUST<bcp14>MUST</bcp14> be carried inside the inner IP packet of the Geneve packet. The inner IP packet carrying the BFD Control packet has the following format:<list> <t>Inner IP header: <list> <t>Source IP: IP</t> <dl newline="true" spacing="normal"> <dt>Inner IP Header:</dt> <dd> <dl spacing="normal" newline="false"> <dt>Source IP:</dt> <dd>IP address of a VAP of the originatingNVE.</t> <t>Destination IP: IPNVE.</dd> <dt>Destination IP:</dt> <dd>IP address of a VAP of the terminatingNVE.</t> <t>TTLNVE.</dd> <dt>TTL or Hop Limit:</dt> <dd>The TTL for IPv4 or HopLimit: MUSTLimit for IPv6 <bcp14>MUST</bcp14> be set to 255 in accordance with <xreftarget="RFC5881"/> thattarget="RFC5881"/>, which specifies the IPv4/IPv6 single-hopBFD.</t> </list> </t>BFD.</dd> </dl> <t> The fields of the UDP header and the BFD Control packet are encoded as specified in <xref target="RFC5881"/>.</t></list> </t></dd> </dl> <t> When the BFD packets are encapsulated in Geneve in this way, the Geneve header defined in <xref target="RFC8926"/> follows the value set below.</t><t> <list> <t><ul spacing="normal"> <li>The Opt Len fieldMUST<bcp14>MUST</bcp14> be set as consistent with the Geneve specification<xref target="RFC8926"/>(<xref target="RFC8926"/>) depending on whether or not Geneve options are present in the frame. The use of Geneve options with BFD is beyond the scope of thisdocument.</t> <t>document.</li> <li>The O bitMUST<bcp14>MUST</bcp14> be set to 1, which indicates this packet contains a controlmessage.</t> <t>message.</li> <li>The C bitMUST<bcp14>MUST</bcp14> be set to 0, which indicates there isn't any criticaloption.</t> <t>option.</li> <li>The Protocol Type fieldMUST<bcp14>MUST</bcp14> be set to 0x0800 (IPv4) or 0x86DD (IPv6), depending on the address family of the inner IPpacket.</t> <t>packet.</li> <li>The Virtual Network Identifier (VNI) fieldMUST<bcp14>MUST</bcp14> be set to the VNI number that the originating VAP is mappedto.</t> </list> </t> <section title="Demultiplexingto.</li> </ul> <section> <name>Demultiplexing a BFDpacket when payload is IP">Packet When the Payload Is IP</name> <t> Once a packet is received, the NVE validates the packet as described in <xref target="RFC8926"/>. When the payload is IP, the Protocol Type field equals 0x0800 or 0x86DD. TheDestinationdestination IP address of the inner IP packet matches the IP address of aVAPVAP, which is mapped to the same VNI as the received VNI.ThenThen, the UDP destination port and the TTL or Hop Limit of the inner IP packetMUST<bcp14>MUST</bcp14> be validated to determine whether or not the received packet can be processed byBFD, i.e.,BFD (i.e., the two field values of the inner IP packetMUST<bcp14>MUST</bcp14> be in compliance with what's defined inSection 5<xref sectionFormat="of" target="ip-encaps-section"/> of thisdocument,document as well asSection 4 of<xreftarget="RFC5881"/>.target="RFC5881" sectionFormat="of" section="4"/>). If the validation fails, the received packetMUST NOT<bcp14>MUST NOT</bcp14> be processed by BFD.</t> <t> If the BFD packet is received with the value of the Your Discriminatorequalsfield set to 0, then the BFD sessionSHOULD<bcp14>SHOULD</bcp14> be identified using the VNI number and the inner IP header. The inner IP header stands for the source IP and the destination IP. An implementationMAY<bcp14>MAY</bcp14> use the inner UDP port source number to aid in demultiplexing incoming BFD Control packets. If it fails to identify the BFD session, the incoming BFD Control packetsMUST<bcp14>MUST</bcp14> be dropped, and an exception event indicating the failure should be reported to the management.</t> <t> If the BFD packet is received with a non-zero Your Discriminator, then the BFD sessionMUST<bcp14>MUST</bcp14> be demultiplexed only with the Your Discriminator as the key. </t> </section> </section><section title="Security Considerations"><section> <name>Security Considerations</name> <t> Security issues discussed in <xref target="RFC8926"/> and <xref target="RFC5880"/> apply to this document. Particularly, the BFD is an application that is run at the two Geneve tunnel endpoints. The IP underlay network and/or the Geneve option can provide security between the peers, which are subject to the issue of overload described below. The BFD introduces no security vulnerabilities when run in this manner. Considering Geneve does not have any inherent security mechanisms, BFD authentication as specified in <xref target="RFC5880"/> isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to be utilized.</t> <t> This document supports establishing multiple BFD sessions between the same pair ofNVEs,NVEs. For each BFD session over a pair of VAPs residing in the same pair of NVEs, thereSHOULD<bcp14>SHOULD</bcp14> be a mechanism to control the maximum number of such sessions that can be active at the same time. Particularly, assuming an example that each NVE of the pair of NVEs has N VAPs using Ethernet as the payload, then there could be N squared BFD sessions running between the pair of NVEs. Considering N could be a high number, the N squared BFD sessions could result in overload of the NVE. In this case, it's recommended that N BFD sessions covering all N VAPs are run for the pair of NVEs. Generally speaking, the number of BFD sessions is supposed to be enough as long as all VAPs of the pair of NVEs are covered.</t> </section><section title="IANA Considerations"> <t> This<section> <name>IANA Considerations</name> <t>This document has no IANAaction requested.</t>actions.</t> </section> </middle> <back> <displayreference target="I-D.ietf-nvo3-geneve-oam" to="GENEVE-OAM"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5880.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5881.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8926.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7365.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8014.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8971.xml"/> <!-- [I-D.ietf-nvo3-geneve-oam] IESG state I-D Exists. Used Long Way to fix D. Black's initials. --> <reference anchor="I-D.ietf-nvo3-geneve-oam" target="https://datatracker.ietf.org/doc/html/draft-ietf-nvo3-geneve-oam-09"> <front> <title>OAM for use in GENEVE</title> <author initials="G." surname="Mirsky" fullname="Greg Mirsky"> <organization>Ericsson</organization> </author> <author initials="S." surname="Boutros" fullname="Sami Boutros"> <organization>Ciena</organization> </author> <author initials="D." surname="Black" fullname="David L. Black"> <organization>Dell EMC</organization> </author> <author initials="S." surname="Pallagatti" fullname="Santosh Pallagatti"> <organization>VMware</organization> </author> <date month="December" day="6" year="2023"/> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-nvo3-geneve-oam-09"/> </reference> </references> </references> <sectiontitle="Acknowledgements">numbered="false"> <name>Acknowledgements</name> <t> The authors would like to acknowledgeReshad Rahman, Jeffrey Haas, and Matthew Bocci<contact fullname="Reshad Rahman"/>, <contact fullname="Jeffrey Haas"/>, and <contact fullname="Matthew Bocci"/> for their guidance on this work.</t> <t> The authors would like to acknowledgeDavid Black<contact fullname="David Black"/> for his explanation on the mapping relation betweenVAPVAPs andVNI.</t>VNIs.</t> <t> The authors would like to acknowledgeStewart Bryant, Anoop Ghanwani, Jeffrey Haas, Reshad Rahman, Matthew Bocci, Andrew Alston, Magnus Westerlund, Paul Kyzivat, Sheng Jiang, Carl Wallace, Roman Danyliw, John Scudder, Donald Eastlake, Eric Vyncke, Zaheduzzaman Sarker, and Lars Eggert<contact fullname="Stewart Bryant"/>, <contact fullname="Anoop Ghanwani"/>, <contact fullname="Jeffrey Haas"/>, <contact fullname="Reshad Rahman"/>, <contact fullname="Matthew Bocci"/>, <contact fullname="Andrew Alston"/>, <contact fullname="Magnus Westerlund"/>, <contact fullname="Paul Kyzivat"/>, <contact fullname="Sheng Jiang"/>, <contact fullname="Carl Wallace"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="John Scudder"/>, <contact fullname="Donald Eastlake 3rd"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Zaheduzzaman Sarker"/>, and <contact fullname="Lars Eggert"/> for their thorough review and very helpful comments.</t> </section></middle> <back> <references title="Normative References"> <?rfc include="reference.RFC.5880"?> <?rfc include="reference.RFC.5881"?> <?rfc include="reference.RFC.2119"?> <?rfc include="reference.RFC.8174"?> <?rfc include="reference.RFC.8926"?> </references> <references title="Informative References"> <?rfc include="reference.RFC.7365"?> <?rfc include="reference.RFC.8014"?> <?rfc include="reference.RFC.8971"?> <?rfc include="reference.I-D.ietf-nvo3-geneve-oam"?> </references></back> </rfc>