Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The destination UNREACHABLE message is sent by the Receiver NVE to the Sender NVE when the former receives a decapsulated NVGRE frame that has a mismatched or missing NVGRE isolation policy, as described in section 3.2.2.2.
The Inner Ethernet Header, Inner IP Header, and ICMP header comprise the Payload Frame of the NVGRE encapsulation, as shown in the figure NVGRE packet encapsulation of section 1.3.1. The UNREACHABLE extension message frames in this section are described in the encapsulation order of the NVGRE packet.
The Inner Ethernet Header of the Payload Frame for the UNREACHABLE message is specified in the following packet diagram and field descriptions.
Inner Ethernet Header:
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Sender_NVE_MAC_Address
...
Receiver_NVE_MAC_Address
...
EtherType
Sender NVE MAC Address (6 bytes): contains the MAC address of the Sender NVE that receives the UNREACHABLE message from the Receiver NVE.
Receiver NVE MAC Address (6 bytes): contains the MAC address of the Receiver NVE that decapsulates NVGRE packets sent from the Sender NVE. The Receiver NVE sends the UNREACHABLE message to the Sender NVE when the former receives an NVGRE frame for a VM that has migrated to the new Target (destination) NVE.
Ethertype (2 bytes): set to hex 0x0800 (2048 decimal) to indicate that IPv4 is the encapsulated protocol in the NVGRE packet. It is used at the receiving end by the data link layer to determine how the payload is processed. The Ethertype value 0x86DD (34525 decimal) indicates IPv6 is in use.
Note: The NVGRE Inner Ethernet header MUST NOT contain any tags, as defined by section 2.2.1 [IEEE802.1Q]. The encapsulating Sender NVE MUST remove any existing [IEEE802.1Q] tags before the NVGRE encapsulation is complete. Moreover, the decapsulating Receiver NVE MUST drop the frame if the Inner Ethernet header contains one or more [IEEE802.1Q] tags.
The Inner IP Header and ICMP Header for the Payload Frame (see the figure GRE packet encapsulation in section 1.3.1) of the UNREACHABLE message is defined in the following packet diagram and descriptions.
Inner IP Header:
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Version
HL
Type_of_Service
Total_Length
Identification
Flags
Fragment_Offset
Time_to_Live
Protocol
Header_Checksum
Receiver_NVE_Address
Target_NVE_Address
IP_Payload (variable)
...
...
ICMP Header:
ICMP_Type
ICMP_Code
ICMP_Checksum
ICMP_Data (variable)
...
...
Version (4 bits): the version of the IP protocol. For IPv4, this field is set to a value of 0x04; for IPv6, it is set to a value of 0x06.
HL (4 bits): the length of the IP header in 32-bit words ([MS-DTYP] section 2.2.11 ), not including the ICMP header and data. Minimum value equals 20 bytes and maximum value equals 60 bytes.
Type of Service (1 byte): determines how the IP datagram should be delivered with respect to criteria such as delay, throughput, priority, reliability, and cost. Such delivery depends on how the bits are set. The first 3 bits are the priority bits.
Total Length (2 bytes): the length of the entire packet (header + data). The minimum length is 20 bytes and the maximum is 65,535 bytes.
Identification (2 bytes): differentiates fragmented packets from other datagrams. Set by the NVGRE implementation as a globally incremented number.
Flags (4 bits): provides segment information such as identification of fragment status and controlling whether or not fragmentation can occur.
Bit 1 — always set to 0x00.
Bit 2 — if this bit (Don't Fragment (DF) flag) is set to 0x00, then fragmentation of this datagram is prohibited, although it may be discarded.
Bit 3 — if set to 0x00: there is no fragmentation, or if a packet is fragmented, this is the last one;
— if set to 0x01: the current packet is fragmented and at least one frame will follow it.
Fragment Offset (12 bits): provides a value that enables the destination device to place fragments in the proper sequence when reassembling the original packet. First fragment offset is always 0x00 to indicate the first datagram of transmission. Offset range for this field is from 0x00 (0 decimal) to 1FFF (8191 decimal).
Time to Live (TTL) (1 byte): set by default to 0x80 (128 decimal) in Windows. Refers to the amount of time or “hops” that a packet is set to exist inside a network. If the TTL expires before a packet reaches the destination, it is discarded by the router.
Protocol (1 byte): this field is set to 0x01 for ICMPv4, or to 0x3A for ICMPv6, depending upon the IP protocol version in use at the NVE.
Header Checksum (2 bytes): this field is set to 0x00 in the source packet, which is the initial computed value. The Header Checksum is calculated again at the destination and compared to the initial Header Checksum field value. If there is no corruption, the result of summing the entire IP header, including checksum, should again be zero. Otherwise, the packet is discarded.
Receiver NVE Address (4 bytes): this field is set to the IP address of the Receiver NVE that sends the UNREACHABLE message to the Sender NVE to initiate the policy refresh process.
Target NVE Address (4 bytes): this field is set to the IP address of the Target NVE, which is sent to the Sender NVE in the UNREACHABLE message so that the Sender NVE can specify where policy refresh traffic must be redirected by the Receiver NVE, that is, to the Target (destination) NVE and subsequently to the migrated Receiver VM location. See Figure 2.
IP Payload (variable): This field contains as much data as possible from the original GRE frame that triggered sending the UNREACHABLE message. This data MUST include at least the GRE frame, the Inner Ethernet Header, and the Inner IP Header.
ICMP Type (1 byte): this field MUST be set to 0x03 for IPv4, or set to 0x01 for IPv6.
ICMP Code (1byte): this field MUST be set to 0x0A for IPv4 and set to 0x01 for IPv6. The ICMP Code field is for ICMP error and informational messages that are used to trigger the traffic REDIRECT or destination UNREACHABLE extension messages of NVGRE.
ICMP Checksum (2 bytes): the 16-bit ones's complement of the one's complement sum of the ICMP message starting with the ICMP Type. For computing the checksum, the Checksum field should be initialized to zero (0x00).
ICMP Data (variable): contains a data section that includes a copy of the entire IPv4 header, plus at least the first eight bytes of data from the IP Header packet with which an ICMP error message is associated.
§ The GRE header is next in the encapsulation order following the Inner Ethernet Header, Inner IP Header, and ICMP header. The format and field definitions of the GRE Header are specified in the packet diagram and descriptions that follow.
-
-
GRE Header:
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1C
A
K
S
Reserved0
Ver
Protocol_Type
Checksum
Reserved1
Key:Virtual_Subnet_ID
Key:Flow_ID
Sequence_Number
-
C - Checksum Present (1 bit): this field MUST be set to 0x00. A value of 0x00 means the Checksum field is not present.
-
A - (1 bit): not used.
-
K - Key Present (1 bit): this field MUST be set to 0x01. A value of 0x01 means that the Key field is present in the GRE frame.
-
S - Sequence Number Present (1 bit): this field MUST be set to 0x00. A value of 0x00 means the Sequence Number field is not present in the GRE frame.
-
Reserved0 (9 bits): not used.
-
Ver (3 bits): not used.
-
Protocol Type (2 bytes): set this field value to 0x6558 (25944 decimal) for Transparent Ethernet Bridging.
-
Checksum (2 bytes): not used.
-
Reserved1 (2 bytes): not used.
-
Key(4 bytes): comprised of the Virtual Subnet (VSID) and FlowID components, as follows:
-
Key:Virtual Subnet ID (VSID) (3 bytes) — as part of the Key field, this 24-bit value (0xFFFFFF max) is used to identify NVGRE-based Virtual Layer-2 Networks, where each bit identifies a unique virtual subnet location that is populated with one or more VM tenants.
-
Key:FlowID (1 byte) — as part of the Key field, this 8-bit hex value provides per-flow entropy for flows in the same virtual subnet. The FlowID MUST NOT be modified by transit devices. The encapsulating NVE endpoint SHOULD provide as much entropy as possible in the FlowID. If a FlowID is not generated, this field MUST be set to 0x00.
-
Sequence Number (4 bytes): not used.
-
The following Outer Ethernet Header and Outer IP Header comprise the Delivery frame of the NVGRE encapsulation (figure NVGRE packet encapsulation of section 1.3.1) for the UNREACHABLE message. The Outer Ethernet Header packet for the UNREACHABLE message is defined in the following packet diagram and field descriptions.
Outer Ethernet Header:
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Sender_MAC_Address
...
Receiver_MAC_Address
...
Ethertype=C-Tag 802.1Q
Optional Outer VLAN Tag Information
Ethertype
Sender_MAC_Address (6 bytes): this field is set to the MAC address of the next-hop IP address of the Sender (destination) NVE. The Receiver NVE sends the UNREACHABLE message to the Sender (destination) NVE which is then triggered to send out a policy refresh. Thereafter, the new Target NVE (and the associated, moved VM) start receiving decapsulated, policy-compliant packets. See Figure 2.
Receiver_MAC_Address (6 bytes): contains the MAC address of the Receiver NVE that sends the UNREACHABLE message to the Sender (destination) NVE whenever the Receiver NVE detects a decapsulated GRE frame that contains an invalid or missing isolation policy.
Ethertype=C-Tag_802.1Q (2 bytes): not used.
Optional_Outer_VLAN_Tag_Information (2 bytes): an optional field of outer Virtual Local Area Network (VLAN) tags that can be added to Ethernet packets to identify their associated service type. Virtual Local Area Network (VLAN) tags can also be used for traffic management and broadcast scalability on the network.
Ethertype (2 bytes): set to hex 0x0800 (2048 decimal) to indicate that IPv4 is the encapsulated protocol in the payload of the GRE frame. It is used at the receiving end by the data link layer to determine how the payload is processed. This field can also indicate the size of some Ethernet frames. The Ethertype value 0x86DD (34525 decimal) indicates IPv6 is in use.
The Outer IP Header for the UNREACHABLE message is defined in the following packet diagram and field descriptions.
Outer IP Header:
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1Version
HL
Type_of_Service
Total_Length
Identification
Flags
Fragment_Offset
Time_to_Live
Protocol
Header_Checksum
Receiver_NVE_Address
Target_NVE_Address
Version (4 bits): the version of the IP protocol. For IPv4, this field is set to a value of 0x04; for IPv6, it is set to a value of 0x06.
HL (4 bits): the length of the header in 32-bit words ([MS-DTYP] section 2.2.11). Minimum value equals 20 bytes and maximum value equals 60 bytes.
Type_of_Service (1 byte): determines how the IP datagram should be delivered with respect to criteria such as delay, throughput, priority, reliability, and cost. Such delivery depends on how the bits are set. The first 3 bits are the priority bits.
Total_Length (2 bytes): the length of the entire packet (header+data). The minimum length is 20 bytes and the maximum is 65,535 bytes.
Identification (2 bytes): differentiates fragmented packets from other datagrams. Set by the NVGRE implementation as a globally incremented number.
Flags (3 bits): Provides segment information such as identification of fragment status and controlling whether or not fragmentation can occur.
Bit 1 — always set to zero (0).
Bit 2 — if this bit (Don't Fragment (DF) flag) is set to zero (0), then fragmentation of this datagram is prohibited, although it may be discarded.
Bit 3 — if set to zero (0): there is no fragmentation, or if packet is fragmented, it is the last one.
— if set to one (1): the current packet is fragmented and at least one frame will follow it.
Fragment_Offset (13 bits): provides a value that enables the destination device to place fragments in the proper sequence when reassembling the original packet. First fragment offset is always 0x00 to indicate the first datagram of transmission. Offset range of this field is from 0x00 to 0x1FFF (8191 decimal).
Time_to_Live (1 byte): set to 0x80 (128 decimal) in Windows by default. Refers to the amount of time or “hops” that a packet is set to exist inside a network. If the TTL expires before a packet reaches the destination, it is discarded by the router.
Protocol (1 byte): set to 0x06 by default. Defines the protocol used in the data portion of the IP datagram. A setting of 0x06 represents TCP and a setting of 0x2F represents UDP.
Header_Checksum (2 bytes): this field is set to 0x00 in the source packet, which is the initial reference value. The Header Checksum is calculated again at the destination and compared to the initial Header Checksum field value. If there is no corruption, the result of summing the entire IP header, including checksum, should again be zero (0x00). Otherwise, the packet is discarded.
Receiver_NVE_Address (4 bytes): the source IP address in the outer frame is referred to as the provider address (PA) of the Receiver NVE, with policy controlling the choice of which PA to use for a given destination Target NVE.
Target_NVE_Address (4 bytes): the destination IP address in the outer frame is referred to as the provider address (PA) of the Sender NVE. The PA is used to locate the Target (Destination) NVE that acts as gateway for the moved Receiver VM.