[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: (draft-yong-tsvwg-gre-in-udp-encap) 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 RFC 8086

Network Working Group                                    E. Crabbe, Ed.
Internet-Draft
Intended status: Standard Track                            L. Yong, Ed.
                                                             Huawei USA
                                                             X. Xu, Ed.
                                                    Huawei Technologies

Expires: April 2015                                    October 27, 2014


                Generic UDP Encapsulation for IP Tunneling
                   draft-ietf-tsvwg-gre-in-udp-encap-03

Abstract

   This document describes a method of encapsulating arbitrary
   protocols within GRE and UDP headers.  In this encapsulation, the
   source UDP port may be used as an entropy field for purposes of load
   balancing while the payload protocol may be identified by the GRE
   Protocol Type.

Status of This Document

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute
   working documents as Internet-Drafts. The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 27, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with



Crabbe, el al.                                                 [Page 1]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   respect to this document.  Code Components extracted from this
   document must include Simplified BSD License text as described in
   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.


Table of Contents


   1. Introduction...................................................3
      1.1. Applicability Statement...................................3
   2. Terminology....................................................4
      2.1. Requirements Language.....................................4
   3. Procedures.....................................................4
      3.1. UDP checksum usage with IPv6..............................5
      3.2. Middlebox Considerations for IPv6 UDP Zero Checksums......7
      3.3. GRE-in-UDP Encapsulation Format...........................8
   4. Encapsulation Considerations..................................10
   5. Congestion Considerations.....................................11
   6. Backward Compatibility........................................13
   7. IANA Considerations...........................................13
   8. Security Considerations.......................................13
      8.1. Vulnerability............................................13
   9. Acknowledgements..............................................14
   10. Contributors.................................................14
   11. References...................................................16
      11.1. Normative References....................................16
      11.2. Informative References..................................16
   12. Authors' Addresses...........................................17




















Crabbe, et al.                                                 [Page 2]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014


1. Introduction

   Load balancing, or more specifically, statistical multiplexing of
   traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation
   Groups (LAGs) in IP networks is a widely used technique for creating
   higher capacity networks out of lower capacity links. Most existing
   routers in IP networks are already capable of distributing IP
   traffic flows over ECMP paths and/or LAGs on the basis of a hash
   function performed on flow invariant fields in IP packet headers and
   their payload protocol headers. Specifically, when the IP payload is
   a User Datagram Protocol (UDP)[RFC0768] or Transmission Control
   Protocol (TCP) packet, router hash functions frequently operate on
   the five-tuple of the source IP address, the destination IP address,
   the source port, the destination port, and the protocol/next-header

   Several tunneling techniques are in common use in IP networks, such
   as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and
   L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation
   choice, especially in environments where MPLS is unavailable or
   unnecessary. Unfortunately, use of common GRE endpoints may reduce
   the entropy available for use in load balancing, especially in
   environments where the GRE Key field [RFC2890] is not readily
   available for use as entropy in forwarding decisions.

   This document defines a generic GRE-in-UDP encapsulation for
   tunneling arbitrary network protocol payloads across an IP network
   environment where ECMP or LAGs are used. The GRE header provides
   payload protocol de-multiplexing by way of it's protocol type field
   [RFC2784] while the UDP header provides additional entropy by way of
   it's source port.

   This encapsulation method requires no changes to the transit IP
   network. Hash functions in most existing IP routers may utilize and
   benefit from the use of a GRE-in-UDP tunnel is without needing any
   change or upgrade to their ECMP implementation. The encapsulation
   mechanism is applicable to a variety of IP networks including Data
   Center and wide area networks.

   1.1. Applicability Statement

   It is recommended to use GRE-in-UDP encapsulation within a Service
   Provider (SP) network and/or DC network where the congestion control
   is not a concern. However the encapsulation can apply to ISP
   networks and/or Internet. Some environments request GRE-in-UDP
   tunnel to run more functions than others.




Crabbe, et al.                                                 [Page 3]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   GRE-in-UDP encapsulation may be used to tunnel the tunneled traffic,
   i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in-UDP or
   other tunnel encapsulation. In this case, GRE-in-UDP tunnel end
   points treat other tunnel endpoints as of the end hosts for the
   traffic and do not differentiate such end hosts from other end hosts.
   The use case and applicability for a GRE-in-UDP tunnel egress and
   stacked tunnel egress terminate on the same IP address is for
   further study.

2. Terminology

   The terms defined in [RFC768] are used in this document.

   2.1. Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].


3. Procedures

   When a tunnel ingress device conforming to this document receives a
   packet, the ingress MUST encapsulate the packet in UDP and GRE
   headers and set the destination port of the UDP header to [TBD]
   Section 6. The ingress device must also insert the payload protocol
   type in the GRE Protocol Type field.  The ingress device SHOULD set
   the UDP source port based on flow invariant fields from the payload
   header. In the case that ingress is unable to get the flow entropy
   from the payload header, it should set a randomly selected constant
   value for UDP source port to avoid payload packet flow reordering.
   The value, for example, may be simply a result of boot-up time. How
   a tunnel ingress generates entropy from the payload is outside the
   scope of this document. The tunnel ingress MUST encode its own IP
   address as the source IP address and the egress tunnel endpoint IP
   address.  The TTL field in the IP header must be set to a value
   appropriate for delivery of the encapsulated packet to the tunnel
   egress endpoint.

   When the tunnel egress receives a packet, it must remove the outer
   UDP and GRE headers.  Section 5 describes the error handling when
   this entity is not instantiated at the tunnel egress.

   For IPv4 UDP encapsulation, this field is RECOMMENDED to be set to
   zero because the IPv4 header includes a checksum, and use of the UDP
   checksum is optional with IPv4, unless checksum protection of
   tunneled payload is important, see Section 6.


Crabbe, et al.                                                 [Page 4]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   For IPv6 UDP encapsulation, the IPv6 header does not include a
   checksum, so this field MUST contain a UDP checksum that MUST be
   used as specified in [RFC0768] and [RFC2460] unless one of the
   exceptions that allows use of UDP zero-checksum mode (as specified
   in [RFC6935]) applies. See Section 3.1 for specification of these
   exceptions and additional requirements that apply when UDP zero-
   checksum mode is used for GRE-in-UDP traffic over IPv6.The tunnel
   ingress may set the GRE Key Present, Sequence Number Present, and
   Checksum Present bits and associated fields in the GRE header
   defined by [RFC2784] and [RFC2890].

   3.1. UDP checksum usage with IPv6

   When UDP is used over IPv6, the UDP checksum is relied upon to
   protect the IPv6 header from corruption, and MUST be used unless the
   requirements in [RFC 6935] and [RFC 6936] for use of UDP zero-
   checksum mode with a tunnel protocol are satisfied. Therefore, the
   UDP checksum MUST be implemented and MUST be used in accordance with
   [RFC0768] and [RFC2460] for GRE in UDP traffic over

   IPv6 unless one of the following exceptions applies and the
   additional requirements stated below are complied with.  In addition,
   use of the UDP checksum with IPv6 MUST be the default configuration
   of all GRE-in-UDP implementations.

   There are two exceptions that allow use of UDP zero-checksum mode
   for IPv6 with GRE-in-UDP, subject to the additional requirements
   stated below in this section.  The two exceptions are:

   o  Use of GRE-in-UDP within a single service provider that utilizes
      careful provisioning (e.g., rate limiting at the entries of the
      network while over-provisioning network capacity) to ensure
      against congestion and that actively monitors encapsulated
      traffic for errors; or

   o  Use of GRE-in-UDP within a limited number of service providers
      who closely cooperate in order to jointly provide this same
      careful provisioning and monitoring.

   As such, for IPv6, the UDP checksum for GRE-in-UDP MUST be used as
   specified in [RFC0768] and [RFC2460] over the general Internet, and
   over non-cooperating ISPs, even if each non-cooperating ISP
   independently satisfies the first exception for UDP zero-checksum
   mode usage with GRE-in-UDP over IPv6 within the ISP's own network.

   Section 5 of RFC6936 [RFC6936] specifies the additional requirements
   that implementation of UDP zero-checksum over IPv6 MUST compliant



Crabbe, et al.                                                 [Page 5]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   with. To compliant with it, the following additional requirements
   apply to GRE-in-UDP implementation and use of UDP zero-checksum mode
   over IPv6:

   a. A GRE-in-UDP implementation MUST comply with all requirements
      specified in Section 4 of [RFC6936] and with requirement 1
      specified in Section 5 of [RFC6936].

   b. A GRE-in-UDP receiver MUST check that the source and destination
      IPv6 addresses are valid for the GRE-in-UDP tunnel and discard
      any packet for which this check fails.

   c. A GRE-in-UDP sender SHOULD use different IPv6 addresses for each
      GRE-in-UDP tunnel that uses UDP zero-checksum mode in order to
      strengthen the receiver's check of the IPv6 source address.  When
      this is not possible, it is RECOMMENDED to use each source IPv6
      address for as few UDP zero-checksum mode MPLS-in-UDP tunnels as
      is feasible.

   d. GRE-in-UDP sender and receiver MUST agree the key(s) used over
      the tunnel. The sender MUST insert a key on GRE header, and the
      receiver MUST check if the key in GRE header is valid for the
      tunnel and drop invalid packet.

   e. A GRE-in-UDP receiver node SHOULD only enable the use of UDP
      zero-checksum mode on a single UDP port and SHOULD NOT support
      any other use UDP zero-checksum mode on any other UDP port.

   f. A GRE-in-UDP sender SHOULD send GRE keepalive messages with a
      zero UDP checksum. GRE-in-UDP receiver that discovers an
      appreciable loss rate for keepalive packets MAY terminate the
      tunnel.

   g. GRE keepalive messages SHOULD include both UDP datagrams with a
      checksum and datagrams with a zero UDP checksum.  This will
      enable the remote endpoint to distinguish between a path failure
      and the dropping of datagrams with a zero UDP checksum.

   h. Any middlebox support for MPLS-in-UDP with UDP zero-checksum mode
      for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of
      RFC 6936.

   (Editor note: the design team and authors need further discuss above
   requirements text)






Crabbe, et al.                                                 [Page 6]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   The above requirements are intended to be in addition to the
   requirements specified in [RFC2460] as modified by [RFC6935] and the
   requirements specified in [RFC6936].

   GRE-in-UDP over IPv6 does not include an additional integrity check
   because the above requirements in combination with the exceptions
   that restrict use of UDP zero-checksum mode to well-managed networks
   should not significantly increase the rate of corruption of UDP/GRE-
   encapsulated traffic by comparison to GRE-encapsulated traffic over
   similar well-managed networks and because GRE does not accumulate
   incorrect state as a consequence of GRE header corruption.

   Editor Note: The preceding paragraph addresses requirements 2-4 in
   Section 5 of [RFC 6936].  Requirement 5 in that section is addressed
   by the requirement e in this section. Requirements 6 and 7 in that
   section are covered by the requirements f and g in this section.
   Requirement 8-10 in that section is addressed by the requirement h
   in this section.

   In summary, UDP zero-checksum mode for IPv6 is allowed to be used
   with GRE-in-UDP when one of the two exceptions specified above
   applies, provided that additional requirements stated above are
   complied with. Otherwise the UDP checksum MUST be used for IPv6 as
   specified in [RFC0768] and [RFC2460].

   This entire section and its requirements apply only to use of UDP
   zero-checksum mode for IPv6; they can be avoided by using the UDP
   checksum as specified in [RFC0768] and [RFC2460].

   3.2.  Middlebox Considerations for IPv6 UDP Zero Checksums

   IPv6 datagrams with a zero UDP checksum will not be passed by any
   middlebox that validates the checksum based on [RFC2460] or that
   updates the UDP checksum field, such as NATs or firewalls. Changing
   this behavior would require such middleboxes to be updated to
   correctly handle datagrams with zero UDP checksums.  The GRE-in-UDP
   encapsulation does not provide a mechanism to safely fall back to
   using a checksum when a path change occurs redirecting a tunnel over
   a path that includes a middlebox that discards IPv6 datagrams with a
   zero UDP checksum.  In this case the GRE-in-UDP tunnel will be
   black-holed by that middlebox.  Recommended changes to allow
   firewalls, NATs and other middleboxes to support use of an IPv6 zero
   UDP checksum are described in Section 5 of [RFC6936].







Crabbe, et al.                                                 [Page 7]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   3.3. GRE-in-UDP Encapsulation Format

   The format of the GRE-in-UDP encapsulation for both IPv4 and IPv6
   outer headers is shown in the following figures:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      IPv4 Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Version|  IHL  |Type of Service|          Total Length         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |         Identification        |Flags|      Fragment Offset    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |  Time to Live |Protcol=17(UDP)|          Header Checksum      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       Source IPv4 Address                     |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                     Destination IPv4 Address                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      UDP Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       Source Port = XXXX      |       Dest Port = TBD         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |           UDP Length          |        UDP Checksum           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      GRE Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |C| |K|S| Reserved0       | Ver |         Protocol Type         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |      Checksum (optional)      |       Reserved1 (Optional)    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Key (optional)                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                 Sequence Number (Optional)                    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 1  UDP+GRE IPv4 headers









Crabbe, et al.                                                 [Page 8]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014


      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

      IPv6 Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |Version| Traffic Class |           Flow Label                  |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |         Payload Length        | NxtHdr=17(UDP)|   Hop Limit   |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                     Outer Source IPv6 Address                 +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                  Outer Destination IPv6 Address               +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      UDP Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |       Source Port = XXXX      |       Dest Port = TBD         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |           UDP Length          |        UDP Checksum           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      GRE Header:
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |C| |K|S| Reserved0       | Ver |         Protocol Type         |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |      Checksum (optional)      |       Reserved1 (Optional)    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Key (optional)                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                 Sequence Number (Optional)                    |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                      Figure 2  UDP+GRE IPv6 headers




Crabbe, et al.                                                 [Page 9]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014



   The total overhead increase for a UDP+GRE tunnel without use of
   optional GRE fields, representing the lowest total overhead increase,
   is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6.
   The total overhead increase for a UDP+GRE tunnel with use of GRE Key,
   Sequence and Checksum Fields, representing the highest total
   overhead increase, is 44 bytes in the case of IPv4 and 64 bytes in
   the case of IPv6.


4. Encapsulation Considerations

   GRE-in-UDP encapsulation is used for single tunnel mechanism where
   both GRE and UDP header are required. The mechanism allows the
   tunneled traffic to be unicast, broadcast, or multicast traffic.
   Entropy may be generated from the header of tunneled unicast or
   broadcast/multicast packets at tunnel ingress. The mapping mechanism
   between the tunneled multicast traffic and the multicast capability
   in the IP network is transparent and independent to the
   encapsulation and is outside the scope of this document.

   The tunnel ingress SHOULD perform the fragmentation [GREMTU] on a
   packet before the encapsulation and factor in both GRE and UDP
   header bytes in the effective Maximum Transmission Unit (MTU) size.
   Not performing the fragmentation will cause the packets exceeding
   network MTU size to be dropped in the network. The tunnel ingress
   MUST use the same source UDP port for all packet fragments to ensure
   that the transit routers will forward the packet fragments on the
   same path. An operator should factor in the addition overhead bytes
   when considering an MTU size for the payload to reduce the
   likelihood of fragmentation.

   To ensure the tunneled traffic gets the same treatment over the IP
   network, prior to the encapsulation process, tunnel ingress should
   process the payload to get the proper parameters to fill into the IP
   header such as DiffServ [RFC2983].  Tunnel end points that support
   ECN MUST use the method described in [RFC6040] for ECN marking
   propagation.  This process is outside of the scope of this document.

   Note that the IPv6 header [RFC2460] contains a flow label field that
   may be used for load balancing in an IPv6 network [RFC6438].  Thus
   in an IPv6 network, either GRE-in-UDP or flow labels may be used for



Crabbe, et al.                                                [Page 10]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   improving load balancing performance. Use of GRE-in-UDP
   encapsulation provides a unified hardware implementation for load
   balancing in an IP network independent of the IP version(s) in use.
   However IPv6 network require performing the UDP checksum, which may
   impact network performance and user experience. Thus, a flow label
   based load balancing may be a better approach in an IPv6 network.

5. Congestion Considerations

   Section 3.1.3 of RFC 5405 [RFC5405] discussed the congestion
   implications of UDP tunnels. As discussed in RFC 5405, because other
   flows can share the path with one or more UDP tunnels, congestion
   control [RFC2914] needs to be considered.

   A major motivation for encapsulating GRE in UDP is to provide a
   generic UDP tunnel protocol to tunnel a network protocol over IP
   network and improve the use of multipath (such as Equal Cost
   MultiPath, ECMP) in cases where traffic is to traverse routers which
   are able to hash on UDP Port and IP address. As such, in many cases
   this may reduce the occurrence of congestion and improve usage of
   available network capacity. However, it is also necessary to ensure
   that the network, including applications that use the network,
   responds appropriately in more difficult cases, such as when link or
   equipment failures have reduced the available capacity.

   The impact of congestion must be considered both in terms of the
   effect on the rest of the network of a UDP tunnel that is consuming
   excessive capacity, and in terms of the effect on the flows using
   the UDP tunnels. The potential impact of congestion from a UDP
   tunnel depends upon what sort of traffic is carried over the tunnel,
   as well as the path of the tunnel.

   GRE in UDP as a generic UDP tunnel mechanism can be used to carry a
   network protocol and traffic. If tunneled traffic is already
   congestion controlled, GRE in UDP tunnel generally does not need
   additional congestion control mechanisms. As specified in RFC 5405:

    IP-based traffic is generally assumed to be congestion-controlled,
   i.e., it is assumed that the transport protocols generating IP-based
   traffic at the sender already employ mechanisms that are sufficient
   to address congestion on the path.  Consequently, a tunnel carrying.

   IP-based traffic should already interact appropriately with other
   traffic sharing the path, and specific congestion control mechanisms
   for the tunnel are not necessary.




Crabbe, et al.                                                [Page 11]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   For this reason, where GRE in UDP tunneling is used to carry IP
   traffic that is known to be congestion controlled, the tunnel MAY be
   used across any combination of a single service provider, multiple
   cooperating service providers, or across the general Internet.
   Internet IP traffic is generally assumed to be congestion-controlled.

   However, GRE in UDP tunneling is also used in many cases to carry
   traffic that is not necessarily congestion controlled. In such cases
   service providers and data center operators may avoid congestion by
   careful provisioning of their networks, by rate limiting of user
   data traffic, and/or by using Traffic Engineering tools to monitor
   the network segments and dynamically steers traffic away from the
   potential congested link in time.

   For this reason, where the GRE payload traffic is not congestion
   controlled, GRE in UDP tunnels MUST only be used within a single
   service provider that utilizes careful provisioning (e.g., rate
   limiting at the entries of the network while over-provisioning
   network capacity) to ensure against congestion, or within a limited
   number of service providers who closely cooperate in order to
   jointly provide this same careful provisioning.

   As such, GRE in UDP MUST NOT be used over the general Internet, or
   over non-cooperating ISPs, to carry traffic that is not congestion-
   controlled.

   Measures SHOULD be taken to prevent non-congestion-controlled GRE-
   over-UDP traffic from "escaping" to the general Internet, e.g.:

   o  physical or logical isolation of the links carrying GRE-over-UDP
      from the general Internet,

   o  deployment of packet filters that block the UDP ports assigned
      for GRE-over-UDP,

   o  imposition of restrictions on GRE-over-UDP traffic by software
      tools used to set up GRE-over-UDP tunnels between specific end
      systems (as might be used within a single data center), and

   o  use of a "Managed Circuit Breaker" for the tunneled traffic as
      described in [I-D.-tsvwg-circuit-breaker].

   [Editor: the text in this section was derived from the text for
   mpls-in-udp. More work necessary to make general for this]






Crabbe, et al.                                                [Page 12]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

6. Backward Compatibility

   It is assumed that tunnel ingress routers must be upgraded in order
   to support the encapsulations described in this document.

   No change is required at transit routers to support forwarding of
   the encapsulation described in this document.

   If a router that is intended for use as a tunnel egress does not
   support the GRE-in-UDP encapsulation described in this document, it
   will not be listening on destination port [TBD].  In these cases,
   the router will conform to normal UDP processing and respond to the
   tunnel ingress with an ICMP message indicating "port unreachable"
   according to [RFC792].  Upon receiving this ICMP message, the tunnel
   ingress MUST NOT continue to use GRE-in-UDP encapsulation toward
   this tunnel egress without management intervention.

7. IANA Considerations

   IANA is requested to make the following allocation:

         Service Name: GRE-in-UDP
         Transport Protocol(s): UDP
         Assignee: IESG <iesg@ietf.org>
         Contact: IETF Chair <chair@ietf.org>
         Description: GRE-in-UDP Encapsulation
         Reference: [This.I-D]
         Port Number: TBD
         Service Code: N/A
         Known Unauthorized Uses: N/A
         Assignment Notes: N/A

8. Security Considerations

   8.1. Vulnerability

   Neither UDP nor GRE encapsulation effects security for the payload
   protocol. When using GRE-in-UDP, Network Security in a network is
   the same as that of a network using GRE.

   Use of ICMP for signaling of the GRE-in-UDP encapsulation capability
   adds a security concern. Upon receiving an ICMP message and before
   taking an action on it, the ingress MUST validate the IP address


Crabbe, et al.                                                [Page 13]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   originating against tunnel egress address and MUST evaluate the
   packet header returned in the ICMP payload to ensure the source port
   is the one used for this tunnel. The mechanism for performing this
   validation is out of the scope of this document.

   In an instance where the UDP src port is not set based on the flow
   invariant fields from the payload header, a random port SHOULD be
   selected in order to minimize the vulnerability to off-path attacks.
   [RFC6056] How the src port randomization occurs is outside scope of
   this document.

   Using one standardized value in UDP destination port for an
   encapsulation indication may increase the vulnerability of off-path
   attack. To overcome this, tunnel egress may request tunnel ingress
   using a different and specific value [RFC6056] in UDP destination
   port for the GRE-in-UDP encapsulation indication. How the tunnel end
   points communicate the value is outside scope of this document.

   This document does not require that the tunnel egress validates the
   IP source address of the tunneled packets (with the exception that
   the IPv6 source address MUST be validated when UDP zero-checksum
   mode is used with IPv6), but it should be understood that failure to
   do so presupposes that there is effective destination-based (or a
   combination of source-based and destination-based) filtering at the
   boundaries.

9. Acknowledgements

   Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger
   Geib, Gorry Fairhurst, David Black, Lar Edds, Lloyd, and many others
   for their review and valuable input on this draft.

   Thank the design team led by David Black (members: Ross Callon,
   Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the
   descriptions for the congestion considerations and IPv6 UDP zero
   checksum.


10. Contributors

   The following people all contributed significantly to this document
   and are listed below in alphabetical order:



Crabbe, et al.                                                [Page 14]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014


   Ross Callon
   Juniper Networks
   10 Technology Park Drive
   Westford, MA  01886
   USA

   Email: rcallon@juniper.net


   David Black
   EMC Corporation
   176 South Street
   Hopkinton, MA  01748
   USA

   Email: david.black@emc.com

   John E. Drake
   Juniper Networks

   Email: jdrake@juniper.net

   Adrian Farrel
   Juniper Networks

   Email: adrian@olddog.co.uk

   Vishwas Manral
   Hewlett-Packard Corp.
   3000 Hanover St, Palo Alto.

   Email: vishwas.manral@hp.com

   Carlos Pignataro
   Cisco Systems
   7200-12 Kit Creek Road
   Research Triangle Park, NC 27709 USA

   EMail: cpignata@cisco.com

   Yongbing Fan
   China Telecom
   Guangzhou, China.


Crabbe, et al.                                                [Page 15]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   Phone: +86 20 38639121

   Email: fanyb@gsta.com

11. References

   11.1. Normative References

   [RFC768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
             August 1980.

   [RFC791]  DARPA, "Internet Protocol", RFC791, September 1981

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC2119, March 1997.

   [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
             Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
             March 2000.

   [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
             RFC2890, September 2000.

   [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
             October 2000.

   [RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application
             Designers", RFC5405, November 2008.

   [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
             Notification", RFC6040, November 2010

   [RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
             Equal Cost Multipath Routing and Link Aggregation in
             tunnels", RFC6438, November, 2011

   11.2. Informative References

   [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC
             792, September 1981.

   [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
             (IPv6) Specification", RFC 2460, December 1998.

   [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling
             Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005.



Crabbe, et al.                                                [Page 16]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014

   [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
             MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
             4023, March 2005.

   [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
             Networks (VPNs)", RFC 4364, February 2006.



   [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
             "Extended ICMP to Support Multi-Part Messages", RFC 4884,
             April 2007.

   [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
             Protocol Port Randomization", RFC6056, January 2011

   [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and
             L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
             RFC 6790, November 2012.

   [GREMTU]  Bonica, R., "A Fragmentation Strategy for Generic Routing
             Encapsulation (GRE)", draft-bonica-intara-gre-mtu, work in
             progress

   [CB]      Fairhurst, G., "Network Transport Circuit Breakers",
             draft-fairhurst-tsvwg-circuit-breaker-01, work in progress


12. Authors' Addresses


   Edward Crabbe (editor)


   Email: edward.crabbe@gmail.com

   Lucy Yong (editor)
   Huawei Technologies, USA

   Email: lucy.yong@huawei.com


   Xiaohu Xu (editor)
   Huawei Technologies,
   Beijing, China

   Email: xuxiaohu@huawei.com



Crabbe, et al.                                                [Page 17]


Internet-Draft Generic UDP Encapsulation for IP Tunneling  October 2014


  Gorry's comments
       - give an example of random constant value selection for UDP
          source port in the case where tunnel ingress can't get flow
          entropy
       -  use "MUST" instead of "SHOULD" for requesting use of UDP
          checksum  in IPv6 network
       -  more concise text for congestion description; use some text
          in [RFC5405]
       -  State what consequence without doing fragmentation
       -  tunnel ingress actions upon receiving an ICMP msg
       -  tunnel-in-tunnel case
       - CB does not describe the protocol to support CB, only the
          mechanism. UDP report protocol may be good fit.




































Crabbe, et al.                                                [Page 18]


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/