draft-ietf-intarea-gre-ipv6-07.txt   draft-ietf-intarea-gre-ipv6-08.txt 
Intarea Working Group C. Pignataro Intarea Working Group C. Pignataro
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: 2784 (if approved) R. Bonica Updates: 2784 (if approved) R. Bonica
Intended status: Standards Track Juniper Networks Intended status: Standards Track Juniper Networks
Expires: October 15, 2015 S. Krishnan Expires: December 10, 2015 S. Krishnan
Ericsson Ericsson
April 13, 2015 June 8, 2015
IPv6 Support for Generic Routing Encapsulation (GRE) IPv6 Support for Generic Routing Encapsulation (GRE)
draft-ietf-intarea-gre-ipv6-07 draft-ietf-intarea-gre-ipv6-08
Abstract Abstract
Generic Routing Encapsulation (GRE) can be used to carry any network- Generic Routing Encapsulation (GRE) can be used to carry any network-
layer payload protocol over any network-layer delivery protocol. GRE layer payload protocol over any network-layer delivery protocol. GRE
procedures are specified for IPv4, used as either the payload or procedures are specified for IPv4, used as either the payload or
delivery protocol. However, GRE procedures are not specified for delivery protocol. However, GRE procedures are not specified for
IPv6. IPv6.
This document specifies GRE procedures for IPv6, used as either the This document specifies GRE procedures for IPv6, used as either the
skipping to change at page 1, line 47 skipping to change at page 1, line 47
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 15, 2015. This Internet-Draft will expire on December 10, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. GRE Header Fields . . . . . . . . . . . . . . . . . . . . . . 3 2. GRE Header Fields . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Checksum Present . . . . . . . . . . . . . . . . . . . . 3 2.1. Checksum Present . . . . . . . . . . . . . . . . . . . . 3
3. IPv6 As GRE Payload . . . . . . . . . . . . . . . . . . . . . 4 3. IPv6 As GRE Payload . . . . . . . . . . . . . . . . . . . . . 4
3.1. GRE Protocol Type Considerations . . . . . . . . . . . . 4 3.1. GRE Protocol Type Considerations . . . . . . . . . . . . 4
3.2. MTU Considerations . . . . . . . . . . . . . . . . . . . 4 3.2. MTU Considerations . . . . . . . . . . . . . . . . . . . 4
3.3. Fragmentation Considerations . . . . . . . . . . . . . . 4 3.3. Fragmentation Considerations . . . . . . . . . . . . . . 5
4. IPv6 As GRE Delivery Protocol . . . . . . . . . . . . . . . . 5 4. IPv6 As GRE Delivery Protocol . . . . . . . . . . . . . . . . 5
4.1. Next Header Considerations . . . . . . . . . . . . . . . 5 4.1. Next Header Considerations . . . . . . . . . . . . . . . 5
4.2. Checksum Considerations . . . . . . . . . . . . . . . . . 5 4.2. Checksum Considerations . . . . . . . . . . . . . . . . . 6
4.3. MTU Considerations . . . . . . . . . . . . . . . . . . . 6 4.3. MTU Considerations . . . . . . . . . . . . . . . . . . . 6
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
Generic Routing Encapsulation (GRE) [RFC2784] [RFC2890] can be used Generic Routing Encapsulation (GRE) [RFC2784] [RFC2890] can be used
to carry any network-layer payload protocol over any network-layer to carry any network-layer payload protocol over any network-layer
delivery protocol. GRE procedures are specified for IPv4 [RFC0791], delivery protocol. GRE procedures are specified for IPv4 [RFC0791],
used as either the payload or delivery protocol. However, GRE used as either the payload or delivery protocol. However, GRE
procedures are not specified for IPv6 [RFC2460]. procedures are not specified for IPv6 [RFC2460].
This document specifies GRE procedures for IPv6, used as either the This document specifies GRE procedures for IPv6, used as either the
payload or delivery protocol. Like RFC 2784, this document describes payload or delivery protocol. Like RFC 2784, this document describes
GRE how has been implemented by several vendors. It updates RFC 2784 how GRE has been implemented by several vendors. It updates RFC
. 2784.
1.1. Terminology 1.1. Terminology
The following terms are used in this document: The following terms are used in this document:
o GRE delivery header - an IPv4 or IPv6 header whose source address o GRE delivery header - an IPv4 or IPv6 header whose source address
represents the GRE ingress node and whose destination address represents the GRE ingress node and whose destination address
represents the GRE egress node. The GRE delivery header represents the GRE egress node. The GRE delivery header
encapsulates a GRE header. encapsulates a GRE header.
o GRE header - the GRE protocol header. The GRE header is o GRE header - the GRE protocol header. The GRE header is
encapsulated in the GRE delivery header and encapsulates GRE encapsulated in the GRE delivery header and encapsulates GRE
payload. payload.
o GRE payload - a network layer packet that is encapsulated by the o GRE payload - a network layer packet that is encapsulated by the
GRE header. GRE header.
o GRE overhead - the combined size of the GRE delivery header and o GRE overhead - the combined size of the GRE delivery header and
the GRE header, measured in bytes the GRE header, measured in bytes.
o path MTU (PMTU) - the minimum MTU of all the links in a path o path MTU (PMTU) - the minimum MTU of all the links in a path
between a source node and a destination node. If the source and between a source node and a destination node. If the source and
destination node are connected through equal cost multipath destination node are connected through equal cost multipath
(ECMP), the PMTU is equal to the minimum link MTU of all links (ECMP), the PMTU is equal to the minimum link MTU of all links
contributing to the multipath. contributing to the multipath.
o Path MTU Discovery (PMTUD) - A procedure for dynamically o Path MTU Discovery (PMTUD) - A procedure for dynamically
discovering the PMTU between two nodes on the Internet. PMTUD discovering the PMTU between two nodes on the Internet. PMTUD
procedures for IPv6 are defined in [RFC1981]. procedures for IPv6 are defined in [RFC1981].
o GRE MTU (GMTU) - the maximum transmission unit, i.e., maximum o GRE MTU (GMTU) - the maximum transmission unit, i.e., maximum
packet size in bytes, that can be conveyed over a GRE tunnel packet size in bytes, that can be conveyed over a GRE tunnel
without fragmentation of any kind. The GMTU is equal to the PMTU without fragmentation of any kind. The GMTU is equal to the PMTU
associated with the path between the GRE ingress and the GRE associated with the path between the GRE ingress and the GRE
egress, minus the GRE overhead egress, minus the GRE overhead.
2. GRE Header Fields 2. GRE Header Fields
This document does not change the GRE header format or any behaviors This document does not change the GRE header format or any behaviors
specified by RFC 2784 or RFC 2890. specified by RFC 2784 or RFC 2890.
2.1. Checksum Present 2.1. Checksum Present
When the delivery protocol is IPv6, the GRE ingress node SHOULD set When the delivery protocol is IPv6, the GRE ingress node SHOULD set
the Checksum Present field to zero. GRE egress nodes MUST accept the Checksum Present field to zero. GRE egress nodes MUST accept
skipping to change at page 4, line 42 skipping to change at page 4, line 42
to carry a 1280-byte IPv6 payload packet from ingress to egress, to carry a 1280-byte IPv6 payload packet from ingress to egress,
without fragmenting the payload. Having executed those procedures, without fragmenting the payload. Having executed those procedures,
the GRE ingress node MUST activate or deactivate the tunnel the GRE ingress node MUST activate or deactivate the tunnel
accordingly. accordingly.
Implementation details regarding the above-mentioned verification Implementation details regarding the above-mentioned verification
procedures are beyond the scope of this document. However, a GRE procedures are beyond the scope of this document. However, a GRE
ingress node can verify tunnel capabilities by sending a 1280-byte ingress node can verify tunnel capabilities by sending a 1280-byte
IPv6 packet addressed to itself through the tunnel under test. IPv6 packet addressed to itself through the tunnel under test.
Many existing implementations [I-D.ietf-intarea-gre-mtu] do not
support the above-mentioned verification procedures. Unless deployed
in environments where the GMTU is guaranteed to be greater than 1280,
these implementations MUST be configured so that the GRE endpoints
can fragment and reassemble the GRE delivery packet.
3.3. Fragmentation Considerations 3.3. Fragmentation Considerations
When the GRE ingress receives an IPv6 payload packet whose length is When the GRE ingress receives an IPv6 payload packet whose length is
less than or equal to the GMTU, it can encapsulate and forward the less than or equal to the GMTU, it can encapsulate and forward the
packet without fragmentation of any kind. In this case, the GRE packet without fragmentation of any kind. In this case, the GRE
ingress router MUST NOT fragment the payload or delivery packets. ingress router MUST NOT fragment the payload or delivery packets.
When the GRE ingress receives an IPv6 payload packet whose length is When the GRE ingress receives an IPv6 payload packet whose length is
greater than the GMTU, and the GMTU is greater than or equal to 1280 greater than the GMTU, and the GMTU is greater than or equal to 1280
bytes, the GRE ingress router MUST: bytes, the GRE ingress router MUST:
skipping to change at page 6, line 21 skipping to change at page 6, line 35
destination destination
c. De-encapsulate the payload and forward it to a node other than c. De-encapsulate the payload and forward it to a node other than
its intended destination. For example, the payload might be its intended destination. For example, the payload might be
intended for a node on one VPN, but delivered to an identically intended for a node on one VPN, but delivered to an identically
numbered node in another VPN. numbered node in another VPN.
Behaviors a) and b) are acceptable. Behavior c) is not acceptable. Behaviors a) and b) are acceptable. Behavior c) is not acceptable.
Before deploying GRE over IPv6, network operators should consider the Before deploying GRE over IPv6, network operators should consider the
likelihood of behavior c) in their network. GRE over IPv6 is MUST likelihood of behavior c) in their network. GRE over IPv6 MUST NOT
NOT be deployed other than where the network operator deems the risk be deployed other than where the network operator deems the risk
associated with behavior c) to be acceptable. associated with behavior c) to be acceptable.
The risk associated with behavior c) could be mitigated with end-to- The risk associated with behavior c) could be mitigated with end-to-
end authentication of the payload. end authentication of the payload.
4.3. MTU Considerations 4.3. MTU Considerations
By default, the GRE ingress node cannot fragment the IPv6 delivery By default, the GRE ingress node cannot fragment the IPv6 delivery
header. However, implementations MAY support an optional header. However, implementations MAY support an optional
configuration in which the GRE ingress node can fragment the IPv6 configuration in which the GRE ingress node can fragment the IPv6
skipping to change at page 6, line 47 skipping to change at page 7, line 12
configuration in which the GRE egress node can reassemble the IPv6 configuration in which the GRE egress node can reassemble the IPv6
delivery header. delivery header.
5. IANA Considerations 5. IANA Considerations
This document makes no request of IANA. This document makes no request of IANA.
6. Security Considerations 6. Security Considerations
The Security Considerations section of [RFC4023] identifies threats The Security Considerations section of [RFC4023] identifies threats
encountered when MPLS is deliver over GRE. These threats apply to encountered when MPLS is delivered over GRE. These threats apply to
any GRE payload. As stated in RFC 4023, these threats can be any GRE payload. As stated in RFC 4023, these threats can be
mitigated by authenticating and/or encrypting the delivery packet mitigated by authenticating and/or encrypting the delivery packet
using IPSec [RFC4301]. Alternatively when the payload is IPv6, these using IPsec [RFC4301]. Alternatively when the payload is IPv6, these
threats can also be mitigated by authenticating and/or encrypting the threats can also be mitigated by authenticating and/or encrypting the
payload using IPSec, instead of the delivery packet. Otherwise, the payload using IPsec, instead of the delivery packet. Otherwise, the
current specification introduces no security considerations beyond current specification introduces no security considerations beyond
those mentioned in RFC 2784. those mentioned in RFC 2784.
More generically, security considerations for IPv6 are discussed in More generically, security considerations for IPv6 are discussed in
[RFC4942]. operational security for IPv6 is discussed in [RFC4942]. Operational security for IPv6 is discussed in
[I-D.ietf-opsec-v6], and security concerns for tunnels in general are [I-D.ietf-opsec-v6], and security concerns for tunnels in general are
discussed in [RFC6169]. discussed in [RFC6169].
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Fred Baker, Stewart Bryant, Dino The authors would like to thank Fred Baker, Stewart Bryant, Carlos
Farinacci, David Farmer, Tom Herbert, Fred Templin, Joe Touch, Andrew Jesus Bernardos Cano, Dino Farinacci, David Farmer, Tom Herbert, Fred
Yourtchenko and Lucy Yong for their thorough review and useful Templin, Joe Touch, Andrew Yourtchenko and Lucy Yong for their
comments. thorough review and useful comments.
8. References 8. References
8.1. Normative References 8.1. Normative References
[ETYPES] IANA, "ETHER TYPES", 2014, [ETYPES] IANA, "ETHER TYPES", 2014,
<http://www.iana.org/assignments/ieee-802-numbers/ <http://www.iana.org/assignments/ieee-802-numbers/
ieee-802-numbers.xhtml#ieee-802-numbers-1>. ieee-802-numbers.xhtml#ieee-802-numbers-1>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September
skipping to change at page 8, line 11 skipping to change at page 8, line 25
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
[RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control [RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control
Message Protocol (ICMPv6) for the Internet Protocol Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification", RFC 4443, March 2006. Version 6 (IPv6) Specification", RFC 4443, March 2006.
8.2. Informative References 8.2. Informative References
[I-D.ietf-intarea-gre-mtu]
Bonica, R., Pignataro, C., and J. Touch, "A Widely-
Deployed Solution To The Generic Routing Encapsulation
(GRE) Fragmentation Problem", draft-ietf-intarea-gre-
mtu-05 (work in progress), May 2015.
[I-D.ietf-opsec-v6] [I-D.ietf-opsec-v6]
Chittimaneni, K., Kaeo, M., and E. Vyncke, "Operational Chittimaneni, K., Kaeo, M., and E. Vyncke, "Operational
Security Considerations for IPv6 Networks", draft-ietf- Security Considerations for IPv6 Networks", draft-ietf-
opsec-v6-06 (work in progress), March 2015. opsec-v6-06 (work in progress), March 2015.
[RFC4942] Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/ [RFC4942] Davies, E., Krishnan, S., and P. Savola, "IPv6 Transition/
Co-existence Security Considerations", RFC 4942, September Co-existence Security Considerations", RFC 4942, September
2007. 2007.
[RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security [RFC6169] Krishnan, S., Thaler, D., and J. Hoagland, "Security
 End of changes. 18 change blocks. 
22 lines changed or deleted 34 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/