draft-ietf-lisp-gpe-06.txt   draft-ietf-lisp-gpe-07.txt 
Internet Engineering Task Force F. Maino, Ed. Internet Engineering Task Force F. Maino, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track J. Lemon Intended status: Standards Track J. Lemon
Expires: March 24, 2019 Broadcom Expires: April 20, 2020 Broadcom
P. Agarwal P. Agarwal
Innovium Innovium
D. Lewis D. Lewis
M. Smith M. Smith
Cisco Cisco
September 20, 2018 October 18, 2019
LISP Generic Protocol Extension LISP Generic Protocol Extension
draft-ietf-lisp-gpe-06 draft-ietf-lisp-gpe-07
Abstract Abstract
This document describes extentions to the Locator/ID Separation This document describes extentions to the Locator/ID Separation
Protocol (LISP) Data-Plane, via changes to the LISP header, to Protocol (LISP) Data-Plane, via changes to the LISP header, to
support multi-protocol encapsulation. support multi-protocol encapsulation.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 24, 2019. This Internet-Draft will expire on April 20, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Definition of Terms . . . . . . . . . . . . . . . . . . . 3 1.2. Definition of Terms . . . . . . . . . . . . . . . . . . . 3
2. LISP Header Without Protocol Extensions . . . . . . . . . . . 3 2. LISP Header Without Protocol Extensions . . . . . . . . . . . 3
3. Generic Protocol Extension for LISP (LISP-GPE) . . . . . . . 4 3. Generic Protocol Extension for LISP (LISP-GPE) . . . . . . . 4
3.1. Payload Specific Transport Interactions . . . . . . . . . 6 4. Implementation and Deployment Considerations . . . . . . . . 7
3.1.1. Payload Specific Transport Interactions for Ethernet 4.1. Applicability Statement . . . . . . . . . . . . . . . . . 7
Encapsulated Payloads . . . . . . . . . . . . . . . . 6 4.2. Congestion Control Functionality . . . . . . . . . . . . 7
3.1.2. Payload Specific Transport Interactions for NSH 4.3. UDP Checksum . . . . . . . . . . . . . . . . . . . . . . 8
Encapsulated Payloads . . . . . . . . . . . . . . . . 7 4.3.1. UDP Zero Checksum Handling with IPv6 . . . . . . . . 8
4. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 4.4. Ethernet Encapsulated Payloads . . . . . . . . . . . . . 10
4.1. Use of "Multiple Data-Planes" LCAF to Determine ETR 5. Backward Compatibility . . . . . . . . . . . . . . . . . . . 10
Capabilities . . . . . . . . . . . . . . . . . . . . . . 7 5.1. Use of "Multiple Data-Planes" LCAF to Determine ETR
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 Capabilities . . . . . . . . . . . . . . . . . . . . . . 11
5.1. LISP-GPE Next Protocol Registry . . . . . . . . . . . . . 8 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.2. Multiple Data-Planes Encapsulation Bitmap Registry . . . 8 6.1. LISP-GPE Next Protocol Registry . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6.2. Multiple Data-Planes Encapsulation Bitmap Registry . . . 12
7. Acknowledgements and Contributors . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements and Contributors . . . . . . . . . . . . . . 13
8.1. Normative References . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
The LISP Data-Plane is defined in [I-D.ietf-lisp-rfc6830bis]. It The LISP Data-Plane is defined in [I-D.ietf-lisp-rfc6830bis]. It
specifies an encapsulation format that carries IPv4 or IPv6 packets specifies an encapsulation format that carries IPv4 or IPv6 packets
(henceforth jointly referred to as IP) in a LISP header and outer (henceforth jointly referred to as IP) in a LISP header and outer
UDP/IP transport. UDP/IP transport.
The LISP Data-Plane header does not specify the protocol being The LISP Data-Plane header does not specify the protocol being
encapsulated and therefore is currently limited to encapsulating only encapsulated and therefore is currently limited to encapsulating only
skipping to change at page 3, line 11 skipping to change at page 3, line 13
[I-D.ietf-lisp-rfc6830bis], to indicate the inner protocol, enabling [I-D.ietf-lisp-rfc6830bis], to indicate the inner protocol, enabling
the encapsulation of Ethernet, IP or any other desired protocol all the encapsulation of Ethernet, IP or any other desired protocol all
the while ensuring compatibility with existing LISP deployments. the while ensuring compatibility with existing LISP deployments.
A flag in the LISP header, called the P-bit, is used to signal the A flag in the LISP header, called the P-bit, is used to signal the
presence of the 8-bit Next Protocol field. The Next Protocol field, presence of the 8-bit Next Protocol field. The Next Protocol field,
when present, uses 8 bits of the field allocated to the echo-noncing when present, uses 8 bits of the field allocated to the echo-noncing
and map-versioning features. The two features are still available, and map-versioning features. The two features are still available,
albeit with a reduced length of Nonce and Map-Version. albeit with a reduced length of Nonce and Map-Version.
LISP-GPE MAY also be used to extend the LISP Data-Plane header, that Since all of the reserved bits of the LISP Data-Plane header have
has allocated all by defining a Next Protocol "shim" header that been allocated, LISP-GPE can also be used to extend the LISP Data-
implements new data plane functions not supported in the LISP header. Plane header by defining Next Protocol "shim" headers that implements
As an example, the use of the Network Service Header (NSH) with LISP- new data plane functions not supported in the LISP header. For
GPE, can be considered an extension to add support in the Data-Plane example, the use of the Group-Based Policy (GBP) header
for Network Service Chaining functionalities. [I-D.lemon-vxlan-lisp-gpe-gbp] or of the In-situ Operations,
Administration, and Maintenance (IOAM) header
[I-D.brockners-ippm-ioam-vxlan-gpe] with LISP-GPE, can be considered
an extension to add support in the Data-Plane for Group-Based Policy
functionalities or IOAM metadata.
1.1. Conventions 1.1. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
1.2. Definition of Terms 1.2. Definition of Terms
skipping to change at page 4, line 34 skipping to change at page 4, line 34
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|N|L|E|V|I|P|K|K| Nonce/Map-Version | Next Protocol | |N|L|E|V|I|P|K|K| Nonce/Map-Version | Next Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Instance ID/Locator-Status-Bits | | Instance ID/Locator-Status-Bits |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: LISP-GPE Header Figure 2: LISP-GPE Header
P-Bit: Flag bit 5 is defined as the Next Protocol bit. P-Bit: Flag bit 5 is defined as the Next Protocol bit.
If the P-bit is clear (0) the LISP header conforms to the If the P-bit is clear (0) the LISP header is bit-by-bit equivalent
definition in [I-D.ietf-lisp-rfc6830bis]. to the definition in [I-D.ietf-lisp-rfc6830bis].
The P-bit is set to 1 to indicate the presence of the 8 bit Next The P-bit is set to 1 to indicate the presence of the 8 bit Next
Protocol field. Protocol field.
Nonce/Map-Version: In [I-D.ietf-lisp-6834bis], LISP uses the lower Nonce/Map-Version: In [I-D.ietf-lisp-6834bis], LISP uses the lower
24 bits of the first word for a nonce, an echo-nonce, or to 24 bits of the first word for a nonce, an echo-nonce, or to
support map- versioning. These are all optional capabilities that support map- versioning. These are all optional capabilities that
are indicated in the LISP header by setting the N, E, and V bits are indicated in the LISP header by setting the N, E, and V bits
respectively. respectively.
skipping to change at page 5, line 41 skipping to change at page 5, line 41
each Endpoint Identifier to Routing Locator (EID-to-RLOC) mapping each Endpoint Identifier to Routing Locator (EID-to-RLOC) mapping
to inform commmunicating ITRs and ETRs about modifications of the to inform commmunicating ITRs and ETRs about modifications of the
mapping. mapping.
Next Protocol: The lower 8 bits of the first 32-bit word are used to Next Protocol: The lower 8 bits of the first 32-bit word are used to
carry a Next Protocol. This Next Protocol field contains the carry a Next Protocol. This Next Protocol field contains the
protocol of the encapsulated payload packet. protocol of the encapsulated payload packet.
This document defines the following Next Protocol values: This document defines the following Next Protocol values:
0x1 : IPv4 0x01 : IPv4
0x2 : IPv6 0x02 : IPv6
0x3 : Ethernet 0x03 : Ethernet
0x4 : Network Service Header (NSH) [RFC8300] 0x04 : Network Service Header (NSH) [RFC8300]
0x05 to 0x7F: Unassigned
0x80 to 0xFF: Unassigned (shim headers)
The values are tracked in an IANA registry as described in The values are tracked in an IANA registry as described in
Section 5.1. Section 6.1.
3.1. Payload Specific Transport Interactions Next protocol values from Ox80 to 0xFF are assigned to protocols
encoded as generic "shim" headers. Shim protocols all use a common
header structure, which includes a next header field using the same
values as described above. When a shim header protocol is used with
other data described by protocols identified by next protocol values
from 0x0 to 0x7F, the shim header MUST come before the further
protocol, and the next header of the shim will indicate what follows
the shim protocol.
To ensure that protocols that are encapsulated in LISP-GPE will work Implementations that are not aware of a given shim header MUST ignore
well from a transport interaction perspective, the specification of a the header and proceed to parse the next protocol. Shim protocols
new encapsulated payload MUST contain an analysis of how LISP-GPE MUST have the first 32 bits defined as:
SHOULD deal with outer UDP Checksum, DSCP mapping, and Explicit
Congestion Notification (ECN) bits whenever they apply to the new
encapsulated payload.
For IP payloads, section 5.3 of [I-D.ietf-lisp-rfc6830bis] specifies 0 1 2 3
how to handle UDP Checksums encouraging implementors to consider UDP 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
checksum usage guidelines in section 3.4 of [RFC8085] when it is +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
desirable to protect UDP and LISP headers against corruption. Each | Type | Length | Reserved | Next Protocol |
new encapsulated payloads, when registered with LISP-GPE, MUST be +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
accompanied by a similar analysis. | |
~ Protocol Specific Fields ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Encapsulated payloads may have a priority field that may or may not Figure 3: Shim Header
be mapped to the DSCP field of the outer IP header (part of Type of
Service in IPv4 or Traffic Class in IPv6). Such new encapsulated Where:
payloads, when registered with LISP-GPE, MUST be accompanied by an
analysis similar to the one performed in Section 3.1.1 of this Type: This field identifies the different messages of this protocol.
document for Ethernet payloads.
Length: The length, in 4-octect units, of this protocol message not
including the first 4 octects.
Reserved: The use of this field is reserved to the protocol defined
in this message.
Next Protocol Field: This next protocol field contains the protocol
of the encapsulated payload. The protocol registry will be
requested from IANA as per section 10.2.
4. Implementation and Deployment Considerations
4.1. Applicability Statement
LISP-GPE conforms, as an UDP-based encapsulation protocol, to the UDP
usage guidelines as specified in [RFC8085]. The applicability of
these guidelines are dependent on the underlay IP network and the
nature of the encapsulated payload.
[RFC8085] outlines two applicability scenarios for UDP applications,
1) general Internet and 2) controlled environment. The controlled
environment means a single administrative domain or adjacent set of
cooperating domains. A network in a controlled environment can be
managed to operate under certain conditions whereas in general
Internet this cannot be done. Hence requirements for a tunnel
protocol operating under a controlled environment can be less
restrictive than the requirements of general internet.
LISP-GPE scope of applicability is the same set of use cases covered
by[I-D.ietf-lisp-rfc6830bis] for the LISP dataplane protocol. The
common property of these use cases is a large set of cooperating
entities seeking to communicate over the public Internet or other
large underlay IP infrastructures, while keeping the addressing and
topology of the cooperating entities separate from the underlay and
Internet topology, routing, and addressing.
LISP-GPE is meant to be deployed in network environments operated by
a single operator or adjacent set of cooperating network operators
that fits with the definition of controlled environments in
[RFC8085].
For the purpose of this document, a traffic-managed controlled
environment (TMCE), outlined in [RFC8086], is defined as an IP
network that is traffic-engineered and/or otherwise managed (e.g.,
via use of traffic rate limiters) to avoid congestion. Significant
portions of text in this Section are based on [RFC8086].
It is the responsibility of the network operators to ensure that the
guidelines/requirements in this section are followed as applicable to
their LISP-GPE deployments
4.2. Congestion Control Functionality
LISP-GPE does not natively provide congestion control functionality
and relies on the payload protocol traffic for congestion control.
As such LISP-GPE MUST be used with congestion controlled traffic or
within a network that is traffic managed to avoid congestion (TMCE).
An operator of a traffic managed network (TMCE) may avoid congestion
by careful provisioning of their networks, rate-limiting of user data
traffic and traffic engineering according to path capacity.
Encapsulated payloads may have Explicit Congestion Notification Encapsulated payloads may have Explicit Congestion Notification
mechanisms that may or may not be mapped to the outer IP header ECN mechanisms that may or may not be mapped to the outer IP header ECN
field. Such new encapsulated payolads, when registered with LISP- field. Such new encapsulated payolads, when registered with LISP-
GPE, MUST be accompanied by a set of guidelines derived from GPE, MUST be accompanied by a set of guidelines derived from
[RFC6040]. [I-D.ietf-tsvwg-ecn-encap-guidelines] and [RFC6040].
The rest of this section specifies payload specific transport 4.3. UDP Checksum
interactions considerations for the two new LISP-GPE encapsulated
payloads specified in this document: Ethernet and NSH.
3.1.1. Payload Specific Transport Interactions for Ethernet For IP payloads, section 5.3 of [I-D.ietf-lisp-rfc6830bis] specifies
Encapsulated Payloads how to handle UDP Checksums encouraging implementors to consider UDP
checksum usage guidelines in section 3.4 of [RFC8085] when it is
desirable to protect UDP and LISP headers against corruption.
The UDP Checksum considerations specified in section 5.3 of In order to provide integrity of LISP-GPE headers, options and
[I-D.ietf-lisp-rfc6830bis] apply to Ethernet Encapsulated Payloads. payload, for example to avoid mis-delivery of payload to different
Implementors are encouraged to consider the UDP checksum usage tenant systems in case of data corruption, outer UDP checksum SHOULD
guidelines in section 3.4 of [RFC8085] when it is desirable to be used with LISP-GPE when transported over IPv4. The UDP checksum
protect UDP, LISP and Ethernet headers against corruption. provides a statistical guarantee that a payload was not corrupted in
transit. These integrity checks are not strong from a coding or
cryptographic perspective and are not designed to detect physical-
layer errors or malicious modification of the datagram (see
Section 3.4 of [RFC8085]). In deployments where such a risk exists,
an operator SHOULD use additional data integrity mechanisms such as
offered by IPSec.
An operator MAY choose to disable UDP checksum and use zero checksum
if LISP-GPE packet integrity is provided by other data integrity
mechanisms such as IPsec or additional checksums or if one of the
conditions in Section 4.3.1 a, b, c are met.
By default, UDP checksum MUST be used when LISP-GPE is transported
over IPv6. A tunnel endpoint MAY be configured for use with zero UDP
checksum if additional requirements in Section 4.3.1 are met.
4.3.1. UDP Zero Checksum Handling with IPv6
When LISP-GPE is used over IPv6, UDP checksum is used to protect IPv6
headers, UDP headers and LISP-GPE headers and payload from potential
data corruption. As such by default LISP-GPE MUST use UDP checksum
when transported over IPv6. An operator MAY choose to configure to
operate with zero UDP checksum if operating in a traffic managed
controlled environment as stated in Section 4.1 if one of the
following conditions are met:
a. It is known that the packet corruption is exceptionally unlikely
(perhaps based on knowledge of equipment types in their underlay
network) and the operator is willing to take a risk of undetected
packet corruption
b. It is judged through observational measurements (perhaps through
historic or current traffic flows that use non zero checksum)
that the level of packet corruption is tolerably low and where
the operator is willing to take the risk of undetected corruption
c. LISP-GPE payload is carrying applications that are tolerant of
misdelivered or corrupted packets (perhaps through higher layer
checksum validation and/or reliability through retransmission)
In addition LISP-GPE tunnel implementations using Zero UDP checksum
MUST meet the following requirements:
1. Use of UDP checksum over IPv6 MUST be the default configuration
for all LISP-GPE tunnels
2. If LISP-GPE is used with zero UDP checksum over IPv6 then such
xTR implementation MUST meet all the requirements specified in
section 4 of [RFC6936] and requirements 1 as specified in section
5 of [RFC6936]
3. The ETR that decapsulates the packet SHOULD check the source and
destination IPv6 addresses are valid for the LISP-GPE tunnel that
is configured to receive Zero UDP checksum and discard other
packets for which such check fails
4. The ITR that encapsulates the packet MAY use different IPv6
source addresses for each LISP-GPE tunnel that uses Zero UDP
checksum mode in order to strengthen the decapsulator's check of
the IPv6 source address (i.e the same IPv6 source address is not
to be used with more than one IPv6 destination address,
irrespective of whether that destination address is a unicast or
multicast address). When this is not possible, it is RECOMMENDED
to use each source address for as few LISP-GPE tunnels that use
zero UDP checksum as is feasible
5. Measures SHOULD be taken to prevent LISP-GPE traffic over IPv6
with zero UDP checksum from escaping into the general Internet.
Examples of such measures include employing packet filters at the
PETR and/or keeping logical or physical separation of LISP
network from networks carrying General Internet
The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the recommendation against reuse of
source IPv6 addresses among LISP-GPE tunnels collectively provide
some mitigation for the absence of UDP checksum coverage of the IPv6
header. A traffic-managed controlled environment that satisfies at
least one of three conditions listed at the beginning of this section
provides additional assurance.
4.4. Ethernet Encapsulated Payloads
When a LISP-GPE router performs Ethernet encapsulation, the inner When a LISP-GPE router performs Ethernet encapsulation, the inner
802.1Q [IEEE.802.1Q_2014] priority code point (PCP) field MAY be 802.1Q [IEEE.802.1Q_2014] 3-bit priority code point (PCP) field MAY
mapped from the encapsulated frame to the Type of Service field in be mapped from the encapsulated frame to the 3-bit Type of Service
the outer IPv4 header, or in the case of IPv6 the 'Traffic Class' field in the outer IPv4 header, or in the case of IPv6 the 'Traffic
field. Class' field.
When a LISP-GPE router performs Ethernet encapsulation, the inner When a LISP-GPE router performs Ethernet encapsulation, the inner
header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped
to, or used to determine the LISP Instance IDentifier (IID) field. to, or used to determine the LISP Instance IDentifier (IID) field.
3.1.2. Payload Specific Transport Interactions for NSH Encapsulated 5. Backward Compatibility
Payloads
The UDP Checksum considerations specified in section 5.3 of
[I-D.ietf-lisp-rfc6830bis] apply to NSH Encapsulated Payloads.
Implementors are encouraged to consider the UDP checksum usage
guidelines in section 3.4 of [RFC8085] when it is desirable to
protect UDP, LISP, and NSH headers against corruption.
When a LISP-GPE router performs an NSH encapsulation, DSCP and ECN
values MAY be mapped as specified for the Next Protocol encapsulated
by NSH (namely IPv4, IPv6 and Ethernet).
4. Backward Compatibility
LISP-GPE uses the same UDP destination port (4341) allocated to LISP. LISP-GPE uses the same UDP destination port (4341) allocated to LISP.
The next Section describes a method to determine the Data-Plane The next Section describes a method to determine the Data-Plane
capabilities of a LISP ETR, based on the use of the "Multiple Data- capabilities of a LISP ETR, based on the use of the "Multiple Data-
Planes" LISP Canonical Address Format (LCAF) type defined in Planes" LISP Canonical Address Format (LCAF) type defined in
[RFC8060]. Other mechanisms can be used, including static ETR/ITR [RFC8060]. Other mechanisms can be used, including static ETR/ITR
(xTR) configuration, but are out of the scope of this document. (xTR) configuration, but are out of the scope of this document.
When encapsulating IP packets to a non LISP-GPE capable router the When encapsulating IP packets to a non LISP-GPE capable router the
P-bit MUST be set to 0. That is, the encapsulation format defined in P-bit MUST be set to 0. That is, the encapsulation format defined in
this document MUST NOT be sent to a router that has not indicated this document MUST NOT be sent to a router that has not indicated
that it supports this specification because such a router would that it supports this specification because such a router would
ignore the P-bit (as described in [I-D.ietf-lisp-rfc6830bis]) and so ignore the P-bit (as described in [I-D.ietf-lisp-rfc6830bis]) and so
would misinterpret the other LISP header fields possibly causing would misinterpret the other LISP header fields possibly causing
significant errors. significant errors.
A LISP-GPE router MUST NOT encapsulate non-IP packets (that have the A LISP-GPE router MUST NOT encapsulate non-IP packets (that have the
P-bit set to 1) to a non-LISP-GPE capable router. P-bit set to 1) to a non-LISP-GPE capable router.
4.1. Use of "Multiple Data-Planes" LCAF to Determine ETR Capabilities 5.1. Use of "Multiple Data-Planes" LCAF to Determine ETR Capabilities
LISP Canonical Address Format (LCAF) [RFC8060] defines the "Multiple LISP Canonical Address Format (LCAF) [RFC8060] defines the "Multiple
Data-Planes" LCAF type, that can be included by an ETR in a Map-Reply Data-Planes" LCAF type, that can be included by an ETR in a Map-Reply
to encode the encapsulation formats supported by a given RLOC. In to encode the encapsulation formats supported by a given RLOC. In
this way an ITR can be made aware of the capability to support LISP- this way an ITR can be made aware of the capability to support LISP-
GPE, as well as other encapsulations, on a given RLOC of that ETR. GPE, as well as other encapsulations, on a given RLOC of that ETR.
The 3rd 32-bit word of the "Multiple Data-Planes" LCAF type, as The 3rd 32-bit word of the "Multiple Data-Planes" LCAF type, as
defined in [RFC8060], is a bitmap whose bits are set to one (1) to defined in [RFC8060], is a bitmap whose bits are set to one (1) to
represent support for each Data-Plane encapsulation. The values are represent support for each Data-Plane encapsulation. The values are
tracked in an IANA registry as described in Section 5.2. tracked in an IANA registry as described in Section 6.2.
This document defines bit 24 in the third 32-bit word of the This document defines bit 24 in the third 32-bit word of the
"Multiple Data-Planes" LCAF as: "Multiple Data-Planes" LCAF as:
g-Bit: The RLOCs listed in the Address Family Identifier (AFI) g-Bit: The RLOCs listed in the Address Family Identifier (AFI)
encoded addresses in the next longword can accept LISP-GPE encoded addresses in the next longword can accept LISP-GPE
(Generic Protocol Extension) encapsulation using destination UDP (Generic Protocol Extension) encapsulation using destination UDP
port 4341 port 4341
5. IANA Considerations 6. IANA Considerations
5.1. LISP-GPE Next Protocol Registry 6.1. LISP-GPE Next Protocol Registry
IANA is requested to set up a registry of LISP-GPE "Next Protocol". IANA is requested to set up a registry of LISP-GPE "Next Protocol".
These are 8-bit values. Next Protocol values in the table below are These are 8-bit values. Next Protocol values in the table below are
defined in this document. New values are assigned via Standards defined in this document. New values are assigned under the
Action [RFC8126]. The protocols that are being assigned values do Specification Required policy [RFC8126]. The protocols that are
not themselves need to be IETF standards track protocols. being assigned values do not themselves need to be IETF standards
track protocols.
+---------------+-------------+---------------+ +---------------+-------------+---------------+
| Next Protocol | Description | Reference | | Next Protocol | Description | Reference |
+---------------+-------------+---------------+ +---------------+-------------+---------------+
| 0 | Reserved | This Document | | 0x00 | Reserved | This Document |
| 1 | IPv4 | This Document | | 0x01 | IPv4 | This Document |
| 2 | IPv6 | This Document | | 0x02 | IPv6 | This Document |
| 3 | Ethernet | This Document | | 0x03 | Ethernet | This Document |
| 4 | NSH | This Document | | 0x04 | NSH | This Document |
| 5..255 | Unassigned | | | 0x05..0x7F | Unassigned | |
| 0x80 | GBP | This Document |
| 0x81 | iOAM | This Document |
| 0x82..0xFF | Unassigned | |
+---------------+-------------+---------------+ +---------------+-------------+---------------+
5.2. Multiple Data-Planes Encapsulation Bitmap Registry 6.2. Multiple Data-Planes Encapsulation Bitmap Registry
IANA is requested to set up a registry of "Multiple Data-Planes IANA is requested to set up a registry of "Multiple Data-Planes
Encapsulation Bitmap" to identify the encapsulations supported by an Encapsulation Bitmap" to identify the encapsulations supported by an
ETR in the Multiple Data-Planes LCAF Type defined in [RFC8060]. The ETR in the Multiple Data-Planes LCAF Type defined in [RFC8060]. The
bitmap is the 3rd 32-bit word of the Multiple Data-Planes LCAF type. bitmap is the 3rd 32-bit word of the Multiple Data-Planes LCAF type.
Each bit of the bitmap represents a Data-Plane Encapsulation. New Each bit of the bitmap represents a Data-Plane Encapsulation. New
values are assigned via Standards Action [RFC8126]. values are assigned under the Specification Required policy
[RFC8126].
Bits 0-23 are unassigned. This document assigns bit 24 (g-bit) to Bits 0-23 are unassigned. This document assigns bits 24-31. Bit 24
LISP-GPE. Bits 25-31 are assigned in [RFC8060]). (bit 'g') is assigned to LISP-GPE, bits 25-31 assignment is
conformant with [RFC8060].
+----------+-------+------------------------------------+-----------+ +----------+-------+------------------------------------+-----------+
| Bit | Bit | Assigned to | Reference | | Bit | Bit | Assigned to | Reference |
| Position | Name | | | | Position | Name | | |
+----------+-------+------------------------------------+-----------+ +----------+-------+------------------------------------+-----------+
| 0-23 | | Unassigned | | | 0-23 | | Unassigned | |
| 24 | g | LISP Generic Protocol Extension | This | | 24 | g | LISP Generic Protocol Extension | This |
| | | (LISP-GPE) | Document | | | | (LISP-GPE) | Document |
| 25 | U | Generic UDP Encapsulation (GUE) | [RFC8060] | | 25 | U | Generic UDP Encapsulation (GUE) | This |
| 26 | G | Generic Network Virtualization | [RFC8060] | | | | | Document |
| | | Encapsulation (GENEVE) | | | 26 | G | Generic Network Virtualization | This |
| 27 | N | Network Virtualization - Generic | [RFC8060] | | | | Encapsulation (GENEVE) | Document |
| | | Routing Encapsulation (NV-GRE) | | | 27 | N | Network Virtualization - Generic | This |
| 28 | v | VXLAN Generic Protocol Extension | [RFC8060] | | | | Routing Encapsulation (NV-GRE) | Document |
| | | (VXLAN-GPE) | | | 28 | v | VXLAN Generic Protocol Extension | This |
| 29 | V | Virtual eXtensible Local Area | [RFC8060] | | | | (VXLAN-GPE) | Document |
| | | Network (VXLAN) | | | 29 | V | Virtual eXtensible Local Area | This |
| 30 | l | Layer 2 LISP (LISP-L2) | [RFC8060] | | | | Network (VXLAN) | Document |
| 31 | L | Locator/ID Separation Protocol | [RFC8060] | | 30 | l | Layer 2 LISP (LISP-L2) | This |
| | | (LISP) | | | | | | Document |
| 31 | L | Locator/ID Separation Protocol | This |
| | | (LISP) | Document |
+----------+-------+------------------------------------+-----------+ +----------+-------+------------------------------------+-----------+
6. Security Considerations Editorial Note (The following paragraph to be removed by the RFC
Editor before publication)
The "Multiple Data-Planes Encapsulation Bitmap" was "hardcoded" in
RFC8060, assigning values to bits 25-31. This draft allocates the
"Multiple Data-Planes Encapsulation Bitmap" registry assigning a
value to bit 24 for the LISP-GPE encapsualtion, assigning bits 25-31
values that are conformant with RFC8060. This will allow future
allocation of values 0-23.
7. Security Considerations
LISP-GPE security considerations are similar to the LISP security LISP-GPE security considerations are similar to the LISP security
considerations and mitigation techniques documented in [RFC7835]. considerations and mitigation techniques documented in [RFC7835].
The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis] The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis]
relies on the nonce to detect reachability from ITR to ETR. In LISP- relies on the nonce to detect reachability from ITR to ETR. In LISP-
GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in
LISP, increases the probability of an off-path attacker to correctly LISP, increases the probability of an off-path attacker to correctly
guess the nonce and force the ITR to believe that a non-reachable guess the nonce and force the ITR to believe that a non-reachable
RLOC is reachable. However, the use of common anti-spoofing RLOC is reachable. However, the use of common anti-spoofing
mechanisms such as uRPF prevents this form of attack. mechanisms such as uRPF prevents this form of attack.
The considerations made in [I-D.ietf-lisp-rfc6830bis] about use of
Echo Nonce, Map-Versioning, and Locator-Status-Bits apply to LISP-GPE
as well.
LISP-GPE, as many encapsulations that use optional extensions, is LISP-GPE, as many encapsulations that use optional extensions, is
subject to on-path adversaries that by manipulating the g-Bit and the subject to on-path adversaries that by manipulating the g-Bit and the
packet itself can remove part of the payload. Typical integrity packet itself can remove part of the payload. Typical integrity
protection mechanisms (such as IPsec) SHOULD be used in combination protection mechanisms (such as IPsec) SHOULD be used in combination
with LISP-GPE by those protocol extensions that want to protect from with LISP-GPE by those protocol extensions that want to protect from
on-path attackers. on-path attackers.
With LISP-GPE, issues such as data-plane spoofing, flooding, and With LISP-GPE, issues such as data-plane spoofing, flooding, and
traffic redirection may depend on the particular protocol payload traffic redirection may depend on the particular protocol payload
encapsulated. encapsulated.
7. Acknowledgements and Contributors 8. Acknowledgements and Contributors
A special thank you goes to Dino Farinacci for his guidance and A special thank you goes to Dino Farinacci for his guidance and
detailed review. detailed review.
This Workking Group (WG) document originated as draft-lewis-lisp-gpe; This Working Group (WG) document originated as draft-lewis-lisp-gpe;
the following are its coauthors and contributors along with their the following are its coauthors and contributors along with their
respective affiliations at the time of WG adoption. The editor of respective affiliations at the time of WG adoption. The editor of
this document would like to thank and recognize them and their this document would like to thank and recognize them and their
contributions. These coauthors and contributors provided invaluable contributions. These coauthors and contributors provided invaluable
concepts and content for this document's creation. concepts and content for this document's creation.
o Darrel Lewis, Cisco Systems, Inc. o Darrel Lewis, Cisco Systems, Inc.
o Fabio Maino, Cisco Systems, Inc. o Fabio Maino, Cisco Systems, Inc.
skipping to change at page 10, line 33 skipping to change at page 14, line 13
o Michael Smith, Cisco Systems, Inc. o Michael Smith, Cisco Systems, Inc.
o Navindra Yadav, Cisco Systems, Inc. o Navindra Yadav, Cisco Systems, Inc.
o Larry Kreeger o Larry Kreeger
o John Lemon, Broadcom o John Lemon, Broadcom
o Puneet Agarwal, Innovium o Puneet Agarwal, Innovium
8. References 9. References
8.1. Normative References 9.1. Normative References
[I-D.ietf-lisp-6834bis] [I-D.ietf-lisp-6834bis]
Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID
Separation Protocol (LISP) Map-Versioning", draft-ietf- Separation Protocol (LISP) Map-Versioning", draft-ietf-
lisp-6834bis-02 (work in progress), September 2018. lisp-6834bis-04 (work in progress), August 2019.
[I-D.ietf-lisp-rfc6830bis] [I-D.ietf-lisp-rfc6830bis]
Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A.
Cabellos-Aparicio, "The Locator/ID Separation Protocol Cabellos-Aparicio, "The Locator/ID Separation Protocol
(LISP)", draft-ietf-lisp-rfc6830bis-18 (work in progress), (LISP)", draft-ietf-lisp-rfc6830bis-27 (work in progress),
September 2018. June 2019.
[IEEE.802.1Q_2014] [IEEE.802.1Q_2014]
IEEE, "IEEE Standard for Local and metropolitan area IEEE, "IEEE Standard for Local and metropolitan area
networks--Bridges and Bridged Networks", IEEE 802.1Q-2014, networks--Bridges and Bridged Networks", IEEE 802.1Q-2014,
DOI 10.1109/ieeestd.2014.6991462, December 2014, DOI 10.1109/ieeestd.2014.6991462, December 2014,
<http://ieeexplore.ieee.org/servlet/ <http://ieeexplore.ieee.org/servlet/
opac?punumber=6991460>. opac?punumber=6991460>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
8.2. Informative References 9.2. Informative References
[I-D.brockners-ippm-ioam-vxlan-gpe]
Brockners, F., Bhandari, S., Govindan, V., Pignataro, C.,
Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A.,
Gafni, B., Lapukhov, P., and M. Spiegel, "VXLAN-GPE
Encapsulation for In-situ OAM Data", draft-brockners-ippm-
ioam-vxlan-gpe-02 (work in progress), July 2019.
[I-D.ietf-tsvwg-ecn-encap-guidelines]
Briscoe, B., Kaippallimalil, J., and P. Thaler,
"Guidelines for Adding Congestion Notification to
Protocols that Encapsulate IP", draft-ietf-tsvwg-ecn-
encap-guidelines-13 (work in progress), May 2019.
[I-D.lemon-vxlan-lisp-gpe-gbp]
Lemon, J., Maino, F., Smith, M., and A. Isaac, "Group
Policy Encoding with VXLAN-GPE and LISP-GPE", draft-lemon-
vxlan-lisp-gpe-gbp-02 (work in progress), April 2019.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <https://www.rfc-editor.org/info/rfc2460>.
[RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion
Notification", RFC 6040, DOI 10.17487/RFC6040, November Notification", RFC 6040, DOI 10.17487/RFC6040, November
2010, <https://www.rfc-editor.org/info/rfc6040>. 2010, <https://www.rfc-editor.org/info/rfc6040>.
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935,
DOI 10.17487/RFC6935, April 2013, <https://www.rfc-
editor.org/info/rfc6935>.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, DOI 10.17487/RFC6936, April 2013,
<https://www.rfc-editor.org/info/rfc6936>.
[RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
L., Sridhar, T., Bursell, M., and C. Wright, "Virtual L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
eXtensible Local Area Network (VXLAN): A Framework for eXtensible Local Area Network (VXLAN): A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3 Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<https://www.rfc-editor.org/info/rfc7348>. <https://www.rfc-editor.org/info/rfc7348>.
[RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
Separation Protocol (LISP) Threat Analysis", RFC 7835, Separation Protocol (LISP) Threat Analysis", RFC 7835,
DOI 10.17487/RFC7835, April 2016, <https://www.rfc- DOI 10.17487/RFC7835, April 2016, <https://www.rfc-
editor.org/info/rfc7835>. editor.org/info/rfc7835>.
[RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060,
February 2017, <https://www.rfc-editor.org/info/rfc8060>. February 2017, <https://www.rfc-editor.org/info/rfc8060>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>. March 2017, <https://www.rfc-editor.org/info/rfc8085>.
[RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE-
in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086,
March 2017, <https://www.rfc-editor.org/info/rfc8086>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
skipping to change at page 12, line 19 skipping to change at page 16, line 32
Authors' Addresses Authors' Addresses
Fabio Maino (editor) Fabio Maino (editor)
Cisco Systems Cisco Systems
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: fmaino@cisco.com Email: fmaino@cisco.com
John Lemon Jennifer Lemon
Broadcom Broadcom
270 Innovation Drive 270 Innovation Drive
San Jose, CA 95134 San Jose, CA 95134
USA USA
Email: john.lemon@broadcom.com Email: jennifer.lemon@broadcom.com
Puneet Agarwal Puneet Agarwal
Innovium Innovium
USA USA
Email: puneet@acm.org Email: puneet@acm.org
Darrel Lewis Darrel Lewis
Cisco Systems Cisco Systems
 End of changes. 46 change blocks. 
123 lines changed or deleted 328 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/