draft-ietf-lisp-gpe-08.txt   draft-ietf-lisp-gpe-09.txt 
Internet Engineering Task Force F. Maino, Ed. Internet Engineering Task Force F. Maino, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track J. Lemon Intended status: Standards Track J. Lemon
Expires: April 26, 2020 Broadcom Expires: April 27, 2020 Broadcom
P. Agarwal P. Agarwal
Innovium Innovium
D. Lewis D. Lewis
M. Smith M. Smith
Cisco Cisco
October 24, 2019 October 25, 2019
LISP Generic Protocol Extension LISP Generic Protocol Extension
draft-ietf-lisp-gpe-08 draft-ietf-lisp-gpe-09
Abstract Abstract
This document describes extentions to the Locator/ID Separation This document describes extentions to the Locator/ID Separation
Protocol (LISP) Data-Plane, via changes to the LISP header, to Protocol (LISP) Data-Plane, via changes to the LISP header, to
support multi-protocol encapsulation. support multi-protocol encapsulation.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 26, 2020. This Internet-Draft will expire on April 27, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 12, line 52 skipping to change at page 12, line 52
LISP-GPE security considerations are similar to the LISP security LISP-GPE security considerations are similar to the LISP security
considerations and mitigation techniques documented in [RFC7835]. considerations and mitigation techniques documented in [RFC7835].
The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis] The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis]
relies on the nonce to detect reachability from ITR to ETR. In LISP- relies on the nonce to detect reachability from ITR to ETR. In LISP-
GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in
LISP, increases the probability of an off-path attacker to correctly LISP, increases the probability of an off-path attacker to correctly
guess the nonce and force the ITR to believe that a non-reachable guess the nonce and force the ITR to believe that a non-reachable
RLOC is reachable. However, the use of common anti-spoofing RLOC is reachable. However, the use of common anti-spoofing
mechanisms such as uRPF mitigates this form of attack. mechanisms such as uRPF partially mitigates this form of attack.
The considerations made in [I-D.ietf-lisp-rfc6830bis] that Echo The considerations made in [I-D.ietf-lisp-rfc6830bis] that Echo
Nonce, Map-Versioning, and Locator-Status-Bits SHOULD NOT be used Nonce, Map-Versioning, and Locator-Status-Bits SHOULD NOT be used
over the public Internet and SHOULD only be used in trusted and over the public Internet and SHOULD only be used in trusted and
closed deployments apply to LISP-GPE as well. These considerations closed deployments apply to LISP-GPE as well. These considerations
are even more important for LISP-GPE, considering the reduced size of are even more important for LISP-GPE, considering the reduced size of
the Nonce/Map-versioning field. the Nonce/Map-versioning field.
LISP-GPE, as many encapsulations that use optional extensions, is LISP-GPE, as many encapsulations that use optional extensions, is
subject to on-path adversaries that by manipulating the g-Bit and the subject to on-path adversaries that by manipulating the g-Bit and the
skipping to change at page 14, line 36 skipping to change at page 14, line 36
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
editor.org/info/rfc2119>. editor.org/info/rfc2119>.
[RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion
Notification", RFC 6040, DOI 10.17487/RFC6040, November Notification", RFC 6040, DOI 10.17487/RFC6040, November
2010, <https://www.rfc-editor.org/info/rfc6040>. 2010, <https://www.rfc-editor.org/info/rfc6040>.
[RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060,
February 2017, <https://www.rfc-editor.org/info/rfc8060>.
9.2. Informative References 9.2. Informative References
[I-D.brockners-ippm-ioam-vxlan-gpe] [I-D.brockners-ippm-ioam-vxlan-gpe]
Brockners, F., Bhandari, S., Govindan, V., Pignataro, C., Brockners, F., Bhandari, S., Govindan, V., Pignataro, C.,
Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A.,
Gafni, B., Lapukhov, P., and M. Spiegel, "VXLAN-GPE Gafni, B., Lapukhov, P., and M. Spiegel, "VXLAN-GPE
Encapsulation for In-situ OAM Data", draft-brockners-ippm- Encapsulation for In-situ OAM Data", draft-brockners-ippm-
ioam-vxlan-gpe-02 (work in progress), July 2019. ioam-vxlan-gpe-02 (work in progress), July 2019.
[I-D.ietf-tsvwg-ecn-encap-guidelines] [I-D.ietf-tsvwg-ecn-encap-guidelines]
skipping to change at page 15, line 42 skipping to change at page 15, line 36
eXtensible Local Area Network (VXLAN): A Framework for eXtensible Local Area Network (VXLAN): A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3 Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<https://www.rfc-editor.org/info/rfc7348>. <https://www.rfc-editor.org/info/rfc7348>.
[RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
Separation Protocol (LISP) Threat Analysis", RFC 7835, Separation Protocol (LISP) Threat Analysis", RFC 7835,
DOI 10.17487/RFC7835, April 2016, <https://www.rfc- DOI 10.17487/RFC7835, April 2016, <https://www.rfc-
editor.org/info/rfc7835>. editor.org/info/rfc7835>.
[RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060,
February 2017, <https://www.rfc-editor.org/info/rfc8060>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>. March 2017, <https://www.rfc-editor.org/info/rfc8085>.
[RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE- [RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE-
in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086, in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086,
March 2017, <https://www.rfc-editor.org/info/rfc8086>. March 2017, <https://www.rfc-editor.org/info/rfc8086>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
 End of changes. 7 change blocks. 
9 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/