draft-ietf-tsvwg-gre-in-udp-encap-00.txt   draft-ietf-tsvwg-gre-in-udp-encap-01.txt 
Network Working Group E. Crabbe, Ed.
Internet-Draft Google
Intended status: Standard Track L. Yong, Ed.
Huawei USA
X. Xu, Ed.
Huawei Technologies
Network Working Group E. Crabbe, Ed. Expires: September 2014 February 13, 2014
Internet-Draft Google
Intended status: Standards Track L. Yong, Ed.
Expires: July 10, 2014 Huawei USA
X. Xu, Ed.
Huawei Technologies
January 9, 2014
Generic UDP Encapsulation for IP Tunneling Generic UDP Encapsulation for IP Tunneling
draft-ietf-tsvwg-gre-in-udp-encap-00 draft-ietf-tsvwg-gre-in-udp-encap-01
Abstract Abstract
This document describes a method of encapsulating arbitrary protocols This document describes a method of encapsulating arbitrary
within GRE and UDP headers. In this encapsulation, the source UDP protocols within GRE and UDP headers. In this encapsulation, the
port may be used as an entropy field for purposes of loadbalancing source UDP port may be used as an entropy field for purposes of load
while the payload protocol may be identified by the GRE Protocol balancing while the payload protocol may be identified by the GRE
Type. Protocol Type.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Status of This Memo Status of This Document
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six
and may be updated, replaced, or obsoleted by other documents at any months and may be updated, replaced, or obsoleted by other documents
time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 10, 2014. This Internet-Draft will expire on September 13, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with
to this document. Code Components extracted from this document must respect to this document. Code Components extracted from this
include Simplified BSD License text as described in Section 4.e of document must include Simplified BSD License text as described in
the Trust Legal Provisions and are provided without warranty as Section 4.e of the Trust Legal Provisions and are provided without
described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction...................................................3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Applicability Statements..................................3
3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology....................................................4
4. Encapsulation Considerations . . . . . . . . . . . . . . . . 6 2.1. Requirements Language.....................................4
5. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 3. Procedures.....................................................4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 4. Encapsulation Considerations...................................8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Backward Compatibility.........................................9
7.1. Vulnerability . . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations............................................9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 7. Security Considerations.......................................10
9. Contributing Authors . . . . . . . . . . . . . . . . . . . . 8 7.1. Vulnerability............................................10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgements..............................................10
10.1. Normative References . . . . . . . . . . . . . . . . . . 9 9. Contributors..................................................10
10.2. Informative References . . . . . . . . . . . . . . . . . 10 10. References...................................................11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative References....................................11
10.2. Informative References..................................12
11. Authors' Addresses...........................................13
1. Introduction 1. Introduction
Load balancing, or more specifically, statistical multiplexing of Load balancing, or more specifically, statistical multiplexing of
traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation
Groups (LAGs) in IP networks is a widely used technique for creating Groups (LAGs) in IP networks is a widely used technique for creating
higher capacity networks out of lower capacity links. Most existing higher capacity networks out of lower capacity links. Most existing
routers in IP networks are already capable of distributing IP traffic routers in IP networks are already capable of distributing IP
flows over ECMP paths and/or LAGs on the basis of a hash function traffic flows over ECMP paths and/or LAGs on the basis of a hash
performed on flow invariant fields in IP packet headers and their function performed on flow invariant fields in IP packet headers and
payload protocol headers. Specifically, when the IP payload is a their payload protocol headers. Specifically, when the IP payload is
User Datagram Protocol (UDP)[RFC0768] or Transmission Control a User Datagram Protocol (UDP)[RFC0768] or Transmission Control
Protocol (TCP) packet, router hash functions frequently operate on Protocol (TCP) packet, router hash functions frequently operate on
the five-tuple of the source IP address, the destination IP address, the five-tuple of the source IP address, the destination IP address,
the source port, the destination port, and the protocol/next-header the source port, the destination port, and the protocol/next-header
Several tunneling techniques are in common use in IP networks, such Several tunneling techniques are in common use in IP networks, such
as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and
L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation
choice, especially in environments where MPLS is unavailable or choice, especially in environments where MPLS is unavailable or
unnecessary. Unfortunately, use of common GRE endpoints may reduce unnecessary. Unfortunately, use of common GRE endpoints may reduce
the entropy available for use in load balancing, especially in the entropy available for use in load balancing, especially in
environments where the GRE Key field [RFC2890] is not readilly environments where the GRE Key field [RFC2890] is not readily
available for use as entropy in forwarding decisions. available for use as entropy in forwarding decisions.
This document defines a generic GRE-in-UDP encapsulation for This document defines a generic GRE-in-UDP encapsulation for
tunneling arbitrary network protocol payloads across an IP network tunneling arbitrary network protocol payloads across an IP network
environment where ECMP or LAGs are used. The GRE header provides environment where ECMP or LAGs are used. The GRE header provides
payload protocol de-multiplexing by way of it's protocol type field payload protocol de-multiplexing by way of it's protocol type field
[RFC2784] while the UDP header provides additional entropy by way of [RFC2784] while the UDP header provides additional entropy by way of
it's source port. it's source port.
This encapsulation method requires no changes to the transit IP This encapsulation method requires no changes to the transit IP
network. Hash functions in most existing IP routers may utilize and network. Hash functions in most existing IP routers may utilize and
benefit from the use of a GRE-in-UDP tunnel without needing any benefit from the use of a GRE-in-UDP tunnel is without needing any
change or upgrade to to their ECMP implementations. The change or upgrade to their ECMP implementation. The encapsulation
encapsulation mechanism is applicable to a variety of IP networks mechanism is applicable to a variety of IP networks including Data
including Data Center and wide area networks. Center and wide area networks.
2. Terminology 1.1. Applicability Statements
The terms defined in [RFC0768] are used in this document. It is recommended to use the GRE-in-UDP encapsulation technology in
a Service Provider (SP) network and/or DC network where the
congestion control is not a concern, rather than over the Internet
where the congestion control is a must. Furthermore, packet filters
should be added so as to prevent GRE-in-UDP packets from escaping
from the service provider networks due to mis-configuration or
packet errors.
3. Procedures 2. Terminology
The terms defined in [RFC768] are used in this document.
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Procedures
When a tunnel ingress device conforming to this document receives a When a tunnel ingress device conforming to this document receives a
packet, the ingress MUST encapsulate the packet in UDP and GRE packet, the ingress MUST encapsulate the packet in UDP and GRE
headers and set the destination port of the UDP header to [TBD] headers and set the destination port of the UDP header to [TBD]
Section 6. he ingress device must also insert the payload protocol Section 6. The ingress device must also insert the payload protocol
type in the GRE Protocol Type field. The ingress device SHOULD set type in the GRE Protocol Type field. The ingress device SHOULD set
the UDP source port based on flow invariant fields from the payload the UDP source port based on flow invariant fields from the payload
header, otherwise it should be set to a randomly selected constant header, otherwise it should be set to a randomly selected constant
value, e.g. zero, to avoid packet flow reordering. How a tunnel value, e.g. zero, to avoid packet flow reordering. How a tunnel
ingress generates entropy from the payload is outside the scope of ingress generates entropy from the payload is outside the scope of
this document. The tunnel ingress MUST encode its own IP address as this document. The tunnel ingress MUST encode its own IP address as
the source IP address and the egress tunnel endpoint IP address. The the source IP address and the egress tunnel endpoint IP address.
TTL field in the IP header must be set to a value appropriate for The TTL field in the IP header must be set to a value appropriate
delivery of the encapsulated packet to the tunnel egress endpoint. for delivery of the encapsulated packet to the tunnel egress
endpoint.
When the tunnel egress receives a packet, it must remove the outer When the tunnel egress receives a packet, it must remove the outer
UDP and GRE headers. Section 5 describes the error handling when UDP and GRE headers. Section 5 describes the error handling when
this entity is not instantiated at the tunnel egress. this entity is not instantiated at the tunnel egress.
To simplify packet processing at the tunnel egress, packets destined To simplify packet processing at the tunnel egress, packets destined
to this assigned UDP destination port [TBD] SHOULD have their UDP to this assigned UDP destination port [TBD] MAY have their UDP
checksum and Sequence flags set to zero because the egress tunnel checksum set to zero. In the environment where the UDP packets may
only needs to identify this protocol. Although IPv6 [RFC2460] be mis-delivered [RFC5405], UDP checksum SHOULD be used. Upon
restricts the processing a packet with the UDP checksum of zero, receiving a packet with a non-zero checksum, tunnel egress MUST
[RFC6935] and [RFC6936] relax this constraint to allow the zero UDP perform the UDP checksum verification. For an IPv6 network, UDP
checksum. checksum SHOULD be used; if the checksum needs to be disabled for
performance or implementation concerns, the considerations described
in [RFC6935][RFC6936] MUST be examined. The Sequence flags MUST set
to zero.
The tunnel ingress may set the GRE Key Present, Sequence Number The tunnel ingress may set the GRE Key Present, Sequence Number
Present, and Checksum Present bits and asscociated fields in the GRE Present, and Checksum Present bits and associated fields in the GRE
header defined by [RFC2784] and [RFC2890]. header defined by [RFC2784] and [RFC2890].
In addition IPv6 nodes MUST conform to the following: In addition IPv6 nodes MUST conform to the following:
1. the IPv6 tunnel ingress and egress SHOULD follow the node 1. the IPv6 tunnel ingress and egress SHOULD follow the node
requirements specified in Section 4 of [RFC6936] and the usage requirements specified in Section 4 of [RFC6936] and the usage
requirements specified in Section 5 of [RFC6936] requirements specified in Section 5 of [RFC6936].
2. IPv6 transit nodes SHOULD follow the requirements 9, 10, 11 2. IPv6 transit nodes SHOULD follow the requirements 9, 10, 11
specified in Section 5 of [RFC6936]. specified in Section 5 of [RFC6936].
The tunnel ingress may set the GRE Key Present, Sequence Number
Present, and Checksum Present bits and associated fields in the GRE
header defined by [RFC2784] and [RFC2890].
The format of the GRE-in-UDP encapsulation for both IPv4 and IPv6 The format of the GRE-in-UDP encapsulation for both IPv4 and IPv6
outer headersis shown in the followingfigures: outer headers is shown in the following figures:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv4 Header: IPv4 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length | |Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset | | Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live |Protcol=17[UDP]| Header Checksum | | Time to Live |Protcol=17(UDP)| Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source IPv4 Address | | Source IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination IPv4 Address | | Destination IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
UDP Header: UDP Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port = XXXX | Dest Port = TBD | | Source Port = XXXX | Dest Port = TBD |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum | | UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1 UDP+GRE IPv4 headers
|C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: UDP+GRE IPv4 headers 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
0 1 2 3 IPv6 Header:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | NxtHdr=17(UDP)| Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Source IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Destination IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IPv6 Header: UDP Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label | | Source Port = XXXX | Dest Port = TBD |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | NxtHdr=17[UDP]| Hop Limit | | UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Source IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Destination IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
UDP Header: GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port = XXXX | Dest Port = TBD | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | | Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: UDP+GRE IPv6 headers Figure 2 UDP+GRE IPv6 headers
The total overhead increase for a UDP+GRE tunnel without use of The total overhead increase for a UDP+GRE tunnel without use of
optional GRE fields, representing the lowest total overhead increase, optional GRE fields, representing the lowest total overhead increase,
is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6. is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6.
The total overhead increase for a UDP+GRE tunnel with use of GRE Key, The total overhead increase for a UDP+GRE tunnel with use of GRE Key,
Sequence and Checksum Fields, representing the highest total overhead Sequence and Checksum Fields, representing the highest total
increase, is 44 bytes in the case of IPv4 and 64 bytes in the case of overhead increase, is 44 bytes in the case of IPv4 and 64 bytes in
IPv6. the case of IPv6.
4. Encapsulation Considerations 4. Encapsulation Considerations
GRE-in-UDP encapsulation allows the tunneled traffic to be unicast, GRE-in-UDP encapsulation allows the tunneled traffic to be unicast,
broadcast, or multicast traffic. Entropy may be generated from the broadcast, or multicast traffic. Entropy may be generated from the
header of tunneled unicast or broadcast/multicast packets at tunnel header of tunneled unicast or broadcast/multicast packets at tunnel
ingress. The mapping mechanism between the tunneled multicast ingress. The mapping mechanism between the tunneled multicast
traffic and the multicast capability in the IP network is transparent traffic and the multicast capability in the IP network is
and independent to the encapsulation and is outside the scope of this transparent and independent to the encapsulation and is outside the
document. scope of this document.
If tunnel ingress must perform fragmentation on a packet before If tunnel ingress must perform the fragmentation [GREMTU] on a
encapsulation, it MUST use the same source UDP port for all packet packet before encapsulation, it MUST use the same source UDP port
fragments. This ensures that the transit routers will forward the for all packet fragments. This ensures that the transit routers
packet fragments on the same path. GRE-in-UDP encapsulation will forward the packet fragments on the same path. GRE-in-UDP
introduces some overhead as mentioned in section 3, which reduces the encapsulation introduces some overhead as mentioned in section 3,
effective Maximum Transmission Unit (MTU) size. An operator should which reduces the effective Maximum Transmission Unit (MTU) size.
factor in this addition overhead bytes when considering an MTU size An operator should factor in this addition overhead bytes when
for the payload to reduce the likelihood of fragmentation. considering an MTU size for the payload to reduce the likelihood of
fragmentation.
To ensure the tunneled traffic gets the same treatment over the IP To ensure the tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, tunnel ingress should network, prior to the encapsulation process, tunnel ingress should
process the payload to get the proper parameters to fill into the IP process the payload to get the proper parameters to fill into the IP
header such as DiffServ [[RFC2983]]. Tunnel end points that support header such as DiffServ [RFC2983]. Tunnel end points that support
ECN MUST use the method described in [RFC6040] for ECN marking ECN MUST use the method described in [RFC6040] for ECN marking
propagation. This process is outside of the scope of this document. propagation. This process is outside of the scope of this document.
Note that the IPv6 header [RFC2460] contains a flow label field that Note that the IPv6 header [RFC2460] contains a flow label field that
may be used for load balancing in an IPv6 network [RFC6438]. Thus in may be used for load balancing in an IPv6 network [RFC6438]. Thus
an IPv6 network, either GRE-in-UDP or flow labels may be used in in an IPv6 network, either GRE-in-UDP or flow labels may be used for
order to improve load balancing performance. Use of GRE-in-UDP improving load balancing performance. Use of GRE-in-UDP
encapsulation provides a unified hardware implementation for load encapsulation provides a unified hardware implementation for load
balancing in an IP network independent of the IP version(s) in use. balancing in an IP network independent of the IP version(s) in use.
However, if UDP checksum has to be used in the environment, a flow
label based load balancing is advantage in performance and
implementation.
5. Backward Compatibility 5. Backward Compatibility
It is assumed that tunnel ingress routers must be upgraded in order It is assumed that tunnel ingress routers must be upgraded in order
to support the encapsulations described in this document. to support the encapsulations described in this document.
No change is required at transit routers to support forwarding of the No change is required at transit routers to support forwarding of
encapsulation described in this document. the encapsulation described in this document.
If a router that is intended for use as a tunnel egress does not If a router that is intended for use as a tunnel egress does not
support the GRE-in-UDP encapsulation described in this document, it support the GRE-in-UDP encapsulation described in this document, it
will not be listening on destination port [TBD]. In these cases, the will not be listening on destination port [TBD]. In these cases,
router will conform to normal UDP processing and respond to the the router will conform to normal UDP processing and respond to the
tunnel ingress with an ICMP message indicating "port unreachable" tunnel ingress with an ICMP message indicating "port unreachable"
according to [RFC0792]. Upon receiving this ICMP message, the tunnel according to [RFC792]. Upon receiving this ICMP message, the tunnel
ingress MUST NOT continue to use GRE-in-UDP encapsulation toward this ingress MUST NOT continue to use GRE-in-UDP encapsulation toward
tunnel egress without management intervention. this tunnel egress without management intervention.
6. IANA Considerations 6. IANA Considerations
IANA is requested to make the following allocation: Service Name: IANA is requested to make the following allocation:
GRE-in-UDP Transport Protocol(s): UDP Assignee: IESG iesg@ietf.org
Contact: IETF Chair chair@ietf.org Description: GRE-in-UDP
Encapsulation Reference: [This.I-D] Port Number: TBD Service Code: N/
A Known Unauthorized Uses: N/A Assignment Notes: N/A
7. Security Considerations Service Name: GRE-in-UDP
Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation
Reference: [This.I-D]
Port Number: TBD
Service Code: N/A
Known Unauthorized Uses: N/A
Assignment Notes: N/A
7.1. Vulnerability 7. Security Considerations
7.1. Vulnerability
Neither UDP nor GRE encapsulation effects security for the payload Neither UDP nor GRE encapsulation effects security for the payload
protocol. When using GRE-in-UDP, Network Security in a network is protocol. When using GRE-in-UDP, Network Security in a network is
similar to that of a network using GRE. the same as that of a network using GRE.
Use of ICMP for signaling of the GRE-in-UDP encapsulation capability Use of ICMP for signaling of the GRE-in-UDP encapsulation capability
adds a security concern. Tunnel ingress devices may want to validate adds a security concern. Tunnel ingress devices may want to
the origin of ICMP Port Unreachable messages before taking action. validate the origin of ICMP Port Unreachable messages before taking
The mechanism for performing this validation is out of the scope of action. The mechanism for performing this validation is out of the
this document. scope of this document.
In an instance where the UDP src port is not set based et the flow In an instance where the UDP src port is not set based on the flow
invariant fields from the payload header, a random port SHOULD be invariant fields from the payload header, a random port SHOULD be
selected in order to minimize the vulnerability to off-path attacks. selected in order to minimize the vulnerability to off-path attacks.
[RFC6056] How the src port randomization occurs is outside scope of [RFC6056] How the src port randomization occurs is outside scope of
this document. this document.
8. Acknowledgements Using one standardized value in UDP destination port for an
encapsulation indication may increase the vulnerability of off-path
attack. To overcome this, tunnel egress may request tunnel ingress
using a different and specific value [RFC6056] in UDP destination
port for the GRE-in-UDP encapsulation indication. How the tunnel end
points communicate the value is outside scope of this document.
The Authors would like to thank Vivek Kumar, Ron Bonica, Joe Touch, 8. Acknowledgements
Ruediger Geib, Gorry Fairhurst, and David Black for their review and
valuable input on this draft.
9. Contributing Authors Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger
Geib, Gorry Fairhurst, David Black, Lar Edds, Lloyd, and many others
for their review and valuable input on this draft.
9. Contributors
The following people all contributed significantly to this document The following people all contributed significantly to this document
and are listed below in alphabetical order: and are listed below in alphabetical order:
John E. Drake John E. Drake
Juniper Networks Juniper Networks
Email: jdrake@juniper.net Email: jdrake@juniper.net
Adrian Farrel Adrian Farrel
Juniper Networks Juniper Networks
Email: adrian@olddog.co.uk Email: adrian@olddog.co.uk
Vishwas Manral Vishwas Manral
Hewlett-Packard Corp. Hewlett-Packard Corp.
3000 Hanover St, Palo Alto. 3000 Hanover St, Palo Alto.
skipping to change at page 9, line 5 skipping to change at page 11, line 29
7200-12 Kit Creek Road 7200-12 Kit Creek Road
Research Triangle Park, NC 27709 USA Research Triangle Park, NC 27709 USA
EMail: cpignata@cisco.com EMail: cpignata@cisco.com
Yongbing Fan Yongbing Fan
China Telecom China Telecom
Guangzhou, China. Guangzhou, China.
Phone: +86 20 38639121 Phone: +86 20 38639121
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980. August 1980.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September [RFC791] DARPA, "Internet Protocol", RFC791, September 1981
1981.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC2119, March 1997.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000. March 2000.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC 2890, September 2000. RFC2890, September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
2983, October 2000. October 2000.
[RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines [RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application
for Application Designers", BCP 145, RFC 5405, November Designers", RFC5405, November 2008.
2008.
[RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC 6040, November 2010. Notification", RFC6040, November 2010
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. [RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
Cheshire, "Internet Assigned Numbers Authority (IANA) Equal Cost Multipath Routing and Linda Aggregation in
Procedures for the Management of the Service Name and tunnels", RFC6438, November, 2011
Transport Protocol Port Number Registry", BCP 165, RFC
6335, August 2011.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
for Equal Cost Multipath Routing and Link Aggregation in UDP Checksums for Tunneled Packets", RFC 6935, April 2013.
Tunnels", RFC 6438, November 2011.
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
UDP Checksums for Tunneled Packets", RFC 6935, April 2013. for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, April 2013.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 10.2. Informative References
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, April 2013.
10.2. Informative References [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC
792, September 1981.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
RFC 792, September 1981. (IPv6) Specification", RFC 2460, December 1998.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling
(IPv6) Specification", RFC 2460, December 1998. Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005.
[RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005. MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
4023, March 2005.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
MPLS in IP or Generic Routing Encapsulation (GRE)", RFC Networks (VPNs)", RFC 4364, February 2006.
4023, March 2005.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
Networks (VPNs)", RFC 4364, February 2006. "Extended ICMP to Support Multi-Part Messages", RFC 4884,
April 2007.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
"Extended ICMP to Support Multi-Part Messages", RFC 4884, Protocol Port Randomization", RFC6056, January 2011
April 2007.
[RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and
L. Yong, "The Use of Entropy Labels in MPLS Forwarding", L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
RFC 6790, November 2012. RFC 6790, November 2012.
Authors' Addresses [GREMTU] Bonica, R., "A Fragmentation Strategy for Generic Routing
Encapsulation (GRE)", draft-bonica-intara-gre-mtu, work in
progress
11. Authors' Addresses
Edward Crabbe (editor) Edward Crabbe (editor)
Google Google
1600 Amphitheatre Parkway 1600 Amphitheatre Parkway
Mountain View, CA 94102 Mountain View, CA 94102
US US
Email: edward.crabbe@gmail.com
Lucy Yong (editor) Lucy Yong (editor)
Huawei Technologies Huawei Technologies, USA
USA
Email: lucy.yong@huawei.com Email: lucy.yong@huawei.com
Xiaohu Xu (editor) Xiaohu Xu (editor)
Huawei Technologies Huawei Technologies,
Beijing Beijing, China
China
Email: xuxiaohu@huawei.com Email: xuxiaohu@huawei.com
 End of changes. 89 change blocks. 
264 lines changed or deleted 297 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/