draft-ietf-tsvwg-gre-in-udp-encap-03.txt   draft-ietf-tsvwg-gre-in-udp-encap-04.txt 
Network Working Group E. Crabbe, Ed. Network Working Group E. Crabbe
Internet-Draft Internet-Draft
Intended status: Standard Track L. Yong, Ed. Intended status: Standard Track L. Yong
Huawei USA Huawei USA
X. Xu, Ed. X. Xu
Huawei Technologies Huawei Technologies
T. Herbert
Google
Expires: April 2015 October 27, 2014 Expires: August 2015 February 11, 2015
Generic UDP Encapsulation for IP Tunneling GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-03 draft-ietf-tsvwg-gre-in-udp-encap-04
Abstract Abstract
This document describes a method of encapsulating arbitrary This document describes a method of encapsulating network protocol
protocols within GRE and UDP headers. In this encapsulation, the packets within GRE and UDP headers. In this encapsulation, the
source UDP port may be used as an entropy field for purposes of load source UDP port can be used as an entropy field for purposes of load
balancing while the payload protocol may be identified by the GRE balancing, while the protocol of the encapsulated packet in the GRE
Protocol Type. payload is identified by the GRE Protocol Type. Usage restrictions
apply to GRE-in-UDP usage for traffic that is not congestion
controlled and to UDP zero checksum usage with IPv6.
Status of This Document Status of This Document
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 27, 2015. This Internet-Draft will expire on August 11, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Applicability Statement...................................3 1.1. Applicability Statement...................................3
2. Terminology....................................................4 2. Terminology....................................................4
2.1. Requirements Language.....................................4 2.1. Requirements Language.....................................4
3. Procedures.....................................................4 3. Encapsulation in UDP...........................................4
3.1. UDP checksum usage with IPv6..............................5 3.1. IP header.................................................7
3.2. Middlebox Considerations for IPv6 UDP Zero Checksums......7 3.2. UDP header................................................7
3.3. GRE-in-UDP Encapsulation Format...........................8 3.2.1. Source Port..........................................7
4. Encapsulation Considerations..................................10 3.2.2. Destination port.....................................7
5. Congestion Considerations.....................................11 3.2.3. Checksum.............................................7
6. Backward Compatibility........................................13 3.2.4. Length...............................................8
7. IANA Considerations...........................................13 3.3. GRE header................................................8
8. Security Considerations.......................................13 4. UDP Checksum Handling..........................................8
8.1. Vulnerability............................................13 4.1. UDP Checksum with IPv4....................................8
9. Acknowledgements..............................................14 4.2. UDP Checksum with IPv6....................................9
10. Contributors.................................................14 4.2.1. Middlebox Considerations for IPv6 UDP Zero Checksums12
11. References...................................................16 5. Encapsulation Process Procedures..............................12
11.1. Normative References....................................16 5.1. Packet Fragmentation.....................................13
11.2. Informative References..................................16 5.2. Differentiated services..................................13
12. Authors' Addresses...........................................17 6. Congestion Considerations.....................................14
7. Backward Compatibility........................................15
8. IANA Considerations...........................................16
9. Security Considerations.......................................16
9.1. Vulnerability............................................16
10. Acknowledgements.............................................17
11. Contributors.................................................17
12. References...................................................19
12.1. Normative References....................................19
12.2. Informative References..................................19
13. Authors' Addresses...........................................20
1. Introduction 1. Introduction
Load balancing, or more specifically, statistical multiplexing of Load balancing, or more specifically statistical multiplexing of
traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation
Groups (LAGs) in IP networks is a widely used technique for creating Groups (LAGs) in IP networks is a widely used technique for creating
higher capacity networks out of lower capacity links. Most existing higher capacity networks out of lower capacity links. Most existing
routers in IP networks are already capable of distributing IP routers in IP networks are already capable of distributing IP
traffic flows over ECMP paths and/or LAGs on the basis of a hash traffic flows over ECMP paths and/or LAGs on the basis of a hash
function performed on flow invariant fields in IP packet headers and function performed on flow invariant fields in IP packet headers and
their payload protocol headers. Specifically, when the IP payload is their payload protocol headers. Specifically, when the IP payload is
a User Datagram Protocol (UDP)[RFC0768] or Transmission Control a User Datagram Protocol (UDP)[RFC768] or Transmission Control
Protocol (TCP) packet, router hash functions frequently operate on Protocol (TCP) [RFC793] packet, router hash functions frequently
the five-tuple of the source IP address, the destination IP address, operate on the five-tuple of source IP address, destination IP
the source port, the destination port, and the protocol/next-header address, source port, destination port, and protocol/next-header
Several tunneling techniques are in common use in IP networks, such Several encapsulation techniques are commonly used in IP networks,
as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and such as Generic Routing Encapsulation (GRE) [RFC2784], MPLS
L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation [RFC4023] and L2TPv3 [RFC3931]. GRE is an increasingly popular
choice, especially in environments where MPLS is unavailable or encapsulation choice. Unfortunately, use of common GRE endpoints may
unnecessary. Unfortunately, use of common GRE endpoints may reduce reduce the entropy available for use in load balancing, especially
the entropy available for use in load balancing, especially in in environments where the GRE Key field [RFC2890] is not readily
environments where the GRE Key field [RFC2890] is not readily
available for use as entropy in forwarding decisions. available for use as entropy in forwarding decisions.
This document defines a generic GRE-in-UDP encapsulation for This document defines a generic GRE-in-UDP encapsulation for
tunneling arbitrary network protocol payloads across an IP network tunneling network protocol packets across an IP network. The GRE
environment where ECMP or LAGs are used. The GRE header provides header provides payload protocol type as an EtherType in the
payload protocol de-multiplexing by way of it's protocol type field protocol type field [RFC2784][GREIPV6], and the UDP header provides
[RFC2784] while the UDP header provides additional entropy by way of additional entropy by way of its source port.
it's source port.
This encapsulation method requires no changes to the transit IP This encapsulation method requires no changes to the transit IP
network. Hash functions in most existing IP routers may utilize and network. Hash functions in most existing IP routers may utilize and
benefit from the use of a GRE-in-UDP tunnel is without needing any benefit from the use of a GRE-in-UDP tunnel without needing any
change or upgrade to their ECMP implementation. The encapsulation change or upgrade to their ECMP implementation. The encapsulation
mechanism is applicable to a variety of IP networks including Data mechanism is applicable to a variety of IP networks including Data
Center and wide area networks. Center and wide area networks.
1.1. Applicability Statement 1.1. Applicability Statement
It is recommended to use GRE-in-UDP encapsulation within a Service GRE encapsulation is widely used for many applications. For example,
Provider (SP) network and/or DC network where the congestion control to redirect IP traffic to traverse a different path instead of the
is not a concern. However the encapsulation can apply to ISP default path in an operator network, to tunnel private network
networks and/or Internet. Some environments request GRE-in-UDP traffic over a public network by use of public IP network addresses,
tunnel to run more functions than others. or to tunnel IPv6 traffic over an IPv4 network, etc.
GRE-in-UDP encapsulation may be used to tunnel the tunneled traffic, When encapsulating GRE in UDP, encapsulated traffic will be treated
i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in-UDP or as a UDP application, not as a GRE application, in an IP network.
other tunnel encapsulation. In this case, GRE-in-UDP tunnel end
points treat other tunnel endpoints as of the end hosts for the Thus GRE-in-UDP applications must meet UDP tunnel requirements as
specified in [RFC5405]. This may constrain GRE-in-UDP tunnel usage
in certain applications and/or environments. See Section 6.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in-
UDP or other tunnel encapsulation. In this case, GRE-in-UDP tunnel
end points treat other tunnel endpoints as of the end hosts for the
traffic and do not differentiate such end hosts from other end hosts. traffic and do not differentiate such end hosts from other end hosts.
The use case and applicability for a GRE-in-UDP tunnel egress and
stacked tunnel egress terminate on the same IP address is for
further study.
2. Terminology 2. Terminology
The terms defined in [RFC768] are used in this document. The terms defined in [RFC768][RFC2784] are used in this document.
2.1. Requirements Language 2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Procedures 3. Encapsulation in UDP
When a tunnel ingress device conforming to this document receives a
packet, the ingress MUST encapsulate the packet in UDP and GRE
headers and set the destination port of the UDP header to [TBD]
Section 6. The ingress device must also insert the payload protocol
type in the GRE Protocol Type field. The ingress device SHOULD set
the UDP source port based on flow invariant fields from the payload
header. In the case that ingress is unable to get the flow entropy
from the payload header, it should set a randomly selected constant
value for UDP source port to avoid payload packet flow reordering.
The value, for example, may be simply a result of boot-up time. How
a tunnel ingress generates entropy from the payload is outside the
scope of this document. The tunnel ingress MUST encode its own IP
address as the source IP address and the egress tunnel endpoint IP
address. The TTL field in the IP header must be set to a value
appropriate for delivery of the encapsulated packet to the tunnel
egress endpoint.
When the tunnel egress receives a packet, it must remove the outer
UDP and GRE headers. Section 5 describes the error handling when
this entity is not instantiated at the tunnel egress.
For IPv4 UDP encapsulation, this field is RECOMMENDED to be set to
zero because the IPv4 header includes a checksum, and use of the UDP
checksum is optional with IPv4, unless checksum protection of
tunneled payload is important, see Section 6.
For IPv6 UDP encapsulation, the IPv6 header does not include a
checksum, so this field MUST contain a UDP checksum that MUST be
used as specified in [RFC0768] and [RFC2460] unless one of the
exceptions that allows use of UDP zero-checksum mode (as specified
in [RFC6935]) applies. See Section 3.1 for specification of these
exceptions and additional requirements that apply when UDP zero-
checksum mode is used for GRE-in-UDP traffic over IPv6.The tunnel
ingress may set the GRE Key Present, Sequence Number Present, and
Checksum Present bits and associated fields in the GRE header
defined by [RFC2784] and [RFC2890].
3.1. UDP checksum usage with IPv6
When UDP is used over IPv6, the UDP checksum is relied upon to
protect the IPv6 header from corruption, and MUST be used unless the
requirements in [RFC 6935] and [RFC 6936] for use of UDP zero-
checksum mode with a tunnel protocol are satisfied. Therefore, the
UDP checksum MUST be implemented and MUST be used in accordance with
[RFC0768] and [RFC2460] for GRE in UDP traffic over
IPv6 unless one of the following exceptions applies and the
additional requirements stated below are complied with. In addition,
use of the UDP checksum with IPv6 MUST be the default configuration
of all GRE-in-UDP implementations.
There are two exceptions that allow use of UDP zero-checksum mode
for IPv6 with GRE-in-UDP, subject to the additional requirements
stated below in this section. The two exceptions are:
o Use of GRE-in-UDP within a single service provider that utilizes
careful provisioning (e.g., rate limiting at the entries of the
network while over-provisioning network capacity) to ensure
against congestion and that actively monitors encapsulated
traffic for errors; or
o Use of GRE-in-UDP within a limited number of service providers
who closely cooperate in order to jointly provide this same
careful provisioning and monitoring.
As such, for IPv6, the UDP checksum for GRE-in-UDP MUST be used as
specified in [RFC0768] and [RFC2460] over the general Internet, and
over non-cooperating ISPs, even if each non-cooperating ISP
independently satisfies the first exception for UDP zero-checksum
mode usage with GRE-in-UDP over IPv6 within the ISP's own network.
Section 5 of RFC6936 [RFC6936] specifies the additional requirements
that implementation of UDP zero-checksum over IPv6 MUST compliant
with. To compliant with it, the following additional requirements
apply to GRE-in-UDP implementation and use of UDP zero-checksum mode
over IPv6:
a. A GRE-in-UDP implementation MUST comply with all requirements
specified in Section 4 of [RFC6936] and with requirement 1
specified in Section 5 of [RFC6936].
b. A GRE-in-UDP receiver MUST check that the source and destination
IPv6 addresses are valid for the GRE-in-UDP tunnel and discard
any packet for which this check fails.
c. A GRE-in-UDP sender SHOULD use different IPv6 addresses for each
GRE-in-UDP tunnel that uses UDP zero-checksum mode in order to
strengthen the receiver's check of the IPv6 source address. When
this is not possible, it is RECOMMENDED to use each source IPv6
address for as few UDP zero-checksum mode MPLS-in-UDP tunnels as
is feasible.
d. GRE-in-UDP sender and receiver MUST agree the key(s) used over
the tunnel. The sender MUST insert a key on GRE header, and the
receiver MUST check if the key in GRE header is valid for the
tunnel and drop invalid packet.
e. A GRE-in-UDP receiver node SHOULD only enable the use of UDP
zero-checksum mode on a single UDP port and SHOULD NOT support
any other use UDP zero-checksum mode on any other UDP port.
f. A GRE-in-UDP sender SHOULD send GRE keepalive messages with a
zero UDP checksum. GRE-in-UDP receiver that discovers an
appreciable loss rate for keepalive packets MAY terminate the
tunnel.
g. GRE keepalive messages SHOULD include both UDP datagrams with a
checksum and datagrams with a zero UDP checksum. This will
enable the remote endpoint to distinguish between a path failure
and the dropping of datagrams with a zero UDP checksum.
h. Any middlebox support for MPLS-in-UDP with UDP zero-checksum mode
for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of
RFC 6936.
(Editor note: the design team and authors need further discuss above
requirements text)
The above requirements are intended to be in addition to the
requirements specified in [RFC2460] as modified by [RFC6935] and the
requirements specified in [RFC6936].
GRE-in-UDP over IPv6 does not include an additional integrity check
because the above requirements in combination with the exceptions
that restrict use of UDP zero-checksum mode to well-managed networks
should not significantly increase the rate of corruption of UDP/GRE-
encapsulated traffic by comparison to GRE-encapsulated traffic over
similar well-managed networks and because GRE does not accumulate
incorrect state as a consequence of GRE header corruption.
Editor Note: The preceding paragraph addresses requirements 2-4 in
Section 5 of [RFC 6936]. Requirement 5 in that section is addressed
by the requirement e in this section. Requirements 6 and 7 in that
section are covered by the requirements f and g in this section.
Requirement 8-10 in that section is addressed by the requirement h
in this section.
In summary, UDP zero-checksum mode for IPv6 is allowed to be used
with GRE-in-UDP when one of the two exceptions specified above
applies, provided that additional requirements stated above are
complied with. Otherwise the UDP checksum MUST be used for IPv6 as
specified in [RFC0768] and [RFC2460].
This entire section and its requirements apply only to use of UDP
zero-checksum mode for IPv6; they can be avoided by using the UDP
checksum as specified in [RFC0768] and [RFC2460].
3.2. Middlebox Considerations for IPv6 UDP Zero Checksums
IPv6 datagrams with a zero UDP checksum will not be passed by any
middlebox that validates the checksum based on [RFC2460] or that
updates the UDP checksum field, such as NATs or firewalls. Changing
this behavior would require such middleboxes to be updated to
correctly handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over
a path that includes a middlebox that discards IPv6 datagrams with a
zero UDP checksum. In this case the GRE-in-UDP tunnel will be
black-holed by that middlebox. Recommended changes to allow
firewalls, NATs and other middleboxes to support use of an IPv6 zero
UDP checksum are described in Section 5 of [RFC6936].
3.3. GRE-in-UDP Encapsulation Format
The format of the GRE-in-UDP encapsulation for both IPv4 and IPv6 GRE-in-UDP encapsulation format is shown as follows:
outer headers is shown in the following figures:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv4 Header: IPv4 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length | |Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset | | Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 8, line 44 skipping to change at page 5, line 39
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) | | Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 UDP+GRE IPv4 headers Figure 1 UDP+GRE Headers in IPv4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv6 Header: IPv6 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label | |Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | NxtHdr=17(UDP)| Hop Limit | | Payload Length | NxtHdr=17(UDP)| Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 9, line 49 skipping to change at page 6, line 49
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) | | Sequence Number (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 UDP+GRE IPv6 headers Figure 2 UDP+GRE Headers in IPv6
The total overhead increase for a UDP+GRE tunnel without use of The contents of the IP, UDP, and GRE headers that are relevant in
optional GRE fields, representing the lowest total overhead increase, this encapsulation are described below.
is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6.
The total overhead increase for a UDP+GRE tunnel with use of GRE Key,
Sequence and Checksum Fields, representing the highest total
overhead increase, is 44 bytes in the case of IPv4 and 64 bytes in
the case of IPv6.
4. Encapsulation Considerations 3.1. IP header
GRE-in-UDP encapsulation is used for single tunnel mechanism where An encapsulator MUST encode its own IP address as the source IP
both GRE and UDP header are required. The mechanism allows the address and the decapsulator's IP address as the destination IP
tunneled traffic to be unicast, broadcast, or multicast traffic. address. The TTL field in the IP header must be set to a value
Entropy may be generated from the header of tunneled unicast or appropriate for delivery of the encapsulated packet to the peer of
broadcast/multicast packets at tunnel ingress. The mapping mechanism the encapsulation.
between the tunneled multicast traffic and the multicast capability
in the IP network is transparent and independent to the
encapsulation and is outside the scope of this document.
The tunnel ingress SHOULD perform the fragmentation [GREMTU] on a 3.2. UDP header
packet before the encapsulation and factor in both GRE and UDP
header bytes in the effective Maximum Transmission Unit (MTU) size.
Not performing the fragmentation will cause the packets exceeding
network MTU size to be dropped in the network. The tunnel ingress
MUST use the same source UDP port for all packet fragments to ensure
that the transit routers will forward the packet fragments on the
same path. An operator should factor in the addition overhead bytes
when considering an MTU size for the payload to reduce the
likelihood of fragmentation.
To ensure the tunneled traffic gets the same treatment over the IP 3.2.1. Source Port
network, prior to the encapsulation process, tunnel ingress should
process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Tunnel end points that support
ECN MUST use the method described in [RFC6040] for ECN marking
propagation. This process is outside of the scope of this document.
Note that the IPv6 header [RFC2460] contains a flow label field that The UDP source port contains a 16-bit entropy value that is
may be used for load balancing in an IPv6 network [RFC6438]. Thus generated by the encapsulator to identify a flow for the
in an IPv6 network, either GRE-in-UDP or flow labels may be used for encapsulated packet. The port value SHOULD be within the ephemeral
improving load balancing performance. Use of GRE-in-UDP port range. IANA suggests this range to be 49152 to 65535, where the
encapsulation provides a unified hardware implementation for load high order two bits of the port are set to one. This provides
balancing in an IP network independent of the IP version(s) in use. fourteen bits of entropy for the inner flow identifier. In the case
However IPv6 network require performing the UDP checksum, which may that an encapsulator is unable to derive flow entropy from the
impact network performance and user experience. Thus, a flow label payload header, it should set a randomly selected constant value for
based load balancing may be a better approach in an IPv6 network. UDP source port to avoid payload packet flow reordering.
5. Congestion Considerations The source port value for a flow set by an encapsulator MAY change
over the lifetime of the encapsulated flow. For instance, an
encapsulator may change the assignment for Denial of Service (DOS)
mitigation or as a means to effect routing through the ECMP network.
An encapsulator SHOULD NOT change the source port selected for a
flow more than once every thirty seconds.
Section 3.1.3 of RFC 5405 [RFC5405] discussed the congestion How an encapsulator generates entropy from the payload is outside
implications of UDP tunnels. As discussed in RFC 5405, because other the scope of this document.
flows can share the path with one or more UDP tunnels, congestion
control [RFC2914] needs to be considered.
A major motivation for encapsulating GRE in UDP is to provide a 3.2.2. Destination port
generic UDP tunnel protocol to tunnel a network protocol over IP
network and improve the use of multipath (such as Equal Cost The destination port of the UDP header is set the GRE/UDP port (TBD)
MultiPath, ECMP) in cases where traffic is to traverse routers which (see Section 8).
3.2.3. Checksum
The UDP checksum is set and processed per [RFC768] and [RFC1122] for
IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and
use of zero UDP checksums are detailed in section 4.
3.2.4. Length
The usage of this field is in accordance with the current UDP
specification in [RFC768]. This length will include the UDP header
(eight bytes), GRE header, and the GRE payload (encapsulated packet).
3.3. GRE header
An encapsulator sets the protocol type (EtherType) of the packet
being encapsulated in the GRE Protocol Type field.
An encapsulator may set the GRE Key Present, Sequence Number Present,
and Checksum Present bits and associated fields in the GRE header as
defined by [RFC2784] and [RFC2890].
The GRE checksum MAY be enabled to protect the GRE header and
payload. An encapsulator SHOULD NOT enable both the GRE checksum and
UDP checksum simultaneously as this would be mostly redundant. Since
the UDP checksum covers more of the packet including the GRE header
and payload, the UDP checksum SHOULD have preference to using GRE
checksum.
4. UDP Checksum Handling
4.1. UDP Checksum with IPv4
For UDP in IPv4, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC1122] for both transmit and receive. An
encapsulator MAY set the UDP checksum to zero for performance or
implementation considerations. The IPv4 header includes a checksum
which protects against mis-delivery of the packet due to corruption
of IP addresses. The UDP checksum potentially provides protection
against corruption of the UDP header, GRE header, and GRE payload.
Enabling or disabling the use of checksums is a deployment
consideration that should take into account the risk and effects of
packet corruption, and whether the packets in the network are
already adequately protected by other, possibly stronger mechanisms
such as the Ethernet CRC.
When a decapsulator receives a packet, the UDP checksum field MUST
be processed. If the UDP checksum is non-zero, the decapsulator MUST
verify the checksum before accepting the packet. By default a
decapsularor SHOULD accept UDP packets with a zero checksum. A node
MAY be configured to disallow zero checksums per [RFC1122]; this may
be done selectively, for instance disallowing zero checksums from
certain hosts that are known to be sending over paths subject to
packet corruption. If verification of a non-zero checksum fails, a
decapsulator lacks the capability to verify a non-zero checksum, or
a packet with a zero-checksum was received and the decapsulator is
configured to disallow, the packet MUST be dropped and an event MAY
be logged.
4.2. UDP Checksum with IPv6
For UDP in IPv6, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC2460] for both transmit and receive.
When UDP is used over IPv6, the UDP checksum is relied upon to
protect both the IPv6 and UDP headers from corruption, and so MUST
used with the following exceptions:
a. Use of GRE-in-UDP in networks under single administrative
control (such as within a single operator's network) where it
is known (perhaps through knowledge of equipment types and
lower layer checks) that packet corruption is exceptionally
unlikely and where the operator is willing to take the risk of
undetected packet corruption.
b. Use of GRE-in-UDP in networks under single administrative
control (such as within a single operator's network) where it
is judged through observational measurements (perhaps of
historic or current traffic flows that use a non-zero checksum)
that the level of packet corruption is tolerably low and where
the operator is willing to take the risk of undetected packet
corruption.
c. Use of GRE-in-UDP for traffic delivery for applications that
are tolerant of misdelivered or corrupted packets (perhaps
through higher layer checksum, validation, and retransmission
or transmission redundancy) where the operator is willing to
rely on the applications using the tunnel to survive any
corrupt packets.
For these exceptions, the UDP zero-checksum mode can be used.
However the use of the UDP zero-checksum mode must meet the
requirements specified in [RFC6935] and [RFC6936] as well at the
additional requirements stated below.
These exceptions may also be extended to the use of GRE-in-UDP
within a set of closely cooperating network administrations (such as
network operators who have agreed to work together in order to
jointly provide specific services).
As such, for IPv6, the UDP checksum for GRE-in-UDP MUST be used as
specified in [RFC768] and [RFC2460] for tunnels that span multiple
networks whose network administrations do not cooperate closely,
even if each non-cooperating network administration independently
satisfies one or more of the exceptions for UDP zero-checksum mode
usage with GRE-in-UDP over IPv6.
The following additional requirements apply to implementation and
use of UDP zero-checksum mode for GRE-in-UDP over IPv6:
a. Use of the UDP checksum with IPv6 MUST be the default
configuration of all GRE-in-UDP implementations.
b. The GRE-in-UDP implementation MUST comply with all requirements
specified in Section 4 of [RFC6936] and with requirement 1
specified in Section 5 of [RFC6936].
c. A decapsulator SHOULD only allow the use of UDP zero-checksum
mode for IPv6 on a single received UDP Destination Port. The
motivation for this requirement is possible corruption of the UDP
destination port, which may cause packet delivery to the wrong
UDP port. If that other UDP port requires the UDP checksum, the
mis-delivered packet will be discarded
d. By default a decapsulator MUST disallow receipt of GRE-in-UDP
packets with zero UDP checksums with IPv6. Zero checksums May
selectively be enabled for certain source address. A decapsulator
MUST check that the source and destination IPv6 addresses are
valid for the GRE-in-UDP tunnel on which the packet was received
if that tunnel uses UDP zero-checksum mode and discard any packet
for which this check fails.
e. An encapsulator SHOULD use different IPv6 addresses for each GRE-
in-UDP tunnel that uses UDP zero-checksum mode regardless of the
decapsulator in order to strengthen the decapsulator's check of
the IPv6 source address (i.e., the same IPv6 source address
SHOULD NOT be used with more than one IPv6 destination address,
independent of whether that destination address is a unicast or
multicast address). When this is not possible, it is RECOMMENDED
to use each source IPv6 address for as few UDP zero-checksum mode
GRE-in-UDP tunnels as is feasible.
f. Any middlebox support for GRE-in-UDP with UDP zero-checksum mode
for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of
[RFC6936].[RFC6936].
g. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP
checksums from "escaping" to the general Internet; see Section 6
for examples of such measures.
h. IPv6 traffic with zero UDP checksums MUST be actively monitored
for errors by the network operator.
i. The use a zero UDP checksum should present the equivalent risk of
undetected packet corruption when sending similar packet using
GRE-in-IPv6 without UDP and without GRE checksums.
j. If a packet with a non-zero checksum is received, the checksum
MUST be verified before accepting the packet. This is regardless
of whether a tunnel encapsulator and decapsulator have been
configured with UDP zero-checksum mode.
The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the strong recommendation against
reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively
provide some mitigation for the absence of UDP checksum coverage of
the IPv6 header. Additional assurance is provided by the
restrictions in the above exceptions that limit usage of IPv6 UDP
zero-checksum mode to well-managed networks for which GRE
encapsulated packet corruption has not been a problem in practice.
Hence GRE-in-UDP is suitable for transmission over lower layers in
the well-managed networks that are allowed by the exceptions stated
above and the rate of corruption of the inner IP packet on such
networks is not expected to increase by comparison to GRE traffic
that is not encapsulated in UDP. For these reasons, GRE-in-UDP does
not provide an additional integrity check except when GRE checksum
is used when UDP zero-checksum mode is used with IPv6, and this
design is in accordance with requirements 2, 3 and 5 specified in
Section 5 of [RFC6936].
GRE does not accumulate incorrect state as a consequence of GRE
header corruption. A corrupt GRE results in either packet discard or
forwarding of the packet without accumulation of GRE state. GRE
checksum MAY be used for protecting GRE header and payload. Active
monitoring of GRE-in-UDP traffic for errors is REQUIRED as
occurrence of errors will result in some accumulation of error
information outside the protocol for operational and management
purposes. This design is in accordance with requirement 4 specified
in Section 5 of [RFC6936].
The remaining requirements specified in Section 5 of [RFC6936] are
inapplicable to GRE-in-UDP. Requirements 6 and 7 do not apply
because GRE does not have a GRE-generic control feedback mechanism.
Requirements 8-10 are middlebox requirements that do not apply to
GRE-in-UDP tunnel endpoints, but see Section 3.2 for further
middlebox discussion.
In summary, UDP zero-checksum mode for IPv6 is allowed to be used
with GRE-in-UDP when one of the three exceptions specified above
applies, provided that additional requirements stated above are
complied with. Otherwise the UDP checksum MUST be used for IPv6 as
specified in [RFC768] and [RFC2460].
4.2.1. Middlebox Considerations for IPv6 UDP Zero Checksums
IPv6 datagrams with a zero UDP checksum will not be passed by any
middlebox that validates the checksum based on [RFC2460] or that
updates the UDP checksum field, such as NATs or firewalls. Changing
this behavior would require such middleboxes to be updated to
correctly handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over
a path that includes a middlebox that discards IPv6 datagrams with a
zero UDP checksum. In this case the GRE-in-UDP tunnel will be
black-holed by that middlebox. Recommended changes to allow
firewalls, NATs and other middleboxes to support use of an IPv6 zero
UDP checksum are described in Section 5 of [RFC6936].
5. Encapsulation Process Procedures
This GRE-in-UDP encapsulation allows packets to be forwarded through
"GRE-UDP tunnels". When performing GRE-in-UDP encapsulation by the
encapsulator, the entropy value would be generated by the
encapsulator and then be filled in the Source Port field of the UDP
header. The Destination Port field is set to a value (TBD)
allocated by IANA to indicate that the UDP tunnel payload is a GRE
packet. The Protocol Type header field in GRE header is set to the
EtherType value corresponding to the protocol of the encapsulated
packet.
Intermediate routers, upon receiving these UDP encapsulated packets,
could balance these packets based on the hash of the five-tuple of
UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator
would decapsulate them by removing the UDP headers and then process
them accordingly.
Note: Each UDP tunnel is unidirectional, as GRE-in-UDP traffic is
sent to the IANA-allocated UDP Destination Port, and in particular,
is never sent back to any port used as a UDP Source Port (which
serves solely as a source of entropy). This is at odds with a common
middlebox (e.g., firewall) assumption that bidirectional traffic
uses a common pair of UDP ports. As a result, arranging to pass
bidirectional GRE-in-UDP traffic through middleboxes may require
separate configuration for each direction of traffic.
GRE-in-UDP allows encapsulation of unicast, broadcast, or multicast
traffic. Entropy may be generated from the header of encapsulated
unicast or broadcast/multicast packets at an encapsulator. The
mapping mechanism between the encapsulated multicast traffic and the
multicast capability in the IP network is transparent and
independent to the encapsulation and is otherwise outside the scope
of this document.
5.1. Packet Fragmentation
Regarding Fragmentation, an encapsulator SHOULD perform
fragmentation [GREMTU] on a packet before encapsulation and factor
in both GRE and UDP header bytes in the effective Maximum
Transmission Unit (MTU) size. Not performing the fragmentation will
cause the packets exceeding network MTU size to be dropped or
fragmented in the network. An encapsulator MUST use the same source
UDP port for all packet fragments to ensure that the transit routers
will forward the packet fragments on the same path. An operator
should factor in the additional bytes of overhead when considering
an MTU size for the payload to reduce the likelihood of
fragmentation.
5.2. Differentiated services
To ensure that tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, an encapsulator should
process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Encapsulation end points that
support ECN must use the method described in [RFC6040] for ECN
marking propagation. This process is outside of the scope of this
document.
6. Congestion Considerations
Section 3.1.3 of [RFC5405] discussed the congestion implications of
UDP tunnels. As discussed in [RFC5405], because other flows can
share the path with one or more UDP tunnels, congestion control
[RFC2914] needs to be considered.
A major motivation for GRE-in-UDP encapsulation is to tunnel a
network protocol over IP network and improve the use of multipath
(such as ECMP) in cases where traffic is to traverse routers which
are able to hash on UDP Port and IP address. As such, in many cases are able to hash on UDP Port and IP address. As such, in many cases
this may reduce the occurrence of congestion and improve usage of this may reduce the occurrence of congestion and improve usage of
available network capacity. However, it is also necessary to ensure available network capacity. However, it is also necessary to ensure
that the network, including applications that use the network, that the network, including applications that use the network,
responds appropriately in more difficult cases, such as when link or responds appropriately in more difficult cases, such as when link or
equipment failures have reduced the available capacity. equipment failures have reduced the available capacity.
The impact of congestion must be considered both in terms of the The impact of congestion must be considered both in terms of the
effect on the rest of the network of a UDP tunnel that is consuming effect on the rest of the network over which packets are sent in UDP
excessive capacity, and in terms of the effect on the flows using tunnels, and in terms of the effect on the flows that are sent by
the UDP tunnels. The potential impact of congestion from a UDP UDP tunnels. The potential impact of congestion from a UDP tunnel
tunnel depends upon what sort of traffic is carried over the tunnel, depends upon what sort of traffic is carried over the tunnel, as
as well as the path of the tunnel. well as the path of the tunnel.
GRE in UDP as a generic UDP tunnel mechanism can be used to carry a GRE encapsulation is widely used to carry a wide range of network
network protocol and traffic. If tunneled traffic is already protocols and traffic. In many cases GRE encapsulation is used to
congestion controlled, GRE in UDP tunnel generally does not need carry IP traffic. IP traffic is generally assumed to be congestion
additional congestion control mechanisms. As specified in RFC 5405: controlled, and thus a tunnel carrying general IP traffic (as might
be expected to be carried across the Internet) generally does not
need additional congestion control mechanisms. As specified in RFC
5405:
IP-based traffic is generally assumed to be congestion-controlled, "IP-based traffic is generally assumed to be congestion-controlled,
i.e., it is assumed that the transport protocols generating IP-based i.e., it is assumed that the transport protocols generating IP-based
traffic at the sender already employ mechanisms that are sufficient traffic at the sender already employ mechanisms that are sufficient
to address congestion on the path. Consequently, a tunnel carrying. to address congestion on the path. Consequently, a tunnel carrying
IP-based traffic should already interact appropriately with other IP-based traffic should already interact appropriately with other
traffic sharing the path, and specific congestion control mechanisms traffic sharing the path, and specific congestion control mechanisms
for the tunnel are not necessary. for the tunnel are not necessary."
For this reason, where GRE in UDP tunneling is used to carry IP For this reason, where GRE-in-UDP tunneling is used to carry IP
traffic that is known to be congestion controlled, the tunnel MAY be traffic that is known to be congestion controlled, the UDP tunnels
used across any combination of a single service provider, multiple MAY be used within a single network or across multiple networks,
cooperating service providers, or across the general Internet. with cooperating network operators. Internet IP traffic is
Internet IP traffic is generally assumed to be congestion-controlled. generally assumed to be congestion-controlled.
However, GRE in UDP tunneling is also used in many cases to carry However, GRE-in-UDP tunneling can be also used to carry traffic that
traffic that is not necessarily congestion controlled. In such cases is not necessarily congestion controlled. In such cases network
service providers and data center operators may avoid congestion by operators may avoid congestion by careful provisioning of their
careful provisioning of their networks, by rate limiting of user networks, by rate limiting of user data traffic, and/or by using
data traffic, and/or by using Traffic Engineering tools to monitor Traffic Engineering tools to monitor the network segments and
the network segments and dynamically steers traffic away from the dynamically steers traffic away from potentially congested links.
potential congested link in time.
For this reason, where the GRE payload traffic is not congestion For this reason, where the GRE payload traffic is not congestion
controlled, GRE in UDP tunnels MUST only be used within a single controlled, GRE-in-UDP tunnels MUST only be used within a single
service provider that utilizes careful provisioning (e.g., rate operator's network that utilizes careful provisioning (e.g., rate
limiting at the entries of the network while over-provisioning limiting at the entries of the network while over-provisioning
network capacity) to ensure against congestion, or within a limited network capacity) to ensure against congestion, or within a limited
number of service providers who closely cooperate in order to number of networks whose operators closely cooperate in order to
jointly provide this same careful provisioning. jointly provide this same careful provisioning.
As such, GRE in UDP MUST NOT be used over the general Internet, or As such, GRE-in-UDP MUST NOT be used over the general Internet, or
over non-cooperating ISPs, to carry traffic that is not congestion- over non-cooperating network operators, to carry traffic that is not
controlled. congestion-controlled.
Measures SHOULD be taken to prevent non-congestion-controlled GRE- Measures SHOULD be taken to prevent non-congestion-controlled GRE-
over-UDP traffic from "escaping" to the general Internet, e.g.: in-UDP traffic from "escaping" to the general Internet, e.g.:
o physical or logical isolation of the links carrying GRE-over-UDP
from the general Internet,
o deployment of packet filters that block the UDP ports assigned o Physical or logical isolation of the links carrying GRE-in-UDP
for GRE-over-UDP, from the general Internet.
o imposition of restrictions on GRE-over-UDP traffic by software o Deployment of packet filters that block the UDP ports assigned
tools used to set up GRE-over-UDP tunnels between specific end for GRE-in-UDP.
systems (as might be used within a single data center), and
o use of a "Managed Circuit Breaker" for the tunneled traffic as o Imposition of restrictions on GRE-in-UDP traffic by software
described in [I-D.-tsvwg-circuit-breaker]. tools used to set up GRE-in-UDP tunnels between specific end
systems (as might be used within a single data center).
[Editor: the text in this section was derived from the text for o Use of a "Managed Circuit Breaker" for the tunneled traffic as
mpls-in-udp. More work necessary to make general for this] described in [CB].
6. Backward Compatibility 7. Backward Compatibility
It is assumed that tunnel ingress routers must be upgraded in order It is assumed that tunnel ingress routers must be upgraded in order
to support the encapsulations described in this document. to support the encapsulations described in this document.
No change is required at transit routers to support forwarding of No change is required at transit routers to support forwarding of
the encapsulation described in this document. the encapsulation described in this document.
If a router that is intended for use as a tunnel egress does not If a router that is intended for use as a decapsulator does not
support the GRE-in-UDP encapsulation described in this document, it support or enable GRE-in-UDP encapsulation described in this
will not be listening on destination port [TBD]. In these cases, document, it will not be listening on destination port (TBD). In
the router will conform to normal UDP processing and respond to the these cases, the router will conform to normal UDP processing and
tunnel ingress with an ICMP message indicating "port unreachable" respond to an encapsulator with an ICMP message indicating "port
according to [RFC792]. Upon receiving this ICMP message, the tunnel unreachable" according to [RFC792]. Upon receiving this ICMP
ingress MUST NOT continue to use GRE-in-UDP encapsulation toward message, the node MUST NOT continue to use GRE-in-UDP encapsulation
this tunnel egress without management intervention. toward this peer without management intervention.
7. IANA Considerations 8. IANA Considerations
IANA is requested to make the following allocation: IANA is requested to make the following allocation:
Service Name: GRE-in-UDP Service Name: GRE-in-UDP
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation Description: GRE-in-UDP Encapsulation
Reference: [This.I-D] Reference: [This.I-D]
Port Number: TBD Port Number: TBD
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
8. Security Considerations 9. Security Considerations
8.1. Vulnerability 9.1. Vulnerability
Neither UDP nor GRE encapsulation effects security for the payload Neither UDP nor GRE encapsulation effects security for the payload
protocol. When using GRE-in-UDP, Network Security in a network is protocol. When using GRE-in-UDP, Network Security in a network is
the same as that of a network using GRE. mostly equivalent to that of a network using GRE.
Use of ICMP for signaling of the GRE-in-UDP encapsulation capability Use of ICMP for signaling of the GRE-in-UDP encapsulation capability
adds a security concern. Upon receiving an ICMP message and before adds a security concern. Upon receiving an ICMP message and before
taking an action on it, the ingress MUST validate the IP address taking an action on it, the ingress MUST validate the IP address
originating against tunnel egress address and MUST evaluate the originating against tunnel egress address and MUST evaluate the
packet header returned in the ICMP payload to ensure the source port packet header returned in the ICMP payload to ensure the source port
is the one used for this tunnel. The mechanism for performing this is the one used for this tunnel. The mechanism for performing this
validation is out of the scope of this document. validation is out of the scope of this document.
In an instance where the UDP src port is not set based on the flow In an instance where the UDP source port is not set based on the
invariant fields from the payload header, a random port SHOULD be flow invariant fields from the payload header, a random port SHOULD
selected in order to minimize the vulnerability to off-path attacks. be selected in order to minimize the vulnerability to off-path
[RFC6056] How the src port randomization occurs is outside scope of attacks. [RFC6056]. The random port may also be periodically changed
this document. to mitigate certain denial of service attacks. How the source port
randomization occurs is outside scope of this document.
Using one standardized value in UDP destination port for an Using one standardized value in UDP destination port for an
encapsulation indication may increase the vulnerability of off-path encapsulation indication may increase the vulnerability of off-path
attack. To overcome this, tunnel egress may request tunnel ingress attack. To overcome this, an alternate port may be agreed upon to
using a different and specific value [RFC6056] in UDP destination use between an encapsulator and decapsulator [RFC6056]. How the
port for the GRE-in-UDP encapsulation indication. How the tunnel end encapsulator end points communicate the value is outside scope of
points communicate the value is outside scope of this document. this document.
This document does not require that the tunnel egress validates the This document does not require that decapsulator validates the IP
IP source address of the tunneled packets (with the exception that source address of the tunneled packets (with the exception that the
the IPv6 source address MUST be validated when UDP zero-checksum IPv6 source address MUST be validated when UDP zero-checksum mode is
mode is used with IPv6), but it should be understood that failure to used with IPv6), but it should be understood that failure to do so
do so presupposes that there is effective destination-based (or a presupposes that there is effective destination-based (or a
combination of source-based and destination-based) filtering at the combination of source-based and destination-based) filtering at the
boundaries. boundaries.
9. Acknowledgements 10. Acknowledgements
Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger
Geib, Gorry Fairhurst, David Black, Lar Edds, Lloyd, and many others Geib, Lar Edds, Lloyd, and many others for their review and valuable
for their review and valuable input on this draft. input on this draft.
Thank the design team led by David Black (members: Ross Callon, Thank the design team led by David Black (members: Ross Callon,
Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the
descriptions for the congestion considerations and IPv6 UDP zero descriptions for the congestion considerations and IPv6 UDP zero
checksum. checksum.
10. Contributors 11. Contributors
The following people all contributed significantly to this document The following people all contributed significantly to this document
and are listed below in alphabetical order: and are listed below in alphabetical order:
Ross Callon
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: rcallon@juniper.net
David Black David Black
EMC Corporation EMC Corporation
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
USA USA
Email: david.black@emc.com Email: david.black@emc.com
Ross Callon
Juniper Networks
10 Technology Park Drive
Westford, MA 01886
USA
Email: rcallon@juniper.net
John E. Drake John E. Drake
Juniper Networks Juniper Networks
Email: jdrake@juniper.net Email: jdrake@juniper.net
Gorry Fairhurst
University of Aberdeen
Email: gorry@erg.abdn.ac.uk
Yongbing Fan
China Telecom
Guangzhou, China.
Phone: +86 20 38639121
Email: fanyb@gsta.com
Adrian Farrel Adrian Farrel
Juniper Networks Juniper Networks
Email: adrian@olddog.co.uk Email: adrian@olddog.co.uk
Vishwas Manral Vishwas Manral
Hewlett-Packard Corp. Hewlett-Packard Corp.
3000 Hanover St, Palo Alto. 3000 Hanover St, Palo Alto.
Email: vishwas.manral@hp.com Email: vishwas.manral@hp.com
Carlos Pignataro Carlos Pignataro
Cisco Systems Cisco Systems
7200-12 Kit Creek Road 7200-12 Kit Creek Road
Research Triangle Park, NC 27709 USA Research Triangle Park, NC 27709 USA
EMail: cpignata@cisco.com EMail: cpignata@cisco.com
Yongbing Fan 12. References
China Telecom
Guangzhou, China.
Phone: +86 20 38639121
Email: fanyb@gsta.com
11. References
11.1. Normative References 12.1. Normative References
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980. August 1980.
[RFC791] DARPA, "Internet Protocol", RFC791, September 1981 [RFC1122] Braden, R., "Requirements for Internet Hosts --
Communication Layers", RFC1122, October 1989.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC2119, March 1997. Requirement Levels", BCP 14, RFC2119, March 1997.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000. March 2000.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC2890, September 2000. RFC2890, September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983, [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000. October 2000.
[RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application [RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application
Designers", RFC5405, November 2008. Designers", RFC5405, November 2008.
[RFC6040] Briscoe, B., "Tunneling of Explicit Congestion [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC6040, November 2010 Notification", RFC6040, November 2010.
[RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for [RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
Equal Cost Multipath Routing and Link Aggregation in Equal Cost Multipath Routing and Link Aggregation in
tunnels", RFC6438, November, 2011 tunnels", RFC6438, November, 2011.
11.2. Informative References [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935, April 2013.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, April 2013.
12.2. Informative References
[RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC
792, September 1981. 792, September 1981.
[RFC793] DARPA, "Transmission Control Protocol", RFC793, September
1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2914] Floyd, S.,"Congestion Control Principles", RFC2914,
September 2000.
[RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling
Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005. Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or Generic Routing Encapsulation (GRE)", RFC MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
4023, March 2005. 4023, March 2005.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
"Extended ICMP to Support Multi-Part Messages", RFC 4884,
April 2007.
[RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport- [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
Protocol Port Randomization", RFC6056, January 2011 Protocol Port Randomization", RFC6056, January 2011.
[RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and [GREIPV6] Pignataro, C., el al, "IPv6 Support for Generic Routing
L. Yong, "The Use of Entropy Labels in MPLS Forwarding", Encapsulation (GRE)", draft-ietf-intarea-gre-ipv6-02, work
RFC 6790, November 2012. in progress.
[GREMTU] Bonica, R., "A Fragmentation Strategy for Generic Routing [GREMTU] Bonica, R., "A Fragmentation Strategy for Generic Routing
Encapsulation (GRE)", draft-bonica-intara-gre-mtu, work in Encapsulation (GRE)", draft-ietf-intarea-gre-mtu, work in
progress progress.
[CB] Fairhurst, G., "Network Transport Circuit Breakers", [CB] Fairhurst, G., "Network Transport Circuit Breakers",
draft-fairhurst-tsvwg-circuit-breaker-01, work in progress draft-fairhurst-tsvwg-circuit-breaker-01, work in
progress.
12. Authors' Addresses 13. Authors' Addresses
Edward Crabbe (editor) Edward Crabbe
Email: edward.crabbe@gmail.com Email: edward.crabbe@gmail.com
Lucy Yong (editor) Lucy Yong
Huawei Technologies, USA Huawei Technologies, USA
Email: lucy.yong@huawei.com Email: lucy.yong@huawei.com
Xiaohu Xu (editor) Xiaohu Xu
Huawei Technologies, Huawei Technologies,
Beijing, China Beijing, China
Email: xuxiaohu@huawei.com Email: xuxiaohu@huawei.com
Gorry's comments Tom Herbert
- give an example of random constant value selection for UDP Google
source port in the case where tunnel ingress can't get flow 1600 Amphitheatre Parkway
entropy Mountain View, CA
- use "MUST" instead of "SHOULD" for requesting use of UDP Email : therbert@google.com
checksum in IPv6 network
- more concise text for congestion description; use some text
in [RFC5405]
- State what consequence without doing fragmentation
- tunnel ingress actions upon receiving an ICMP msg
- tunnel-in-tunnel case
- CB does not describe the protocol to support CB, only the
mechanism. UDP report protocol may be good fit.
 End of changes. 80 change blocks. 
393 lines changed or deleted 531 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/