draft-ietf-tsvwg-gre-in-udp-encap-04.txt   draft-ietf-tsvwg-gre-in-udp-encap-05.txt 
Network Working Group E. Crabbe Network Working Group E. Crabbe
Internet-Draft Internet-Draft
Intended status: Standard Track L. Yong Intended status: Standard Track L. Yong
Huawei USA Huawei USA
X. Xu X. Xu
Huawei Technologies Huawei Technologies
T. Herbert T. Herbert
Google Google
Expires: August 2015 February 11, 2015 Expires: September 2015 March 6, 2015
GRE-in-UDP Encapsulation GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-04 draft-ietf-tsvwg-gre-in-udp-encap-05
Abstract Abstract
This document describes a method of encapsulating network protocol This document describes a method of encapsulating network protocol
packets within GRE and UDP headers. In this encapsulation, the packets within GRE and UDP headers. In this encapsulation, the
source UDP port can be used as an entropy field for purposes of load source UDP port can be used as an entropy field for purposes of load
balancing, while the protocol of the encapsulated packet in the GRE balancing, while the protocol of the encapsulated packet in the GRE
payload is identified by the GRE Protocol Type. Usage restrictions payload is identified by the GRE Protocol Type. Usage restrictions
apply to GRE-in-UDP usage for traffic that is not congestion apply to GRE-in-UDP usage for traffic that is not congestion
controlled and to UDP zero checksum usage with IPv6. controlled and to UDP zero checksum usage with IPv6.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 11, 2015. This Internet-Draft will expire on September 6, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 22 skipping to change at page 2, line 22
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Applicability Statement...................................3 1.1. Applicability Statement...................................3
2. Terminology....................................................4 2. Terminology....................................................4
2.1. Requirements Language.....................................4 2.1. Requirements Language.....................................4
3. Encapsulation in UDP...........................................4 3. Encapsulation in UDP...........................................4
3.1. IP header.................................................7 3.1. IP Header.................................................7
3.2. UDP header................................................7 3.2. UDP Header................................................7
3.2.1. Source Port..........................................7 3.2.1. Source Port..........................................7
3.2.2. Destination port.....................................7 3.2.2. Destination Port.....................................7
3.2.3. Checksum.............................................7 3.2.3. Checksum.............................................7
3.2.4. Length...............................................8 3.2.4. Length...............................................8
3.3. GRE header................................................8 3.3. GRE Header................................................8
4. UDP Checksum Handling..........................................8 4. Encapsulation Process Procedures...............................8
4.1. UDP Checksum with IPv4....................................8 4.1. MTU and Fragmentation.....................................9
4.2. UDP Checksum with IPv6....................................9 4.2. Differentiated Services..................................10
4.2.1. Middlebox Considerations for IPv6 UDP Zero Checksums12 5. UDP Checksum Handling.........................................10
5. Encapsulation Process Procedures..............................12 5.1. UDP Checksum with IPv4...................................10
5.1. Packet Fragmentation.....................................13 5.2. UDP Checksum with IPv6...................................10
5.2. Differentiated services..................................13 5.2.1. Middlebox Considerations ...........................14
6. Congestion Considerations.....................................14 6. Congestion Considerations.....................................14
7. Backward Compatibility........................................15 7. Backward Compatibility........................................16
8. IANA Considerations...........................................16 8. IANA Considerations...........................................16
9. Security Considerations.......................................16 9. Security Considerations.......................................17
9.1. Vulnerability............................................16 10. Acknowledgements.............................................18
10. Acknowledgements.............................................17 11. Contributors.................................................18
11. Contributors.................................................17 12. References...................................................20
12. References...................................................19 12.1. Normative References....................................20
12.1. Normative References....................................19 12.2. Informative References..................................20
12.2. Informative References..................................19 13. Authors' Addresses...........................................21
13. Authors' Addresses...........................................20
1. Introduction 1. Introduction
Load balancing, or more specifically statistical multiplexing of Load balancing, or more specifically statistical multiplexing of
traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation
Groups (LAGs) in IP networks is a widely used technique for creating Groups (LAGs) in IP networks is a widely used technique for creating
higher capacity networks out of lower capacity links. Most existing higher capacity networks out of lower capacity links. Most existing
routers in IP networks are already capable of distributing IP routers in IP networks are already capable of distributing IP
traffic flows over ECMP paths and/or LAGs on the basis of a hash traffic flows over ECMP paths and/or LAGs on the basis of a hash
function performed on flow invariant fields in IP packet headers and function performed on flow invariant fields in IP packet headers and
skipping to change at page 3, line 47 skipping to change at page 3, line 47
change or upgrade to their ECMP implementation. The encapsulation change or upgrade to their ECMP implementation. The encapsulation
mechanism is applicable to a variety of IP networks including Data mechanism is applicable to a variety of IP networks including Data
Center and wide area networks. Center and wide area networks.
1.1. Applicability Statement 1.1. Applicability Statement
GRE encapsulation is widely used for many applications. For example, GRE encapsulation is widely used for many applications. For example,
to redirect IP traffic to traverse a different path instead of the to redirect IP traffic to traverse a different path instead of the
default path in an operator network, to tunnel private network default path in an operator network, to tunnel private network
traffic over a public network by use of public IP network addresses, traffic over a public network by use of public IP network addresses,
or to tunnel IPv6 traffic over an IPv4 network, etc. to tunnel IPv6 traffic over an IPv4 network, and etc.
When encapsulating GRE in UDP, encapsulated traffic will be treated When using GRE-in-UDP encapsulation, encapsulated traffic will be
as a UDP application, not as a GRE application, in an IP network. treated as a UDP application, not as a GRE application, in an IP
network. Thus GRE-in-UDP tunnel needs to meet UDP application
guidelines specified in [RFC5405bis], which can constrain GRE-in-UDP
tunnel usage to certain applications and/or environments.
Thus GRE-in-UDP applications must meet UDP tunnel requirements as Here is the list of the UDP application guidelines in [RFC5405bis]
specified in [RFC5405]. This may constrain GRE-in-UDP tunnel usage and corresponding Sections to cover it in this document.
in certain applications and/or environments. See Section 6.
o Congestion Control: GRE-in-UDP does not have congestion control
mechanism. The usage restrictions for traffic that is not
congestion control is specified in Section 6.
o Message Size: Address in Section 4.1
o Reliability: not applicable to a GRE-in-UDP tunnel. GRE-in-UDP
tunnel does not provide any reliable transport.
o Checksum: Address in Section 5.
o Middlebox Traversal: Section 5.2.1.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in- traffic, i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in-
UDP or other tunnel encapsulation. In this case, GRE-in-UDP tunnel UDP or other tunnel encapsulation. In this case, GRE-in-UDP tunnel
end points treat other tunnel endpoints as of the end hosts for the end points treat other tunnel endpoints as of the end hosts for the
traffic and do not differentiate such end hosts from other end hosts. traffic and do not differentiate such end hosts from other end hosts.
2. Terminology 2. Terminology
The terms defined in [RFC768][RFC2784] are used in this document. The terms defined in [RFC768][RFC2784] are used in this document.
skipping to change at page 5, line 36 skipping to change at page 5, line 36
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) | | Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 UDP+GRE Headers in IPv4 Figure 1 UDP+GRE Headers in IPv4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv6 Header: IPv6 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label | |Version| Traffic Class | Flow Label |
skipping to change at page 6, line 46 skipping to change at page 6, line 46
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (Optional) | | Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 UDP+GRE Headers in IPv6 Figure 2 UDP+GRE Headers in IPv6
The contents of the IP, UDP, and GRE headers that are relevant in The contents of the IP, UDP, and GRE headers that are relevant in
this encapsulation are described below. this encapsulation are described below.
3.1. IP header 3.1. IP Header
An encapsulator MUST encode its own IP address as the source IP An encapsulator MUST encode its own IP address as the source IP
address and the decapsulator's IP address as the destination IP address and the decapsulator's IP address as the destination IP
address. The TTL field in the IP header must be set to a value address. The TTL field in the IP header must be set to a value
appropriate for delivery of the encapsulated packet to the peer of appropriate for delivery of the encapsulated packet to the peer of
the encapsulation. the encapsulation.
3.2. UDP header 3.2. UDP Header
3.2.1. Source Port 3.2.1. Source Port
The UDP source port contains a 16-bit entropy value that is The UDP source port contains a 16-bit entropy value that is
generated by the encapsulator to identify a flow for the generated by the encapsulator to identify a flow for the
encapsulated packet. The port value SHOULD be within the ephemeral encapsulated packet. The port value SHOULD be within the ephemeral
port range. IANA suggests this range to be 49152 to 65535, where the port range. IANA suggests this range to be 49152 to 65535, where the
high order two bits of the port are set to one. This provides high order two bits of the port are set to one. This provides
fourteen bits of entropy for the inner flow identifier. In the case fourteen bits of entropy for the inner flow identifier. In the case
that an encapsulator is unable to derive flow entropy from the that an encapsulator is unable to derive flow entropy from the
skipping to change at page 7, line 40 skipping to change at page 7, line 40
The source port value for a flow set by an encapsulator MAY change The source port value for a flow set by an encapsulator MAY change
over the lifetime of the encapsulated flow. For instance, an over the lifetime of the encapsulated flow. For instance, an
encapsulator may change the assignment for Denial of Service (DOS) encapsulator may change the assignment for Denial of Service (DOS)
mitigation or as a means to effect routing through the ECMP network. mitigation or as a means to effect routing through the ECMP network.
An encapsulator SHOULD NOT change the source port selected for a An encapsulator SHOULD NOT change the source port selected for a
flow more than once every thirty seconds. flow more than once every thirty seconds.
How an encapsulator generates entropy from the payload is outside How an encapsulator generates entropy from the payload is outside
the scope of this document. the scope of this document.
3.2.2. Destination port 3.2.2. Destination Port
The destination port of the UDP header is set the GRE/UDP port (TBD) The destination port of the UDP header is set the GRE/UDP port (TBD)
(see Section 8). (see Section 8).
3.2.3. Checksum 3.2.3. Checksum
The UDP checksum is set and processed per [RFC768] and [RFC1122] for The UDP checksum is set and processed per [RFC768] and [RFC1122] for
IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and
use of zero UDP checksums are detailed in section 4. use of zero UDP checksums are detailed in Section 5.
3.2.4. Length 3.2.4. Length
The usage of this field is in accordance with the current UDP The usage of this field is in accordance with the current UDP
specification in [RFC768]. This length will include the UDP header specification in [RFC768]. This length will include the UDP header
(eight bytes), GRE header, and the GRE payload (encapsulated packet). (eight bytes), GRE header, and the GRE payload (encapsulated packet).
3.3. GRE header 3.3. GRE Header
An encapsulator sets the protocol type (EtherType) of the packet An encapsulator sets the protocol type (EtherType) of the packet
being encapsulated in the GRE Protocol Type field. being encapsulated in the GRE Protocol Type field.
An encapsulator may set the GRE Key Present, Sequence Number Present, An encapsulator may set the GRE Key Present, Sequence Number Present,
and Checksum Present bits and associated fields in the GRE header as and Checksum Present bits and associated fields in the GRE header as
defined by [RFC2784] and [RFC2890]. defined by [RFC2784] and [RFC2890].
The GRE checksum MAY be enabled to protect the GRE header and The GRE checksum MAY be enabled to protect the GRE header and
payload. An encapsulator SHOULD NOT enable both the GRE checksum and payload. An encapsulator SHOULD NOT enable both the GRE checksum and
UDP checksum simultaneously as this would be mostly redundant. Since UDP checksum simultaneously as this would be mostly redundant. Since
the UDP checksum covers more of the packet including the GRE header the UDP checksum covers more of the packet including the GRE header
and payload, the UDP checksum SHOULD have preference to using GRE and payload, the UDP checksum SHOULD have preference to using GRE
checksum. checksum.
4. UDP Checksum Handling An implementation MAY use the GRE keyid to authenticate the
encapsulator. In this model, a shared value is either configured or
negotiated between an encapsulator and decapsulator. When a GRE-in-
UDP packet is received with the keyid present, it is checked to see
if it is valid for the source to have set for the tunnel packet was
sent on. An implementation MAY enforce that a keyid be used for
source authentication on selected tunnels. When a decapsulator
determines a presented keyid is not valid for the source to send or
the keyid is absent and is considered required for authenticating
the encapsulator for a tunnel, the packet MUST be dropped.
4.1. UDP Checksum with IPv4 4. Encapsulation Process Procedures
The GRE-in-UDP encapsulation allows encapsulated packets to be
forwarded through "GRE-UDP tunnels". When performing GRE-in-UDP
encapsulation by the encapsulator, the entropy value would be
generated by the encapsulator and then be filled in the Source Port
field of the UDP header. The Destination Port field is set to a
value (TBD) allocated by IANA to indicate that the UDP tunnel
payload is a GRE packet. The Protocol Type header field in GRE
header is set to the EtherType value corresponding to the protocol
of the encapsulated packet.
Intermediate routers, upon receiving these UDP encapsulated packets,
could balance these packets based on the hash of the five-tuple of
UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator
would decapsulate them by removing the UDP and GRE headers and then
process them accordingly.
Note: Each UDP tunnel is unidirectional, as GRE-in-UDP traffic is
sent to the IANA-allocated UDP Destination Port, and in particular,
is never sent back to any port used as a UDP Source Port (which
serves solely as a source of entropy). This is at odds with a common
middlebox (e.g., firewall) assumption that bidirectional traffic
uses a common pair of UDP ports. As a result, arranging to pass
bidirectional GRE-in-UDP traffic through middleboxes may require
separate configuration for each direction of traffic.
GRE-in-UDP allows encapsulation of unicast, broadcast, or multicast
traffic. Entropy may be generated from the header of encapsulated
unicast or broadcast/multicast packets at an encapsulator. The
mapping mechanism between the encapsulated multicast traffic and the
multicast capability in the IP network is transparent and
independent to the encapsulation and is otherwise outside the scope
of this document.
To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep-
alive. It is RECOMMENED no use of GRE keep-alive in the GRE-in-UDP
tunnel. This aligns with middlebox traversal guidelines in Section
3.5 of [RFC5405bis].
4.1. MTU and Fragmentation
Regarding fragmentation, an encapsulator SHOULD perform
fragmentation [GREMTU] on a packet before encapsulation and factor
in both GRE and UDP header bytes in the effective Maximum
Transmission Unit (MTU) size. Not performing the fragmentation will
cause the packets exceeding network MTU size to be dropped or
fragmented in the network. An encapsulator MUST use the same source
UDP port for all packet fragments to ensure that the transit routers
will forward the packet fragments on the same path. An operator
should factor in the additional bytes of overhead when considering
an MTU size for the payload to avoid the likelihood of fragmentation.
Fragmented packets MUST be reassembled at the decapsulator prior to
being sent to a (payload) application. Packet fragmentation and
reassembling process is outside the scope of the document.
4.2. Differentiated Services
To ensure that tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, an encapsulator should
process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Encapsulation end points that
support ECN must use the method described in [RFC6040] for ECN
marking propagation. This process is outside of the scope of this
document.
5. UDP Checksum Handling
5.1. UDP Checksum with IPv4
For UDP in IPv4, the UDP checksum MUST be processed as specified in For UDP in IPv4, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC1122] for both transmit and receive. An [RFC768] and [RFC1122] for both transmit and receive. An
encapsulator MAY set the UDP checksum to zero for performance or encapsulator MAY set the UDP checksum to zero for performance or
implementation considerations. The IPv4 header includes a checksum implementation considerations. The IPv4 header includes a checksum
which protects against mis-delivery of the packet due to corruption which protects against mis-delivery of the packet due to corruption
of IP addresses. The UDP checksum potentially provides protection of IP addresses. The UDP checksum potentially provides protection
against corruption of the UDP header, GRE header, and GRE payload. against corruption of the UDP header, GRE header, and GRE payload.
Enabling or disabling the use of checksums is a deployment Enabling or disabling the use of checksums is a deployment
consideration that should take into account the risk and effects of consideration that should take into account the risk and effects of
skipping to change at page 9, line 9 skipping to change at page 10, line 45
decapsularor SHOULD accept UDP packets with a zero checksum. A node decapsularor SHOULD accept UDP packets with a zero checksum. A node
MAY be configured to disallow zero checksums per [RFC1122]; this may MAY be configured to disallow zero checksums per [RFC1122]; this may
be done selectively, for instance disallowing zero checksums from be done selectively, for instance disallowing zero checksums from
certain hosts that are known to be sending over paths subject to certain hosts that are known to be sending over paths subject to
packet corruption. If verification of a non-zero checksum fails, a packet corruption. If verification of a non-zero checksum fails, a
decapsulator lacks the capability to verify a non-zero checksum, or decapsulator lacks the capability to verify a non-zero checksum, or
a packet with a zero-checksum was received and the decapsulator is a packet with a zero-checksum was received and the decapsulator is
configured to disallow, the packet MUST be dropped and an event MAY configured to disallow, the packet MUST be dropped and an event MAY
be logged. be logged.
4.2. UDP Checksum with IPv6 5.2. UDP Checksum with IPv6
For UDP in IPv6, the UDP checksum MUST be processed as specified in For UDP in IPv6, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC2460] for both transmit and receive. [RFC768] and [RFC2460] for both transmit and receive.
When UDP is used over IPv6, the UDP checksum is relied upon to When UDP is used over IPv6, the UDP checksum is relied upon to
protect both the IPv6 and UDP headers from corruption, and so MUST protect both the IPv6 and UDP headers from corruption, and so MUST
used with the following exceptions: used with the following exceptions:
a. Use of GRE-in-UDP in networks under single administrative a. Use of GRE-in-UDP in networks under single administrative
control (such as within a single operator's network) where it control (such as within a single operator's network) where it
skipping to change at page 9, line 34 skipping to change at page 11, line 25
b. Use of GRE-in-UDP in networks under single administrative b. Use of GRE-in-UDP in networks under single administrative
control (such as within a single operator's network) where it control (such as within a single operator's network) where it
is judged through observational measurements (perhaps of is judged through observational measurements (perhaps of
historic or current traffic flows that use a non-zero checksum) historic or current traffic flows that use a non-zero checksum)
that the level of packet corruption is tolerably low and where that the level of packet corruption is tolerably low and where
the operator is willing to take the risk of undetected packet the operator is willing to take the risk of undetected packet
corruption. corruption.
c. Use of GRE-in-UDP for traffic delivery for applications that c. Use of GRE-in-UDP for traffic delivery for applications that
are tolerant of misdelivered or corrupted packets (perhaps are tolerant of mis-delivered or corrupted packets (perhaps
through higher layer checksum, validation, and retransmission through higher layer checksum, validation, and retransmission
or transmission redundancy) where the operator is willing to or transmission redundancy) where the operator is willing to
rely on the applications using the tunnel to survive any rely on the applications using the tunnel to survive any
corrupt packets. corrupt packets.
For these exceptions, the UDP zero-checksum mode can be used. For these exceptions, the UDP zero-checksum mode can be used.
However the use of the UDP zero-checksum mode must meet the However the use of the UDP zero-checksum mode must meet the
requirements specified in [RFC6935] and [RFC6936] as well at the requirements specified in [RFC6935] and [RFC6936] as well at the
additional requirements stated below. additional requirements stated below.
skipping to change at page 10, line 22 skipping to change at page 12, line 12
The following additional requirements apply to implementation and The following additional requirements apply to implementation and
use of UDP zero-checksum mode for GRE-in-UDP over IPv6: use of UDP zero-checksum mode for GRE-in-UDP over IPv6:
a. Use of the UDP checksum with IPv6 MUST be the default a. Use of the UDP checksum with IPv6 MUST be the default
configuration of all GRE-in-UDP implementations. configuration of all GRE-in-UDP implementations.
b. The GRE-in-UDP implementation MUST comply with all requirements b. The GRE-in-UDP implementation MUST comply with all requirements
specified in Section 4 of [RFC6936] and with requirement 1 specified in Section 4 of [RFC6936] and with requirement 1
specified in Section 5 of [RFC6936]. specified in Section 5 of [RFC6936].
c. A decapsulator SHOULD only allow the use of UDP zero-checksum c. By default a decapsulator MUST disallow receipt of GRE-in-UDP
mode for IPv6 on a single received UDP Destination Port. The
motivation for this requirement is possible corruption of the UDP
destination port, which may cause packet delivery to the wrong
UDP port. If that other UDP port requires the UDP checksum, the
mis-delivered packet will be discarded
d. By default a decapsulator MUST disallow receipt of GRE-in-UDP
packets with zero UDP checksums with IPv6. Zero checksums May packets with zero UDP checksums with IPv6. Zero checksums May
selectively be enabled for certain source address. A decapsulator selectively be enabled for certain source address. A decapsulator
MUST check that the source and destination IPv6 addresses are MUST check that the source and destination IPv6 addresses are
valid for the GRE-in-UDP tunnel on which the packet was received valid for the GRE-in-UDP tunnel on which the packet was received
if that tunnel uses UDP zero-checksum mode and discard any packet if that tunnel uses UDP zero-checksum mode and discard any packet
for which this check fails. for which this check fails.
e. An encapsulator SHOULD use different IPv6 addresses for each GRE- d. An encapsulator SHOULD use different IPv6 addresses for each GRE-
in-UDP tunnel that uses UDP zero-checksum mode regardless of the in-UDP tunnel that uses UDP zero-checksum mode regardless of the
decapsulator in order to strengthen the decapsulator's check of decapsulator in order to strengthen the decapsulator's check of
the IPv6 source address (i.e., the same IPv6 source address the IPv6 source address (i.e., the same IPv6 source address
SHOULD NOT be used with more than one IPv6 destination address, SHOULD NOT be used with more than one IPv6 destination address,
independent of whether that destination address is a unicast or independent of whether that destination address is a unicast or
multicast address). When this is not possible, it is RECOMMENDED multicast address). When this is not possible, it is RECOMMENDED
to use each source IPv6 address for as few UDP zero-checksum mode to use each source IPv6 address for as few UDP zero-checksum mode
GRE-in-UDP tunnels as is feasible. GRE-in-UDP tunnels as is feasible.
f. Any middlebox support for GRE-in-UDP with UDP zero-checksum mode e. Any middlebox support for GRE-in-UDP with UDP zero-checksum mode
for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of
[RFC6936].[RFC6936]. [RFC6936].[RFC6936].
g. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP f. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP
checksums from "escaping" to the general Internet; see Section 6 checksums from "escaping" to the general Internet; see Section 6
for examples of such measures. for examples of such measures.
h. IPv6 traffic with zero UDP checksums MUST be actively monitored g. IPv6 traffic with zero UDP checksums MUST be actively monitored
for errors by the network operator. for errors by the network operator.
i. The use a zero UDP checksum should present the equivalent risk of h. If a packet with a non-zero checksum is received, the checksum
undetected packet corruption when sending similar packet using
GRE-in-IPv6 without UDP and without GRE checksums.
j. If a packet with a non-zero checksum is received, the checksum
MUST be verified before accepting the packet. This is regardless MUST be verified before accepting the packet. This is regardless
of whether a tunnel encapsulator and decapsulator have been of whether a tunnel encapsulator and decapsulator have been
configured with UDP zero-checksum mode. configured with UDP zero-checksum mode.
The above requirements do not change either the requirements The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936]. specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the strong recommendation against destination IPv6 address, plus the strong recommendation against
skipping to change at page 12, line 11 skipping to change at page 13, line 35
monitoring of GRE-in-UDP traffic for errors is REQUIRED as monitoring of GRE-in-UDP traffic for errors is REQUIRED as
occurrence of errors will result in some accumulation of error occurrence of errors will result in some accumulation of error
information outside the protocol for operational and management information outside the protocol for operational and management
purposes. This design is in accordance with requirement 4 specified purposes. This design is in accordance with requirement 4 specified
in Section 5 of [RFC6936]. in Section 5 of [RFC6936].
The remaining requirements specified in Section 5 of [RFC6936] are The remaining requirements specified in Section 5 of [RFC6936] are
inapplicable to GRE-in-UDP. Requirements 6 and 7 do not apply inapplicable to GRE-in-UDP. Requirements 6 and 7 do not apply
because GRE does not have a GRE-generic control feedback mechanism. because GRE does not have a GRE-generic control feedback mechanism.
Requirements 8-10 are middlebox requirements that do not apply to Requirements 8-10 are middlebox requirements that do not apply to
GRE-in-UDP tunnel endpoints, but see Section 3.2 for further GRE-in-UDP tunnel endpoints, but see Section 5.2.1 for further
middlebox discussion. middlebox discussion.
It is worth to mention that the use of a zero UDP checksum should
present the equivalent risk of undetected packet corruption when
sending similar packet using GRE-in-IPv6 without UDP and without GRE
checksums.
In summary, UDP zero-checksum mode for IPv6 is allowed to be used In summary, UDP zero-checksum mode for IPv6 is allowed to be used
with GRE-in-UDP when one of the three exceptions specified above with GRE-in-UDP when one of the three exceptions specified above
applies, provided that additional requirements stated above are applies, provided that additional requirements stated above are
complied with. Otherwise the UDP checksum MUST be used for IPv6 as complied with. Otherwise the UDP checksum MUST be used for IPv6 as
specified in [RFC768] and [RFC2460]. specified in [RFC768] and [RFC2460].
4.2.1. Middlebox Considerations for IPv6 UDP Zero Checksums 5.2.1. Middlebox Considerations
IPv6 datagrams with a zero UDP checksum will not be passed by any IPv6 datagrams with a zero UDP checksum will not be passed by any
middlebox that validates the checksum based on [RFC2460] or that middlebox that validates the checksum based on [RFC2460] or that
updates the UDP checksum field, such as NATs or firewalls. Changing updates the UDP checksum field, such as NATs or firewalls. Changing
this behavior would require such middleboxes to be updated to this behavior would require such middleboxes to be updated to
correctly handle datagrams with zero UDP checksums. The GRE-in-UDP correctly handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over using a checksum when a path change occurs redirecting a tunnel over
a path that includes a middlebox that discards IPv6 datagrams with a a path that includes a middlebox that discards IPv6 datagrams with a
zero UDP checksum. In this case the GRE-in-UDP tunnel will be zero UDP checksum. In this case the GRE-in-UDP tunnel will be
black-holed by that middlebox. Recommended changes to allow black-holed by that middlebox. Recommended changes to allow
firewalls, NATs and other middleboxes to support use of an IPv6 zero firewalls, NATs and other middleboxes to support use of an IPv6 zero
UDP checksum are described in Section 5 of [RFC6936]. UDP checksum are described in Section 5 of [RFC6936].
5. Encapsulation Process Procedures
This GRE-in-UDP encapsulation allows packets to be forwarded through
"GRE-UDP tunnels". When performing GRE-in-UDP encapsulation by the
encapsulator, the entropy value would be generated by the
encapsulator and then be filled in the Source Port field of the UDP
header. The Destination Port field is set to a value (TBD)
allocated by IANA to indicate that the UDP tunnel payload is a GRE
packet. The Protocol Type header field in GRE header is set to the
EtherType value corresponding to the protocol of the encapsulated
packet.
Intermediate routers, upon receiving these UDP encapsulated packets,
could balance these packets based on the hash of the five-tuple of
UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator
would decapsulate them by removing the UDP headers and then process
them accordingly.
Note: Each UDP tunnel is unidirectional, as GRE-in-UDP traffic is
sent to the IANA-allocated UDP Destination Port, and in particular,
is never sent back to any port used as a UDP Source Port (which
serves solely as a source of entropy). This is at odds with a common
middlebox (e.g., firewall) assumption that bidirectional traffic
uses a common pair of UDP ports. As a result, arranging to pass
bidirectional GRE-in-UDP traffic through middleboxes may require
separate configuration for each direction of traffic.
GRE-in-UDP allows encapsulation of unicast, broadcast, or multicast
traffic. Entropy may be generated from the header of encapsulated
unicast or broadcast/multicast packets at an encapsulator. The
mapping mechanism between the encapsulated multicast traffic and the
multicast capability in the IP network is transparent and
independent to the encapsulation and is otherwise outside the scope
of this document.
5.1. Packet Fragmentation
Regarding Fragmentation, an encapsulator SHOULD perform
fragmentation [GREMTU] on a packet before encapsulation and factor
in both GRE and UDP header bytes in the effective Maximum
Transmission Unit (MTU) size. Not performing the fragmentation will
cause the packets exceeding network MTU size to be dropped or
fragmented in the network. An encapsulator MUST use the same source
UDP port for all packet fragments to ensure that the transit routers
will forward the packet fragments on the same path. An operator
should factor in the additional bytes of overhead when considering
an MTU size for the payload to reduce the likelihood of
fragmentation.
5.2. Differentiated services
To ensure that tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, an encapsulator should
process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Encapsulation end points that
support ECN must use the method described in [RFC6040] for ECN
marking propagation. This process is outside of the scope of this
document.
6. Congestion Considerations 6. Congestion Considerations
Section 3.1.3 of [RFC5405] discussed the congestion implications of Section 3.1.7 of [RFC5405bis] discussed the congestion implications
UDP tunnels. As discussed in [RFC5405], because other flows can of UDP tunnels. As discussed in [RFC5405bis], because other flows
share the path with one or more UDP tunnels, congestion control can share the path with one or more UDP tunnels, congestion control
[RFC2914] needs to be considered. [RFC2914] needs to be considered.
A major motivation for GRE-in-UDP encapsulation is to tunnel a A major motivation for GRE-in-UDP encapsulation is to tunnel a
network protocol over IP network and improve the use of multipath network protocol over IP network and improve the use of multipath
(such as ECMP) in cases where traffic is to traverse routers which (such as ECMP) in cases where traffic is to traverse routers which
are able to hash on UDP Port and IP address. As such, in many cases are able to hash on UDP Port and IP address. As such, in many cases
this may reduce the occurrence of congestion and improve usage of this may reduce the occurrence of congestion and improve usage of
available network capacity. However, it is also necessary to ensure available network capacity. However, it is also necessary to ensure
that the network, including applications that use the network, that the network, including applications that use the network,
responds appropriately in more difficult cases, such as when link or responds appropriately in more difficult cases, such as when link or
skipping to change at page 16, line 13 skipping to change at page 16, line 27
support or enable GRE-in-UDP encapsulation described in this support or enable GRE-in-UDP encapsulation described in this
document, it will not be listening on destination port (TBD). In document, it will not be listening on destination port (TBD). In
these cases, the router will conform to normal UDP processing and these cases, the router will conform to normal UDP processing and
respond to an encapsulator with an ICMP message indicating "port respond to an encapsulator with an ICMP message indicating "port
unreachable" according to [RFC792]. Upon receiving this ICMP unreachable" according to [RFC792]. Upon receiving this ICMP
message, the node MUST NOT continue to use GRE-in-UDP encapsulation message, the node MUST NOT continue to use GRE-in-UDP encapsulation
toward this peer without management intervention. toward this peer without management intervention.
8. IANA Considerations 8. IANA Considerations
IANA is requested to make the following allocation: IANA is requested to make the following allocations:
One UDP destination port number for the indication of GRE
Service Name: GRE-in-UDP Service Name: GRE-in-UDP
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation Description: GRE-in-UDP Encapsulation
Reference: [This.I-D] Reference: [This.I-D]
Port Number: TBD Port Number: TBD
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
9. Security Considerations One UDP destination port number for the indication of GRE with DTLS
9.1. Vulnerability Service Name: GRE-UDP-DTLS
Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation with DTLS
Reference: [This.I-D]
Port Number: TBD
Service Code: N/A
Known Unauthorized Uses: N/A
Assignment Notes: N/A
Neither UDP nor GRE encapsulation effects security for the payload 9. Security Considerations
UDP and GRE encapsulation does not effect security for the payload
protocol. When using GRE-in-UDP, Network Security in a network is protocol. When using GRE-in-UDP, Network Security in a network is
mostly equivalent to that of a network using GRE. mostly equivalent to that of a network using GRE.
DTLS [RFC6347] can be used for application security and can preserve
network and transport layer protocol information. Specifically, if
DTLS is used to secure the GRE-in-UDP tunnel, the destination port
of the UDP header MUST be set to an IANA-assigned value (TBD2)
indicating GRE-in-UDP with DTLS, and that UDP port MUST NOT be used
for other traffic. The UDP source port field can still be used to
add entropy, e.g., for load-sharing purposes. DTLS usage is limited
to a single DTLS session for any specific tunnel encapsulator/
decapsulator pair (identified by source and destination IP
addresses). Both IP addresses MUST be unicast addresses - multicast
traffic is not supported when DTLS is used. A GRE-in-UDP tunnel
decapsulator implementation that supports DTLS is expected to be
able to establish DTLS sessions with multiple tunnel encapsulators,
and likewise an GRE-in-UDP tunnel encapsulator implementation is
expected to be able to establish DTLS sessions with multiple
decapsulators (although different source and/or destination IP
addresses may be involved -see Section 4.2 for discussion of one
situation where use of different source IP addresses is important).
Use of ICMP for signaling of the GRE-in-UDP encapsulation capability Use of ICMP for signaling of the GRE-in-UDP encapsulation capability
adds a security concern. Upon receiving an ICMP message and before adds a security concern. Upon receiving an ICMP message and before
taking an action on it, the ingress MUST validate the IP address taking an action on it, the ingress MUST validate the IP address
originating against tunnel egress address and MUST evaluate the originating against tunnel egress address and MUST evaluate the
packet header returned in the ICMP payload to ensure the source port packet header returned in the ICMP payload to ensure the source port
is the one used for this tunnel. The mechanism for performing this is the one used for this tunnel. The mechanism for performing this
validation is out of the scope of this document. validation is out of the scope of this document.
In an instance where the UDP source port is not set based on the In an instance where the UDP source port is not set based on the
flow invariant fields from the payload header, a random port SHOULD flow invariant fields from the payload header, a random port SHOULD
skipping to change at page 19, line 28 skipping to change at page 20, line 28
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000. March 2000.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC2890, September 2000. RFC2890, September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983, [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000. October 2000.
[RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application [RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for
Designers", RFC5405, November 2008. Application Designers", draft-ietf-tsvwg-rfc5405bis, work
in progress.
[RFC6040] Briscoe, B., "Tunneling of Explicit Congestion [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC6040, November 2010. Notification", RFC6040, November 2010.
[RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for [RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
Equal Cost Multipath Routing and Link Aggregation in Equal Cost Multipath Routing and Link Aggregation in
tunnels", RFC6438, November, 2011. tunnels", RFC6438, November, 2011.
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935, April 2013. UDP Checksums for Tunneled Packets", RFC 6935, April 2013.
 End of changes. 39 change blocks. 
129 lines changed or deleted 189 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/