draft-ietf-tsvwg-gre-in-udp-encap-07.txt   draft-ietf-tsvwg-gre-in-udp-encap-08.txt 
Network Working Group E. Crabbe Network Working Group E. Crabbe
Internet-Draft Internet-Draft
Intended status: Standard Track L. Yong Intended status: Standard Track L. Yong
Huawei USA Huawei USA
X. Xu X. Xu
Huawei Technologies Huawei Technologies
T. Herbert T. Herbert
Google Google
Expires: January 2015 July 4, 2015 Expires: April 2016 October 16, 2015
GRE-in-UDP Encapsulation GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-07 draft-ietf-tsvwg-gre-in-udp-encap-08
Abstract Abstract
This document describes a method of encapsulating network protocol This document describes a method of encapsulating network protocol
packets within GRE and UDP headers. In this encapsulation, the packets within GRE and UDP headers. In this encapsulation, the
source UDP port can be used as an entropy field for purposes of load source UDP port can be used as an entropy field for purposes of load
balancing, while the protocol of the encapsulated packet in the GRE balancing, while the protocol of the encapsulated packet in the GRE
payload is identified by the GRE Protocol Type. Usage restrictions payload is identified by the GRE Protocol Type. This encapsulation
apply to GRE-in-UDP usage for traffic that is not congestion protocol can apply to IPv4 and IPv6 networks including the Internet.
controlled and to UDP zero checksum usage with IPv6. When applying it to a well-managed operator network, the tunnel
implementation and usage can be less restrictive. The document
specifies the tunnel implementations under both network scenarios.
Status of This Document Status of This Document
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2015. This Internet-Draft will expire on April 16,2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction ........................................... 3
1.1. Applicability Statement...................................3 1.1. Applicability Statement .............................. 3
2. Terminology....................................................4 1.1.1. Requirements for Default GRE-in-UDP Tunnel
2.1. Requirements Language.....................................4 Implementation over the Internet........................ 5
3. Encapsulation in UDP...........................................4 1.1.2. Requirements for Conditional GRE-in-UDP Tunnel
3.1. IP Header.................................................7 Implementation over a Well-Managed Operator Network..... 6
3.2. UDP Header................................................7 2. Terminology ............................................... 7
3.2.1. Source Port..........................................7 2.1. Requirements Language................................. 7
3.2.2. Destination Port.....................................7 3. Encapsulation in UDP ...................................... 7
3.2.3. Checksum.............................................7 3.1. IP Header ........................................... 10
3.2.4. Length...............................................8 3.2. UDP Header .......................................... 10
3.3. GRE Header................................................8 3.2.1. Source Port .................................... 10
4. Encapsulation Process Procedures...............................8 3.2.2. Destination Port ............................... 10
4.1. MTU and Fragmentation.....................................9 3.2.3. Checksum ....................................... 11
4.2. Differentiated Services..................................10 3.2.4. Length ......................................... 11
5. UDP Checksum Handling.........................................10 3.3. GRE Header .......................................... 11
5.1. UDP Checksum with IPv4...................................10 4. Encapsulation Process Procedures ......................... 11
5.2. UDP Checksum with IPv6...................................10 4.1. MTU and Fragmentation ............................... 12
5.2.1. Middlebox Considerations............................14 4.2. Differentiated Services ............................. 13
6. Congestion Considerations.....................................14 5. UDP Checksum Handling ................................... 13
7. Backward Compatibility........................................16 5.1. UDP Checksum with IPv4 .............................. 13
8. IANA Considerations...........................................16 5.2. UDP Checksum with IPv6 .............................. 14
9. Security Considerations.......................................17 5.2.1. Middlebox Considerations ....................... 17
10. Acknowledgements.............................................18 6. Congestion Considerations ................................ 17
11. Contributors.................................................18 7. Backward Compatibility .................................. 18
12. References...................................................20 8. IANA Considerations ...................................... 19
12.1. Normative References....................................20 9. Security Considerations .................................. 19
12.2. Informative References..................................21 10. Acknowledgements ...................................... 21
13. Authors' Addresses...........................................21 11. Contributors ......................................... 21
12. References .............................................. 22
12.1. Normative References ............................... 22
12.2. Informative References ............................. 23
13. Authors' Addresses ...................................... 24
1. Introduction 1. Introduction
Load balancing, or more specifically statistical multiplexing of Load balancing, or more specifically statistical multiplexing of
traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation
Groups (LAGs) in IP networks is a widely used technique for creating Groups (LAGs) in IP networks is a widely used technique for creating
higher capacity networks out of lower capacity links. Most existing higher capacity networks out of lower capacity links. Most existing
routers in IP networks are already capable of distributing IP routers in IP networks are already capable of distributing IP
traffic flows over ECMP paths and/or LAGs on the basis of a hash traffic flows over ECMP paths and/or LAGs on the basis of a hash
function performed on flow invariant fields in IP packet headers and function performed on flow invariant fields in IP packet headers and
skipping to change at page 3, line 46 skipping to change at page 3, line 46
This encapsulation method requires no changes to the transit IP This encapsulation method requires no changes to the transit IP
network. Hash functions in most existing IP routers may utilize and network. Hash functions in most existing IP routers may utilize and
benefit from the use of a GRE-in-UDP tunnel without needing any benefit from the use of a GRE-in-UDP tunnel without needing any
change or upgrade to their ECMP implementation. The encapsulation change or upgrade to their ECMP implementation. The encapsulation
mechanism is applicable to a variety of IP networks including Data mechanism is applicable to a variety of IP networks including Data
Center and wide area networks. Center and wide area networks.
1.1. Applicability Statement 1.1. Applicability Statement
GRE encapsulation is widely used for many applications. For example, GRE encapsulation has been widely used for many applications. For
to redirect IP traffic to traverse a different path instead of the example, to redirect IP traffic to traverse a different path instead
default path in an operator network, to tunnel private network of the default path in an operator network, to tunnel private
traffic over a public network by use of public IP network addresses, network traffic over a public network by use of public IP network
to tunnel IPv6 traffic over an IPv4 network, tunnel Ethernet traffic addresses, to tunnel IPv6 traffic over an IPv4 network, tunnel
over IP networks, and etc. Ethernet traffic over IP networks [RFC7637], etc.
When using GRE-in-UDP encapsulation, encapsulated traffic will be GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks including
treated as a UDP application in an IP network. Thus GRE-in-UDP the Internet. When using GRE-in-UDP encapsulation, encapsulated
tunnel needs to meet UDP application guidelines specified in traffic will be treated as a UDP application in an IP network. As
[RFC5405bis], which constrains GRE-in-UDP tunnel usage. The concerns such, GRE-in-UDP tunnel needs to meet UDP application requirements
of GRE-in-UDP as a UDP application are addressed in Section 5 and 6. specified in [RFC5405bis], which requires additional tunnel
As a result, GRE-in-UDP encapsulation MUST be used when one of functions besides the packet encapsulation/decapsulation at the
following conditions is true: tunnel endpoints. The required additional functions may be
simplified according to the network operation condition. For
example, if a GRE-in-UDP tunnel is used to carry IP payload only,
tunnel congestion control function is not necessary.
1) Within a single operator network or networks of an adjacent set This document considers two network scenarios: 1) Use of GRE-in-UDP
of cooperating network operators where traffic is managed to in a general IP network including the Internet, where a default GRE-
avoid congestion. in-UDP tunnel implementation specified in this draft can apply; 2)
Use of GRE-in-UDP in a well-managed operator IP network, where a
GRE-in-UDP tunnel implementation can be less restrictive than the
default implementation. The implementation for a well-managed
operator IP network is specified in this draft too and is referred
to as conditional GRE-in-UDP tunnel implementation in the remaining
document.
2) The payload type is IP or a type of network protocol that has A well-managed operator IP network (referred to Operator Network in
congestion control capability when the encapsulated traffic is the rest) is an IP network that meets at least one of following
over the Internet. conditions:
a. Under single administrative control (such as within a single
operator's network) where it is known (perhaps through knowledge
of equipment types and lower layer checks) that packet corruption
is exceptionally unlikely and where the operator is willing to
take the risk of undetected packet corruption.
b. Under single administrative control (such as within a single
operator's network) where it is judged through observational
measurements (perhaps of historic or current traffic flows that
use a non-zero checksum) that the level of packet corruption is
tolerably low and where the operator is willing to take the risk
of undetected packet corruption.
c. Carrying applications that are tolerant of mis-delivered or
corrupted packets (perhaps through higher layer checksum,
validation, and retransmission or transmission redundancy) where
the operator is willing to rely on the applications using the
tunnel to survive any corrupt packets.
As a result, use of GRE-in-UDP within a well-managed operator
network, UDP zero-checksum in IPv6 may be used (see Section 5.2).
Another characteristic that a well-managed operator network often
has is a congestion control, i.e. the network is traffic-engineered
and/or operated to avoid congestion.
GRE-in-UDP tunnel implementation, either default or conditional,
does not have congestion control capability. Therefore, it limits
its usage for either tunneled traffic having congestion control
and/or a well-managed operator network that provides traffic-
engineering to avoid congestion.
As a result, default GRE-in-UDP tunnel implementation MUST NOT apply
to traffic that has no congestion control over the Internet;
conditional GRE-in-UDP tunnel implementation can apply to a well-
managed operator network that provides congestion control. (See
Section 6)
The following two sections summarize the requirements of GRE-in-UDP
tunnel implementation for a generic IP network including the
Internet and a well-managed operator network, respectively. The
networks can be IPv4 or Ipv6.
1.1.1. Requirements for Default GRE-in-UDP Tunnel Implementation
over the Internet
The following are the requirements for default GRE-in-UDP tunnel
implementation that can apply to an IP network including Internet.
1. SHOULD perform UDP checksum when over an IPv4 network.
2. MUST perform UDP checksum when over an IPv6 network.
3. IP-traffic can be assumed to be congestion-controlled; other
tunneled protocol/payload SHOULD implement an appropriate congestion
control method because the GRE/UDP tunnel does not itself provide
any congestion control. If GRE-in-UDP tunnel MUST NOT to traffic
that has no congestion control over the general Internet.
4. UDP src port that is used for flow entropy SHOULD be set to a UDP
ephemeral port (49152-65535).
5. For IPv6 delivery network, if IPv6 flow label load balancing is
supported [RFC4638], the flow entropy SHOULD also be placed in the
flow label field.
6. If a tunnel ingress fragments the incoming packet (before
encapsulation), the UDP checksum MUST be used so that the receiving
endpoint can validate reassembly of the fragments, and the same src
UDP port SHOULD be used for all packet fragments to ensure that the
transit routers will forward the packet fragments on the same path.
7. If the incoming packet needs to be fragmented, it SHOULD be done
before the encapsulation [RFC7588] and calculate the size of
fragments based on the MTU and including the size of the UDP header.
1.1.2. Requirements for Conditional GRE-in-UDP Tunnel Implementation
over a Well-Managed Operator Network
The following are the requirements for conditional GRE-in-UDP tunnel
implementation that can apply to a well-managed IP network described
above.
1. When over an IPv4 network, SHOULD set UDP zero-checksum to
improve the tunnel performance.
2. When over an IPv6 network, MUST perform UDP checksum as default
but MAY be configured with UDP zero-checksum with additional
implementation requirements that are specified in Section 5.2.
3. A tunnel may encapsulate a protocol/payload that does not provide
congestion control if the delivery network is traffic-engineered
and/or operated by the network operator to avoid congestion, e.g.
use of pre-provision capacity or utilize a circuit breaker [CK].
4. UDP src port that is used for flow entropy SHOULD be set to a UDP
ephemeral port (49152-65535).
5. For IPv6 delivery network, if IPv6 flow label load balancing is
supported [RFC4638], the flow entropy SHOULD also be placed in the
flow label field.
6. If a tunnel ingress fragments the incoming packet (before
encapsulation), the UDP checksum MUST be used so that the receiving
endpoint can validate reassembly of the fragments, and the same src
UDP port SHOULD be used for all packet fragments to ensure that the
transit routers will forward the packet fragments on the same path.
7. If the incoming packet needs to be fragmented, it SHOULD be done
before the encapsulation [RFC7588] and calculate the size of
fragments based on the MTU and including the size of the UDP header.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in- traffic, i.e. tunnel-in-tunnel. The tunneled traffic may use GRE-in-
UDP or other tunnel encapsulation. In this case, GRE-in-UDP tunnel UDP or other tunnel encapsulation. In this case, GRE-in-UDP tunnel
end points treat other tunnel endpoints as of the end hosts for the endpoints treat other tunnel endpoints as of the end hosts for the
traffic and do not differentiate such end hosts from other end hosts. traffic and do not differentiate such end hosts from other end hosts.
2. Terminology 2. Terminology
The terms defined in [RFC768][RFC2784] are used in this document. The terms defined in [RFC768][RFC2784] are used in this document.
Default GRE-in-UDP tunnel implementation: GRE-in-UDP tunnel
implementation that can apply to an IP network including the
Internet.
Conditional GRE-in-UDP tunnel implementation: GRE-in-UDP tunnel
implementation that can only apply to a well-managed operator
network that is defined in Section 1.1.
2.1. Requirements Language 2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Encapsulation in UDP 3. Encapsulation in UDP
GRE-in-UDP encapsulation format is shown as follows: GRE-in-UDP encapsulation format is shown as follows:
skipping to change at page 7, line 12 skipping to change at page 10, line 12
Figure 2 UDP+GRE Headers in IPv6 Figure 2 UDP+GRE Headers in IPv6
The contents of the IP, UDP, and GRE headers that are relevant in The contents of the IP, UDP, and GRE headers that are relevant in
this encapsulation are described below. this encapsulation are described below.
3.1. IP Header 3.1. IP Header
An encapsulator MUST encode its own IP address as the source IP An encapsulator MUST encode its own IP address as the source IP
address and the decapsulator's IP address as the destination IP address and the decapsulator's IP address as the destination IP
address. The TTL field in the IP header must be set to a value address. The TTL field in the IP header MUST be set to a value
appropriate for delivery of the encapsulated packet to the peer of appropriate for delivery of the encapsulated packet to the peer of
the encapsulation. the encapsulation.
3.2. UDP Header 3.2. UDP Header
3.2.1. Source Port 3.2.1. Source Port
The UDP source port contains a 16-bit entropy value that is The UDP source port contains a 16-bit entropy value that is
generated by the encapsulator to identify a flow for the generated by the encapsulator to identify a flow for the
encapsulated packet. The port value SHOULD be within the ephemeral encapsulated packet. The port value SHOULD be within the ephemeral
port range. IANA suggests this range to be 49152 to 65535, where the port range. IANA suggests this range to be 49152 to 65535, where the
high order two bits of the port are set to one. This provides high order two bits of the port are set to one. This provides
fourteen bits of entropy for the inner flow identifier. In the case fourteen bits of entropy for the inner flow identifier. In the case
that an encapsulator is unable to derive flow entropy from the that an encapsulator is unable to derive flow entropy from the
payload header, it should set a randomly selected constant value for payload header, it SHOULD set a randomly selected constant value for
UDP source port to avoid payload packet flow reordering. UDP source port to avoid payload packet flow reordering, e.g. use of
the system time to yield a value that is the range of entropy values.
The source port value for a flow set by an encapsulator MAY change The source port value for a flow set by an encapsulator MAY change
over the lifetime of the encapsulated flow. For instance, an over the lifetime of the encapsulated flow. For instance, an
encapsulator may change the assignment for Denial of Service (DOS) encapsulator may change the assignment for Denial of Service (DOS)
mitigation or as a means to effect routing through the ECMP network. mitigation or as a means to effect routing through the ECMP network.
An encapsulator SHOULD NOT change the source port selected for a An encapsulator SHOULD NOT change the source port selected for a
flow more than once every thirty seconds. flow more than once every thirty seconds.
How an encapsulator generates entropy from the payload is outside For IPv6 delivery network, if IPv6 flow label load balancing is
the scope of this document. supported [RFC6438], the flow entropy SHOULD also be placed in the
flow label field.
How an encapsulator generates flow entropy from the payload is
outside the scope of this document.
3.2.2. Destination Port 3.2.2. Destination Port
The destination port of the UDP header is set the GRE/UDP port (TBD) The destination port of the UDP header is set the GRE-in-UDP port or
(see Section 8). GRE-UDP-DTLS (TBD) (see Section 8).
3.2.3. Checksum 3.2.3. Checksum
The UDP checksum is set and processed per [RFC768] and [RFC1122] for The UDP checksum is set and processed per [RFC768] and [RFC1122] for
IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and
use of zero UDP checksums are detailed in Section 5. use of zero UDP checksums are detailed in Section 5.
3.2.4. Length 3.2.4. Length
The usage of this field is in accordance with the current UDP The usage of this field is in accordance with the current UDP
skipping to change at page 8, line 25 skipping to change at page 11, line 31
An encapsulator may set the GRE Key Present, Sequence Number Present, An encapsulator may set the GRE Key Present, Sequence Number Present,
and Checksum Present bits and associated fields in the GRE header as and Checksum Present bits and associated fields in the GRE header as
defined by [RFC2784] and [RFC2890]. defined by [RFC2784] and [RFC2890].
The GRE checksum MAY be enabled to protect the GRE header and The GRE checksum MAY be enabled to protect the GRE header and
payload. An encapsulator SHOULD NOT enable both the GRE checksum and payload. An encapsulator SHOULD NOT enable both the GRE checksum and
UDP checksum simultaneously as this would be mostly redundant. Since UDP checksum simultaneously as this would be mostly redundant. Since
the UDP checksum covers more of the packet including the GRE header the UDP checksum covers more of the packet including the GRE header
and payload, the UDP checksum SHOULD have preference to using GRE and payload, the UDP checksum SHOULD have preference to using GRE
checksum. checksum. The GRE checksum SHOULD be used for the payload integrity
check when use of UDP zero-checksum.
An implementation MAY use the GRE keyid to authenticate the An implementation MAY use the GRE keyid to authenticate the
encapsulator. In this model, a shared value is either configured or encapsulator. (See Security Section) In this model, a shared value
negotiated between an encapsulator and decapsulator. When a is either configured or negotiated between an encapsulator and
encapsulated packet is received with the keyid present, it is decapsulator. When a decapsulator determines a presented keyid is
checked to see if it is valid for the source to have set for the not valid for the source, the packet MUST be dropped.
tunnel packet was sent on. An implementation MAY enforce that a
keyid be used for source authentication on selected tunnels. When a Although GRE-in-UDP encapsulation protocol uses both UDP header and
decapsulator determines a presented keyid is not valid for the GRE header, it is one tunnel encapsulation protocol. GRE and UDP
source to send or the keyid is absent and is considered required for headers MUST be applied and removed as a pair at the encapsulation
authenticating the encapsulator for a tunnel, the packet MUST be and decapsulation points. This specification does not support UDP
dropped. encapsulation of a GRE header where that GRE header is applied or
removed at a network node other than the UDP tunnel ingress or
egress.
4. Encapsulation Process Procedures 4. Encapsulation Process Procedures
The GRE-in-UDP encapsulation allows encapsulated packets to be The GRE-in-UDP encapsulation allows encapsulated packets to be
forwarded through "GRE-UDP tunnels". When performing GRE-in-UDP forwarded through "GRE-in-UDP tunnels". When performing GRE-in-UDP
encapsulation by the encapsulator, the entropy value would be encapsulation by the encapsulator, the entropy value is generated by
generated by the encapsulator and then be filled in the Source Port the encapsulator and then be filled in the Source Port field of the
field of the UDP header. The Destination Port field is set to a UDP header. The Destination Port field is set to a value (TBD)
value (TBD) allocated by IANA to indicate that the UDP tunnel allocated by IANA to indicate that the UDP tunnel payload is a GRE
payload is a GRE packet. The Protocol Type header field in GRE packet. The Protocol Type header field in GRE header is set to the
header is set to the EtherType value corresponding to the protocol EtherType value corresponding to the protocol of the encapsulated
of the encapsulated packet. packet.
Intermediate routers, upon receiving these UDP encapsulated packets, Intermediate routers, upon receiving these UDP encapsulated packets,
could balance these packets based on the hash of the five-tuple of could balance these packets based on the hash of the five-tuple of
UDP packets. UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator Upon receiving these UDP encapsulated packets, the decapsulator
would decapsulate them by removing the UDP and GRE headers and then would decapsulate them by removing the UDP and GRE headers and then
process them accordingly. process them accordingly.
Note: Each UDP tunnel is unidirectional, as GRE-in-UDP traffic is Note: Each UDP tunnel is unidirectional, as GRE-in-UDP traffic is
skipping to change at page 9, line 35 skipping to change at page 12, line 42
mapping mechanism between the encapsulated multicast traffic and the mapping mechanism between the encapsulated multicast traffic and the
multicast capability in the IP network is transparent and multicast capability in the IP network is transparent and
independent to the encapsulation and is otherwise outside the scope independent to the encapsulation and is otherwise outside the scope
of this document. of this document.
To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep- To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep-
alive. It is RECOMMENED no use of GRE keep-alive in the GRE-in-UDP alive. It is RECOMMENED no use of GRE keep-alive in the GRE-in-UDP
tunnel. This aligns with middlebox traversal guidelines in Section tunnel. This aligns with middlebox traversal guidelines in Section
3.5 of [RFC5405bis]. 3.5 of [RFC5405bis].
The procedures specified in this section apply to default GRE-in-UDP
tunnel implementation and conditional GRE-in-UDP tunnel
implementation.
4.1. MTU and Fragmentation 4.1. MTU and Fragmentation
Regarding fragmentation, an encapsulator SHOULD perform Regarding packet fragmentation, an encapsulator/decapsulator SHOULD
fragmentation [GREMTU] on a packet before encapsulation and factor be compliant with [RFC7588]. For this case, the MTU is equal to the
in both GRE and UDP header bytes in the effective Maximum PMTU associated with the path between the GRE ingress and the GRE
Transmission Unit (MTU) size. Not performing the fragmentation will egress nodes minus the GRE and UDP overhead. When applying payload
cause the packets exceeding network MTU size to be dropped or fragment, the UDP checksum MUST be used so that the receiving
fragmented in the network. An encapsulator MUST use the same source endpoint can validate reassembly of the fragments; the same src UDP
UDP port for all packet fragments to ensure that the transit routers port SHOULD be used for all packet fragments to ensure the transit
will forward the packet fragments on the same path. An operator routers will forward the fragments on the same path. An operator
should factor in the additional bytes of overhead when considering should factor in the additional bytes of overhead when considering
an MTU size for the payload to avoid the likelihood of fragmentation. an MTU size for the payload to avoid the likelihood of fragmentation.
Fragmented packets MUST be reassembled at the decapsulator prior to
being sent to a (payload) application. Packet fragmentation and
reassembling process is outside the scope of the document.
4.2. Differentiated Services 4.2. Differentiated Services
To ensure that tunneled traffic gets the same treatment over the IP To ensure that tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, an encapsulator should network, prior to the encapsulation process, an encapsulator should
process the payload to get the proper parameters to fill into the IP process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Encapsulation end points that header such as DiffServ [RFC2983]. Encapsulation end points that
support ECN must use the method described in [RFC6040] for ECN support ECN must use the method described in [RFC6040] for ECN
marking propagation. This process is outside of the scope of this marking propagation. This process is outside of the scope of this
document. document.
5. UDP Checksum Handling 5. UDP Checksum Handling
5.1. UDP Checksum with IPv4 5.1. UDP Checksum with IPv4
For UDP in IPv4, the UDP checksum MUST be processed as specified in For UDP in IPv4, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC1122] for both transmit and receive. An [RFC768] and [RFC1122] for both transmit and receive. The IPv4
encapsulator MAY set the UDP checksum to zero for performance or header includes a checksum which protects against mis-delivery of
implementation considerations. The IPv4 header includes a checksum the packet due to corruption of IP addresses. The UDP checksum
which protects against mis-delivery of the packet due to corruption potentially provides protection against corruption of the UDP header,
of IP addresses. The UDP checksum potentially provides protection GRE header, and GRE payload. Enabling or disabling the use of
against corruption of the UDP header, GRE header, and GRE payload. checksums is a deployment consideration that should take into
Enabling or disabling the use of checksums is a deployment account the risk and effects of packet corruption, and whether the
consideration that should take into account the risk and effects of packets in the network are protected by other, possibly stronger
packet corruption, and whether the packets in the network are mechanisms such as the Ethernet CRC.
protected by other, possibly stronger mechanisms such as the
Ethernet CRC.
When a decapsulator receives a packet, the UDP checksum field MUST When a decapsulator receives a packet, the UDP checksum field MUST
be processed. If the UDP checksum is non-zero, the decapsulator MUST be processed. If the UDP checksum is non-zero, the decapsulator MUST
verify the checksum before accepting the packet. By default a verify the checksum before accepting the packet. By default a
decapsulator SHOULD accept UDP packets with a zero checksum. A node decapsulator SHOULD accept UDP packets with a zero checksum. A node
MAY be configured to disallow zero checksums per [RFC1122]; this may MAY be configured to disallow zero checksums per [RFC1122]; this may
be done selectively, for instance disallowing zero checksums from be done selectively, for instance disallowing zero checksums from
certain hosts that are known to be sending over paths subject to certain hosts that are known to be sending over paths subject to
packet corruption. If verification of a non-zero checksum fails, a packet corruption. If verification of a non-zero checksum fails, a
decapsulator lacks the capability to verify a non-zero checksum, or decapsulator lacks the capability to verify a non-zero checksum, or
a packet with a zero-checksum was received and the decapsulator is a packet with a zero-checksum was received and the decapsulator is
configured to disallow, the packet MUST be dropped and an event MAY configured to disallow, the packet MUST be dropped and an event MAY
be logged. be logged.
Default GRE-in-UDP tunnel implementation SHOULD perform UDP checksum.
Conditional GRE-in-UDP tunnel implementation MAY set UDP zero-
checksum.
5.2. UDP Checksum with IPv6 5.2. UDP Checksum with IPv6
For UDP in IPv6, the UDP checksum MUST be processed as specified in For UDP in IPv6, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC2460] for both transmit and receive. [RFC768] and [RFC2460] for both transmit and receive.
When UDP is used over IPv6, the UDP checksum is relied upon to When UDP is used over IPv6, the UDP checksum is relied upon to
protect both the IPv6 and UDP headers from corruption, and so MUST protect both the IPv6 and UDP headers from corruption. As such,
used with the following exceptions: default GRE-in-UDP tunnel implementation MUST perform UDP checksum;
conditional GRE-in-UDP tunnel implementation MAY be configured with
a. Use of GRE-in-UDP in networks under single administrative the UDP zero-checksum mode when the tunnel is used in a well-managed
control (such as within a single operator's network) where it operator network and/or within a set of closely cooperating network
is known (perhaps through knowledge of equipment types and administrations (such as network operators who have agreed to work
lower layer checks) that packet corruption is exceptionally together in order to jointly provide specific services).
unlikely and where the operator is willing to take the risk of
undetected packet corruption.
b. Use of GRE-in-UDP in networks under single administrative
control (such as within a single operator's network) where it
is judged through observational measurements (perhaps of
historic or current traffic flows that use a non-zero checksum)
that the level of packet corruption is tolerably low and where
the operator is willing to take the risk of undetected packet
corruption.
c. Use of GRE-in-UDP for traffic delivery for applications that
are tolerant of mis-delivered or corrupted packets (perhaps
through higher layer checksum, validation, and retransmission
or transmission redundancy) where the operator is willing to
rely on the applications using the tunnel to survive any
corrupt packets.
For these exceptions, the UDP zero-checksum mode can be used.
However the use of the UDP zero-checksum mode must meet the
requirements specified in [RFC6935] and [RFC6936] as well at the
additional requirements stated below.
These exceptions may also be extended to the use of GRE-in-UDP
within a set of closely cooperating network administrations (such as
network operators who have agreed to work together in order to
jointly provide specific services).
As such, for IPv6, the UDP checksum for GRE-in-UDP MUST be used as As such, for IPv6, the UDP checksum for GRE-in-UDP MUST be used as
specified in [RFC768] and [RFC2460] for tunnels that span multiple specified in [RFC768] and [RFC2460] for tunnels that span multiple
networks whose network administrations do not cooperate closely, networks whose network administrations do not cooperate closely,
even if each non-cooperating network administration independently even if each non-cooperating network administration independently
satisfies one or more of the exceptions for UDP zero-checksum mode satisfies the condition for UDP zero-checksum mode usage with GRE-
usage with GRE-in-UDP over IPv6. in-UDP over IPv6.
The following additional requirements apply to implementation and The use of the UDP zero-checksum mode must meet the requirements
use of UDP zero-checksum mode for GRE-in-UDP over IPv6: specified in [RFC6935] and [RFC6936], which conducts the following
additional requirements for GRE-in-UDP tunnel implementation and use
of UDP zero-checksum mode for GRE-in-UDP over IPv6:
a. Use of the UDP checksum with IPv6 MUST be the default a. Use of the UDP checksum with IPv6 MUST be the default
configuration of all GRE-in-UDP implementations. configuration of all GRE-in-UDP implementations.
b. The GRE-in-UDP implementation MUST comply with all requirements b. The GRE-in-UDP implementation MUST comply with all requirements
specified in Section 4 of [RFC6936] and with requirement 1 specified in Section 4 of [RFC6936] and with requirement 1
specified in Section 5 of [RFC6936]. specified in Section 5 of [RFC6936].
c. By default a decapsulator MUST disallow receipt of GRE-in-UDP c. The tunnel decapsulator SHOULD only allow the use of UDP zero-
packets with zero UDP checksums with IPv6. Zero checksums May checksum mode for IPv6 on a single received UDP Destination
selectively be enabled for certain source address. A decapsulator Port regardless of the encapsulator. The motivation for this
MUST check that the source and destination IPv6 addresses are requirement is possible corruption of the UDP Destination Port,
valid for the GRE-in-UDP tunnel on which the packet was received which may cause packet delivery to the wrong UDP port. If that
if that tunnel uses UDP zero-checksum mode and discard any packet other UDP port requires the UDP checksum, the mis-delivered
for which this check fails. packet will be discarded
d. An encapsulator SHOULD use different IPv6 addresses for each GRE- d. It is RECOMMENDED that UDP zero-checksum selectively be enabled
in-UDP tunnel that uses UDP zero-checksum mode regardless of the for certain source addresses. The tunnel decapsulator MUST
decapsulator in order to strengthen the decapsulator's check of check that the source and destination IPv6 addresses are valid
the IPv6 source address (i.e., the same IPv6 source address for the GRE-in-UDP tunnel on which the packet was received if
SHOULD NOT be used with more than one IPv6 destination address, that tunnel uses UDP zero-checksum mode and discard any packet
independent of whether that destination address is a unicast or for which this check fails.
multicast address). When this is not possible, it is RECOMMENDED
to use each source IPv6 address for as few UDP zero-checksum mode
GRE-in-UDP tunnels as is feasible.
e. Any middlebox support for GRE-in-UDP with UDP zero-checksum mode e. The tunnel encapsulator SHOULD use different IPv6 addresses for
for IPv6 MUST comply with requirements 1 and 8-10 in Section 5 of each GRE-in-UDP tunnel that uses UDP zero-checksum mode
[RFC6936].[RFC6936]. regardless of the decapsulator in order to strengthen the
decapsulator's check of the IPv6 source address (i.e., the same
IPv6 source address SHOULD NOT be used with more than one IPv6
destination address, independent of whether that destination
address is a unicast or multicast address). When this is not
possible, it is RECOMMENDED to use each source IPv6 address for
as few UDP zero-checksum mode GRE-in-UDP tunnels as is feasible.
Note that if UDP checksum is used, such restriction is not
necessary.
f. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP f. When any middlebox exists on the path of GRE-in-UDP tunnel, it
checksums from "escaping" to the general Internet; see Section 6 is RECOMMENDED to use the default mode, i.e. use UDP checksum,
for examples of such measures. to reduce the chance that the encapsulated packets to be
dropped.
g. IPv6 traffic with zero UDP checksums MUST be actively monitored g. Any middlebox for UDP zero-checksum mode for IPv6 MUST comply
for errors by the network operator. with requirement 1 and 8-10 in Section 5 of [RFC6936]
h. If a packet with a non-zero checksum is received, the checksum h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP
MUST be verified before accepting the packet. This is regardless checksums from "escaping" to the general Internet; see Section
of whether a tunnel encapsulator and decapsulator have been 6 for examples of such measures.
configured with UDP zero-checksum mode.
i. IPv6 traffic with zero UDP checksums MUST be actively monitored
for errors by the network operator. For example, Ethernet layer
packet error rate or probe packet error rate.
j. If a packet with a non-zero checksum is received, the checksum
MUST be verified before accepting the packet. This is
regardless of whether the tunnel encapsulator and decapsulator
have been configured with UDP zero-checksum mode.
The above requirements do not change either the requirements The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936]. specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the strong recommendation against destination IPv6 address, plus the strong recommendation against
reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively
provide some mitigation for the absence of UDP checksum coverage of provide some mitigation for the absence of UDP checksum coverage of
the IPv6 header. Additional assurance is provided by the the IPv6 header. Additional assurance is provided by the
skipping to change at page 13, line 28 skipping to change at page 16, line 27
design is in accordance with requirements 2, 3 and 5 specified in design is in accordance with requirements 2, 3 and 5 specified in
Section 5 of [RFC6936]. Section 5 of [RFC6936].
GRE does not accumulate incorrect state as a consequence of GRE GRE does not accumulate incorrect state as a consequence of GRE
header corruption. A corrupt GRE results in either packet discard or header corruption. A corrupt GRE results in either packet discard or
forwarding of the packet without accumulation of GRE state. GRE forwarding of the packet without accumulation of GRE state. GRE
checksum MAY be used for protecting GRE header and payload. Active checksum MAY be used for protecting GRE header and payload. Active
monitoring of GRE-in-UDP traffic for errors is REQUIRED as monitoring of GRE-in-UDP traffic for errors is REQUIRED as
occurrence of errors will result in some accumulation of error occurrence of errors will result in some accumulation of error
information outside the protocol for operational and management information outside the protocol for operational and management
purposes. This design is in accordance with requirement 4 specified purposes. This design is in accordance with requirement 4 specified
in Section 5 of [RFC6936]. in Section 5 of [RFC6936].
The remaining requirements specified in Section 5 of [RFC6936] are The remaining requirements specified in Section 5 of [RFC6936] are
inapplicable to GRE-in-UDP. Requirements 6 and 7 do not apply inapplicable to GRE-in-UDP. Requirements 6 and 7 do not apply
because GRE does not have a GRE-generic control feedback mechanism. because GRE does not have a GRE-generic control feedback mechanism.
Requirements 8-10 are middlebox requirements that do not apply to Requirements 8-10 are middlebox requirements that do not apply to
GRE-in-UDP tunnel endpoints, but see Section 5.2.1 for further GRE-in-UDP tunnel endpoints, but see Section 5.2.1 for further
middle box discussion. middle box discussion.
It is worth to mention that the use of a zero UDP checksum should It is worth mentioning that the use of a zero UDP checksum should
present the equivalent risk of undetected packet corruption when present the equivalent risk of undetected packet corruption when
sending similar packet using GRE-in-IPv6 without UDP and without GRE sending similar packet using GRE-in-IPv6 without UDP [GREIPV6] and
checksums. without GRE checksums.
In summary, UDP zero-checksum mode for IPv6 is allowed to be used In summary, conditional GRE-in-UDP tunnel implementation is allowed
with GRE-in-UDP when one of the three exceptions specified above to use UDP-zero-checksum mode for IPv6, when additional
applies, provided that additional requirements stated above are implementation requirements stated above are provided. Otherwise the
complied with. Otherwise the UDP checksum MUST be used for IPv6 as UDP checksum MUST be used for IPv6 as specified in [RFC768] and
specified in [RFC768] and [RFC2460]. Use of GRE checksum favors non- [RFC2460]. Use of GRE checksum favors non-use of the UDP checksum.
use of the UDP checksum.
5.2.1. Middlebox Considerations 5.2.1. Middlebox Considerations
IPv6 datagrams with a zero UDP checksum will not be passed by any IPv6 datagrams with a zero UDP checksum will not be passed by any
middlebox that validates the checksum based on [RFC2460] or that middlebox that validates the checksum based on [RFC2460] or that
updates the UDP checksum field, such as NATs or firewalls. Changing updates the UDP checksum field, such as NATs or firewalls. Changing
this behavior would require such middleboxes to be updated to this behavior would require such middleboxes to be updated to
correctly handle datagrams with zero UDP checksums. The GRE-in-UDP correctly handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over using a checksum when a path change occurs redirecting a tunnel over
a path that includes a middlebox that discards IPv6 datagrams with a a path that includes a middlebox that discards IPv6 datagrams with a
zero UDP checksum. In this case the GRE-in-UDP tunnel will be zero UDP checksum. In this case the GRE-in-UDP tunnel will be black-
black-holed by that middlebox. Recommended changes to allow holed by that middlebox.
As such, when any middle box exists on the path of GRE-in-UDP tunnel,
it is RECOMMENDED to use the UDP checksum to reduce the chance that
the encapsulated packets to be dropped. Recommended changes to allow
firewalls, NATs and other middleboxes to support use of an IPv6 zero firewalls, NATs and other middleboxes to support use of an IPv6 zero
UDP checksum are described in Section 5 of [RFC6936]. UDP checksum are described in Section 5 of [RFC6936].
6. Congestion Considerations 6. Congestion Considerations
Section 3.1.7 of [RFC5405bis] discussed the congestion implications Section 3.1.3 of [RFC5405] discussed the congestion implications of
of UDP tunnels. As discussed in [RFC5405bis], because other flows UDP tunnels. As discussed in [RFC5405], because other flows can
can share the path with one or more UDP tunnels, congestion control share the path with one or more UDP tunnels, congestion control
[RFC2914] needs to be considered. [RFC2914] needs to be considered.
A major motivation for GRE-in-UDP encapsulation is to tunnel a
network protocol over IP network and improve the use of multipath
(such as ECMP) in cases where traffic is to traverse routers which
are able to hash on UDP Port and IP address. As such, in many cases
this may reduce the occurrence of congestion and improve usage of
available network capacity. However, it is also necessary to ensure
that the network, including applications that use the network,
responds appropriately in more difficult cases, such as when link or
equipment failures have reduced the available capacity.
The impact of congestion must be considered both in terms of the The impact of congestion must be considered both in terms of the
effect on the rest of the network over which packets are sent in UDP effect on the rest of the network of a UDP tunnel that is consuming
tunnels, and in terms of the effect on the flows that are sent by excessive capacity, and in terms of the effect on the flows using
UDP tunnels. The potential impact of congestion from a UDP tunnel the UDP tunnels. The potential impact of congestion from a UDP
depends upon what sort of traffic is carried over the tunnel, as tunnel depends upon what sort of traffic is carried over the tunnel,
well as the path of the tunnel. as well as the path of the tunnel.
GRE encapsulation is widely used to carry a wide range of network
protocols and traffic. In many cases GRE encapsulation is used to
carry IP traffic. IP traffic is generally assumed to be congestion
controlled, and thus a tunnel carrying general IP traffic (as might
be expected to be carried across the Internet) generally does not
need additional congestion control mechanisms. As specified in RFC
5405:
"IP-based traffic is generally assumed to be congestion-controlled,
i.e., it is assumed that the transport protocols generating IP-based
traffic at the sender already employ mechanisms that are sufficient
to address congestion on the path. Consequently, a tunnel carrying
IP-based traffic should already interact appropriately with other
traffic sharing the path, and specific congestion control mechanisms
for the tunnel are not necessary."
For this reason, where GRE-in-UDP tunneling is used to carry IP
traffic that is known to be congestion controlled, the UDP tunnels
MAY be used within a single network or across multiple networks,
with cooperating network operators. Internet IP traffic is
generally assumed to be congestion-controlled.
However, GRE-in-UDP tunneling can be also used to carry traffic that In many cases, GRE-in-UDP is used to carry IP traffic. IP traffic is
is not necessarily congestion controlled. In such cases network generally assumed to be congestion controlled, and thus a tunnel
operators may avoid congestion by careful provisioning of their carrying general IP traffic generally does not need additional
networks, by rate limiting of user data traffic, and/or by using congestion control mechanisms.
Traffic Engineering tools to monitor the network segments and
dynamically steers traffic away from potentially congested links.
For this reason, where the GRE payload traffic is not congestion However, GRE-in-UDP tunnel can be used in some cases to carry
controlled, GRE-in-UDP tunnels MUST only be used within a single traffic that is not necessarily congestion controlled. For example,
operator's network that utilizes careful provisioning (e.g., rate GRE-in-UDP may be used to carry MPLS that carries pseudowire or VPN
limiting at the entries of the network while over-provisioning traffic where specific bandwidth guarantees are provided to each
network capacity) to ensure against congestion, or within a limited pseudowire or to each VPN. In such cases, network operators may
number of networks whose operators closely cooperate in order to avoid congestion by careful provisioning of their networks, by rate
jointly provide this same careful provisioning. limiting of user data traffic, and traffic engineer according to
path capacity. For this reason, GRE-in-UDP tunnel MUST be used
within a single operator's network that utilizes careful
provisioning (e.g., rate limiting at the entries of the network
while over-provisioning network capacity) to ensure against
congestion, or within a limited number of networks whose operators
closely cooperate in order to jointly provide this same careful
provisioning.
As such, GRE-in-UDP MUST NOT be used over the general Internet, or Default GRE-in-UDP tunnel implementation can be used to carry IP
over non-cooperating network operators, to carry traffic that is not traffic that is known to be congestion controlled on the Internet.
Internet IP traffic is generally assumed to be congestion-controlled.
GRE-in-UDP MUST NOT be used over the general Internet, or over non-
cooperating network operators, to carry traffic that is not
congestion-controlled. congestion-controlled.
Measures SHOULD be taken to prevent non-congestion-controlled GRE- Conditional GRE-in-UDP tunnel implementation can be used within a
in-UDP traffic from "escaping" to the general Internet, e.g.: well-managed operator network to carry traffic that is not necessary
congestion controlled. Measures SHOULD be taken to prevent non-
congestion-controlled GRE-in-UDP traffic from "escaping" to the
general Internet, e.g.:
o Physical or logical isolation of the links carrying GRE-in-UDP o Physical or logical isolation of the links carrying GRE-in-UDP
from the general Internet. from the general Internet.
o Deployment of packet filters that block the UDP ports assigned o Deployment of packet filters that block the UDP ports assigned
for GRE-in-UDP. for GRE-in-UDP.
o Imposition of restrictions on GRE-in-UDP traffic by software o Imposition of restrictions on GRE-in-UDP traffic by software
tools used to set up GRE-in-UDP tunnels between specific end tools used to set up GRE-in-UDP tunnels between specific end
systems (as might be used within a single data center). systems (as might be used within a single data center). For
examples, a GRE-in-UDP tunnel only carries IP traffic or a GRE-
in-UDP tunnel supports NVEGRE encapsulation only (Although the
payload type is Ethernet in NVGRE, NVGRE protocol mandates that
the payload of Ethernet is IP).
o Use of a "Managed Circuit Breaker" for the tunneled traffic as o Use of a "Circuit Breaker" for the tunneled traffic as described
described in [CB]. in [CB].
7. Backward Compatibility 7. Backward Compatibility
It is assumed that tunnel ingress routers must be upgraded in order It is assumed that tunnel ingress routers must be upgraded in order
to support the encapsulations described in this document. to support the encapsulations described in this document.
No change is required at transit routers to support forwarding of No change is required at transit routers to support forwarding of
the encapsulation described in this document. the encapsulation described in this document.
If a router that is intended for use as a decapsulator does not If a router that is intended for use as a decapsulator does not
support or enable GRE-in-UDP encapsulation described in this support or enable GRE-in-UDP encapsulation described in this
document, it will not be listening on destination port (TBD). In document, it will not be listening on the destination port (TBD).
these cases, the router will conform to normal UDP processing and In these cases, the router will conform to normal UDP processing and
respond to an encapsulator with an ICMP message indicating "port respond to an encapsulator with an ICMP message indicating "port
unreachable" according to [RFC792]. Upon receiving this ICMP unreachable" according to [RFC792]. Upon receiving this ICMP
message, the node MUST NOT continue to use GRE-in-UDP encapsulation message, the node MUST NOT continue to use GRE-in-UDP encapsulation
toward this peer without management intervention. toward this peer without management intervention.
8. IANA Considerations 8. IANA Considerations
IANA is requested to make the following allocations: IANA is requested to make the following allocations:
One UDP destination port number for the indication of GRE One UDP destination port number for the indication of GRE
skipping to change at page 17, line 14 skipping to change at page 19, line 43
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation with DTLS Description: GRE-in-UDP Encapsulation with DTLS
Reference: [This.I-D] Reference: [This.I-D]
Port Number: TBD Port Number: TBD
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
9. Security Considerations 9. Security Considerations
UDP and GRE encapsulation does not effect security for the payload GRE-in-UDP encapsulation does not affect security for the payload
protocol. When using GRE-in-UDP, Network Security in a network is protocol. When using GRE-in-UDP, Network Security in a network is
mostly equivalent to that of a network using GRE. mostly equivalent to that of a network using GRE.
Datagram Transport Layer Security (DTLS) [RFC6347] can be used for Datagram Transport Layer Security (DTLS) [RFC6347] can be used for
application security and can preserve network and transport layer application security and can preserve network and transport layer
protocol information. Specifically, if DTLS is used to secure the protocol information. Specifically, if DTLS is used to secure the
GRE-in-UDP tunnel, the destination port of the UDP header MUST be GRE-in-UDP tunnel, the destination port of the UDP header MUST be
set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS, set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS,
and that UDP port MUST NOT be used for other traffic. The UDP and that UDP port MUST NOT be used for other traffic. The UDP
source port field can still be used to add entropy, e.g., for load- source port field can still be used to add entropy, e.g., for load-
skipping to change at page 20, line 29 skipping to change at page 23, line 18
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC2119, March 1997. Requirement Levels", BCP 14, RFC2119, March 1997.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000. March 2000.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC2890, September 2000. RFC2890, September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000.
[RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for [RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for
Application Designers", draft-ietf-tsvwg-rfc5405bis, work Application Designers", draft-ietf-tsvwg-rfc5405bis, work
in progress. in progress.
[RFC6040] Briscoe, B., "Tunneling of Explicit Congestion [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC6040, November 2010. Notification", RFC6040, November 2010.
[RFC6347] Rescoria, E., Modadugu, N., "Datagram Transport Layer [RFC6347] Rescoria, E., Modadugu, N., "Datagram Transport Layer
Security Version 1.2", RFC6347, 2012. Security Version 1.2", RFC6347, 2012.
skipping to change at page 21, line 23 skipping to change at page 24, line 5
[RFC793] DARPA, "Transmission Control Protocol", RFC793, September [RFC793] DARPA, "Transmission Control Protocol", RFC793, September
1981. 1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2914] Floyd, S.,"Congestion Control Principles", RFC2914, [RFC2914] Floyd, S.,"Congestion Control Principles", RFC2914,
September 2000. September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000.
[RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling
Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005. Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or Generic Routing Encapsulation (GRE)", RFC MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
4023, March 2005. 4023, March 2005.
[RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport- [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
Protocol Port Randomization", RFC6056, January 2011. Protocol Port Randomization", RFC6056, January 2011.
[GREMTU] Bonica, R., "A Fragmentation Strategy for Generic Routing [RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for
Encapsulation (GRE)", draft-ietf-intarea-gre-mtu, work in Equal Cost Multipath Routing and Link Aggreation in
progress. Tunnels", RFC6438, November 2011.
[RFC7588] Bonica, R., "A Fragmentation Strategy for Generic Routing
Encapsulation (GRE)", RFC7588, July 2015.
[RFC7637] Garg, P. and Wang, Y., "NVGRE: Network Virtualization
Using Generic Routing Encapsulation", RFC7637, September
2015.
[CB] Fairhurst, G., "Network Transport Circuit Breakers", [CB] Fairhurst, G., "Network Transport Circuit Breakers",
draft-fairhurst-tsvwg-circuit-breaker-01, work in draft-ietf-tsvwg-circuit-breaker-04, work in progress.
progress.
[GREIPV6] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for [GREIPV6] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for
Generic Routing Encapsulation (GRE)", draft-ietf-intarea- Generic Routing Encapsulation (GRE)", draft-ietf-intarea-
gre-ipv6, work in progress. gre-ipv6, work in progress.
13. Authors' Addresses 13. Authors' Addresses
Edward Crabbe Edward Crabbe
Email: edward.crabbe@gmail.com Email: edward.crabbe@gmail.com
 End of changes. 55 change blocks. 
259 lines changed or deleted 385 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/