draft-ietf-tsvwg-gre-in-udp-encap-11.txt   draft-ietf-tsvwg-gre-in-udp-encap-12.txt 
Network Working Group Lucy Yong (Ed.) Network Working Group Lucy Yong(Ed.)
Internet-Draft Huawei USA Internet-Draft Huawei Technologies
Intended status: Standard Track E. Crabbe Intended status: Standard Track E. Crabbe
Oracle
X. Xu X. Xu
Huawei Technologies Huawei Technologies
T. Herbert T. Herbert
Facebook Facebook
Expires: September 2016 March 10, 2016 Expires: December 2016 June 29, 2016
GRE-in-UDP Encapsulation GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-11 draft-ietf-tsvwg-gre-in-udp-encap-12
Abstract Abstract
This document describes a method of encapsulating network protocol This document specifies a method of encapsulating network protocol
packets within GRE and UDP headers. The GRE-in-UDP encapsulation packet within GRE and UDP headers. This GRE-in-UDP encapsulation
allows the UDP source port field to be used as an entropy field. allows the UDP source port field to be used as an entropy field.
This may be used for load balancing of GRE traffic in transit This may be used for load balancing of GRE traffic in transit
networks using existing ECMP mechanisms. This document specifies networks using existing ECMP mechanisms. This document also
GRE-in-UDP tunnel requirements for two applicability scenarios: (1) specifies GRE-in-UDP tunnel requirements for two applicability
general Internet; (2) a traffic-managed controlled environment. The scenarios: (1) general Internet; (2) a traffic-managed controlled
controlled environment has less restrictive requirements than the environment. The controlled environment has less restrictive
general Internet. requirements than the general Internet.
Status of This Document Status of This Document
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10,2016. This Internet-Draft will expire on December 29,2016.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 21 skipping to change at page 2, line 21
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Terminology...............................................3 1.1. Terminology...............................................3
1.2. Requirements Language.....................................4 1.2. Requirements Language.....................................4
2. Applicability Statement........................................4 2. Applicability Statement........................................4
2.1. GRE-in-UDP Tunnel Usage Requirements......................5 2.1. GRE-in-UDP Tunnel Requirements............................5
2.1.1. Requirements for Default GRE-in-UDP Tunnel...........5 2.1.1. Requirements for Default GRE-in-UDP Tunnel...........5
2.1.2. Requirements Changes for TMCE GRE-in-UDP Tunnel......6 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel..............6
3. GRE-in-UDP Encapsulation.......................................6 3. GRE-in-UDP Encapsulation.......................................6
3.1. IP Header.................................................9 3.1. IP Header.................................................9
3.2. UDP Header................................................9 3.2. UDP Header................................................9
3.2.1. Source Port..........................................9 3.2.1. Source Port..........................................9
3.2.2. Destination Port....................................10 3.2.2. Destination Port....................................10
3.2.3. Checksum............................................10 3.2.3. Checksum............................................10
3.2.4. Length..............................................10 3.2.4. Length..............................................10
3.3. GRE Header...............................................10 3.3. GRE Header...............................................10
4. Encapsulation Process Procedures..............................11 4. Encapsulation Process Procedures..............................11
4.1. MTU and Fragmentation....................................11 4.1. MTU and Fragmentation....................................11
4.2. Differentiated Services and ECN Marking..................12 4.2. Differentiated Services and ECN Marking..................12
5. Use of DTLS...................................................12 5. Use of DTLS...................................................12
6. UDP Checksum Handling.........................................12 6. UDP Checksum Handling.........................................13
6.1. UDP Checksum with IPv4...................................12 6.1. UDP Checksum with IPv4...................................13
6.2. UDP Checksum with IPv6...................................13 6.2. UDP Checksum with IPv6...................................13
7. Middlebox Considerations......................................16 7. Middlebox Considerations......................................16
7.1. Middlebox Considerations for Zero Checksums..............17 7.1. Middlebox Considerations for Zero Checksums..............17
8. Congestion Considerations.....................................17 8. Congestion Considerations.....................................17
9. Backward Compatibility........................................18 9. Backward Compatibility........................................18
10. IANA Considerations..........................................19 10. IANA Considerations..........................................19
11. Security Considerations......................................20 11. Security Considerations......................................20
12. Acknowledgements.............................................20 12. Acknowledgements.............................................20
13. Contributors.................................................21 13. Contributors.................................................21
14. References...................................................22 14. References...................................................22
14.1. Normative References....................................22 14.1. Normative References....................................22
14.2. Informative References..................................23 14.2. Informative References..................................23
15. Authors' Addresses...........................................24 15. Authors' Addresses...........................................24
1. Introduction 1. Introduction
This document defines a generic GRE-in-UDP encapsulation for This document specifies a generic GRE-in-UDP encapsulation for
tunneling network protocol packets across an IP network. The tunneling network protocol packets across an IP network. This
encapsulation uses Generic Routing Encapsulation (GRE) encapsulation uses Generic Routing Encapsulation (GRE)
[RFC2784][RFC7676] and User Datagram Protocol(UDP) [RFC768] headers. [RFC2784][RFC7676] and User Datagram Protocol(UDP) [RFC768] headers.
The GRE header provides payload protocol type as an EtherType in the The GRE header provides payload protocol type as an EtherType in the
protocol type field, and the source port field in the UDP header may protocol type field, and the source port field in the UDP header may
be used to provide additional entropy that may be used for load be used to provide additional entropy that may be used for load
balancing GRE traffic in transit networks using existing Equal-Cost balancing GRE traffic in transit networks using existing Equal-Cost
Multi-Path (ECMP) mechanism. The existing ECMP mechanism is that, Multi-Path (ECMP) mechanisms. Existing ECMP mechanisms, when the IP
when the IP payload is a UDP or Transmission Control Protocol (TCP) payload is a UDP or Transmission Control Protocol (TCP)[RFC793]
[RFC793] packet, router hash functions frequently operate on the packet, frequently use of a hash of the five-tuple of source IP
five-tuple of source IP address, destination IP address, UDP/TCP address, destination IP address, UDP/TCP source port, UDP/TCP
source port, UDP/TCP destination port, and protocol/next-header. A destination port, and protocol/next-header. A GRE-in-UDP tunnel
GRE-in-UDP tunnel offers the additional possibility of using GRE offers the additional possibility of using GRE across networks that
across networks that might otherwise disallow it; for instance GRE- might otherwise disallow it; for instance GRE-in-UDP may be used to
in-UDP may be used to bridge two islands where GRE is not used bridge two islands where GRE is not supported natively across the
natively across the Internet. middleboxes.
This encapsulation method requires no changes to the transit IP This encapsulation method requires no changes to the transit IP
network. Hash functions in most existing IP routers may utilize and network. Hash functions in most existing IP routers may utilize and
benefit from the use of a GRE-in-UDP tunnel without needing any benefit from the use of a GRE-in-UDP tunnel without needing any
change or upgrade to their ECMP implementation. The encapsulation change or upgrade to their ECMP implementation. The encapsulation
mechanism is applicable to a variety of IP networks including Data mechanism is applicable to a variety of IP networks including Data
Center and wide area networks. Center and wide area networks.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e. tunnel-in-tunnel. In this case, GRE-in-UDP tunnel do traffic, i.e. tunnel-in-tunnel. In this case, GRE-in-UDP tunnel do
not differentiate such end hosts from other end hosts, i.e., not differentiate such end hosts from other end hosts, i.e.,
applying the same treatment for traffic from hosts and tunnel applying the same treatment for traffic from hosts and tunnel
endpoints. endpoints.
This document specifies GRE-in-UDP tunnel requirements for two This document specifies GRE-in-UDP tunnel requirements for two
applicability scenarios: (1) general Internet; (2) a traffic-managed applicability scenarios: (1) general Internet; (2) a traffic-managed
controlled environment. The controlled environment has less controlled environment. The controlled environment has less
restrictive requirements than the general Internet. restrictive requirements than the general Internet.
The document also specifies Datagram Transport Layer Security (DTLS)
version of GRE-in-UDP tunnel to be used where/when security is a
concern.
1.1. Terminology 1.1. Terminology
The terms defined in [RFC768][RFC2784] are used in this document. The terms defined in [RFC768] and [RFC2784] are used in this
document. Following are additional terms used in this draft.
A traffic-managed controlled environment: an IP network that is ECMP: Equal-Cost Multi-Path.
traffic-engineered and/or otherwise managed (e.g., via use of
traffic rate limiters) to avoid congestion happening.
TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a Flow Entropy: The information to be derived from traffic or
traffic-managed controlled environment that is defined in Section 2. applications and to be used by network devices in ECMP process
[RFC6438].
Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the
general Internet. general Internet.
ECMP: Equal-Cost Multi-Path TMCE: A Traffic-managed controlled environment, i.e. an IP network
that is traffic-engineered and/or otherwise managed (e.g., via use
of traffic rate limiters) to avoid congestion, as defined in Section
2.
TMCE: Traffic-managed controlled environment (defined in Section 2) TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a
traffic-managed controlled environment that is defined in Section 2.
1.2. Requirements Language 1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Applicability Statement 2. Applicability Statement
GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks. When GRE-in-UDP encapsulation as specified herein applies to IPv4 and
using GRE-in-UDP encapsulation, packets encapsulated by GRE-in-UDP IPv6 networks. When using GRE-in-UDP encapsulation, packets so
are treated as UDP datagrams by an IP network. As such, GRE-in-UDP encapsulated are treated as UDP datagrams by an IP network. As such,
tunnel needs to meet the UDP requirements specified in [RFC5405bis], a GRE-in-UDP tunnel needs to meet the UDP requirements specified in
which imposes the requirements on GRE-in-UDP tunnel usage. These [RFC5405bis], which imposes requirements on GRE-in-UDP tunnel usage.
requirements depend on both the delivery network and the nature of These requirements depend on both the delivery network and the
the encapsulated traffic. For example, the GRE-in-UDP tunnel nature of the encapsulated traffic. For example, the GRE-in-UDP
protocol does not provide any congestion control functionality tunnel protocol does not provide any congestion control
beyond that of the encapsulated traffic. Therefore, a GRE-in-UDP functionality beyond that of the encapsulated traffic. Therefore, a
tunnel MUST be used only with congestion controlled traffic (e.g., GRE-in-UDP tunnel MUST be used only with congestion controlled
IP traffic) and/or within a network that has traffic management traffic (e.g., IP unicast traffic) and/or within a network that has
capability to avoid congestion. traffic management capability to avoid congestion.
[RFC5405bis] considers two types of applicability where IETF [RFC5405bis] considers two types of IETF UDP applications: 1)
applications utilize UDP: 1) General Internet and 2) A controlled General Internet and 2) A controlled environment. The controlled
environment. The controlled environment means a single environment means a single administrative domain or bilaterally
administrative domain or bilaterally agreed connection between agreed connection between domains. A network forming a controlled
domains. A network forming a controlled environment can be environment can be managed/operated to meet certain conditions while
managed/operated to meet certain conditions while the general the general Internet cannot be; thus the requirements for a tunnel
Internet cannot be; thus the requirements for a tunnel protocol protocol operating under a controlled environment can be less
operating under a controlled environment can be less restrictive restrictive than the requirements in the general Internet.
than the requirements in the general Internet.
For the purpose of this document, a traffic-managed controlled For the purpose of this document, a traffic-managed controlled
environment is defined as an IP network that is traffic-engineered environment is defined as an IP network that is traffic-engineered
and/or otherwise managed (e.g., via use of traffic rate limiters) to and/or otherwise managed (e.g., via use of traffic rate limiters) to
avoid congestion happening. The document specifies GRE-in-UDP tunnel avoid congestion.
usage in the general Internet and specifies GRE-in-UDP tunnel usage
in a traffic-managed controlled environment. Furthermore, a default
GRE-in-UDP tunnel described in this document refers to the usage
over the general Internet; a TMCE GRE-in-UDP tunnel described in
this document refers to the usage in a traffic-managed controlled
environment.
2.1. GRE-in-UDP Tunnel Usage Requirements This document specifies GRE-in-UDP tunnel usage in the general
Internet and GRE-in-UDP tunnel usage in a traffic-managed controlled
environment and uses "default GRE-in-UDP tunnel" and "TMCE GRE-in-
UDP tunnel" terms to refer to each usage.
This section provides a summary of the requirements for a GRE-in-UDP 2.1. GRE-in-UDP Tunnel Requirements
tunnel. Section 2.1.1 describes the default usage of GRE-in-UDP
This section states out the requirements for a GRE-in-UDP tunnel.
Section 2.1.1 describes the requirements for a default GRE-in-UDP
tunnel that is suitable for the general Internet; Section 2.1.2 tunnel that is suitable for the general Internet; Section 2.1.2
describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel
used in a traffic-managed controlled environment. Both can be IPv4 used in a traffic-managed controlled environment. They are
or IPv6. applicable to an IPv4 or IPv6 delivery network.
2.1.1. Requirements for Default GRE-in-UDP Tunnel 2.1.1. Requirements for Default GRE-in-UDP Tunnel
The following is a summary of the default GRE-in-UDP requirements The following is a summary of the default GRE-in-UDP tunnel
for use over the general Internet: requirements:
1. A UDP checksum SHOULD be used when encapsulating in IPv4. 1. A UDP checksum SHOULD be used when encapsulating in IPv4.
2. A UDP checksum MUST be used when encapsulating in IPv6. 2. A UDP checksum MUST be used when encapsulating in IPv6.
3. GRE-in-UDP tunnel MUST NOT be used for traffic that does not 3. GRE-in-UDP tunnel MUST NOT be used for traffic that does not
implement congestion control. IP-traffic can be assumed to be implement congestion control. As stated in [RFC5405bis], IP-based
congestion-controlled. GRE-in-UDP tunnels are not appropriate for unicast traffic is generally assumed to be congestion-controlled,
other traffic that does not use congestion control. i.e., it is assumed that the transport protocols generating IP-based
traffic at the sender already employ mechanisms that are sufficient
to address congestion on the path. GRE-in-UDP tunnels are not
appropriate for traffic that is not known to be congestion-
controlled (e.g., IP multicast traffic).
4. UDP source port values that are used for flow entropy SHOULD be 4. UDP source port values that are used as a source of flow entropy
chosen from the ephemeral port range (49152-65535). SHOULD be chosen from the ephemeral port range (49152-
65535).[RFC5405bis]
5. The use of the UDP source port MUST be configurable so that a 5. The use of the UDP source port MUST be configurable so that a
single value can be set for all traffic within the tunnel (this single value can be set for all traffic within the tunnel (this
disables use of the UDP source port to provide flow entropy). When a disables use of the UDP source port to provide flow entropy). When a
single value is set, a random port SHOULD be selected in order to single value is set, a random port SHOULD be selected in order to
minimize the vulnerability to off-path attacks [RFC6056]. minimize the vulnerability to off-path attacks [RFC6056].
6. For IPv6 delivery networks, the flow entropy SHOULD also be 6. For IPv6 delivery networks, the flow entropy SHOULD also be
placed in the flow label field for ECMP per [RFC6438]. placed in the flow label field for ECMP per [RFC6438].
7. At the tunnel ingress, any fragmentation of the incoming packet 7. At the tunnel ingress, any fragmentation of the incoming packet
(e.g., because the tunnel has an MTU that is smaller than the packet (e.g., because the tunnel has an MTU that is smaller than the packet
SHOULD be performed before encapsulation [RFC7588]. In addition, the SHOULD be performed before encapsulation. In addition, the tunnel
tunnel ingress MUST apply the UDP checksum to all encapsulated ingress MUST apply the UDP checksum to all encapsulated fragments so
fragments so that the tunnel egress can validate reassembly of the that the tunnel egress can validate reassembly of the fragments; it
fragments; it MUST set the same DSCP value to all fragments. To MUST set the same DSCP value as in the DS field of the payload
avoid unwanted forwarding over multiple paths the same source UDP packet in all fragments [RFC2474]. To avoid unwanted forwarding over
port value SHOULD be set in all packet fragments. multiple paths, the same source UDP port value SHOULD be set in all
packet fragments.
2.1.2. Requirements Changes for TMCE GRE-in-UDP Tunnel 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel
The section lists the changed requirements for a TMCE GRE-in-UDP The section contains the TMCE GRE-in-UDP tunnel requirements. It
Tunnel that applies to a traffic-managed controlled environment. lists the changed requirements, compared with a Default GRE-in-UDP
This replaces requirements 1-3 listed in Section 2.1.1. The Tunnel, for a TMCE GRE-in-UDP Tunnel, which corresponds to the
requirements 4-7 in Section 2.1.1 remain unchanged for a TMCE GRE- requirements 1-3 listed in Section 2.1.1.
in-UDP Tunnel.
1. A UDP checksum SHOULD be used when encapsulating in IPv4. A 1. A UDP checksum SHOULD be used when encapsulating in IPv4. A
tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum, tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum,
since GRE has been designed to work without a UDP checksum [RFC2784]. since GRE has been designed to work without a UDP checksum [RFC2784].
However, a checksum also offers protection from mis-delivery to However, a checksum also offers protection from mis-delivery to
another port. another port.
2. Use of UDP checksum MUST be the default when encapsulating in 2. Use of UDP checksum MUST be the default when encapsulating in
IPv6. This default MAY be overridden via configuration of UDP zero- IPv6. This default MAY be overridden via configuration of UDP zero-
checksum mode. All usage of UDP zero-checksum mode with IPv6 is checksum mode. All usage of UDP zero-checksum mode with IPv6 is
subject to the additional requirements specified in Section 6.2. subject to the additional requirements specified in Section 6.2.
3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not 3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not
congestion controlled. congestion controlled.
The requirements 4-7 listed in Section 2.1.1 also apply to a TMCE
GRE-in-UDP Tunnel.
3. GRE-in-UDP Encapsulation 3. GRE-in-UDP Encapsulation
The GRE-in-UDP encapsulation format contains UDP header [RFC768] and The GRE-in-UDP encapsulation format contains a UDP header [RFC768]
GRE header [RFC2890]. The format is shown as follows: (presented in and a GRE header [RFC2890]. The format is shown as follows:
bit order) (presented in bit order)
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv4 Header: IPv4 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL |Type of Service| Total Length | |Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset | | Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live |Protcol=17(UDP)| Header Checksum | | Time to Live |Protcol=17(UDP)| Header Checksum |
skipping to change at page 7, line 38 skipping to change at page 7, line 38
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) | | Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IANA Note: Replace TBD1 and TBD2 with the IANA-assigned numbers
Figure 1 UDP+GRE Headers in IPv4 Figure 1 UDP+GRE Headers in IPv4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv6 Header: IPv6 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| Traffic Class | Flow Label | |Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | NxtHdr=17(UDP)| Hop Limit | | Payload Length | NxtHdr=17(UDP)| Hop Limit |
skipping to change at page 8, line 49 skipping to change at page 8, line 49
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | |C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) | | Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) | | Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IANA Note: Replace TBD1 and TBD2 with the IANA-assigned numbers
Figure 2 UDP+GRE Headers in IPv6 Figure 2 UDP+GRE Headers in IPv6
The contents of the IP, UDP, and GRE headers that are relevant in The contents of the IP, UDP, and GRE headers that are relevant in
this encapsulation are described below. this encapsulation are described below.
3.1. IP Header 3.1. IP Header
An encapsulator MUST encode its own IP address as the source IP An encapsulator MUST encode its own IP address as the source IP
address and the decapsulator's IP address as the destination IP address and the decapsulator's IP address as the destination IP
address. A sufficiently large value is needed in the IPv4 TTL field address. A sufficiently large value is needed in the IPv4 TTL field
skipping to change at page 9, line 41 skipping to change at page 9, line 41
to a flow e.g., the result of an algorithm that perform a hash of to a flow e.g., the result of an algorithm that perform a hash of
the tunnel ingress and egress IP address. the tunnel ingress and egress IP address.
The source port value for a flow set by an encapsulator MAY change The source port value for a flow set by an encapsulator MAY change
over the lifetime of the encapsulated flow. For instance, an over the lifetime of the encapsulated flow. For instance, an
encapsulator may change the assignment for Denial of Service (DOS) encapsulator may change the assignment for Denial of Service (DOS)
mitigation or as a means to effect routing through the ECMP network. mitigation or as a means to effect routing through the ECMP network.
An encapsulator SHOULD NOT change the source port selected for a An encapsulator SHOULD NOT change the source port selected for a
flow more than once every thirty seconds. flow more than once every thirty seconds.
Note: An IPv6 tunnel endpoint should copy a flow entropy value in An IPv6 GRE-in-UDP tunnel endpoint should copy a flow entropy value
the IPv6 flow label field (requirement 6). This permits network in the IPv6 flow label field (requirement 6). This permits network
equipment to inspect this value and utilize it during forwarding, equipment to inspect this value and utilize it during forwarding,
e.g. to perform ECMP [RFC6438]. e.g. to perform ECMP [RFC6438].
This document places requirements on the generation of the flow This document places requirements on the generation of the flow
entropy value but does not specify the algorithm that an entropy value [RFC5405bis] but does not specify the algorithm that
implementation should use to derive this value. an implementation should use to derive this value.
3.2.2. Destination Port 3.2.2. Destination Port
The destination port of the UDP header is set either GRE-in-UDP The destination port of the UDP header is set either GRE-in-UDP
(TBD1) or GRE-UDP-DTLS (TBD2) (see Section 5). IANA Note: Please (TBD1) or GRE-UDP-DTLS (TBD2) (see Section 5).
replace TBD1 and TBD2 with the IANA-assigned numbers.
3.2.3. Checksum 3.2.3. Checksum
The UDP checksum is set and processed per [RFC768] and [RFC1122] for The UDP checksum is set and processed per [RFC768] and [RFC1122] for
IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and
use of zero UDP checksums are detailed in Section 6. use of zero UDP checksums are detailed in Section 6.
3.2.4. Length 3.2.4. Length
The usage of this field is in accordance with the current UDP The usage of this field is in accordance with the current UDP
skipping to change at page 10, line 42 skipping to change at page 10, line 41
The GRE checksum MAY be enabled to protect the GRE header and The GRE checksum MAY be enabled to protect the GRE header and
payload. When the UDP checksum is enabled, it protects the GRE payload. When the UDP checksum is enabled, it protects the GRE
payload, resulting in the GRE checksum being mostly redundant. payload, resulting in the GRE checksum being mostly redundant.
Enabling both checksums may result in unnecessary processing. Since Enabling both checksums may result in unnecessary processing. Since
the UDP checksum covers the pseudo-header and the packet payload, the UDP checksum covers the pseudo-header and the packet payload,
including the GRE header and its payload, the UDP checksum SHOULD be including the GRE header and its payload, the UDP checksum SHOULD be
used in preference to using the GRE checksum. used in preference to using the GRE checksum.
An implementation MAY use the GRE keyid to authenticate the An implementation MAY use the GRE keyid to authenticate the
encapsulator. (See Security Section) In this model, a shared value encapsulator.(See Security Considerations Section) In this model, a
is either configured or negotiated between an encapsulator and shared value is either configured or negotiated between an
decapsulator. When a decapsulator determines a presented keyid is encapsulator and decapsulator. When a decapsulator determines a
not valid for the source, the packet MUST be dropped. presented keyid is not valid for the source, the packet MUST be
dropped.
Although GRE-in-UDP encapsulation protocol uses both UDP header and Although GRE-in-UDP encapsulation protocol uses both UDP header and
GRE header, it is one tunnel encapsulation protocol. GRE and UDP GRE header, it is one tunnel encapsulation protocol. GRE and UDP
headers MUST be applied and removed as a pair at the encapsulation headers MUST be applied and removed as a pair at the encapsulation
and decapsulation points. This specification does not support UDP and decapsulation points. This specification does not support UDP
encapsulation of a GRE header where that GRE header is applied or encapsulation of a GRE header where that GRE header is applied or
removed at a network node other than the UDP tunnel ingress or removed at a network node other than the UDP tunnel ingress or
egress. egress.
4. Encapsulation Process Procedures 4. Encapsulation Process Procedures
skipping to change at page 11, line 28 skipping to change at page 11, line 28
of UDP packets. of UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator Upon receiving these UDP encapsulated packets, the decapsulator
decapsulates them by removing the UDP and GRE headers and then decapsulates them by removing the UDP and GRE headers and then
processes them accordingly. processes them accordingly.
GRE-in-UDP allows encapsulation of unicast, IPv4 broadcast, or GRE-in-UDP allows encapsulation of unicast, IPv4 broadcast, or
multicast traffic. Entropy may be generated from the header of multicast traffic. Entropy may be generated from the header of
encapsulated packets at an encapsulator. The mapping mechanism encapsulated packets at an encapsulator. The mapping mechanism
between the encapsulated multicast traffic and the multicast between the encapsulated multicast traffic and the multicast
capability in the IP network is transparent and independent to the capability in the IP network is transparent and independent of the
encapsulation and is otherwise outside the scope of this document. encapsulation and is otherwise outside the scope of this document.
To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep- To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep-
alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP
tunnel. This aligns with middlebox traversal guidelines in Section tunnel. This aligns with middlebox traversal guidelines in Section
3.5 of [RFC5405bis]. 3.5 of [RFC5405bis].
4.1. MTU and Fragmentation 4.1. MTU and Fragmentation
Regarding packet fragmentation, an encapsulator/decapsulator SHOULD Regarding packet fragmentation, an encapsulator/decapsulator SHOULD
be compliant with [RFC7588] and perform fragmentation before the perform fragmentation before the encapsulation. The size of
encapsulation. The size of fragments SHOULD be less or equal to the fragments SHOULD be less or equal to the PMTU associated with the
PMTU associated with the path between the GRE ingress and the GRE path between the GRE ingress and the GRE egress tunnel endpoints
egress tunnel endpoints minus the GRE and UDP overhead, assuming the minus the GRE and UDP overhead, assuming the egress resemble MTU is
egress resemble MTU is larger than PMTU. When applying payload larger than PMTU. When applying payload fragmentation, the UDP
fragmentation, the UDP checksum MUST be used so that the receiving checksum MUST be used so that the receiving endpoint can validate
endpoint can validate reassembly of the fragments; the same src UDP reassembly of the fragments; the same source UDP port SHOULD be used
port SHOULD be used for all packet fragments to ensure the transit for all packet fragments to ensure the transit routers will forward
routers will forward the fragments on the same path. the fragments on the same path.
If the operator of the transit network supporting the tunnel is able If the operator of the transit network supporting the tunnel is able
to control the payload MTU size, the MTU SHOULD be configured to to control the payload MTU size, the MTU SHOULD be configured to
avoid fragmentation, i.e., sufficient for the largest supported size avoid fragmentation, i.e., sufficient for the largest supported size
of packet, including all additional bytes introduced by the tunnel of packet, including all additional bytes introduced by the tunnel
overhead [RFC5405bis]. overhead [RFC5405bis].
4.2. Differentiated Services and ECN Marking 4.2. Differentiated Services and ECN Marking
To ensure that tunneled traffic receives the same treatment over the To ensure that tunneled traffic receives the same treatment over the
IP network, prior to the encapsulation process, an encapsulator IP network as traffic that is not tunneled, prior to the
processes the tunneled IP packet headers to retrieve appropriate encapsulation process, an encapsulator processes the tunneled IP
parameters for the encapsulating IP packet header such as DiffServ packet headers to retrieve appropriate parameters for the
[RFC2983]. Encapsulation end points that support Explicit Congestion encapsulating IP packet header such as DiffServ [RFC2983].
Encapsulation end points that support Explicit Congestion
Notification (ECN) must use the method described in [RFC6040] for Notification (ECN) must use the method described in [RFC6040] for
ECN marking propagation. The congestion control process is outside ECN marking propagation. The congestion control process is outside
of the scope of this document. of the scope of this document.
Additional information on IP header processing is provided in Additional information on IP header processing is provided in
Section 3.1. Section 3.1.
5. Use of DTLS 5. Use of DTLS
Datagram Transport Layer Security (DTLS) [RFC6347] can be used for Datagram Transport Layer Security (DTLS) [RFC6347] can be used for
application security and can preserve network and transport layer application security and can preserve network and transport layer
protocol information. Specifically, if DTLS is used to secure the protocol information. Specifically, if DTLS is used to secure the
GRE-in-UDP tunnel, the destination port of the UDP header MUST be GRE-in-UDP tunnel, the destination port of the UDP header MUST be
set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS, set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS,
and that UDP port MUST NOT be used for other traffic. The UDP and that UDP port MUST NOT be used for other traffic. The UDP source
source port field can still be used to add entropy, e.g., for load- port field can still be used to add entropy, e.g., for load-sharing
sharing purposes. DTLS usage is limited to a single DTLS session purposes. DTLS applies to a default GRE-in-UDP tunnel and a TMCE
for any specific tunnel encapsulator/ decapsulator pair (identified GRE-in-UDP tunnel.
by source and destination IP addresses). Both IP addresses MUST be
unicast addresses - multicast traffic is not supported when DTLS is
used. A GRE-in-UDP tunnel decapsulator that supports DTLS is
expected to be able to establish DTLS sessions with multiple tunnel
encapsulators, and likewise an GRE-in-UDP tunnel encapsulator is
expected to be able to establish DTLS sessions with multiple
decapsulators (although different source and/or destination IP
addresses may be involved (see Section 6.2) for discussion of one
situation where use of different source IP addresses is important).
IANA Note: Please replace TBD2 with the IANA-assigned numbers. Use of DTLS is limited to a single DTLS session for any specific
tunnel encapsulator/decapsulator pair (identified by source and
destination IP addresses). Both IP addresses MUST be unicast
addresses - multicast traffic is not supported when DTLS is used. A
GRE-in-UDP tunnel decapsulator that supports DTLS is expected to be
able to establish DTLS sessions with multiple tunnel encapsulators,
and likewise a GRE-in-UDP tunnel encapsulator is expected to be able
to establish DTLS sessions with multiple decapsulators. Different
source and/or destination IP addresses will be involved (see Section
6.2) for discussion of one situation where use of different source
IP addresses is important.
If an application already performs encryption, no need to encrypt
traffic again. Applying DTLS to a GRE-in-UDP tunnel requires both
tunnel end points to configure use of DTLS.
6. UDP Checksum Handling 6. UDP Checksum Handling
6.1. UDP Checksum with IPv4 6.1. UDP Checksum with IPv4
For UDP in IPv4, the UDP checksum MUST be processed as specified in For UDP in IPv4, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC1122] for both transmit and receive. The IPv4 [RFC768] and [RFC1122] for both transmit and receive. The IPv4
header includes a checksum which protects against mis-delivery of header includes a checksum that protects against mis-delivery of the
the packet due to corruption of IP addresses. The UDP checksum packet due to corruption of IP addresses. The UDP checksum
potentially provides protection against corruption of the UDP header, potentially provides protection against corruption of the UDP header,
GRE header, and GRE payload. Disabling the use of checksums is a GRE header, and GRE payload. Disabling the use of checksums is a
deployment consideration that should take into account the risk and deployment consideration that should take into account the risk and
effects of packet corruption. effects of packet corruption.
When a decapsulator receives a packet, the UDP checksum field MUST When a decapsulator receives a packet, the UDP checksum field MUST
be processed. If the UDP checksum is non-zero, the decapsulator MUST be processed. If the UDP checksum is non-zero, the decapsulator MUST
verify the checksum before accepting the packet. By default a verify the checksum before accepting the packet. By default a
decapsulator SHOULD accept UDP packets with a zero checksum. A node decapsulator SHOULD accept UDP packets with a zero checksum. A node
MAY be configured to disallow zero checksums per [RFC1122]; this may MAY be configured to disallow zero checksums per [RFC1122]; this may
skipping to change at page 14, line 12 skipping to change at page 14, line 18
the operator is willing to take the risk of undetected packet the operator is willing to take the risk of undetected packet
corruption. corruption.
c. Carrying applications that are tolerant of mis-delivered or c. Carrying applications that are tolerant of mis-delivered or
corrupted packets (perhaps through higher layer checksum, corrupted packets (perhaps through higher layer checksum,
validation, and retransmission or transmission redundancy) where validation, and retransmission or transmission redundancy) where
the operator is willing to rely on the applications using the the operator is willing to rely on the applications using the
tunnel to survive any corrupt packets. tunnel to survive any corrupt packets.
The following requirements apply to a TMCE GRE-in-UDP tunnel that The following requirements apply to a TMCE GRE-in-UDP tunnel that
use UDP zero-checksum mode: uses UDP zero-checksum mode:
a. Use of the UDP checksum with IPv6 MUST be the default a. Use of the UDP checksum with IPv6 MUST be the default
configuration of all GRE-in-UDP tunnels. configuration of all GRE-in-UDP tunnels.
b. The GRE-in-UDP tunnel implementation MUST comply with all b. The GRE-in-UDP tunnel implementation MUST comply with all
requirements specified in Section 4 of [RFC6936] and with requirements specified in Section 4 of [RFC6936] and with
requirement 1 specified in Section 5 of [RFC6936]. requirement 1 specified in Section 5 of [RFC6936].
c. The tunnel decapsulator SHOULD only allow the use of UDP zero- c. The tunnel decapsulator SHOULD only allow the use of UDP zero-
checksum mode for IPv6 on a single received UDP Destination checksum mode for IPv6 on a single received UDP Destination
skipping to change at page 14, line 48 skipping to change at page 15, line 7
regardless of the decapsulator in order to strengthen the regardless of the decapsulator in order to strengthen the
decapsulator's check of the IPv6 source address (i.e., the same decapsulator's check of the IPv6 source address (i.e., the same
IPv6 source address SHOULD NOT be used with more than one IPv6 IPv6 source address SHOULD NOT be used with more than one IPv6
destination address, independent of whether that destination destination address, independent of whether that destination
address is a unicast or multicast address). When this is not address is a unicast or multicast address). When this is not
possible, it is RECOMMENDED to use each source IPv6 address for possible, it is RECOMMENDED to use each source IPv6 address for
as few UDP zero-checksum mode GRE-in-UDP tunnels as is feasible. as few UDP zero-checksum mode GRE-in-UDP tunnels as is feasible.
f. When any middlebox exists on the path of a GRE-in-UDP tunnel, f. When any middlebox exists on the path of a GRE-in-UDP tunnel,
it is RECOMMENDED to use the default mode, i.e. use UDP it is RECOMMENDED to use the default mode, i.e. use UDP
checksum, to reduce the chance that the encapsulated packets to checksum, to reduce the chance that the encapsulated packets
be dropped. will be dropped.
g. Any middlebox that allows the UDP zero-checksum mode for IPv6 g. Any middlebox that allows the UDP zero-checksum mode for IPv6
MUST comply with requirement 1 and 8-10 in Section 5 of MUST comply with requirement 1 and 8-10 in Section 5 of
[RFC6936]. [RFC6936].
h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP
checksums from "escaping" to the general Internet; see Section checksums from "escaping" to the general Internet; see Section
8 for examples of such measures. 8 for examples of such measures.
i. IPv6 traffic with zero UDP checksums MUST be actively monitored i. IPv6 traffic with zero UDP checksums MUST be actively monitored
skipping to change at page 15, line 31 skipping to change at page 15, line 36
The above requirements do not change either the requirements The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936]. specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the strong recommendation against destination IPv6 address, plus the strong recommendation against
reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively
provide some mitigation for the absence of UDP checksum coverage of provide some mitigation for the absence of UDP checksum coverage of
the IPv6 header. A traffic-managed controlled environment that the IPv6 header. A traffic-managed controlled environment that
satisfies at least one of three conditions listed above in this satisfies at least one of three conditions listed at the beginning
section provides additional assurance. of this section provides additional assurance.
A GRE-in-UDP tunnel is suitable for transmission over lower layers A GRE-in-UDP tunnel is suitable for transmission over lower layers
in the traffic-managed controlled environments that are allowed by in the traffic-managed controlled environments that are allowed by
the exceptions stated above and the rate of corruption of the inner the exceptions stated above and the rate of corruption of the inner
IP packet on such networks is not expected to increase by comparison IP packet on such networks is not expected to increase by comparison
to GRE traffic that is not encapsulated in UDP. For these reasons, to GRE traffic that is not encapsulated in UDP. For these reasons,
GRE-in-UDP does not provide an additional integrity check except GRE-in-UDP does not provide an additional integrity check except
when GRE checksum is used when UDP zero-checksum mode is used with when GRE checksum is used when UDP zero-checksum mode is used with
IPv6, and this design is in accordance with requirements 2, 3 and 5 IPv6, and this design is in accordance with requirements 2, 3 and 5
specified in Section 5 of [RFC6936]. specified in Section 5 of [RFC6936].
Generic Router Encapsulation (GRE) does not accumulate incorrect Generic Router Encapsulation (GRE) does not accumulate incorrect
state as a consequence of GRE header corruption. A corrupt GRE transport layer state as a consequence of GRE header corruption. A
packet may result in either packet discard or forwarding of the corrupt GRE packet may result in either packet discard or forwarding
packet without accumulation of GRE state. Active monitoring of GRE- of the packet without accumulation of GRE state. Active monitoring
in-UDP traffic for errors is REQUIRED as occurrence of errors will of GRE-in-UDP traffic for errors is REQUIRED as occurrence of errors
result in some accumulation of error information outside the will result in some accumulation of error information outside the
protocol for operational and management purposes. This design is in protocol for operational and management purposes. This design is in
accordance with requirement 4 specified in Section 5 of [RFC6936]. accordance with requirement 4 specified in Section 5 of [RFC6936].
The remaining requirements specified in Section 5 of [RFC6936] are The remaining requirements specified in Section 5 of [RFC6936] are
not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply
because GRE does not include a control feedback mechanism. because GRE does not include a control feedback mechanism.
Requirements 8-10 are middlebox requirements that do not apply to Requirements 8-10 are middlebox requirements that do not apply to
GRE-in-UDP tunnel endpoints (see Section 7.1 for further middlebox GRE-in-UDP tunnel endpoints (see Section 7.1 for further middlebox
discussion). discussion).
skipping to change at page 17, line 19 skipping to change at page 17, line 25
updates the UDP checksum field, such as NATs or firewalls. Changing updates the UDP checksum field, such as NATs or firewalls. Changing
this behavior would require such middleboxes to be updated to this behavior would require such middleboxes to be updated to
correctly handle datagrams with zero UDP checksums. The GRE-in-UDP correctly handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over using a checksum when a path change occurs redirecting a tunnel over
a path that includes a middlebox that discards IPv6 datagrams with a a path that includes a middlebox that discards IPv6 datagrams with a
zero UDP checksum. In this case the GRE-in-UDP tunnel will be black- zero UDP checksum. In this case the GRE-in-UDP tunnel will be black-
holed by that middlebox. holed by that middlebox.
As such, when any middlebox exists on the path of GRE-in-UDP tunnel, As such, when any middlebox exists on the path of GRE-in-UDP tunnel,
it is RECOMMENDED to use the UDP checksum to increase the use of the UDP checksum is RECOMMENDED to increase the probability
probability of successful transmission of GRE-in-UDP packets. of successful transmission of GRE-in-UDP packets. Recommended
Recommended changes to allow firewalls, NATs and other middleboxes changes to allow firewalls, NATs and other middleboxes to support
to support use of an IPv6 zero UDP checksum are described in Section use of an IPv6 zero UDP checksum are described in Section 5 of
5 of [RFC6936]. [RFC6936].
8. Congestion Considerations 8. Congestion Considerations
Section 3.1.9 of [RFC5405bis] discussed the congestion implications Section 3.1.9 of [RFC5405bis] discusses the congestion
of UDP tunnels. As discussed in [RFC5405bis], because other flows considerations for design and use of UDP tunnels; this is important
can share the path with one or more UDP tunnels, congestion control because other flows could share the path with one or more UDP
[RFC2914] needs to be considered. tunnels, necessitating congestion control [RFC2914] to avoid
distractive interference.
The impact of congestion must be considered both in terms of the
effect on the rest of the network containing a UDP, and in terms of
the effect on the flows using the UDP tunnels. The potential impact
of congestion from a UDP tunnel depends upon what sort of traffic is
carried over the tunnel, as well as the path of the tunnel.
In many cases, a GRE-in-UDP tunnel is used to carry IP traffic. IP
traffic is generally assumed to be congestion controlled, and thus a
tunnel carrying general IP traffic generally does not need
additional congestion control mechanisms.
A default GRE-in-UDP tunnel can be used to carry IP traffic that is Congestion has potential impacts both on the rest of the network
known to be congestion controlled on the Internet. Internet IP containing a UDP tunnel, and on the traffic flows using the UDP
traffic is generally assumed to be congestion-controlled. The tunnels. These impacts depend upon what sort of traffic is carried
default usage MUST NOT be used over the general Internet, or over over the tunnel, as well as the path of the tunnel. A default GRE-
non-cooperating network operators, to carry traffic that is not in-UDP tunnel MAY be used to carry IP traffic that is known to be
congestion controlled on the Internet. IP unicast traffic is
generally assumed to be congestion-controlled. A default GRE-in-UDP
tunnel MUST NOT be used to carry traffic that is not known to be
congestion-controlled. congestion-controlled.
A TMCE GRE-in-UDP tunnel can be used to carry traffic that is not A TMCE GRE-in-UDP tunnel can be used to carry traffic that is known
necessarily congestion controlled. For example, GRE-in-UDP may be not to be congestion controlled. For example, GRE-in-UDP may be used
used to carry MPLS that carries pseudowire or VPN traffic where to carry MPLS that carries pseudowire or VPN traffic where specific
specific bandwidth guarantees are provided to each pseudowire or to bandwidth guarantees are provided to each pseudowire or to each VPN.
each VPN. In such cases, network operators may avoid congestion by In such cases, network operators may avoid congestion by careful
careful provisioning of their networks, by rate limiting of user provisioning of their networks, by rate limiting of user data
data traffic, and traffic engineering according to path capacity. traffic, and traffic engineering according to path capacity.
For this reason, when a TMCE GRE-in-UDP tunnel carries this type of
traffic, the usage MUST be constrained to a traffic-managed When a TMCE GRE-in-UDP tunnel carries traffic that is not known to
controlled environment (e.g., single operator network that utilizes be congestion controlled, the tunnel MUST be used within a traffic-
careful provisioning (e.g., rate limiting at the entries of the managed controlled environment (e.g., single operator network that
network while over-provisioning network capacity) to manage utilizes careful provisioning such as rate limiting at the entries
of the network while over-provisioning network capacity) to manage
congestion, or within a limited number of networks whose operators congestion, or within a limited number of networks whose operators
closely cooperate in order to jointly provide this same careful closely cooperate in order to jointly provide this same careful
provisioning. provisioning. When a TMCE GRE-in-UDP tunnel is used to carry the
traffic that is not known to be congestion controlled, measures
When a TMCE GRE-in-UDP tunnel is used to carry the traffic that is SHOULD be taken to prevent the GRE-in-UDP traffic from "escaping" to
not necessary congestion controlled, measures SHOULD be taken to the general Internet, e.g.:
prevent non-congestion-controlled GRE-in-UDP traffic from "escaping"
to the general Internet, e.g.:
o Physical or logical isolation of the links carrying GRE-in-UDP o Physical or logical isolation of the links carrying GRE-in-UDP
from the general Internet. from the general Internet.
o Deployment of packet filters that block the UDP ports assigned o Deployment of packet filters that block the UDP ports assigned
for GRE-in-UDP. for GRE-in-UDP.
o Imposition of restrictions on GRE-in-UDP traffic by software o Imposition of restrictions on GRE-in-UDP traffic by software
tools used to set up GRE-in-UDP tunnels between specific end tools used to set up GRE-in-UDP tunnels between specific end
systems (as might be used within a single data center). For systems (as might be used within a single data center) or by
examples, a GRE-in-UDP tunnel only carries IP traffic or a GRE- tunnel ingress nodes for tunnels that don't terminate at end
in-UDP tunnel supports NVGRE encapsulation [RFC7637] only systems.
(Although the payload type is Ethernet in NVGRE, NVGRE protocol
mandates that the payload of Ethernet is IP).
o Use of a "Circuit Breaker" for the tunneled traffic as described o Use of a "Circuit Breaker" for the tunneled traffic as described
in [CB]. in [CB].
9. Backward Compatibility 9. Backward Compatibility
In general, tunnel ingress routers have to be upgraded in order to In general, tunnel ingress routers have to be upgraded in order to
support the encapsulations described in this document. support the encapsulations described in this document.
No change is required at transit routers to support forwarding of No change is required at transit routers to support forwarding of
the encapsulation described in this document. the encapsulation described in this document.
If a tunnel endpoint (a host or router) that is intended for use as If a tunnel endpoint (a host or router) that is intended for use as
a decapsulator does not support or enable the GRE-in-UDP a decapsulator does not support or enable the GRE-in-UDP
encapsulation described in this document, it is not that an endpoint encapsulation described in this document, that endpoint will not
will listen on the destination port assigned to the GRE- listen on the destination port assigned to the GRE-encapsulation
encapsulation (TBD1 and TBD2). In these cases, the endpoint will (TBD1 and TBD2). In these cases, the endpoint will perform normal
perform normal UDP processing and respond to an encapsulator with an UDP processing and respond to an encapsulator with an ICMP message
ICMP message indicating "port unreachable" according to [RFC792]. indicating "port unreachable" according to [RFC792]. Upon receiving
Upon receiving this ICMP message, the node MUST NOT continue to use this ICMP message, the node MUST NOT continue to use GRE-in-UDP
GRE-in-UDP encapsulation toward this peer without management encapsulation toward this peer without management intervention.
intervention.
IANA NOTE: Please replace TBD1 and TBD2 with the IANA-assigned
numbers.
10. IANA Considerations 10. IANA Considerations
IANA is requested to make the following allocations: IANA is requested to make the following allocations:
One UDP destination port number for the indication of GRE One UDP destination port number for the indication of GRE,
Service Name: GRE-in-UDP Service Name: GRE-in-UDP
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation Description: GRE-in-UDP Encapsulation
Reference: [This.I-D] Reference: [This.I-D]
Port Number: TBD1 Port Number: TBD1
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
One UDP destination port number for the indication of GRE with DTLS Editor Note: replace "TBD1" with IANA assigned number in this
document.
One UDP destination port number for the indication of GRE with DTLS,
Service Name: GRE-UDP-DTLS Service Name: GRE-UDP-DTLS
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation with DTLS Description: GRE-in-UDP Encapsulation with DTLS
Reference: [This.I-D] Reference: [This.I-D]
Port Number: TBD2 Port Number: TBD2
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
Editor Note: replace "TBD2" with IANA assigned number in this
document.
11. Security Considerations 11. Security Considerations
GRE-in-UDP encapsulation does not affect security for the payload GRE-in-UDP encapsulation does not affect security for the payload
protocol. When using GRE-in-UDP, Network Security in a network is protocol. When using GRE-in-UDP, Network Security in a network is
mostly equivalent to that of a network using GRE. mostly equivalent to that of a network using GRE.
To secure original traffic, DTLS SHOULD be used. (See Section 5) To secure original traffic, DTLS SHOULD be used as specified in
Section 5.
In the case that UDP source port for entropy usage is disabled, a In the case that UDP source port for entropy usage is disabled, a
random port SHOULD be selected in order to minimize the random port SHOULD be selected in order to minimize the
vulnerability to off-path attacks.[RFC6056] The random port may also vulnerability to off-path attacks.[RFC6056] The random port may also
be periodically changed to mitigate certain denial of service be periodically changed to mitigate certain denial of service
attacks as mentioned in Section 3.2.1. attacks as mentioned in Section 3.2.1.
Using one standardized value as the UDP destination port for an Using one standardized value as the UDP destination port to indicate
encapsulation indication may increase the vulnerability of off-path an encapsulation may increase the vulnerability of off-path attack.
attack. To overcome this, an alternate port may be agreed upon to To overcome this, an alternate port may be agreed upon to use
use between an encapsulator and decapsulator [RFC6056]. How the between an encapsulator and decapsulator [RFC6056]. How the
encapsulator end points communicate the value is outside scope of encapsulator end points communicate the value is outside scope of
this document. this document.
This document does not require that a decapsulator validates the IP This document does not require that a decapsulator validates the IP
source address of the tunneled packets (with the exception that the source address of the tunneled packets (with the exception that the
IPv6 source address MUST be validated when UDP zero-checksum mode is IPv6 source address MUST be validated when UDP zero-checksum mode is
used with IPv6), but it should be understood that failure to do so used with IPv6), but it should be understood that failure to do so
presupposes that there is effective destination-based (or a presupposes that there is effective destination-based (or a
combination of source-based and destination-based) filtering at the combination of source-based and destination-based) filtering at the
boundaries. boundaries.
Corruption of a GRE header can cause a privacy and security concern Corruption of a GRE header can cause a privacy and security concern
for some applications that rely on the key field for traffic for some applications that rely on the key field for traffic
segregation. When GRE key field is used for privacy and security, segregation. When the GRE key field is used for privacy and security,
ether UDP checksum or GRE checksum SHOULD be used for GRE-in-UDP ether UDP checksum or GRE checksum SHOULD be used for GRE-in-UDP
with both IPv4 and IPv6, and in particular, when UDP zero-checksum with both IPv4 and IPv6, and in particular, when UDP zero-checksum
mode is used, GRE checksum SHOULD be used. mode is used, GRE checksum SHOULD be used.
12. Acknowledgements 12. Acknowledgements
Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger
Geib, Lar Edds, Lloyd Wood, Bob Briscoe, and many others for their Geib, Lar Edds, Lloyd Wood, Bob Briscoe, and many others for their
review and valuable input on this draft. review and valuable input on this draft.
Thank Donald Eastlake, Eliot Lear, and Martin Stiemerling for their
detail reviews and valuable suggestions in WGLC process.
Thank the design team led by David Black (members: Ross Callon, Thank the design team led by David Black (members: Ross Callon,
Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the
descriptions for the congestion considerations and IPv6 UDP zero descriptions for the congestion considerations and IPv6 UDP zero
checksum. checksum.
Thank David Black and Gorry Fairhurst for their great help in Thank David Black and Gorry Fairhurst for their great help in
document editing. document content and editing.
13. Contributors 13. Contributors
The following people all contributed significantly to this document The following people all contributed significantly to this document
and are listed below in alphabetical order: and are listed below in alphabetical order:
David Black David Black
EMC Corporation EMC Corporation
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
skipping to change at page 23, line 33 skipping to change at page 23, line 37
[RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC
792, September 1981. 792, September 1981.
[RFC793] DARPA, "Transmission Control Protocol", RFC793, September [RFC793] DARPA, "Transmission Control Protocol", RFC793, September
1981. 1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998. (IPv6) Specification", RFC 2460, December 1998.
[RFC2474] Nichols K., Blake S., Baker F., Black D., "Definition of
the Differentiated Services Field (DS Field) in the IPv4
and IPv6 Headers", December 1998.
[RFC2914] Floyd, S.,"Congestion Control Principles", RFC2914, [RFC2914] Floyd, S.,"Congestion Control Principles", RFC2914,
September 2000. September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983, [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000. October 2000.
[RFC4787] Audet, F., et al, "network Address Translation (NAT) [RFC4787] Audet, F., et al, "network Address Translation (NAT)
Behavioral Requirements for Unicast UDP", RFC4787, January Behavioral Requirements for Unicast UDP", RFC4787, January
2007. 2007.
[RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport- [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
Protocol Port Randomization", RFC6056, January 2011. Protocol Port Randomization", RFC6056, January 2011.
[RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for [RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for
Equal Cost Multipath Routing and Link Aggreation in Equal Cost Multipath Routing and Link Aggreation in
Tunnels", RFC6438, November 2011. Tunnels", RFC6438, November 2011.
[RFC7588] Bonica, R., "A Fragmentation Strategy for Generic Routing
Encapsulation (GRE)", RFC7588, July 2015.
[RFC7637] Garg, P. and Wang, Y., "NVGRE: Network Virtualization [RFC7637] Garg, P. and Wang, Y., "NVGRE: Network Virtualization
Using Generic Routing Encapsulation", RFC7637, September Using Generic Routing Encapsulation", RFC7637, September
2015. 2015.
[RFC7676] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for [RFC7676] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for
Generic Routing Encapsulation (GRE)", RFC7676, October Generic Routing Encapsulation (GRE)", RFC7676, October
2015. 2015.
[CB] Fairhurst, G., "Network Transport Circuit Breakers", [CB] Fairhurst, G., "Network Transport Circuit Breakers",
draft-ietf-tsvwg-circuit-breaker-13, work in progress. draft-ietf-tsvwg-circuit-breaker-13, work in progress.
15. Authors' Addresses 15. Authors' Addresses
Edward Crabbe
Email: edward.crabbe@gmail.com
Lucy Yong Lucy Yong
Huawei Technologies, USA Huawei Technologies, USA
Email: lucy.yong@huawei.com Email: lucy.yong@huawei.com
Edward Crabbe
Oracle
Email: edward.crabbe@gmail.com
Xiaohu Xu Xiaohu Xu
Huawei Technologies, Huawei Technologies,
Beijing, China Beijing, China
Email: xuxiaohu@huawei.com Email: xuxiaohu@huawei.com
Tom Herbert Tom Herbert
Facebook Facebook
1 Hacker Way 1 Hacker Way
Menlo Park, CA Menlo Park, CA
 End of changes. 67 change blocks. 
220 lines changed or deleted 234 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/