Network working group X. Xu Internet Draft Huawei Category: Standard Track N. Sheth Contrail Systems L. Yong Z. Li Huawei Y. Fan China Telecom Expires: May 2013 December 3, 2012 Encapsulating MPLS in UDP draft-xu-mpls-in-udp-04 Abstract Existing technologies to encapsulate MPLS over IP are not adequate for efficient load balancing across IP networks. This document specifies additional IP-based encapsulation technology, referred to as MPLS-in-UDP, which can facilitate the load balancing of MPLS application traffic, such as L2VPN and L3VPN traffic, across IP networks. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Xu, et al. Expires May 3, 2013 [Page 1] Internet-Draft Encapsulating MPLS in UDP December 2012 This Internet-Draft will expire on May 3, 2013. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. Table of Contents 1. Introduction ................................................ 3 1.1. Existing Technologies .................................. 3 1.2. Motivations for MPLS-in-UDP Encapsulation .............. 4 2. Terminology ................................................. 4 3. Encapsulation in UDP......................................... 4 4. Signaling for Encapsulation in UDP .......................... 5 5. Processing Procedures ....................................... 5 6. Applicability ............................................... 6 7. Security Considerations ..................................... 6 8. IANA Considerations ......................................... 6 9. Acknowledgements ............................................ 6 10. References ................................................. 7 10.1. Normative References .................................. 7 10.2. Informative References ................................ 7 Authors' Addresses ............................................. 8 Xu, et al. Expires May 3, 2013 [Page 2] Internet-Draft Encapsulating MPLS in UDP December 2012 1. Introduction To fully utilize the bandwidth available in IP networks and/or facilitate recovery from a link or node failure, load balancing of traffic over Equal Cost Multi-Path (ECMP) and/or Link Aggregation Group (LAG) across the IP networks is widely used. In effect, most existing core routers in IP networks are already capable of distributing IP traffic flows over ECMP paths and/or LAG based on the hash of the five-tuple of UDP/TCP packets (i.e., source IP address, destination IP address, source port, destination port, and protocol). In Practice, there are some Multi-Protocol Label Switching (MPLS) application scenarios where the traffic of MPLS applications (e.g., MPLS-based Layer2 Virtual Private Network (L2VPN) or Layer3 Virtual Private Network (L3VPN) needs to be transported through IP-based tunnels, rather than MPLS tunnels. For example, MPLS-based L2VPN or L3VPN technologies may be used for interconnecting geographically dispersed enterprise data centers or branch offices across IP Wide Area Networks (WAN) where enterprise own router devices are deployed as L2VPN or L3VPN PE routers. In this case, the load balance of the MPLS application traffic across IP networks is much desirable. 1.1. Existing Technologies With existing IP-based encapsulation methods for MPLS applications, such as MPLS-in-IP and MPLS-in-Generic Routing Encapsulation (GRE) [RFC4023] or even MPLS-in-Layer Two Tunneling Protocol - Version 3 (L2TPv3)[RFC4817], distinct customer traffic flows between a given PE router pair would be encapsulated with the same IP-based tunnel headers prior to traversing the core of the IP WAN. Since the encapsulated traffic is neither TCP nor UDP traffic, core routers could only perform hash calculation on fields in the IP headers of those tunnels (i.e., source IP address, destination IP address). As a result, core routers could not achieve a fine-grained load balancing of these traffic flows across the network core due to the lack of adequate entropy information. [RFC5640] describes a method for improving the load balancing efficiency in a network carrying Softwire Mesh [RFC5460] service over L2TPv3 and GRE encapsulation. However, this method requires core routers to be capable of performing hash calculation on the "load-balancing" field contained in the tunnel encapsulation headers (i.e., the Session ID field in the L2TPv3 header or the Key field in the GRE header), which means a non-trivial change to the date plane of core routers. Xu, et al. Expires May 3, 2013 [Page 3] Internet-Draft Encapsulating MPLS in UDP December 2012 1.2. Motivations for MPLS-in-UDP Encapsulation On basis of the fact that most existing core routers (i.e., P routers in the context of MPLS-based L2VPN or L3VPN) are already capable of balancing IP traffic flows over the IP networks based on the hash of the five-tuple of UDP/TCP packets, it would be advantageous to use MPLS-in-UDP encapsulation instead of MPLS-in-GRE or MPLS-in-L2TPv3 in such environments. In this way, the default load-balancing capability of existing core routers as mentioned above can be utilized directly without requiring any change to them. 2. Terminology This memo makes use of the terms defined in [RFC4364] and [RFC4664]. 3. Encapsulation in UDP MPLS-in-UDP encapsulation format is shown as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port = entropy | Dest Port = MPLS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ MPLS Packet ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Port of UDP This field contains an entropy value that is generated by the ingress PE router. For example, the entropy value can be generated by performing hash calculation on certain fields in the customer packets (e.g., the five tuple of UDP/TCP packets). To ensure that the source port number is always in the range 49152 to 65535 which may be required in some cases, instead of calculating a 16-bit hash, the ingress PE router could calculate a 14- bit hash and use those 14 bits as the least significant bits of the source port field while the most significant two bits would be set to binary 11. That still conveys 14 bits of entropy information which would be enough as well in practice. Xu, et al. Expires May 3, 2013 [Page 4] Internet-Draft Encapsulating MPLS in UDP December 2012 Destination Port of UDP This field is set to a value (TBD) indicating the MPLS packet encapsulated in the UDP header is a MPLS one or a MPLS one with upstream-assigned label. UDP Length The usage of this field is in accordance with the current UDP specification. UDP Checksum The usage of this field is in accordance with the current UDP specification. To simplify the operation on egress PE routers, this field is recommended to be set to zero. 4. Signaling for Encapsulation in UDP It is necessary for two end points of a tunnel to signal the tunnel encapsulation attributes in some situations. [RFC5512] specifies Border Gateway Protocol (BGP) protocol extensions and the mechanisms for BGP routers to signal tunnel encapsulation attributes among them. In those MPLS applications (e.g., BGP/MPLS IP VPN [RFC4364]) where BGP is used, the approach defined in [RFC 5512] applies to the UDP tunneling encapsulation as well by simply requesting a new Tunnel Type code for the UDP tunneling encapsulation from IANA. Since the UDP tunneling encapsulation may apply to other applications besides MPLS, e.g., IP, details about signaling the UDP tunnel encapsulation attributes would be described in a separate document. 5. Processing Procedures This MPLS-in-UDP encapsulation causes MPLS packets to be forwarded through "UDP tunnels". When performing MPLS-in-UDP encapsulation by an ingress PE router, the entropy value would be generated by the ingress PE router and then be filled in the Source Port field of the UDP header. P routers, upon receiving these UDP encapsulated packets, could balance these packets based on the hash of the five-tuple of UDP packets. Xu, et al. Expires May 3, 2013 [Page 5] Internet-Draft Encapsulating MPLS in UDP December 2012 Upon receiving these UDP encapsulated packets, egress PE routers would decapsulate them by removing the UDP headers and then process them accordingly. As for other processing procedures such as preventing fragmentation and reassembly, TTL and differentiated services, the corresponding procedures defined in [RFC4023] SHOULD be followed. 6. Applicability Besides the MPLS-based L3VPN [RFC4364] and L2VPN [RFC4761, RFC4762] [E-VPN] applications, MPLS-in-UDP encapsulation could apply to other MPLS applications including but not limited to 6PE [RFC4798] and PWE3 services. 7. Security Considerations Just like MPLS-in-GRE and MPLS-in-IP encapsulation formats, the MPLS-in-UDP encapsulation format defined in this document by itself cannot ensure the integrity and privacy of data packets being transported through the MPLS-in-UDP tunnels and cannot enable the tunnel decapsulators to authenticate the tunnel encapsulator. In the case where any of the above security issues is concerned, the MPLS- in-UDP tunnels SHOULD be secured with IPsec in transport mode. In this way, the UDP header would not be seeable to P routers anymore. As a result, the meaning of adopting MPLS-in-UDP encapsulation format as an alternative to MPLS-in-GRE and MPLS-in-IP encapsulation formats is lost. Hence, MPLS-in-UDP encapsulation format SHOULD be used only in the scenarios where all the security issues as mentioned above are not significant concerns. For example, in a data center environment, the whole network including P routers and PE routers are under the control of a single administrative entity and therefore there is no need to worry about the above security issues. 8. IANA Considerations Two distinct UDP destination port numbers indicating MPLS and MPLS with upstream-assigned label respectively need to be assigned by IANA. 9. Acknowledgements Thanks to Shane Amante, Dino Farinacci, Keshava A K, Ivan Pepelnjak, Eric Rosen, Andrew G. Malis, Kireeti Kompella, Marshall Eubanks, Weiguo Hao, Zhenxiao Liu and Xing Tong for their valuable comments on the idea of MPLS-in-UDP encapsulation. Thanks to Daniel King, Xu, et al. Expires May 3, 2013 [Page 6] Internet-Draft Encapsulating MPLS in UDP December 2012 Gregory Mirsky and Eric Osborne for their valuable reviews on this draft. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 10.2. Informative References [RFC4364] Rosen, E and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006. [RFC4664] Andersson, L. and Rosen, E. (Editors),"Framework for Layer 2 Virtual Private Networks (L2VPNs)", RFC 4664, Sept 2006. [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating MPLS in IP or GRE", RFC4023, March 2005. [RFC4817] M. Townsley, C. Pignataro, S. Wainner, T. Seely and J. Young, " Encapsulation of MPLS over Layer 2 Tunneling Protocol Version 3, March 2007. [RFC5640] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load- Balancing for Mesh Softwires", RFC 5640, August 2009. [RFC6391] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan, J., and S. Amante, "Flow Aware Transport of Pseudowires over an MPLS Packet Switched Network", RFC6391, November 2011 [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L. Yong, "The Use of Entropy Labels in MPLS Forwarding", draft-ietf-mpls-entropy-label-01, work in progress, October, 2011. [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation Subsequent Address Family Identifier (SAFI) and the BGP Tunnel Encapsulation Attribute", RFC 5512, April 2009. [RFC4798] J Declerq et al., "Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE)", RFC4798, February 2007. Xu, et al. Expires May 3, 2013 [Page 7] Internet-Draft Encapsulating MPLS in UDP December 2012 [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", RFC 4761, January 2007. [RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007. [E-VPN] Aggarwal et al., "BGP MPLS Based Ethernet VPN", draft-ietf- l2vpn-evpn-00.txt, work in progress, February, 2012. Authors' Addresses Xiaohu Xu Huawei Technologies, Beijing, China Phone: +86-10-60610041 Email: xuxiaohu@huawei.com Nischal Sheth Contrail Systems Email: nsheth@contrailsystems.com Lucy Yong Huawei USA 1700 Alma Dr. Suite 500 Plano, TX 75075, US Email: lucyyong@huawei.com Zhenbin Li Huawei Technologies, Beijing, China Phone: +86-10-60613676 Email: lizhenbin@huawei.com Yongbing Fan China Telecom Guangzhou, China. Phone: +86 20 38639121 Email: fanyb@gsta.com Xu, et al. Expires May 3, 2013 [Page 8]