idnits 2.17.1 draft-ietf-lisp-gpe-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 24, 2019) is 1645 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-14) exists of draft-ietf-lisp-6834bis-04 == Outdated reference: A later version (-38) exists of draft-ietf-lisp-rfc6830bis-27 ** Downref: Normative reference to an Experimental RFC: RFC 8060 == Outdated reference: A later version (-05) exists of draft-brockners-ippm-ioam-vxlan-gpe-02 == Outdated reference: A later version (-22) exists of draft-ietf-tsvwg-ecn-encap-guidelines-13 -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force F. Maino, Ed. 3 Internet-Draft Cisco 4 Intended status: Standards Track J. Lemon 5 Expires: April 26, 2020 Broadcom 6 P. Agarwal 7 Innovium 8 D. Lewis 9 M. Smith 10 Cisco 11 October 24, 2019 13 LISP Generic Protocol Extension 14 draft-ietf-lisp-gpe-08 16 Abstract 18 This document describes extentions to the Locator/ID Separation 19 Protocol (LISP) Data-Plane, via changes to the LISP header, to 20 support multi-protocol encapsulation. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on April 26, 2020. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 58 1.2. Definition of Terms . . . . . . . . . . . . . . . . . . . 3 59 2. LISP Header Without Protocol Extensions . . . . . . . . . . . 3 60 3. Generic Protocol Extension for LISP (LISP-GPE) . . . . . . . 4 61 4. Implementation and Deployment Considerations . . . . . . . . 7 62 4.1. Applicability Statement . . . . . . . . . . . . . . . . . 7 63 4.2. Congestion Control Functionality . . . . . . . . . . . . 7 64 4.3. UDP Checksum . . . . . . . . . . . . . . . . . . . . . . 8 65 4.3.1. UDP Zero Checksum Handling with IPv6 . . . . . . . . 8 66 4.4. Ethernet Encapsulated Payloads . . . . . . . . . . . . . 10 67 5. Backward Compatibility . . . . . . . . . . . . . . . . . . . 10 68 5.1. Use of "Multiple Data-Planes" LCAF to Determine ETR 69 Capabilities . . . . . . . . . . . . . . . . . . . . . . 10 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 71 6.1. LISP-GPE Next Protocol Registry . . . . . . . . . . . . . 11 72 6.2. Multiple Data-Planes Encapsulation Bitmap Registry . . . 11 73 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 74 8. Acknowledgements and Contributors . . . . . . . . . . . . . . 13 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 14 77 9.2. Informative References . . . . . . . . . . . . . . . . . 14 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 80 1. Introduction 82 The LISP Data-Plane is defined in [I-D.ietf-lisp-rfc6830bis]. It 83 specifies an encapsulation format that carries IPv4 or IPv6 packets 84 (henceforth jointly referred to as IP) in a LISP header and outer 85 UDP/IP transport. 87 The LISP Data-Plane header does not specify the protocol being 88 encapsulated and therefore is currently limited to encapsulating only 89 IP packet payloads. Other protocols, most notably Virtual eXtensible 90 Local Area Network (VXLAN) [RFC7348] (which defines a similar header 91 format to LISP), are used to encapsulate Layer-2 (L2) protocols such 92 as Ethernet. 94 This document defines an extension for the LISP header, as defined in 95 [I-D.ietf-lisp-rfc6830bis], to indicate the inner protocol, enabling 96 the encapsulation of Ethernet, IP or any other desired protocol all 97 the while ensuring compatibility with existing LISP deployments. 99 A flag in the LISP header, called the P-bit, is used to signal the 100 presence of the 8-bit Next Protocol field. The Next Protocol field, 101 when present, uses 8 bits of the field allocated to the echo-noncing 102 and map-versioning features. The two features are still available, 103 albeit with a reduced length of Nonce and Map-Version. 105 Since all of the reserved bits of the LISP Data-Plane header have 106 been allocated, LISP-GPE can also be used to extend the LISP Data- 107 Plane header by defining Next Protocol "shim" headers that implements 108 new data plane functions not supported in the LISP header. For 109 example, the use of the Group-Based Policy (GBP) header 110 [I-D.lemon-vxlan-lisp-gpe-gbp] or of the In-situ Operations, 111 Administration, and Maintenance (IOAM) header 112 [I-D.brockners-ippm-ioam-vxlan-gpe] with LISP-GPE, can be considered 113 an extension to add support in the Data-Plane for Group-Based Policy 114 functionalities or IOAM metadata. 116 1.1. Conventions 118 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 119 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 120 "OPTIONAL" in this document are to be interpreted as described in BCP 121 14 [RFC2119] [RFC8174] when, and only when, they appear in all 122 capitals, as shown here. 124 1.2. Definition of Terms 126 This document uses terms already defined in 127 [I-D.ietf-lisp-rfc6830bis]. 129 2. LISP Header Without Protocol Extensions 131 As described in Section 1, the LISP header has no protocol identifier 132 that indicates the type of payload being carried. Because of this, 133 LISP is limited to carrying IP payloads. 135 The LISP header [I-D.ietf-lisp-rfc6830bis] contains a series of flags 136 (some defined, some reserved), a Nonce/Map-version field and an 137 instance ID/Locator-status-bit field. The flags provide flexibility 138 to define how the various fields are encoded. Notably, Flag bit 5 is 139 the last reserved bit in the LISP header. 141 0 1 2 3 142 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 143 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 |N|L|E|V|I|R|K|K| Nonce/Map-Version | 145 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 146 | Instance ID/Locator-Status-Bits | 147 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 149 Figure 1: LISP Header 151 3. Generic Protocol Extension for LISP (LISP-GPE) 153 This document defines two changes to the LISP header in order to 154 support multi-protocol encapsulation: the introduction of the P-bit 155 and the definition of a Next Protocol field. This is shown in 156 Figure 2 and described below. 158 0 1 2 3 159 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 |N|L|E|V|I|P|K|K| Nonce/Map-Version | Next Protocol | 162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 | Instance ID/Locator-Status-Bits | 164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 Figure 2: LISP-GPE Header 168 P-Bit: Flag bit 5 is defined as the Next Protocol bit. 170 If the P-bit is clear (0) the LISP header is bit-by-bit equivalent 171 to the definition in [I-D.ietf-lisp-rfc6830bis]. 173 The P-bit is set to 1 to indicate the presence of the 8 bit Next 174 Protocol field. The combinations of bits that are allowed when 175 the P-bit is set are the same allowed by 176 [I-D.ietf-lisp-rfc6830bis]. 178 Nonce/Map-Version: In [I-D.ietf-lisp-6834bis], LISP uses the lower 179 24 bits of the first word for a nonce, an echo-nonce, or to 180 support map- versioning. These are all optional capabilities that 181 are indicated in the LISP header by setting the N, E, and V bits 182 respectively. 184 When the P-bit and the N-bit are set to 1, the Nonce field is the 185 middle 16 bits (i.e., encoded in 16 bits, not 24 bits). Note that 186 the E-bit only has meaning when the N-bit is set. 188 When the P-bit and the V-bit are set to 1, the Version fields use 189 the middle 16 bits: the Source Map-Version uses the high-order 8 190 bits, and the Dest Map-Version uses the low-order 8 bits. 192 When the P-bit is set to 1 and the N-bit and the V-bit are both 0, 193 the middle 16-bits MUST be set to 0 on transmission and ignored on 194 receipt. 196 The encoding of the Nonce field in LISP-GPE, compared with the one 197 used in [I-D.ietf-lisp-rfc6830bis] for the LISP data plane 198 encapsulation, reduces the length of the nonce from 24 to 16 bits. 199 As per [I-D.ietf-lisp-rfc6830bis], Ingress Tunnel Routers (ITRs) 200 are required to generate different nonces when sending to 201 different Routing Locators (RLOCs), but the same nonce can be used 202 for a period of time when encapsulating to the same Egress Tunnel 203 Router (ETR). The use of 16 bits nonces still allows an ITR to 204 determine to and from reachability for up to 64k RLOCs at the same 205 time, but reduces the overall robustness of the nonce mechanism to 206 off-path attackers. Please refer to Section Section 7 for 207 security considerations that apply to the use of the Nonce field. 209 Similarly, the encoding of the Source and Dest Map-Version fields, 210 compared with [I-D.ietf-lisp-rfc6830bis], is reduced from 12 to 8 211 bits. This allows to associate only 256 different versions to 212 each Endpoint Identifier to Routing Locator (EID-to-RLOC) mapping 213 to inform commmunicating ITRs and ETRs about modifications of the 214 mapping, reducing the Map-versioning wrap-around time. Please 215 refer to Section Section 7 for security considerations that apply 216 to the use of the Map-Versioning field. 218 Next Protocol: The lower 8 bits of the first 32-bit word are used to 219 carry a Next Protocol. This Next Protocol field contains the 220 protocol of the encapsulated payload packet. 222 This document defines the following Next Protocol values: 224 0x01 : IPv4 226 0x02 : IPv6 228 0x03 : Ethernet 229 0x04 : Network Service Header (NSH) [RFC8300] 231 0x05 to 0x7F: Unassigned 233 0x80 to 0xFF: Unassigned (shim headers) 235 The values are tracked in an IANA registry as described in 236 Section 6.1. 238 Next protocol values from Ox80 to 0xFF are assigned to protocols 239 encoded as generic "shim" headers. Shim protocols all use a common 240 header structure, which includes a next header field using the same 241 values as described above. When a shim header protocol is used with 242 other data described by protocols identified by next protocol values 243 from 0x0 to 0x7F, the shim header MUST come before the further 244 protocol, and the next header of the shim will indicate what follows 245 the shim protocol. 247 Implementations that are not aware of a given shim header MUST ignore 248 the header and proceed to parse the next protocol. Shim protocols 249 MUST have the first 32 bits defined as: 251 0 1 2 3 252 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 253 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 | Type | Length | Reserved | Next Protocol | 255 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 256 | | 257 ~ Protocol Specific Fields ~ 258 | | 259 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 261 Figure 3: Shim Header 263 Where: 265 Type: This field identifies the different messages of this protocol. 267 Length: The length, in 4-octect units, of this protocol message not 268 including the first 4 octects. 270 Reserved: The use of this field is reserved to the protocol defined 271 in this message. 273 Next Protocol Field: This next protocol field contains the protocol 274 of the encapsulated payload. The protocol registry will be 275 requested from IANA as per section 10.2. 277 4. Implementation and Deployment Considerations 279 4.1. Applicability Statement 281 LISP-GPE conforms, as an UDP-based encapsulation protocol, to the UDP 282 usage guidelines as specified in [RFC8085]. The applicability of 283 these guidelines are dependent on the underlay IP network and the 284 nature of the encapsulated payload. 286 [RFC8085] outlines two applicability scenarios for UDP applications, 287 1) general Internet and 2) controlled environment. The controlled 288 environment means a single administrative domain or adjacent set of 289 cooperating domains. A network in a controlled environment can be 290 managed to operate under certain conditions whereas in general 291 Internet this cannot be done. Hence requirements for a tunnel 292 protocol operating under a controlled environment can be less 293 restrictive than the requirements of general internet. 295 LISP-GPE scope of applicability is the same set of use cases covered 296 by[I-D.ietf-lisp-rfc6830bis] for the LISP dataplane protocol. The 297 common property of these use cases is a large set of cooperating 298 entities seeking to communicate over the public Internet or other 299 large underlay IP infrastructures, while keeping the addressing and 300 topology of the cooperating entities separate from the underlay and 301 Internet topology, routing, and addressing. 303 LISP-GPE is meant to be deployed in network environments operated by 304 a single operator or adjacent set of cooperating network operators 305 that fits with the definition of controlled environments in 306 [RFC8085]. 308 For the purpose of this document, a traffic-managed controlled 309 environment (TMCE), outlined in [RFC8086], is defined as an IP 310 network that is traffic-engineered and/or otherwise managed (e.g., 311 via use of traffic rate limiters) to avoid congestion. Significant 312 portions of text in this Section are based on [RFC8086]. 314 It is the responsibility of the network operators to ensure that the 315 guidelines/requirements in this section are followed as applicable to 316 their LISP-GPE deployments 318 4.2. Congestion Control Functionality 320 LISP-GPE does not natively provide congestion control functionality 321 and relies on the payload protocol traffic for congestion control. 322 As such LISP-GPE MUST be used with congestion controlled traffic or 323 within a network that is traffic managed to avoid congestion (TMCE). 324 An operator of a traffic managed network (TMCE) may avoid congestion 325 by careful provisioning of their networks, rate-limiting of user data 326 traffic and traffic engineering according to path capacity. 328 Encapsulated payloads may have Explicit Congestion Notification 329 mechanisms that may or may not be mapped to the outer IP header ECN 330 field. Such new encapsulated payolads, when registered with LISP- 331 GPE, MUST be accompanied by a set of guidelines derived from 332 [I-D.ietf-tsvwg-ecn-encap-guidelines] and [RFC6040]. 334 4.3. UDP Checksum 336 For IP payloads, section 5.3 of [I-D.ietf-lisp-rfc6830bis] specifies 337 how to handle UDP Checksums encouraging implementors to consider UDP 338 checksum usage guidelines in section 3.4 of [RFC8085] when it is 339 desirable to protect UDP and LISP headers against corruption. 341 In order to provide integrity of LISP-GPE headers, options and 342 payload, for example to avoid mis-delivery of payload to different 343 tenant systems in case of data corruption, outer UDP checksum SHOULD 344 be used with LISP-GPE when transported over IPv4. The UDP checksum 345 provides a statistical guarantee that a payload was not corrupted in 346 transit. These integrity checks are not strong from a coding or 347 cryptographic perspective and are not designed to detect physical- 348 layer errors or malicious modification of the datagram (see 349 Section 3.4 of [RFC8085]). In deployments where such a risk exists, 350 an operator SHOULD use additional data integrity mechanisms such as 351 offered by IPSec. 353 An operator MAY choose to disable UDP checksum and use zero checksum 354 if LISP-GPE packet integrity is provided by other data integrity 355 mechanisms such as IPsec or additional checksums or if one of the 356 conditions in Section 4.3.1 a, b, c are met. 358 By default, UDP checksum MUST be used when LISP-GPE is transported 359 over IPv6. A tunnel endpoint MAY be configured for use with zero UDP 360 checksum if additional requirements in Section 4.3.1 are met. 362 4.3.1. UDP Zero Checksum Handling with IPv6 364 When LISP-GPE is used over IPv6, UDP checksum is used to protect IPv6 365 headers, UDP headers and LISP-GPE headers and payload from potential 366 data corruption. As such by default LISP-GPE MUST use UDP checksum 367 when transported over IPv6. An operator MAY choose to configure to 368 operate with zero UDP checksum if operating in a traffic managed 369 controlled environment as stated in Section 4.1 if one of the 370 following conditions are met: 372 a. It is known that the packet corruption is exceptionally unlikely 373 (perhaps based on knowledge of equipment types in their underlay 374 network) and the operator is willing to take a risk of undetected 375 packet corruption 377 b. It is judged through observational measurements (perhaps through 378 historic or current traffic flows that use non zero checksum) 379 that the level of packet corruption is tolerably low and where 380 the operator is willing to take the risk of undetected corruption 382 c. LISP-GPE payload is carrying applications that are tolerant of 383 misdelivered or corrupted packets (perhaps through higher layer 384 checksum validation and/or reliability through retransmission) 386 In addition LISP-GPE tunnel implementations using Zero UDP checksum 387 MUST meet the following requirements: 389 1. Use of UDP checksum over IPv6 MUST be the default configuration 390 for all LISP-GPE tunnels 392 2. If LISP-GPE is used with zero UDP checksum over IPv6 then such 393 xTR implementation MUST meet all the requirements specified in 394 section 4 of [RFC6936] and requirements 1 as specified in section 395 5 of [RFC6936] 397 3. The ETR that decapsulates the packet SHOULD check the source and 398 destination IPv6 addresses are valid for the LISP-GPE tunnel that 399 is configured to receive Zero UDP checksum and discard other 400 packets for which such check fails 402 4. The ITR that encapsulates the packet MAY use different IPv6 403 source addresses for each LISP-GPE tunnel that uses Zero UDP 404 checksum mode in order to strengthen the decapsulator's check of 405 the IPv6 source address (i.e the same IPv6 source address is not 406 to be used with more than one IPv6 destination address, 407 irrespective of whether that destination address is a unicast or 408 multicast address). When this is not possible, it is RECOMMENDED 409 to use each source address for as few LISP-GPE tunnels that use 410 zero UDP checksum as is feasible 412 5. Measures SHOULD be taken to prevent LISP-GPE traffic over IPv6 413 with zero UDP checksum from escaping into the general Internet. 414 Examples of such measures include employing packet filters at the 415 PETR and/or keeping logical or physical separation of LISP 416 network from networks carrying General Internet 418 The above requirements do not change either the requirements 419 specified in [RFC2460] as modified by [RFC6935] or the requirements 420 specified in [RFC6936]. 422 The requirement to check the source IPv6 address in addition to the 423 destination IPv6 address, plus the recommendation against reuse of 424 source IPv6 addresses among LISP-GPE tunnels collectively provide 425 some mitigation for the absence of UDP checksum coverage of the IPv6 426 header. A traffic-managed controlled environment that satisfies at 427 least one of three conditions listed at the beginning of this section 428 provides additional assurance. 430 4.4. Ethernet Encapsulated Payloads 432 When a LISP-GPE router performs Ethernet encapsulation, the inner 433 802.1Q [IEEE.802.1Q_2014] 3-bit priority code point (PCP) field MAY 434 be mapped from the encapsulated frame to the 3-bit Type of Service 435 field in the outer IPv4 header, or in the case of IPv6 the 'Traffic 436 Class' field. 438 When a LISP-GPE router performs Ethernet encapsulation, the inner 439 header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped 440 to, or used to determine the LISP Instance IDentifier (IID) field. 442 5. Backward Compatibility 444 LISP-GPE uses the same UDP destination port (4341) allocated to LISP. 446 The next Section describes a method to determine the Data-Plane 447 capabilities of a LISP ETR, based on the use of the "Multiple Data- 448 Planes" LISP Canonical Address Format (LCAF) type defined in 449 [RFC8060]. Other mechanisms can be used, including static ETR/ITR 450 (xTR) configuration, but are out of the scope of this document. 452 When encapsulating IP packets to a non LISP-GPE capable router the 453 P-bit MUST be set to 0. That is, the encapsulation format defined in 454 this document MUST NOT be sent to a router that has not indicated 455 that it supports this specification because such a router would 456 ignore the P-bit (as described in [I-D.ietf-lisp-rfc6830bis]) and so 457 would misinterpret the other LISP header fields possibly causing 458 significant errors. 460 5.1. Use of "Multiple Data-Planes" LCAF to Determine ETR Capabilities 462 LISP Canonical Address Format (LCAF) [RFC8060] defines the "Multiple 463 Data-Planes" LCAF type, that can be included by an ETR in a Map-Reply 464 to encode the encapsulation formats supported by a given RLOC. In 465 this way an ITR can be made aware of the capability to support LISP- 466 GPE, as well as other encapsulations, on a given RLOC of that ETR. 468 The 3rd 32-bit word of the "Multiple Data-Planes" LCAF type, as 469 defined in [RFC8060], is a bitmap whose bits are set to one (1) to 470 represent support for each Data-Plane encapsulation. The values are 471 tracked in an IANA registry as described in Section 6.2. 473 This document defines bit 24 in the third 32-bit word of the 474 "Multiple Data-Planes" LCAF as: 476 g-Bit: The RLOCs listed in the Address Family Identifier (AFI) 477 encoded addresses in the next longword can accept LISP-GPE 478 (Generic Protocol Extension) encapsulation using destination UDP 479 port 4341 481 6. IANA Considerations 483 6.1. LISP-GPE Next Protocol Registry 485 IANA is requested to set up a registry of LISP-GPE "Next Protocol". 486 These are 8-bit values. Next Protocol values in the table below are 487 defined in this document. New values are assigned under the 488 Specification Required policy [RFC8126]. The protocols that are 489 being assigned values do not themselves need to be IETF standards 490 track protocols. 492 +---------------+-------------+---------------+ 493 | Next Protocol | Description | Reference | 494 +---------------+-------------+---------------+ 495 | 0x00 | Reserved | This Document | 496 | 0x01 | IPv4 | This Document | 497 | 0x02 | IPv6 | This Document | 498 | 0x03 | Ethernet | This Document | 499 | 0x04 | NSH | This Document | 500 | 0x05..0x7F | Unassigned | | 501 | 0x82..0xFF | Unassigned | | 502 +---------------+-------------+---------------+ 504 6.2. Multiple Data-Planes Encapsulation Bitmap Registry 506 IANA is requested to set up a registry of "Multiple Data-Planes 507 Encapsulation Bitmap" to identify the encapsulations supported by an 508 ETR in the Multiple Data-Planes LCAF Type defined in [RFC8060]. The 509 bitmap is the 3rd 32-bit word of the Multiple Data-Planes LCAF type. 510 Each bit of the bitmap represents a Data-Plane Encapsulation. New 511 values are assigned under the Specification Required policy 512 [RFC8126]. 514 Bits 0-23 are unassigned. This document assigns bits 24-31. Bit 24 515 (bit 'g') is assigned to LISP-GPE. 517 +----------+-------+------------------------------------+-----------+ 518 | Bit | Bit | Assigned to | Reference | 519 | Position | Name | | | 520 +----------+-------+------------------------------------+-----------+ 521 | 0-23 | | Unassigned | | 522 | 24 | g | LISP Generic Protocol Extension | This | 523 | | | (LISP-GPE) | Document | 524 | 25 | U | Generic UDP Encapsulation (GUE) | This | 525 | | | | Document | 526 | 26 | G | Generic Network Virtualization | This | 527 | | | Encapsulation (GENEVE) | Document | 528 | 27 | N | Network Virtualization - Generic | This | 529 | | | Routing Encapsulation (NV-GRE) | Document | 530 | 28 | v | VXLAN Generic Protocol Extension | This | 531 | | | (VXLAN-GPE) | Document | 532 | 29 | V | Virtual eXtensible Local Area | This | 533 | | | Network (VXLAN) | Document | 534 | 30 | l | Layer 2 LISP (LISP-L2) | This | 535 | | | | Document | 536 | 31 | L | Locator/ID Separation Protocol | This | 537 | | | (LISP) | Document | 538 +----------+-------+------------------------------------+-----------+ 540 Editorial Note (The following paragraph to be removed by the RFC 541 Editor before publication) 543 The "Multiple Data-Planes Encapsulation Bitmap" was "hardcoded" in 544 RFC8060, assigning values to bits 25-31. This draft allocates the 545 "Multiple Data-Planes Encapsulation Bitmap" registry assigning a 546 value to bit 24 for the LISP-GPE encapsulation, assigning bits 25-31 547 values that are conformant with RFC8060. This will allow future 548 allocation of values 0-23. 550 7. Security Considerations 552 LISP-GPE security considerations are similar to the LISP security 553 considerations and mitigation techniques documented in [RFC7835]. 555 The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis] 556 relies on the nonce to detect reachability from ITR to ETR. In LISP- 557 GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in 558 LISP, increases the probability of an off-path attacker to correctly 559 guess the nonce and force the ITR to believe that a non-reachable 560 RLOC is reachable. However, the use of common anti-spoofing 561 mechanisms such as uRPF mitigates this form of attack. 563 The considerations made in [I-D.ietf-lisp-rfc6830bis] that Echo 564 Nonce, Map-Versioning, and Locator-Status-Bits SHOULD NOT be used 565 over the public Internet and SHOULD only be used in trusted and 566 closed deployments apply to LISP-GPE as well. These considerations 567 are even more important for LISP-GPE, considering the reduced size of 568 the Nonce/Map-versioning field. 570 LISP-GPE, as many encapsulations that use optional extensions, is 571 subject to on-path adversaries that by manipulating the g-Bit and the 572 packet itself can remove part of the payload. Typical integrity 573 protection mechanisms (such as IPsec) SHOULD be used in combination 574 with LISP-GPE by those protocol extensions that want to protect from 575 on-path attackers. 577 With LISP-GPE, issues such as data-plane spoofing, flooding, and 578 traffic redirection may depend on the particular protocol payload 579 encapsulated. 581 8. Acknowledgements and Contributors 583 A special thank you goes to Dino Farinacci for his guidance and 584 detailed review. 586 This Working Group (WG) document originated as draft-lewis-lisp-gpe; 587 the following are its coauthors and contributors along with their 588 respective affiliations at the time of WG adoption. The editor of 589 this document would like to thank and recognize them and their 590 contributions. These coauthors and contributors provided invaluable 591 concepts and content for this document's creation. 593 o Darrel Lewis, Cisco Systems, Inc. 595 o Fabio Maino, Cisco Systems, Inc. 597 o Paul Quinn, Cisco Systems, Inc. 599 o Michael Smith, Cisco Systems, Inc. 601 o Navindra Yadav, Cisco Systems, Inc. 603 o Larry Kreeger 605 o John Lemon, Broadcom 607 o Puneet Agarwal, Innovium 609 9. References 611 9.1. Normative References 613 [I-D.ietf-lisp-6834bis] 614 Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID 615 Separation Protocol (LISP) Map-Versioning", draft-ietf- 616 lisp-6834bis-04 (work in progress), August 2019. 618 [I-D.ietf-lisp-rfc6830bis] 619 Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. 620 Cabellos-Aparicio, "The Locator/ID Separation Protocol 621 (LISP)", draft-ietf-lisp-rfc6830bis-27 (work in progress), 622 June 2019. 624 [IEEE.802.1Q_2014] 625 IEEE, "IEEE Standard for Local and metropolitan area 626 networks--Bridges and Bridged Networks", IEEE 802.1Q-2014, 627 DOI 10.1109/ieeestd.2014.6991462, December 2014, 628 . 631 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 632 Requirement Levels", BCP 14, RFC 2119, 633 DOI 10.17487/RFC2119, March 1997, . 636 [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion 637 Notification", RFC 6040, DOI 10.17487/RFC6040, November 638 2010, . 640 [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical 641 Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, 642 February 2017, . 644 9.2. Informative References 646 [I-D.brockners-ippm-ioam-vxlan-gpe] 647 Brockners, F., Bhandari, S., Govindan, V., Pignataro, C., 648 Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A., 649 Gafni, B., Lapukhov, P., and M. Spiegel, "VXLAN-GPE 650 Encapsulation for In-situ OAM Data", draft-brockners-ippm- 651 ioam-vxlan-gpe-02 (work in progress), July 2019. 653 [I-D.ietf-tsvwg-ecn-encap-guidelines] 654 Briscoe, B., Kaippallimalil, J., and P. Thaler, 655 "Guidelines for Adding Congestion Notification to 656 Protocols that Encapsulate IP", draft-ietf-tsvwg-ecn- 657 encap-guidelines-13 (work in progress), May 2019. 659 [I-D.lemon-vxlan-lisp-gpe-gbp] 660 Lemon, J., Maino, F., Smith, M., and A. Isaac, "Group 661 Policy Encoding with VXLAN-GPE and LISP-GPE", draft-lemon- 662 vxlan-lisp-gpe-gbp-02 (work in progress), April 2019. 664 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 665 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 666 December 1998, . 668 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 669 UDP Checksums for Tunneled Packets", RFC 6935, 670 DOI 10.17487/RFC6935, April 2013, . 673 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 674 for the Use of IPv6 UDP Datagrams with Zero Checksums", 675 RFC 6936, DOI 10.17487/RFC6936, April 2013, 676 . 678 [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, 679 L., Sridhar, T., Bursell, M., and C. Wright, "Virtual 680 eXtensible Local Area Network (VXLAN): A Framework for 681 Overlaying Virtualized Layer 2 Networks over Layer 3 682 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, 683 . 685 [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID 686 Separation Protocol (LISP) Threat Analysis", RFC 7835, 687 DOI 10.17487/RFC7835, April 2016, . 690 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 691 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 692 March 2017, . 694 [RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE- 695 in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086, 696 March 2017, . 698 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 699 Writing an IANA Considerations Section in RFCs", BCP 26, 700 RFC 8126, DOI 10.17487/RFC8126, June 2017, 701 . 703 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 704 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 705 May 2017, . 707 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 708 "Network Service Header (NSH)", RFC 8300, 709 DOI 10.17487/RFC8300, January 2018, . 712 Authors' Addresses 714 Fabio Maino (editor) 715 Cisco Systems 716 San Jose, CA 95134 717 USA 719 Email: fmaino@cisco.com 721 Jennifer Lemon 722 Broadcom 723 270 Innovation Drive 724 San Jose, CA 95134 725 USA 727 Email: jennifer.lemon@broadcom.com 729 Puneet Agarwal 730 Innovium 731 USA 733 Email: puneet@acm.org 735 Darrel Lewis 736 Cisco Systems 738 Email: darlewis@cisco.com 739 Michael Smith 740 Cisco Systems 742 Email: michsmit@cisco.com