idnits 2.17.1 draft-xu-mpls-in-udp-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 6, 2012) is 4158 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC5460' is mentioned on line 128, but not defined == Unused Reference: 'RFC5332' is defined on line 277, but no explicit reference was found in the text == Unused Reference: 'RFC6391' is defined on line 287, but no explicit reference was found in the text == Unused Reference: 'RFC6790' is defined on line 292, but no explicit reference was found in the text == Unused Reference: 'RFC5512' is defined on line 297, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-6man-udpchecksums' is defined on line 320, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-6man-udpzero' is defined on line 325, but no explicit reference was found in the text == Outdated reference: A later version (-06) exists of draft-ietf-mpls-entropy-label-01 -- Obsolete informational reference (is this intentional?): RFC 5512 (Obsoleted by RFC 9012) == Outdated reference: A later version (-11) exists of draft-ietf-l2vpn-evpn-00 == Outdated reference: A later version (-08) exists of draft-ietf-6man-udpchecksums-04 == Outdated reference: A later version (-12) exists of draft-ietf-6man-udpzero-07 Summary: 0 errors (**), 0 flaws (~~), 12 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network working group X. Xu 2 Internet Draft Huawei 3 Category: Standard Track N. Sheth 4 Contrail Systems 5 L. Yong 6 Huawei 7 C Pignataro 8 Cisco 9 Y. Fan 10 China Telecom 12 Expires: May 2013 December 6, 2012 14 Encapsulating MPLS in UDP 16 draft-xu-mpls-in-udp-05 18 Abstract 20 Existing technologies to encapsulate Multi-Protocol Label Switching 21 (MPLS) over IP are not adequate for efficient load balancing of MPLS 22 application traffic, such as MPLS-based Layer2 Virtual Private 23 Network (L2VPN) or Layer3 Virtual Private Network (L3VPN) traffic 24 across IP networks. This document specifies additional IP-based 25 encapsulation technology, referred to as MPLS-in-User Datagram 26 Protocol (UDP), which can facilitate the load balancing of MPLS 27 application traffic across IP networks. 29 Status of this Memo 31 This Internet-Draft is submitted to IETF in full conformance with 32 the provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF), its areas, and its working groups. Note that 36 other groups may also distribute working documents as Internet- 37 Drafts. 39 Internet-Drafts are draft documents valid for a maximum of six 40 months and may be updated, replaced, or obsoleted by other documents 41 at any time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 The list of current Internet-Drafts can be accessed at 45 http://www.ietf.org/ietf/1id-abstracts.txt. 47 The list of Internet-Draft Shadow Directories can be accessed at 48 http://www.ietf.org/shadow.html. 50 This Internet-Draft will expire on May 6, 2013. 52 Copyright Notice 54 Copyright (c) 2009 IETF Trust and the persons identified as the 55 document authors. All rights reserved. 57 This document is subject to BCP 78 and the IETF Trust's Legal 58 Provisions Relating to IETF Documents 59 (http://trustee.ietf.org/license-info) in effect on the date of 60 publication of this document. Please review these documents 61 carefully, as they describe your rights and restrictions with 62 respect to this document. 64 Conventions used in this document 66 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 67 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 68 document are to be interpreted as described in RFC-2119 [RFC2119]. 70 Table of Contents 72 1. Introduction ................................................ 3 73 1.1. Existing Technologies .................................. 3 74 1.2. Motivations for MPLS-in-UDP Encapsulation .............. 4 75 2. Terminology ................................................. 4 76 3. Encapsulation in UDP......................................... 4 77 4. Processing Procedures ....................................... 5 78 5. Applicability ............................................... 5 79 6. Security Considerations ..................................... 6 80 7. IANA Considerations ......................................... 6 81 8. Acknowledgements ............................................ 6 82 9. References .................................................. 6 83 9.1. Normative References ................................... 6 84 9.2. Informative References ................................. 6 85 Authors' Addresses ............................................. 8 87 1. Introduction 89 To fully utilize the bandwidth available in IP networks and/or 90 facilitate recovery from a link or node failure, load balancing of 91 traffic over Equal Cost Multi-Path (ECMP) and/or Link Aggregation 92 Group (LAG) across IP networks is widely used. In effect, most 93 existing core routers in IP networks are already capable of 94 distributing IP traffic flows over ECMP paths and/or LAG based on 95 the hash of the five-tuple of User Datagram Protocol (UDP)[RFC768] 96 and Transmission Control Protocol (TCP) packets (i.e., source IP 97 address, destination IP address, source port, destination port, and 98 protocol). 100 In practice, there are some scenarios for Multi-Protocol Label 101 Switching (MPLS) applications (e.g., MPLS-based Layer2 Virtual 102 Private Network (L2VPN) or Layer3 Virtual Private Network (L3VPN)) 103 where the MPLS application traffic needs to be transported through 104 IP-based tunnels, rather than MPLS tunnels. For example, MPLS-based 105 L2VPN or L3VPN technologies may be used for interconnecting 106 geographically dispersed enterprise data centers or branch offices 107 across IP Wide Area Networks (WAN) where enterprise own router 108 devices are deployed as L2VPN or L3VPN PE routers. In this case, 109 efficient load balancing of the MPLS application traffic across IP 110 networks is much desirable. 112 1.1. Existing Technologies 114 With existing IP-based encapsulation methods for MPLS applications, 115 such as MPLS-in-IP and MPLS-in-Generic Routing Encapsulation (GRE) 116 [RFC4023] or even MPLS-in-Layer Two Tunneling Protocol - Version 3 117 (L2TPv3)[RFC4817], distinct customer traffic flows between a given 118 PE router pair would be encapsulated with the same IP-based tunnel 119 headers prior to traversing the core of the IP WAN. Since the 120 encapsulated traffic is neither TCP nor UDP traffic, for many 121 existing core routers which could only perform hash calculation on 122 fields in the IP headers of those tunnels (i.e., source IP address, 123 destination IP address), it would be hard to achieve a fine-grained 124 load balancing of these traffic flows across the network core due to 125 the lack of adequate entropy information. 127 [RFC5640] describes a method for improving the load balancing 128 efficiency in a network carrying Softwire Mesh [RFC5460] service 129 over L2TPv3 and GRE encapsulation. However, this method requires 130 core routers to be capable of performing hash calculation on the 131 "load-balancing" field contained in the tunnel encapsulation headers 132 (i.e., the Session ID field in the L2TPv3 header or the Key field in 133 the GRE header), which means a non-trivial change to the date plane 134 of many existing core routers. 136 1.2. Motivations for MPLS-in-UDP Encapsulation 138 On basis of the fact that most existing core routers (i.e., P 139 routers in the context of MPLS-based L2VPN or L3VPN) are already 140 capable of balancing IP traffic flows over the IP networks based on 141 the hash of the five-tuple of UDP packets, it would be advantageous 142 to use MPLS-in-UDP encapsulation instead of MPLS-in-GRE or MPLS-in- 143 L2TPv3 in the environments where the load balancing of MPLS 144 application traffic across IP networks is much desired but the load 145 balancing mechanisms defined in [RFC5640] have not yet been widely 146 supported by most existing core routers. In this way, the default 147 load balancing capability of most existing core routers as mentioned 148 above can be utilized directly without requiring any change to them. 150 2. Terminology 152 This memo makes use of the terms defined in [RFC4364] and [RFC4664]. 154 3. Encapsulation in UDP 156 MPLS-in-UDP encapsulation format is shown as follows: 158 0 1 2 3 159 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 160 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 161 | Source Port = entropy | Dest Port = MPLS | 162 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 163 | UDP Length | UDP Checksum | 164 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 165 | | 166 ~ MPLS Packet ~ 167 | | 168 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 Source Port of UDP 172 This field contains an entropy value that is generated 173 by the ingress PE router. For example, the entropy value 174 can be generated by performing hash calculation on 175 certain fields in the customer packets (e.g., the five 176 tuple of UDP/TCP packets). 178 Destination Port of UDP 179 This field is set to a value (TBD) indicating the MPLS 180 packet encapsulated in the UDP header is a MPLS one or a 181 MPLS one with upstream-assigned label. 183 UDP Length 185 The usage of this field is in accordance with the 186 current UDP specification. 188 UDP Checksum 190 The usage of this field is in accordance with the 191 current UDP specification. To simplify the operation on 192 egress PE routers, this field is recommended to be set 193 to zero. 195 4. Processing Procedures 197 This MPLS-in-UDP encapsulation causes MPLS packets to be forwarded 198 through "UDP tunnels". When performing MPLS-in-UDP encapsulation by 199 an ingress PE router, the entropy value would be generated by the 200 ingress PE router and then be filled in the Source Port field of the 201 UDP header. 203 P routers, upon receiving these UDP encapsulated packets, could 204 balance these packets based on the hash of the five-tuple of UDP 205 packets. 207 Upon receiving these UDP encapsulated packets, egress PE routers 208 would decapsulate them by removing the UDP headers and then process 209 them accordingly. 211 As for other common processing procedures associated with tunneling 212 encapsulation technologies including but not limited to Maximum 213 Transmission Unit (MTU) and preventing fragmentation and reassembly, 214 Time to Live (TTL) and differentiated services, the corresponding 215 procedures defined in [RFC4023] which are applicable for MPLS-in-IP 216 and MPLS-in-GRE encapsulation formats SHOULD be followed. 218 5. Applicability 220 Besides the MPLS-based L3VPN [RFC4364] and L2VPN [RFC4761, RFC4762] 221 [E-VPN] applications, MPLS-in-UDP encapsulation could apply to other 222 MPLS applications including but not limited to 6PE [RFC4798] and 223 PWE3 services. 225 6. Security Considerations 227 Just like MPLS-in-GRE and MPLS-in-IP encapsulation formats, the 228 MPLS-in-UDP encapsulation format defined in this document by itself 229 cannot ensure the integrity and privacy of data packets being 230 transported through the MPLS-in-UDP tunnels and cannot enable the 231 tunnel decapsulators to authenticate the tunnel encapsulator. In the 232 case where any of the above security issues is concerned, the MPLS- 233 in-UDP tunnels SHOULD be secured with IPsec in transport mode. In 234 this way, the UDP header would not be seeable to P routers anymore. 235 As a result, the meaning of adopting MPLS-in-UDP encapsulation 236 format as an alternative to MPLS-in-GRE and MPLS-in-IP encapsulation 237 formats is lost. Hence, MPLS-in-UDP encapsulation format SHOULD be 238 used only in the scenarios where all the security issues as 239 mentioned above are not significant concerns. For example, in a data 240 center environment, the whole network including P routers and PE 241 routers are under the control of a single administrative entity and 242 therefore there is no need to worry about the above security issues. 244 7. IANA Considerations 246 Two distinct UDP destination port numbers indicating MPLS and MPLS 247 with upstream-assigned label respectively need to be assigned by 248 IANA. 250 8. Acknowledgements 252 Thanks to Shane Amante, Dino Farinacci, Keshava A K, Ivan Pepelnjak, 253 Eric Rosen, Andrew G. Malis, Kireeti Kompella, Marshall Eubanks, 254 Weiguo Hao, Zhenxiao Liu and Xing Tong for their valuable comments 255 on the idea of MPLS-in-UDP encapsulation. Thanks to Daniel King, 256 Gregory Mirsky and Eric Osborne for their valuable reviews on this 257 draft. 259 9. References 261 9.1. Normative References 263 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 264 Requirement Levels", BCP 14, RFC 2119, March 1997. 266 9.2. Informative References 268 [RFC4364] Rosen, E and Y. Rekhter, "BGP/MPLS IP Virtual Private 269 Networks (VPNs)", RFC 4364, February 2006. 271 [RFC4664] Andersson, L. and Rosen, E. (Editors),"Framework for Layer 272 2 Virtual Private Networks (L2VPNs)", RFC 4664, Sept 2006. 274 [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating 275 MPLS in IP or GRE", RFC4023, March 2005. 277 [RFC5332] Eckert, T., Rosen, E., Aggarwal, R., and Y. Rekhter, "MPLS 278 Multicast Encapsulations", RFC 5332, August 2008. 280 [RFC4817] M. Townsley, C. Pignataro, S. Wainner, T. Seely and J. 281 Young, "Encapsulation of MPLS over Layer 2 Tunneling 282 Protocol Version 3, March 2007. 284 [RFC5640] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load- 285 Balancing for Mesh Softwires", RFC 5640, August 2009. 287 [RFC6391] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan, 288 J., and S. Amante, "Flow Aware Transport of Pseudowires 289 over an MPLS Packet Switched Network", RFC6391, November 290 2011 292 [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L. 293 Yong, "The Use of Entropy Labels in MPLS Forwarding", 294 draft-ietf-mpls-entropy-label-01, work in progress, 295 October, 2011. 297 [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation 298 Subsequent Address Family Identifier (SAFI) and the 299 BGP Tunnel Encapsulation Attribute", RFC 5512, April 300 2009. 302 [RFC4798] J Declerq et al., "Connecting IPv6 Islands over IPv4 MPLS 303 using IPv6 Provider Edge Routers (6PE)", RFC4798, February 304 2007. 306 [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service 307 (VPLS) Using BGP for Auto-Discovery and Signaling", RFC 308 4761, January 2007. 310 [RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service 311 (VPLS) Using Label Distribution Protocol (LDP) Signaling", 312 RFC 4762, January 2007. 314 [E-VPN] Aggarwal et al., "BGP MPLS Based Ethernet VPN", draft-ietf- 315 l2vpn-evpn-00.txt, work in progress, February, 2012. 317 [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 318 August 1980. 320 [I-D.ietf-6man-udpchecksums] Eubanks, M., Chimento, P., and M. 321 Westerlund, "UDP Checksums for Tunneled Packets", 322 draft-ietf-6man-udpchecksums-04 (work in progress), 323 September 2012. 325 [I-D.ietf-6man-udpzero] Fairhurst, G. and M. Westerlund, 326 "Applicability Statement for the use of IPv6 UDP Datagrams 327 with Zero Checksums", draft-ietf-6man-udpzero-07 (work in 328 progress), October 2012. 330 Authors' Addresses 332 Xiaohu Xu 333 Huawei Technologies, 334 Beijing, China 335 Phone: +86-10-60610041 336 Email: xuxiaohu@huawei.com 338 Nischal Sheth 339 Contrail Systems 340 Email: nsheth@contrailsystems.com 342 Lucy Yong 343 Huawei USA 344 1700 Alma Dr. Suite 500 345 Plano, TX 75075, US 346 Email: lucyyong@huawei.com 348 Carlos Pignataro 349 Cisco System 350 Email: cpignata@cisco.com 352 Yongbing Fan 353 China Telecom 354 Guangzhou, China. 355 Phone: +86 20 38639121 357 Zhenbin Li 358 Huawei Technologies, 359 Beijing, China 360 Phone: +86-10-60613676 361 Email: lizhenbin@huawei.com