idnits 2.17.1 draft-yong-tsvwg-gre-in-udp-encap-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 04, 2013) is 3977 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'TBD' is mentioned on line 292, but not defined == Unused Reference: 'RFC0791' is defined on line 356, but no explicit reference was found in the text == Unused Reference: 'RFC2983' is defined on line 375, but no explicit reference was found in the text == Unused Reference: 'RFC4364' is defined on line 385, but no explicit reference was found in the text == Unused Reference: 'RFC5405' is defined on line 392, but no explicit reference was found in the text == Unused Reference: 'RFC6335' is defined on line 399, but no explicit reference was found in the text == Unused Reference: 'RFC6790' is defined on line 409, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Downref: Normative reference to an Informational RFC: RFC 2983 ** Obsolete normative reference: RFC 5405 (Obsoleted by RFC 8085) Summary: 3 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Crabbe, Ed. 3 Internet-Draft Google 4 Intended status: Standards Track L. Yong, Ed. 5 Expires: December 06, 2013 Huawei USA 6 X. Xu, Ed. 7 Huawei Technologies 8 June 04, 2013 10 Generic UDP Encapsulation for IP Tunneling 11 draft-yong-tsvwg-gre-in-udp-encap-00 13 Abstract 15 This document describes a method of encapsulating arbitrary protocols 16 within UDP and GRE headers. In this encapsulation, the source UDP 17 port may be used as an entropy field for purposes of load balancing 18 while the payload protocol may be identified by the GRE Protocol 19 Type. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 25 document are to be interpreted as described in [RFC2119]. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on December 06, 2013. 44 Copyright Notice 46 Copyright (c) 2013 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 4. Encapsulation Considerations . . . . . . . . . . . . . . . . 6 65 5. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 66 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 68 7.1. Vulnerability . . . . . . . . . . . . . . . . . . . . . . 7 69 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 7 70 9. Contributing Authors . . . . . . . . . . . . . . . . . . . . 7 71 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 10.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 76 1. Introduction 78 Load balancing, or more specifically, statistical multiplexing of 79 traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation 80 Groups (LAGs) in IP networks is a widely used technique for creating 81 higher capacity networks out of lower capacity links. Most existing 82 routers in IP networks are already capable of distributing IP traffic 83 flows over ECMP paths and/or LAGs on the basis of a hash function 84 performed on flow invariant fields in IP packet headers and their 85 payload protocol headers. Specifically, when the IP payload is a 86 User Datagram Protocol (UDP)[RFC0768] or Transmission Control 87 Protocol (TCP) packet, router hash functions frequently operate on 88 the five-tuple of the source IP address, the destination IP address, 89 the source port, the destination port, and the protocol/next-header 90 field. 92 Several tunneling techniques are in common use in IP networks, such 93 as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and 94 L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation 95 choice, especially in environments where MPLS is unavailable or 96 unnecessary. Unfortunately, use of common GRE endpoints may reduce 97 the entropy available for use in load balancing, especially in 98 environments where the GRE Key field [RFC2890] is not readily 99 available for use as entropy in forwarding decisions. 101 This document defines a generic GRE in UDP encapsulation for 102 tunneling arbitrary network protocol payloads across an IP network 103 environment where ECMP or LAGs are used. The GRE header provides 104 payload protocol de-multiplexing by way of it's protocol type field 105 [RFC2784] while the UDP header provides additional entropy by way of 106 its source port. 108 This encapsulation method requires no changes to the transit IP 109 network. Hash functions in existing IP routers a GRE in UDP tunnel 110 transits will automatically utilize and benefit from this procedure 111 without needing any change or upgrade. The encapsulation mechanism 112 is applicable to a variety of IP networks including Data Center and 113 Wide Area networks. 115 2. Terminology 117 The terms defined in [RFC0768] are used in this document. 119 3. Procedures 121 When a tunnel ingress device conforming to this document receives a 122 packet, the ingress MUST encapsulate the packet in UDP and GRE 123 headers and set the destination port of the UDP header to [TBD] 124 Section 6. The ingress device must also insert the payload protocol 125 type in the GRE Protocol Type field. The ingress device MAY set the 126 UDP source port based on flow invariant fields from the payload 127 header, otherwise it should be set to zero. How a tunnel ingress 128 generates entropy from the payload is outside the scope of this 129 document. The tunnel ingress MUST encode its own IP address as the 130 source IP address and the egress tunnel endpoint IP address. The TTL 131 field in the IP header must be set to a value appropriate for 132 delivery of the encapsulated packet to the tunnel egress endpoint. 134 When the tunnel egress receives a packet, it must remove the outer 135 UDP and GRE headers. Section 5 describes the error handling when 136 this entity is not instantiated at the tunnel egress. 138 To simplify packet processing at the tunnel egress, the UDP checksum 139 and Sequence flags should be set to zero. Although IPv6 [RFC2460] 140 restricts the processing a packet with the UDP checksum of zero, 141 [I-D.ietf-6man-udpchecksums] and [I-D.ietf-6man-udpzero] relax this 142 constraint to allow the zero UDP checksum. Note that: 144 1. the IPv6 tunnel ingress and egress SHOULD follow the node 145 requirements specified in Section 4 of [I-D.ietf-6man-udpzero] 146 and the usage requirements specified in Section 5 of 147 [I-D.ietf-6man-udpzero] 149 2. IPv6 transit nodes SHOULD follow the requirements 9, 10, 11 150 specified in Section 5 of [I-D.ietf-6man-udpzero]. 152 The GRE Key Present, Sequence Number Present and Checksum Present 153 bits and asscociated fields may all be set in the GRE header per 154 [RFC2784] and [RFC2890] 156 The format of the GRE in UDP encapsulation for both IPv4 and IPv6 157 outer headersis shown in the following figures: 159 0 1 2 3 160 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 162 IPv4 Header: 163 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 164 |Version| IHL |Type of Service| Total Length | 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 | Identification |Flags| Fragment Offset | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 | Time to Live |Protcol=17[UDP]| Header Checksum | 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 | Source IPv4 Address | 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 | Destination IPv4 Address | 173 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 175 UDP Header: 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 | Source Port = XXXX | Dest Port = TBD | 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 | UDP Length | UDP Checksum | 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 182 GRE Header: 183 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 |C| |K|S| Reserved0 | Ver | Protocol Type | 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | Checksum (optional) | Reserved1 (Optional) | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | Key (optional) | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | Sequence Number (Optional) | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 Figure 1: UDP+GRE IPv4 headers 195 0 1 2 3 196 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 198 IPv6 Header: 199 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 |Version| Traffic Class | Flow Label | 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 | Payload Length | NxtHdr=17[UDP]| Hop Limit | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 | | 205 + + 206 | | 207 + Outer Source IPv6 Address + 208 | | 209 + + 210 | | 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 | | 213 + + 214 | | 215 + Outer Destination IPv6 Address + 216 | | 217 + + 218 | | 219 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 221 UDP Header: 222 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 | Source Port = XXXX | Dest Port = TBD | 224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 | UDP Length | UDP Checksum | 226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 228 GRE Header: 229 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 |C| |K|S| Reserved0 | Ver | Protocol Type | 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 | Checksum (optional) | Reserved1 (Optional) | 233 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 | Key (optional) | 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 | Sequence Number (Optional) | 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 239 Figure 2: UDP+GRE IPv6 headers 241 The total overhead increase for a UDP+GRE tunnel without use of 242 optional GRE fields, representing the lowest total overhead increase, 243 is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6. 244 The total overhead increase for a UDP+GRE tunnel with use of GRE Key, 245 Sequence and Checksum Fields, representing the highest total overhead 246 increase, is 44 bytes in the case of IPv4 and 64 bytes in the case of 247 IPv6. 249 4. Encapsulation Considerations 251 GRE in UDP encapsulation allows the tunneled traffic to be unicast, 252 broadcast, or multicast traffic. Entropy may be generated from the 253 header of tunneled unicast or broadcast/multicast packets at a tunnel 254 ingress. The mapping mechanism between the tunneled multicast 255 traffic and the multicast capability in the IP network is transparent 256 and independent to the encapsulation and is outside the scope of this 257 document. 259 If a tunnel ingress must perform fragmentation on a packet before 260 encapsulation, it must use the same source UDP port for all packet 261 fragments. This ensures that the transit routers will forward the 262 packet fragments on the same path. GRE in UDP encapsulation 263 introduces some overhead as mentioned in section 3, which reduces the 264 effective Maximum Transmission Unit (MTU) size. An operator should 265 factor in this addition overhead bytes when considering an MTU size 266 for the payload to reduce the likelihood of fragmentation. 268 To ensure the tunneled traffic gets the same treatment over the IP 269 network, prior to the encapsulation process, a tunnel ingress should 270 process the payload to get the proper parameters to fill into the IP 271 header such as DiffServ [RFC2983]]. Both tunnel ingress and egress 272 should follow the procedures described in [RFC6040] for ECN marking 273 propagation. This process is outside of the scope of this document. 275 Note that the IPv6 header [RFC2460] contains a flow label field that 276 may be used for load balancing information in the IPv6 network 277 [RFC6438]. The next header in IPv6 can be used to provide the 278 payload type. However, applying the UDP encapsulation to both IPv4 279 and IPv6 networks provides a unified hardware implementation for load 280 balancing in an IP network. 282 5. Backward Compatibility 284 It is assumed that tunnel ingress routers must be upgraded in order 285 to support the encapsulations described in this document. 287 No change is required at transit routers to support forwarding of the 288 encapsulation described in this document. 290 If a router that is intended for use as a tunnel egress does not 291 support the GRE in UDP encapsulation described in this document, it 292 will not be listening on destination port [TBD]. In these cases, the 293 router will conform to normal UDP processing and respond to the 294 tunnel ingress with an ICMP message indicating "port unreachable" 295 according to [RFC0792] and [RFC4884]. Upon receiving this ICMP 296 message, the tunnel ingress MUST NOT continue to use GRE in UDP 297 encapsulation toward this tunnel egress without management 298 intervention. 300 6. IANA Considerations 302 This document requests that IANA allocate an port number from the 303 registry designated Service Name and Transport Protocol Port Number 304 Registry for use in GRE in UDP encapsulation. 306 7. Security Considerations 308 7.1. Vulnerability 310 Neither UDP nor GRE encapsulation effect security for the payload 311 protocol. Network Security in a network using GRE in UDP 312 encapsulation is similar to that of a network using GRE. 314 8. Contributors 316 Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger 317 Geib, and Gorry Fairhurst for their review and valuable input on this 318 draft. 320 9. Contributing Authors 322 The following people all contributed significantly to this document 323 and are listed below in alphabetical order: 325 John E. Drake 326 Juniper Networks 327 Email: jdrake@juniper.net 329 Adrian Farrel 330 Juniper Networks 332 Email: adrian@olddog.co.uk 334 Vishwas Manral 335 Hewlett-Packard Corp. 336 3000 Hanover St, Palo Alto. 338 Email: vishwas.manral@hp.com 340 Carlos Pignataro 341 Cisco Systems 342 7200-12 Kit Creek Road 343 Research Triangle Park, NC 27709 USA 345 EMail: cpignata@cisco.com 347 Yongbing Fan China Telecom Guangzhou, China. Phone: +86 20 38639121 349 10. References 351 10.1. Normative References 353 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 354 August 1980. 356 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 357 1981. 359 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 360 RFC 792, September 1981. 362 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 363 Requirement Levels", BCP 14, RFC 2119, March 1997. 365 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 366 (IPv6) Specification", RFC 2460, December 1998. 368 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 369 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 370 March 2000. 372 [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", 373 RFC 2890, September 2000. 375 [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC 376 2983, October 2000. 378 [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling 379 Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005. 381 [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating 382 MPLS in IP or Generic Routing Encapsulation (GRE)", RFC 383 4023, March 2005. 385 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 386 Networks (VPNs)", RFC 4364, February 2006. 388 [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, 389 "Extended ICMP to Support Multi-Part Messages", RFC 4884, 390 April 2007. 392 [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines 393 for Application Designers", BCP 145, RFC 5405, November 394 2008. 396 [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion 397 Notification", RFC 6040, November 2010. 399 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 400 Cheshire, "Internet Assigned Numbers Authority (IANA) 401 Procedures for the Management of the Service Name and 402 Transport Protocol Port Number Registry", BCP 165, RFC 403 6335, August 2011. 405 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 406 for Equal Cost Multipath Routing and Link Aggregation in 407 Tunnels", RFC 6438, November 2011. 409 [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and 410 L. Yong, "The Use of Entropy Labels in MPLS Forwarding", 411 RFC 6790, November 2012. 413 10.2. Informative References 415 [I-D.ietf-6man-udpchecksums] 416 Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 417 UDP Checksums for Tunneled Packets", draft-ietf-6man- 418 udpchecksums-08 (work in progress), February 2013. 420 [I-D.ietf-6man-udpzero] 421 Fairhurst, G. and M. Westerlund, "Applicability Statement 422 for the use of IPv6 UDP Datagrams with Zero Checksums", 423 draft-ietf-6man-udpzero-12 (work in progress), February 424 2013. 426 Authors' Addresses 428 Edward Crabbe (editor) 429 Google 430 1600 Amphitheatre Parkway 431 Mountain View, CA 94043 432 US 434 Email: edward.crabbe@gmail.com 436 Lucy Yong (editor) 437 Huawei USA 438 5340 Legacy Drive 439 San Jose, TX 75025 440 US 442 Email: lucy.yong@huawei.com 444 Xiaohu Xu (editor) 445 Huawei Technologies 446 Beijing 447 China 449 Email: xuxiaohu@huawei.com