idnits 2.17.1 draft-yong-tsvwg-gre-in-udp-encap-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 15, 2013) is 3930 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'TBD' is mentioned on line 294, but not defined == Unused Reference: 'RFC0791' is defined on line 368, but no explicit reference was found in the text == Unused Reference: 'RFC2983' is defined on line 381, but no explicit reference was found in the text == Unused Reference: 'RFC5405' is defined on line 384, but no explicit reference was found in the text == Unused Reference: 'RFC6335' is defined on line 391, but no explicit reference was found in the text == Unused Reference: 'RFC4364' is defined on line 423, but no explicit reference was found in the text == Unused Reference: 'RFC6790' is defined on line 430, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 2983 ** Obsolete normative reference: RFC 5405 (Obsoleted by RFC 8085) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group E. Crabbe, Ed. 3 Internet-Draft Google 4 Intended status: Standards Track L. Yong, Ed. 5 Expires: January 16, 2014 Huawei USA 6 X. Xu, Ed. 7 Huawei Technologies 8 July 15, 2013 10 Generic UDP Encapsulation for IP Tunneling 11 draft-yong-tsvwg-gre-in-udp-encap-01 13 Abstract 15 This document describes a method of encapsulating arbitrary protocols 16 within GRE and UDP headers. In this encapsulation, the source UDP 17 port may be used as an entropy field for purposes of load balancing 18 while the payload protocol may be identified by the GRE Protocol 19 Type. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 25 document are to be interpreted as described in [RFC2119]. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on January 16, 2014. 44 Copyright Notice 46 Copyright (c) 2013 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 4. Encapsulation Considerations . . . . . . . . . . . . . . . . 6 65 5. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 66 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 67 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 68 7.1. Vulnerability . . . . . . . . . . . . . . . . . . . . . . 7 69 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8 70 9. Contributing Authors . . . . . . . . . . . . . . . . . . . . 8 71 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 72 10.1. Normative References . . . . . . . . . . . . . . . . . . 8 73 10.2. Informative References . . . . . . . . . . . . . . . . . 9 74 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 76 1. Introduction 78 Load balancing, or more specifically, statistical multiplexing of 79 traffic using Equal Cost Multi-Path (ECMP) and/or Link Aggregation 80 Groups (LAGs) in IP networks is a widely used technique for creating 81 higher capacity networks out of lower capacity links. Most existing 82 routers in IP networks are already capable of distributing IP traffic 83 flows over ECMP paths and/or LAGs on the basis of a hash function 84 performed on flow invariant fields in IP packet headers and their 85 payload protocol headers. Specifically, when the IP payload is a 86 User Datagram Protocol (UDP)[RFC0768] or Transmission Control 87 Protocol (TCP) packet, router hash functions frequently operate on 88 the five-tuple of the source IP address, the destination IP address, 89 the source port, the destination port, and the protocol/next-header 90 field. 92 Several tunneling techniques are in common use in IP networks, such 93 as Generic Routing Encapsulation (GRE) [RFC2784], MPLS [RFC4023] and 94 L2TPv3 [RFC3931]. GRE is an increasingly popular encapsulation 95 choice, especially in environments where MPLS is unavailable or 96 unnecessary. Unfortunately, use of common GRE endpoints may reduce 97 the entropy available for use in loadbalancing, especially in 98 environments where the GRE Key field [RFC2890] is not readilly 99 available for use as entropy in forwarding decisions. 101 This document defines a generic GRE-in-UDP encapsulation for 102 tunneling arbitrary network protocol payloads across an IP network 103 environment where ECMP or LAGs are used. The GRE header provides 104 payload protocol de-multiplexing by way of it's protocol type field 105 [RFC2784] while the UDP header provides additional entropy by way of 106 it's source port. 108 This encapsulation method requires no changes to the transit IP 109 network. Hash functions in existing IP routers a GRE-in-UDP tunnel 110 transits will automatically utilize and benefit from this procedure 111 without needing any change or upgrade. The encapsulation mechanism 112 is applicable to a variety of IP networks including Data Center and 113 Wide Area networks. 115 2. Terminology 117 The terms defined in [RFC0768] are used in this document. 119 3. Procedures 121 When a tunnel ingress device conforming to this document receives a 122 packet, the ingress MUST encapsulate the packet in UDP and GRE 123 headers and set the destination port of the UDP header to [TBD] 124 Section 6. The ingress device must also insert the payload protocol 125 type in the GRE Protocol Type field. The ingress device MAY set the 126 UDP source port based on flow invariant fields from the payload 127 header, otherwise it should be set to zero. How a tunnel ingress 128 generates entropy from the payload is outside the scope of this 129 document. The tunnel ingress MUST encode its own IP address as the 130 source IP address and the egress tunnel endpoint IP address. The TTL 131 field in the IP header must be set to a value appropriate for 132 delivery of the encapsulated packet to the tunnel egress endpoint. 134 When the tunnel egress receives a packet, it must remove the outer 135 UDP and GRE headers. Section 5 describes the error handling when 136 this entity is not instantiated at the tunnel egress. 138 To simplify packet processing at the tunnel egress, packets destined 139 to this special UDP destination port [TBD] should have their UDP 140 checksum and Sequence flags set to zero. Although IPv6 [RFC2460] 141 restricts the processing a packet with the UDP checksum of zero, 142 [RFC6935] and [RFC6936] relax this constraint to allow the zero UDP 143 checksum. 145 The tunnel ingress may set the GRE Key Present, Sequence Number 146 Present, and Checksum Present bits and asscociated fields in the GRE 147 header defined by [RFC2784] and [RFC2890]. 149 In addition IPv6 nodes must conform to the following: 151 1. the IPv6 tunnel ingress and egress SHOULD follow the node 152 requirements specified in Section 4 of [RFC6936] and the usage 153 requirements specified in Section 5 of [RFC6936] 155 2. IPv6 transit nodes should follow the requirements 9, 10, 11 156 specified in Section 5 of [RFC6936]. 158 The format of the GRE-in-UDP encapsulation for both IPv4 and IPv6 159 outer headersis shown in the following figures: 161 0 1 2 3 162 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 164 IPv4 Header: 165 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 166 |Version| IHL |Type of Service| Total Length | 167 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 168 | Identification |Flags| Fragment Offset | 169 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 170 | Time to Live |Protcol=17[UDP]| Header Checksum | 171 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 172 | Source IPv4 Address | 173 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 174 | Destination IPv4 Address | 175 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 177 UDP Header: 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 179 | Source Port = XXXX | Dest Port = TBD | 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 | UDP Length | UDP Checksum | 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 184 GRE Header: 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 |C| |K|S| Reserved0 | Ver | Protocol Type | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 188 | Checksum (optional) | Reserved1 (Optional) | 189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 190 | Key (optional) | 191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 192 | Sequence Number (Optional) | 193 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 Figure 1: UDP+GRE IPv4 headers 197 0 1 2 3 198 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 200 IPv6 Header: 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 |Version| Traffic Class | Flow Label | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 | Payload Length | NxtHdr=17[UDP]| Hop Limit | 205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 206 | | 207 + + 208 | | 209 + Outer Source IPv6 Address + 210 | | 211 + + 212 | | 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 214 | | 215 + + 216 | | 217 + Outer Destination IPv6 Address + 218 | | 219 + + 220 | | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 UDP Header: 224 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 225 | Source Port = XXXX | Dest Port = TBD | 226 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 227 | UDP Length | UDP Checksum | 228 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 230 GRE Header: 231 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 232 |C| |K|S| Reserved0 | Ver | Protocol Type | 233 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 234 | Checksum (optional) | Reserved1 (Optional) | 235 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 236 | Key (optional) | 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 | Sequence Number (Optional) | 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 Figure 2: UDP+GRE IPv6 headers 243 The total overhead increase for a UDP+GRE tunnel without use of 244 optional GRE fields, representing the lowest total overhead increase, 245 is 32 bytes in the case of IPv4 and 52 bytes in the case of IPv6. 246 The total overhead increase for a UDP+GRE tunnel with use of GRE Key, 247 Sequence and Checksum Fields, representing the highest total overhead 248 increase, is 44 bytes in the case of IPv4 and 64 bytes in the case of 249 IPv6. 251 4. Encapsulation Considerations 253 GRE-in-UDP encapsulation allows the tunneled traffic to be unicast, 254 broadcast, or multicast traffic. Entropy may be generated from the 255 header of tunneled unicast or broadcast/multicast packets at a tunnel 256 ingress. The mapping mechanism between the tunneled multicast 257 traffic and the multicast capability in the IP network is transparent 258 and independent to the encapsulation and is outside the scope of this 259 document. 261 If a tunnel ingress must perform fragmentation on a packet before 262 encapsulation, it must use the same source UDP port for all packet 263 fragments. This ensures that the transit routers will forward the 264 packet fragments on the same path. GRE-in-UDP encapsulation 265 introduces some overhead as mentioned in section 3, which reduces the 266 effective Maximum Transmission Unit (MTU) size. An operator should 267 factor in this addition overhead bytes when considering an MTU size 268 for the payload to reduce the likelihood of fragmentation. 270 To ensure the tunneled traffic gets the same treatment over the IP 271 network, prior to the encapsulation process, a tunnel ingress should 272 process the payload to get the proper parameters to fill into the IP 273 header such as DiffServ [RFC2983]]. Tunnel end points that support 274 ECN must use the method described in [RFC6040] for ECN marking 275 propagation. This process is outside of the scope of this document. 277 Note that the IPv6 header [RFC2460] contains a flow label field that 278 may be used for load balancing in an IPv6 network [RFC6438]. Thus in 279 an IPv6 network, either GRE-in-UDP or flow labels may be used in 280 order to improve load balancing performance. However, use of GRE-in- 281 UDP encapsulation provides a unified hardware implementation for load 282 balancing in an IP network indepependent of the IP version(s) in use. 284 5. Backward Compatibility 286 It is assumed that tunnel ingress routers must be upgraded in order 287 to support the encapsulations described in this document. 289 No change is required at transit routers to support forwarding of the 290 encapsulation described in this document. 292 If a router that is intended for use as a tunnel egress does not 293 support the GRE-in-UDP encapsulation described in this document, it 294 will not be listening on destination port [TBD]. In these cases, the 295 router will conform to normal UDP processing and respond to the 296 tunnel ingress with an ICMP message indicating "port unreachable" 297 according to [RFC0792] and [RFC4884]. Upon receiving this ICMP 298 message, the tunnel ingress MUST NOT continue to use GRE-in-UDP 299 encapsulation toward this tunnel egress without management 300 intervention. 302 6. IANA Considerations 304 This document requests that IANA allocate an port number from the 305 registry designated Service Name and Transport Protocol Port Number 306 Registry for use in GRE-in-UDP encapsulation. 308 7. Security Considerations 310 7.1. Vulnerability 312 Neither UDP nor GRE encapsulation effect security for the payload 313 protocol. Network Security in a network using GRE-in-UDP 314 encapsulation is similar to that of a network using GRE. 316 Use of ICMP for signalling of the GRE-in-UDP encapsulation capability 317 does result in an additional security concern. Tunnel ingress 318 devices may want to validate the origin of ICMP Port Unreachable 319 messages before taking action. The mechanism for performing this 320 validation is out of the scope of this document. 322 8. Contributors 324 Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger 325 Geib, and Gorry Fairhurst for their review and valuable input on this 326 draft. 328 9. Contributing Authors 330 The following people all contributed significantly to this document 331 and are listed below in alphabetical order: 333 John E. Drake 334 Juniper Networks 336 Email: jdrake@juniper.net 338 Adrian Farrel 339 Juniper Networks 341 Email: adrian@olddog.co.uk 343 Vishwas Manral 344 Hewlett-Packard Corp. 345 3000 Hanover St, Palo Alto. 347 Email: vishwas.manral@hp.com 349 Carlos Pignataro 350 Cisco Systems 351 7200-12 Kit Creek Road 352 Research Triangle Park, NC 27709 USA 354 EMail: cpignata@cisco.com 356 Yongbing Fan 357 China Telecom 358 Guangzhou, China. 359 Phone: +86 20 38639121 361 10. References 363 10.1. Normative References 365 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 366 August 1980. 368 [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 369 1981. 371 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 372 Requirement Levels", BCP 14, RFC 2119, March 1997. 374 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 375 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 376 March 2000. 378 [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", 379 RFC 2890, September 2000. 381 [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC 382 2983, October 2000. 384 [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines 385 for Application Designers", BCP 145, RFC 5405, November 386 2008. 388 [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion 389 Notification", RFC 6040, November 2010. 391 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 392 Cheshire, "Internet Assigned Numbers Authority (IANA) 393 Procedures for the Management of the Service Name and 394 Transport Protocol Port Number Registry", BCP 165, RFC 395 6335, August 2011. 397 [RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label 398 for Equal Cost Multipath Routing and Link Aggregation in 399 Tunnels", RFC 6438, November 2011. 401 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 402 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 404 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 405 for the Use of IPv6 UDP Datagrams with Zero Checksums", 406 RFC 6936, April 2013. 408 10.2. Informative References 410 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 411 RFC 792, September 1981. 413 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 414 (IPv6) Specification", RFC 2460, December 1998. 416 [RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling 417 Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005. 419 [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating 420 MPLS in IP or Generic Routing Encapsulation (GRE)", RFC 421 4023, March 2005. 423 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 424 Networks (VPNs)", RFC 4364, February 2006. 426 [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, 427 "Extended ICMP to Support Multi-Part Messages", RFC 4884, 428 April 2007. 430 [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and 431 L. Yong, "The Use of Entropy Labels in MPLS Forwarding", 432 RFC 6790, November 2012. 434 Authors' Addresses 436 Edward Crabbe (editor) 437 Google 438 1600 Amphitheatre Parkway 439 Mountain View, CA 94102 440 US 442 Email: edward.crabbe@gmail.com 444 Lucy Yong (editor) 445 Huawei USA 446 5340 Legacy Drive 447 San Jose, TX 75025 448 US 450 Email: lucy.yong@huawei.com 452 Xiaohu Xu (editor) 453 Huawei Technologies 454 Beijing 455 China 457 Email: xuxiaohu@huawei.com