draft-ietf-tsvwg-gre-in-udp-encap-15.txt   draft-ietf-tsvwg-gre-in-udp-encap-16.txt 
skipping to change at page 1, line 14 skipping to change at page 1, line 14
Intended status: Standard Track E. Crabbe Intended status: Standard Track E. Crabbe
Oracle Oracle
X. Xu X. Xu
Huawei Technologies Huawei Technologies
T. Herbert T. Herbert
Facebook Facebook
Expires: January 2017 July 18, 2016 Expires: January 2017 July 18, 2016
GRE-in-UDP Encapsulation GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-15 draft-ietf-tsvwg-gre-in-udp-encap-16
Abstract Abstract
This document specifies a method of encapsulating network protocol This document specifies a method of encapsulating network protocol
packet within GRE and UDP headers. This GRE-in-UDP encapsulation packet within GRE and UDP headers. This GRE-in-UDP encapsulation
allows the UDP source port field to be used as an entropy field. allows the UDP source port field to be used as an entropy field.
This may be used for load balancing of GRE traffic in transit This may be used for load balancing of GRE traffic in transit
networks using existing ECMP mechanisms. This document also networks using existing ECMP mechanisms. This document also
specifies GRE-in-UDP tunnel requirements for two applicability specifies GRE-in-UDP tunnel requirements for two applicability
scenarios: (1) general Internet; (2) a traffic-managed controlled scenarios: (1) general Internet; (2) a traffic-managed controlled
skipping to change at page 3, line 17 skipping to change at page 3, line 17
This document specifies a generic GRE-in-UDP encapsulation for This document specifies a generic GRE-in-UDP encapsulation for
tunneling network protocol packets across an IP network. This tunneling network protocol packets across an IP network. This
encapsulation uses Generic Routing Encapsulation (GRE) encapsulation uses Generic Routing Encapsulation (GRE)
[RFC2784][RFC7676] and User Datagram Protocol(UDP) [RFC768] headers. [RFC2784][RFC7676] and User Datagram Protocol(UDP) [RFC768] headers.
The GRE header provides payload protocol type as an EtherType in the The GRE header provides payload protocol type as an EtherType in the
protocol type field, and the source port field in the UDP header may protocol type field, and the source port field in the UDP header may
be used to provide additional entropy. be used to provide additional entropy.
A GRE-in-UDP tunnel offers the possibility of better performance for A GRE-in-UDP tunnel offers the possibility of better performance for
load balancing GRE traffic in transit networks using existing Equal- load balancing GRE traffic in transit networks using existing Equal-
Cost Multi-Path (ECMP) mechanisms. Existing ECMP mechanisms, when Cost Multi-Path (ECMP) mechanisms. Deployed ECMP mechanisms
the IP payload is a UDP or Transmission Control Protocol frequently use a hash of the five-tuple of source IP address,
(TCP)[RFC793] packet, frequently use of a hash of the five-tuple of destination IP address, UDP/TCP source port, UDP/TCP destination
source IP address, destination IP address, UDP/TCP source port, port; this hashing distributes UDP and Transmission Control Protocol
UDP/TCP destination port, and protocol/next-header. (TCP)[RFC793] traffic between a common pair of IP addresses across
paths, but uses a single path for corresponding GRE traffic because
only the two IP addresses and protocol/next header fields
participate in the ECMP hash. Encapsulating GRE in UDP enables use
of the UDP source port to provide entropy to ECMP hashing.
A GRE-in-UDP tunnel also offers the possibility of using GRE across A GRE-in-UDP tunnel also offers the possibility of using GRE across
networks that might otherwise disallow it; for instance GRE-in-UDP networks that might otherwise disallow it; for instance GRE-in-UDP
may be used to bridge two islands where GRE is not supported may be used to bridge two islands where GRE is not supported
natively across the middleboxes. natively across the middleboxes.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e. tunnel-in-tunnel. In this case, GRE-in-UDP tunnel do traffic, i.e. tunnel-in-tunnel. In this case, GRE-in-UDP tunnel do
not differentiate such end hosts from other end hosts, i.e., not differentiate such end hosts from other end hosts, i.e.,
applying the same treatment for traffic from hosts and tunnel applying the same treatment for traffic from hosts and tunnel
skipping to change at page 6, line 17 skipping to change at page 6, line 22
single value is set, a random port SHOULD be selected in order to single value is set, a random port SHOULD be selected in order to
minimize the vulnerability to off-path attacks [RFC6056]. minimize the vulnerability to off-path attacks [RFC6056].
6. For IPv6 delivery networks, the flow entropy SHOULD also be 6. For IPv6 delivery networks, the flow entropy SHOULD also be
placed in the flow label field for ECMP per [RFC6438]. placed in the flow label field for ECMP per [RFC6438].
7. At the tunnel ingress, any fragmentation of the incoming packet 7. At the tunnel ingress, any fragmentation of the incoming packet
(e.g., because the tunnel has an MTU that is smaller than the packet) (e.g., because the tunnel has an MTU that is smaller than the packet)
SHOULD be performed before encapsulation. In addition, the tunnel SHOULD be performed before encapsulation. In addition, the tunnel
ingress MUST apply the UDP checksum to all encapsulated fragments so ingress MUST apply the UDP checksum to all encapsulated fragments so
that the tunnel egress can validate resemble of the fragments; it that the tunnel egress can validate reassembly of the fragments; it
MUST set the same DSCP value as in the DS field of the payload MUST set the same DSCP value as in the DS field of the payload
packet in all fragments [RFC2474]. To avoid unwanted forwarding over packet in all fragments [RFC2474]. To avoid unwanted forwarding over
multiple paths, the same source UDP port value SHOULD be set in all multiple paths, the same source UDP port value SHOULD be set in all
packet fragments. packet fragments.
2.1.2. Requirements for TMCE GRE-in-UDP Tunnel 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel
The section contains the TMCE GRE-in-UDP tunnel requirements. It The section contains the TMCE GRE-in-UDP tunnel requirements. It
lists the changed requirements, compared with a Default GRE-in-UDP lists the changed requirements, compared with a Default GRE-in-UDP
Tunnel, for a TMCE GRE-in-UDP Tunnel, which corresponds to the Tunnel, for a TMCE GRE-in-UDP Tunnel, which corresponds to the
skipping to change at page 11, line 42 skipping to change at page 11, line 42
alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP
tunnel. This aligns with middlebox traversal guidelines in Section tunnel. This aligns with middlebox traversal guidelines in Section
3.5 of [RFC5405bis]. 3.5 of [RFC5405bis].
4.1. MTU and Fragmentation 4.1. MTU and Fragmentation
Regarding packet fragmentation, an encapsulator/decapsulator SHOULD Regarding packet fragmentation, an encapsulator/decapsulator SHOULD
perform fragmentation before the encapsulation. The size of perform fragmentation before the encapsulation. The size of
fragments SHOULD be less or equal to the PMTU associated with the fragments SHOULD be less or equal to the PMTU associated with the
path between the GRE ingress and the GRE egress tunnel endpoints path between the GRE ingress and the GRE egress tunnel endpoints
minus the GRE and UDP overhead, assuming the egress resemble MTU is minus the GRE and UDP overhead, assuming the egress MTU for
larger than PMTU. When applying payload fragmentation, the UDP reassembled packets is larger than PMTU. When applying payload
checksum MUST be used so that the receiving endpoint can validate fragmentation, the UDP checksum MUST be used so that the receiving
resemble of the fragments; the same source UDP port SHOULD be used endpoint can validate reassembly of the fragments; the same source
for all packet fragments to ensure the transit routers will forward UDP port SHOULD be used for all packet fragments to ensure the
the fragments on the same path. transit routers will forward the fragments on the same path.
If the operator of the transit network supporting the tunnel is able If the operator of the transit network supporting the tunnel is able
to control the payload MTU size, the MTU SHOULD be configured to to control the payload MTU size, the MTU SHOULD be configured to
avoid fragmentation, i.e., sufficient for the largest supported size avoid fragmentation, i.e., sufficient for the largest supported size
of packet, including all additional bytes introduced by the tunnel of packet, including all additional bytes introduced by the tunnel
overhead [RFC5405bis]. overhead [RFC5405bis].
4.2. Differentiated Services and ECN Marking 4.2. Differentiated Services and ECN Marking
To ensure that tunneled traffic receives the same treatment over the To ensure that tunneled traffic receives the same treatment over the
 End of changes. 4 change blocks. 
13 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/