draft-ietf-tsvwg-gre-in-udp-encap-19.txt   rfc8086.txt 
Network Working Group Lucy Yong(Ed.)
Internet-Draft Huawei Technologies
Intended status: Standard Track E. Crabbe
Oracle
X. Xu
Huawei Technologies
T. Herbert
Facebook
Expires: February 2017 September 30, 2016 Internet Engineering Task Force (IETF) L. Yong, Ed.
Request for Comments: 8086 Huawei Technologies
Category: Standards Track E. Crabbe
ISSN: 2070-1721 Oracle
X. Xu
Huawei Technologies
T. Herbert
Facebook
March 2017
GRE-in-UDP Encapsulation GRE-in-UDP Encapsulation
draft-ietf-tsvwg-gre-in-udp-encap-19
Abstract Abstract
This document specifies a method of encapsulating network protocol This document specifies a method of encapsulating network protocol
packet within GRE and UDP headers. This GRE-in-UDP encapsulation packets within GRE and UDP headers. This GRE-in-UDP encapsulation
allows the UDP source port field to be used as an entropy field. allows the UDP source port field to be used as an entropy field.
This may be used for load balancing of GRE traffic in transit This may be used for load-balancing of GRE traffic in transit
networks using existing ECMP mechanisms. There are two applicability networks using existing Equal-Cost Multipath (ECMP) mechanisms.
scenarios for GRE-in-UDP with different requirements: (1) general There are two applicability scenarios for GRE-in-UDP with different
Internet; (2) a traffic-managed controlled environment. The requirements: (1) general Internet and (2) a traffic-managed
controlled environment has less restrictive requirements than the controlled environment. The controlled environment has less
general Internet. restrictive requirements than the general Internet.
Status of This Document
This Internet-Draft is submitted in full conformance with the Status of This Memo
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering This is an Internet Standards Track document.
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six This document is a product of the Internet Engineering Task Force
months and may be updated, replaced, or obsoleted by other documents (IETF). It represents the consensus of the IETF community. It has
at any time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on February 30,2017. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8086.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with carefully, as they describe your rights and restrictions with respect
respect to this document. Code Components extracted from this to this document. Code Components extracted from this document must
document must include Simplified BSD License text as described in include Simplified BSD License text as described in Section 4.e of
Section 4.e of the Trust Legal Provisions and are provided without the Trust Legal Provisions and are provided without warranty as
warranty as described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction ....................................................4
1.1. Terminology...............................................4 1.1. Terminology ................................................5
1.2. Requirements Language.....................................5 1.2. Requirements Language ......................................5
2. Applicability Statement........................................5 2. Applicability Statement .........................................6
2.1. GRE-in-UDP Tunnel Requirements............................6 2.1. GRE-in-UDP Tunnel Requirements .............................6
2.1.1. Requirements for Default GRE-in-UDP Tunnel...........6 2.1.1. Requirements for Default GRE-in-UDP Tunnel ..........7
2.1.2. Requirements for TMCE GRE-in-UDP Tunnel..............7 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel .............8
3. GRE-in-UDP Encapsulation.......................................7 3. GRE-in-UDP Encapsulation ........................................9
3.1. IP Header................................................10 3.1. IP Header .................................................11
3.2. UDP Header...............................................10 3.2. UDP Header ................................................11
3.2.1. Source Port.........................................10 3.2.1. Source Port ........................................11
3.2.2. Destination Port....................................11 3.2.2. Destination Port ...................................11
3.2.3. Checksum............................................11 3.2.3. Checksum ...........................................12
3.2.4. Length..............................................11 3.2.4. Length .............................................12
3.3. GRE Header...............................................11 3.3. GRE Header ................................................12
4. Encapsulation Process Procedures..............................12 4. Encapsulation Procedures .......................................13
4.1. MTU and Fragmentation....................................12 4.1. MTU and Fragmentation .....................................13
4.2. Differentiated Services and ECN Marking..................13 4.2. Differentiated Services and ECN Marking ...................14
5. Use of DTLS...................................................13 5. Use of DTLS ....................................................14
6. UDP Checksum Handling.........................................14 6. UDP Checksum Handling ..........................................15
6.1. UDP Checksum with IPv4...................................14 6.1. UDP Checksum with IPv4 ....................................15
6.2. UDP Checksum with IPv6...................................14 6.2. UDP Checksum with IPv6 ....................................15
7. Middlebox Considerations......................................17 7. Middlebox Considerations .......................................18
7.1. Middlebox Considerations for Zero Checksums..............18 7.1. Middlebox Considerations for Zero Checksums ...............19
8. Congestion Considerations.....................................18 8. Congestion Considerations ......................................19
9. Backward Compatibility........................................19 9. Backward Compatibility .........................................20
10. IANA Considerations..........................................20 10. IANA Considerations ...........................................21
11. Security Considerations......................................21 11. Security Considerations .......................................21
12. Acknowledgements.............................................21 12. References ....................................................22
13. Contributors.................................................22 12.1. Normative References .....................................22
14. References...................................................23 12.2. Informative References ...................................23
14.1. Normative References....................................23 Acknowledgements ..................................................25
14.2. Informative References..................................24 Contributors ......................................................25
15. Authors' Addresses...........................................25 Authors' Addresses ................................................27
1. Introduction 1. Introduction
This document specifies a generic GRE-in-UDP encapsulation for This document specifies a generic GRE-in-UDP encapsulation for
tunneling network protocol packets across an IP network based on tunneling network protocol packets across an IP network based on
Generic Routing Encapsulation (GRE) [RFC2784][RFC7676] and User Generic Routing Encapsulation (GRE) [RFC2784] [RFC7676] and User
Datagram Protocol(UDP) [RFC768] headers. The GRE header indicates Datagram Protocol (UDP) [RFC768] headers. The GRE header indicates
the payload protocol type via an EtherType [RFC7042] in the protocol the payload protocol type via an EtherType [RFC7042] in the protocol
type field, and the source port field in the UDP header may be used type field, and the source port field in the UDP header may be used
to provide additional entropy. to provide additional entropy.
A GRE-in-UDP tunnel offers the possibility of better performance for A GRE-in-UDP tunnel offers the possibility of better performance for
load balancing GRE traffic in transit networks using existing Equal- load-balancing GRE traffic in transit networks using existing Equal-
Cost Multi-Path (ECMP) mechanisms that use a hash of the five-tuple Cost Multipath (ECMP) mechanisms that use a hash of the five-tuple of
of source IP address, destination IP address, UDP/TCP source port, source IP address, destination IP address, UDP/TCP source port,
UDP/TCP destination port. While such hashing distributes UDP and UDP/TCP destination port, and protocol number. While such hashing
Transmission Control Protocol (TCP)[RFC793] traffic between a common distributes UDP and TCP [RFC793] traffic between a common pair of IP
pair of IP addresses across paths, it uses a single path for addresses across paths, it uses a single path for corresponding GRE
corresponding GRE traffic because only the two IP addresses and traffic because only the two IP addresses and the Protocol or Next
protocol/next header fields participate in the ECMP hash. Header field participate in the ECMP hash. Encapsulating GRE in UDP
Encapsulating GRE in UDP enables use of the UDP source port to enables use of the UDP source port to provide entropy to ECMP
provide entropy to ECMP hashing. hashing.
In addition, GRE-in-UDP enables extending use of GRE across networks In addition, GRE-in-UDP enables extending use of GRE across networks
that otherwise disallow it; for example, GRE-in-UDP may be used to that otherwise disallow it; for example, GRE-in-UDP may be used to
bridge two islands where GRE is not supported natively across the bridge two islands where GRE is not supported natively across the
middleboxes. middleboxes.
GRE-in-UDP encapsulation may be used to encapsulate already tunneled GRE-in-UDP encapsulation may be used to encapsulate already tunneled
traffic, i.e., tunnel-in-tunnel. In this case, GRE-in-UDP tunnels traffic, i.e., tunnel-in-tunnel traffic. In this case, GRE-in-UDP
treat the endpoints of the outer tunnel as the end hosts; the tunnels treat the endpoints of the outer tunnel as the end hosts; the
presence of an inner tunnel does not change the outer tunnel's presence of an inner tunnel does not change the outer tunnel's
handling of network traffic. handling of network traffic.
A GRE-in-UDP tunnel is capable of carrying arbitrary traffic and A GRE-in-UDP tunnel is capable of carrying arbitrary traffic and
behaves as a UDP application on an IP network. However, a GRE-in-UDP behaves as a UDP application on an IP network. However, a GRE-in-UDP
tunnel carrying certain types of traffic does not satisfy the tunnel carrying certain types of traffic does not satisfy the
requirements for UDP applications on the Internet [RFC5405bis]. GRE- requirements for UDP applications on the Internet [RFC8085].
in-UDP tunnels that do not satisfy these requirements MUST NOT be GRE-in-UDP tunnels that do not satisfy these requirements MUST NOT be
deployed to carry such traffic over the Internet. For this reason, deployed to carry such traffic over the Internet. For this reason,
this document specifies two deployment scenarios for GRE-in-UDP this document specifies two deployment scenarios for GRE-in-UDP
tunnels with GRE-in-UDP tunnel requirements for each of them: (1) tunnels with GRE-in-UDP tunnel requirements for each of them: (1)
general Internet; (2) a traffic-managed controlled environment general Internet and (2) a traffic-managed controlled environment
(TMCE). The TMCE scenario has less restrictive technical (TMCE). Compared to the general Internet scenario, the TMCE scenario
requirements for the protocol but more restrictive management and has less restrictive technical requirements for the protocol but more
operation requirements for the network by comparison to the general restrictive management and operation requirements for the network.
Internet scenario.
To provide security for traffic carried by a GRE-in-UDP tunnel, this To provide security for traffic carried by a GRE-in-UDP tunnel, this
document also specifies Datagram Transport Layer Security (DTLS) for document also specifies Datagram Transport Layer Security (DTLS) for
GRE-in-UDP tunnels, which SHOULD be used when security is a concern. GRE-in-UDP tunnels, which SHOULD be used when security is a concern.
GRE-in-UDP encapsulation usage requires no changes to the transit IP GRE-in-UDP encapsulation usage requires no changes to the transit IP
network. ECMP hash functions in most existing IP routers may utilize network. ECMP hash functions in most existing IP routers may utilize
and benefit from the additional entropy enabled by GRE-in-UDP and benefit from the additional entropy enabled by GRE-in-UDP tunnels
tunnels without any change or upgrade to their ECMP implementation. without any change or upgrade to their ECMP implementation. The
The encapsulation mechanism is applicable to a variety of IP encapsulation mechanism is applicable to a variety of IP networks
networks including Data Center and Wide Area Networks, as well as including Data Center Networks and Wide Area Networks, as well as
both IPv4 and IPv6 networks. both IPv4 and IPv6 networks.
1.1. Terminology 1.1. Terminology
The terms defined in [RFC768] and [RFC2784] are used in this The terms defined in [RFC768] and [RFC2784] are used in this
document. Following are additional terms used in this draft. document. Below are additional terms used in this document.
Decapsulator: a component performing packet decapsulation at tunnel Decapsulator: a component performing packet decapsulation at tunnel
egress. egress.
ECMP: Equal-Cost Multi-Path. ECMP: Equal-Cost Multipath.
Encapsulator: a component performing packet encapsulation at tunnel Encapsulator: a component performing packet encapsulation at tunnel
egress. egress.
Flow Entropy: The information to be derived from traffic or Flow Entropy: The information to be derived from traffic or
applications and to be used by network devices in ECMP process applications and to be used by network devices in the ECMP process
[RFC6438]. [RFC6438].
Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the
general Internet. general Internet.
TMCE: A Traffic-managed controlled environment, i.e. an IP network TMCE: A traffic-managed controlled environment, i.e., an IP network
that is traffic-engineered and/or otherwise managed (e.g., via use that is traffic-engineered and/or otherwise managed (e.g., via use of
of traffic rate limiters) to avoid congestion, as defined in Section traffic rate limiters) to avoid congestion, as defined in Section 2.
2.
TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a
traffic-managed controlled environment that is defined in Section 2. traffic-managed controlled environment that is defined in Section 2.
Tunnel Egress: A tunnel end point that performs packet decapsulation. Tunnel Egress: A tunnel endpoint that performs packet decapsulation.
Tunnel Ingress: A tunnel end point that performs packet Tunnel Ingress: A tunnel endpoint that performs packet encapsulation.
encapsulation.
1.2. Requirements Language 1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Applicability Statement 2. Applicability Statement
GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks; in both GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks; in both
cases, encapsulated packets are treated as UDP datagrams. Therefore, cases, encapsulated packets are treated as UDP datagrams. Therefore,
a GRE-in-UDP tunnel needs to meet the UDP usage requirements a GRE-in-UDP tunnel needs to meet the UDP usage requirements
specified in [RFC5405bis]. These requirements depend on both the specified in [RFC8085]. These requirements depend on both the
delivery network and the nature of the encapsulated traffic. For delivery network and the nature of the encapsulated traffic. For
example, the GRE-in-UDP tunnel protocol does not provide any example, the GRE-in-UDP tunnel protocol does not provide any
congestion control functionality beyond that of the encapsulated congestion control functionality beyond that of the encapsulated
traffic. Therefore, a GRE-in-UDP tunnel MUST be used only with traffic. Therefore, a GRE-in-UDP tunnel MUST be used only with
congestion controlled traffic (e.g., IP unicast traffic) and/or congestion-controlled traffic (e.g., IP unicast traffic) and/or
within a network that is traffic-managed to avoid congestion. within a network that is traffic managed to avoid congestion.
[RFC5405bis] describes two applicability scenarios for UDP [RFC8085] describes two applicability scenarios for UDP applications:
applications: 1) General Internet and 2) A controlled environment. (1) general internet and (2) a controlled environment. The
The controlled environment means a single administrative domain or controlled environment means a single administrative domain or
bilaterally agreed connection between domains. A network forming a bilaterally agreed connection between domains. A network forming a
controlled environment can be managed/operated to meet certain controlled environment can be managed/operated to meet certain
conditions while the general Internet cannot be; thus the conditions, while the general Internet cannot be; thus, the
requirements for a tunnel protocol operating under a controlled requirements for a tunnel protocol operating under a controlled
environment can be less restrictive than the requirements in the environment can be less restrictive than the requirements in the
general Internet. general Internet.
For the purpose of this document, a traffic-managed controlled For the purpose of this document, a traffic-managed controlled
environment (TMCE) is defined as an IP network that is traffic- environment (TMCE) is defined as an IP network that is traffic-
engineered and/or otherwise managed (e.g., via use of traffic rate engineered and/or otherwise managed (e.g., via use of traffic rate
limiters) to avoid congestion. limiters) to avoid congestion.
This document specifies GRE-in-UDP tunnel usage in the general This document specifies GRE-in-UDP tunnel usage in the general
Internet and GRE-in-UDP tunnel usage in a traffic-managed controlled Internet and GRE-in-UDP tunnel usage in a traffic-managed controlled
environment and uses "default GRE-in-UDP tunnel" and "TMCE GRE-in- environment and uses "default GRE-in-UDP tunnel" and "TMCE GRE-in-UDP
UDP tunnel" terms to refer to each usage. tunnel" terms to refer to each usage.
NOTE: Although this document specifies two different sets of GRE-in- NOTE: Although this document specifies two different sets of GRE-in-
UDP tunnel requirements based on tunnel usage, the tunnel UDP tunnel requirements based on tunnel usage, the tunnel
implementation itself has no ability to detect how and where it is implementation itself has no ability to detect how and where it is
deployed. Therefore it is the responsibility of the user or operator deployed. Therefore, it is the responsibility of the user or
who deploys a GRE-in-UDP tunnel to ensure that it meets the operator who deploys a GRE-in-UDP tunnel to ensure that it meets the
appropriate requirements. appropriate requirements.
2.1. GRE-in-UDP Tunnel Requirements 2.1. GRE-in-UDP Tunnel Requirements
This section states out the requirements for a GRE-in-UDP tunnel. This section states the requirements for a GRE-in-UDP tunnel.
Section 2.1.1 describes the requirements for a default GRE-in-UDP Section 2.1.1 describes the requirements for a default GRE-in-UDP
tunnel that is suitable for the general Internet; Section 2.1.2 tunnel that is suitable for the general Internet; Section 2.1.2
describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel
used in a traffic-managed controlled environment. Both Sections used in a traffic-managed controlled environment. Both Sections
2.1.1 and 2.1.2 are applicable to an IPv4 or IPv6 delivery network. 2.1.1 and 2.1.2 are applicable to an IPv4 or IPv6 delivery network.
2.1.1. Requirements for Default GRE-in-UDP Tunnel 2.1.1. Requirements for Default GRE-in-UDP Tunnel
The following is a summary of the default GRE-in-UDP tunnel The following is a summary of the default GRE-in-UDP tunnel
requirements: requirements:
1. A UDP checksum SHOULD be used when encapsulating in IPv4. 1. A UDP checksum SHOULD be used when encapsulating in IPv4.
2. A UDP checksum MUST be used when encapsulating in IPv6. 2. A UDP checksum MUST be used when encapsulating in IPv6.
3. GRE-in-UDP tunnel MUST NOT be deployed or configured to carry 3. GRE-in-UDP tunnel MUST NOT be deployed or configured to carry
traffic that is not congestion controlled. As stated in [RFC5405bis], traffic that is not congestion controlled. As stated in
IP-based unicast traffic is generally assumed to be congestion- [RFC8085], IP-based unicast traffic is generally assumed to be
controlled, i.e., it is assumed that the transport protocols congestion controlled, i.e., it is assumed that the transport
generating IP-based traffic at the sender already employ mechanisms protocols generating IP-based traffic at the sender already
that are sufficient to address congestion on the path. A default employ mechanisms that are sufficient to address congestion on
GRE-in-UDP tunnel is not appropriate for traffic that is not known the path. A default GRE-in-UDP tunnel is not appropriate for
to be congestion-controlled (e.g., most IP multicast traffic). traffic that is not known to be congestion controlled (e.g., most
IP multicast traffic).
4. UDP source port values that are used as a source of flow entropy 4. UDP source port values that are used as a source of flow entropy
SHOULD be chosen from the ephemeral port range (49152-65535) SHOULD be chosen from the ephemeral port range (49152-65535)
[RFC5405bis]. [RFC8085].
5. The use of the UDP source port MUST be configurable so that a 5. The use of the UDP source port MUST be configurable so that a
single value can be set for all traffic within the tunnel (this single value can be set for all traffic within the tunnel (this
disables use of the UDP source port to provide flow entropy). When a disables use of the UDP source port to provide flow entropy).
single value is set, a random port SHOULD be selected in order to When a single value is set, a random port taken from the
minimize the vulnerability to off-path attacks [RFC6056]. ephemeral port range SHOULD be selected in order to minimize the
vulnerability to off-path attacks [RFC6056].
6. For IPv6 delivery networks, the flow entropy SHOULD also be 6. For IPv6 delivery networks, the flow entropy SHOULD also be
placed in the flow label field for ECMP per [RFC6438]. placed in the flow label field for ECMP per [RFC6438].
7. At the tunnel ingress, any fragmentation of the incoming packet 7. At the tunnel ingress, any fragmentation of the incoming packet
(e.g., because the tunnel has a Maximum Transmission Unit (MTU) that (e.g., because the tunnel has a Maximum Transmission Unit (MTU)
is smaller than the packet) SHOULD be performed before encapsulation. that is smaller than the packet) SHOULD be performed before
In addition, the tunnel ingress MUST apply the UDP checksum to all encapsulation. In addition, the tunnel ingress MUST apply the
encapsulated fragments so that the tunnel egress can validate UDP checksum to all encapsulated fragments so that the tunnel
reassembly of the fragments; it MUST set the same Differentiated egress can validate reassembly of the fragments; it MUST set the
Services Code Point (DSCP) value as in the Differentiated Services same Differentiated Services Code Point (DSCP) value as in the
(DS) field of the payload packet in all fragments [RFC2474]. To Differentiated Services (DS) field of the payload packet in all
avoid unwanted forwarding over multiple paths, the same source UDP fragments [RFC2474]. To avoid unwanted forwarding over multiple
port value SHOULD be set in all packet fragments. paths, the same source UDP port value SHOULD be set in all packet
fragments.
2.1.2. Requirements for TMCE GRE-in-UDP Tunnel 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel
The section contains the TMCE GRE-in-UDP tunnel requirements. It The section contains the TMCE GRE-in-UDP tunnel requirements. It
lists the changed requirements, compared with a Default GRE-in-UDP lists the changed requirements, compared with a Default GRE-in-UDP
Tunnel, for a TMCE GRE-in-UDP Tunnel, which corresponds to the tunnel, for a TMCE GRE-in-UDP tunnel, which corresponds to
requirements 1-3 listed in Section 2.1.1. requirements 1-3 listed in Section 2.1.1.
1. A UDP checksum SHOULD be used when encapsulating in IPv4. A 1. A UDP checksum SHOULD be used when encapsulating in IPv4. A
tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum, tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum,
since GRE has been designed to work without a UDP checksum [RFC2784]. since GRE has been designed to work without a UDP checksum
However, a checksum also offers protection from mis-delivery to [RFC2784]. However, a checksum also offers protection from
another port. misdelivery to another port.
2. Use of UDP checksum MUST be the default when encapsulating in 2. Use of the UDP checksum MUST be the default when encapsulating in
IPv6. This default MAY be overridden via configuration of UDP zero- IPv6. This default MAY be overridden via configuration of UDP
checksum mode. All usage of UDP zero-checksum mode with IPv6 is zero-checksum mode. All usage of UDP zero-checksum mode with
subject to the additional requirements specified in Section 6.2. IPv6 is subject to the additional requirements specified in
Section 6.2.
3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not 3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not
congestion controlled. congestion controlled.
The requirements 4-7 listed in Section 2.1.1 also apply to a TMCE Requirements 4-7 listed in Section 2.1.1 also apply to a TMCE GRE-in-
GRE-in-UDP Tunnel. UDP tunnel.
3. GRE-in-UDP Encapsulation 3. GRE-in-UDP Encapsulation
The GRE-in-UDP encapsulation format contains a UDP header [RFC768] The GRE-in-UDP encapsulation format contains a UDP header [RFC768]
and a GRE header [RFC2890]. The format is shown as follows: and a GRE header [RFC2890]. The format is shown as follows
(presented in bit order) (presented in bit order):
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv4 Header: 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live |Protcol=17(UDP)| Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
UDP Header: IPv4 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port = Entropy Value | Dest. Port = TBD1/TBD2 | |Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum | | Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Prot.=17(UDP) | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination IPv4 Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: UDP Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | | Source Port = Entropy Value | Dest. Port = 4754/4755 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1 UDP+GRE Headers in IPv4 GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 Figure 1: UDP + GRE Headers in IPv4
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
IPv6 Header: 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | NxtHdr=17(UDP)| Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Source IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Destination IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
UDP Header: IPv6 Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port = entropy value | Dest. Port = TBD1/TBD2 | |Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum | | Payload Length | NxtHdr=17(UDP)| Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Source IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Outer Destination IPv6 Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
GRE Header: UDP Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type | | Source Port = entropy value | Dest. Port = 4754/4755 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) | | UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2 UDP+GRE Headers in IPv6 GRE Header:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| |K|S| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Key (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: UDP + GRE Headers in IPv6
The contents of the IP, UDP, and GRE headers that are relevant in The contents of the IP, UDP, and GRE headers that are relevant in
this encapsulation are described below. this encapsulation are described below.
3.1. IP Header 3.1. IP Header
An encapsulator MUST encode its own IP address as the source IP An encapsulator MUST encode its own IP address as the source IP
address and the decapsulator's IP address as the destination IP address and the decapsulator's IP address as the destination IP
address. A sufficiently large value is needed in the IPv4 TTL field address. A sufficiently large value is needed in the IPv4 TTL field
or IPv6 Hop Count field to allow delivery of the encapsulated packet or IPv6 Hop Count field to allow delivery of the encapsulated packet
to the peer of the encapsulation. to the peer of the encapsulation.
3.2. UDP Header 3.2. UDP Header
3.2.1. Source Port 3.2.1. Source Port
GRE-in-UDP permits the UDP source port value to be used to encode an GRE-in-UDP permits the UDP source port value to be used to encode an
entropy value. The UDP source port contains a 16-bit entropy value entropy value. The UDP source port contains a 16-bit entropy value
that is generated by the encapsulator to identify a flow for the that is generated by the encapsulator to identify a flow for the
encapsulated packet. The port value SHOULD be within the ephemeral encapsulated packet. The port value SHOULD be within the ephemeral
port range, i.e., 49152 to 65535, where the high order two bits of port range, i.e., 49152 to 65535, where the high-order two bits of
the port are set to one. This provides fourteen bits of entropy for the port are set to one. This provides fourteen bits of entropy for
the inner flow identifier. In the case that an encapsulator is the inner flow identifier. In the case that an encapsulator is
unable to derive flow entropy from the payload header or the entropy unable to derive flow entropy from the payload header or the entropy
usage has to be disabled to meet operational requirements (see usage has to be disabled to meet operational requirements (see
Section 7), to avoid reordering with a packet flow, the encapsulator Section 7), to avoid reordering with a packet flow, the encapsulator
SHOULD use the same UDP source port value for all packets assigned SHOULD use the same UDP source port value for all packets assigned to
to a flow e.g., the result of an algorithm that perform a hash of a flow, e.g., the result of an algorithm that performs a hash of the
the tunnel ingress and egress IP address. tunnel ingress and egress IP address.
The source port value for a flow set by an encapsulator MAY change The source port value for a flow set by an encapsulator MAY change
over the lifetime of the encapsulated flow. For instance, an over the lifetime of the encapsulated flow. For instance, an
encapsulator may change the assignment for Denial of Service (DOS) encapsulator may change the assignment for Denial-of-Service (DoS)
mitigation or as a means to effect routing through the ECMP network. mitigation or as a means to effect routing through the ECMP network.
An encapsulator SHOULD NOT change the source port selected for a An encapsulator SHOULD NOT change the source port selected for a flow
flow more than once every thirty seconds. more than once every thirty seconds.
An IPv6 GRE-in-UDP tunnel endpoint SHOULD copy a flow entropy value An IPv6 GRE-in-UDP tunnel endpoint SHOULD copy a flow entropy value
in the IPv6 flow label field (requirement 6). This permits network in the IPv6 flow label field (requirement 6). This permits network
equipment to inspect this value and utilize it during forwarding, equipment to inspect this value and utilize it during forwarding,
e.g. to perform ECMP [RFC6438]. e.g., to perform ECMP [RFC6438].
This document places requirements on the generation of the flow This document places requirements on the generation of the flow
entropy value [RFC5405bis] but does not specify the algorithm that entropy value [RFC8085] but does not specify the algorithm that an
an implementation should use to derive this value. implementation should use to derive this value.
3.2.2. Destination Port 3.2.2. Destination Port
The destination port of the UDP header is set either GRE-in-UDP The destination port of the UDP header is set to either GRE-in-UDP
(TBD1) or GRE-UDP-DTLS (TBD2) (see Section 5). (4754) or GRE-UDP-DTLS (4755); see Section 5.
3.2.3. Checksum 3.2.3. Checksum
The UDP checksum is set and processed per [RFC768] and [RFC1122] for The UDP checksum is set and processed per [RFC768] and [RFC1122] for
IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and IPv4 and per [RFC2460] for IPv6. Requirements for checksum handling
use of zero UDP checksums are detailed in Section 6. and use of zero UDP checksums are detailed in Section 6.
3.2.4. Length 3.2.4. Length
The usage of this field is in accordance with the current UDP The usage of this field is in accordance with the current UDP
specification in [RFC768]. This length will include the UDP header specification in [RFC768]. This length will include the UDP header
(eight bytes), GRE header, and the GRE payload (encapsulated packet). (eight bytes), GRE header, and the GRE payload (encapsulated packet).
3.3. GRE Header 3.3. GRE Header
An encapsulator sets the protocol type (EtherType) of the packet An encapsulator sets the protocol type (EtherType) of the packet
being encapsulated in the GRE Protocol Type field. being encapsulated in the GRE Protocol Type field.
An encapsulator MAY set the GRE Key Present, Sequence Number Present, An encapsulator MAY set the GRE Key Present, Sequence Number Present,
and Checksum Present bits and associated fields in the GRE header as and Checksum Present bits and associated fields in the GRE header as
defined by [RFC2784] and [RFC2890]. Usage of the reserved bits, i.e., defined by [RFC2784] and [RFC2890]. Usage of the reserved bits,
Reserved0, is specified in [RFC2784]. i.e., Reserved0, is specified in [RFC2784].
The GRE checksum MAY be enabled to protect the GRE header and The GRE checksum MAY be enabled to protect the GRE header and
payload. When the UDP checksum is enabled, it protects the GRE payload. When the UDP checksum is enabled, it protects the GRE
payload, resulting in the GRE checksum being mostly redundant. payload, resulting in the GRE checksum being mostly redundant.
Enabling both checksums may result in unnecessary processing. Since Enabling both checksums may result in unnecessary processing. Since
the UDP checksum covers the pseudo-header and the packet payload, the UDP checksum covers the pseudo-header and the packet payload,
including the GRE header and its payload, the UDP checksum SHOULD be including the GRE header and its payload, the UDP checksum SHOULD be
used in preference to using the GRE checksum. used in preference to the GRE checksum.
An implementation MAY use the GRE keyid to authenticate the An implementation MAY use the GRE Key field to authenticate the
encapsulator.(See Security Considerations Section) In this model, a encapsulator. (See the Security Considerations section.) In this
shared value is either configured or negotiated between an model, a shared value is either configured or negotiated between an
encapsulator and decapsulator. When a decapsulator determines a encapsulator and decapsulator. When a decapsulator determines that a
presented keyid is not valid for the source, the packet MUST be presented key is not valid for the source, the packet MUST be
dropped. dropped.
Although GRE-in-UDP encapsulation protocol uses both UDP header and Although the GRE-in-UDP encapsulation protocol uses both the UDP
GRE header, it is one tunnel encapsulation protocol. GRE and UDP header and GRE header, it is one tunnel encapsulation protocol. The
headers MUST be applied and removed as a pair at the encapsulation GRE and UDP headers MUST be applied and removed as a pair at the
and decapsulation points. This specification does not support UDP encapsulation and decapsulation points. This specification does not
encapsulation of a GRE header where that GRE header is applied or support UDP encapsulation of a GRE header where that GRE header is
removed at a network node other than the UDP tunnel ingress or applied or removed at a network node other than the UDP tunnel
egress. ingress or egress.
4. Encapsulation Process Procedures 4. Encapsulation Procedures
The procedures specified in this section apply to both a default The procedures specified in this section apply to both a default GRE-
GRE-in-UDP tunnel and a TMCE GRE-in-UDP tunnel. in-UDP tunnel and a TMCE GRE-in-UDP tunnel.
The GRE-in-UDP encapsulation allows encapsulated packets to be The GRE-in-UDP encapsulation allows encapsulated packets to be
forwarded through "GRE-in-UDP tunnels". The encapsulator MUST set forwarded through "GRE-in-UDP tunnels". The encapsulator MUST set
the UDP and GRE header according to Section 3. the UDP and GRE headers according to Section 3.
Intermediate routers, upon receiving these UDP encapsulated packets, Intermediate routers, upon receiving these UDP encapsulated packets,
could load balance these packets based on the hash of the five-tuple could load-balance these packets based on the hash of the five-tuple
of UDP packets. of UDP packets.
Upon receiving these UDP encapsulated packets, the decapsulator Upon receiving these UDP encapsulated packets, the decapsulator
decapsulates them by removing the UDP and GRE headers and then decapsulates them by removing the UDP and GRE headers and then
processes them accordingly. processes them accordingly.
GRE-in-UDP can encapsulate traffic with unicast, IPv4 broadcast, or GRE-in-UDP can encapsulate traffic with unicast, IPv4 broadcast, or
multicast (see requirement 3 in Section 2.1.1). However a default multicast (see requirement 3 in Section 2.1.1). However, a default
GRE-in-UDP tunnel MUST NOT be deployed or configured to carry GRE-in-UDP tunnel MUST NOT be deployed or configured to carry traffic
traffic that is not congestion-controlled (See requirement 3 in that is not congestion-controlled (see requirement 3 in Section
Section 2.1.1). Entropy may be generated from the header of 2.1.1). Entropy may be generated from the header of encapsulated
encapsulated packets at an encapsulator. The mapping mechanism packets at an encapsulator. The mapping mechanism between the
between the encapsulated multicast traffic and the multicast encapsulated multicast traffic and the multicast capability in the IP
capability in the IP network is transparent and independent of the network is transparent and independent of the encapsulation and is
encapsulation and is otherwise outside the scope of this document. otherwise outside the scope of this document.
To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep- To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep-
alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP alive. It is RECOMMENDED not to use GRE keep-alive in the GRE-in-UDP
tunnel. This aligns with middlebox traversal guidelines in Section tunnel. This aligns with middlebox traversal guidelines in
3.5 of [RFC5405bis]. Section 3.5 of [RFC8085].
4.1. MTU and Fragmentation 4.1. MTU and Fragmentation
Regarding packet fragmentation, an encapsulator/decapsulator SHOULD Regarding packet fragmentation, an encapsulator/decapsulator SHOULD
perform fragmentation before the encapsulation. The size of perform fragmentation before the encapsulation. The size of
fragments SHOULD be less or equal to the Path MTU (PMTU) associated fragments SHOULD be less than or equal to the Path MTU (PMTU)
with the path between the GRE ingress and the GRE egress tunnel associated with the path between the GRE ingress and the GRE egress
endpoints minus the GRE and UDP overhead, assuming the egress MTU tunnel endpoints minus the GRE and UDP overhead, assuming the egress
for reassembled packets is larger than PMTU. When applying payload MTU for reassembled packets is larger than the PMTU. When applying
fragmentation, the UDP checksum MUST be used so that the receiving payload fragmentation, the UDP checksum MUST be used so that the
endpoint can validate reassembly of the fragments; the same source receiving endpoint can validate reassembly of the fragments; the same
UDP port SHOULD be used for all packet fragments to ensure the source UDP port SHOULD be used for all packet fragments to ensure the
transit routers will forward the fragments on the same path. transit routers will forward the fragments on the same path.
If the operator of the transit network supporting the tunnel is able If the operator of the transit network supporting the tunnel is able
to control the payload MTU size, the MTU SHOULD be configured to to control the payload MTU size, the MTU SHOULD be configured to
avoid fragmentation, i.e., sufficient for the largest supported size avoid fragmentation, i.e., sufficient for the largest supported size
of packet, including all additional bytes introduced by the tunnel of packet, including all additional bytes introduced by the tunnel
overhead [RFC5405bis]. overhead [RFC8085].
4.2. Differentiated Services and ECN Marking 4.2. Differentiated Services and ECN Marking
To ensure that tunneled traffic receives the same treatment over the To ensure that tunneled traffic receives the same treatment over the
IP network as traffic that is not tunneled, prior to the IP network as traffic that is not tunneled, prior to the
encapsulation process, an encapsulator processes the tunneled IP encapsulation process, an encapsulator processes the tunneled IP
packet headers to retrieve appropriate parameters for the packet headers to retrieve appropriate parameters for the
encapsulating IP packet header such as DiffServ [RFC2983]. encapsulating IP packet header such as Diffserv [RFC2983].
Encapsulation end points that support Explicit Congestion Encapsulation endpoints that support Explicit Congestion Notification
Notification (ECN) must use the method described in [RFC6040] for (ECN) must use the method described in [RFC6040] for ECN marking
ECN marking propagation. The congestion control process is outside propagation. The congestion control process is outside of the scope
of the scope of this document. of this document.
Additional information on IP header processing is provided in Additional information on IP header processing is provided in
Section 3.1. Section 3.1.
5. Use of DTLS 5. Use of DTLS
Datagram Transport Layer Security (DTLS) [RFC6347] can be used for Datagram Transport Layer Security (DTLS) [RFC6347] can be used for
application security and can preserve network and transport layer application security and can preserve network- and transport-layer
protocol information. Specifically, if DTLS is used to secure the protocol information. Specifically, if DTLS is used to secure the
GRE-in-UDP tunnel, the destination port of the UDP header MUST be GRE-in-UDP tunnel, the destination port of the UDP header MUST be set
set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS, to the IANA-assigned value (4755) indicating GRE-in-UDP with DTLS,
and that UDP port MUST NOT be used for other traffic. The UDP source and that UDP port MUST NOT be used for other traffic. The UDP source
port field can still be used to add entropy, e.g., for load-sharing port field can still be used to add entropy, e.g., for load-sharing
purposes. DTLS applies to a default GRE-in-UDP tunnel and a TMCE purposes. DTLS applies to a default GRE-in-UDP tunnel and a TMCE
GRE-in-UDP tunnel. GRE-in-UDP tunnel.
Use of DTLS is limited to a single DTLS session for any specific Use of DTLS is limited to a single DTLS session for any specific
tunnel encapsulator/decapsulator pair (identified by source and tunnel encapsulator/decapsulator pair (identified by source and
destination IP addresses). Both IP addresses MUST be unicast destination IP addresses). Both IP addresses MUST be unicast
addresses - multicast traffic is not supported when DTLS is used. A addresses -- multicast traffic is not supported when DTLS is used. A
GRE-in-UDP tunnel decapsulator that supports DTLS is expected to be GRE-in-UDP tunnel decapsulator that supports DTLS is expected to be
able to establish DTLS sessions with multiple tunnel encapsulators, able to establish DTLS sessions with multiple tunnel encapsulators,
and likewise a GRE-in-UDP tunnel encapsulator is expected to be able and likewise a GRE-in-UDP tunnel encapsulator is expected to be able
to establish DTLS sessions with multiple decapsulators. Different to establish DTLS sessions with multiple decapsulators. Different
source and/or destination IP addresses will be involved (see Section source and/or destination IP addresses will be involved; see
6.2) for discussion of one situation where use of different source Section 6.2 for discussion of one situation where use of different
IP addresses is important. source IP addresses is important.
When DTLS is used for a GRE-in-UDP tunnel, if a packet is received When DTLS is used for a GRE-in-UDP tunnel, if a packet is received
from the tunnel and that packet is not protected by the DTLS session from the tunnel and that packet is not protected by the DTLS session
or part of DTLS negotiation (e.g., a DTLS handshake message or part of DTLS negotiation (e.g., a DTLS handshake message
[RFC6347]), the tunnel receiver MUST discard that packet and SHOULD [RFC6347]), the tunnel receiver MUST discard that packet and SHOULD
log that discard event and information about the discarded packet. log that discard event and information about the discarded packet.
DTLS SHOULD be used for a GRE-in-UDP tunnel to meet security DTLS SHOULD be used for a GRE-in-UDP tunnel to meet security
requirements of the original traffic that is delivered by a GRE-in- requirements of the original traffic that is delivered by a GRE-in-
UDP tunnel. There are cases where no additional security is required, UDP tunnel. There are cases where no additional security is
e.g., the traffic to be encapsulated is already encrypted or the required, e.g., the traffic to be encapsulated is already encrypted
tunnel is deployed within an operationally secured network. Use of or the tunnel is deployed within an operationally secured network.
DTLS for a GRE-in-UDP tunnel requires both tunnel endpoints to Use of DTLS for a GRE-in-UDP tunnel requires both tunnel endpoints to
configure use of DTLS. configure use of DTLS.
6. UDP Checksum Handling 6. UDP Checksum Handling
6.1. UDP Checksum with IPv4 6.1. UDP Checksum with IPv4
For UDP in IPv4, when a non-zero UDP checksum is used, the UDP For UDP in IPv4, when a non-zero UDP checksum is used, the UDP
checksum MUST be processed as specified in [RFC768] and [RFC1122] checksum MUST be processed as specified in [RFC768] and [RFC1122] for
for both transmit and receive. The IPv4 header includes a checksum both transmit and receive. The IPv4 header includes a checksum that
that protects against mis-delivery of the packet due to corruption protects against misdelivery of the packet due to corruption of IP
of IP addresses. The UDP checksum potentially provides protection addresses. The UDP checksum potentially provides protection against
against corruption of the UDP header, GRE header, and GRE payload. corruption of the UDP header, GRE header, and GRE payload. Disabling
Disabling the use of checksums is a deployment consideration that the use of checksums is a deployment consideration that should take
should take into account the risk and effects of packet corruption. into account the risk and effects of packet corruption.
When a decapsulator receives a packet, the UDP checksum field MUST When a decapsulator receives a packet, the UDP checksum field MUST be
be processed. If the UDP checksum is non-zero, the decapsulator MUST processed. If the UDP checksum is non-zero, the decapsulator MUST
verify the checksum before accepting the packet. By default a verify the checksum before accepting the packet. By default, a
decapsulator SHOULD accept UDP packets with a zero checksum. A node decapsulator SHOULD accept UDP packets with a zero checksum. A node
MAY be configured to disallow zero checksums per [RFC1122]; this may MAY be configured to disallow zero checksums per [RFC1122]; this may
be done selectively, for instance disallowing zero checksums from be done selectively, for instance, disallowing zero checksums from
certain hosts that are known to be sending over paths subject to certain hosts that are known to be sending over paths subject to
packet corruption. If verification of a non-zero checksum fails, a packet corruption. If verification of a non-zero checksum fails, a
decapsulator lacks the capability to verify a non-zero checksum, or decapsulator lacks the capability to verify a non-zero checksum, or a
a packet with a zero-checksum was received and the decapsulator is packet with a zero checksum was received and the decapsulator is
configured to disallow, the packet MUST be dropped and an event MAY configured to disallow, the packet MUST be dropped and an event MAY
be logged. be logged.
6.2. UDP Checksum with IPv6 6.2. UDP Checksum with IPv6
For UDP in IPv6, the UDP checksum MUST be processed as specified in For UDP in IPv6, the UDP checksum MUST be processed as specified in
[RFC768] and [RFC2460] for both transmit and receive. [RFC768] and [RFC2460] for both transmit and receive.
When UDP is used over IPv6, the UDP checksum is relied upon to When UDP is used over IPv6, the UDP checksum is relied upon to
protect both the IPv6 and UDP headers from corruption. As such, A protect both the IPv6 and UDP headers from corruption. As such, a
default GRE-in-UDP Tunnel MUST perform UDP checksum; A TMCE GRE-in- default GRE-in-UDP tunnel MUST perform UDP checksum; a TMCE GRE-in-
UDP Tunnel MAY be configured with the UDP zero-checksum mode if the UDP tunnel MAY be configured with UDP zero-checksum mode if the
traffic-managed controlled environment or a set of closely traffic-managed controlled environment or a set of closely
cooperating traffic-managed controlled environments (such as by cooperating traffic-managed controlled environments (such as by
network operators who have agreed to work together in order to network operators who have agreed to work together in order to
jointly provide specific services) meet at least one of following jointly provide specific services) meet at least one of the following
conditions: conditions:
a. It is known (perhaps through knowledge of equipment types and a. It is known (perhaps through knowledge of equipment types and
lower layer checks) that packet corruption is exceptionally lower-layer checks) that packet corruption is exceptionally
unlikely and where the operator is willing to take the risk of unlikely and where the operator is willing to take the risk of
undetected packet corruption. undetected packet corruption.
b. It is judged through observational measurements (perhaps of b. It is judged through observational measurements (perhaps of
historic or current traffic flows that use a non-zero checksum) historic or current traffic flows that use a non-zero checksum)
that the level of packet corruption is tolerably low and where that the level of packet corruption is tolerably low and where
the operator is willing to take the risk of undetected packet the operator is willing to take the risk of undetected packet
corruption. corruption.
c. Carrying applications that are tolerant of mis-delivered or c. Carrying applications that are tolerant of misdelivered or
corrupted packets (perhaps through higher layer checksum, corrupted packets (perhaps through higher-layer checksum,
validation, and retransmission or transmission redundancy) where validation, and retransmission or transmission redundancy) where
the operator is willing to rely on the applications using the the operator is willing to rely on the applications using the
tunnel to survive any corrupt packets. tunnel to survive any corrupt packets.
The following requirements apply to a TMCE GRE-in-UDP tunnel that The following requirements apply to a TMCE GRE-in-UDP tunnel that
uses UDP zero-checksum mode: uses UDP zero-checksum mode:
a. Use of the UDP checksum with IPv6 MUST be the default a. Use of the UDP checksum with IPv6 MUST be the default
configuration of all GRE-in-UDP tunnels. configuration of all GRE-in-UDP tunnels.
b. The GRE-in-UDP tunnel implementation MUST comply with all b. The GRE-in-UDP tunnel implementation MUST comply with all
requirements specified in Section 4 of [RFC6936] and with requirements specified in Section 4 of [RFC6936] and with
requirement 1 specified in Section 5 of [RFC6936]. requirement 1 specified in Section 5 of [RFC6936].
c. The tunnel decapsulator SHOULD only allow the use of UDP zero- c. The tunnel decapsulator SHOULD only allow the use of UDP zero-
checksum mode for IPv6 on a single received UDP Destination checksum mode for IPv6 on a single received UDP Destination Port,
Port regardless of the encapsulator. The motivation for this regardless of the encapsulator. The motivation for this
requirement is possible corruption of the UDP Destination Port, requirement is possible corruption of the UDP Destination Port,
which may cause packet delivery to the wrong UDP port. If that which may cause packet delivery to the wrong UDP port. If that
other UDP port requires the UDP checksum, the mis-delivered other UDP port requires the UDP checksum, the misdelivered packet
packet will be discarded. will be discarded.
d. It is RECOMMENDED that the UDP zero-checksum mode for IPv6 is d. It is RECOMMENDED that the UDP zero-checksum mode for IPv6 is
only enabled for certain selected source addresses. The tunnel only enabled for certain selected source addresses. The tunnel
decapsulator MUST check that the source and destination IPv6 decapsulator MUST check that the source and destination IPv6
addresses are valid for the GRE-in-UDP tunnel on which the addresses are valid for the GRE-in-UDP tunnel on which the packet
packet was received if that tunnel uses UDP zero-checksum mode was received if that tunnel uses UDP zero-checksum mode and
and discard any packet for which this check fails. discard any packet for which this check fails.
e. The tunnel encapsulator SHOULD use different IPv6 addresses for e. The tunnel encapsulator SHOULD use different IPv6 addresses for
each GRE-in-UDP tunnel that uses UDP zero-checksum mode each GRE-in-UDP tunnel that uses UDP zero-checksum mode,
regardless of the decapsulator in order to strengthen the regardless of the decapsulator, in order to strengthen the
decapsulator's check of the IPv6 source address (i.e., the same decapsulator's check of the IPv6 source address (i.e., the same
IPv6 source address SHOULD NOT be used with more than one IPv6 IPv6 source address SHOULD NOT be used with more than one IPv6
destination address, independent of whether that destination destination address, independent of whether that destination
address is a unicast or multicast address). When this is not address is a unicast or multicast address). When this is not
possible, it is RECOMMENDED to use each source IPv6 address for possible, it is RECOMMENDED to use each source IPv6 address for
as few UDP zero-checksum mode GRE-in-UDP tunnels as is feasible. as few GRE-in-UDP tunnels that use UDP zero-checksum mode as is
feasible.
f. When any middlebox exists on the path of a GRE-in-UDP tunnel, f. When any middlebox exists on the path of a GRE-in-UDP tunnel, it
it is RECOMMENDED to use the default mode, i.e. use UDP is RECOMMENDED to use the default mode, i.e., use UDP checksum,
checksum, to reduce the chance that the encapsulated packets to reduce the chance that the encapsulated packets will be
will be dropped. dropped.
g. Any middlebox that allows the UDP zero-checksum mode for IPv6 g. Any middlebox that allows the UDP zero-checksum mode for IPv6
MUST comply with requirement 1 and 8-10 in Section 5 of MUST comply with requirements 1 and 8-10 in Section 5 of
[RFC6936]. [RFC6936].
h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP
checksums from "escaping" to the general Internet; see Section checksums from "escaping" to the general Internet; see Section 8
8 for examples of such measures. for examples of such measures.
i. IPv6 traffic with zero UDP checksums MUST be actively monitored i. IPv6 traffic with zero UDP checksums MUST be actively monitored
for errors by the network operator. For example, the operator for errors by the network operator. For example, the operator
may monitor Ethernet layer packet error rates. may monitor Ethernet-layer packet error rates.
j. If a packet with a non-zero checksum is received, the checksum j. If a packet with a non-zero checksum is received, the checksum
MUST be verified before accepting the packet. This is MUST be verified before accepting the packet. This is regardless
regardless of whether the tunnel encapsulator and decapsulator of whether the tunnel encapsulator and decapsulator have been
have been configured with UDP zero-checksum mode. configured with UDP zero-checksum mode.
The above requirements do not change either the requirements The above requirements do not change either the requirements
specified in [RFC2460] as modified by [RFC6935] or the requirements specified in [RFC2460] as modified by [RFC6935] or the requirements
specified in [RFC6936]. specified in [RFC6936].
The requirement to check the source IPv6 address in addition to the The requirement to check the source IPv6 address in addition to the
destination IPv6 address, plus the strong recommendation against destination IPv6 address and the strong recommendation against reuse
reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively of source IPv6 addresses among GRE-in-UDP tunnels collectively
provide some mitigation for the absence of UDP checksum coverage of provide some mitigation for the absence of UDP checksum coverage of
the IPv6 header. A traffic-managed controlled environment that the IPv6 header. A traffic-managed controlled environment that
satisfies at least one of three conditions listed at the beginning satisfies at least one of three conditions listed at the beginning of
of this section provides additional assurance. this section provides additional assurance.
A GRE-in-UDP tunnel is suitable for transmission over lower layers A GRE-in-UDP tunnel is suitable for transmission over lower layers in
in the traffic-managed controlled environments that are allowed by the traffic-managed controlled environments that are allowed by the
the exceptions stated above and the rate of corruption of the inner exceptions stated above, and the rate of corruption of the inner IP
IP packet on such networks is not expected to increase by comparison packet on such networks is not expected to increase by comparison to
to GRE traffic that is not encapsulated in UDP. For these reasons, GRE traffic that is not encapsulated in UDP. For these reasons, GRE-
GRE-in-UDP does not provide an additional integrity check except in-UDP does not provide an additional integrity check except when GRE
when GRE checksum is used when UDP zero-checksum mode is used with checksum is used when UDP zero-checksum mode is used with IPv6, and
IPv6, and this design is in accordance with requirements 2, 3 and 5 this design is in accordance with requirements 2, 3, and 5 specified
specified in Section 5 of [RFC6936]. in Section 5 of [RFC6936].
Generic Router Encapsulation (GRE) does not accumulate incorrect Generic Router Encapsulation (GRE) does not accumulate incorrect
transport layer state as a consequence of GRE header corruption. A transport-layer state as a consequence of GRE header corruption. A
corrupt GRE packet may result in either packet discard or forwarding corrupt GRE packet may result in either packet discard or packet
of the packet without accumulation of GRE state. Active monitoring forwarding without accumulation of GRE state. Active monitoring of
of GRE-in-UDP traffic for errors is REQUIRED as occurrence of errors GRE-in-UDP traffic for errors is REQUIRED, as the occurrence of
will result in some accumulation of error information outside the errors will result in some accumulation of error information outside
protocol for operational and management purposes. This design is in the protocol for operational and management purposes. This design is
accordance with requirement 4 specified in Section 5 of [RFC6936]. in accordance with requirement 4 specified in Section 5 of [RFC6936].
The remaining requirements specified in Section 5 of [RFC6936] are The remaining requirements specified in Section 5 of [RFC6936] are
not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply
because GRE does not include a control feedback mechanism. because GRE does not include a control feedback mechanism.
Requirements 8-10 are middlebox requirements that do not apply to Requirements 8-10 are middlebox requirements that do not apply to
GRE-in-UDP tunnel endpoints (see Section 7.1 for further middlebox GRE-in-UDP tunnel endpoints. (See Section 7.1 for further middlebox
discussion). discussion.)
It is worth mentioning that the use of a zero UDP checksum should It is worth mentioning that the use of a zero UDP checksum should
present the equivalent risk of undetected packet corruption when present the equivalent risk of undetected packet corruption when
sending similar packet using GRE-in-IPv6 without UDP [RFC7676] and sending a similar packet using GRE-in-IPv6 without UDP [RFC7676] and
without GRE checksums. without GRE checksums.
In summary, a TMCE GRE-in-UDP Tunnel is allowed to use UDP-zero- In summary, a TMCE GRE-in-UDP tunnel is allowed to use UDP zero-
checksum mode for IPv6 when the conditions and requirements stated checksum mode for IPv6 when the conditions and requirements stated
above are met. Otherwise the UDP checksum need to be used for IPv6 above are met. Otherwise, the UDP checksum needs to be used for IPv6
as specified in [RFC768] and [RFC2460]. Use of GRE checksum is as specified in [RFC768] and [RFC2460]. Use of GRE checksum is
RECOMMENED when the UDP checksum is not used. RECOMMENDED when the UDP checksum is not used.
7. Middlebox Considerations 7. Middlebox Considerations
Many middleboxes read or update UDP port information of the packets Many middleboxes read or update UDP port information of the packets
that they forward. Network Address/Port Translator (NAPT) is the that they forward. Network Address Port Translator (NAPT) is the
most commonly deployed Network Address Translation (NAT) device most commonly deployed Network Address Translation (NAT) device
[RFC4787]. An NAPT device establishes a NAT session to translate the [RFC4787]. A NAPT device establishes a NAT session to translate the
{private IP address, private source port number} tuple to a {public {private IP address, private source port number} tuple to a {public
IP address, public source port number} tuple, and vice versa, for IP address, public source port number} tuple, and vice versa, for the
the duration of the UDP session. This provides a UDP application duration of the UDP session. This provides a UDP application with
with the "NAT-pass-through" function. NAPT allows multiple internal the "NAT pass-through" function. NAPT allows multiple internal hosts
hosts to share a single public IP address. The port number, i.e., to share a single public IP address. The port number, i.e., the UDP
the UDP Source Port number, is used as the demultiplexer of the Source Port number, is used as the demultiplexer of the multiple
multiple internal hosts. However, the above NAPT behaviors conflict internal hosts. However, the above NAPT behaviors conflict with the
with the behavior a GRE-in-UDP tunnel that is configured to use the behavior of a GRE-in-UDP tunnel that is configured to use the UDP
UDP source port value to provide entropy. source port value to provide entropy.
A GRE-in-UDP tunnel is unidirectional; the tunnel traffic is not A GRE-in-UDP tunnel is unidirectional; the tunnel traffic is not
expected to be returned back to the UDP source port values used to expected to be returned back to the UDP source port values used to
generate entropy. However some middleboxes (e.g., firewall) assume generate entropy. However, some middleboxes (e.g., firewalls) assume
that bidirectional traffic uses a common pair of UDP ports. This that bidirectional traffic uses a common pair of UDP ports. This
assumption also conflicts with the use of the UDP source port field assumption also conflicts with the use of the UDP source port field
as entropy. as entropy.
Hence, use of the UDP source port for entropy may impact middleboxes Hence, use of the UDP source port for entropy may impact middleboxes'
behavior. If a GRE-in-UDP tunnel is expected to be used on a path behavior. If a GRE-in-UDP tunnel is expected to be used on a path
with a middlebox, the tunnel can be configured to either disable use with a middlebox, the tunnel can be configured either to disable use
of the UDP source port for entropy or to configure middleboxes to of the UDP source port for entropy or to enable middleboxes to pass
pass packets with UDP source port entropy. packets with UDP source port entropy.
7.1. Middlebox Considerations for Zero Checksums 7.1. Middlebox Considerations for Zero Checksums
IPv6 datagrams with a zero UDP checksum will not be passed by any IPv6 datagrams with a zero UDP checksum will not be passed by any
middlebox that updates the UDP checksum field or simply validates middlebox that updates the UDP checksum field or simply validates the
the checksum based on [RFC2460], such as firewalls. Changing this checksum based on [RFC2460], such as firewalls. Changing this
behavior would require such middleboxes to be updated to correctly behavior would require such middleboxes to be updated to correctly
handle datagrams with zero UDP checksums. The GRE-in-UDP handle datagrams with zero UDP checksums. The GRE-in-UDP
encapsulation does not provide a mechanism to safely fall back to encapsulation does not provide a mechanism to safely fall back to
using a checksum when a path change occurs redirecting a tunnel over using a checksum when a path change occurs that redirects a tunnel
a path that includes a middlebox that discards IPv6 datagrams with a over a path that includes a middlebox that discards IPv6 datagrams
zero UDP checksum. In this case the GRE-in-UDP tunnel will be black- with a zero UDP checksum. In this case, the GRE-in-UDP tunnel will
holed by that middlebox. be black-holed by that middlebox.
As such, when any middlebox exists on the path of GRE-in-UDP tunnel, As such, when any middlebox exists on the path of a GRE-in-UDP
use of the UDP checksum is RECOMMENDED to increase the probability tunnel, use of the UDP checksum is RECOMMENDED to increase the
of successful transmission of GRE-in-UDP packets. Recommended probability of successful transmission of GRE-in-UDP packets.
changes to allow firewalls and other middleboxes to support use of Recommended changes to allow firewalls and other middleboxes to
an IPv6 zero UDP checksum are described in Section 5 of [RFC6936]. support use of an IPv6 zero UDP checksum are described in Section 5
of [RFC6936].
8. Congestion Considerations 8. Congestion Considerations
Section 3.1.9 of [RFC5405bis] discusses the congestion Section 3.1.9 of [RFC8085] discusses the congestion considerations
considerations for design and use of UDP tunnels; this is important for design and use of UDP tunnels; this is important because other
because other flows could share the path with one or more UDP flows could share the path with one or more UDP tunnels,
tunnels, necessitating congestion control [RFC2914] to avoid necessitating congestion control [RFC2914] to avoid destructive
distractive interference. interference.
Congestion has potential impacts both on the rest of the network Congestion has potential impacts both on the rest of the network
containing a UDP tunnel, and on the traffic flows using the UDP containing a UDP tunnel and on the traffic flows using the UDP
tunnels. These impacts depend upon what sort of traffic is carried tunnels. These impacts depend upon what sort of traffic is carried
over the tunnel, as well as the path of the tunnel. The GRE-in-UDP over the tunnel, as well as the path of the tunnel. The GRE-in-UDP
tunnel protocol does not provide any congestion control and GRE-in- tunnel protocol does not provide any congestion control and GRE-in-
UDP packets are regular UDP packets. Therefore, a GRE-in-UDP tunnel UDP packets are regular UDP packets. Therefore, a GRE-in-UDP tunnel
MUST NOT be deployed to carry non-congestion controlled traffic over MUST NOT be deployed to carry non-congestion-controlled traffic over
the Internet [RFC5405bis]. the Internet [RFC8085].
Within a TMCE network, GRE-in-UDP tunnels are appropriate for Within a TMCE network, GRE-in-UDP tunnels are appropriate for
carrying traffic that is not known to be congestion controlled. For carrying traffic that is not known to be congestion controlled. For
example, a GRE-in-UDP tunnel may be used to carry Multiprotocol example, a GRE-in-UDP tunnel may be used to carry Multiprotocol Label
Label Switching (MPLS) traffic such as pseudowires or VPNs where Switching (MPLS) traffic such as pseudowires or VPNs where specific
specific bandwidth guarantees are provided to each pseudowire or VPN. bandwidth guarantees are provided to each pseudowire or VPN. In such
In such cases, operators of TMCE networks avoid congestion by cases, operators of TMCE networks avoid congestion by careful
careful provisioning of their networks, rate limiting of user data provisioning of their networks, rate-limiting of user data traffic,
traffic, and traffic engineering according to path capacity. and traffic engineering according to path capacity.
When a GRE-in-UDP tunnel carries traffic that is not known to be When a GRE-in-UDP tunnel carries traffic that is not known to be
congestion controlled in a TMCE network, the tunnel MUST be deployed congestion controlled in a TMCE network, the tunnel MUST be deployed
entirely within that network, and measures SHOULD be taken to entirely within that network, and measures SHOULD be taken to prevent
prevent the GRE-in-UDP traffic from "escaping" the network to the the GRE-in-UDP traffic from "escaping" the network to the general
general Internet, e.g.: Internet. Examples of such measures are:
o Physical or logical isolation of the links carrying GRE-in-UDP o physical or logical isolation of the links carrying GRE-in-UDP
from the general Internet. from the general Internet,
o Deployment of packet filters that block the UDP ports assigned o deployment of packet filters that block the UDP ports assigned for
for GRE-in-UDP. GRE-in-UDP, and
o Imposition of restrictions on GRE-in-UDP traffic by software o imposition of restrictions on GRE-in-UDP traffic by software tools
tools used to set up GRE-in-UDP tunnels between specific end used to set up GRE-in-UDP tunnels between specific end systems (as
systems (as might be used within a single data center) or by might be used within a single data center) or by tunnel ingress
tunnel ingress nodes for tunnels that don't terminate at end nodes for tunnels that don't terminate at end systems.
systems.
9. Backward Compatibility 9. Backward Compatibility
In general, tunnel ingress routers have to be upgraded in order to In general, tunnel ingress routers have to be upgraded in order to
support the encapsulations described in this document. support the encapsulations described in this document.
No change is required at transit routers to support forwarding of No change is required at transit routers to support forwarding of the
the encapsulation described in this document. encapsulation described in this document.
If a tunnel endpoint (a host or router) that is intended for use as
a decapsulator does not support or enable the GRE-in-UDP
encapsulation described in this document, that endpoint will not
listen on the destination port assigned to the GRE-encapsulation
(TBD1 and TBD2). In these cases, the endpoint will perform normal
UDP processing and respond to an encapsulator with an ICMP message
indicating "port unreachable" according to [RFC792]. Upon receiving
this ICMP message, the node MUST NOT continue to use GRE-in-UDP
encapsulation toward this peer without management intervention.
10. IANA Considerations If a tunnel endpoint (a host or router) that is intended for use as a
decapsulator does not support or enable the GRE-in-UDP encapsulation
described in this document, that endpoint will not listen on the
destination port assigned to the GRE-encapsulation (4754 and 4755).
In these cases, the endpoint will perform normal UDP processing and
respond to an encapsulator with an ICMP message indicating "port
unreachable" according to [RFC792]. Upon receiving this ICMP
message, the node MUST NOT continue to use GRE-in-UDP encapsulation
toward this peer without management intervention.
IANA is requested to make the following allocations: 10. IANA Considerations
One UDP destination port number for the indication of GRE, IANA has allocated the following UDP destination port number for the
indication of GRE:
Service Name: GRE-in-UDP Service Name: GRE-in-UDP
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation Description: GRE-in-UDP Encapsulation
Reference: [This.I-D] Reference: RFC 8086
Port Number: TBD1 Port Number: 4754
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
Editor Note: replace "TBD1" in section 3 and 9 with IANA assigned IANA has allocated the following UDP destination port number for the
number. indication of GRE with DTLS:
One UDP destination port number for the indication of GRE with DTLS,
Service Name: GRE-UDP-DTLS Service Name: GRE-UDP-DTLS
Transport Protocol(s): UDP Transport Protocol(s): UDP
Assignee: IESG <iesg@ietf.org> Assignee: IESG <iesg@ietf.org>
Contact: IETF Chair <chair@ietf.org> Contact: IETF Chair <chair@ietf.org>
Description: GRE-in-UDP Encapsulation with DTLS Description: GRE-in-UDP Encapsulation with DTLS
Reference: [This.I-D] Reference: RFC 8086
Port Number: TBD2 Port Number: 4755
Service Code: N/A Service Code: N/A
Known Unauthorized Uses: N/A Known Unauthorized Uses: N/A
Assignment Notes: N/A Assignment Notes: N/A
Editor Note: replace "TBD2" in section 3, 5, and 9 with IANA 11. Security Considerations
assigned number.
11. Security Considerations
GRE-in-UDP encapsulation does not affect security for the payload GRE-in-UDP encapsulation does not affect security for the payload
protocol. The security considerations for GRE apply to GRE-in-UDP, protocol. The security considerations for GRE apply to GRE-in-UDP;
see [RFC2784]. see [RFC2784].
To secure traffic carried by a GRE-in-UDP tunnel, DTLS SHOULD be To secure traffic carried by a GRE-in-UDP tunnel, DTLS SHOULD be used
used as specified in Section 5. as specified in Section 5.
In the case that UDP source port for entropy usage is disabled, a In the case that UDP source port for entropy usage is disabled, a
random port SHOULD be selected in order to minimize the random port taken from the ephemeral port range SHOULD be selected in
vulnerability to off-path attacks [RFC6056]. The random port may order to minimize the vulnerability to off-path attacks [RFC6056].
also be periodically changed to mitigate certain denial of service The random port may also be periodically changed to mitigate certain
attacks as mentioned in Section 3.2.1. DoS attacks as mentioned in Section 3.2.1.
Using one standardized value as the UDP destination port to indicate Using one standardized value as the UDP destination port to indicate
an encapsulation may increase the vulnerability of off-path attack. an encapsulation may increase the vulnerability to off-path attacks.
To overcome this, an alternate port may be agreed upon to use To overcome this, an alternate port may be agreed upon to use between
between an encapsulator and decapsulator [RFC6056]. How the an encapsulator and decapsulator [RFC6056]. How the encapsulator
encapsulator end points communicate the value is outside scope of endpoints communicate the value is outside the scope of this
this document. document.
This document does not require that a decapsulator validates the IP This document does not require that a decapsulator validate the IP
source address of the tunneled packets (with the exception that the source address of the tunneled packets (with the exception that the
IPv6 source address MUST be validated when UDP zero-checksum mode is IPv6 source address MUST be validated when UDP zero-checksum mode is
used with IPv6), but it should be understood that failure to do so used with IPv6), but it should be understood that failure to do so
presupposes that there is effective destination-based (or a presupposes that there is effective destination-based filtering (or a
combination of source-based and destination-based) filtering at the combination of source-based and destination-based filtering) at the
boundaries. boundaries.
Corruption of GRE headers can cause security concerns for Corruption of GRE headers can cause security concerns for
applications that rely on the GRE key field for traffic separation applications that rely on the GRE Key field for traffic separation or
or segregation. When the GRE key field is used for this purpose such segregation. When the GRE Key field is used for this purpose, such
as an application of a Network Virtualization Using Generic Routing as an application of a Network Virtualization Using Generic Routing
Encapsulation (NVGRE) [RFC7637], GRE header corruption is a concern. Encapsulation (NVGRE) [RFC7637], GRE header corruption is a concern.
In such situations, at least one of the UDP and GRE checksums MUST In such situations, at least one of the UDP and GRE checksums MUST be
be used for both IPv4 and IPv6 GRE-in-UDP tunnels. used for both IPv4 and IPv6 GRE-in-UDP tunnels.
12. Acknowledgements 12. References
Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger 12.1. Normative References
Geib, Lars Eggert, Lloyd Wood, Bob Briscoe, Rick Casarez, Jouni
Korhonen, Kathleen Moriarty, Ben Campbell, and many others for their
review and valuable input on this draft.
Thank Donald Eastlake, Eliot Lear, Martin Stiemerling, and Spencer [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
Dawkins for their detail reviews and valuable suggestions in WGLC DOI 10.17487/RFC0768, August 1980,
and IESG process. <http://www.rfc-editor.org/info/rfc768>.
Thank the design team led by David Black (members: Ross Callon, [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the Communication Layers", STD 3, RFC 1122,
descriptions for the congestion considerations and IPv6 UDP zero DOI 10.17487/RFC1122, October 1989,
checksum. <http://www.rfc-editor.org/info/rfc1122>.
Thank David Black and Gorry Fairhurst for their great help in [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474,
DOI 10.17487/RFC2474, December 1998,
<http://www.rfc-editor.org/info/rfc2474>.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
DOI 10.17487/RFC2784, March 2000,
<http://www.rfc-editor.org/info/rfc2784>.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC 2890, DOI 10.17487/RFC2890, September 2000,
<http://www.rfc-editor.org/info/rfc2890>.
[RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion
Notification", RFC 6040, DOI 10.17487/RFC6040, November
2010, <http://www.rfc-editor.org/info/rfc6040>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[RFC6438] Carpenter, B. and S. Amante, "Using the IPv6 Flow Label
for Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011,
<http://www.rfc-editor.org/info/rfc6438>.
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935,
DOI 10.17487/RFC6935, April 2013,
<http://www.rfc-editor.org/info/rfc6935>.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, DOI 10.17487/RFC6936, April 2013,
<http://www.rfc-editor.org/info/rfc6936>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <http://www.rfc-editor.org/info/rfc8085>.
12.2. Informative References
[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<http://www.rfc-editor.org/info/rfc792>.
[RFC793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981,
<http://www.rfc-editor.org/info/rfc793>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC2914] Floyd, S., "Congestion Control Principles", BCP 41,
RFC 2914, DOI 10.17487/RFC2914, September 2000,
<http://www.rfc-editor.org/info/rfc2914>.
[RFC2983] Black, D., "Differentiated Services and Tunnels",
RFC 2983, DOI 10.17487/RFC2983, October 2000,
<http://www.rfc-editor.org/info/rfc2983>.
[RFC4787] Audet, F., Ed., and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for Unicast
UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <http://www.rfc-editor.org/info/rfc4787>.
[RFC6056] Larsen, M. and F. Gont, "Recommendations for Transport-
Protocol Port Randomization", BCP 156, RFC 6056,
DOI 10.17487/RFC6056, January 2011,
<http://www.rfc-editor.org/info/rfc6056>.
[RFC7042] Eastlake 3rd, D. and J. Abley, "IANA Considerations and
IETF Protocol and Documentation Usage for IEEE 802
Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042,
October 2013, <http://www.rfc-editor.org/info/rfc7042>.
[RFC7637] Garg, P., Ed., and Y. Wang, Ed., "NVGRE: Network
Virtualization Using Generic Routing Encapsulation",
RFC 7637, DOI 10.17487/RFC7637, September 2015,
<http://www.rfc-editor.org/info/rfc7637>.
[RFC7676] Pignataro, C., Bonica, R., and S. Krishnan, "IPv6 Support
for Generic Routing Encapsulation (GRE)", RFC 7676,
DOI 10.17487/RFC7676, October 2015,
<http://www.rfc-editor.org/info/rfc7676>.
Acknowledgements
The authors would like to thank Vivek Kumar, Ron Bonica, Joe Touch,
Ruediger Geib, Lars Eggert, Lloyd Wood, Bob Briscoe, Rick Casarez,
Jouni Korhonen, Kathleen Moriarty, Ben Campbell, and many others for
their reviews and valuable input on this document.
Thanks to Donald Eastlake, Eliot Lear, Martin Stiemerling, and
Spencer Dawkins for their detailed reviews and valuable suggestions
during WG Last Call and the IESG process.
Thanks to the design team led by David Black (members: Ross Callon,
Gorry Fairhurst, Xiaohu Xu, and Lucy Yong) for efficiently working
out the descriptions for the congestion considerations and IPv6 UDP
zero checksum.
Thanks to David Black and Gorry Fairhurst for their great help in
document content and editing. document content and editing.
13. Contributors Contributors
The following people all contributed significantly to this document The following people all contributed significantly to this document
and are listed below in alphabetical order: and are listed in alphabetical order:
David Black David Black
EMC Corporation EMC Corporation
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
USA United States of America
Email: david.black@emc.com Email: david.black@emc.com
Ross Callon Ross Callon
Juniper Networks Juniper Networks
10 Technology Park Drive 10 Technology Park Drive
Westford, MA 01886 Westford, MA 01886
USA United States of America
Email: rcallon@juniper.net Email: rcallon@juniper.net
John E. Drake John E. Drake
Juniper Networks Juniper Networks
Email: jdrake@juniper.net Email: jdrake@juniper.net
Gorry Fairhurst Gorry Fairhurst
University of Aberdeen University of Aberdeen
Email: gorry@erg.abdn.ac.uk Email: gorry@erg.abdn.ac.uk
Yongbing Fan Yongbing Fan
China Telecom China Telecom
Guangzhou, China. Guangzhou
Phone: +86 20 38639121 China
Email: fanyb@gsta.com Email: fanyb@gsta.com
Phone: +86 20 38639121
Adrian Farrel Adrian Farrel
Juniper Networks Juniper Networks
Email: adrian@olddog.co.uk Email: adrian@olddog.co.uk
Vishwas Manral Vishwas Manral
Hewlett-Packard Corp.
3000 Hanover St, Palo Alto.
Email: vishwas.manral@hp.com Email: vishwas@ionosnetworks.com
Carlos Pignataro Carlos Pignataro
Cisco Systems Cisco Systems
7200-12 Kit Creek Road 7200-12 Kit Creek Road
Research Triangle Park, NC 27709 USA Research Triangle Park, NC 27709
United States of America
Email: cpignata@cisco.com Email: cpignata@cisco.com
14. References Authors' Addresses
14.1. Normative References
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[RFC1122] Braden, R., "Requirements for Internet Hosts --
Communication Layers", RFC1122, October 1989.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC2119, March 1997.
[RFC2474] Nichols K., Blake S., Baker F., Black D., "Definition of
the Differentiated Services Field (DS Field) in the IPv4
and IPv6 Headers", December 1998.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC2890, September 2000.
[RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for
Application Designers", draft-ietf-tsvwg-rfc5405bis, work
in progress.
[RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC6040, November 2010.
[RFC6347] Rescoria, E., Modadugu, N., "Datagram Transport Layer
Security Version 1.2", RFC6347, 2012.
[RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
Equal Cost Multipath Routing and Link Aggregation in
tunnels", RFC6438, November, 2011.
[RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and
UDP Checksums for Tunneled Packets", RFC 6935, April 2013.
[RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement
for the Use of IPv6 UDP Datagrams with Zero Checksums",
RFC 6936, April 2013.
14.2. Informative References
[RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC
792, September 1981.
[RFC793] DARPA, "Transmission Control Protocol", RFC793, September
1981.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, December 1998.
[RFC2914] Floyd, S., "Congestion Control Principles", RFC2914,
September 2000.
[RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983,
October 2000.
[RFC4787] Audet, F., et al, "network Address Translation (NAT)
Behavioral Requirements for Unicast UDP", RFC4787, January
2007.
[RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport-
Protocol Port Randomization", RFC6056, January 2011.
[RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for
Equal Cost Multipath Routing and Link Aggregation in
Tunnels", RFC6438, November 2011.
[RFC7042] Eastlake 3rd, D. and Abley, J., "IANA Considerations and
IETF Protocol and Documentation Usage for IEEE 802
Parameter", RFC7042, October 2013.
[RFC7637] Garg, P. and Wang, Y., "NVGRE: Network Virtualization
Using Generic Routing Encapsulation", RFC7637, September
2015.
[RFC7676] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for
Generic Routing Encapsulation (GRE)", RFC7676, October
2015.
15. Authors' Addresses
Lucy Yong Lucy Yong
Huawei Technologies, USA Huawei Technologies, USA
Email: lucy.yong@huawei.com Email: lucy.yong@huawei.com
Edward Crabbe Edward Crabbe
Oracle Oracle
Email: edward.crabbe@gmail.com Email: edward.crabbe@gmail.com
Xiaohu Xu Xiaohu Xu
Huawei Technologies, Huawei Technologies
Beijing, China Beijing, China
Email: xuxiaohu@huawei.com Email: xuxiaohu@huawei.com
Tom Herbert Tom Herbert
Facebook Facebook
1 Hacker Way 1 Hacker Way
Menlo Park, CA Menlo Park, CA
Email : tom@herbertland.com
Email: tom@herbertland.com
 End of changes. 194 change blocks. 
678 lines changed or deleted 693 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/