Internet DRAFT - draft-yong-tsvwg-udp-encap-4-ip-tunneling
draft-yong-tsvwg-udp-encap-4-ip-tunneling
Network Working Group L. Yong
Internet Draft X. Xu
Category: Standard Track Huawei
Expires: August 2013 February 25, 2013
Generic UDP Encapsulation for IP Tunneling
draft-yong-tsvwg-udp-encap-4-ip-tunneling-01
Status of this document
This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 25, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document.
Yong & Xu Expires August 25, 2013 [Page 1]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
Abstract
This document describes a method for encapsulating the layer
protocols within UDP at an IP network edge such that the payload
protocol can be identified from the destination port value. The
mechanism also allows for the source port to be used as the entropy
field for the purpose of load balancing in environments such as
Equal Cost Multipath (ECMP) in the underlying IP network.
Application of this technique is focused on tunneling payload
network flows across IP networks in environments where load-
balancing is required. No changes to the underlying IP network or
the payload networks are required.
Table of Contents
1. Introduction...................................................3
1.1. Conventions used in this document.........................4
1.2. Terminology...............................................4
2. UDP Encapsulation..............................................5
3. Procedures.....................................................5
4. Encapsulation Considerations...................................6
5. Backward Compatibility.........................................7
6. IP Tunneling Applications......................................7
7. Security Considerations........................................8
8. IANA Considerations............................................8
9. Contributors..................................................11
10. Acknowledgements.............................................12
11. References...................................................12
11.1. Normative References....................................12
11.2. Informative References..................................13
Yong & Xu, et al Expires August 25, 2013 [Page 2]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
1. Introduction
Load balancing is an attempt to balance traffic across a network by
allowing the traffic to use multiple paths. The benefits of load
balancing are: it eases capacity planning; it can help absorb
traffic surges by spreading them across multiple paths; and it
allows better resilience by offering alternate paths in the event of
a link or node failure.
Load balancing of traffic over Equal Cost Multi-Path (ECMP) and/or
Link Aggregation Group (LAG) in IP networks is widely used. Most
existing routers in IP networks are already capable of distributing
IP traffic flows over ECMP paths and/or LAG on the basis of a hash
function performed on the key fields of IP packet headers and their
payload protocol headers. Specifically, when the IP payload is a
User Datagram Protocol (UDP)[RFC768] or Transmission Control
Protocol (TCP) packet, the hash operates on the five-tuple of the
source IP address, the destination IP address, the source port, the
destination port, and the next protocol identifier.
IP Tunneling is a technique for allowing a tunneled packet (IP or
non-IP) to transit an IP network by encapsulating it within an IP
header when it enters the IP network and decapsulating it when it
leaves the IP network. Several IP tunneling techniques exist for an
IP network to support an IP tunneling application. IP-in-IP [RFC5565]
carries IP encapsulated directly in another IP header. Generic
Routing Encapsulation (GRE) [RFC2784] provides an encapsulation
header to allow any protocol to be carried in an IP tunnel. [RFC4023]
describes how to carry MPLS packets in IP or GRE headers. Version 3
of the Layer Two Tunneling Protocol (L2TPv3) [RFC3931] defines a
control protocol and encapsulation for carrying multiple layer 2
connections between two IP nodes.
In order to leverage the benefits of multipath environments, it is
necessary to ensure that traffic flows are not distributed across
multiple paths. When a single IP flow may carry a number of payload
traffic flows, this requires that the payload flows can be
identified in a way that the hash function will make the right
decisions. An example of the way this works can be seen in [RFC6790]
that introduced the MPLS Entropy Label, which allows information
about the traffic flow with which a given packet is associated to be
encoded within a special label within the MPLS label stack and form
part of the hash that an MPLS transit node uses when distributing
flows over multiple paths.
Yong & Xu, et al Expires August 25, 2013 [Page 3]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
IP in IP is able to encode the payload type, but cannot easily carry
the information necessary to achieve load balancing. GRE is able to
encode the payload type and carry load balancing information;
however, special processing at transit routers is required to
understand the load balancing information because the GRE header
does not form part of the standard hash function. L2TPv3 has the
same capabilities and problems as GRE. Thus, none of the existing
mechanisms for tunneling the layer protocols supported at network
edge across an IP network provides a way to make good use of
multipath environments.
This document defines a generic UDP-based encapsulation for
tunneling the layer protocols across IP networks. The encapsulation
encodes the payload type in the UDP destination port and uses the
UDP source port to provide load balancing information in a way that
mirrors the entropy label of [RFC6790]. This encapsulation requires
no changes to the transit IP network nor to the networks whose
traffic is transiting the IP network. In particular, hash functions
in existing IP routers will automatically utilize and benefit from
this procedure without needing any change or upgrade. The
encapsulation mechanism is applicable to a variety of IP networks
including Data Centers and Wide Area infrastructure networks.
Note that [RFC5405] provides unicast UDP usage guidelines for
application designers. The application in that context is about the
unicast application above IP network layer and the design
considerations are for the upper layer application when it uses the
UDP as transport protocol. This document proposes the use of the UDP
header to encode the packet type and load balancing information for
the IP network in environments of ECMP. In other words, the UDP
usage here is not to facilitate the transport of upper layer
application data. Therefore RFC5405 design considerations do not
apply to the case described in this document.
1.1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
1.2. Terminology
The terms defined in [RFC768] are used in this document.
Yong & Xu, et al Expires August 25, 2013 [Page 4]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
2. UDP Encapsulation
The UDP datagram format is described in [RFC768]. The encapsulation
described in this document specifies that:
. The destination port of the UDP datagram is set to indicate the
payload protocol according to the values assigned by IANA as
described in Section 8;
. The source port may be set to any value by the sender. Varying
the value of the source port according to the payload flow will
enable load balancing within the IP network.
. Other UDP datagram header fields are to be used as described in
[RFC768].
. To simplify the operation at the tunnel egress, it is RECOMMENDED
that the UDP checksum field is set to zero. The encapsulation can
apply to both IPv4 [RFC791] and IPv6 [RFC2460] tunnel. For further
considerations related to relaxation of the mandatory requirement
for the use of a UDP checksum in an IPv6 network, please refer to
[CKZERO] and [CKSUM].
3. Procedures
When a tunnel ingress conforming to this document receives a packet,
the ingress MUST encapsulate the packet into a UDP packet as
described in Section 2. The ingress MUST insert the payload type in
the destination port field. The ingress MAY generate load balancing
information and put it in the source port field, otherwise it SHOULD
be set to zero. How a tunnel ingress generates the load balancing
information from the payload is outside the scope of this document.
The tunnel ingress MUST encode its IP address as the source IP
address and the egress tunnel endpoint IP address or a group IP
address as destination IP address. The TTL field in the IP header
MUST be set to a value appropriate for delivery of the encapsulated
packet to the tunnel egress endpoint.
Transit routers, upon receiving these UDP encapsulated packets, may
load-balance these packets based on the hash of the five-tuple of
the packet header. Note that this method requires no change on
transit routers.
When the tunnel egress receives a packet, it removes the UDP header
and sends the payload to the entity that will process the payload
Yong & Xu, et al Expires August 25, 2013 [Page 5]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
type indicated in the UDP destination port. Section 5 describes the
error handling when this entity is not instantiated at the tunnel
egress. When a packet is received with a UDP checksum of zero, it
MUST be accepted for decapsulation. Although IPv6 [RFC2460]
restricts the processing a packet with the UDP checksum of zero,
[CKSUM] and [CKZERO] relax this constraint to allow the zero UDP
checksum. Note that 1) the IPv6 tunnel ingress and egress SHOULD
follow the node requirements specified in Section 4 of [CKZERO] and
the usage requirements specified in Section 5 of [CKZERO]; 2) IPv6
transit nodes SHOULD follow the requirements 9, 10, 11 specified in
Section 5 of [CKZERO].
Note that the UDP encapsulation specified in this document does not
provide a flow control capability; it is the responsibility of
tunneled network protocol to support any necessary flow control
function.
4. Encapsulation Considerations
This UDP encapsulation allows the tunneled traffic to be unicast,
broadcast, or multicast traffic. The load balancing information may
be generated from the header of tunneled unicast or
broadcast/multicast packets at a tunnel ingress. The mapping
mechanism between the tunneled multicast traffic and the multicast
capability in the IP network is transparent and independent to the
encapsulation and is outside the scope of this document.
UDP encapsulation introduces eight octets overhead, which reduces
the effective Maximum Transmission Unit (MTU) size. If a tunnel
ingress has to perform fragmentation on a packet before
encapsulation, it MUST use the same source UDP port for all packet
fragments. This ensures that the transit routers will forward the
packet fragments on the same path. An operator should factor in this
addition eight octets when considering an MTU size for the payload
to reduce the likelihood of fragmentation.
To ensure the tunneled traffic gets the same treatment over the IP
network, prior to the encapsulation process, a tunnel ingress needs
process the payload to get the proper parameters to fill into the IP
header such as DiffServ [RFC2983]. Both tunnel ingress and egress
SHOULD follow the procedures described in RFC6040 [RFC6040] for ECN
Yong & Xu, et al Expires August 25, 2013 [Page 6]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
marking propagation. This process is outside of the scope of this
document.
Note that IPv6 header [RFC2460] has a flow label field that may be
used for load balancing information in the IPv6 network [RFC6438].
The next header in IPv6 can be used to provide the payload type.
However, applying the UDP encapsulation to both IPv4 and IPv6
networks provides a unified hardware implementation for load
balancing in an IP network.
5. Backward Compatibility
It is assumed that tunnel ingress routers are upgraded in order to
support the function described in this document.
No change is required at transit routers to support the process
described in this document.
If a legacy router that is an intended tunnel egress does not
support the UDP encapsulation described in this document, it will
not be listening on the destination port. The same will apply if the
egress supports the process but not the payload protocol. In these
cases, the router will conform to normal UDP processing and respond
to the tunnel ingress with an ICMP message indicating "port
unreachable" according to [RFC792] and [RFC4884]. Upon receiving
this ICMP message, the tunnel ingress MUST NOT continue to use the
UDP encapsulation toward this tunnel egress without management
intervention.
6. IP Tunneling Applications
IP tunneling applications such as IP in IP [RFC5565], MPLS Client
Layer [EVPN] and L3VPN [RFC4364], GRE [RFC2784], VXLAN [VXLAN],
NVGRE [NVGRE], LISP [RFC6830] may be deployed in an IP network.
These applications can use the UDP encapsulation described in this
document. In fact, VXLAN and LISP are specified to use the UDP
header and have exactly the same semantics as specified in this
document.
The UDP encapsulation uses the destination port to encode the
payload type. For data plane interworking, each application MUST
have one port number assigned by IANA. An application MAY request
more than one port number [MPLS-IN-UDP]. Each application MUST
further specify its header format and semantics if not yet. For a
Yong & Xu, et al Expires August 25, 2013 [Page 7]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
network layer virtualization application, its header needs to have a
field to sufficiently identify a virtual network. The header format
of such application is outside the scope of this document.
Some tunneling applications may use of a signal protocol to exchange
information between two tunnel end points at the application layer.
Such signal protocol can be used for egress to inform its capability
in supporting the UDP encapsulation as well. Again, this is outside
the scope of this document.
7. Security Considerations
UDP encapsulation does not provide any additional security for a
tunneled layer protocol. In other words, the security concern has no
change regarding the use of UDP encapsulation or not. An IP
tunneling application either relies on the underlying IP network to
provide the security or implement a secured overlay tunnel such as
L2TPv3 [RFC3931] to over a non-secured IP network such as Internet.
Note that the UDP header usage described in this document is for the
underlying IP network. A firewall in an underlying network SHOULD
not inspect the packets and take an action because of the UDP header
presence for this purpose.
8. IANA Considerations
This document requests IANA to reserve a block of port numbers from
the range designated as User Ports for the payload types that the IP
tunnel may carry. IANA is requested to manage that block as a sub-
registry of the port numbers registry.
Note that the use of a contiguous block of port numbers is not an
absolute requirement, however it is believed that the use of such a
block will considerably aid implementation.
Allocation procedures for port numbers are governed by [RFC6335].
This document does not seek to change those procedures. Instead, it
requests that a contiguous block of port numbers be assigned as
below, and that a further contiguous block be considered reserved
for allocation for similar purposes.
IANA is requested to make the following allocations:
Yong & Xu, et al Expires August 25, 2013 [Page 8]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
Service Name : IPv4-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : IPv4 encapsulation in UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : IPv6-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : IPv6 encapsulation in UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 1
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : MPLS-up-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : MPLS upstream assigned label encapsulation in
UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 2
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : MPLS-dn-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : MPLS downstream assigned label encapsulation in
UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 3
Yong & Xu, et al Expires August 25, 2013 [Page 9]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : VXLAN-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : VXLAN encapsulation in UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 4
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : NVGRE-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : NVGRE encapsulation in UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 5
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
Service Name : GRE-UDP-ECMP
Transport Protocol(s) : UDP
Assignee : IESG <iesg@ietf.org>
Contact : IETF Chair <chair@ietf.org>
Description : GRE encapsulation in UDP for load balancing.
Reference : [This.I-D]
Port Number : TBD + 6
Service Code : N/A
Known Unauthorized Uses : N/A
Assignment Notes : N/A
IANA is requested to reserve a further nine (9) adjacent port
numbers for similar uses. Any future allocation from that reserved
block must follow the procedures defined in [RFC6335] and should:
Yong & Xu, et al Expires August 25, 2013 [Page 10]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
- Be for the purpose of tunneling a layer protocol across a
multipath-enabled IP network.
- Be the result of a Standards Track RFC
- Use the service name naming convention of <foo>-UDP-ECMP where
<foo> is an identifier of the tunneled protocol.
9. Contributors
Edward Crabbe
Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043
Email: edc@google.com
John E. Drake
Juniper Networks
Email: jdrake@juniper.net
Adrian Farrel
Juniper Networks
Email: adrian@olddog.co.uk
Vishwas Manral
Hewlett-Packard Corp.
3000 Hanover St, Palo Alto.
Email: vishwas.manral@hp.com
Carlos Pignataro
Cisco Systems
7200-12 Kit Creek Road
Research Triangle Park, NC 27709
USA
EMail: cpignata@cisco.com
Yongbing Fan
China Telecom
Guangzhou, China.
Phone: +86 20 38639121
Yong & Xu, et al Expires August 25, 2013 [Page 11]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
Email: fanyb@gsta.com
Yiu Lee
Comcast
One Comcast Center
Philadelphia, PA 1903
USA
Email: Yiu_Lee@Cable.Comcast.com
10. Acknowledgements
Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger
Geib, and Gorry Fairhurst for their review and valuable input on
this draft.
11. References
11.1. Normative References
[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[RFC791] DARPA, "Internet Protocol", RFC791, September 1981
[RFC792] Postel, J., "Internet Control Message Protocol", RFC792,
September, 1981.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC2119, March 1997.
[RFC2460] Deering, S., and Hinden, R., "Internet Protocol, Version 6
(IPv6)", RFC2460, December 1998
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
March 2000.
[RFC3931] Lau, J., Townsley, M., and I. Goyret, "Layer Two Tunneling
Protocol - Version 3 (L2TPv3)", RFC 3931, March 2005.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or Generic Routing Encapsulation (GRE)", RFC
4023, March 2005.
Yong & Xu, et al Expires August 25, 2013 [Page 12]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
[RFC4364] Rosen, E and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC4364, February 2006.
[RFC4884] Conta, A, et al., "Internet Control Message Protocol (ICMP)
for the Internet Protocol Version 6 (IPv6) Specification",
RFC4884, March, 2006
[RFC5405] Eggert, L., "Unicast UDP Usage Guideline for Application
Designers", RFC5405, November 2008.
[RFC5565] Wu, J., "Softwire Mesh Framework", RFC 5565, June 2009.
[RFC6040] Briscoe, B., "Tunneling of Explicit Congestion
Notification", RFC6040, November 2010
[RFC6335] Cotton, M., etc, "Internet Assigned Numbers Authority
IIANA) Procedures for the Management of the Service Name
and Transport Protocol Port Number Registry", RFC6335,
August 2011
[RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for
Equal Cost Multipath Routing and Linda Aggregation in
tunnels", RFC6438, November, 2011
[RFC6790] Kompella, K., et al. "The use of Entropy Label in MPLS
forwarding", RFC6790, November 2012
11.2. Informative References
[CKSUM] Eubanks, M., et al., "IPv6 and UDP Checcksums for Tunneled
Packetets", draft-ietf-6man-udpchecksums, work in
progress.
[CKZERO] G. Fairhurst, G. and Westerlund, M., "Applicability
Statement for the use of IPv6 UDP Datagrams with Zero
Checksums", draft-ietf-6man-udpzero, work in progress.
[EVPN] Sajassi, A., et al., "BGP MPLS based Ethernet VPN", draft-
ietf-l2vpn-evpn, work in progress.
[MPLS-IN-UDP] Xu, X., et al., "Encapsulating MPLS in UDP", draft-
ietf-mpls-in-udp, work in progress.
[NVGRE] Sridharan, M., "NVGRE: Network Virtualization using Generic
Routing Encapsulation", draft-sridharan-virtualization-
nvgre, work in progress.
Yong & Xu, et al Expires August 25, 2013 [Page 13]
�
Internet-Draft UDP Encapsulation for IP Tunneling February 2013
[RFC2983] Black, D. "Diffserv and tunnels", RFC2983, October 2000
[RFC6830] Farinacci, D., "Locator/ID Separation Protocol", RFC6830,
January 2013.
[VXLAN] Mahalingam, M., Dutt, D., et al., "VXLAN: A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", draft-mahalingam-dutt-dcops-vxlan, work in
progress.
Authors' Addresses
Lucy Yong
Huawei USA
5340 Legacy Drive
Plano, TX 75025
U.S.A
Phone: 469-277-5837
Email: lucy.yong@huawei.com
Xiaohu Xu
Huawei Technologies,
Beijing, China
Phone: +86-10-60610041
Email: xuxiaohu@huawei.com
Yong & Xu, et al Expires August 25, 2013 [Page 14]
�
