idnits 2.17.00 (12 Aug 2021) /tmp/idnits39694/draft-ietf-tsvwg-gre-in-udp-encap-19.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 30, 2016) is 2052 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-tsvwg-rfc5405bis has been published as RFC 8085 ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Lucy Yong(Ed.) 2 Internet-Draft Huawei Technologies 3 Intended status: Standard Track E. Crabbe 4 Oracle 5 X. Xu 6 Huawei Technologies 7 T. Herbert 8 Facebook 10 Expires: February 2017 September 30, 2016 12 GRE-in-UDP Encapsulation 13 draft-ietf-tsvwg-gre-in-udp-encap-19 15 Abstract 17 This document specifies a method of encapsulating network protocol 18 packet within GRE and UDP headers. This GRE-in-UDP encapsulation 19 allows the UDP source port field to be used as an entropy field. 20 This may be used for load balancing of GRE traffic in transit 21 networks using existing ECMP mechanisms. There are two applicability 22 scenarios for GRE-in-UDP with different requirements: (1) general 23 Internet; (2) a traffic-managed controlled environment. The 24 controlled environment has less restrictive requirements than the 25 general Internet. 27 Status of This Document 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six 38 months and may be updated, replaced, or obsoleted by other documents 39 at any time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on February 30,2017. 44 Copyright Notice 46 Copyright (c) 2016 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with 54 respect to this document. Code Components extracted from this 55 document must include Simplified BSD License text as described in 56 Section 4.e of the Trust Legal Provisions and are provided without 57 warranty as described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction...................................................3 62 1.1. Terminology...............................................4 63 1.2. Requirements Language.....................................5 64 2. Applicability Statement........................................5 65 2.1. GRE-in-UDP Tunnel Requirements............................6 66 2.1.1. Requirements for Default GRE-in-UDP Tunnel...........6 67 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel..............7 68 3. GRE-in-UDP Encapsulation.......................................7 69 3.1. IP Header................................................10 70 3.2. UDP Header...............................................10 71 3.2.1. Source Port.........................................10 72 3.2.2. Destination Port....................................11 73 3.2.3. Checksum............................................11 74 3.2.4. Length..............................................11 75 3.3. GRE Header...............................................11 76 4. Encapsulation Process Procedures..............................12 77 4.1. MTU and Fragmentation....................................12 78 4.2. Differentiated Services and ECN Marking..................13 79 5. Use of DTLS...................................................13 80 6. UDP Checksum Handling.........................................14 81 6.1. UDP Checksum with IPv4...................................14 82 6.2. UDP Checksum with IPv6...................................14 83 7. Middlebox Considerations......................................17 84 7.1. Middlebox Considerations for Zero Checksums..............18 85 8. Congestion Considerations.....................................18 86 9. Backward Compatibility........................................19 87 10. IANA Considerations..........................................20 88 11. Security Considerations......................................21 89 12. Acknowledgements.............................................21 90 13. Contributors.................................................22 91 14. References...................................................23 92 14.1. Normative References....................................23 93 14.2. Informative References..................................24 94 15. Authors' Addresses...........................................25 96 1. Introduction 98 This document specifies a generic GRE-in-UDP encapsulation for 99 tunneling network protocol packets across an IP network based on 100 Generic Routing Encapsulation (GRE) [RFC2784][RFC7676] and User 101 Datagram Protocol(UDP) [RFC768] headers. The GRE header indicates 102 the payload protocol type via an EtherType [RFC7042] in the protocol 103 type field, and the source port field in the UDP header may be used 104 to provide additional entropy. 106 A GRE-in-UDP tunnel offers the possibility of better performance for 107 load balancing GRE traffic in transit networks using existing Equal- 108 Cost Multi-Path (ECMP) mechanisms that use a hash of the five-tuple 109 of source IP address, destination IP address, UDP/TCP source port, 110 UDP/TCP destination port. While such hashing distributes UDP and 111 Transmission Control Protocol (TCP)[RFC793] traffic between a common 112 pair of IP addresses across paths, it uses a single path for 113 corresponding GRE traffic because only the two IP addresses and 114 protocol/next header fields participate in the ECMP hash. 115 Encapsulating GRE in UDP enables use of the UDP source port to 116 provide entropy to ECMP hashing. 118 In addition, GRE-in-UDP enables extending use of GRE across networks 119 that otherwise disallow it; for example, GRE-in-UDP may be used to 120 bridge two islands where GRE is not supported natively across the 121 middleboxes. 123 GRE-in-UDP encapsulation may be used to encapsulate already tunneled 124 traffic, i.e., tunnel-in-tunnel. In this case, GRE-in-UDP tunnels 125 treat the endpoints of the outer tunnel as the end hosts; the 126 presence of an inner tunnel does not change the outer tunnel's 127 handling of network traffic. 129 A GRE-in-UDP tunnel is capable of carrying arbitrary traffic and 130 behaves as a UDP application on an IP network. However, a GRE-in-UDP 131 tunnel carrying certain types of traffic does not satisfy the 132 requirements for UDP applications on the Internet [RFC5405bis]. GRE- 133 in-UDP tunnels that do not satisfy these requirements MUST NOT be 134 deployed to carry such traffic over the Internet. For this reason, 135 this document specifies two deployment scenarios for GRE-in-UDP 136 tunnels with GRE-in-UDP tunnel requirements for each of them: (1) 137 general Internet; (2) a traffic-managed controlled environment 138 (TMCE). The TMCE scenario has less restrictive technical 139 requirements for the protocol but more restrictive management and 140 operation requirements for the network by comparison to the general 141 Internet scenario. 143 To provide security for traffic carried by a GRE-in-UDP tunnel, this 144 document also specifies Datagram Transport Layer Security (DTLS) for 145 GRE-in-UDP tunnels, which SHOULD be used when security is a concern. 147 GRE-in-UDP encapsulation usage requires no changes to the transit IP 148 network. ECMP hash functions in most existing IP routers may utilize 149 and benefit from the additional entropy enabled by GRE-in-UDP 150 tunnels without any change or upgrade to their ECMP implementation. 151 The encapsulation mechanism is applicable to a variety of IP 152 networks including Data Center and Wide Area Networks, as well as 153 both IPv4 and IPv6 networks. 155 1.1. Terminology 157 The terms defined in [RFC768] and [RFC2784] are used in this 158 document. Following are additional terms used in this draft. 160 Decapsulator: a component performing packet decapsulation at tunnel 161 egress. 163 ECMP: Equal-Cost Multi-Path. 165 Encapsulator: a component performing packet encapsulation at tunnel 166 egress. 168 Flow Entropy: The information to be derived from traffic or 169 applications and to be used by network devices in ECMP process 170 [RFC6438]. 172 Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the 173 general Internet. 175 TMCE: A Traffic-managed controlled environment, i.e. an IP network 176 that is traffic-engineered and/or otherwise managed (e.g., via use 177 of traffic rate limiters) to avoid congestion, as defined in Section 178 2. 180 TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a 181 traffic-managed controlled environment that is defined in Section 2. 183 Tunnel Egress: A tunnel end point that performs packet decapsulation. 185 Tunnel Ingress: A tunnel end point that performs packet 186 encapsulation. 188 1.2. Requirements Language 190 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 191 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 192 document are to be interpreted as described in [RFC2119]. 194 2. Applicability Statement 196 GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks; in both 197 cases, encapsulated packets are treated as UDP datagrams. Therefore, 198 a GRE-in-UDP tunnel needs to meet the UDP usage requirements 199 specified in [RFC5405bis]. These requirements depend on both the 200 delivery network and the nature of the encapsulated traffic. For 201 example, the GRE-in-UDP tunnel protocol does not provide any 202 congestion control functionality beyond that of the encapsulated 203 traffic. Therefore, a GRE-in-UDP tunnel MUST be used only with 204 congestion controlled traffic (e.g., IP unicast traffic) and/or 205 within a network that is traffic-managed to avoid congestion. 207 [RFC5405bis] describes two applicability scenarios for UDP 208 applications: 1) General Internet and 2) A controlled environment. 209 The controlled environment means a single administrative domain or 210 bilaterally agreed connection between domains. A network forming a 211 controlled environment can be managed/operated to meet certain 212 conditions while the general Internet cannot be; thus the 213 requirements for a tunnel protocol operating under a controlled 214 environment can be less restrictive than the requirements in the 215 general Internet. 217 For the purpose of this document, a traffic-managed controlled 218 environment (TMCE) is defined as an IP network that is traffic- 219 engineered and/or otherwise managed (e.g., via use of traffic rate 220 limiters) to avoid congestion. 222 This document specifies GRE-in-UDP tunnel usage in the general 223 Internet and GRE-in-UDP tunnel usage in a traffic-managed controlled 224 environment and uses "default GRE-in-UDP tunnel" and "TMCE GRE-in- 225 UDP tunnel" terms to refer to each usage. 227 NOTE: Although this document specifies two different sets of GRE-in- 228 UDP tunnel requirements based on tunnel usage, the tunnel 229 implementation itself has no ability to detect how and where it is 230 deployed. Therefore it is the responsibility of the user or operator 231 who deploys a GRE-in-UDP tunnel to ensure that it meets the 232 appropriate requirements. 234 2.1. GRE-in-UDP Tunnel Requirements 236 This section states out the requirements for a GRE-in-UDP tunnel. 237 Section 2.1.1 describes the requirements for a default GRE-in-UDP 238 tunnel that is suitable for the general Internet; Section 2.1.2 239 describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel 240 used in a traffic-managed controlled environment. Both Sections 241 2.1.1 and 2.1.2 are applicable to an IPv4 or IPv6 delivery network. 243 2.1.1. Requirements for Default GRE-in-UDP Tunnel 245 The following is a summary of the default GRE-in-UDP tunnel 246 requirements: 248 1. A UDP checksum SHOULD be used when encapsulating in IPv4. 250 2. A UDP checksum MUST be used when encapsulating in IPv6. 252 3. GRE-in-UDP tunnel MUST NOT be deployed or configured to carry 253 traffic that is not congestion controlled. As stated in [RFC5405bis], 254 IP-based unicast traffic is generally assumed to be congestion- 255 controlled, i.e., it is assumed that the transport protocols 256 generating IP-based traffic at the sender already employ mechanisms 257 that are sufficient to address congestion on the path. A default 258 GRE-in-UDP tunnel is not appropriate for traffic that is not known 259 to be congestion-controlled (e.g., most IP multicast traffic). 261 4. UDP source port values that are used as a source of flow entropy 262 SHOULD be chosen from the ephemeral port range (49152-65535) 263 [RFC5405bis]. 265 5. The use of the UDP source port MUST be configurable so that a 266 single value can be set for all traffic within the tunnel (this 267 disables use of the UDP source port to provide flow entropy). When a 268 single value is set, a random port SHOULD be selected in order to 269 minimize the vulnerability to off-path attacks [RFC6056]. 271 6. For IPv6 delivery networks, the flow entropy SHOULD also be 272 placed in the flow label field for ECMP per [RFC6438]. 274 7. At the tunnel ingress, any fragmentation of the incoming packet 275 (e.g., because the tunnel has a Maximum Transmission Unit (MTU) that 276 is smaller than the packet) SHOULD be performed before encapsulation. 277 In addition, the tunnel ingress MUST apply the UDP checksum to all 278 encapsulated fragments so that the tunnel egress can validate 279 reassembly of the fragments; it MUST set the same Differentiated 280 Services Code Point (DSCP) value as in the Differentiated Services 281 (DS) field of the payload packet in all fragments [RFC2474]. To 282 avoid unwanted forwarding over multiple paths, the same source UDP 283 port value SHOULD be set in all packet fragments. 285 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel 287 The section contains the TMCE GRE-in-UDP tunnel requirements. It 288 lists the changed requirements, compared with a Default GRE-in-UDP 289 Tunnel, for a TMCE GRE-in-UDP Tunnel, which corresponds to the 290 requirements 1-3 listed in Section 2.1.1. 292 1. A UDP checksum SHOULD be used when encapsulating in IPv4. A 293 tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum, 294 since GRE has been designed to work without a UDP checksum [RFC2784]. 295 However, a checksum also offers protection from mis-delivery to 296 another port. 298 2. Use of UDP checksum MUST be the default when encapsulating in 299 IPv6. This default MAY be overridden via configuration of UDP zero- 300 checksum mode. All usage of UDP zero-checksum mode with IPv6 is 301 subject to the additional requirements specified in Section 6.2. 303 3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not 304 congestion controlled. 306 The requirements 4-7 listed in Section 2.1.1 also apply to a TMCE 307 GRE-in-UDP Tunnel. 309 3. GRE-in-UDP Encapsulation 311 The GRE-in-UDP encapsulation format contains a UDP header [RFC768] 312 and a GRE header [RFC2890]. The format is shown as follows: 313 (presented in bit order) 314 0 1 2 3 315 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 317 IPv4 Header: 318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 319 |Version| IHL |Type of Service| Total Length | 320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 321 | Identification |Flags| Fragment Offset | 322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 323 | Time to Live |Protcol=17(UDP)| Header Checksum | 324 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 325 | Source IPv4 Address | 326 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 327 | Destination IPv4 Address | 328 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 330 UDP Header: 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 | Source Port = Entropy Value | Dest. Port = TBD1/TBD2 | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 334 | UDP Length | UDP Checksum | 335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 GRE Header: 338 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 339 |C| |K|S| Reserved0 | Ver | Protocol Type | 340 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 341 | Checksum (optional) | Reserved1 (Optional) | 342 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 343 | Key (optional) | 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 | Sequence Number (optional) | 346 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 348 Figure 1 UDP+GRE Headers in IPv4 350 0 1 2 3 351 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 353 IPv6 Header: 354 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 |Version| Traffic Class | Flow Label | 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 | Payload Length | NxtHdr=17(UDP)| Hop Limit | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 | | 360 + + 361 | | 362 + Outer Source IPv6 Address + 363 | | 364 + + 365 | | 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 | | 368 + + 369 | | 370 + Outer Destination IPv6 Address + 371 | | 372 + + 373 | | 374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 376 UDP Header: 377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 378 | Source Port = entropy value | Dest. Port = TBD1/TBD2 | 379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 380 | UDP Length | UDP Checksum | 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 383 GRE Header: 384 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 385 |C| |K|S| Reserved0 | Ver | Protocol Type | 386 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 | Checksum (optional) | Reserved1 (Optional) | 388 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 389 | Key (optional) | 390 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 391 | Sequence Number (optional) | 392 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 394 Figure 2 UDP+GRE Headers in IPv6 396 The contents of the IP, UDP, and GRE headers that are relevant in 397 this encapsulation are described below. 399 3.1. IP Header 401 An encapsulator MUST encode its own IP address as the source IP 402 address and the decapsulator's IP address as the destination IP 403 address. A sufficiently large value is needed in the IPv4 TTL field 404 or IPv6 Hop Count field to allow delivery of the encapsulated packet 405 to the peer of the encapsulation. 407 3.2. UDP Header 409 3.2.1. Source Port 411 GRE-in-UDP permits the UDP source port value to be used to encode an 412 entropy value. The UDP source port contains a 16-bit entropy value 413 that is generated by the encapsulator to identify a flow for the 414 encapsulated packet. The port value SHOULD be within the ephemeral 415 port range, i.e., 49152 to 65535, where the high order two bits of 416 the port are set to one. This provides fourteen bits of entropy for 417 the inner flow identifier. In the case that an encapsulator is 418 unable to derive flow entropy from the payload header or the entropy 419 usage has to be disabled to meet operational requirements (see 420 Section 7), to avoid reordering with a packet flow, the encapsulator 421 SHOULD use the same UDP source port value for all packets assigned 422 to a flow e.g., the result of an algorithm that perform a hash of 423 the tunnel ingress and egress IP address. 425 The source port value for a flow set by an encapsulator MAY change 426 over the lifetime of the encapsulated flow. For instance, an 427 encapsulator may change the assignment for Denial of Service (DOS) 428 mitigation or as a means to effect routing through the ECMP network. 429 An encapsulator SHOULD NOT change the source port selected for a 430 flow more than once every thirty seconds. 432 An IPv6 GRE-in-UDP tunnel endpoint SHOULD copy a flow entropy value 433 in the IPv6 flow label field (requirement 6). This permits network 434 equipment to inspect this value and utilize it during forwarding, 435 e.g. to perform ECMP [RFC6438]. 437 This document places requirements on the generation of the flow 438 entropy value [RFC5405bis] but does not specify the algorithm that 439 an implementation should use to derive this value. 441 3.2.2. Destination Port 443 The destination port of the UDP header is set either GRE-in-UDP 444 (TBD1) or GRE-UDP-DTLS (TBD2) (see Section 5). 446 3.2.3. Checksum 448 The UDP checksum is set and processed per [RFC768] and [RFC1122] for 449 IPv4, and [RFC2460] for IPv6. Requirements for checksum handling and 450 use of zero UDP checksums are detailed in Section 6. 452 3.2.4. Length 454 The usage of this field is in accordance with the current UDP 455 specification in [RFC768]. This length will include the UDP header 456 (eight bytes), GRE header, and the GRE payload (encapsulated packet). 458 3.3. GRE Header 460 An encapsulator sets the protocol type (EtherType) of the packet 461 being encapsulated in the GRE Protocol Type field. 463 An encapsulator MAY set the GRE Key Present, Sequence Number Present, 464 and Checksum Present bits and associated fields in the GRE header as 465 defined by [RFC2784] and [RFC2890]. Usage of the reserved bits, i.e., 466 Reserved0, is specified in [RFC2784]. 468 The GRE checksum MAY be enabled to protect the GRE header and 469 payload. When the UDP checksum is enabled, it protects the GRE 470 payload, resulting in the GRE checksum being mostly redundant. 471 Enabling both checksums may result in unnecessary processing. Since 472 the UDP checksum covers the pseudo-header and the packet payload, 473 including the GRE header and its payload, the UDP checksum SHOULD be 474 used in preference to using the GRE checksum. 476 An implementation MAY use the GRE keyid to authenticate the 477 encapsulator.(See Security Considerations Section) In this model, a 478 shared value is either configured or negotiated between an 479 encapsulator and decapsulator. When a decapsulator determines a 480 presented keyid is not valid for the source, the packet MUST be 481 dropped. 483 Although GRE-in-UDP encapsulation protocol uses both UDP header and 484 GRE header, it is one tunnel encapsulation protocol. GRE and UDP 485 headers MUST be applied and removed as a pair at the encapsulation 486 and decapsulation points. This specification does not support UDP 487 encapsulation of a GRE header where that GRE header is applied or 488 removed at a network node other than the UDP tunnel ingress or 489 egress. 491 4. Encapsulation Process Procedures 493 The procedures specified in this section apply to both a default 494 GRE-in-UDP tunnel and a TMCE GRE-in-UDP tunnel. 496 The GRE-in-UDP encapsulation allows encapsulated packets to be 497 forwarded through "GRE-in-UDP tunnels". The encapsulator MUST set 498 the UDP and GRE header according to Section 3. 500 Intermediate routers, upon receiving these UDP encapsulated packets, 501 could load balance these packets based on the hash of the five-tuple 502 of UDP packets. 504 Upon receiving these UDP encapsulated packets, the decapsulator 505 decapsulates them by removing the UDP and GRE headers and then 506 processes them accordingly. 508 GRE-in-UDP can encapsulate traffic with unicast, IPv4 broadcast, or 509 multicast (see requirement 3 in Section 2.1.1). However a default 510 GRE-in-UDP tunnel MUST NOT be deployed or configured to carry 511 traffic that is not congestion-controlled (See requirement 3 in 512 Section 2.1.1). Entropy may be generated from the header of 513 encapsulated packets at an encapsulator. The mapping mechanism 514 between the encapsulated multicast traffic and the multicast 515 capability in the IP network is transparent and independent of the 516 encapsulation and is otherwise outside the scope of this document. 518 To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep- 519 alive. It is RECOMMENED not to use GRE keep-alive in the GRE-in-UDP 520 tunnel. This aligns with middlebox traversal guidelines in Section 521 3.5 of [RFC5405bis]. 523 4.1. MTU and Fragmentation 525 Regarding packet fragmentation, an encapsulator/decapsulator SHOULD 526 perform fragmentation before the encapsulation. The size of 527 fragments SHOULD be less or equal to the Path MTU (PMTU) associated 528 with the path between the GRE ingress and the GRE egress tunnel 529 endpoints minus the GRE and UDP overhead, assuming the egress MTU 530 for reassembled packets is larger than PMTU. When applying payload 531 fragmentation, the UDP checksum MUST be used so that the receiving 532 endpoint can validate reassembly of the fragments; the same source 533 UDP port SHOULD be used for all packet fragments to ensure the 534 transit routers will forward the fragments on the same path. 536 If the operator of the transit network supporting the tunnel is able 537 to control the payload MTU size, the MTU SHOULD be configured to 538 avoid fragmentation, i.e., sufficient for the largest supported size 539 of packet, including all additional bytes introduced by the tunnel 540 overhead [RFC5405bis]. 542 4.2. Differentiated Services and ECN Marking 544 To ensure that tunneled traffic receives the same treatment over the 545 IP network as traffic that is not tunneled, prior to the 546 encapsulation process, an encapsulator processes the tunneled IP 547 packet headers to retrieve appropriate parameters for the 548 encapsulating IP packet header such as DiffServ [RFC2983]. 549 Encapsulation end points that support Explicit Congestion 550 Notification (ECN) must use the method described in [RFC6040] for 551 ECN marking propagation. The congestion control process is outside 552 of the scope of this document. 554 Additional information on IP header processing is provided in 555 Section 3.1. 557 5. Use of DTLS 559 Datagram Transport Layer Security (DTLS) [RFC6347] can be used for 560 application security and can preserve network and transport layer 561 protocol information. Specifically, if DTLS is used to secure the 562 GRE-in-UDP tunnel, the destination port of the UDP header MUST be 563 set to an IANA-assigned value (TBD2) indicating GRE-in-UDP with DTLS, 564 and that UDP port MUST NOT be used for other traffic. The UDP source 565 port field can still be used to add entropy, e.g., for load-sharing 566 purposes. DTLS applies to a default GRE-in-UDP tunnel and a TMCE 567 GRE-in-UDP tunnel. 569 Use of DTLS is limited to a single DTLS session for any specific 570 tunnel encapsulator/decapsulator pair (identified by source and 571 destination IP addresses). Both IP addresses MUST be unicast 572 addresses - multicast traffic is not supported when DTLS is used. A 573 GRE-in-UDP tunnel decapsulator that supports DTLS is expected to be 574 able to establish DTLS sessions with multiple tunnel encapsulators, 575 and likewise a GRE-in-UDP tunnel encapsulator is expected to be able 576 to establish DTLS sessions with multiple decapsulators. Different 577 source and/or destination IP addresses will be involved (see Section 578 6.2) for discussion of one situation where use of different source 579 IP addresses is important. 581 When DTLS is used for a GRE-in-UDP tunnel, if a packet is received 582 from the tunnel and that packet is not protected by the DTLS session 583 or part of DTLS negotiation (e.g., a DTLS handshake message 584 [RFC6347]), the tunnel receiver MUST discard that packet and SHOULD 585 log that discard event and information about the discarded packet. 587 DTLS SHOULD be used for a GRE-in-UDP tunnel to meet security 588 requirements of the original traffic that is delivered by a GRE-in- 589 UDP tunnel. There are cases where no additional security is required, 590 e.g., the traffic to be encapsulated is already encrypted or the 591 tunnel is deployed within an operationally secured network. Use of 592 DTLS for a GRE-in-UDP tunnel requires both tunnel endpoints to 593 configure use of DTLS. 595 6. UDP Checksum Handling 597 6.1. UDP Checksum with IPv4 599 For UDP in IPv4, when a non-zero UDP checksum is used, the UDP 600 checksum MUST be processed as specified in [RFC768] and [RFC1122] 601 for both transmit and receive. The IPv4 header includes a checksum 602 that protects against mis-delivery of the packet due to corruption 603 of IP addresses. The UDP checksum potentially provides protection 604 against corruption of the UDP header, GRE header, and GRE payload. 605 Disabling the use of checksums is a deployment consideration that 606 should take into account the risk and effects of packet corruption. 608 When a decapsulator receives a packet, the UDP checksum field MUST 609 be processed. If the UDP checksum is non-zero, the decapsulator MUST 610 verify the checksum before accepting the packet. By default a 611 decapsulator SHOULD accept UDP packets with a zero checksum. A node 612 MAY be configured to disallow zero checksums per [RFC1122]; this may 613 be done selectively, for instance disallowing zero checksums from 614 certain hosts that are known to be sending over paths subject to 615 packet corruption. If verification of a non-zero checksum fails, a 616 decapsulator lacks the capability to verify a non-zero checksum, or 617 a packet with a zero-checksum was received and the decapsulator is 618 configured to disallow, the packet MUST be dropped and an event MAY 619 be logged. 621 6.2. UDP Checksum with IPv6 623 For UDP in IPv6, the UDP checksum MUST be processed as specified in 624 [RFC768] and [RFC2460] for both transmit and receive. 626 When UDP is used over IPv6, the UDP checksum is relied upon to 627 protect both the IPv6 and UDP headers from corruption. As such, A 628 default GRE-in-UDP Tunnel MUST perform UDP checksum; A TMCE GRE-in- 629 UDP Tunnel MAY be configured with the UDP zero-checksum mode if the 630 traffic-managed controlled environment or a set of closely 631 cooperating traffic-managed controlled environments (such as by 632 network operators who have agreed to work together in order to 633 jointly provide specific services) meet at least one of following 634 conditions: 636 a. It is known (perhaps through knowledge of equipment types and 637 lower layer checks) that packet corruption is exceptionally 638 unlikely and where the operator is willing to take the risk of 639 undetected packet corruption. 641 b. It is judged through observational measurements (perhaps of 642 historic or current traffic flows that use a non-zero checksum) 643 that the level of packet corruption is tolerably low and where 644 the operator is willing to take the risk of undetected packet 645 corruption. 647 c. Carrying applications that are tolerant of mis-delivered or 648 corrupted packets (perhaps through higher layer checksum, 649 validation, and retransmission or transmission redundancy) where 650 the operator is willing to rely on the applications using the 651 tunnel to survive any corrupt packets. 653 The following requirements apply to a TMCE GRE-in-UDP tunnel that 654 uses UDP zero-checksum mode: 656 a. Use of the UDP checksum with IPv6 MUST be the default 657 configuration of all GRE-in-UDP tunnels. 659 b. The GRE-in-UDP tunnel implementation MUST comply with all 660 requirements specified in Section 4 of [RFC6936] and with 661 requirement 1 specified in Section 5 of [RFC6936]. 663 c. The tunnel decapsulator SHOULD only allow the use of UDP zero- 664 checksum mode for IPv6 on a single received UDP Destination 665 Port regardless of the encapsulator. The motivation for this 666 requirement is possible corruption of the UDP Destination Port, 667 which may cause packet delivery to the wrong UDP port. If that 668 other UDP port requires the UDP checksum, the mis-delivered 669 packet will be discarded. 671 d. It is RECOMMENDED that the UDP zero-checksum mode for IPv6 is 672 only enabled for certain selected source addresses. The tunnel 673 decapsulator MUST check that the source and destination IPv6 674 addresses are valid for the GRE-in-UDP tunnel on which the 675 packet was received if that tunnel uses UDP zero-checksum mode 676 and discard any packet for which this check fails. 678 e. The tunnel encapsulator SHOULD use different IPv6 addresses for 679 each GRE-in-UDP tunnel that uses UDP zero-checksum mode 680 regardless of the decapsulator in order to strengthen the 681 decapsulator's check of the IPv6 source address (i.e., the same 682 IPv6 source address SHOULD NOT be used with more than one IPv6 683 destination address, independent of whether that destination 684 address is a unicast or multicast address). When this is not 685 possible, it is RECOMMENDED to use each source IPv6 address for 686 as few UDP zero-checksum mode GRE-in-UDP tunnels as is feasible. 688 f. When any middlebox exists on the path of a GRE-in-UDP tunnel, 689 it is RECOMMENDED to use the default mode, i.e. use UDP 690 checksum, to reduce the chance that the encapsulated packets 691 will be dropped. 693 g. Any middlebox that allows the UDP zero-checksum mode for IPv6 694 MUST comply with requirement 1 and 8-10 in Section 5 of 695 [RFC6936]. 697 h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP 698 checksums from "escaping" to the general Internet; see Section 699 8 for examples of such measures. 701 i. IPv6 traffic with zero UDP checksums MUST be actively monitored 702 for errors by the network operator. For example, the operator 703 may monitor Ethernet layer packet error rates. 705 j. If a packet with a non-zero checksum is received, the checksum 706 MUST be verified before accepting the packet. This is 707 regardless of whether the tunnel encapsulator and decapsulator 708 have been configured with UDP zero-checksum mode. 710 The above requirements do not change either the requirements 711 specified in [RFC2460] as modified by [RFC6935] or the requirements 712 specified in [RFC6936]. 714 The requirement to check the source IPv6 address in addition to the 715 destination IPv6 address, plus the strong recommendation against 716 reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively 717 provide some mitigation for the absence of UDP checksum coverage of 718 the IPv6 header. A traffic-managed controlled environment that 719 satisfies at least one of three conditions listed at the beginning 720 of this section provides additional assurance. 722 A GRE-in-UDP tunnel is suitable for transmission over lower layers 723 in the traffic-managed controlled environments that are allowed by 724 the exceptions stated above and the rate of corruption of the inner 725 IP packet on such networks is not expected to increase by comparison 726 to GRE traffic that is not encapsulated in UDP. For these reasons, 727 GRE-in-UDP does not provide an additional integrity check except 728 when GRE checksum is used when UDP zero-checksum mode is used with 729 IPv6, and this design is in accordance with requirements 2, 3 and 5 730 specified in Section 5 of [RFC6936]. 732 Generic Router Encapsulation (GRE) does not accumulate incorrect 733 transport layer state as a consequence of GRE header corruption. A 734 corrupt GRE packet may result in either packet discard or forwarding 735 of the packet without accumulation of GRE state. Active monitoring 736 of GRE-in-UDP traffic for errors is REQUIRED as occurrence of errors 737 will result in some accumulation of error information outside the 738 protocol for operational and management purposes. This design is in 739 accordance with requirement 4 specified in Section 5 of [RFC6936]. 741 The remaining requirements specified in Section 5 of [RFC6936] are 742 not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply 743 because GRE does not include a control feedback mechanism. 744 Requirements 8-10 are middlebox requirements that do not apply to 745 GRE-in-UDP tunnel endpoints (see Section 7.1 for further middlebox 746 discussion). 748 It is worth mentioning that the use of a zero UDP checksum should 749 present the equivalent risk of undetected packet corruption when 750 sending similar packet using GRE-in-IPv6 without UDP [RFC7676] and 751 without GRE checksums. 753 In summary, a TMCE GRE-in-UDP Tunnel is allowed to use UDP-zero- 754 checksum mode for IPv6 when the conditions and requirements stated 755 above are met. Otherwise the UDP checksum need to be used for IPv6 756 as specified in [RFC768] and [RFC2460]. Use of GRE checksum is 757 RECOMMENED when the UDP checksum is not used. 759 7. Middlebox Considerations 761 Many middleboxes read or update UDP port information of the packets 762 that they forward. Network Address/Port Translator (NAPT) is the 763 most commonly deployed Network Address Translation (NAT) device 764 [RFC4787]. An NAPT device establishes a NAT session to translate the 765 {private IP address, private source port number} tuple to a {public 766 IP address, public source port number} tuple, and vice versa, for 767 the duration of the UDP session. This provides a UDP application 768 with the "NAT-pass-through" function. NAPT allows multiple internal 769 hosts to share a single public IP address. The port number, i.e., 770 the UDP Source Port number, is used as the demultiplexer of the 771 multiple internal hosts. However, the above NAPT behaviors conflict 772 with the behavior a GRE-in-UDP tunnel that is configured to use the 773 UDP source port value to provide entropy. 775 A GRE-in-UDP tunnel is unidirectional; the tunnel traffic is not 776 expected to be returned back to the UDP source port values used to 777 generate entropy. However some middleboxes (e.g., firewall) assume 778 that bidirectional traffic uses a common pair of UDP ports. This 779 assumption also conflicts with the use of the UDP source port field 780 as entropy. 782 Hence, use of the UDP source port for entropy may impact middleboxes 783 behavior. If a GRE-in-UDP tunnel is expected to be used on a path 784 with a middlebox, the tunnel can be configured to either disable use 785 of the UDP source port for entropy or to configure middleboxes to 786 pass packets with UDP source port entropy. 788 7.1. Middlebox Considerations for Zero Checksums 790 IPv6 datagrams with a zero UDP checksum will not be passed by any 791 middlebox that updates the UDP checksum field or simply validates 792 the checksum based on [RFC2460], such as firewalls. Changing this 793 behavior would require such middleboxes to be updated to correctly 794 handle datagrams with zero UDP checksums. The GRE-in-UDP 795 encapsulation does not provide a mechanism to safely fall back to 796 using a checksum when a path change occurs redirecting a tunnel over 797 a path that includes a middlebox that discards IPv6 datagrams with a 798 zero UDP checksum. In this case the GRE-in-UDP tunnel will be black- 799 holed by that middlebox. 801 As such, when any middlebox exists on the path of GRE-in-UDP tunnel, 802 use of the UDP checksum is RECOMMENDED to increase the probability 803 of successful transmission of GRE-in-UDP packets. Recommended 804 changes to allow firewalls and other middleboxes to support use of 805 an IPv6 zero UDP checksum are described in Section 5 of [RFC6936]. 807 8. Congestion Considerations 809 Section 3.1.9 of [RFC5405bis] discusses the congestion 810 considerations for design and use of UDP tunnels; this is important 811 because other flows could share the path with one or more UDP 812 tunnels, necessitating congestion control [RFC2914] to avoid 813 distractive interference. 815 Congestion has potential impacts both on the rest of the network 816 containing a UDP tunnel, and on the traffic flows using the UDP 817 tunnels. These impacts depend upon what sort of traffic is carried 818 over the tunnel, as well as the path of the tunnel. The GRE-in-UDP 819 tunnel protocol does not provide any congestion control and GRE-in- 820 UDP packets are regular UDP packets. Therefore, a GRE-in-UDP tunnel 821 MUST NOT be deployed to carry non-congestion controlled traffic over 822 the Internet [RFC5405bis]. 824 Within a TMCE network, GRE-in-UDP tunnels are appropriate for 825 carrying traffic that is not known to be congestion controlled. For 826 example, a GRE-in-UDP tunnel may be used to carry Multiprotocol 827 Label Switching (MPLS) traffic such as pseudowires or VPNs where 828 specific bandwidth guarantees are provided to each pseudowire or VPN. 829 In such cases, operators of TMCE networks avoid congestion by 830 careful provisioning of their networks, rate limiting of user data 831 traffic, and traffic engineering according to path capacity. 833 When a GRE-in-UDP tunnel carries traffic that is not known to be 834 congestion controlled in a TMCE network, the tunnel MUST be deployed 835 entirely within that network, and measures SHOULD be taken to 836 prevent the GRE-in-UDP traffic from "escaping" the network to the 837 general Internet, e.g.: 839 o Physical or logical isolation of the links carrying GRE-in-UDP 840 from the general Internet. 842 o Deployment of packet filters that block the UDP ports assigned 843 for GRE-in-UDP. 845 o Imposition of restrictions on GRE-in-UDP traffic by software 846 tools used to set up GRE-in-UDP tunnels between specific end 847 systems (as might be used within a single data center) or by 848 tunnel ingress nodes for tunnels that don't terminate at end 849 systems. 851 9. Backward Compatibility 853 In general, tunnel ingress routers have to be upgraded in order to 854 support the encapsulations described in this document. 856 No change is required at transit routers to support forwarding of 857 the encapsulation described in this document. 859 If a tunnel endpoint (a host or router) that is intended for use as 860 a decapsulator does not support or enable the GRE-in-UDP 861 encapsulation described in this document, that endpoint will not 862 listen on the destination port assigned to the GRE-encapsulation 863 (TBD1 and TBD2). In these cases, the endpoint will perform normal 864 UDP processing and respond to an encapsulator with an ICMP message 865 indicating "port unreachable" according to [RFC792]. Upon receiving 866 this ICMP message, the node MUST NOT continue to use GRE-in-UDP 867 encapsulation toward this peer without management intervention. 869 10. IANA Considerations 871 IANA is requested to make the following allocations: 873 One UDP destination port number for the indication of GRE, 875 Service Name: GRE-in-UDP 876 Transport Protocol(s): UDP 877 Assignee: IESG 878 Contact: IETF Chair 879 Description: GRE-in-UDP Encapsulation 880 Reference: [This.I-D] 881 Port Number: TBD1 882 Service Code: N/A 883 Known Unauthorized Uses: N/A 884 Assignment Notes: N/A 886 Editor Note: replace "TBD1" in section 3 and 9 with IANA assigned 887 number. 889 One UDP destination port number for the indication of GRE with DTLS, 891 Service Name: GRE-UDP-DTLS 892 Transport Protocol(s): UDP 893 Assignee: IESG 894 Contact: IETF Chair 895 Description: GRE-in-UDP Encapsulation with DTLS 896 Reference: [This.I-D] 897 Port Number: TBD2 898 Service Code: N/A 899 Known Unauthorized Uses: N/A 900 Assignment Notes: N/A 902 Editor Note: replace "TBD2" in section 3, 5, and 9 with IANA 903 assigned number. 905 11. Security Considerations 907 GRE-in-UDP encapsulation does not affect security for the payload 908 protocol. The security considerations for GRE apply to GRE-in-UDP, 909 see [RFC2784]. 911 To secure traffic carried by a GRE-in-UDP tunnel, DTLS SHOULD be 912 used as specified in Section 5. 914 In the case that UDP source port for entropy usage is disabled, a 915 random port SHOULD be selected in order to minimize the 916 vulnerability to off-path attacks [RFC6056]. The random port may 917 also be periodically changed to mitigate certain denial of service 918 attacks as mentioned in Section 3.2.1. 920 Using one standardized value as the UDP destination port to indicate 921 an encapsulation may increase the vulnerability of off-path attack. 922 To overcome this, an alternate port may be agreed upon to use 923 between an encapsulator and decapsulator [RFC6056]. How the 924 encapsulator end points communicate the value is outside scope of 925 this document. 927 This document does not require that a decapsulator validates the IP 928 source address of the tunneled packets (with the exception that the 929 IPv6 source address MUST be validated when UDP zero-checksum mode is 930 used with IPv6), but it should be understood that failure to do so 931 presupposes that there is effective destination-based (or a 932 combination of source-based and destination-based) filtering at the 933 boundaries. 935 Corruption of GRE headers can cause security concerns for 936 applications that rely on the GRE key field for traffic separation 937 or segregation. When the GRE key field is used for this purpose such 938 as an application of a Network Virtualization Using Generic Routing 939 Encapsulation (NVGRE) [RFC7637], GRE header corruption is a concern. 940 In such situations, at least one of the UDP and GRE checksums MUST 941 be used for both IPv4 and IPv6 GRE-in-UDP tunnels. 943 12. Acknowledgements 945 Authors like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger 946 Geib, Lars Eggert, Lloyd Wood, Bob Briscoe, Rick Casarez, Jouni 947 Korhonen, Kathleen Moriarty, Ben Campbell, and many others for their 948 review and valuable input on this draft. 950 Thank Donald Eastlake, Eliot Lear, Martin Stiemerling, and Spencer 951 Dawkins for their detail reviews and valuable suggestions in WGLC 952 and IESG process. 954 Thank the design team led by David Black (members: Ross Callon, 955 Gorry Fairhurst, Xiaohu Xu, Lucy Yong) to efficiently work out the 956 descriptions for the congestion considerations and IPv6 UDP zero 957 checksum. 959 Thank David Black and Gorry Fairhurst for their great help in 960 document content and editing. 962 13. Contributors 964 The following people all contributed significantly to this document 965 and are listed below in alphabetical order: 967 David Black 968 EMC Corporation 969 176 South Street 970 Hopkinton, MA 01748 971 USA 973 Email: david.black@emc.com 975 Ross Callon 976 Juniper Networks 977 10 Technology Park Drive 978 Westford, MA 01886 979 USA 981 Email: rcallon@juniper.net 983 John E. Drake 984 Juniper Networks 986 Email: jdrake@juniper.net 988 Gorry Fairhurst 989 University of Aberdeen 991 Email: gorry@erg.abdn.ac.uk 992 Yongbing Fan 993 China Telecom 994 Guangzhou, China. 995 Phone: +86 20 38639121 997 Email: fanyb@gsta.com 999 Adrian Farrel 1000 Juniper Networks 1002 Email: adrian@olddog.co.uk 1004 Vishwas Manral 1005 Hewlett-Packard Corp. 1006 3000 Hanover St, Palo Alto. 1008 Email: vishwas.manral@hp.com 1010 Carlos Pignataro 1011 Cisco Systems 1012 7200-12 Kit Creek Road 1013 Research Triangle Park, NC 27709 USA 1015 Email: cpignata@cisco.com 1017 14. References 1019 14.1. Normative References 1021 [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 1022 August 1980. 1024 [RFC1122] Braden, R., "Requirements for Internet Hosts -- 1025 Communication Layers", RFC1122, October 1989. 1027 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1028 Requirement Levels", BCP 14, RFC2119, March 1997. 1030 [RFC2474] Nichols K., Blake S., Baker F., Black D., "Definition of 1031 the Differentiated Services Field (DS Field) in the IPv4 1032 and IPv6 Headers", December 1998. 1034 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 1035 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 1036 March 2000. 1038 [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", 1039 RFC2890, September 2000. 1041 [RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for 1042 Application Designers", draft-ietf-tsvwg-rfc5405bis, work 1043 in progress. 1045 [RFC6040] Briscoe, B., "Tunneling of Explicit Congestion 1046 Notification", RFC6040, November 2010. 1048 [RFC6347] Rescoria, E., Modadugu, N., "Datagram Transport Layer 1049 Security Version 1.2", RFC6347, 2012. 1051 [RFC6438] Carpenter, B., Amante, S., "Using the IPv6 Flow Label for 1052 Equal Cost Multipath Routing and Link Aggregation in 1053 tunnels", RFC6438, November, 2011. 1055 [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and 1056 UDP Checksums for Tunneled Packets", RFC 6935, April 2013. 1058 [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement 1059 for the Use of IPv6 UDP Datagrams with Zero Checksums", 1060 RFC 6936, April 2013. 1062 14.2. Informative References 1064 [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 1065 792, September 1981. 1067 [RFC793] DARPA, "Transmission Control Protocol", RFC793, September 1068 1981. 1070 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1071 (IPv6) Specification", RFC 2460, December 1998. 1073 [RFC2914] Floyd, S., "Congestion Control Principles", RFC2914, 1074 September 2000. 1076 [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC2983, 1077 October 2000. 1079 [RFC4787] Audet, F., et al, "network Address Translation (NAT) 1080 Behavioral Requirements for Unicast UDP", RFC4787, January 1081 2007. 1083 [RFC6056] Larsen, M. and Gont, F., "Recommendations for Transport- 1084 Protocol Port Randomization", RFC6056, January 2011. 1086 [RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for 1087 Equal Cost Multipath Routing and Link Aggregation in 1088 Tunnels", RFC6438, November 2011. 1090 [RFC7042] Eastlake 3rd, D. and Abley, J., "IANA Considerations and 1091 IETF Protocol and Documentation Usage for IEEE 802 1092 Parameter", RFC7042, October 2013. 1094 [RFC7637] Garg, P. and Wang, Y., "NVGRE: Network Virtualization 1095 Using Generic Routing Encapsulation", RFC7637, September 1096 2015. 1098 [RFC7676] Pignataro, C., Bonica, R., Krishnan, S., "IPv6 Support for 1099 Generic Routing Encapsulation (GRE)", RFC7676, October 1100 2015. 1102 15. Authors' Addresses 1104 Lucy Yong 1105 Huawei Technologies, USA 1107 Email: lucy.yong@huawei.com 1109 Edward Crabbe 1110 Oracle 1112 Email: edward.crabbe@gmail.com 1114 Xiaohu Xu 1115 Huawei Technologies, 1116 Beijing, China 1118 Email: xuxiaohu@huawei.com 1120 Tom Herbert 1121 Facebook 1122 1 Hacker Way 1123 Menlo Park, CA 1124 Email : tom@herbertland.com