Network Working Group Lucy Yong(Ed.) Internet-DraftInternet Engineering Task Force (IETF) L. Yong, Ed. Request for Comments: 8086 Huawei TechnologiesIntended status: StandardCategory: Standards Track E. Crabbe ISSN: 2070-1721 Oracle X. Xu Huawei Technologies T. Herbert FacebookExpires:February 2017September 30, 2016GRE-in-UDP Encapsulationdraft-ietf-tsvwg-gre-in-udp-encap-19Abstract This document specifies a method of encapsulating network protocolpacketpackets within GRE and UDP headers. This GRE-in-UDP encapsulation allows the UDP source port field to be used as an entropy field. This may be used forload balancingload-balancing of GRE traffic in transit networks using existingECMPEqual-Cost Multipath (ECMP) mechanisms. There are two applicability scenarios for GRE-in-UDP with different requirements: (1) generalInternet;Internet and (2) a traffic-managed controlled environment. The controlled environment has less restrictive requirements than the general Internet. Status of ThisDocumentMemo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 30,2017.http://www.rfc-editor.org/info/rfc8086. Copyright Notice Copyright (c)20162017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1.Introduction...................................................3Introduction ....................................................4 1.1.Terminology...............................................4Terminology ................................................5 1.2. RequirementsLanguage.....................................5Language ......................................5 2. ApplicabilityStatement........................................5Statement .........................................6 2.1. GRE-in-UDP TunnelRequirements............................6Requirements .............................6 2.1.1. Requirements for Default GRE-in-UDPTunnel...........6Tunnel ..........7 2.1.2. Requirements for TMCE GRE-in-UDPTunnel..............7Tunnel .............8 3. GRE-in-UDPEncapsulation.......................................7Encapsulation ........................................9 3.1. IPHeader................................................10Header .................................................11 3.2. UDPHeader...............................................10Header ................................................11 3.2.1. SourcePort.........................................10Port ........................................11 3.2.2. DestinationPort....................................11Port ...................................11 3.2.3.Checksum............................................11Checksum ...........................................12 3.2.4.Length..............................................11Length .............................................12 3.3. GREHeader...............................................11Header ................................................12 4. EncapsulationProcess Procedures..............................12Procedures .......................................13 4.1. MTU andFragmentation....................................12Fragmentation .....................................13 4.2. Differentiated Services and ECNMarking..................13Marking ...................14 5. Use ofDTLS...................................................13DTLS ....................................................14 6. UDP ChecksumHandling.........................................14Handling ..........................................15 6.1. UDP Checksum withIPv4...................................14IPv4 ....................................15 6.2. UDP Checksum withIPv6...................................14IPv6 ....................................15 7. MiddleboxConsiderations......................................17Considerations .......................................18 7.1. Middlebox Considerations for ZeroChecksums..............18Checksums ...............19 8. CongestionConsiderations.....................................18Considerations ......................................19 9. BackwardCompatibility........................................19Compatibility .........................................20 10. IANAConsiderations..........................................20Considerations ...........................................21 11. SecurityConsiderations......................................21Considerations .......................................21 12.Acknowledgements.............................................21 13. Contributors.................................................22 14. References...................................................23 14.1.References ....................................................22 12.1. NormativeReferences....................................23 14.2.References .....................................22 12.2. InformativeReferences..................................24 15.References ...................................23 Acknowledgements ..................................................25 Contributors ......................................................25 Authors'Addresses...........................................25Addresses ................................................27 1. Introduction This document specifies a generic GRE-in-UDP encapsulation for tunneling network protocol packets across an IP network based on Generic Routing Encapsulation (GRE)[RFC2784][RFC7676][RFC2784] [RFC7676] and User DatagramProtocol(UDP)Protocol (UDP) [RFC768] headers. The GRE header indicates the payload protocol type via an EtherType [RFC7042] in the protocol type field, and the source port field in the UDP header may be used to provide additional entropy. A GRE-in-UDP tunnel offers the possibility of better performance forload balancingload-balancing GRE traffic in transit networks using existing Equal- CostMulti-PathMultipath (ECMP) mechanisms that use a hash of the five-tuple of source IP address, destination IP address, UDP/TCP source port, UDP/TCP destinationport.port, and protocol number. While such hashing distributes UDP andTransmission Control Protocol (TCP)[RFC793]TCP [RFC793] traffic between a common pair of IP addresses across paths, it uses a single path for corresponding GRE traffic because only the two IP addresses andprotocol/next header fieldsthe Protocol or Next Header field participate in the ECMP hash. Encapsulating GRE in UDP enables use of the UDP source port to provide entropy to ECMP hashing. In addition, GRE-in-UDP enables extending use of GRE across networks that otherwise disallow it; for example, GRE-in-UDP may be used to bridge two islands where GRE is not supported natively across the middleboxes. GRE-in-UDP encapsulation may be used to encapsulate already tunneled traffic, i.e.,tunnel-in-tunnel.tunnel-in-tunnel traffic. In this case, GRE-in-UDP tunnels treat the endpoints of the outer tunnel as the end hosts; the presence of an inner tunnel does not change the outer tunnel's handling of network traffic. A GRE-in-UDP tunnel is capable of carrying arbitrary traffic and behaves as a UDP application on an IP network. However, a GRE-in-UDP tunnel carrying certain types of traffic does not satisfy the requirements for UDP applications on the Internet[RFC5405bis]. GRE- in-UDP[RFC8085]. GRE-in-UDP tunnels that do not satisfy these requirements MUST NOT be deployed to carry such traffic over the Internet. For this reason, this document specifies two deployment scenarios for GRE-in-UDP tunnels with GRE-in-UDP tunnel requirements for each of them: (1) generalInternet;Internet and (2) a traffic-managed controlled environment (TMCE).TheCompared to the general Internet scenario, the TMCE scenario has less restrictive technical requirements for the protocol but more restrictive management and operation requirements for thenetwork by comparison to the general Internet scenario.network. To provide security for traffic carried by a GRE-in-UDP tunnel, this document also specifies Datagram Transport Layer Security (DTLS) for GRE-in-UDP tunnels, which SHOULD be used when security is a concern. GRE-in-UDP encapsulation usage requires no changes to the transit IP network. ECMP hash functions in most existing IP routers may utilize and benefit from the additional entropy enabled by GRE-in-UDP tunnels without any change or upgrade to their ECMP implementation. The encapsulation mechanism is applicable to a variety of IP networks including Data Center Networks and Wide Area Networks, as well as both IPv4 and IPv6 networks. 1.1. Terminology The terms defined in [RFC768] and [RFC2784] are used in this document.FollowingBelow are additional terms used in thisdraft.document. Decapsulator: a component performing packet decapsulation at tunnel egress. ECMP: Equal-CostMulti-Path.Multipath. Encapsulator: a component performing packet encapsulation at tunnel egress. Flow Entropy: The information to be derived from traffic or applications and to be used by network devices in the ECMP process [RFC6438]. Default GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can apply to the general Internet. TMCE: ATraffic-managedtraffic-managed controlled environment,i.e.i.e., an IP network that is traffic-engineered and/or otherwise managed (e.g., via use of traffic rate limiters) to avoid congestion, as defined in Section 2. TMCE GRE-in-UDP Tunnel: A GRE-in-UDP tunnel that can only apply to a traffic-managed controlled environment that is defined in Section 2. Tunnel Egress: A tunnelend pointendpoint that performs packet decapsulation. Tunnel Ingress: A tunnelend pointendpoint that performs packet encapsulation. 1.2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Applicability Statement GRE-in-UDP encapsulation applies to IPv4 and IPv6 networks; in both cases, encapsulated packets are treated as UDP datagrams. Therefore, a GRE-in-UDP tunnel needs to meet the UDP usage requirements specified in[RFC5405bis].[RFC8085]. These requirements depend on both the delivery network and the nature of the encapsulated traffic. For example, the GRE-in-UDP tunnel protocol does not provide any congestion control functionality beyond that of the encapsulated traffic. Therefore, a GRE-in-UDP tunnel MUST be used only withcongestion controlledcongestion-controlled traffic (e.g., IP unicast traffic) and/or within a network that istraffic-managedtraffic managed to avoid congestion.[RFC5405bis][RFC8085] describes two applicability scenarios for UDP applications:1) General Internet(1) general internet and2) A(2) a controlled environment. The controlled environment means a single administrative domain or bilaterally agreed connection between domains. A network forming a controlled environment can be managed/operated to meet certainconditionsconditions, while the general Internet cannot be;thusthus, the requirements for a tunnel protocol operating under a controlled environment can be less restrictive than the requirements in the general Internet. For the purpose of this document, a traffic-managed controlled environment (TMCE) is defined as an IP network that is traffic- engineered and/or otherwise managed (e.g., via use of traffic rate limiters) to avoid congestion. This document specifies GRE-in-UDP tunnel usage in the general Internet and GRE-in-UDP tunnel usage in a traffic-managed controlled environment and uses "default GRE-in-UDP tunnel" and "TMCEGRE-in- UDPGRE-in-UDP tunnel" terms to refer to each usage. NOTE: Although this document specifies two different sets of GRE-in- UDP tunnel requirements based on tunnel usage, the tunnel implementation itself has no ability to detect how and where it is deployed.ThereforeTherefore, it is the responsibility of the user or operator who deploys a GRE-in-UDP tunnel to ensure that it meets the appropriate requirements. 2.1. GRE-in-UDP Tunnel Requirements This section statesoutthe requirements for a GRE-in-UDP tunnel. Section 2.1.1 describes the requirements for a default GRE-in-UDP tunnel that is suitable for the general Internet; Section 2.1.2 describes a set of relaxed requirements for a TMCE GRE-in-UDP tunnel used in a traffic-managed controlled environment. Both Sections 2.1.1 and 2.1.2 are applicable to an IPv4 or IPv6 delivery network. 2.1.1. Requirements for Default GRE-in-UDP Tunnel The following is a summary of the default GRE-in-UDP tunnel requirements: 1. A UDP checksum SHOULD be used when encapsulating in IPv4. 2. A UDP checksum MUST be used when encapsulating in IPv6. 3. GRE-in-UDP tunnel MUST NOT be deployed or configured to carry traffic that is not congestion controlled. As stated in[RFC5405bis],[RFC8085], IP-based unicast traffic is generally assumed to becongestion-congestion controlled, i.e., it is assumed that the transport protocols generating IP-based traffic at the sender already employ mechanisms that are sufficient to address congestion on the path. A default GRE-in-UDP tunnel is not appropriate for traffic that is not known to becongestion-controlledcongestion controlled (e.g., most IP multicast traffic). 4. UDP source port values that are used as a source of flow entropy SHOULD be chosen from the ephemeral port range (49152-65535)[RFC5405bis].[RFC8085]. 5. The use of the UDP source port MUST be configurable so that a single value can be set for all traffic within the tunnel (this disables use of the UDP source port to provide flow entropy). When a single value is set, a random port taken from the ephemeral port range SHOULD be selected in order to minimize the vulnerability to off-path attacks [RFC6056]. 6. For IPv6 delivery networks, the flow entropy SHOULD also be placed in the flow label field for ECMP per [RFC6438]. 7. At the tunnel ingress, any fragmentation of the incoming packet (e.g., because the tunnel has a Maximum Transmission Unit (MTU) that is smaller than the packet) SHOULD be performed before encapsulation. In addition, the tunnel ingress MUST apply the UDP checksum to all encapsulated fragments so that the tunnel egress can validate reassembly of the fragments; it MUST set the same Differentiated Services Code Point (DSCP) value as in the Differentiated Services (DS) field of the payload packet in all fragments [RFC2474]. To avoid unwanted forwarding over multiple paths, the same source UDP port value SHOULD be set in all packet fragments. 2.1.2. Requirements for TMCE GRE-in-UDP Tunnel The section contains the TMCE GRE-in-UDP tunnel requirements. It lists the changed requirements, compared with a Default GRE-in-UDPTunnel,tunnel, for a TMCE GRE-in-UDPTunnel,tunnel, which corresponds totherequirements 1-3 listed in Section 2.1.1. 1. A UDP checksum SHOULD be used when encapsulating in IPv4. A tunnel endpoint sending GRE-in-UDP MAY disable the UDP checksum, since GRE has been designed to work without a UDP checksum [RFC2784]. However, a checksum also offers protection frommis-deliverymisdelivery to another port. 2. Use of the UDP checksum MUST be the default when encapsulating in IPv6. This default MAY be overridden via configuration of UDPzero- checksumzero-checksum mode. All usage of UDP zero-checksum mode with IPv6 is subject to the additional requirements specified in Section 6.2. 3. A GRE-in-UDP tunnel MAY encapsulate traffic that is not congestion controlled.The requirementsRequirements 4-7 listed in Section 2.1.1 also apply to a TMCEGRE-in-UDP Tunnel.GRE-in- UDP tunnel. 3. GRE-in-UDP Encapsulation The GRE-in-UDP encapsulation format contains a UDP header [RFC768] and a GRE header [RFC2890]. The format is shown asfollows:follows (presented in bitorder)order): 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 IPv4 Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live|Protcol=17(UDP)|| Prot.=17(UDP) | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UDP Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port = Entropy Value | Dest. Port =TBD1/TBD24754/4755 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GRE Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |C| |K|S| Reserved0 | Ver | Protocol Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum (optional) | Reserved1 (Optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key (optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number (optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure1 UDP+GRE1: UDP + GRE Headers in IPv4 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 IPv6 Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | NxtHdr=17(UDP)| Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Outer Source IPv6 Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Outer Destination IPv6 Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UDP Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port = entropy value | Dest. Port =TBD1/TBD24754/4755 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GRE Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |C| |K|S| Reserved0 | Ver | Protocol Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum (optional) | Reserved1 (Optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key (optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number (optional) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure2 UDP+GRE2: UDP + GRE Headers in IPv6 The contents of the IP, UDP, and GRE headers that are relevant in this encapsulation are described below. 3.1. IP Header An encapsulator MUST encode its own IP address as the source IP address and the decapsulator's IP address as the destination IP address. A sufficiently large value is needed in the IPv4 TTL field or IPv6 Hop Count field to allow delivery of the encapsulated packet to the peer of the encapsulation. 3.2. UDP Header 3.2.1. Source Port GRE-in-UDP permits the UDP source port value to be used to encode an entropy value. The UDP source port contains a 16-bit entropy value that is generated by the encapsulator to identify a flow for the encapsulated packet. The port value SHOULD be within the ephemeral port range, i.e., 49152 to 65535, where thehigh orderhigh-order two bits of the port are set to one. This provides fourteen bits of entropy for the inner flow identifier. In the case that an encapsulator is unable to derive flow entropy from the payload header or the entropy usage has to be disabled to meet operational requirements (see Section 7), to avoid reordering with a packet flow, the encapsulator SHOULD use the same UDP source port value for all packets assigned to aflowflow, e.g., the result of an algorithm thatperformperforms a hash of the tunnel ingress and egress IP address. The source port value for a flow set by an encapsulator MAY change over the lifetime of the encapsulated flow. For instance, an encapsulator may change the assignment forDenial of Service (DOS)Denial-of-Service (DoS) mitigation or as a means to effect routing through the ECMP network. An encapsulator SHOULD NOT change the source port selected for a flow more than once every thirty seconds. An IPv6 GRE-in-UDP tunnel endpoint SHOULD copy a flow entropy value in the IPv6 flow label field (requirement 6). This permits network equipment to inspect this value and utilize it during forwarding,e.g.e.g., to perform ECMP [RFC6438]. This document places requirements on the generation of the flow entropy value[RFC5405bis][RFC8085] but does not specify the algorithm that an implementation should use to derive this value. 3.2.2. Destination Port The destination port of the UDP header is set to either GRE-in-UDP(TBD1)(4754) or GRE-UDP-DTLS(TBD2) (see(4755); see Section5).5. 3.2.3. Checksum The UDP checksum is set and processed per [RFC768] and [RFC1122] forIPv4,IPv4 and per [RFC2460] for IPv6. Requirements for checksum handling and use of zero UDP checksums are detailed in Section 6. 3.2.4. Length The usage of this field is in accordance with the current UDP specification in [RFC768]. This length will include the UDP header (eight bytes), GRE header, and the GRE payload (encapsulated packet). 3.3. GRE Header An encapsulator sets the protocol type (EtherType) of the packet being encapsulated in the GRE Protocol Type field. An encapsulator MAY set the GRE Key Present, Sequence Number Present, and Checksum Present bits and associated fields in the GRE header as defined by [RFC2784] and [RFC2890]. Usage of the reserved bits, i.e., Reserved0, is specified in [RFC2784]. The GRE checksum MAY be enabled to protect the GRE header and payload. When the UDP checksum is enabled, it protects the GRE payload, resulting in the GRE checksum being mostly redundant. Enabling both checksums may result in unnecessary processing. Since the UDP checksum covers the pseudo-header and the packet payload, including the GRE header and its payload, the UDP checksum SHOULD be used in preference tousingthe GRE checksum. An implementation MAY use the GREkeyidKey field to authenticate theencapsulator.(Seeencapsulator. (See the Security ConsiderationsSection)section.) In this model, a shared value is either configured or negotiated between an encapsulator and decapsulator. When a decapsulator determines that a presentedkeyidkey is not valid for the source, the packet MUST be dropped. Although the GRE-in-UDP encapsulation protocol uses both the UDP header and GRE header, it is one tunnel encapsulation protocol. The GRE and UDP headers MUST be applied and removed as a pair at the encapsulation and decapsulation points. This specification does not support UDP encapsulation of a GRE header where that GRE header is applied or removed at a network node other than the UDP tunnel ingress or egress. 4. EncapsulationProcessProcedures The procedures specified in this section apply to both a defaultGRE-in-UDPGRE- in-UDP tunnel and a TMCE GRE-in-UDP tunnel. The GRE-in-UDP encapsulation allows encapsulated packets to be forwarded through "GRE-in-UDP tunnels". The encapsulator MUST set the UDP and GREheaderheaders according to Section 3. Intermediate routers, upon receiving these UDP encapsulated packets, couldload balanceload-balance these packets based on the hash of the five-tuple of UDP packets. Upon receiving these UDP encapsulated packets, the decapsulator decapsulates them by removing the UDP and GRE headers and then processes them accordingly. GRE-in-UDP can encapsulate traffic with unicast, IPv4 broadcast, or multicast (see requirement 3 in Section 2.1.1).HoweverHowever, a default GRE-in-UDP tunnel MUST NOT be deployed or configured to carry traffic that is not congestion-controlled(See(see requirement 3 in Section 2.1.1). Entropy may be generated from the header of encapsulated packets at an encapsulator. The mapping mechanism between the encapsulated multicast traffic and the multicast capability in the IP network is transparent and independent of the encapsulation and is otherwise outside the scope of this document. To provide entropy for ECMP, GRE-in-UDP does not rely on GRE keep- alive. It isRECOMMENEDRECOMMENDED not to use GRE keep-alive in the GRE-in-UDP tunnel. This aligns with middlebox traversal guidelines in Section 3.5 of[RFC5405bis].[RFC8085]. 4.1. MTU and Fragmentation Regarding packet fragmentation, an encapsulator/decapsulator SHOULD perform fragmentation before the encapsulation. The size of fragments SHOULD be less than or equal to the Path MTU (PMTU) associated with the path between the GRE ingress and the GRE egress tunnel endpoints minus the GRE and UDP overhead, assuming the egress MTU for reassembled packets is larger than the PMTU. When applying payload fragmentation, the UDP checksum MUST be used so that the receiving endpoint can validate reassembly of the fragments; the same source UDP port SHOULD be used for all packet fragments to ensure the transit routers will forward the fragments on the same path. If the operator of the transit network supporting the tunnel is able to control the payload MTU size, the MTU SHOULD be configured to avoid fragmentation, i.e., sufficient for the largest supported size of packet, including all additional bytes introduced by the tunnel overhead[RFC5405bis].[RFC8085]. 4.2. Differentiated Services and ECN Marking To ensure that tunneled traffic receives the same treatment over the IP network as traffic that is not tunneled, prior to the encapsulation process, an encapsulator processes the tunneled IP packet headers to retrieve appropriate parameters for the encapsulating IP packet header such asDiffServDiffserv [RFC2983]. Encapsulationend pointsendpoints that support Explicit Congestion Notification (ECN) must use the method described in [RFC6040] for ECN marking propagation. The congestion control process is outside of the scope of this document. Additional information on IP header processing is provided in Section 3.1. 5. Use of DTLS Datagram Transport Layer Security (DTLS) [RFC6347] can be used for application security and can preservenetworknetwork- andtransport layertransport-layer protocol information. Specifically, if DTLS is used to secure the GRE-in-UDP tunnel, the destination port of the UDP header MUST be set toanthe IANA-assigned value(TBD2)(4755) indicating GRE-in-UDP with DTLS, and that UDP port MUST NOT be used for other traffic. The UDP source port field can still be used to add entropy, e.g., for load-sharing purposes. DTLS applies to a default GRE-in-UDP tunnel and a TMCE GRE-in-UDP tunnel. Use of DTLS is limited to a single DTLS session for any specific tunnel encapsulator/decapsulator pair (identified by source and destination IP addresses). Both IP addresses MUST be unicast addresses--- multicast traffic is not supported when DTLS is used. A GRE-in-UDP tunnel decapsulator that supports DTLS is expected to be able to establish DTLS sessions with multiple tunnel encapsulators, and likewise a GRE-in-UDP tunnel encapsulator is expected to be able to establish DTLS sessions with multiple decapsulators. Different source and/or destination IP addresses will beinvolved (seeinvolved; see Section6.2)6.2 for discussion of one situation where use of different source IP addresses is important. When DTLS is used for a GRE-in-UDP tunnel, if a packet is received from the tunnel and that packet is not protected by the DTLS session or part of DTLS negotiation (e.g., a DTLS handshake message [RFC6347]), the tunnel receiver MUST discard that packet and SHOULD log that discard event and information about the discarded packet. DTLS SHOULD be used for a GRE-in-UDP tunnel to meet security requirements of the original traffic that is delivered by a GRE-in- UDP tunnel. There are cases where no additional security is required, e.g., the traffic to be encapsulated is already encrypted or the tunnel is deployed within an operationally secured network. Use of DTLS for a GRE-in-UDP tunnel requires both tunnel endpoints to configure use of DTLS. 6. UDP Checksum Handling 6.1. UDP Checksum with IPv4 For UDP in IPv4, when a non-zero UDP checksum is used, the UDP checksum MUST be processed as specified in [RFC768] and [RFC1122] for both transmit and receive. The IPv4 header includes a checksum that protects againstmis-deliverymisdelivery of the packet due to corruption of IP addresses. The UDP checksum potentially provides protection against corruption of the UDP header, GRE header, and GRE payload. Disabling the use of checksums is a deployment consideration that should take into account the risk and effects of packet corruption. When a decapsulator receives a packet, the UDP checksum field MUST be processed. If the UDP checksum is non-zero, the decapsulator MUST verify the checksum before accepting the packet. Bydefaultdefault, a decapsulator SHOULD accept UDP packets with a zero checksum. A node MAY be configured to disallow zero checksums per [RFC1122]; this may be done selectively, forinstanceinstance, disallowing zero checksums from certain hosts that are known to be sending over paths subject to packet corruption. If verification of a non-zero checksum fails, a decapsulator lacks the capability to verify a non-zero checksum, or a packet with azero-checksumzero checksum was received and the decapsulator is configured to disallow, the packet MUST be dropped and an event MAY be logged. 6.2. UDP Checksum with IPv6 For UDP in IPv6, the UDP checksum MUST be processed as specified in [RFC768] and [RFC2460] for both transmit and receive. When UDP is used over IPv6, the UDP checksum is relied upon to protect both the IPv6 and UDP headers from corruption. As such,Aa default GRE-in-UDPTunneltunnel MUST perform UDP checksum;Aa TMCE GRE-in- UDPTunneltunnel MAY be configured withtheUDP zero-checksum mode if the traffic-managed controlled environment or a set of closely cooperating traffic-managed controlled environments (such as by network operators who have agreed to work together in order to jointly provide specific services) meet at least one of the following conditions: a. It is known (perhaps through knowledge of equipment types andlower layerlower-layer checks) that packet corruption is exceptionally unlikely and where the operator is willing to take the risk of undetected packet corruption. b. It is judged through observational measurements (perhaps of historic or current traffic flows that use a non-zero checksum) that the level of packet corruption is tolerably low and where the operator is willing to take the risk of undetected packet corruption. c. Carrying applications that are tolerant ofmis-deliveredmisdelivered or corrupted packets (perhaps throughhigher layerhigher-layer checksum, validation, and retransmission or transmission redundancy) where the operator is willing to rely on the applications using the tunnel to survive any corrupt packets. The following requirements apply to a TMCE GRE-in-UDP tunnel that uses UDP zero-checksum mode: a. Use of the UDP checksum with IPv6 MUST be the default configuration of all GRE-in-UDP tunnels. b. The GRE-in-UDP tunnel implementation MUST comply with all requirements specified in Section 4 of [RFC6936] and with requirement 1 specified in Section 5 of [RFC6936]. c. The tunnel decapsulator SHOULD only allow the use of UDP zero- checksum mode for IPv6 on a single received UDP DestinationPortPort, regardless of the encapsulator. The motivation for this requirement is possible corruption of the UDP Destination Port, which may cause packet delivery to the wrong UDP port. If that other UDP port requires the UDP checksum, themis-deliveredmisdelivered packet will be discarded. d. It is RECOMMENDED that the UDP zero-checksum mode for IPv6 is only enabled for certain selected source addresses. The tunnel decapsulator MUST check that the source and destination IPv6 addresses are valid for the GRE-in-UDP tunnel on which the packet was received if that tunnel uses UDP zero-checksum mode and discard any packet for which this check fails. e. The tunnel encapsulator SHOULD use different IPv6 addresses for each GRE-in-UDP tunnel that uses UDP zero-checksummodemode, regardless of thedecapsulatordecapsulator, in order to strengthen the decapsulator's check of the IPv6 source address (i.e., the same IPv6 source address SHOULD NOT be used with more than one IPv6 destination address, independent of whether that destination address is a unicast or multicast address). When this is not possible, it is RECOMMENDED to use each source IPv6 address for as few GRE-in-UDP tunnels that use UDP zero-checksum modeGRE-in-UDP tunnelsas is feasible. f. When any middlebox exists on the path of a GRE-in-UDP tunnel, it is RECOMMENDED to use the default mode,i.e.i.e., use UDP checksum, to reduce the chance that the encapsulated packets will be dropped. g. Any middlebox that allows the UDP zero-checksum mode for IPv6 MUST comply withrequirementrequirements 1 and 8-10 in Section 5 of [RFC6936]. h. Measures SHOULD be taken to prevent IPv6 traffic with zero UDP checksums from "escaping" to the general Internet; see Section 8 for examples of such measures. i. IPv6 traffic with zero UDP checksums MUST be actively monitored for errors by the network operator. For example, the operator may monitorEthernet layerEthernet-layer packet error rates. j. If a packet with a non-zero checksum is received, the checksum MUST be verified before accepting the packet. This is regardless of whether the tunnel encapsulator and decapsulator have been configured with UDP zero-checksum mode. The above requirements do not change either the requirements specified in [RFC2460] as modified by [RFC6935] or the requirements specified in [RFC6936]. The requirement to check the source IPv6 address in addition to the destination IPv6address, plusaddress and the strong recommendation against reuse of source IPv6 addresses among GRE-in-UDP tunnels collectively provide some mitigation for the absence of UDP checksum coverage of the IPv6 header. A traffic-managed controlled environment that satisfies at least one of three conditions listed at the beginning of this section provides additional assurance. A GRE-in-UDP tunnel is suitable for transmission over lower layers in the traffic-managed controlled environments that are allowed by the exceptions statedaboveabove, and the rate of corruption of the inner IP packet on such networks is not expected to increase by comparison to GRE traffic that is not encapsulated in UDP. For these reasons,GRE-in-UDPGRE- in-UDP does not provide an additional integrity check except when GRE checksum is used when UDP zero-checksum mode is used with IPv6, and this design is in accordance with requirements 2,33, and 5 specified in Section 5 of [RFC6936]. Generic Router Encapsulation (GRE) does not accumulate incorrecttransport layertransport-layer state as a consequence of GRE header corruption. A corrupt GRE packet may result in either packet discard orforwarding of thepacket forwarding without accumulation of GRE state. Active monitoring of GRE-in-UDP traffic for errors isREQUIREDREQUIRED, as the occurrence of errors will result in some accumulation of error information outside the protocol for operational and management purposes. This design is in accordance with requirement 4 specified in Section 5 of [RFC6936]. The remaining requirements specified in Section 5 of [RFC6936] are not applicable to GRE-in-UDP. Requirements 6 and 7 do not apply because GRE does not include a control feedback mechanism. Requirements 8-10 are middlebox requirements that do not apply to GRE-in-UDP tunnelendpoints (seeendpoints. (See Section 7.1 for further middleboxdiscussion).discussion.) It is worth mentioning that the use of a zero UDP checksum should present the equivalent risk of undetected packet corruption when sending a similar packet using GRE-in-IPv6 without UDP [RFC7676] and without GRE checksums. In summary, a TMCE GRE-in-UDPTunneltunnel is allowed to useUDP-zero-UDP zero- checksum mode for IPv6 when the conditions and requirements stated above are met.OtherwiseOtherwise, the UDP checksumneedneeds to be used for IPv6 as specified in [RFC768] and [RFC2460]. Use of GRE checksum isRECOMMENEDRECOMMENDED when the UDP checksum is not used. 7. Middlebox Considerations Many middleboxes read or update UDP port information of the packets that they forward. NetworkAddress/PortAddress Port Translator (NAPT) is the most commonly deployed Network Address Translation (NAT) device [RFC4787].AnA NAPT device establishes a NAT session to translate the {private IP address, private source port number} tuple to a {public IP address, public source port number} tuple, and vice versa, for the duration of the UDP session. This provides a UDP application with the"NAT-pass-through""NAT pass-through" function. NAPT allows multiple internal hosts to share a single public IP address. The port number, i.e., the UDP Source Port number, is used as the demultiplexer of the multiple internal hosts. However, the above NAPT behaviors conflict with the behavior of a GRE-in-UDP tunnel that is configured to use the UDP source port value to provide entropy. A GRE-in-UDP tunnel is unidirectional; the tunnel traffic is not expected to be returned back to the UDP source port values used to generate entropy.HoweverHowever, some middleboxes (e.g.,firewall)firewalls) assume that bidirectional traffic uses a common pair of UDP ports. This assumption also conflicts with the use of the UDP source port field as entropy. Hence, use of the UDP source port for entropy may impactmiddleboxesmiddleboxes' behavior. If a GRE-in-UDP tunnel is expected to be used on a path with a middlebox, the tunnel can be configuredtoeither to disable use of the UDP source port for entropy or toconfigureenable middleboxes to pass packets with UDP source port entropy. 7.1. Middlebox Considerations for Zero Checksums IPv6 datagrams with a zero UDP checksum will not be passed by any middlebox that updates the UDP checksum field or simply validates the checksum based on [RFC2460], such as firewalls. Changing this behavior would require such middleboxes to be updated to correctly handle datagrams with zero UDP checksums. The GRE-in-UDP encapsulation does not provide a mechanism to safely fall back to using a checksum when a path change occursredirectingthat redirects a tunnel over a path that includes a middlebox that discards IPv6 datagrams with a zero UDP checksum. In thiscasecase, the GRE-in-UDP tunnel will beblack- holedblack-holed by that middlebox. As such, when any middlebox exists on the path of a GRE-in-UDP tunnel, use of the UDP checksum is RECOMMENDED to increase the probability of successful transmission of GRE-in-UDP packets. Recommended changes to allow firewalls and other middleboxes to support use of an IPv6 zero UDP checksum are described in Section 5 of [RFC6936]. 8. Congestion Considerations Section 3.1.9 of[RFC5405bis][RFC8085] discusses the congestion considerations for design and use of UDP tunnels; this is important because other flows could share the path with one or more UDP tunnels, necessitating congestion control [RFC2914] to avoiddistractivedestructive interference. Congestion has potential impacts both on the rest of the network containing a UDPtunnel,tunnel and on the traffic flows using the UDP tunnels. These impacts depend upon what sort of traffic is carried over the tunnel, as well as the path of the tunnel. The GRE-in-UDP tunnel protocol does not provide any congestion control and GRE-in- UDP packets are regular UDP packets. Therefore, a GRE-in-UDP tunnel MUST NOT be deployed to carrynon-congestion controllednon-congestion-controlled traffic over the Internet[RFC5405bis].[RFC8085]. Within a TMCE network, GRE-in-UDP tunnels are appropriate for carrying traffic that is not known to be congestion controlled. For example, a GRE-in-UDP tunnel may be used to carry Multiprotocol Label Switching (MPLS) traffic such as pseudowires or VPNs where specific bandwidth guarantees are provided to each pseudowire or VPN. In such cases, operators of TMCE networks avoid congestion by careful provisioning of their networks,rate limitingrate-limiting of user data traffic, and traffic engineering according to path capacity. When a GRE-in-UDP tunnel carries traffic that is not known to be congestion controlled in a TMCE network, the tunnel MUST be deployed entirely within that network, and measures SHOULD be taken to prevent the GRE-in-UDP traffic from "escaping" the network to the generalInternet, e.g.:Internet. Examples of such measures are: oPhysicalphysical or logical isolation of the links carrying GRE-in-UDP from the generalInternet.Internet, oDeploymentdeployment of packet filters that block the UDP ports assigned forGRE-in-UDP.GRE-in-UDP, and oImpositionimposition of restrictions on GRE-in-UDP traffic by software tools used to set up GRE-in-UDP tunnels between specific end systems (as might be used within a single data center) or by tunnel ingress nodes for tunnels that don't terminate at end systems. 9. Backward Compatibility In general, tunnel ingress routers have to be upgraded in order to support the encapsulations described in this document. No change is required at transit routers to support forwarding of the encapsulation described in this document. If a tunnel endpoint (a host or router) that is intended for use as a decapsulator does not support or enable the GRE-in-UDP encapsulation described in this document, that endpoint will not listen on the destination port assigned to the GRE-encapsulation(TBD1(4754 andTBD2).4755). In these cases, the endpoint will perform normal UDP processing and respond to an encapsulator with an ICMP message indicating "port unreachable" according to [RFC792]. Upon receiving this ICMP message, the node MUST NOT continue to use GRE-in-UDP encapsulation toward this peer without management intervention. 10. IANA Considerations IANAis requested to makehas allocated the followingallocations: OneUDP destination port number for the indication ofGRE,GRE: Service Name: GRE-in-UDP Transport Protocol(s): UDP Assignee: IESG <iesg@ietf.org> Contact: IETF Chair <chair@ietf.org> Description: GRE-in-UDP Encapsulation Reference:[This.I-D]RFC 8086 Port Number:TBD14754 Service Code: N/A Known Unauthorized Uses: N/A Assignment Notes: N/AEditor Note: replace "TBD1" in section 3 and 9 withIANAassigned number. Onehas allocated the following UDP destination port number for the indication of GRE withDTLS,DTLS: Service Name: GRE-UDP-DTLS Transport Protocol(s): UDP Assignee: IESG <iesg@ietf.org> Contact: IETF Chair <chair@ietf.org> Description: GRE-in-UDP Encapsulation with DTLS Reference:[This.I-D]RFC 8086 Port Number:TBD24755 Service Code: N/A Known Unauthorized Uses: N/A Assignment Notes: N/AEditor Note: replace "TBD2" in section 3, 5, and 9 with IANA assigned number.11. Security Considerations GRE-in-UDP encapsulation does not affect security for the payload protocol. The security considerations for GRE apply toGRE-in-UDP,GRE-in-UDP; see [RFC2784]. To secure traffic carried by a GRE-in-UDP tunnel, DTLS SHOULD be used as specified in Section 5. In the case that UDP source port for entropy usage is disabled, a random port taken from the ephemeral port range SHOULD be selected in order to minimize the vulnerability to off-path attacks [RFC6056]. The random port may also be periodically changed to mitigate certaindenial of serviceDoS attacks as mentioned in Section 3.2.1. Using one standardized value as the UDP destination port to indicate an encapsulation may increase the vulnerabilityofto off-pathattack.attacks. To overcome this, an alternate port may be agreed upon to use between an encapsulator and decapsulator [RFC6056]. How the encapsulatorend pointsendpoints communicate the value is outside the scope of this document. This document does not require that a decapsulatorvalidatesvalidate the IP source address of the tunneled packets (with the exception that the IPv6 source address MUST be validated when UDP zero-checksum mode is used with IPv6), but it should be understood that failure to do so presupposes that there is effective destination-based filtering (or a combination of source-based anddestination-based) filteringdestination-based filtering) at the boundaries. Corruption of GRE headers can cause security concerns for applications that rely on the GREkeyKey field for traffic separation or segregation. When the GREkeyKey field is used for thispurposepurpose, such as an application of a Network Virtualization Using Generic Routing Encapsulation (NVGRE) [RFC7637], GRE header corruption is a concern. In such situations, at least one of the UDP and GRE checksums MUST be used for both IPv4 and IPv6 GRE-in-UDP tunnels.14.12. References14.1.12.1. Normative References [RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August1980.1980, <http://www.rfc-editor.org/info/rfc768>. [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts--- Communication Layers",RFC1122,STD 3, RFC 1122, DOI 10.17487/RFC1122, October1989.1989, <http://www.rfc-editor.org/info/rfc1122>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14,RFC2119,RFC 2119, DOI 10.17487/RFC2119, March1997.1997, <http://www.rfc-editor.org/info/rfc2119>. [RFC2474]NicholsNichols, K.,BlakeBlake, S.,BakerBaker, F.,Black D.,and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, December1998.1998, <http://www.rfc-editor.org/info/rfc2474>. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, DOI 10.17487/RFC2784, March2000.2000, <http://www.rfc-editor.org/info/rfc2784>. [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",RFC2890,RFC 2890, DOI 10.17487/RFC2890, September2000. [RFC5405bis] Eggert, L., "Unicast UDP Usage Guideline for Application Designers", draft-ietf-tsvwg-rfc5405bis, work in progress.2000, <http://www.rfc-editor.org/info/rfc2890>. [RFC6040] Briscoe, B.,"Tunneling"Tunnelling of Explicit Congestion Notification",RFC6040,RFC 6040, DOI 10.17487/RFC6040, November2010.2010, <http://www.rfc-editor.org/info/rfc6040>. [RFC6347]Rescoria, E.,Rescorla, E. and N. Modadugu,N.,"Datagram Transport Layer Security Version 1.2",RFC6347, 2012.RFC 6347, DOI 10.17487/RFC6347, January 2012, <http://www.rfc-editor.org/info/rfc6347>. [RFC6438] Carpenter,B.,B. and S. Amante,S.,"Using the IPv6 Flow Label for Equal Cost Multipath Routing and Link Aggregation intunnels", RFC6438, November, 2011.Tunnels", RFC 6438, DOI 10.17487/RFC6438, November 2011, <http://www.rfc-editor.org/info/rfc6438>. [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and UDP Checksums for Tunneled Packets", RFC 6935, DOI 10.17487/RFC6935, April2013.2013, <http://www.rfc-editor.org/info/rfc6935>. [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums", RFC 6936, DOI 10.17487/RFC6936, April2013. 14.2.2013, <http://www.rfc-editor.org/info/rfc6936>. [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, February 2017, <http://www.rfc-editor.org/info/rfc8085>. 12.2. Informative References [RFC792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September1981.1981, <http://www.rfc-editor.org/info/rfc792>. [RFC793]DARPA,Postel, J., "Transmission Control Protocol",RFC793,STD 7, RFC 793, DOI 10.17487/RFC0793, September1981.1981, <http://www.rfc-editor.org/info/rfc793>. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December1998.1998, <http://www.rfc-editor.org/info/rfc2460>. [RFC2914] Floyd, S., "Congestion Control Principles",RFC2914,BCP 41, RFC 2914, DOI 10.17487/RFC2914, September2000.2000, <http://www.rfc-editor.org/info/rfc2914>. [RFC2983] Black, D., "Differentiated Services and Tunnels",RFC2983,RFC 2983, DOI 10.17487/RFC2983, October2000.2000, <http://www.rfc-editor.org/info/rfc2983>. [RFC4787] Audet, F.,et al, "networkEd., and C. Jennings, "Network Address Translation (NAT) Behavioral Requirements for Unicast UDP",RFC4787,BCP 127, RFC 4787, DOI 10.17487/RFC4787, January2007.2007, <http://www.rfc-editor.org/info/rfc4787>. [RFC6056] Larsen, M. and F. Gont,F.,"Recommendations for Transport- Protocol Port Randomization",RFC6056,BCP 156, RFC 6056, DOI 10.17487/RFC6056, January2011. [RFC6438] Carpenter, B., Amante, S., "Using the Ipv6 Flow Label for Equal Cost Multipath Routing and Link Aggregation in Tunnels", RFC6438, November 2011.2011, <http://www.rfc-editor.org/info/rfc6056>. [RFC7042] Eastlake 3rd, D. and J. Abley,J.,"IANA Considerations and IETF Protocol and Documentation Usage for IEEE 802Parameter", RFC7042,Parameters", BCP 141, RFC 7042, DOI 10.17487/RFC7042, October2013.2013, <http://www.rfc-editor.org/info/rfc7042>. [RFC7637] Garg,P.P., Ed., and Y. Wang,Y.,Ed., "NVGRE: Network Virtualization Using Generic Routing Encapsulation",RFC7637,RFC 7637, DOI 10.17487/RFC7637, September2015.2015, <http://www.rfc-editor.org/info/rfc7637>. [RFC7676] Pignataro, C., Bonica, R., and S. Krishnan,S.,"IPv6 Support for Generic Routing Encapsulation (GRE)",RFC7676,RFC 7676, DOI 10.17487/RFC7676, October2015. 12.2015, <http://www.rfc-editor.org/info/rfc7676>. AcknowledgementsAuthorsThe authors would like to thank Vivek Kumar, Ron Bonica, Joe Touch, Ruediger Geib, Lars Eggert, Lloyd Wood, Bob Briscoe, Rick Casarez, Jouni Korhonen, Kathleen Moriarty, Ben Campbell, and many others for theirreviewreviews and valuable input on thisdraft. Thankdocument. Thanks to Donald Eastlake, Eliot Lear, Martin Stiemerling, and Spencer Dawkins for theirdetaildetailed reviews and valuable suggestionsin WGLCduring WG Last Call and the IESG process.ThankThanks to the design team led by David Black (members: Ross Callon, Gorry Fairhurst, Xiaohu Xu, and Lucy Yong)tofor efficientlyworkworking out the descriptions for the congestion considerations and IPv6 UDP zero checksum.ThankThanks to David Black and Gorry Fairhurst for their great help in document content and editing.13.Contributors The following people all contributed significantly to this document and are listedbelowin alphabetical order: David Black EMC Corporation 176 South Street Hopkinton, MA 01748USAUnited States of America Email: david.black@emc.com Ross Callon Juniper Networks 10 Technology Park Drive Westford, MA 01886USAUnited States of America Email: rcallon@juniper.net John E. Drake Juniper Networks Email: jdrake@juniper.net Gorry Fairhurst University of Aberdeen Email: gorry@erg.abdn.ac.uk Yongbing Fan China TelecomGuangzhou, China.Guangzhou China Email: fanyb@gsta.com Phone: +86 20 38639121Email: fanyb@gsta.comAdrian Farrel Juniper Networks Email: adrian@olddog.co.uk Vishwas ManralHewlett-Packard Corp. 3000 Hanover St, Palo Alto.Email:vishwas.manral@hp.comvishwas@ionosnetworks.com Carlos Pignataro Cisco Systems 7200-12 Kit Creek Road Research Triangle Park, NC 27709USAUnited States of America Email: cpignata@cisco.com15.Authors' Addresses Lucy Yong Huawei Technologies, USA Email: lucy.yong@huawei.com Edward Crabbe Oracle Email: edward.crabbe@gmail.com Xiaohu Xu HuaweiTechnologies,Technologies Beijing, China Email: xuxiaohu@huawei.com Tom Herbert Facebook 1 Hacker Way Menlo Park, CAEmail :Email: tom@herbertland.com