Internet Engineering Task Force (IETF) F. Maino, Ed.Internet-DraftRequest for Comments: 9305 CiscoIntended status:Category: Standards Track J. LemonExpires: January 27, 2021 BroadcomISSN: 2070-1721 P. Agarwal Innovium D. Lewis M. Smith CiscoJuly 26, 2020 LISPOctober 2022 Locator/ID Separation Protocol (LISP) Generic Protocol Extensiondraft-ietf-lisp-gpe-19Abstract This document describes extensions to the Locator/ID Separation Protocol (LISP)Data-Plane,data plane, via changes to the LISP header, to supportmulti-protocolmultiprotocol encapsulation and allowto introducethe introduction of new protocol capabilities. Status of This Memo ThisInternet-Draftissubmitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documentsan Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF).Note that other groups may also distribute working documents as Internet-Drafts. The listIt represents the consensus ofcurrent Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents validthe IETF community. It has received public review and has been approved fora maximumpublication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 ofsix monthsRFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 27, 2021.https://www.rfc-editor.org/info/rfc9305. Copyright Notice Copyright (c)20202022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must includeSimplifiedRevised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in theSimplifiedRevised BSD License. Table of Contents 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 21.1. Conventions. . . . . . . . . . . . . . . . . . . . . . . 31.2.DefinitionDefinitions of Terms. . . . . . . . . . . . . . . . . . . 32. LISP HeaderWithoutwithout Protocol Extensions. . . . . . . . . . . 33. LISP Generic Protocol Extensionfor LISP(LISP-GPE). . . . . . . 44. Implementation and Deployment Considerations. . . . . . . . 64.1. Applicability Statement. . . . . . . . . . . . . . . . . 64.2.Congestion ControlCongestion-Control Functionality. . . . . . . . . . . . 74.3. UDP Checksum. . . . . . . . . . . . . . . . . . . . . . 84.3.1. UDP Zero Checksum Handling with IPv6. . . . . . . . 84.4. DSCP, ECN, TTL, and 802.1Q. . . . . . . . . . . . . . . 105. Backward Compatibility. . . . . . . . . . . . . . . . . . . 115.1. Detection of ETR Capabilities. . . . . . . . . . . . . . 116. IANA Considerations. . . . . . . . . . . . . . . . . . . . . 116.1. LISP-GPE Next Protocol Registry. . . . . . . . . . . . . 117. Security Considerations. . . . . . . . . . . . . . . . . . . 128.Acknowledgements and Contributors . . . . . . . . . . . . . . 12 9.References. . . . . . . . . . . . . . . . . . . . . . . . . 13 9.1.8.1. Normative References. . . . . . . . . . . . . . . . . . 13 9.2.8.2. Informative References. . . . . . . . . . . . . . . . . 14Acknowledgments Contributors Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . 161. Introduction The LISPData-Planedata plane is defined in[I-D.ietf-lisp-rfc6830bis].[RFC9300]. It specifies an encapsulation format that carries IPv4 or IPv6 packets (henceforth jointly referred to as IP) in a LISP header and outer UDP/IP transport. The LISPData-Planedata plane header does not specify the protocol being encapsulatedand thereforeand, therefore, is currently limited to encapsulating only IP packet payloads. Other protocols, most notably the Virtual eXtensible Local Area Network (VXLAN) protocol [RFC7348] (which defines asimilarheader format similar to LISP), are used to encapsulateLayer-2Layer 2 (L2)protocolsprotocols, such as Ethernet. This document defines an extension for the LISP header, as defined in[I-D.ietf-lisp-rfc6830bis],[RFC9300], to indicate the inner protocol, enabling the encapsulation of Ethernet,IPIP, or any other desiredprotocolprotocol, all the while ensuring compatibility with existing LISP deployments. A flag in the LISPheader, calledheader -- theP-bit,P-bit -- is used to signal the presence of the 8-bitNext Protocol'Next Protocol' field. TheNext Protocol'Next Protocol' field, when present, uses 8 bits of the field that was allocated to theecho-noncingEcho-Noncing andmap-versioningMap-Versioning features in[I-D.ietf-lisp-rfc6830bis].[RFC9300]. Those two features are no longer available when the P-bit is used. However, appropriateLISP-GPE (LISPLISP Generic ProtocolExtension)Extension (LISP-GPE) shim headers can be defined to specify capabilities that are equivalent toecho-noncingEcho- Noncing and/ormap- versioning.Map-Versioning. Since all of the reserved bits of the LISPData-Planedata plane header have been allocated, LISP-GPE can also be used to extend the LISPData- Planedata plane header by defining Next Protocol"shim"shim headers thatimplementsimplement new data plane functions not supported in the LISP header. For example, the use of the Group-Based Policy (GBP) header[I-D.lemon-vxlan-lisp-gpe-gbp][VXLAN-LISP] or of theIn-situIn situ Operations, Administration, and Maintenance (IOAM) header[I-D.brockners-ippm-ioam-vxlan-gpe][VXLAN-GPE] withLISP-GPE,LISP-GPE can be considered an extension to add support in theData-Planedata plane forGroup-Based PolicyGBP functionalities or IOAM metadata. 1.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2.DefinitionDefinitions of Terms This document uses terms already defined in[I-D.ietf-lisp-rfc6830bis].[RFC9300]. 2. LISP HeaderWithoutwithout Protocol Extensions As described in Section 1, the LISP header has no protocol identifier that indicates the type of payload being carried. Because of this, LISP is limited to carrying IP payloads. The LISP header[I-D.ietf-lisp-rfc6830bis][RFC9300] contains a series of flags (some defined, some reserved), aNonce/Map-version field'Nonce/Map-Version' field, and aninstance ID/Locator-status-bit'Instance ID/ Locator-Status-Bits' field. The flags provide flexibility to define how the various fields are encoded. Notably, Flag bit 5 is the last reserved bit in the LISP header. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|R|K|K| Nonce/Map-Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: LISP Header 3. LISP Generic Protocol Extensionfor LISP(LISP-GPE) This document defines two changes to the LISP header in order to supportmulti-protocolmultiprotocol encapsulation: the introduction of the P-bit and the definition of aNext Protocol'Next Protocol' field. This document specifies the protocol behavior when the P-bit is set to1,1; no changes are introduced when the P-bit is set to 0. The LISP-GPE header is shown in Figure 2 and described below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|P|K|K| Nonce/Map-Version/Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: LISP-GPE Header P-Bit: Flag bit 5 is defined as the Next Protocol bit. The P-bit is set to 1 to indicate the presence of the8 bit Next Protocol8-bit 'Next Protocol' field. If the P-bit is clear(0)(0), the LISP header is bit-by-bit equivalent to the definition in[I-D.ietf-lisp-rfc6830bis].[RFC9300]. When the P-bit is set to 1, bits N, E, and V, and bits 8-23 of the 'Nonce/Map-Version/Next Protocol' field MUST be set to zero on transmission and MUST be ignored on receipt. Features equivalent to those that were implemented with bitsN,EN, E, and V in[I-D.ietf-lisp-rfc6830bis],[RFC9300], such asecho-noncingEcho-Noncing andmap- versioning,Map-Versioning, can be implemented by defining appropriate LISP-GPE shim headers. When the P-bit is set to 1, the LISP-GPE header is encoded as: 0 x 0 0 x 1 x x +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|P|K|K| 0x0000 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: LISP-GPE with P-bitsetSet to 1 Next Protocol: When the P-bit is set to 1, the lower 8 bits of the first 32-bit word are used to carry a Next Protocol. ThisNext Protocol'Next Protocol' field contains the protocol of the encapsulated payload packet. This document defines the following Next Protocol values:0x00 :0x00: Reserved0x01 :0x01: IPv40x02 :0x02: IPv60x03 :0x03: Ethernet0x04 :0x04: Network Service Header (NSH) [RFC8300] 0x05 to 0x7D: Unassigned0x7E,0x7E and 0x7F: Experimentation and testing 0x80 to 0xFD: Unassigned (shim headers) 0xFE, 0xFF: Experimentation and testing (shim headers) The values are tracked in the IANALISP-GPE"LISP-GPE NextProtocol RegistryProtocol" registry, as described in Section 6.1. NextprotocolProtocol values 0x7E,0x7F and0x7F, 0xFE, and 0xFF are assigned for experimentation andtestingtesting, as per [RFC3692]. NextprotocolProtocol values fromOx800x80 to 0xFD are assigned to protocols encoded as generic"shim"shim headers. All shim protocols MUST use the header structure in Figure 4, which includes aNext Protocol'Next Protocol' field. When shim headers are used with other protocols identified bynext protocolNext Protocol values from 0x00 to 0x7F, all the shim headers MUST come first. Shim headers can be used to incrementally deploy new GPE features, keeping the processing of shim headers known to a givenxTRTunnel Router (xTR) implementation in the 'fast' path (typically anASIC),Application- Specific Integrated Circuit (ASIC)) while punting the processing of the remaining new GPE features to the 'slow' path. Shim protocols MUST have the first 32 bits defined as: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~Protocol SpecificProtocol-Specific Fields ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: Shim Header Where: Type: This field identifies the different messages of this protocol. Length:TheThis field indicates the length, in 4-octet units, of this protocolmessagemessage, not including the first 4 octets. Reserved: The use of this field is reserved to the protocol defined in this message. NextProtocol Field: The next protocolProtocol: This field contains the protocol of the encapsulated payload. The values are tracked in the IANALISP-GPE"LISP-GPE NextProtocol RegistryProtocol" registry, as described in Section 6.1. 4. Implementation and Deployment Considerations 4.1. Applicability Statement LISP-GPE conforms, asana UDP-based encapsulation protocol, to the UDP usage guidelinesasspecified in [RFC8085]. The applicability of these guidelinesareis dependent on the underlay IP network and the nature of the encapsulated payload. [RFC8085] outlines two applicability scenarios for UDPapplications,applications: 1) the general Internet and 2) a controlled environment.TheA controlled environment means a single administrative domain or adjacent set of cooperating domains. A network in a controlled environment can be managed to operate under certainconditions whereasconditions, whereas, in the generalInternetInternet, this cannot be done.HenceHence, requirements for a tunnel protocol operating under a controlled environment can be less restrictive than the requirements of the generalinternet.Internet. The LISP-GPE scope of applicability is the same set of use cases coveredby[I-D.ietf-lisp-rfc6830bis]by [RFC9300] for the LISPdataplanedata plane protocol. The common property of these use cases is a large set of cooperating entities seeking to communicate over the public Internet or other large underlay IPinfrastructures,infrastructures while keeping the addressing and topology of the cooperating entities separate from the underlay and Internet topology, routing, and addressing. LISP-GPE is meant to be deployed in network environments operated by a single operator or adjacent set of cooperating network operators thatfitsfit with the definition of controlled environments in [RFC8085]. For the purpose of this document, atraffic-managed controlled environmentTraffic-Managed Controlled Environment (TMCE), outlined in [RFC8086], is defined as an IP network that is traffic-engineered and/or otherwise managed (e.g., via the use of traffic rate limiters) to avoid congestion. Significant portions of the text in thisSectionsection are based on [RFC8086]. It is the responsibility of the network operators to ensure that the guidelines/requirements in this section are followed as applicable to their LISP-GPEdeploymentsdeployments. 4.2.Congestion ControlCongestion-Control Functionality LISP-GPE does notnativelyprovidecongestion controlcongestion-control functionality and relies on the payload protocol traffic for congestion control. Assuchsuch, LISP-GPE MUST be used withcongestion controlledcongestion-controlled traffic or within a network that is traffic managed to avoid congestion (TMCE). An operator of atraffic managedtraffic-managed network (TMCE) may avoid congestion by careful provisioning of their networks,rate-limitingrate limiting of user datatraffictraffic, and traffic engineering according to path capacity. Keeping in mind thereccomendationrecommendation above, new encapsulated payloads, when registered with LISP-GPE, MUST beaccompainedaccompanied by a set of guidelines derived from[I-D.ietf-lisp-rfc6830bis].Section 5 of [RFC9300]. Such new protocols should be designed for explicit congestion signals to propagate consistently fromlower layerlower-layer protocols into IP.ThenThen, the IP internetwork layer can act as a portability layer to carry congestionnotificationnotifications from non-IP-aware congested nodes up to the transport layer (L4). By following the guidelines in[I-D.ietf-tsvwg-ecn-encap-guidelines],[ENCAP-GUIDE], subnetwork designers can enable alayer-2Layer 2 protocol to participate in congestion control without droppingpacketspackets, via propagation ofexplicit congestion notification (ECNExplicit Congestion Notification (ECN) data [RFC3168])to receivers. 4.3. UDP Checksum For IP payloads,sectionSection 5.3 of[I-D.ietf-lisp-rfc6830bis][RFC9300] specifies how to handle UDPChecksumschecksums, encouraging implementors to consider UDP checksum usage guidelines insectionSection 3.4 of [RFC8085] when it is desirable to protect UDP and LISP headers against corruption. In order toprovideprotect the integrity of LISP-GPE headers,optionsoptions, andpayload, for examplepayloads (for example, to avoidmis-deliverymisdelivery ofpayloadpayloads to different tenant systems in the case of datacorruption,corruption), the outer UDP checksum SHOULD be used with LISP-GPE when transported over IPv4. The UDP checksum provides a statistical guarantee that a payload was not corrupted in transit. These integrity checks are not strong from a coding or cryptographic perspective and are not designed to detectphysical- layerphysical-layer errors or maliciousmodificationmodifications of the datagram (see Section 3.4 of [RFC8085]). In deployments where such a risk exists, an operator SHOULD use additional data integritymechanismsmechanisms, such as those offered byIPSec.IPsec. An operator MAY choose to disable a UDP checksum and use a zero checksum if LISP-GPE packet integrity is provided by other data integritymechanismsmechanisms, such as IPsec or additionalchecksumschecksums, or if one of the conditions in Section 4.3.1a,(a, b,c areor c) is met. 4.3.1. UDP Zero Checksum Handling with IPv6 By default, a UDP checksum MUST be used when LISP-GPE is transported over IPv6. A tunnel endpoint MAY be configured for use with a zero UDP checksum if additional requirements described in this section are met. When LISP-GPE is used over IPv6, a UDP checksum is used to protect IPv6 headers, UDPheadersheaders, and LISP-GPE headers andpayloadpayloads from potential data corruption. Assuchsuch, bydefaultdefault, LISP-GPE MUST use a UDP checksum when transported over IPv6. An operator MAY choose to configure to operate with a zero UDP checksum if operating in atraffic managedtraffic-managed controlledenvironmentenvironment, as stated in Section4.14.1, if one of the following conditionsareis met: a. It is known thatthepacket corruption is exceptionally unlikely (perhaps based on an operator's knowledge of equipment types in their underlaynetwork)network), and the operator is willing to takeathe risk of undetected packetcorruptioncorruption. b. It isjudgeddetermined through observational measurements (perhaps through historic or current traffic flows that usenon zeroa non-zero checksum) that the level of packet corruption is tolerablylowlow, andwherethe operator is willing to take the risk of undetectedcorruptioncorruption. c. LISP-GPEpayload ispayloads are carrying applications that are tolerant of misdelivered or corrupted packets (perhaps throughhigher layerhigher-layer checksum validation and/or reliability throughretransmission)retransmission). Inadditionaddition, LISP-GPE tunnel implementations usingZeroa zero UDP checksum MUST meet the following requirements: 1. Use of a UDP checksum over IPv6 MUST be the default configuration for all LISP-GPEtunnelstunnels. 2. If LISP-GPE is used with a zero UDP checksum overIPv6IPv6, then such xTRimplementationimplementations MUST meet all the requirements specified insectionSection 4 of [RFC6936] andrequirementsrequirement 1asspecified insectionSection 5 of[RFC6936][RFC6936]. 3. TheETREgress Tunnel Router (ETR) that decapsulates the packet SHOULD check that the source and destination IPv6 addresses are valid for the LISP-GPE tunnel that is configured to receiveZeroa zero UDP checksum and discard other packetsfor whichthat fail suchcheck failschecks. 4. TheITRIngress Tunnel Router (ITR) that encapsulates the packet MAY use different IPv6 source addresses for each LISP-GPE tunnel that usesZerozero UDP checksum mode in order to strengthen the decapsulator's check of the IPv6 source address(i.e(i.e., the same IPv6 source address is not to be used with more than one IPv6 destination address, irrespective of whether that destination address is a unicast or multicast address). When this is not possible, it is RECOMMENDED to use each source address for as few LISP-GPE tunnels that use a zero UDP checksum as isfeasiblefeasible. 5. Measures SHOULD be taken to prevent LISP-GPE traffic over IPv6 with a zero UDP checksum from escaping into the general Internet. Examples of such measures include employing packet filters at thePETRProxy Egress Tunnel Router (PETR) and/or keeping logical or physical separation of the LISP network from networkscarrying General Internetin the general Internet. The above requirements do not changeeitherthe requirements specified in[RFC2460] as modified by [RFC6935][RFC6935], [RFC6936], orthe requirements specified in [RFC6936].[RFC8200]. The requirement to check the source IPv6 address in addition to the destination IPv6 address, plus the recommendation against the reuse of source IPv6 addresses among LISP-GPEtunnelstunnels, collectively provide some mitigation for the absence of UDP checksum coverage of the IPv6 header. A traffic-managed controlled environment that satisfies at least one of the three conditions listed at the beginning of this section provides additional assurance. 4.4. DSCP, ECN, TTL, and 802.1Q When encapsulating IP (including over Ethernet)packetspackets, [RFC2983] provides guidance for mappingDSCPpackets that contain Differentiated Services Code Point (DSCP) information between inner and outer IP headers. The Pipe model typically fits betterNetworkwith network virtualization. The DSCP value on the tunnel header is set based on a policy (which may be a fixed value, one based on the inner traffic class, or some other mechanism for grouping traffic). Some aspects of the Uniform model (which treats the inner and outer DSCP value as a single field by copying on ingress and egress) may also apply, such as the ability to remark the inner header on tunnel egress based on transit marking. However, the Uniform model is not conceptually consistent with network virtualization, which seeks to provide strong isolation between encapsulated traffic and the physical network. [RFC6040] describes the mechanism for exposing ECN capabilities on IP tunnels and propagating congestion markers to the inner packets. This behavior MUST be followed for IP packets encapsulated in LISP- GPE. Though the Uniform model or the Pipemodelsmodel could be used for TTL (or Hop Limit in the case of IPv6) handling when tunneling IP packets, the Pipe model is more aligned with network virtualization. [RFC2003] provides guidance on handling TTL between inner IPheaderheaders and outer IP tunnels; this model is more aligned with the Pipe model and is recommended for use with LISP-GPE fornetwork virtualizationnetwork-virtualization applications. When a LISP-GPE router performs Ethernet encapsulation, the inner 802.1Q[IEEE.802.1Q_2014]3-bitpriority code point (PCP)Priority Code Point ('PCP') field [IEEE.802.1Q_2014] MAY be mapped from the encapsulated frame to the DSCP codepoint of theDSDifferentiated Services ('DS') field defined in [RFC2474]. When a LISP-GPE router performs Ethernet encapsulation, theinnerinner- header 802.1Q[IEEE.802.1Q_2014]VLAN Identifier (VID) [IEEE.802.1Q_2014] MAY be mapped to, or used todeterminedetermine, the LISPInstance IDentifier'Instance ID' (IID) field. Refer to Section 7 forconsiderationconsiderations about the use of integrity protection for deployments, such as the public Internet, concerned with on-path attackers. 5. Backward Compatibility LISP-GPE uses the same UDP destination port (4341) allocated to LISP. When encapsulating IP packets to anon LISP-GPE capable routernon-LISP-GPE-capable router, the P-bit MUST be set to 0. That is, the encapsulation format defined in this document MUST NOT be sent to a router that has not indicated that it supports thisspecificationspecification, because such a router would ignore the P-bit (as described in[I-D.ietf-lisp-rfc6830bis])[RFC9300]) and so would misinterpret the other LISP headerfieldsfields, possibly causing significant errors. 5.1. Detection of ETR Capabilities The discovery of xTR capabilities to support LISP-GPE is out of the scope of this document. Given that the applicability domain of LISP- GPE is a traffic-managed controlled environment, ITR/ETR (xTR) configuration mechanisms may be used for this purpose. 6. IANA Considerations 6.1. LISP-GPE Next Protocol Registry IANAis requested to set uphas created a registryof LISP-GPE "Nextcalled "LISP-GPE Next Protocol". These are 8-bit values. Next Protocol values in the table below are defined in this document. New values are assigned under the Specification Required policy [RFC8126]. The protocols that are being assigned values do not themselves need to be IETFstandards trackStandards Track protocols.+--------------+-------------------------------------+--------------++===============+=============================+===========+ | Next Protocol | Description | Reference | +===============+=============================+===========+ |Protocol | | | +--------------+-------------------------------------+--------------+ | 0x00x00 | Reserved |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x10x01 | IPv4 |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x20x02 | IPv6 |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x30x03 | Ethernet |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x40x04 | NSH |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x05..0x7D0x05-0x7D | Unassigned | | +---------------+-----------------------------+-----------+ |0x7E..0x7F0x7E-0x7F | Experimentation and testing |This | | | | DocumentRFC 9305 | +---------------+-----------------------------+-----------+ |0x80..0xFD0x80-0xFD | Unassigned (shim headers) | | +---------------+-----------------------------+-----------+ |0x8E..0x8F0xFE-0xFF | Experimentation and testing(shim|ThisRFC 9305 | | | (shim headers) |Document|+--------------+-------------------------------------+--------------++---------------+-----------------------------+-----------+ Table 1 7. Security Considerations LISP-GPE security considerations are similar to the LISP security considerations and mitigation techniques documented in [RFC7835].LISP-GPE, asAs is the case for many encapsulations that use optional extensions, LISP-GPE is subject to on-path adversaries that can make arbitrary modifications to the packet (including theP-Bit)P-bit) to change or remove any part of the payload, or claim to encapsulate any protocol payload type. Typical integrity protection mechanisms (such as IPsec) SHOULD be used in combination with LISP-GPE by those protocol extensions that want to protectfromagainst on-path attackers. With LISP-GPE, issues such asdata-planedata plane spoofing, flooding, and traffic redirection may depend on the particular protocol payload encapsulated. 8.Acknowledgements and Contributors A special thank you goes to Dino Farinacci for his guidance and detailed review. Thanks to Tom Herbert for the suggestion to assign codepoints for experimentations and testing. This Working Group (WG) document originated as draft-lewis-lisp-gpe; the following are its coauthors and contributors along with their respective affiliations at the time of WG adoption. The editor of this document would like to thank and recognize them and their contributions. These coauthors and contributors provided invaluable concepts and content for this document's creation. o Darrel Lewis, Cisco Systems, Inc. o Fabio Maino, Cisco Systems, Inc. o Paul Quinn, Cisco Systems, Inc. o Michael Smith, Cisco Systems, Inc. o Navindra Yadav, Cisco Systems, Inc. o Larry Kreeger o Jennifer Lemon, Broadcom o Puneet Agarwal, Innovium 9.References9.1.8.1. Normative References[I-D.ietf-lisp-rfc6830bis] Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Cabellos-Aparicio, "The Locator/ID Separation Protocol (LISP)", draft-ietf-lisp-rfc6830bis-32 (work in progress), March 2020.[IEEE.802.1Q_2014] IEEE, "IEEE Standard for Local and metropolitan area networks--Bridges and Bridged Networks", IEEE802.1Q-2014, DOI 10.1109/ieeestd.2014.6991462,Std 802.1Q- 2014, December 2014, <http://ieeexplore.ieee.org/servlet/ opac?punumber=6991460>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion Notification", RFC 6040, DOI 10.17487/RFC6040, November 2010, <https://www.rfc-editor.org/info/rfc6040>.9.2. Informative References [I-D.brockners-ippm-ioam-vxlan-gpe] Brockners, F., Bhandari, S., Govindan, V., Pignataro, C., Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni,[RFC8174] Leiba, B.,Lapukhov, P., and M. Spiegel, "VXLAN-GPE Encapsulation for In-situ OAM Data", draft-brockners-ippm- ioam-vxlan-gpe-03 (work"Ambiguity of Uppercase vs Lowercase inprogress), November 2019. [I-D.ietf-tsvwg-ecn-encap-guidelines]RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. [RFC9300] Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Cabellos, Ed., "The Locator/ID Separation Protocol (LISP)", RFC 9300, DOI 10.17487/RFC9300, October 2022, <https://www.rfc-editor.org/info/rfc9300>. 8.2. Informative References [ENCAP-GUIDE] Briscoe,B., Kaippallimalil, J.,B. andP. Thaler,J. Kaippallimalil, "Guidelines for Adding Congestion Notification to Protocols that Encapsulate IP",draft-ietf-tsvwg-ecn- encap-guidelines-13 (work in progress), May 2019. [I-D.lemon-vxlan-lisp-gpe-gbp] Lemon, J., Maino, F., Smith, M., and A. Isaac, "Group Policy Encoding with VXLAN-GPE and LISP-GPE", draft-lemon- vxlan-lisp-gpe-gbp-02 (workWork inprogress), April 2019.Progress, Internet-Draft, draft-ietf-tsvwg-ecn- encap-guidelines-17, 11 July 2022, <https://datatracker.ietf.org/doc/html/draft-ietf-tsvwg- ecn-encap-guidelines-17>. [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, DOI 10.17487/RFC2003, October 1996, <https://www.rfc-editor.org/info/rfc2003>.[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998, <https://www.rfc-editor.org/info/rfc2460>.[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, DOI 10.17487/RFC2474, December 1998, <https://www.rfc-editor.org/info/rfc2474>. [RFC2983] Black, D., "Differentiated Services and Tunnels", RFC 2983, DOI 10.17487/RFC2983, October 2000, <https://www.rfc-editor.org/info/rfc2983>. [RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition of Explicit Congestion Notification (ECN) to IP", RFC 3168, DOI 10.17487/RFC3168, September 2001, <https://www.rfc-editor.org/info/rfc3168>. [RFC3692] Narten, T., "Assigning Experimental and Testing Numbers Considered Useful", BCP 82, RFC 3692, DOI 10.17487/RFC3692, January 2004, <https://www.rfc-editor.org/info/rfc3692>. [RFC6935] Eubanks, M., Chimento, P., and M. Westerlund, "IPv6 and UDP Checksums for Tunneled Packets", RFC 6935, DOI 10.17487/RFC6935, April 2013, <https://www.rfc-editor.org/info/rfc6935>. [RFC6936] Fairhurst, G. and M. Westerlund, "Applicability Statement for the Use of IPv6 UDP Datagrams with Zero Checksums", RFC 6936, DOI 10.17487/RFC6936, April 2013, <https://www.rfc-editor.org/info/rfc6936>. [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, L., Sridhar, T., Bursell, M., and C. Wright, "Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, <https://www.rfc-editor.org/info/rfc7348>. [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID Separation Protocol (LISP) Threat Analysis", RFC 7835, DOI 10.17487/RFC7835, April 2016, <https://www.rfc-editor.org/info/rfc7835>. [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, March 2017, <https://www.rfc-editor.org/info/rfc8085>. [RFC8086] Yong, L., Ed., Crabbe, E., Xu, X., and T. Herbert, "GRE- in-UDP Encapsulation", RFC 8086, DOI 10.17487/RFC8086, March 2017, <https://www.rfc-editor.org/info/rfc8086>. [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, <https://www.rfc-editor.org/info/rfc8126>.[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14,[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC8174,8200, DOI10.17487/RFC8174, May10.17487/RFC8200, July 2017,<https://www.rfc-editor.org/info/rfc8174>.<https://www.rfc-editor.org/info/rfc8200>. [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., "Network Service Header (NSH)", RFC 8300, DOI 10.17487/RFC8300, January 2018, <https://www.rfc-editor.org/info/rfc8300>. [VXLAN-GPE] Brockners, F., Bhandari, S., Govindan, V., Pignataro, C., Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., Lapukhov, P., and M. Spiegel, "VXLAN-GPE Encapsulation for In-situ OAM Data", Work in Progress, November 2019, <https://datatracker.ietf.org/doc/html/ draft-brockners-ippm-ioam-vxlan-gpe-03>. [VXLAN-LISP] Lemon, J., Ed., Maino, F., Smith, M., and A. Isaac, "Group Policy Encoding with VXLAN-GPE and LISP-GPE", Work in Progress, Internet-Draft, draft-lemon-vxlan-lisp-gpe-gbp- 02, 30 April 2019, <https://datatracker.ietf.org/doc/html/ draft-lemon-vxlan-lisp-gpe-gbp-02>. Acknowledgments A special thank you goes to Dino Farinacci for his guidance and detailed review. Thanks to Tom Herbert for the suggestion to assign codepoints for experimentations and testing. Contributors The editor of this document would like to thank and recognize the following coauthors and contributors for their contributions. These coauthors and contributors provided invaluable concepts and content for this document's creation. Darrel Lewis Cisco Systems, Inc. Fabio Maino Cisco Systems, Inc. Paul Quinn Cisco Systems, Inc. Michael Smith Cisco Systems, Inc. Navindra Yadav Cisco Systems, Inc. Larry Kreeger Jennifer Lemon Broadcom Puneet Agarwal Innovium Authors' Addresses Fabio Maino (editor) Cisco Systems San Jose, CA95134 USAUnited States of America Email: fmaino@cisco.com Jennifer LemonBroadcom 270 Innovation Drive San Jose, CA 95134 USAEmail:jennifer.lemon@broadcom.comjalemon@meus.us Puneet Agarwal InnoviumUSAUnited States of America Email: puneet@acm.org Darrel Lewis Cisco Systems San Jose, CA95134 USAUnited States of America Email: darlewis@cisco.com Michael Smith Cisco Systems San Jose, CA 95134USAUnited States of America Email: michsmit@cisco.com