BESS Zheng. Zhang Internet-Draft ZTE Corporation Intended status: Standards Track Shaowen. Ma Expires: April 25, 2019 Juniper Cui. Wang Matrium Technologies October 22, 2018 Use of IP Tunnels In IP VPNs draft-zmw-bess-tunnel-vpn-00 Abstract This document updates [RFC6513], [RFC6514] and [I-D.ietf-idr-tunnel-encaps] to provide additional details about using GRE tunnels for IP VPN, and using IP tunnels for Multicast VPN (MVPN). Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 25, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. Zhang, et al. Expires April 25, 2019 [Page 1] Internet-Draft BESS TUNNEL IP VPN October 2018 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Specification . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. GRE Considered as a Tunnel Type Whose Encapsulation Includes VNI field . . . . . . . . . . . . . . . . . . . 3 3.2. Attach Tunnel Encap Attribute to MVPN PMSI/Leaf A-D Routes . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 4 7. Normative References . . . . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 5 1. Terminology This document uses terminologies defined in [RFC6513], [RFC6514]. 2. Introduction [RFC4364] specifies protocol and procedures for providing IP Virtual Private Network (IP VPN) service using BGP signaling and MPLS data plane, often referred to as BGP/MPLS VPN. Along with the great success of BGP/MPLS VPN, use of IP tunneling instead of MPLS has been growing significantly, especially in Data Centers or where MPLS infrastructure is not available. IP tunnels typically include GRE, VXLAN, VXLAN-GPE, and NVGRE. Both VXLAN and NVGRE are targeted at Layer 2 Overlay services and the payload after the VXLAN or NVGRE header is Ethernet. For GRE [RFC2784] and VXLAN-GPE, the payload could be either IP or Ethernet or others. [I-D.ietf-idr-tunnel-encaps] specifies how these tunnels can be used for VPNs, and [RFC6513] describes how GRE tunnels can be used for Multicast VPNs (MVPN). However, existing documents do not fully cover some deployment scenarios as listed below. Zhang, et al. Expires April 25, 2019 [Page 2] Internet-Draft BESS TUNNEL IP VPN October 2018 o Use of GRE tunnel for IP VPN: GRE tunnel is currently not listed as one of the three tunnel types whose encapsulation header includes a Virtual Network Identifier (VNI), even though an optional key in GRE header can be used as a VNI. As a result, currently there is no document specifies the use of GRE tunnel for IP VPN unicast, while it may be desired in certain situations. For example, multicast GRE tunnels are already widely used for MVPNs. If IP tunnels are preferred over MPLS tunnels for unicast, then it is better to use GRE (vs. VXLAN-GPE) for unicast as well as for multicast. Another reason to use GRE instead of VXLAN-GPE is that in certain public provider networks UDP packets are more susceptible to packet losses. o While [RFC6513] has descriptive text (section 12.1.1) on using unicast GRE tunnel for Ingress Replication, [RFC6514] (the specification companion of [RFC6513]) only covers MPLS tunnels. o To use IP tunnels for Ingress Replication in MVPN, appropriate Tunnel Encap Attribute (TEA) needs to be attached relevant MVPN PMSI/Leaf A-D routes, however that is declared as out of scope for [I-D.ietf-idr-tunnel-encaps]. 3. Specification This document specifies the details for missing coverage (as desribed above) in existing documentations. 3.1. GRE Considered as a Tunnel Type Whose Encapsulation Includes VNI field This document updates Section "8. Use of Virtual Network Identifiers and Embedded Labels when Imposing a Tunnel Encapsulation" of [I-D.ietf-idr-tunnel-encaps] as following: o A GRE tunnel whose encapsulation does not set the K bit in the GRE header is considered as without a Virtual Network Identifier Field, and section 8.1 applies. o A GRE tunnel whose encapsulation does set the K bit in the GRE header is considered as having a Virtual Network Identifier Field, and section 8.2 applies. When applying the rules in section 8.2, the condition "the TLV identifying the tunnel contains an Encapsulation sub-TLV whose V bit is set" is considered met as long as the TEA includes a GRE Encapsulation Sub-TLV. Zhang, et al. Expires April 25, 2019 [Page 3] Internet-Draft BESS TUNNEL IP VPN October 2018 3.2. Attach Tunnel Encap Attribute to MVPN PMSI/Leaf A-D Routes If IP tunnels are used for MVPN Ingress Replication, a TEA SHOULD be attached to MVPN Inclusive-PMSI A-D routes and Leaf A-D routes to specify the IP tunnel used for the originating router to receive traffic. The label field in the A-D route's PMSI Tunnel Attribute (PTA) is set to the VNI assigned by the originating router. When an ingress router sends traffic, the label value in the PTA of Inclusive-PMSI or Leaf A-D route originated from the receiving router is copied into the VNI field of the tunnel encapsulation header. Note that in case of GRE tunnel, the VNI field is the Key field in the GRE header and the K bit MUST be set. 4. IANA Considerations This document makes no requests for IANA action. 5. Security Considerations There is no further security requirements in this document. 6. Acknowledgement The authors would like to thank Jeffrey Zhang for his valuable discussion and suggestion. 7. Normative References [I-D.ietf-idr-tunnel-encaps] Rosen, E., Patel, K., and G. Velde, "The BGP Tunnel Encapsulation Attribute", draft-ietf-idr-tunnel-encaps-10 (work in progress), August 2018. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, DOI 10.17487/RFC2784, March 2000, . [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 2006, . [RFC6513] Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/ BGP IP VPNs", RFC 6513, DOI 10.17487/RFC6513, February 2012, . Zhang, et al. Expires April 25, 2019 [Page 4] Internet-Draft BESS TUNNEL IP VPN October 2018 [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, . Authors' Addresses Zheng(Sandy) Zhang ZTE Corporation EMail: zzhang_ietf@hotmail.com Shaowen Ma Juniper EMail: mashaowen@gmail.com Cui(Linda) Wang Matrium Technologies Australia EMail: lindawangjoy@gmail.com Zhang, et al. Expires April 25, 2019 [Page 5]