--- 1/draft-ietf-lisp-gpe-05.txt 2018-09-20 22:13:13.004127503 -0700 +++ 2/draft-ietf-lisp-gpe-06.txt 2018-09-20 22:13:13.024127739 -0700 @@ -1,24 +1,24 @@ Internet Engineering Task Force F. Maino, Ed. Internet-Draft Cisco Intended status: Standards Track J. Lemon -Expires: February 16, 2019 Broadcom +Expires: March 24, 2019 Broadcom P. Agarwal Innovium D. Lewis M. Smith Cisco - August 15, 2018 + September 20, 2018 LISP Generic Protocol Extension - draft-ietf-lisp-gpe-05 + draft-ietf-lisp-gpe-06 Abstract This document describes extentions to the Locator/ID Separation Protocol (LISP) Data-Plane, via changes to the LISP header, to support multi-protocol encapsulation. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -27,21 +27,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on February 16, 2019. + This Internet-Draft will expire on March 24, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -50,35 +50,38 @@ include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Definition of Terms . . . . . . . . . . . . . . . . . . . 3 2. LISP Header Without Protocol Extensions . . . . . . . . . . . 3 - 3. Generic Protocol Extension for LISP (LISP-GPE) . . . . . . . 3 - 4. Backward Compatibility . . . . . . . . . . . . . . . . . . . 5 + 3. Generic Protocol Extension for LISP (LISP-GPE) . . . . . . . 4 + 3.1. Payload Specific Transport Interactions . . . . . . . . . 6 + 3.1.1. Payload Specific Transport Interactions for Ethernet + Encapsulated Payloads . . . . . . . . . . . . . . . . 6 + 3.1.2. Payload Specific Transport Interactions for NSH + Encapsulated Payloads . . . . . . . . . . . . . . . . 7 + 4. Backward Compatibility . . . . . . . . . . . . . . . . . . . 7 4.1. Use of "Multiple Data-Planes" LCAF to Determine ETR - Capabilities . . . . . . . . . . . . . . . . . . . . . . 6 - 4.2. Type of Service . . . . . . . . . . . . . . . . . . . . . 6 - 4.3. VLAN Identifier (VID) . . . . . . . . . . . . . . . . . . 6 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 - 5.1. LISP-GPE Next Protocol Registry . . . . . . . . . . . . . 6 - 5.2. Multiple Data-Planes Encapsulation Bitmap Registry . . . 7 - 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 - 7. Acknowledgements and Contributors . . . . . . . . . . . . . . 8 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 - 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 - 8.2. Informative References . . . . . . . . . . . . . . . . . 9 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 + Capabilities . . . . . . . . . . . . . . . . . . . . . . 7 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 + 5.1. LISP-GPE Next Protocol Registry . . . . . . . . . . . . . 8 + 5.2. Multiple Data-Planes Encapsulation Bitmap Registry . . . 8 + 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 + 7. Acknowledgements and Contributors . . . . . . . . . . . . . . 10 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 + 8.1. Normative References . . . . . . . . . . . . . . . . . . 10 + 8.2. Informative References . . . . . . . . . . . . . . . . . 11 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction The LISP Data-Plane is defined in [I-D.ietf-lisp-rfc6830bis]. It specifies an encapsulation format that carries IPv4 or IPv6 packets (henceforth jointly referred to as IP) in a LISP header and outer UDP/IP transport. The LISP Data-Plane header does not specify the protocol being encapsulated and therefore is currently limited to encapsulating only @@ -91,20 +94,27 @@ [I-D.ietf-lisp-rfc6830bis], to indicate the inner protocol, enabling the encapsulation of Ethernet, IP or any other desired protocol all the while ensuring compatibility with existing LISP deployments. A flag in the LISP header, called the P-bit, is used to signal the presence of the 8-bit Next Protocol field. The Next Protocol field, when present, uses 8 bits of the field allocated to the echo-noncing and map-versioning features. The two features are still available, albeit with a reduced length of Nonce and Map-Version. + LISP-GPE MAY also be used to extend the LISP Data-Plane header, that + has allocated all by defining a Next Protocol "shim" header that + implements new data plane functions not supported in the LISP header. + As an example, the use of the Network Service Header (NSH) with LISP- + GPE, can be considered an extension to add support in the Data-Plane + for Network Service Chaining functionalities. + 1.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 1.2. Definition of Terms @@ -204,40 +214,105 @@ 0x2 : IPv6 0x3 : Ethernet 0x4 : Network Service Header (NSH) [RFC8300] The values are tracked in an IANA registry as described in Section 5.1. +3.1. Payload Specific Transport Interactions + + To ensure that protocols that are encapsulated in LISP-GPE will work + well from a transport interaction perspective, the specification of a + new encapsulated payload MUST contain an analysis of how LISP-GPE + SHOULD deal with outer UDP Checksum, DSCP mapping, and Explicit + Congestion Notification (ECN) bits whenever they apply to the new + encapsulated payload. + + For IP payloads, section 5.3 of [I-D.ietf-lisp-rfc6830bis] specifies + how to handle UDP Checksums encouraging implementors to consider UDP + checksum usage guidelines in section 3.4 of [RFC8085] when it is + desirable to protect UDP and LISP headers against corruption. Each + new encapsulated payloads, when registered with LISP-GPE, MUST be + accompanied by a similar analysis. + + Encapsulated payloads may have a priority field that may or may not + be mapped to the DSCP field of the outer IP header (part of Type of + Service in IPv4 or Traffic Class in IPv6). Such new encapsulated + payloads, when registered with LISP-GPE, MUST be accompanied by an + analysis similar to the one performed in Section 3.1.1 of this + document for Ethernet payloads. + + Encapsulated payloads may have Explicit Congestion Notification + mechanisms that may or may not be mapped to the outer IP header ECN + field. Such new encapsulated payolads, when registered with LISP- + GPE, MUST be accompanied by a set of guidelines derived from + [RFC6040]. + + The rest of this section specifies payload specific transport + interactions considerations for the two new LISP-GPE encapsulated + payloads specified in this document: Ethernet and NSH. + +3.1.1. Payload Specific Transport Interactions for Ethernet + Encapsulated Payloads + + The UDP Checksum considerations specified in section 5.3 of + [I-D.ietf-lisp-rfc6830bis] apply to Ethernet Encapsulated Payloads. + Implementors are encouraged to consider the UDP checksum usage + guidelines in section 3.4 of [RFC8085] when it is desirable to + protect UDP, LISP and Ethernet headers against corruption. + + When a LISP-GPE router performs Ethernet encapsulation, the inner + 802.1Q [IEEE.802.1Q_2014] priority code point (PCP) field MAY be + mapped from the encapsulated frame to the Type of Service field in + the outer IPv4 header, or in the case of IPv6 the 'Traffic Class' + field. + + When a LISP-GPE router performs Ethernet encapsulation, the inner + header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped + to, or used to determine the LISP Instance IDentifier (IID) field. + +3.1.2. Payload Specific Transport Interactions for NSH Encapsulated + Payloads + + The UDP Checksum considerations specified in section 5.3 of + [I-D.ietf-lisp-rfc6830bis] apply to NSH Encapsulated Payloads. + Implementors are encouraged to consider the UDP checksum usage + guidelines in section 3.4 of [RFC8085] when it is desirable to + protect UDP, LISP, and NSH headers against corruption. + + When a LISP-GPE router performs an NSH encapsulation, DSCP and ECN + values MAY be mapped as specified for the Next Protocol encapsulated + by NSH (namely IPv4, IPv6 and Ethernet). + 4. Backward Compatibility LISP-GPE uses the same UDP destination port (4341) allocated to LISP. The next Section describes a method to determine the Data-Plane capabilities of a LISP ETR, based on the use of the "Multiple Data- Planes" LISP Canonical Address Format (LCAF) type defined in [RFC8060]. Other mechanisms can be used, including static ETR/ITR (xTR) configuration, but are out of the scope of this document. When encapsulating IP packets to a non LISP-GPE capable router the P-bit MUST be set to 0. That is, the encapsulation format defined in this document MUST NOT be sent to a router that has not indicated that it supports this specification because such a router would ignore the P-bit (as described in [I-D.ietf-lisp-rfc6830bis]) and so would misinterpret the other LISP header fields possibly causing significant errors. - A LISP-GPE router MUST NOT encapsulate non-IP packets to a non LISP- - GPE capable router. + A LISP-GPE router MUST NOT encapsulate non-IP packets (that have the + P-bit set to 1) to a non-LISP-GPE capable router. 4.1. Use of "Multiple Data-Planes" LCAF to Determine ETR Capabilities LISP Canonical Address Format (LCAF) [RFC8060] defines the "Multiple Data-Planes" LCAF type, that can be included by an ETR in a Map-Reply to encode the encapsulation formats supported by a given RLOC. In this way an ITR can be made aware of the capability to support LISP- GPE, as well as other encapsulations, on a given RLOC of that ETR. The 3rd 32-bit word of the "Multiple Data-Planes" LCAF type, as @@ -246,34 +321,20 @@ tracked in an IANA registry as described in Section 5.2. This document defines bit 24 in the third 32-bit word of the "Multiple Data-Planes" LCAF as: g-Bit: The RLOCs listed in the Address Family Identifier (AFI) encoded addresses in the next longword can accept LISP-GPE (Generic Protocol Extension) encapsulation using destination UDP port 4341 -4.2. Type of Service - - When a LISP-GPE router performs Ethernet encapsulation, the inner - 802.1Q [IEEE.802.1Q_2014] priority code point (PCP) field MAY be - mapped from the encapsulated frame to the Type of Service field in - the outer IPv4 header, or in the case of IPv6 the 'Traffic Class' - field - -4.3. VLAN Identifier (VID) - - When a LISP-GPE router performs Ethernet encapsulation, the inner - header 802.1Q [IEEE.802.1Q_2014] VLAN Identifier (VID) MAY be mapped - to, or used to determine the LISP Instance IDentifier (IID) field. - 5. IANA Considerations 5.1. LISP-GPE Next Protocol Registry IANA is requested to set up a registry of LISP-GPE "Next Protocol". These are 8-bit values. Next Protocol values in the table below are defined in this document. New values are assigned via Standards Action [RFC8126]. The protocols that are being assigned values do not themselves need to be IETF standards track protocols. @@ -319,20 +380,35 @@ | 30 | l | Layer 2 LISP (LISP-L2) | [RFC8060] | | 31 | L | Locator/ID Separation Protocol | [RFC8060] | | | | (LISP) | | +----------+-------+------------------------------------+-----------+ 6. Security Considerations LISP-GPE security considerations are similar to the LISP security considerations and mitigation techniques documented in [RFC7835]. + The Echo Nonce Algorithm described in [I-D.ietf-lisp-rfc6830bis] + relies on the nonce to detect reachability from ITR to ETR. In LISP- + GPE the use of a 16-bit nonce, compared with the 24-bit nonce used in + LISP, increases the probability of an off-path attacker to correctly + guess the nonce and force the ITR to believe that a non-reachable + RLOC is reachable. However, the use of common anti-spoofing + mechanisms such as uRPF prevents this form of attack. + + LISP-GPE, as many encapsulations that use optional extensions, is + subject to on-path adversaries that by manipulating the g-Bit and the + packet itself can remove part of the payload. Typical integrity + protection mechanisms (such as IPsec) SHOULD be used in combination + with LISP-GPE by those protocol extensions that want to protect from + on-path attackers. + With LISP-GPE, issues such as data-plane spoofing, flooding, and traffic redirection may depend on the particular protocol payload encapsulated. 7. Acknowledgements and Contributors A special thank you goes to Dino Farinacci for his guidance and detailed review. This Workking Group (WG) document originated as draft-lewis-lisp-gpe; @@ -358,58 +434,66 @@ o Puneet Agarwal, Innovium 8. References 8.1. Normative References [I-D.ietf-lisp-6834bis] Iannone, L., Saucez, D., and O. Bonaventure, "Locator/ID Separation Protocol (LISP) Map-Versioning", draft-ietf- - lisp-6834bis-00 (work in progress), July 2018. + lisp-6834bis-02 (work in progress), September 2018. [I-D.ietf-lisp-rfc6830bis] Farinacci, D., Fuller, V., Meyer, D., Lewis, D., and A. Cabellos-Aparicio, "The Locator/ID Separation Protocol - (LISP)", draft-ietf-lisp-rfc6830bis-14 (work in progress), - July 2018. + (LISP)", draft-ietf-lisp-rfc6830bis-18 (work in progress), + September 2018. [IEEE.802.1Q_2014] IEEE, "IEEE Standard for Local and metropolitan area networks--Bridges and Bridged Networks", IEEE 802.1Q-2014, DOI 10.1109/ieeestd.2014.6991462, December 2014, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 8.2. Informative References + [RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion + Notification", RFC 6040, DOI 10.17487/RFC6040, November + 2010, . + [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, L., Sridhar, T., Bursell, M., and C. Wright, "Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, . [RFC7835] Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID Separation Protocol (LISP) Threat Analysis", RFC 7835, DOI 10.17487/RFC7835, April 2016, . [RFC8060] Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical Address Format (LCAF)", RFC 8060, DOI 10.17487/RFC8060, February 2017, . + [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage + Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, + March 2017, . + [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,