datatracker.ietf.org
Sign in
Version 5.6.3.p2, 2014-09-29
Report a bug

BGP IPsec Tunnel Encapsulation Attribute
RFC 5566

Document type: RFC - Proposed Standard (June 2009; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 5566 (Proposed Standard)
Responsible AD: Ralph Droms
Send notices to: softwire-chairs@tools.ietf.org, draft-ietf-softwire-encaps-ipsec@tools.ietf.org

Network Working Group                                          L. Berger
Request for Comments: 5566                                          LabN
Category: Standards Track                                       R. White
                                                                E. Rosen
                                                           Cisco Systems
                                                               June 2009

                BGP IPsec Tunnel Encapsulation Attribute

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   The BGP Encapsulation Subsequent Address Family Identifier (SAFI)
   provides a method for the dynamic exchange of encapsulation
   information and for the indication of encapsulation protocol types to
   be used for different next hops.  Currently, support for Generic
   Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TPv3), and
   IP in IP tunnel types are defined.  This document defines support for
   IPsec tunnel types.

Berger, et al.              Standards Track                     [Page 1]
RFC 5566             BGP IPsec Tunnel Encapsulation            June 2009

Table of Contents

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................2
   2. Tunnel Encapsulation Types ......................................3
   3. Use of IPsec Tunnel Types .......................................3
   4. IPsec Tunnel Authenticator sub-TLV ..............................4
      4.1. Use of the IPsec Tunnel Authenticator sub-TLV ..............5
   5. Security Considerations .........................................5
   6. IANA Considerations .............................................6
   7. References ......................................................7
      7.1. Normative References .......................................7
      7.2. Informative References .....................................7
   8. Acknowledgments .................................................8

1.  Introduction

   The BGP [RFC4271] Encapsulation Subsequent Address Family Identifier
   (SAFI) allows for the communication of tunnel information and for the
   association of this information to a BGP next hop.  The Encapsulation
   SAFI can be used to support the mapping of prefixes to next hops and
   tunnels of the same address family, IPv6 prefixes to IPv4 next hops
   and tunnels using [RFC4798], and IPv4 prefixes to IPv6 next hops and
   tunnels using [RFC5549].  The Encapsulation SAFI can also be used to
   support the mapping of VPN prefixes to tunnels when VPN prefixes are
   advertised per [RFC4364] or [RFC4659].  [RFC5565] provides useful
   context for the use of the Encapsulation SAFI.

   The Encapsulation SAFI is defined in [RFC5512].  [RFC5512] also
   defines support for the GRE [RFC2784], L2TPv3 [RFC3931], and IP in IP
   [RFC2003] tunnel types.  This document builds on [RFC5512] and
   defines support for IPsec tunnels.  Support is defined for IP
   Authentication Header (AH) in tunnel mode [RFC4302] and for IP
   Encapsulating Security Payload (ESP) in tunnel mode [RFC4303].  The
   IPsec architecture is defined in [RFC4301].  Support for IP in IP
   [RFC2003] and MPLS-in-IP [RFC4023] protected by IPsec Transport Mode
   is also defined.

   The Encapsulation Network Layer Reachability Information (NLRI)
   Format is not modified by this document.

1.1.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Berger, et al.              Standards Track                     [Page 2]
RFC 5566             BGP IPsec Tunnel Encapsulation            June 2009

2.  Tunnel Encapsulation Types

[include full document text]