Network working group                                             X. Xu
Internet Draft                                                   Huawei
Category: Standard Track                                       N. Sheth
                                                       Contrail Systems
                                                                L. Yong
                                                                  Z. Li
                                                                 Y. Fan
                                                          China Telecom

Expires: May 2013                                      December 3, 2012

                         Encapsulating MPLS in UDP



   Existing technologies to encapsulate MPLS over IP are not adequate
   for efficient load balancing across IP networks. This document
   specifies additional IP-based encapsulation technology, referred to
   as MPLS-in-UDP, which can facilitate the load balancing of MPLS
   application traffic, such as L2VPN and L3VPN traffic, across IP

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with
   the provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

Xu, et al.               Expires May 3, 2013                  [Page 1]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

   This Internet-Draft will expire on May 3, 2013.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document.

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in RFC-2119 [RFC2119].

Table of Contents

   1. Introduction ................................................ 3
      1.1. Existing Technologies .................................. 3
      1.2. Motivations for MPLS-in-UDP Encapsulation .............. 4
   2. Terminology ................................................. 4
   3. Encapsulation in UDP......................................... 4
   4. Signaling for Encapsulation in UDP .......................... 5
   5. Processing Procedures ....................................... 5
   6. Applicability ............................................... 6
   7. Security Considerations ..................................... 6
   8. IANA Considerations ......................................... 6
   9. Acknowledgements ............................................ 6
   10. References ................................................. 7
      10.1. Normative References .................................. 7
      10.2. Informative References ................................ 7
   Authors' Addresses ............................................. 8

Xu, et al.               Expires May 3, 2013                  [Page 2]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

1. Introduction

   To fully utilize the bandwidth available in IP networks and/or
   facilitate recovery from a link or node failure, load balancing of
   traffic over Equal Cost Multi-Path (ECMP) and/or Link Aggregation
   Group (LAG) across the IP networks is widely used. In effect, most
   existing core routers in IP networks are already capable of
   distributing IP traffic flows over ECMP paths and/or LAG based on
   the hash of the five-tuple of UDP/TCP packets (i.e., source IP
   address, destination IP address, source port, destination port, and

   In Practice, there are some Multi-Protocol Label Switching (MPLS)
   application scenarios where the traffic of MPLS applications (e.g.,
   MPLS-based Layer2 Virtual Private Network (L2VPN) or Layer3 Virtual
   Private Network (L3VPN) needs to be transported through IP-based
   tunnels, rather than MPLS tunnels. For example, MPLS-based L2VPN or
   L3VPN technologies may be used for interconnecting geographically
   dispersed enterprise data centers or branch offices across IP Wide
   Area Networks (WAN) where enterprise own router devices are deployed
   as L2VPN or L3VPN PE routers. In this case, the load balance of the
   MPLS application traffic across IP networks is much desirable.

   1.1. Existing Technologies

   With existing IP-based encapsulation methods for MPLS applications,
   such as MPLS-in-IP and MPLS-in-Generic Routing Encapsulation (GRE)
   [RFC4023] or even MPLS-in-Layer Two Tunneling Protocol - Version 3
   (L2TPv3)[RFC4817], distinct customer traffic flows between a given
   PE router pair would be encapsulated with the same IP-based tunnel
   headers prior to traversing the core of the IP WAN. Since the
   encapsulated traffic is neither TCP nor UDP traffic, core routers
   could only perform hash calculation on fields in the IP headers of
   those tunnels (i.e., source IP address, destination IP address). As
   a result, core routers could not achieve a fine-grained load
   balancing of these traffic flows across the network core due to the
   lack of adequate entropy information.

   [RFC5640] describes a method for improving the load balancing
   efficiency in a network carrying Softwire Mesh [RFC5460] service
   over L2TPv3 and GRE encapsulation. However, this method requires
   core routers to be capable of performing hash calculation on the
   "load-balancing" field contained in the tunnel encapsulation headers
   (i.e., the Session ID field in the L2TPv3 header or the Key field in
   the GRE header), which means a non-trivial change to the date plane
   of core routers.

Xu, et al.               Expires May 3, 2013                  [Page 3]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

   1.2. Motivations for MPLS-in-UDP Encapsulation

   On basis of the fact that most existing core routers (i.e., P
   routers in the context of MPLS-based L2VPN or L3VPN) are already
   capable of balancing IP traffic flows over the IP networks based on
   the hash of the five-tuple of UDP/TCP packets, it would be
   advantageous to use MPLS-in-UDP encapsulation instead of MPLS-in-GRE
   or MPLS-in-L2TPv3 in such environments. In this way, the default
   load-balancing capability of existing core routers as mentioned
   above can be utilized directly without requiring any change to them.

2. Terminology

   This memo makes use of the terms defined in [RFC4364] and [RFC4664].

3. Encapsulation in UDP

   MPLS-in-UDP encapsulation format is shown as follows:

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   |    Source Port = entropy      |       Dest Port = MPLS        |
   |           UDP Length          |        UDP Checksum           |
   |                                                               |
   ~                         MPLS Packet                           ~
   |                                                               |

            Source Port of UDP

                This field contains an entropy value that is generated
                by the ingress PE router. For example, the entropy value
                can be generated by performing hash calculation on
                certain fields in the customer packets (e.g., the five
                tuple of UDP/TCP packets).  To ensure that the source
                port number is always in the range 49152 to 65535 which
                may be required in some cases, instead of calculating a
                16-bit hash, the ingress PE router could calculate a 14-
                bit hash and use those 14 bits as the least significant
                bits of the source port field while the most significant
                two bits would be set to binary 11. That still conveys
                14 bits of entropy information which would be enough as
                well in practice.

Xu, et al.               Expires May 3, 2013                  [Page 4]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

            Destination Port of UDP

                This field is set to a value (TBD) indicating the MPLS
                packet encapsulated in the UDP header is a MPLS one or a
                MPLS one with upstream-assigned label.

            UDP Length

                The usage of this field is in accordance with the
                current UDP specification.

            UDP Checksum

                The usage of this field is in accordance with the
                current UDP specification. To simplify the operation on
                egress PE routers, this field is recommended to be set
                to zero.

4. Signaling for Encapsulation in UDP

   It is necessary for two end points of a tunnel to signal the tunnel
   encapsulation attributes in some situations. [RFC5512] specifies
   Border Gateway Protocol (BGP) protocol extensions and the mechanisms
   for BGP routers to signal tunnel encapsulation attributes among them.
   In those MPLS applications (e.g., BGP/MPLS IP VPN [RFC4364]) where
   BGP is used, the approach defined in [RFC 5512] applies to the UDP
   tunneling encapsulation as well by simply requesting a new Tunnel
   Type code for the UDP tunneling encapsulation from IANA.

   Since the UDP tunneling encapsulation may apply to other
   applications besides MPLS, e.g., IP, details about signaling the UDP
   tunnel encapsulation attributes would be described in a separate

5. Processing Procedures

   This MPLS-in-UDP encapsulation causes MPLS packets to be forwarded
   through "UDP tunnels". When performing MPLS-in-UDP encapsulation by
   an ingress PE router, the entropy value would be generated by the
   ingress PE router and then be filled in the Source Port field of the
   UDP header.

   P routers, upon receiving these UDP encapsulated packets, could
   balance these packets based on the hash of the five-tuple of UDP

Xu, et al.               Expires May 3, 2013                  [Page 5]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

   Upon receiving these UDP encapsulated packets, egress PE routers
   would decapsulate them by removing the UDP headers and then process
   them accordingly.

   As for other processing procedures such as preventing fragmentation
   and reassembly, TTL and differentiated services, the corresponding
   procedures defined in [RFC4023] SHOULD be followed.

6. Applicability

   Besides the MPLS-based L3VPN [RFC4364] and L2VPN [RFC4761, RFC4762]
   [E-VPN] applications, MPLS-in-UDP encapsulation could apply to other
   MPLS applications including but not limited to 6PE [RFC4798] and
   PWE3 services.

7. Security Considerations

   Just like MPLS-in-GRE and MPLS-in-IP encapsulation formats, the
   MPLS-in-UDP encapsulation format defined in this document by itself
   cannot ensure the integrity and privacy of data packets being
   transported through the MPLS-in-UDP tunnels and cannot enable the
   tunnel decapsulators to authenticate the tunnel encapsulator. In the
   case where any of the above security issues is concerned, the MPLS-
   in-UDP tunnels SHOULD be secured with IPsec in transport mode. In
   this way, the UDP header would not be seeable to P routers anymore.
   As a result, the meaning of adopting MPLS-in-UDP encapsulation
   format as an alternative to MPLS-in-GRE and MPLS-in-IP encapsulation
   formats is lost. Hence, MPLS-in-UDP encapsulation format SHOULD be
   used only in the scenarios where all the security issues as
   mentioned above are not significant concerns. For example, in a data
   center environment, the whole network including P routers and PE
   routers are under the control of a single administrative entity and
   therefore there is no need to worry about the above security issues.

8. IANA Considerations

   Two distinct UDP destination port numbers indicating MPLS and MPLS
   with upstream-assigned label respectively need to be assigned by

9. Acknowledgements

   Thanks to Shane Amante, Dino Farinacci, Keshava A K, Ivan Pepelnjak,
   Eric Rosen, Andrew G. Malis, Kireeti Kompella, Marshall Eubanks,
   Weiguo Hao, Zhenxiao Liu and Xing Tong for their valuable comments
   on the idea of MPLS-in-UDP encapsulation. Thanks to Daniel King,

Xu, et al.               Expires May 3, 2013                  [Page 6]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

   Gregory Mirsky and Eric Osborne for their valuable reviews on this

10. References

   10.1. Normative References

   [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
             Requirement Levels", BCP 14, RFC 2119, March 1997.

   10.2. Informative References

   [RFC4364] Rosen, E and Y. Rekhter, "BGP/MPLS IP Virtual Private
             Networks (VPNs)", RFC 4364, February 2006.

   [RFC4664] Andersson, L. and Rosen, E. (Editors),"Framework for Layer
             2 Virtual Private Networks (L2VPNs)", RFC 4664, Sept 2006.

   [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
             MPLS in IP or GRE", RFC4023, March 2005.

   [RFC4817] M. Townsley, C. Pignataro, S. Wainner, T. Seely and J.
             Young, " Encapsulation of MPLS over Layer 2 Tunneling
             Protocol Version 3, March 2007.

   [RFC5640] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load-
             Balancing for Mesh Softwires", RFC 5640, August 2009.

   [RFC6391] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan,
             J., and S. Amante, "Flow Aware Transport of Pseudowires
             over an MPLS Packet Switched Network", RFC6391, November

   [RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L.
             Yong, "The Use of Entropy Labels in MPLS Forwarding",
             draft-ietf-mpls-entropy-label-01, work in progress,
             October, 2011.

   [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation
             Subsequent Address Family Identifier (SAFI) and the
             BGP Tunnel Encapsulation Attribute", RFC 5512, April

   [RFC4798] J Declerq et al., "Connecting IPv6 Islands over IPv4 MPLS
             using IPv6 Provider Edge Routers (6PE)", RFC4798, February

Xu, et al.               Expires May 3, 2013                  [Page 7]

Internet-Draft          Encapsulating MPLS in UDP         December 2012

   [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service
             (VPLS) Using BGP for Auto-Discovery and Signaling", RFC
             4761, January 2007.

   [RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service
             (VPLS) Using Label Distribution Protocol (LDP) Signaling",
             RFC 4762, January 2007.

   [E-VPN] Aggarwal et al., "BGP MPLS Based Ethernet VPN", draft-ietf-
             l2vpn-evpn-00.txt, work in progress, February, 2012.

Authors' Addresses

   Xiaohu Xu
   Huawei Technologies,
   Beijing, China
   Phone: +86-10-60610041

   Nischal Sheth
   Contrail Systems

   Lucy Yong
   Huawei USA
   1700 Alma Dr. Suite 500
   Plano, TX  75075, US

   Zhenbin Li
   Huawei Technologies,
   Beijing, China
   Phone: +86-10-60613676

   Yongbing Fan
   China Telecom
   Guangzhou, China.
   Phone: +86 20 38639121

Xu, et al.               Expires May 3, 2013                  [Page 8]