Network working group X. Xu
Internet Draft Huawei
Category: Standard Track N. Sheth
Contrail Systems
L. Yong
Z. Li
Huawei
Y. Fan
China Telecom
Expires: May 2013 December 3, 2012
Encapsulating MPLS in UDP
draft-xu-mpls-in-udp-04
Abstract
Existing technologies to encapsulate MPLS over IP are not adequate
for efficient load balancing across IP networks. This document
specifies additional IP-based encapsulation technology, referred to
as MPLS-in-UDP, which can facilitate the load balancing of MPLS
application traffic, such as L2VPN and L3VPN traffic, across IP
networks.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Xu, et al. Expires May 3, 2013 [Page 1]
Internet-Draft Encapsulating MPLS in UDP December 2012
This Internet-Draft will expire on May 3, 2013.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
Table of Contents
1. Introduction ................................................ 3
1.1. Existing Technologies .................................. 3
1.2. Motivations for MPLS-in-UDP Encapsulation .............. 4
2. Terminology ................................................. 4
3. Encapsulation in UDP......................................... 4
4. Signaling for Encapsulation in UDP .......................... 5
5. Processing Procedures ....................................... 5
6. Applicability ............................................... 6
7. Security Considerations ..................................... 6
8. IANA Considerations ......................................... 6
9. Acknowledgements ............................................ 6
10. References ................................................. 7
10.1. Normative References .................................. 7
10.2. Informative References ................................ 7
Authors' Addresses ............................................. 8
Xu, et al. Expires May 3, 2013 [Page 2]
Internet-Draft Encapsulating MPLS in UDP December 2012
1. Introduction
To fully utilize the bandwidth available in IP networks and/or
facilitate recovery from a link or node failure, load balancing of
traffic over Equal Cost Multi-Path (ECMP) and/or Link Aggregation
Group (LAG) across the IP networks is widely used. In effect, most
existing core routers in IP networks are already capable of
distributing IP traffic flows over ECMP paths and/or LAG based on
the hash of the five-tuple of UDP/TCP packets (i.e., source IP
address, destination IP address, source port, destination port, and
protocol).
In Practice, there are some Multi-Protocol Label Switching (MPLS)
application scenarios where the traffic of MPLS applications (e.g.,
MPLS-based Layer2 Virtual Private Network (L2VPN) or Layer3 Virtual
Private Network (L3VPN) needs to be transported through IP-based
tunnels, rather than MPLS tunnels. For example, MPLS-based L2VPN or
L3VPN technologies may be used for interconnecting geographically
dispersed enterprise data centers or branch offices across IP Wide
Area Networks (WAN) where enterprise own router devices are deployed
as L2VPN or L3VPN PE routers. In this case, the load balance of the
MPLS application traffic across IP networks is much desirable.
1.1. Existing Technologies
With existing IP-based encapsulation methods for MPLS applications,
such as MPLS-in-IP and MPLS-in-Generic Routing Encapsulation (GRE)
[RFC4023] or even MPLS-in-Layer Two Tunneling Protocol - Version 3
(L2TPv3)[RFC4817], distinct customer traffic flows between a given
PE router pair would be encapsulated with the same IP-based tunnel
headers prior to traversing the core of the IP WAN. Since the
encapsulated traffic is neither TCP nor UDP traffic, core routers
could only perform hash calculation on fields in the IP headers of
those tunnels (i.e., source IP address, destination IP address). As
a result, core routers could not achieve a fine-grained load
balancing of these traffic flows across the network core due to the
lack of adequate entropy information.
[RFC5640] describes a method for improving the load balancing
efficiency in a network carrying Softwire Mesh [RFC5460] service
over L2TPv3 and GRE encapsulation. However, this method requires
core routers to be capable of performing hash calculation on the
"load-balancing" field contained in the tunnel encapsulation headers
(i.e., the Session ID field in the L2TPv3 header or the Key field in
the GRE header), which means a non-trivial change to the date plane
of core routers.
Xu, et al. Expires May 3, 2013 [Page 3]
Internet-Draft Encapsulating MPLS in UDP December 2012
1.2. Motivations for MPLS-in-UDP Encapsulation
On basis of the fact that most existing core routers (i.e., P
routers in the context of MPLS-based L2VPN or L3VPN) are already
capable of balancing IP traffic flows over the IP networks based on
the hash of the five-tuple of UDP/TCP packets, it would be
advantageous to use MPLS-in-UDP encapsulation instead of MPLS-in-GRE
or MPLS-in-L2TPv3 in such environments. In this way, the default
load-balancing capability of existing core routers as mentioned
above can be utilized directly without requiring any change to them.
2. Terminology
This memo makes use of the terms defined in [RFC4364] and [RFC4664].
3. Encapsulation in UDP
MPLS-in-UDP encapsulation format is shown as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port = entropy | Dest Port = MPLS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| UDP Length | UDP Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
~ MPLS Packet ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Source Port of UDP
This field contains an entropy value that is generated
by the ingress PE router. For example, the entropy value
can be generated by performing hash calculation on
certain fields in the customer packets (e.g., the five
tuple of UDP/TCP packets). To ensure that the source
port number is always in the range 49152 to 65535 which
may be required in some cases, instead of calculating a
16-bit hash, the ingress PE router could calculate a 14-
bit hash and use those 14 bits as the least significant
bits of the source port field while the most significant
two bits would be set to binary 11. That still conveys
14 bits of entropy information which would be enough as
well in practice.
Xu, et al. Expires May 3, 2013 [Page 4]
Internet-Draft Encapsulating MPLS in UDP December 2012
Destination Port of UDP
This field is set to a value (TBD) indicating the MPLS
packet encapsulated in the UDP header is a MPLS one or a
MPLS one with upstream-assigned label.
UDP Length
The usage of this field is in accordance with the
current UDP specification.
UDP Checksum
The usage of this field is in accordance with the
current UDP specification. To simplify the operation on
egress PE routers, this field is recommended to be set
to zero.
4. Signaling for Encapsulation in UDP
It is necessary for two end points of a tunnel to signal the tunnel
encapsulation attributes in some situations. [RFC5512] specifies
Border Gateway Protocol (BGP) protocol extensions and the mechanisms
for BGP routers to signal tunnel encapsulation attributes among them.
In those MPLS applications (e.g., BGP/MPLS IP VPN [RFC4364]) where
BGP is used, the approach defined in [RFC 5512] applies to the UDP
tunneling encapsulation as well by simply requesting a new Tunnel
Type code for the UDP tunneling encapsulation from IANA.
Since the UDP tunneling encapsulation may apply to other
applications besides MPLS, e.g., IP, details about signaling the UDP
tunnel encapsulation attributes would be described in a separate
document.
5. Processing Procedures
This MPLS-in-UDP encapsulation causes MPLS packets to be forwarded
through "UDP tunnels". When performing MPLS-in-UDP encapsulation by
an ingress PE router, the entropy value would be generated by the
ingress PE router and then be filled in the Source Port field of the
UDP header.
P routers, upon receiving these UDP encapsulated packets, could
balance these packets based on the hash of the five-tuple of UDP
packets.
Xu, et al. Expires May 3, 2013 [Page 5]
Internet-Draft Encapsulating MPLS in UDP December 2012
Upon receiving these UDP encapsulated packets, egress PE routers
would decapsulate them by removing the UDP headers and then process
them accordingly.
As for other processing procedures such as preventing fragmentation
and reassembly, TTL and differentiated services, the corresponding
procedures defined in [RFC4023] SHOULD be followed.
6. Applicability
Besides the MPLS-based L3VPN [RFC4364] and L2VPN [RFC4761, RFC4762]
[E-VPN] applications, MPLS-in-UDP encapsulation could apply to other
MPLS applications including but not limited to 6PE [RFC4798] and
PWE3 services.
7. Security Considerations
Just like MPLS-in-GRE and MPLS-in-IP encapsulation formats, the
MPLS-in-UDP encapsulation format defined in this document by itself
cannot ensure the integrity and privacy of data packets being
transported through the MPLS-in-UDP tunnels and cannot enable the
tunnel decapsulators to authenticate the tunnel encapsulator. In the
case where any of the above security issues is concerned, the MPLS-
in-UDP tunnels SHOULD be secured with IPsec in transport mode. In
this way, the UDP header would not be seeable to P routers anymore.
As a result, the meaning of adopting MPLS-in-UDP encapsulation
format as an alternative to MPLS-in-GRE and MPLS-in-IP encapsulation
formats is lost. Hence, MPLS-in-UDP encapsulation format SHOULD be
used only in the scenarios where all the security issues as
mentioned above are not significant concerns. For example, in a data
center environment, the whole network including P routers and PE
routers are under the control of a single administrative entity and
therefore there is no need to worry about the above security issues.
8. IANA Considerations
Two distinct UDP destination port numbers indicating MPLS and MPLS
with upstream-assigned label respectively need to be assigned by
IANA.
9. Acknowledgements
Thanks to Shane Amante, Dino Farinacci, Keshava A K, Ivan Pepelnjak,
Eric Rosen, Andrew G. Malis, Kireeti Kompella, Marshall Eubanks,
Weiguo Hao, Zhenxiao Liu and Xing Tong for their valuable comments
on the idea of MPLS-in-UDP encapsulation. Thanks to Daniel King,
Xu, et al. Expires May 3, 2013 [Page 6]
Internet-Draft Encapsulating MPLS in UDP December 2012
Gregory Mirsky and Eric Osborne for their valuable reviews on this
draft.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
10.2. Informative References
[RFC4364] Rosen, E and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006.
[RFC4664] Andersson, L. and Rosen, E. (Editors),"Framework for Layer
2 Virtual Private Networks (L2VPNs)", RFC 4664, Sept 2006.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, "Encapsulating
MPLS in IP or GRE", RFC4023, March 2005.
[RFC4817] M. Townsley, C. Pignataro, S. Wainner, T. Seely and J.
Young, " Encapsulation of MPLS over Layer 2 Tunneling
Protocol Version 3, March 2007.
[RFC5640] Filsfils, C., Mohapatra, P., and C. Pignataro, "Load-
Balancing for Mesh Softwires", RFC 5640, August 2009.
[RFC6391] Bryant, S., Filsfils, C., Drafz, U., Kompella, V., Regan,
J., and S. Amante, "Flow Aware Transport of Pseudowires
over an MPLS Packet Switched Network", RFC6391, November
2011
[RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L.
Yong, "The Use of Entropy Labels in MPLS Forwarding",
draft-ietf-mpls-entropy-label-01, work in progress,
October, 2011.
[RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation
Subsequent Address Family Identifier (SAFI) and the
BGP Tunnel Encapsulation Attribute", RFC 5512, April
2009.
[RFC4798] J Declerq et al., "Connecting IPv6 Islands over IPv4 MPLS
using IPv6 Provider Edge Routers (6PE)", RFC4798, February
2007.
Xu, et al. Expires May 3, 2013 [Page 7]
Internet-Draft Encapsulating MPLS in UDP December 2012
[RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service
(VPLS) Using BGP for Auto-Discovery and Signaling", RFC
4761, January 2007.
[RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service
(VPLS) Using Label Distribution Protocol (LDP) Signaling",
RFC 4762, January 2007.
[E-VPN] Aggarwal et al., "BGP MPLS Based Ethernet VPN", draft-ietf-
l2vpn-evpn-00.txt, work in progress, February, 2012.
Authors' Addresses
Xiaohu Xu
Huawei Technologies,
Beijing, China
Phone: +86-10-60610041
Email: xuxiaohu@huawei.com
Nischal Sheth
Contrail Systems
Email: nsheth@contrailsystems.com
Lucy Yong
Huawei USA
1700 Alma Dr. Suite 500
Plano, TX 75075, US
Email: lucyyong@huawei.com
Zhenbin Li
Huawei Technologies,
Beijing, China
Phone: +86-10-60613676
Email: lizhenbin@huawei.com
Yongbing Fan
China Telecom
Guangzhou, China.
Phone: +86 20 38639121
Email: fanyb@gsta.com
Xu, et al. Expires May 3, 2013 [Page 8]