Network Working Group L. Yong Internet Draft Huawei Technologies, USA Category: Standard Track Expires: January 2014 July 13, 2013 GRE-in-UDP Encapsulation for Service Chaining draft-yong-gre-in-udp-encap-4-service-chaining-00.txt Abstract This document proposes use of the GRE-in-UDP encapsulation [GRE-in- UDP] for the packet encapsulation in service chaining. Status of this document This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on January 13, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. Yong & Xu Expires August 13, 2013 [Page 1] Internet-Draft GRE-in-UDP Encap. for Service Chaining July 2013 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction...................................................3 1.1. Conventions used in this document.........................3 2. GRE-in-UDP Encapsulation for Service Chaining..................3 3. Procedures.....................................................5 4. Security Considerations........................................5 5. IANA Considerations............................................6 6. References.....................................................6 6.1. Normative References......................................6 6.2. Informative References....................................6 Yong [Page 2] Internet-Draft GRE-in-UDP Encap. for Service Chaining July 2013 1. Introduction New Data Center and Cloud applications drive more flexible to deploy the services including network services such as firewall and load balancing, etc. To achieve that, the service chain technology is necessary.[SC-PS] [NSC-PS] Service chain denotes a sequence of service processes applying to flow packets before flow packets being delivered to the destination. Service Chaining refers to the mechanism of building service chains. [SC-REQ] IP forwarding is based on the IP destination address on the packet. Applying service chain technology in an IP network, the flow packets need to be forward along the service chain path not the shortest path. Therefore, directly forwarding on IP destination address on packets will not work. Hop-by-hop tunneling the flow packets along a service chain path is a way to address the issue. In addition, some service information are necessary to be inserted on the flow packets.[NSH] This document proposes use of the GRE-in-UDP encapsulation [GRE-in- UDP] for the packet encapsulation in the service chaining. The encapsulation allows a network protocol to be tunneled over an IP network. The payload type is identified in the protocol type field in GRE header and the flow entropy may be encoded in the UDP source port. The latter supports the network load balancing per flow basis. The benefit of this encapsulation scheme is not burning UDP ports for the payload identification and supports IP ECMP without changing existing transit routers. 1.1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. 2. GRE-in-UDP Encapsulation for Service Chaining Following figure illustrates the format of GRE-in-UDP encapsulation for service chaining with IPv4 outer headers. The IP protocol is filled with 17 (UDP). When the outer header is IPv6, the next header field is encoded with 17 (UDP). Yong [Page 3] Internet-Draft GRE-in-UDP Encap. for Service Chaining July 2013 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 IPv4 Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live |Protcol=17[UDP]| Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IPv4 Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ UDP Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port = entropy | Dest Port = GRE-in-UDP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | UDP Length | UDP Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GRE Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| |0|0| Reserved0 | Ver |Proto Type=Service Chain (TBD) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Server Chain Header: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Chain Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Chain Data (Variable) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Original Payload: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Original Payload ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1 The format for Service Chaining Encapsulation In this encapsulation format, the UDP source port is for flow entropy. The value can be derived from the original payload header; Yong [Page 4] Internet-Draft GRE-in-UDP Encap. for Service Chaining July 2013 the UDP destination port has a registered port value for GRE-in-UDP. The protocol type field in GRE header is used to indicate tunneled protocol type. To support Service Chaining application, the document proposes allocating a new protocol type for Service Chaining. In addition, for this application, the bits for checksum, key present, and sequence in GRE header MUST be clear. The usages of other fields in udp and gre headers MUST comply with the specification in the GRE-in-UDP document [GRE-in-UDP]. Service header and data are inserted at the front of the original payload before adding gre-in-ugp encapsulation. The original payload may be an IP, Ethernet, MPLS, etc. 3. Procedures When the first service node in the service chain such as service classifier receives a packet and needs to send it to the next service node, it inserts the service data and service header on the packet first, performs the gre-in-udp encapsulation with the Service Chaining protocol type, and then adds IP header on the packet with the next service node IP address as the destination IP address and its IP address as the source IP address. When a transit service node in the service chain receives a packet, it decapsulates the packet and performs the service. When it needs to forward the packet to next service node, it performs the gre-in- udp encapsulation and adds IP outer header before sending the packet out. Note that, the transit service node may modify the service header and/or data on the packet. When the last service node in the service chain completes the service process on a packet, it removes the service header and data, and forwards the original payload directly. The gre-in-udp encapsulation process MUST comply with the procedures specified in the GRE-in-UDP Encapsulation document [GRE-in-UDP]. 4. Security Considerations Coming soon. Yong [Page 5] Internet-Draft GRE-in-UDP Encap. for Service Chaining July 2013 5. IANA Considerations Request to allocate a protocol type value for Service Chaining. 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC2119, March 1997. 6.2. Informative References [GRE-in-UDP] Crabbe, E. Yong, L., and Xu, X. "Generic UDP Encapsulation for IP Tunneling", draft-yong-tsvwg-gre-in- udp-encap-01, work in progress. [NHS] Quinn, P., et al, "Network Service Header", draft-quinn-nsh- 01.txt, work in progress. [NSC-PS] Guichard, J., et al, "Network Service Chaining Problem Statement", draft-quinn-nsc-problem-statement-00.txt, work in progress. [SC-PS] Dunbar, L. and Eastlake, D., "Layer 4-7 Service Chain problem statement", draft-dunbar-l4-l7-sc-problem- statement-00.txt, work in progress. [SC-REQ] Li, H. and Jiang Y., "Requirements for Service Chaining", draft-li-service-chaining-requirements-00 , work in progress. Authors' Addresses Lucy Yong Huawei Technologies 5340 Legacy Drive Plano, TX 75025 U.S.A Phone: 469-277-5837 Email: lucy.yong@huawei.com Yong [Page 6]