Cisco Systems

San Jose CA United States of America fmaino@cisco.com

jalemon@meus.us

Innovium

United States of America puneet@acm.org

Cisco Systems

San Jose CA United States of America darlewis@cisco.com

Cisco Systems

San Jose CA 95134 United States of America michsmit@cisco.com

Routing lisp security policy This document describes extensions to the Locator/ID Separation Protocol (LISP) data plane, via changes to the LISP header, to support multiprotocol encapsulation and allow the introduction of new protocol capabilities.

Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

Table of Contents

• .  Introduction
  • .  Conventions
  • .  Definitions of Terms
• .  LISP Header without Protocol Extensions
• .  LISP Generic Protocol Extension (LISP-GPE)
• .  Implementation and Deployment Considerations
  • .  Applicability Statement
  • .  Congestion-Control Functionality
  • .  UDP Checksum
    • .  UDP Zero Checksum Handling with IPv6
  • .  DSCP, ECN, TTL, and 802.1Q
• .  Backward Compatibility
  • .  Detection of ETR Capabilities
• .  IANA Considerations
  • .  LISP-GPE Next Protocol Registry
• .  Security Considerations
• .  References
  • .  Normative References
  • .  Informative References
• Acknowledgments
• Contributors
• Authors' Addresses

Introduction The LISP data plane is defined in . It specifies an encapsulation format that carries IPv4 or IPv6 packets (henceforth jointly referred to as IP) in a LISP header and outer UDP/IP transport. The LISP data plane header does not specify the protocol being encapsulated and, therefore, is currently limited to encapsulating only IP packet payloads. Other protocols, most notably the Virtual eXtensible Local Area Network (VXLAN) protocol (which defines a header format similar to LISP), are used to encapsulate Layer 2 (L2) protocols, such as Ethernet. This document defines an extension for the LISP header, as defined in , to indicate the inner protocol, enabling the encapsulation of Ethernet, IP, or any other desired protocol, all the while ensuring compatibility with existing LISP deployments. A flag in the LISP header -- the P-bit -- is used to signal the presence of the 8-bit 'Next Protocol' field. The 'Next Protocol' field, when present, uses 8 bits of the field that was allocated to the Echo-Noncing and Map-Versioning features in . Those two features are no longer available when the P-bit is used. However, appropriate LISP Generic Protocol Extension (LISP-GPE) shim headers can be defined to specify capabilities that are equivalent to Echo-Noncing and/or Map-Versioning. Since all of the reserved bits of the LISP data plane header have been allocated, LISP-GPE can also be used to extend the LISP data plane header by defining Next Protocol shim headers that implement new data plane functions not supported in the LISP header. For example, the use of the Group-Based Policy (GBP) header or of the In situ Operations, Administration, and Maintenance (IOAM) header with LISP-GPE can be considered an extension to add support in the data plane for GBP functionalities or IOAM metadata.

Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Definitions of Terms This document uses terms already defined in .

LISP Header without Protocol Extensions As described in , the LISP header has no protocol identifier that indicates the type of payload being carried. Because of this, LISP is limited to carrying IP payloads. The LISP header contains a series of flags (some defined, some reserved), a 'Nonce/Map-Version' field, and an 'Instance ID/Locator-Status-Bits' field. The flags provide flexibility to define how the various fields are encoded. Notably, Flag bit 5 is the last reserved bit in the LISP header.

LISP Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|R|K|K| Nonce/Map-Version | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

LISP Generic Protocol Extension (LISP-GPE) This document defines two changes to the LISP header in order to support multiprotocol encapsulation: the introduction of the P-bit and the definition of a 'Next Protocol' field. This document specifies the protocol behavior when the P-bit is set to 1; no changes are introduced when the P-bit is set to 0. The LISP-GPE header is shown in and described below.

LISP-GPE Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|P|K|K| Nonce/Map-Version/Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

P-Bit:

Flag bit 5 is defined as the Next Protocol bit. The P-bit is set to 1 to indicate the presence of the 8-bit 'Next Protocol' field.

If the P-bit is clear (0), the LISP header is bit-by-bit equivalent to the definition in . When the P-bit is set to 1, bits N, E, and V, and bits 8-23 of the 'Nonce/Map-Version/Next Protocol' field MUST be set to zero on transmission and MUST be ignored on receipt. Features equivalent to those that were implemented with bits N, E, and V in , such as Echo-Noncing and Map-Versioning, can be implemented by defining appropriate LISP-GPE shim headers. When the P-bit is set to 1, the LISP-GPE header is encoded as:

LISP-GPE with P-bit Set to 1 0 x 0 0 x 1 x x +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |N|L|E|V|I|P|K|K| 0x0000 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Instance ID/Locator-Status-Bits | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Next Protocol:

When the P-bit is set to 1, the lower 8 bits of the first 32-bit word are used to carry a Next Protocol. This 'Next Protocol' field contains the protocol of the encapsulated payload packet.

This document defines the following Next Protocol values:

0x00:

Reserved

0x01:

IPv4

0x02:

IPv6

0x03:

Ethernet

0x04:

Network Service Header (NSH)

0x05 to 0x7D:

Unassigned

0x7E and 0x7F:

Experimentation and testing

0x80 to 0xFD:

Unassigned (shim headers)

0xFE, 0xFF:

Experimentation and testing (shim headers)

The values are tracked in the IANA "LISP-GPE Next Protocol" registry, as described in . Next Protocol values 0x7E, 0x7F, 0xFE, and 0xFF are assigned for experimentation and testing, as per . Next Protocol values from 0x80 to 0xFD are assigned to protocols encoded as generic shim headers. All shim protocols MUST use the header structure in , which includes a 'Next Protocol' field. When shim headers are used with other protocols identified by Next Protocol values from 0x00 to 0x7F, all the shim headers MUST come first. Shim headers can be used to incrementally deploy new GPE features, keeping the processing of shim headers known to a given Tunnel Router (xTR) implementation in the 'fast' path (typically an Application-Specific Integrated Circuit (ASIC)) while punting the processing of the remaining new GPE features to the 'slow' path. Shim protocols MUST have the first 32 bits defined as:

Shim Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ Protocol-Specific Fields ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Where:

Type:

This field identifies the different messages of this protocol.

Length:

This field indicates the length, in 4-octet units, of this protocol message, not including the first 4 octets.

Reserved:

The use of this field is reserved to the protocol defined in this message.

Next Protocol:

This field contains the protocol of the encapsulated payload. The values are tracked in the IANA "LISP-GPE Next Protocol" registry, as described in .

Implementation and Deployment Considerations

Applicability Statement LISP-GPE conforms, as a UDP-based encapsulation protocol, to the UDP usage guidelines specified in . The applicability of these guidelines is dependent on the underlay IP network and the nature of the encapsulated payload. outlines two applicability scenarios for UDP applications: 1) the general Internet and 2) a controlled environment. A controlled environment means a single administrative domain or adjacent set of cooperating domains. A network in a controlled environment can be managed to operate under certain conditions, whereas, in the general Internet, this cannot be done. Hence, requirements for a tunnel protocol operating under a controlled environment can be less restrictive than the requirements of the general Internet. The LISP-GPE scope of applicability is the same set of use cases covered by for the LISP data plane protocol. The common property of these use cases is a large set of cooperating entities seeking to communicate over the public Internet or other large underlay IP infrastructures while keeping the addressing and topology of the cooperating entities separate from the underlay and Internet topology, routing, and addressing. LISP-GPE is meant to be deployed in network environments operated by a single operator or adjacent set of cooperating network operators that fit with the definition of controlled environments in . For the purpose of this document, a Traffic-Managed Controlled Environment (TMCE), outlined in , is defined as an IP network that is traffic-engineered and/or otherwise managed (e.g., via the use of traffic rate limiters) to avoid congestion. Significant portions of the text in this section are based on . It is the responsibility of the network operators to ensure that the guidelines/requirements in this section are followed as applicable to their LISP-GPE deployments.

Congestion-Control Functionality LISP-GPE does not provide congestion-control functionality and relies on the payload protocol traffic for congestion control. As such, LISP-GPE MUST be used with congestion-controlled traffic or within a network that is traffic managed to avoid congestion (TMCE). An operator of a traffic-managed network (TMCE) may avoid congestion by careful provisioning of their networks, rate limiting of user data traffic, and traffic engineering according to path capacity. Keeping in mind the recommendation above, new encapsulated payloads, when registered with LISP-GPE, MUST be accompanied by a set of guidelines derived from . Such new protocols should be designed for explicit congestion signals to propagate consistently from lower-layer protocols into IP. Then, the IP internetwork layer can act as a portability layer to carry congestion notifications from non-IP-aware congested nodes up to the transport layer (L4). By following the guidelines in , subnetwork designers can enable a Layer 2 protocol to participate in congestion control without dropping packets, via propagation of Explicit Congestion Notification (ECN) data to receivers.

UDP Checksum For IP payloads, specifies how to handle UDP checksums, encouraging implementors to consider UDP checksum usage guidelines in when it is desirable to protect UDP and LISP headers against corruption. In order to protect the integrity of LISP-GPE headers, options, and payloads (for example, to avoid misdelivery of payloads to different tenant systems in the case of data corruption), the outer UDP checksum SHOULD be used with LISP-GPE when transported over IPv4. The UDP checksum provides a statistical guarantee that a payload was not corrupted in transit. These integrity checks are not strong from a coding or cryptographic perspective and are not designed to detect physical-layer errors or malicious modifications of the datagram (see ). In deployments where such a risk exists, an operator SHOULD use additional data integrity mechanisms, such as those offered by IPsec. An operator MAY choose to disable a UDP checksum and use a zero checksum if LISP-GPE packet integrity is provided by other data integrity mechanisms, such as IPsec or additional checksums, or if one of the conditions in (a, b, or c) is met.

UDP Zero Checksum Handling with IPv6 By default, a UDP checksum MUST be used when LISP-GPE is transported over IPv6. A tunnel endpoint MAY be configured for use with a zero UDP checksum if additional requirements described in this section are met. When LISP-GPE is used over IPv6, a UDP checksum is used to protect IPv6 headers, UDP headers, and LISP-GPE headers and payloads from potential data corruption. As such, by default, LISP-GPE MUST use a UDP checksum when transported over IPv6. An operator MAY choose to configure to operate with a zero UDP checksum if operating in a traffic-managed controlled environment, as stated in , if one of the following conditions is met:

1. It is known that packet corruption is exceptionally unlikely (perhaps based on an operator's knowledge of equipment types in their underlay network), and the operator is willing to take the risk of undetected packet corruption.
2. It is determined through observational measurements (perhaps through historic or current traffic flows that use a non-zero checksum) that the level of packet corruption is tolerably low, and the operator is willing to take the risk of undetected corruption.
3. LISP-GPE payloads are carrying applications that are tolerant of misdelivered or corrupted packets (perhaps through higher-layer checksum validation and/or reliability through retransmission).

In addition, LISP-GPE tunnel implementations using a zero UDP checksum MUST meet the following requirements:

1. Use of a UDP checksum over IPv6 MUST be the default configuration for all LISP-GPE tunnels.
2. If LISP-GPE is used with a zero UDP checksum over IPv6, then such xTR implementations MUST meet all the requirements specified in and requirement 1 specified in .
3. The Egress Tunnel Router (ETR) that decapsulates the packet SHOULD check that the source and destination IPv6 addresses are valid for the LISP-GPE tunnel that is configured to receive a zero UDP checksum and discard other packets that fail such checks.
4. The Ingress Tunnel Router (ITR) that encapsulates the packet MAY use different IPv6 source addresses for each LISP-GPE tunnel that uses zero UDP checksum mode in order to strengthen the decapsulator's check of the IPv6 source address (i.e., the same IPv6 source address is not to be used with more than one IPv6 destination address, irrespective of whether that destination address is a unicast or multicast address). When this is not possible, it is RECOMMENDED to use each source address for as few LISP-GPE tunnels that use a zero UDP checksum as is feasible.
5. Measures SHOULD be taken to prevent LISP-GPE traffic over IPv6 with a zero UDP checksum from escaping into the general Internet. Examples of such measures include employing packet filters at the Proxy Egress Tunnel Router (PETR) and/or keeping logical or physical separation of the LISP network from networks in the general Internet.

The above requirements do not change the requirements specified in , , or . The requirement to check the source IPv6 address in addition to the destination IPv6 address, plus the recommendation against the reuse of source IPv6 addresses among LISP-GPE tunnels, collectively provide some mitigation for the absence of UDP checksum coverage of the IPv6 header. A traffic-managed controlled environment that satisfies at least one of the three conditions listed at the beginning of this section provides additional assurance.

DSCP, ECN, TTL, and 802.1Q When encapsulating IP (including over Ethernet) packets, provides guidance for mapping packets that contain Differentiated Services Code Point (DSCP) information between inner and outer IP headers. The Pipe model typically fits better with network virtualization. The DSCP value on the tunnel header is set based on a policy (which may be a fixed value, one based on the inner traffic class, or some other mechanism for grouping traffic). Some aspects of the Uniform model (which treats the inner and outer DSCP value as a single field by copying on ingress and egress) may also apply, such as the ability to remark the inner header on tunnel egress based on transit marking. However, the Uniform model is not conceptually consistent with network virtualization, which seeks to provide strong isolation between encapsulated traffic and the physical network. describes the mechanism for exposing ECN capabilities on IP tunnels and propagating congestion markers to the inner packets. This behavior MUST be followed for IP packets encapsulated in LISP-GPE. Though the Uniform model or the Pipe model could be used for TTL (or Hop Limit in the case of IPv6) handling when tunneling IP packets, the Pipe model is more aligned with network virtualization. provides guidance on handling TTL between inner IP headers and outer IP tunnels; this model is more aligned with the Pipe model and is recommended for use with LISP-GPE for network-virtualization applications. When a LISP-GPE router performs Ethernet encapsulation, the inner 802.1Q 3-bit Priority Code Point ('PCP') field MAY be mapped from the encapsulated frame to the DSCP codepoint of the Differentiated Services ('DS') field defined in . When a LISP-GPE router performs Ethernet encapsulation, the inner-header 802.1Q VLAN Identifier (VID) MAY be mapped to, or used to determine, the LISP 'Instance ID' (IID) field. Refer to for considerations about the use of integrity protection for deployments, such as the public Internet, concerned with on-path attackers.

Backward Compatibility LISP-GPE uses the same UDP destination port (4341) allocated to LISP. When encapsulating IP packets to a non-LISP-GPE-capable router, the P-bit MUST be set to 0. That is, the encapsulation format defined in this document MUST NOT be sent to a router that has not indicated that it supports this specification, because such a router would ignore the P-bit (as described in ) and so would misinterpret the other LISP header fields, possibly causing significant errors.

Detection of ETR Capabilities The discovery of xTR capabilities to support LISP-GPE is out of the scope of this document. Given that the applicability domain of LISP-GPE is a traffic-managed controlled environment, ITR/ETR (xTR) configuration mechanisms may be used for this purpose.

IANA Considerations

LISP-GPE Next Protocol Registry IANA has created a registry called "LISP-GPE Next Protocol". These are 8-bit values. Next Protocol values in the table below are defined in this document. New values are assigned under the Specification Required policy . The protocols that are being assigned values do not themselves need to be IETF Standards Track protocols.

Next Protocol	Description	Reference
0x00	Reserved	RFC 9305
0x01	IPv4	RFC 9305
0x02	IPv6	RFC 9305
0x03	Ethernet	RFC 9305
0x04	NSH	RFC 9305
0x05-0x7D	Unassigned
0x7E-0x7F	Experimentation and testing	RFC 9305
0x80-0xFD	Unassigned (shim headers)
0xFE-0xFF	Experimentation and testing (shim headers)	RFC 9305

Security Considerations LISP-GPE security considerations are similar to the LISP security considerations and mitigation techniques documented in . As is the case for many encapsulations that use optional extensions, LISP-GPE is subject to on-path adversaries that can make arbitrary modifications to the packet (including the P-bit) to change or remove any part of the payload, or claim to encapsulate any protocol payload type. Typical integrity protection mechanisms (such as IPsec) SHOULD be used in combination with LISP-GPE by those protocol extensions that want to protect against on-path attackers. With LISP-GPE, issues such as data plane spoofing, flooding, and traffic redirection may depend on the particular protocol payload encapsulated.

References Normative References IEEE IEEE Std 802.1Q-2014 In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document redefines how the explicit congestion notification (ECN) field of the IP header should be constructed on entry to and exit from any IP-in-IP tunnel. On encapsulation, it updates RFC 3168 to bring all IP-in-IP tunnels (v4 or v6) into line with RFC 4301 IPsec ECN processing. On decapsulation, it updates both RFC 3168 and RFC 4301 to add new behaviours for previously unused combinations of inner and outer headers. The new rules ensure the ECN field is correctly propagated across a tunnel whether it is used to signal one or two severity levels of congestion; whereas before, only one severity level was supported. Tunnel endpoints can be updated in any order without affecting pre-existing uses of the ECN field, thus ensuring backward compatibility. Nonetheless, operators wanting to support two severity levels (e.g., for pre-congestion notification -- PCN) can require compliance with this new specification. A thorough analysis of the reasoning for these changes and the implications is included. In the unlikely event that the new rules do not meet a specific need, RFC 4774 gives guidance on designing alternate ECN semantics, and this document extends that to include tunnelling issues. [STANDARDS-TRACK] RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References Independent Futurewei The purpose of this document is to guide the design of congestion notification in any lower layer or tunnelling protocol that encapsulates IP. The aim is for explicit congestion signals to propagate consistently from lower layer protocols into IP. Then the IP internetwork layer can act as a portability layer to carry congestion notification from non-IP-aware congested nodes up to the transport layer (L4). Following these guidelines should assure interworking among IP layer and lower layer congestion notification mechanisms, whether specified by the IETF or other standards bodies. This document updates the advice to subnetwork designers about ECN in RFC 3819. Work in Progress This document specifies a method by which an IP datagram may be encapsulated (carried as payload) within an IP datagram. [STANDARDS-TRACK] This document defines the IP header field, called the DS (for differentiated services) field. [STANDARDS-TRACK] This document considers the interaction of Differentiated Services (diffserv) with IP tunnels of various forms. This memo provides information for the Internet community. This memo specifies the incorporation of ECN (Explicit Congestion Notification) to TCP and IP, including ECN's use of two bits in the IP header. [STANDARDS-TRACK] When experimenting with or extending protocols, it is often necessary to use some sort of protocol number or constant in order to actually test or experiment with the new function, even when testing in a closed environment. For example, to test a new DHCP option, one needs an option number to identify the new function. This document recommends that when writing IANA Considerations sections, authors should consider assigning a small range of numbers for experimentation purposes that implementers can use when testing protocol extensions or other new features. This document reserves some ranges of numbers for experimentation purposes in specific protocols where the need to support experimentation has been identified. This document updates the IPv6 specification (RFC 2460) to improve performance when a tunnel protocol uses UDP with IPv6 to tunnel packets. The performance improvement is obtained by relaxing the IPv6 UDP checksum requirement for tunnel protocols whose header information is protected on the "inner" packet being carried. Relaxing this requirement removes the overhead associated with the computation of UDP checksums on IPv6 packets that carry the tunnel protocol packets. This specification describes how the IPv6 UDP checksum requirement can be relaxed when the encapsulated packet itself contains a checksum. It also describes the limitations and risks of this approach and discusses the restrictions on the use of this method. This document provides an applicability statement for the use of UDP transport checksums with IPv6. It defines recommendations and requirements for the use of IPv6 UDP datagrams with a zero UDP checksum. It describes the issues and design principles that need to be considered when UDP is used with IPv6 to support tunnel encapsulations, and it examines the role of the IPv6 UDP transport checksum. The document also identifies issues and constraints for deployment on network paths that include middleboxes. An appendix presents a summary of the trade-offs that were considered in evaluating the safety of the update to RFC 2460 that changes the use of the UDP checksum with IPv6. This document describes Virtual eXtensible Local Area Network (VXLAN), which is used to address the need for overlay networks within virtualized data centers accommodating multiple tenants. The scheme and the related protocols can be used in networks for cloud service providers and enterprise data centers. This memo documents the deployed VXLAN protocol for the benefit of the Internet community. This document provides a threat analysis of the Locator/ID Separation Protocol (LISP). The User Datagram Protocol (UDP) provides a minimal message-passing transport that has no inherent congestion control mechanisms. This document provides guidelines on the use of UDP for the designers of applications, tunnels, and other protocols that use UDP. Congestion control guidelines are a primary focus, but the document also provides guidance on other topics, including message sizes, reliability, checksums, middlebox traversal, the use of Explicit Congestion Notification (ECN), Differentiated Services Code Points (DSCPs), and ports. Because congestion control is critical to the stable operation of the Internet, applications and other protocols that choose to use UDP as an Internet transport must employ mechanisms to prevent congestion collapse and to establish some degree of fairness with concurrent traffic. They may also need to implement additional mechanisms, depending on how they use UDP. Some guidance is also applicable to the design of other protocols (e.g., protocols layered directly on IP or via IP-based tunnels), especially when these protocols do not themselves provide congestion control. This document obsoletes RFC 5405 and adds guidelines for multicast UDP usage. This document specifies a method of encapsulating network protocol packets within GRE and UDP headers. This GRE-in-UDP encapsulation allows the UDP source port field to be used as an entropy field. This may be used for load-balancing of GRE traffic in transit networks using existing Equal-Cost Multipath (ECMP) mechanisms. There are two applicability scenarios for GRE-in-UDP with different requirements: (1) general Internet and (2) a traffic-managed controlled environment. The controlled environment has less restrictive requirements than the general Internet. Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460. This document describes a Network Service Header (NSH) imposed on packets or frames to realize Service Function Paths (SFPs). The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the Service Function Chaining (SFC) encapsulation required to support the SFC architecture (defined in RFC 7665). Cisco Systems, Inc. Cisco Systems, Inc. Cisco Systems, Inc. Cisco Systems, Inc. RtBrick Inc. JP Morgan Chase Huawei Network.IO Innovation Lab Mellanox Technologies, Inc. Mellanox Technologies, Inc. Facebook Barefoot Networks Work in Progress Work in Progress

Acknowledgments A special thank you goes to for his guidance and detailed review. Thanks to for the suggestion to assign codepoints for experimentations and testing.

Contributors The editor of this document would like to thank and recognize the following coauthors and contributors for their contributions. These coauthors and contributors provided invaluable concepts and content for this document's creation. Cisco Systems, Inc.

Cisco Systems, Inc.

Cisco Systems, Inc.

Cisco Systems, Inc.

Cisco Systems, Inc.

Broadcom

Innovium

Authors' Addresses Cisco Systems

San Jose CA United States of America fmaino@cisco.com

jalemon@meus.us

Innovium

United States of America puneet@acm.org

Cisco Systems

San Jose CA United States of America darlewis@cisco.com

Cisco Systems

San Jose CA 95134 United States of America michsmit@cisco.com