draft-ietf-idr-tunnel-encaps-07.txt   draft-ietf-idr-tunnel-encaps-08.txt 
IDR Working Group E. Rosen, Ed. IDR Working Group E. Rosen, Ed.
Internet-Draft Juniper Networks, Inc. Internet-Draft Juniper Networks, Inc.
Obsoletes: 5512 (if approved) K. Patel Obsoletes: 5512 (if approved) K. Patel
Intended status: Standards Track Arrcus Intended status: Standards Track Arrcus
Expires: January 18, 2018 G. Van de Velde Expires: July 15, 2018 G. Van de Velde
Nokia Nokia
July 17, 2017 January 11, 2018
The BGP Tunnel Encapsulation Attribute The BGP Tunnel Encapsulation Attribute
draft-ietf-idr-tunnel-encaps-07 draft-ietf-idr-tunnel-encaps-08
Abstract Abstract
RFC 5512 defines a BGP Path Attribute known as the "Tunnel RFC 5512 defines a BGP Path Attribute known as the "Tunnel
Encapsulation Attribute". This attribute allows one to specify a set Encapsulation Attribute". This attribute allows one to specify a set
of tunnels. For each such tunnel, the attribute can provide the of tunnels. For each such tunnel, the attribute can provide the
information needed to create the tunnel and the corresponding information needed to create the tunnel and the corresponding
encapsulation header. The attribute can also provide information encapsulation header. The attribute can also provide information
that aids in choosing whether a particular packet is to be sent that aids in choosing whether a particular packet is to be sent
through a particular tunnel. RFC 5512 states that the attribute is through a particular tunnel. RFC 5512 states that the attribute is
skipping to change at page 1, line 43 skipping to change at page 1, line 43
This document obsoletes RFC 5512. This document obsoletes RFC 5512.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 18, 2018. This Internet-Draft will expire on July 15, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
skipping to change at page 2, line 44 skipping to change at page 2, line 44
3.2.3. NVGRE . . . . . . . . . . . . . . . . . . . . . . . . 13 3.2.3. NVGRE . . . . . . . . . . . . . . . . . . . . . . . . 13
3.2.4. L2TPv3 . . . . . . . . . . . . . . . . . . . . . . . 14 3.2.4. L2TPv3 . . . . . . . . . . . . . . . . . . . . . . . 14
3.2.5. GRE . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.5. GRE . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.6. MPLS-in-GRE . . . . . . . . . . . . . . . . . . . . . 15 3.2.6. MPLS-in-GRE . . . . . . . . . . . . . . . . . . . . . 15
3.3. Outer Encapsulation Sub-TLVs . . . . . . . . . . . . . . 16 3.3. Outer Encapsulation Sub-TLVs . . . . . . . . . . . . . . 16
3.3.1. IPv4 DS Field . . . . . . . . . . . . . . . . . . . . 16 3.3.1. IPv4 DS Field . . . . . . . . . . . . . . . . . . . . 16
3.3.2. UDP Destination Port . . . . . . . . . . . . . . . . 17 3.3.2. UDP Destination Port . . . . . . . . . . . . . . . . 17
3.4. Sub-TLVs for Aiding Tunnel Selection . . . . . . . . . . 17 3.4. Sub-TLVs for Aiding Tunnel Selection . . . . . . . . . . 17
3.4.1. Protocol Type Sub-TLV . . . . . . . . . . . . . . . . 17 3.4.1. Protocol Type Sub-TLV . . . . . . . . . . . . . . . . 17
3.4.2. Color Sub-TLV . . . . . . . . . . . . . . . . . . . . 17 3.4.2. Color Sub-TLV . . . . . . . . . . . . . . . . . . . . 17
3.5. Embedded Label Handling Sub-TLV . . . . . . . . . . . . . 17 3.5. Embedded Label Handling Sub-TLV . . . . . . . . . . . . . 18
3.6. MPLS Label Stack Sub-TLV . . . . . . . . . . . . . . . . 18 3.6. MPLS Label Stack Sub-TLV . . . . . . . . . . . . . . . . 19
3.7. Prefix-SID Sub-TLV . . . . . . . . . . . . . . . . . . . 20 3.7. Prefix-SID Sub-TLV . . . . . . . . . . . . . . . . . . . 20
4. Extended Communities Related to the Tunnel Encapsulation 4. Extended Communities Related to the Tunnel Encapsulation
Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 21
4.1. Encapsulation Extended Community . . . . . . . . . . . . 21 4.1. Encapsulation Extended Community . . . . . . . . . . . . 21
4.2. Router's MAC Extended Community . . . . . . . . . . . . . 22 4.2. Router's MAC Extended Community . . . . . . . . . . . . . 23
4.3. Color Extended Community . . . . . . . . . . . . . . . . 23 4.3. Color Extended Community . . . . . . . . . . . . . . . . 23
5. Semantics and Usage of the Tunnel Encapsulation 5. Semantics and Usage of the Tunnel Encapsulation
attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 23 attribute . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6. Routing Considerations . . . . . . . . . . . . . . . . . . . 27 6. Routing Considerations . . . . . . . . . . . . . . . . . . . 27
6.1. No Impact on BGP Decision Process . . . . . . . . . . . . 27 6.1. No Impact on BGP Decision Process . . . . . . . . . . . . 27
6.2. Looping, Infinite Stacking, Etc. . . . . . . . . . . . . 27 6.2. Looping, Infinite Stacking, Etc. . . . . . . . . . . . . 27
7. Recursive Next Hop Resolution . . . . . . . . . . . . . . . . 28 7. Recursive Next Hop Resolution . . . . . . . . . . . . . . . . 28
8. Use of Virtual Network Identifiers and Embedded Labels 8. Use of Virtual Network Identifiers and Embedded Labels
when Imposing a Tunnel Encapsulation . . . . . . . . . . . . 29 when Imposing a Tunnel Encapsulation . . . . . . . . . . . . 29
skipping to change at page 3, line 31 skipping to change at page 3, line 31
10. Scoping . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 10. Scoping . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 33 11. Error Handling . . . . . . . . . . . . . . . . . . . . . . . 33
12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34
12.1. Subsequent Address Family Identifiers . . . . . . . . . 34 12.1. Subsequent Address Family Identifiers . . . . . . . . . 34
12.2. BGP Path Attributes . . . . . . . . . . . . . . . . . . 35 12.2. BGP Path Attributes . . . . . . . . . . . . . . . . . . 35
12.3. Extended Communities . . . . . . . . . . . . . . . . . . 35 12.3. Extended Communities . . . . . . . . . . . . . . . . . . 35
12.4. BGP Tunnel Encapsulation Attribute Sub-TLVs . . . . . . 35 12.4. BGP Tunnel Encapsulation Attribute Sub-TLVs . . . . . . 35
12.5. Tunnel Types . . . . . . . . . . . . . . . . . . . . . . 36 12.5. Tunnel Types . . . . . . . . . . . . . . . . . . . . . . 36
13. Security Considerations . . . . . . . . . . . . . . . . . . . 36 13. Security Considerations . . . . . . . . . . . . . . . . . . . 36
14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 14. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37
15. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 38 15. Contributor Addresses . . . . . . . . . . . . . . . . . . . . 37
16. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 38
16.1. Normative References . . . . . . . . . . . . . . . . . . 38 16.1. Normative References . . . . . . . . . . . . . . . . . . 38
16.2. Informative References . . . . . . . . . . . . . . . . . 38 16.2. Informative References . . . . . . . . . . . . . . . . . 38
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 41
1. Introduction 1. Introduction
This document obsoletes RFC 5512. The deficiencies of RFC 5512, and This document obsoletes RFC 5512. The deficiencies of RFC 5512, and
a summary of the changes made, are discussed in Sections 1.1-1.3. a summary of the changes made, are discussed in Sections 1.1-1.3.
The material from RFC 5512 that is retained has been incorporated The material from RFC 5512 that is retained has been incorporated
skipping to change at page 5, line 43 skipping to change at page 5, line 43
o Allowing the Tunnel Encapsulation attribute to be carried by BGP o Allowing the Tunnel Encapsulation attribute to be carried by BGP
UPDATEs of additional AFI/SAFIs. Appropriate semantics are UPDATEs of additional AFI/SAFIs. Appropriate semantics are
provided for this way of using the attribute. provided for this way of using the attribute.
o Defining a number of new sub-TLVs that provide additional o Defining a number of new sub-TLVs that provide additional
information that is useful when forming the encapsulation header information that is useful when forming the encapsulation header
used to send a packet through a particular tunnel. used to send a packet through a particular tunnel.
o Defining the sub-TLV type field so that a sub-TLV whose type is in o Defining the sub-TLV type field so that a sub-TLV whose type is in
the range from 1 to 127 inclusive has a one-octet length field, the range from 0 to 127 inclusive has a one-octet length field,
but a sub-TLV whose type is in the range from 128 to 254 inclusive but a sub-TLV whose type is in the range from 128 to 255 inclusive
has a two-octet length field. has a two-octet length field.
One of the sub-TLVs defined in [RFC5512] is the "Encapsulation sub- One of the sub-TLVs defined in [RFC5512] is the "Encapsulation sub-
TLV". For a given tunnel, the encapsulation sub-TLV specifies some TLV". For a given tunnel, the encapsulation sub-TLV specifies some
of the information needed to construct the encapsulation header used of the information needed to construct the encapsulation header used
when sending packets through that tunnel. This document defines when sending packets through that tunnel. This document defines
encapsulation sub-TLVs for a number of tunnel types not discussed in encapsulation sub-TLVs for a number of tunnel types not discussed in
[RFC5512]: VXLAN (Virtual Extensible Local Area Network, [RFC7348]), [RFC5512]: VXLAN (Virtual Extensible Local Area Network, [RFC7348]),
VXLAN-GPE (Generic Protocol Extension for VXLAN, [VXLAN-GPE]), NVGRE VXLAN-GPE (Generic Protocol Extension for VXLAN, [VXLAN-GPE]), NVGRE
(Network Virtualization Using Generic Routing Encapsulation (Network Virtualization Using Generic Routing Encapsulation
skipping to change at page 8, line 7 skipping to change at page 8, line 7
| | | |
+-----------------------------------+ +-----------------------------------+
Figure 2: Tunnel Encapsulation Sub-TLV Format Figure 2: Tunnel Encapsulation Sub-TLV Format
o Sub-TLV Type (1 octet): each sub-TLV type defines a certain o Sub-TLV Type (1 octet): each sub-TLV type defines a certain
property about the tunnel TLV that contains this sub-TLV. property about the tunnel TLV that contains this sub-TLV.
o Sub-TLV Length (1 or 2 octets): the total number of octets of the o Sub-TLV Length (1 or 2 octets): the total number of octets of the
sub-TLV value field. The Sub-TLV Length field contains 1 octet if sub-TLV value field. The Sub-TLV Length field contains 1 octet if
the Sub-TLV Type field contains a value in the range from 1-127. the Sub-TLV Type field contains a value in the range from 0-127.
The Sub-TLV Length field contains two octets if the Sub-TLV Type The Sub-TLV Length field contains two octets if the Sub-TLV Type
field contains a value in the range from 128-254. field contains a value in the range from 128-255.
o Sub-TLV Value (variable): encodings of the value field depend on o Sub-TLV Value (variable): encodings of the value field depend on
the sub-TLV type as enumerated above. The following sub-sections the sub-TLV type as enumerated above. The following sub-sections
define the encoding in detail. define the encoding in detail.
3. Tunnel Encapsulation Attribute Sub-TLVs 3. Tunnel Encapsulation Attribute Sub-TLVs
In this section, we specify a number of sub-TLVs. These sub-TLVs can In this section, we specify a number of sub-TLVs. These sub-TLVs can
be included in a TLV of the Tunnel Encapsulation attribute. be included in a TLV of the Tunnel Encapsulation attribute.
skipping to change at page 17, line 43 skipping to change at page 17, line 43
IPv4 (protocol type = 0x0800), IPv6 (protocol type = 0x86dd), and IPv4 (protocol type = 0x0800), IPv6 (protocol type = 0x86dd), and
MPLS (protocol type = 0x8847), respectively. This informs the MPLS (protocol type = 0x8847), respectively. This informs the
ingress routers of the appropriate encapsulation information to use ingress routers of the appropriate encapsulation information to use
with each of the given protocol types. Insertion of the specified with each of the given protocol types. Insertion of the specified
Session ID at the ingress routers allows the egress to process the Session ID at the ingress routers allows the egress to process the
incoming packets correctly, according to their protocol type. incoming packets correctly, according to their protocol type.
3.4.2. Color Sub-TLV 3.4.2. Color Sub-TLV
The color sub-TLV MAY be encoded as a way to "color" the The color sub-TLV MAY be encoded as a way to "color" the
corresponding tunnel TLV. The value field of the sub-TLV consists of corresponding tunnel TLV. The value field of the sub-TLV is eight
a Color Extended Community, as defined in Section 4.3. For the use octets long, and consists of a Color Extended Community, as defined
of this sub-TLV and Extended Community, please see Section 7. in Section 4.3. For the use of this sub-TLV and Extended Community,
please see Section 7.
Note that the high-order octet of this sub-TLV's value field MUST be
set to 3, and the next octet MUST be set to 0x0b. (Otherwise the
value field is not identical to a Color Extended Community.)
If a Color sub-TLV is not of the proper length, or the first two
octets of its value field are not 0x030b, the sub-TLV should be
treated as if it were an unrecognized sub-TLV (see Section 11).
3.5. Embedded Label Handling Sub-TLV 3.5. Embedded Label Handling Sub-TLV
Certain BGP address families (corresponding to particular AFI/SAFI Certain BGP address families (corresponding to particular AFI/SAFI
pairs, e.g., 1/4, 2/4, 1/128, 2/128) have MPLS labels embedded in pairs, e.g., 1/4, 2/4, 1/128, 2/128) have MPLS labels embedded in
their NLRIs. We will use the term "embedded label" to refer to the their NLRIs. We will use the term "embedded label" to refer to the
MPLS label that is embedded in an NLRI, and the term "labeled address MPLS label that is embedded in an NLRI, and the term "labeled address
family" to refer to any AFI/SAFI that has embedded labels. family" to refer to any AFI/SAFI that has embedded labels.
Some of the tunnel types (e.g., VXLAN, VXLAN-GPE, and NVGRE) that can Some of the tunnel types (e.g., VXLAN, VXLAN-GPE, and NVGRE) that can
skipping to change at page 35, line 7 skipping to change at page 35, line 7
12. IANA Considerations 12. IANA Considerations
12.1. Subsequent Address Family Identifiers 12.1. Subsequent Address Family Identifiers
IANA is requested to modify the "Subsequent Address Family IANA is requested to modify the "Subsequent Address Family
Identifiers" registry to indicate that the Encapsulation SAFI is Identifiers" registry to indicate that the Encapsulation SAFI is
deprecated. This document should be the reference. deprecated. This document should be the reference.
12.2. BGP Path Attributes 12.2. BGP Path Attributes
IANA has assigned value 23 from the "BGP Path Attributes" Registry, IANA has previously assigned value 23 from the "BGP Path Attributes"
to "Tunnel Encapsulation Attribute". IANA is requested to add this Registry to "Tunnel Encapsulation Attribute". IANA is requested to
document as a reference. add this document as a reference.
12.3. Extended Communities 12.3. Extended Communities
IANA has assigned values from the "Transitive Opaque Extended IANA has previously assigned values from the "Transitive Opaque
Community" type Registry to the "Color Extended Community" (sub-type Extended Community" type Registry to the "Color Extended Community"
0x0b), and to the "Encapsulation Extended Community"(0x030c). IANA (sub-type 0x0b), and to the "Encapsulation Extended
is requested to add this document as a reference for both Community"(0x030c). IANA is requested to add this document as a
assignments. reference for both assignments.
12.4. BGP Tunnel Encapsulation Attribute Sub-TLVs 12.4. BGP Tunnel Encapsulation Attribute Sub-TLVs
IANA is requested to add the following note to the "BGP Tunnel IANA is requested to add the following note to the "BGP Tunnel
Encapsulation Attribute Sub-TLVs" registry: Encapsulation Attribute Sub-TLVs" registry:
If the Sub-TLV Type is in the range from 1 to 127 inclusive, the If the Sub-TLV Type is in the range from 0 to 127 inclusive, the
Sub-TLV Length field contains one octet. If the Sub-TLV Type is Sub-TLV Length field contains one octet. If the Sub-TLV Type is
in the range from 128-254 inclusive, the Sub-TLV Length field in the range from 128-255 inclusive, the Sub-TLV Length field
contains two octets. contains two octets.
IANA is requested to change the registration policy of the "BGP IANA is requested to change the registration policy of the "BGP
Tunnel Encapsulation Attribute Sub-TLVs" registry to the following: Tunnel Encapsulation Attribute Sub-TLVs" registry to the following:
o The values 0 and 255 are reserved. o The values 0 and 255 are reserved.
o The values in the range 1-63 and 128-191 are to be allocated using o The values in the range 1-63 and 128-191 are to be allocated using
the "Standards Action" registration procedure. the "Standards Action" registration procedure.
o The values in the range 64-125 and 192-252 are to be allocated o The values in the range 64-125 and 192-252 are to be allocated
using the "First Come, First Served" registration procedure. using the "First Come, First Served" registration procedure.
o The values in the range 126-127 and 253-254 are reserved for o The values in the range 126-127 and 253-254 are reserved for
experimental use; IANA shall not allocate values from this range. experimental use; IANA shall not allocate values from this range.
IANA is requested to assign a codepoint, from the range 1-63 of the IANA has assigned the following codepoints in the "BGP Tunnel
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry, for "Remote Encapsulation Attribute Sub-TLVs registry:
Endpoint", with this document being the reference.
IANA is requested to assign a codepoint, from the range 1-63 of the 6: Remote Endpoint
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry, for "IPv4 DS
Field", with this document being the reference.
IANA is requested to assign a codepoint, from the range 1-63 of the 7: IPv4 DS Field
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry for "UDP
Destination Port", with this document being the reference.
IANA is requested to assign a codepoint, from the range 1-63 of the 8: UDP Destination Port
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry, for "Embedded
Label Handling", with this document being the reference.
IANA is requested to assign a codepoint, from the range 1-63 of the 9: Embedded Label Handling
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry, for "MPLS 10: MPLS Label Stack
Label Stack", with this document being the reference.
IANA is requested to assign a codepoint, from the range 1-63 of the 11: Prefix SID
"BGP Tunnel Encapsulation Attribute Sub-TLVs" registry, for "Prefix
SID", with this document being the reference.
IANA has assigned codepoints from the "BGP Tunnel Encapsulation IANA has previously assigned codepoints from the "BGP Tunnel
Attribute Sub-TLVs" registry for "Encapsulation", "Protocol Type", Encapsulation Attribute Sub-TLVs" registry for "Encapsulation",
and "Color". IANA is requested to add this document as a reference. "Protocol Type", and "Color". IANA is requested to add this document
as a reference.
12.5. Tunnel Types 12.5. Tunnel Types
IANA is requested to add this document as a reference for tunnel IANA is requested to add this document as a reference for tunnel
types 8 (VXLAN), 9 (NVGRE), 11 (MPLS-in-GRE), and 12 (VXLAN-GPE) in types 8 (VXLAN), 9 (NVGRE), 11 (MPLS-in-GRE), and 12 (VXLAN-GPE) in
the "BGP Tunnel Encapsulation Tunnel Types" registry. the "BGP Tunnel Encapsulation Tunnel Types" registry.
IANA is requested to assign a codepoint from the "BGP Tunnel
Encapsulation Tunnel Types" registry for "GTP".
IANA is requested to add this document as a reference for tunnel IANA is requested to add this document as a reference for tunnel
types 1 (L2TPv3), 2 (GRE), and 7 (IP in IP) in the "BGP Tunnel types 1 (L2TPv3), 2 (GRE), and 7 (IP in IP) in the "BGP Tunnel
Encapsulation Tunnel Types" registry. Encapsulation Tunnel Types" registry.
13. Security Considerations 13. Security Considerations
The Tunnel Encapsulation attribute can cause traffic to be diverted The Tunnel Encapsulation attribute can cause traffic to be diverted
from its normal path, especially when the Remote Endpoint sub-TLV is from its normal path, especially when the Remote Endpoint sub-TLV is
used. This can have serious consequences if the attribute is added used. This can have serious consequences if the attribute is added
or modified illegitimately, as it enables traffic to be "hijacked". or modified illegitimately, as it enables traffic to be "hijacked".
skipping to change at page 37, line 26 skipping to change at page 37, line 11
One then has some level of assurance that the tunneled traffic is One then has some level of assurance that the tunneled traffic is
going to the same destination AS that it would have gone to had the going to the same destination AS that it would have gone to had the
Tunnel Encapsulation attribute not been present. However, this may Tunnel Encapsulation attribute not been present. However, this may
not suit all use cases, and in any event is not very strong not suit all use cases, and in any event is not very strong
protection against hijacking. protection against hijacking.
For these reasons, BGP Origin Validation should not be relied upon For these reasons, BGP Origin Validation should not be relied upon
exclusively, and the filtering procedures of Section 10 should always exclusively, and the filtering procedures of Section 10 should always
be in place. be in place.
Increased protection can be obtained by using BGP Path Validation Increased protection can be obtained by using BGPSEC [RFC8205] to
[BGPSEC] to ensure that the route carrying the Tunnel Encapsulation ensure that the route carrying the Tunnel Encapsulation attribute,
attribute, and the routes to the Remote Endpoint of each specified and the routes to the Remote Endpoint of each specified tunnel, have
tunnel, have not been altered illegitimately. not been altered illegitimately.
If BGP Origin Validation is used as specified above, and the tunnel If BGP Origin Validation is used as specified above, and the tunnel
specified in a particular TLV of a Tunnel Encapsulation attribute is specified in a particular TLV of a Tunnel Encapsulation attribute is
therefore regarded as "suspicious", that tunnel should not be used. therefore regarded as "suspicious", that tunnel should not be used.
Other tunnels specified in (other TLVs of) the Tunnel Encapsulation Other tunnels specified in (other TLVs of) the Tunnel Encapsulation
attribute may still be used. attribute may still be used.
14. Acknowledgments 14. Acknowledgments
This document contains text from RFC5512, co-authored by Pradosh This document contains text from RFC5512, co-authored by Pradosh
Mohapatra. The authors of the current document wish to thank Pradosh Mohapatra. The authors of the current document wish to thank Pradosh
for his contribution. RFC5512 itself built upon prior work by Gargi for his contribution. RFC5512 itself built upon prior work by Gargi
Nalawade, Ruchi Kapoor, Dan Tappan, David Ward, Scott Wainner, Simon Nalawade, Ruchi Kapoor, Dan Tappan, David Ward, Scott Wainner, Simon
Barber, and Chris Metz, whom we also thank for their contributions. Barber, and Chris Metz, whom we also thank for their contributions.
The authors wish to thank Lou Berger, Ron Bonica, Martin Djaernes, The authors wish to thank Lou Berger, Ron Bonica, Martin Djernaes,
John Drake, Satoru Matsushima, Dhananjaya Rao, John Scudder, Ravi John Drake, Satoru Matsushima, Dhananjaya Rao, John Scudder, Ravi
Singh, Thomas Morin, Xiaohu Xu, and Zhaohui Zhang for their review, Singh, Thomas Morin, Xiaohu Xu, and Zhaohui Zhang for their review,
comments, and/or helpful discussions. comments, and/or helpful discussions.
15. Contributor Addresses 15. Contributor Addresses
Below is a list of other contributing authors in alphabetical order: Below is a list of other contributing authors in alphabetical order:
Randy Bush Randy Bush
Internet Initiative Japan Internet Initiative Japan
skipping to change at page 38, line 32 skipping to change at page 38, line 28
Email: robert@raszuk.net Email: robert@raszuk.net
16. References 16. References
16.1. Normative References 16.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation
Subsequent Address Family Identifier (SAFI) and the BGP Subsequent Address Family Identifier (SAFI) and the BGP
Tunnel Encapsulation Attribute", RFC 5512, Tunnel Encapsulation Attribute", RFC 5512,
DOI 10.17487/RFC5512, April 2009, DOI 10.17487/RFC5512, April 2009,
<http://www.rfc-editor.org/info/rfc5512>. <https://www.rfc-editor.org/info/rfc5512>.
[RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K. [RFC7606] Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
Patel, "Revised Error Handling for BGP UPDATE Messages", Patel, "Revised Error Handling for BGP UPDATE Messages",
RFC 7606, DOI 10.17487/RFC7606, August 2015, RFC 7606, DOI 10.17487/RFC7606, August 2015,
<http://www.rfc-editor.org/info/rfc7606>. <https://www.rfc-editor.org/info/rfc7606>.
16.2. Informative References 16.2. Informative References
[BGPSEC] Lepinski, M. and S. Turner, "An Overview of BGPsec",
internet-draft draft-ietf-sidr-bgpsec-overview-08, June
2016.
[Ethertypes] [Ethertypes]
"IANA Ethertype Registry", "IANA Ethertype Registry",
<http://www.iana.org/assignments/ieee-802-numbers/ <http://www.iana.org/assignments/ieee-802-numbers/
ieee-802-numbers.xhtml>. ieee-802-numbers.xhtml>.
[EVPN-Inter-Subnet] [EVPN-Inter-Subnet]
Sajassi, A., Salem, S., Thoria, S., Drake, J., Rabadan, Sajassi, A., Salem, S., Thoria, S., Drake, J., Rabadan,
J., and L. Yong, "Integrated Routing and Bridging in J., and L. Yong, "Integrated Routing and Bridging in
EVPN", internet-draft draft-ietf-bess-evpn-inter-subnet- EVPN", internet-draft draft-ietf-bess-evpn-inter-subnet-
forwarding-03, February 2017. forwarding-03, February 2017.
[Prefix-SID-Attribute] [Prefix-SID-Attribute]
Previdi, S., Filsfils, C., Lindem, A., Patel, K., Previdi, S., Filsfils, C., Lindem, A., Patel, K.,
Sreekantiah, A., Ray, S., and H. Gredler, "Segment Routing Sreekantiah, A., and H. Gredler, "Segment Routing Prefix
Prefix SID extensions for BGP", internet-draft draft-ietf- SID extensions for BGP", internet-draft draft-ietf-idr-
idr-bgp-prefix-sid-06, June 2017. bgp-prefix-sid-09, January 2018.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS "Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474, Field) in the IPv4 and IPv6 Headers", RFC 2474,
DOI 10.17487/RFC2474, December 1998, DOI 10.17487/RFC2474, December 1998,
<http://www.rfc-editor.org/info/rfc2474>. <https://www.rfc-editor.org/info/rfc2474>.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
DOI 10.17487/RFC2784, March 2000, DOI 10.17487/RFC2784, March 2000,
<http://www.rfc-editor.org/info/rfc2784>. <https://www.rfc-editor.org/info/rfc2784>.
[RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE", [RFC2890] Dommety, G., "Key and Sequence Number Extensions to GRE",
RFC 2890, DOI 10.17487/RFC2890, September 2000, RFC 2890, DOI 10.17487/RFC2890, September 2000,
<http://www.rfc-editor.org/info/rfc2890>. <https://www.rfc-editor.org/info/rfc2890>.
[RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
<http://www.rfc-editor.org/info/rfc3032>. <https://www.rfc-editor.org/info/rfc3032>.
[RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed., [RFC3931] Lau, J., Ed., Townsley, M., Ed., and I. Goyret, Ed.,
"Layer Two Tunneling Protocol - Version 3 (L2TPv3)", "Layer Two Tunneling Protocol - Version 3 (L2TPv3)",
RFC 3931, DOI 10.17487/RFC3931, March 2005, RFC 3931, DOI 10.17487/RFC3931, March 2005,
<http://www.rfc-editor.org/info/rfc3931>. <https://www.rfc-editor.org/info/rfc3931>.
[RFC4023] Worster, T., Rekhter, Y., and E. Rosen, Ed., [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, Ed.,
"Encapsulating MPLS in IP or Generic Routing Encapsulation "Encapsulating MPLS in IP or Generic Routing Encapsulation
(GRE)", RFC 4023, DOI 10.17487/RFC4023, March 2005, (GRE)", RFC 4023, DOI 10.17487/RFC4023, March 2005,
<http://www.rfc-editor.org/info/rfc4023>. <https://www.rfc-editor.org/info/rfc4023>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
2006, <http://www.rfc-editor.org/info/rfc4364>. 2006, <https://www.rfc-editor.org/info/rfc4364>.
[RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching [RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching
(MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
Class" Field", RFC 5462, DOI 10.17487/RFC5462, February Class" Field", RFC 5462, DOI 10.17487/RFC5462, February
2009, <http://www.rfc-editor.org/info/rfc5462>. 2009, <https://www.rfc-editor.org/info/rfc5462>.
[RFC5566] Berger, L., White, R., and E. Rosen, "BGP IPsec Tunnel [RFC5566] Berger, L., White, R., and E. Rosen, "BGP IPsec Tunnel
Encapsulation Attribute", RFC 5566, DOI 10.17487/RFC5566, Encapsulation Attribute", RFC 5566, DOI 10.17487/RFC5566,
June 2009, <http://www.rfc-editor.org/info/rfc5566>. June 2009, <https://www.rfc-editor.org/info/rfc5566>.
[RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP [RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP
Encodings and Procedures for Multicast in MPLS/BGP IP Encodings and Procedures for Multicast in MPLS/BGP IP
VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012, VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012,
<http://www.rfc-editor.org/info/rfc6514>. <https://www.rfc-editor.org/info/rfc6514>.
[RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R.
Austein, "BGP Prefix Origin Validation", RFC 6811, Austein, "BGP Prefix Origin Validation", RFC 6811,
DOI 10.17487/RFC6811, January 2013, DOI 10.17487/RFC6811, January 2013,
<http://www.rfc-editor.org/info/rfc6811>. <https://www.rfc-editor.org/info/rfc6811>.
[RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, [RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
L., Sridhar, T., Bursell, M., and C. Wright, "Virtual L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
eXtensible Local Area Network (VXLAN): A Framework for eXtensible Local Area Network (VXLAN): A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3 Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014, Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<http://www.rfc-editor.org/info/rfc7348>. <https://www.rfc-editor.org/info/rfc7348>.
[RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black, [RFC7510] Xu, X., Sheth, N., Yong, L., Callon, R., and D. Black,
"Encapsulating MPLS in UDP", RFC 7510, "Encapsulating MPLS in UDP", RFC 7510,
DOI 10.17487/RFC7510, April 2015, DOI 10.17487/RFC7510, April 2015,
<http://www.rfc-editor.org/info/rfc7510>. <https://www.rfc-editor.org/info/rfc7510>.
[RFC7637] Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network [RFC7637] Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network
Virtualization Using Generic Routing Encapsulation", Virtualization Using Generic Routing Encapsulation",
RFC 7637, DOI 10.17487/RFC7637, September 2015, RFC 7637, DOI 10.17487/RFC7637, September 2015,
<http://www.rfc-editor.org/info/rfc7637>. <https://www.rfc-editor.org/info/rfc7637>.
[RFC8205] Lepinski, M., Ed. and K. Sriram, Ed., "BGPsec Protocol
Specification", RFC 8205, DOI 10.17487/RFC8205, September
2017, <https://www.rfc-editor.org/info/rfc8205>.
[VXLAN-GPE] [VXLAN-GPE]
Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol
Extension for VXLAN", internet-draft draft-ietf-nvo3- Extension for VXLAN", internet-draft draft-ietf-nvo3-
vxlan-gpe, April 2017. vxlan-gpe, October 2017.
Authors' Addresses Authors' Addresses
Eric C. Rosen (editor) Eric C. Rosen (editor)
Juniper Networks, Inc. Juniper Networks, Inc.
10 Technology Park Drive 10 Technology Park Drive
Westford, Massachusetts 01886 Westford, Massachusetts 01886
United States United States
Email: erosen@juniper.net Email: erosen@juniper.net
 End of changes. 48 change blocks. 
82 lines changed or deleted 78 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/