Network Working Group P. Christian
Request for Comments: 3147 Nortel Networks
Category: Informational July 2001
Generic Routing Encapsulation over CLNS Networks
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document proposes a method for transporting an arbitrary
protocol over a CLNS (Connectionless Network Service) network using
GRE (Generic Routing Encapsulation). This may then be used as a
method to tunnel IPv4 or IPv6 over CLNS.
1. IntrodUCtion
RFC2784 Generic Routing Encapsulation (GRE) [1] provides a standard
method for transporting one arbitrary network layer protocol over
another arbitrary network layer protocol.
RFC1702 Generic Routing Encapsulation over IPv4 networks [2]
provides a standard method for transporting an arbitrary network
layer protocol over IPv4 using GRE.
However no standard method exists for transporting other network
layer protocols over CLNS. This causes lack of interoperability
between different vendors' products as they provide solutions to
migrate from CLNS networks to IP networks. This is a problem
specifically in, but not limited to, the context of management
networks for SONET and SDH networks elements.
Large networks exist for the purpose of providing management
communications for SONET and SDH network elements. Standards
Bellcore GR-253-CORE [3] and ITU-T G.784 [4] mandate that these
networks are based on CLNS.
Many vendors have already started to offer SONET and SDH products
that are managed by IP instead of CLNS and a general migration from
CLNS towards IP is anticipated within the industry.
Part of any migration strategy from CLNS to IP should provide for the
co-existence of both CLNS managed and IP managed network elements in
the same network.
Such a migration strategy should foresee the need to manage existing
CLNS managed network elements that become isolated by a new IP
network. Such a scenario may be tackled by tunnelling CLNP PDUs over
IP using the existing GRE standard RFC2784 [1] and informational RFC
1702 [2]. Networks have already been deployed that use this method.
Such a migration strategy should also foresee the need to manage new
IP managed network elements that are installed on the far side of
existing CLNS managed network. Such a scenario requires a method for
tunnelling IP over CLNS.
2. GRE over CLNS advantages
Using GRE to tunnel IP over CLNS offers some advantages.
In the absence of a standard for tunnelling IP over CLNS, GRE as
specified in RFC2784 [1] is the most applicable standard that
exists.
The move from CLNS to IP comes at a time when IP is itself
migrating from IPv4 to IPv6. GRE defines a method to tunnel any
protocol that has an Ethernet Protocol Type. Therefore by
defining a method for CLNS to transport GRE, a method will then
exist for CLNS to transport any other protocol that has an
Ethernet Protocol Type defined in RFC1700 [5]. Thus GRE over
CLNS can be used to tunnel both IPv4 and IPv6.
GRE is already commonly used to tunnel CLNP PDUs over IP and so
using GRE to tunnel IP over CLNS gives a common approach to
tunnelling and may simplify software within network elements that
initiate and terminate tunnels.
The only disadvantage of using GRE is the extra minimum of four bytes
that will be used between CLNP header and IP payload packet. Given
the large size of CLNP headers this will not make a significant
difference to the performance of any network that has IP over CLNP
PDUs present on it.
3. Transporting GRE packets over CLNS.
It is suggested that GRE should be transported over CLNS at the
lowest layer possible, which is as a transport layer protocol over
the network layer. This can be achieved by placing the entire GRE
packet inside a CLNP Data Type PDU (DT PDU) as data payload.
The GRE packet is a GRE packet as defined in RFC2784 [1], in other
Words GRE header plus payload packet.
Data payload is the part of a Data PDU that is described as "Data" in
the structure of a Data PDU in ISO/IEC 8473-1 [6].
For convenience the structure of a Data PDU is reproduced from
ISO/IEC 8473-1 [6] below:
Octet
----------------------------------------
Network Layer Protocol Identifier 1
----------------------------------------
Length Indicator 2
----------------------------------------
Version/Protocol Id Extension 3
----------------------------------------
Lifetime 4
----------------------------------------
SP MS E/R Type 5
----------------------------------------
Segment Length 6,7
----------------------------------------
Checksum 8,9
----------------------------------------
Destination Address Length Indicator 10
----------------------------------------
11
Destination Address
m-1
----------------------------------------
Source Address Length Indicator m
----------------------------------------
m+1
Source Address
n-1
----------------------------------------
Data Unit Identifier n,n+1
----------------------------------------
Segment Offset n+2,n+3
----------------------------------------
Total Length n+4,n+5
----------------------------------------
n+6
Options
p
----------------------------------------
p+1
Data ( GRE packet )
z
----------------------------------------
4. NSAP selector (N-SEL) value.
Transport of GRE packets is a new type of Network Service (NS) user.
Different Network Service users are identified by using different
NSAP selector bytes also known as N-SEL bytes.
This is a similar concept to the use of the IP Protocol Type used in
IP packets.
Whilst it is not strictly necessary for all vendors to use the same
N-SEL values, they must use the same N-SEL value for it to be
possible for one vendor's CLNS device or network element to initiate
a GRE tunnel which is then terminated on a different vendor's CLNS
device.
Although N-SEL values (other than zero) are not defined in CLNS/CLNP
standards, some are defined when CLNS is used in SONET networks by
Bellcore GR-253-CORE [3] whilst others are in common use.
As the IP protocol number for GRE is 47, as defined in RFC1702 [2],
and as 47 is not commonly used as an N-SEL value, it is suggested
that 47 (decimal) should be used as an N-SEL value to indicate to the
CLNS stack that the Data portion of the Data Type PDU contains a GRE
packet.
The N-SEL byte should be set to 47 (decimal) in both the source
address and the destination address of the CLNP PDU.
The N-SEL value of 47 should indicate only that the payload is GRE,
and the device or network element that transmits the PDU should use
the GRE header to indicate what protocol (for example IPv4 or IPv6)
is encapsulated within the GRE packet in conformance with RFC2784
[1]. Similarly the device or network element that receives the PDU
should then inspect the GRE header to ascertain what protocol is
contained within the GRE packet in conformance with RFC2784 [1].
5. Segmentation Permitted (SP) value.
It is recommended that the SP flag in all CLNP PDUs containing GRE
packets should be set.
If the SP flag is not set, and a CLNP PDU is too large for a
particular link, then a CLNS device or network element will drop the
PDU. The originator of the packet that is inside the GRE packet will
not have visibility of the packet loss or the reason for the packet
loss, and a black hole may form.
6. Interaction with Path MTU Discovery (PMTU), RFC1191 [7].
A tunnel entry point for a GRE tunnel should treat IP packets that
are bigger than the MTU size of the GRE tunnel as per RFC1191 [7].
If the oversize IP packet that is about to enter the GRE tunnel does
not have its Don't Fragment (DF) bit set then it should be fragmented
before entering the tunnel.
If the oversize IP packet that is about to enter the GRE tunnel has
its DF bit set then the packet should be discarded, and an ICMP
unreachable error message (in particular the "fragmentation needed
and DF set" code) should be sent back to the originator of the packet
as described in RFC1191 [7].
7. Security Considerations
CLNS and GRE do not provide any security when employed in the way
recommended in this document.
If security is required, then it must be provided by other methods
and applied to the payload protocol before it is transported by GRE
over CLNS.
8. References
[1] Farinacci, D., Li, T., Hanks, S., Meyer, D. and P. Traina,
"Generic Routing Encapsulation (GRE)", RFC2784, March 2000.
[2] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing
Encapsulation over IPv4", RFC1702, October 1994.
[3] Bellcore Publication GR-253-Core "Synchronous Optical Network
(SONET) Transport Systems: Common Generic Criteria", January 1999
[4] ITU-T Recommendation G.784 "Synchronous Digital Hierarchy (SDH)
management", June 1999
[5] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC1700,
October 1994.
[6] "Information technology - Protocol for providing the
connectionless-mode network service", ISO/IEC 8473-1, 1994
[7] Mogul, J. and S. Deering, "Path MTU Discovery", RFC1191,
November 1990.
9. Acknowledgements
Chris Murton, Paul Fee, Mike Tate for their contribution in writing
this document.
10. Author's Address
Philip Christian
Nortel Networks Harlow Laboratories
London Road, Harlow,
Essex, CM17 9NA UK
EMail: christi@nortelnetworks.com
11. Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise eXPlain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFCEditor function is currently provided by the
Internet Society.