Network Working Group D. Farinacci
Request for Comments: 2784 T. Li
Category: Standards Track Procket Networks
S. Hanks
Enron Communications
D. Meyer
Cisco Systems
P. Traina
Juniper Networks
March 2000
Network Working Group D. Farinacci
Request for Comments: 2784 T. Li
Category: Standards Track Procket Networks
S. Hanks
Enron Communications
D. Meyer
Cisco Systems
P. Traina
Juniper Networks
March 2000
Generic Routing Encapsulation (GRE)
通用路由封装(GRE)
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
This document specifies a protocol for encapsulation of an arbitrary network layer protocol over another arbitrary network layer protocol.
本文档指定了一种协议,用于将任意网络层协议封装到另一个任意网络层协议上。
A number of different proposals [RFC1234, RFC1226] currently exist for the encapsulation of one protocol over another protocol. Other types of encapsulations [RFC1241, RFC1479] have been proposed for transporting IP over IP for policy purposes. This memo describes a protocol which is very similar to, but is more general than, the above proposals. In attempting to be more general, many protocol specific nuances have been ignored. The result is that this proposal may be less suitable for a situation where a specific "X over Y" encapsulation has been described. It is the attempt of this protocol to provide a simple, general purpose mechanism which reduces the problem of encapsulation from its current O(n^2) size to a more manageable size. This memo purposely does not address the issue of when a packet should be encapsulated. This memo acknowledges, but does not address problems such as mutual encapsulation [RFC1326].
目前存在许多不同的方案[RFC1234、RFC1226],用于将一个协议封装到另一个协议上。出于策略目的,已经提出了其他类型的封装[RFC1241,RFC1479]用于通过IP传输IP。本备忘录描述的协议与上述提案非常相似,但更为一般。在试图更一般化时,忽略了许多特定于协议的细微差别。结果是,该方案可能不太适用于已经描述了特定“X对Y”封装的情况。该协议试图提供一种简单、通用的机制,将封装问题从当前的O(n^2)大小减少到更易于管理的大小。本备忘录故意不涉及何时封装数据包的问题。本备忘录承认但不解决相互封装等问题[RFC1326]。
In the most general case, a system has a packet that needs to be encapsulated and delivered to some destination. We will call this the payload packet. The payload is first encapsulated in a GRE packet. The resulting GRE packet can then be encapsulated in some other protocol and then forwarded. We will call this outer protocol the delivery protocol. The algorithms for processing this packet are discussed later.
在最一般的情况下,一个系统有一个需要封装并发送到某个目的地的数据包。我们将其称为有效载荷包。有效载荷首先封装在GRE数据包中。然后,生成的GRE数据包可以封装在其他协议中,然后转发。我们将此外部协议称为传递协议。稍后将讨论处理此数据包的算法。
Finally this specification describes the intersection of GRE currently deployed by multiple vendors.
最后,本规范描述了当前由多个供应商部署的GRE的交叉点。
The keywords MUST, MUST NOT, MAY, OPTIONAL, REQUIRED, RECOMMENDED, SHALL, SHALL NOT, SHOULD, SHOULD NOT are to be interpreted as defined in RFC 2119 [RFC2119].
关键字必须、不得、可、可选、必需、推荐、应、不应、不应按照RFC 2119[RFC2119]中的定义进行解释。
A GRE encapsulated packet has the form:
GRE封装的数据包具有以下形式:
---------------------------------
| |
| Delivery Header |
| |
---------------------------------
| |
| GRE Header |
| |
---------------------------------
| |
| Payload packet |
| |
---------------------------------
---------------------------------
| |
| Delivery Header |
| |
---------------------------------
| |
| GRE Header |
| |
---------------------------------
| |
| Payload packet |
| |
---------------------------------
This specification is generally concerned with the structure of the GRE header, although special consideration is given to some of the issues surrounding IPv4 payloads.
本规范一般涉及GRE报头的结构,但特别考虑了IPv4有效负载的一些问题。
The GRE packet header has the form:
GRE数据包头的形式如下:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C| Reserved0 | Ver | Protocol Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum (optional) | Reserved1 (Optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If the Checksum Present bit is set to one, then the Checksum and the Reserved1 fields are present and the Checksum field contains valid information. Note that a compliant implementation MUST accept and process this field.
如果校验和当前位设置为1,则校验和和和Reserved1字段存在,并且校验和字段包含有效信息。请注意,符合要求的实现必须接受并处理此字段。
A receiver MUST discard a packet where any of bits 1-5 are non-zero, unless that receiver implements RFC 1701. Bits 6-12 are reserved for future use. These bits MUST be sent as zero and MUST be ignored on receipt.
除非接收机实现RFC 1701,否则接收机必须丢弃位1-5中任何一位非零的数据包。位6-12保留供将来使用。这些位必须作为零发送,并且在接收时必须忽略。
The Version Number field MUST contain the value zero.
版本号字段必须包含值零。
The Protocol Type field contains the protocol type of the payload packet. These Protocol Types are defined in [RFC1700] as "ETHER TYPES" and in [ETYPES]. An implementation receiving a packet containing a Protocol Type which is not listed in [RFC1700] or [ETYPES] SHOULD discard the packet.
协议类型字段包含有效负载数据包的协议类型。这些协议类型在[RFC1700]中定义为“以太类型”和[ETYPES]。接收包含[RFC1700]或[ETYPES]中未列出的协议类型的数据包的实现应丢弃该数据包。
The Checksum field contains the IP (one's complement) checksum sum of the all the 16 bit words in the GRE header and the payload packet. For purposes of computing the checksum, the value of the checksum field is zero. This field is present only if the Checksum Present bit is set to one.
校验和字段包含GRE报头和有效负载数据包中所有16位字的IP(补码)校验和。为了计算校验和,校验和字段的值为零。仅当校验和当前位设置为1时,此字段才存在。
The Reserved1 field is reserved for future use, and if present, MUST be transmitted as zero. The Reserved1 field is present only when the Checksum field is present (that is, Checksum Present bit is set to one).
Reserved1字段保留供将来使用,如果存在,则必须以零传输。仅当校验和字段存在时,Reserved1字段才存在(即,校验和存在位设置为1)。
When IPv4 is being carried as the GRE payload, the Protocol Type field MUST be set to 0x800.
当IPv4作为GRE有效负载承载时,协议类型字段必须设置为0x800。
When a tunnel endpoint decapsulates a GRE packet which has an IPv4 packet as the payload, the destination address in the IPv4 payload packet header MUST be used to forward the packet and the TTL of the payload packet MUST be decremented. Care should be taken when forwarding such a packet, since if the destination address of the payload packet is the encapsulator of the packet (i.e., the other end of the tunnel), looping can occur. In this case, the packet MUST be discarded.
当隧道端点解除对具有IPv4数据包作为有效负载的GRE数据包的封装时,必须使用IPv4有效负载数据包报头中的目标地址转发该数据包,并且必须减小有效负载数据包的TTL。在转发这样的数据包时应小心,因为如果有效负载数据包的目的地址是数据包的封装器(即,隧道的另一端),则可能发生循环。在这种情况下,必须丢弃数据包。
The IPv4 protocol 47 [RFC1700] is used when GRE packets are enapsulated in IPv4. See [RFC1122] for requirements relating to the delivery of packets over IPv4 networks.
IPv4协议47[RFC1700]在IPv4中启用GRE数据包时使用。请参阅[RFC1122],了解与IPv4网络上数据包交付相关的要求。
In RFC 1701, the field described here as Reserved0 contained a number of flag bits which this specification deprecates. In particular, the Routing Present, Key Present, Sequence Number Present, and Strict Source Route bits have been deprecated, along with the Recursion Control field. As a result, the GRE header will never contain the Key, Sequence Number or Routing fields specified in RFC 1701.
在RFC 1701中,此处描述为Reserved0的字段包含许多本规范不赞成使用的标志位。特别是,路由存在、密钥存在、序列号存在和严格源路由位以及递归控制字段已被弃用。因此,GRE报头永远不会包含RFC 1701中指定的密钥、序列号或路由字段。
There are, however, existing implementations of RFC 1701. The following sections describe correct interoperation with such implementations.
然而,RFC1701的现有实现是存在的。以下各节描述了与此类实现的正确互操作。
An implementation complying to this specification will transmit the Reserved0 field set to zero. An RFC 1701 compliant receiver will interpret this as having the Routing Present, Key Present, Sequence Number Present, and Strict Source Route bits set to zero, and will not expect the RFC 1701 Key, Sequence Number or Routing fields to be present.
符合本规范的实现将传输设置为零的Reserved0字段。符合RFC 1701的接收器将解释为将路由存在、密钥存在、序列号存在和严格源路由位设置为零,并且不期望RFC 1701密钥、序列号或路由字段存在。
An RFC 1701 transmitter may set any of the Routing Present, Key Present, Sequence Number Present, and Strict Source Route bits set to one, and thus may transmit the RFC 1701 Key, Sequence Number or Routing fields in the GRE header. As stated in Section 5.3, a packet with non-zero bits in any of bits 1-5 MUST be discarded unless the receiver implements RFC 1701.
RFC 1701发射机可以将路由存在、密钥存在、序列号存在和严格源路由比特中的任何一个设置为1,从而可以在GRE报头中发送RFC 1701密钥、序列号或路由字段。如第5.3节所述,除非接收机实现RFC 1701,否则必须丢弃位1-5中任何一位为非零位的数据包。
Security in a network using GRE should be relatively similar to security in a normal IPv4 network, as routing using GRE follows the same routing that IPv4 uses natively. Route filtering will remain unchanged. However packet filtering requires either that a firewall look inside the GRE packet or that the filtering is done on the GRE tunnel endpoints. In those environments in which this is considered to be a security issue it may be desirable to terminate the tunnel at the firewall.
使用GRE的网络中的安全性应该与正常IPv4网络中的安全性相对类似,因为使用GRE的路由遵循IPv4本机使用的相同路由。路由筛选将保持不变。然而,数据包过滤要求防火墙查看GRE数据包内部,或者在GRE隧道端点上进行过滤。在这些被认为是安全问题的环境中,可能需要在防火墙处终止隧道。
This section considers the assignment of additional GRE Version Numbers and Protocol Types.
本节考虑附加GRE版本号和协议类型的分配。
This document specifies GRE version number 0. GRE version number 1 is used by PPTP [RFC2637]. Additional GRE version numbers are assigned by IETF Consensus as defined in RFC 2434 [RFC2434].
此文档指定GRE版本号0。PPTP[RFC2637]使用GRE版本号1。按照RFC 2434[RFC2434]中的定义,IETF一致同意分配其他GRE版本号。
GRE uses an ETHER Type for the Protocol Type. New ETHER TYPES are assigned by Xerox Systems Institute [RFC1700].
GRE使用乙醚类型作为协议类型。施乐系统研究所[RFC1700]指定了新的乙醚类型。
This document is derived from the original ideas of the authors of RFC 1701 and RFC 1702. Hitoshi Asaeda, Scott Bradner, Randy Bush, Brian Carpenter, Bill Fenner, Andy Malis, Thomas Narten, Dave Thaler, Tim Gleeson and others provided many constructive and insightful comments.
本文件来源于RFC 1701和RFC 1702作者的原始想法。Asaeda Hitoshi、Scott Bradner、Randy Bush、Brian Carpenter、Bill Fenner、Andy Malis、Thomas Narten、Dave Thaler、Tim Gleeson和其他人提供了许多建设性和深刻的评论。
This document specifies the behavior of currently deployed GRE implementations. As such, it does not attempt to address the following known issues:
本文档指定当前部署的GRE实现的行为。因此,它不会试图解决以下已知问题:
o Interaction Path MTU Discovery (PMTU) [RFC1191]
o 交互路径MTU发现(PMTU)[RFC1191]
Existing implementations of GRE, when using IPv4 as the Delivery Header, do not implement Path MTU discovery and do not set the Don't Fragment bit in the Delivery Header. This can cause large packets to become fragmented within the tunnel and reassembled at the tunnel exit (independent of whether the payload packet is using PMTU). If a tunnel entry point were to use Path MTU discovery, however, that tunnel entry point would also need to relay ICMP unreachable error messages (in particular the "fragmentation needed and DF set" code) back to the originator of the packet, which is not a requirement in this specification. Failure to properly relay Path MTU information to an originator can result in the following behavior: the originator sets the don't fragment bit, the packet gets dropped within the tunnel, but since the originator doesn't receive proper feedback, it retransmits with the same PMTU, causing subsequently transmitted packets to be dropped.
当使用IPv4作为传递头时,GRE的现有实现不会实现路径MTU发现,也不会在传递头中设置“不分段”位。这可能导致大数据包在隧道内变得支离破碎,并在隧道出口处重新组装(与有效负载数据包是否使用PMTU无关)。但是,如果隧道入口点要使用路径MTU发现,则该隧道入口点还需要将ICMP无法到达的错误消息(尤其是“需要分段和DF设置”代码)中继回数据包的发起人,这在本规范中不是要求的。未能正确地将路径MTU信息中继给发起者可能会导致以下行为:发起者设置“不分段”位,数据包在隧道内丢弃,但由于发起者没有收到正确的反馈,它会使用相同的PMTU重新传输,导致随后传输的数据包被丢弃。
o IPv6 as Delivery and/or Payload Protocol
o IPv6作为交付和/或有效负载协议
This specification describes the intersection of GRE currently deployed by multiple vendors. IPv6 as delivery and/or payload protocol is not included in the currently deployed versions of GRE.
本规范描述了当前由多个供应商部署的GRE的交叉点。当前部署的GRE版本中不包括IPv6作为交付和/或有效负载协议。
o Interaction with ICMP
o 与ICMP的互动
o Interaction with the Differentiated Services Architecture
o 与区分服务体系结构的交互
o Multiple and Looping Encapsulations
o 多重和循环封装
[ETYPES] ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-
numbers
[ETYPES] ftp://ftp.isi.edu/in-notes/iana/assignments/ethernet-
numbers
[RFC1122] Braden, R., "Requirements for Internet hosts - communication layers", STD 3, RFC 1122, October 1989.
[RFC1122]Braden,R.,“互联网主机的要求-通信层”,标准3,RFC 1122,1989年10月。
[RFC1191] Mogul, J. and S. Deering, "Path MTU Discovery", RFC 1191, November 1990.
[RFC1191]Mogul,J.和S.Deering,“MTU发现路径”,RFC1191,1990年11月。
[RFC1226] Kantor, B., "Internet Protocol Encapsulation of AX.25 Frames", RFC 1226, May 1991.
[RFC1226]Kantor,B.,“AX.25帧的互联网协议封装”,RFC1226,1991年5月。
[RFC1234] Provan, D., "Tunneling IPX Traffic through IP Networks", RFC 1234, June 1991.
[RFC1234]Provan,D.,“通过IP网络隧道IPX流量”,RFC 12342991年6月。
[RFC1241] Woodburn, R. and D. Mills, "Scheme for an Internet Encapsulation Protocol: Version 1", RFC 1241, July 1991.
[RFC1241]Woodburn,R.和D.Mills,“互联网封装协议方案:版本1”,RFC 12411991年7月。
[RFC1326] Tsuchiya, P., "Mutual Encapsulation Considered Dangerous", RFC 1326, May 1992.
[RFC1326]Tsuchiya,P.,“相互封装被认为是危险的”,RFC1326,1992年5月。
[RFC1479] Steenstrup, M., "Inter-Domain Policy Routing Protocol Specification: Version 1", RFC 1479, July 1993.
[RFC1479]Steenstrup,M.,“域间策略路由协议规范:版本1”,RFC 1479,1993年7月。
[RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[RFC1700]Reynolds,J.和J.Postel,“分配的数字”,标准2,RFC 1700,1994年10月。
[RFC1701] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation", RFC 1701, October 1994.
[RFC1701]Hanks,S.,Li,T.,Farinaci,D.和P.Traina,“通用路由封装”,RFC 17011994年10月。
[RFC1702] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation over IPv4 networks", RFC 1702, October 1994.
[RFC1702]Hanks,S.,Li,T.,Farinaci,D.和P.Traina,“IPv4网络上的通用路由封装”,RFC 1702,1994年10月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC2408] Maughan, D., Schertler, M., Schneider, M. and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408, November 1998.
[RFC2408]Maughan,D.,Schertler,M.,Schneider,M.和J.Turner,“互联网安全协会和密钥管理协议(ISAKMP)”,RFC 2408,1998年11月。
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October, 1998.
[RFC2434]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 2434,1998年10月。
[RFC2637] Hamzeh, K., et al., "Point-to-Point Tunneling Protocol (PPTP)", RFC 2637, July, 1999.
[RFC2637]Hamzeh,K.等人,“点对点隧道协议(PPTP)”,RFC 2637,1999年7月。
Dino Farinacci Procket Networks 3850 No. First St., Ste. C San Jose, CA 95134
迪诺·法里纳奇·普罗克特网络公司,地址:圣路易斯第一大街3850号。C加利福尼亚州圣何塞95134
EMail: dino@procket.com
EMail: dino@procket.com
Tony Li Procket Networks 3850 No. First St., Ste. C San Jose, CA 95134
东尼·李·普罗克特网络公司,地址:美国东南部第一大街3850号。C加利福尼亚州圣何塞95134
Phone: +1 408 954 7903
Fax: +1 408 987 6166
EMail: tony1@home.net
Phone: +1 408 954 7903
Fax: +1 408 987 6166
EMail: tony1@home.net
Stan Hanks Enron Communications
斯坦·汉克斯·安然通讯公司
EMail: stan_hanks@enron.net
EMail: stan_hanks@enron.net
David Meyer Cisco Systems, Inc. 170 Tasman Drive San Jose, CA, 95134
David Meyer Cisco Systems,Inc.加利福尼亚州圣何塞塔斯曼大道170号,邮编:95134
EMail: dmm@cisco.com
EMail: dmm@cisco.com
Paul Traina Juniper Networks EMail: pst@juniper.net
Paul Traina Juniper Networks电子邮件:pst@juniper.net
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。