1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
|
Internet Engineering Task Force (IETF) K. Grewal
Request for Comments: 5840 Intel Corporation
Category: Standards Track G. Montenegro
ISSN: 2070-1721 Microsoft Corporation
M. Bhatia
Alcatel-Lucent
April 2010
Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
Abstract
This document describes the Wrapped Encapsulating Security Payload
(WESP) protocol, which builds on the Encapsulating Security Payload
(ESP) RFC 4303 and is designed to allow intermediate devices to (1)
ascertain if data confidentiality is being employed within ESP, and
if not, (2) inspect the IPsec packets for network monitoring and
access control functions. Currently, in the IPsec ESP standard,
there is no deterministic way to differentiate between encrypted and
unencrypted payloads by simply examining a packet. This poses
certain challenges to the intermediate devices that need to deep
inspect the packet before making a decision on what should be done
with that packet (Inspect and/or Allow/Drop). The mechanism
described in this document can be used to easily disambiguate
integrity-only ESP from ESP-encrypted packets, without compromising
on the security provided by ESP.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5840.
Grewal, et al. Standards Track [Page 1]
^L
RFC 5840 WESP for Traffic Visibility April 2010
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents
1. Introduction ....................................................3
1.1. Requirements Language ......................................4
1.2. Applicability Statement ....................................4
2. Wrapped ESP (WESP) Header Format ................................5
2.1. UDP Encapsulation ..........................................8
2.2. Transport and Tunnel Mode Considerations ...................9
2.2.1. Transport Mode Processing ...........................9
2.2.2. Tunnel Mode Processing .............................10
2.3. IKE Considerations ........................................11
3. Security Considerations ........................................12
4. IANA Considerations ............................................13
5. Acknowledgments ................................................13
6. References .....................................................14
6.1. Normative References ......................................14
6.2. Informative References ....................................14
Grewal, et al. Standards Track [Page 2]
^L
RFC 5840 WESP for Traffic Visibility April 2010
1. Introduction
Use of ESP within IPsec [RFC4303] specifies how ESP packet
encapsulation is performed. It also specifies that ESP can provide
data confidentiality and data integrity services. Data integrity
without data confidentiality ("integrity-only ESP") is possible via
the ESP-NULL encryption algorithm [RFC2410] or via combined-mode
algorithms such as AES-GMAC [RFC4543]. The exact encapsulation and
algorithms employed are negotiated out of band using, for example,
Internet Key Exchange Protocol version 2 (IKEv2) [RFC4306] and based
on policy.
Enterprise environments typically employ numerous security policies
(and tools for enforcing them), as related to access control, content
screening, firewalls, network monitoring functions, deep packet
inspection, Intrusion Detection and Prevention Systems (IDS and IPS),
scanning and detection of viruses and worms, etc. In order to
enforce these policies, network tools and intermediate devices
require visibility into packets, ranging from simple packet header
inspection to deeper payload examination. Network security protocols
that encrypt the data in transit prevent these network tools from
performing the aforementioned functions.
When employing IPsec within an enterprise environment, it is
desirable to employ ESP instead of Authentication Header (AH)
[RFC4302], as AH does not work in NAT environments. Furthermore, in
order to preserve the above network monitoring functions, it is
desirable to use integrity-only ESP. In a mixed-mode environment,
some packets containing sensitive data employ a given encryption
cipher suite, while other packets employ integrity-only ESP. For an
intermediate device to unambiguously distinguish which packets are
using integrity-only ESP requires knowledge of all the policies being
employed for each protected session. This is clearly not practical.
Heuristics-based methods can be employed to parse the packets, but
these can be very expensive, requiring numerous rules based on each
different protocol and payload. Even then, the parsing may not be
robust in cases where fields within a given encrypted packet happen
to resemble the fields for a given protocol or heuristic rule. In
cases where the packets may be encrypted, it is also wasteful to
check against heuristics-based rules, when a simple exception policy
(e.g., allow, drop, or redirect) can be employed to handle the
encrypted packets. Because of the non-deterministic nature of
heuristics-based rules for disambiguating between encrypted and non-
encrypted data, an alternative method for enabling intermediate
devices to function in encrypted data environments needs to be
defined. Additionally, there are many types and classes of network
devices employed within a given network and a deterministic approach
provides a simple solution for all of them. Enterprise environments
Grewal, et al. Standards Track [Page 3]
^L
RFC 5840 WESP for Traffic Visibility April 2010
typically use both stateful and stateless packet inspection
mechanisms. The previous considerations weigh particularly heavy on
stateless mechanisms such as router Access Control Lists (ACLs) and
NetFlow exporters. Nevertheless, a deterministic approach provides a
simple solution for the myriad types of devices employed within a
network, regardless of their stateful or stateless nature.
This document defines a mechanism to provide additional information
in relevant IPsec packets so intermediate devices can efficiently
differentiate between encrypted and integrity-only packets.
Additionally, and in the interest of consistency, this extended
format can also be used to carry encrypted packets without loss in
disambiguation.
This document is consistent with the operation of ESP in NAT
environments [RFC3947].
The design principles for this protocol are the following:
o Allow easy identification and parsing of integrity-only IPsec
traffic
o Leverage the existing hardware IPsec parsing engines as much as
possible to minimize additional hardware design costs
o Minimize the packet overhead in the common case
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Applicability Statement
The document is applicable only to the wrapped ESP header defined
below, and does not describe any changes to either ESP [RFC4303] or
the IP Authentication Header (AH) [RFC4302].
There are two well-accepted ways to enable intermediate security
devices to distinguish between encrypted and unencrypted ESP traffic:
- The heuristics approach [Heuristics] has the intermediate node
inspect the unchanged ESP traffic, to determine with extremely high
probability whether or not the traffic stream is encrypted.
Grewal, et al. Standards Track [Page 4]
^L
RFC 5840 WESP for Traffic Visibility April 2010
- The Wrapped ESP (WESP) approach, described in this document, in
contrast, requires the ESP endpoints to be modified to support the
new protocol. WESP allows the intermediate node to distinguish
encrypted and unencrypted traffic deterministically, using a
simpler implementation for the intermediate node.
Both approaches are being documented simultaneously by the IP
Security Maintenance and Extensions (IPsecME) Working Group, with
WESP (this document) as a Standards Track RFC while the heuristics
approach is expected to be published as an Informational RFC. While
endpoints are being modified to adopt WESP, we expect both approaches
to coexist for years because the heuristic approach is needed to
inspect traffic where at least one of the endpoints has not been
modified. In other words, intermediate nodes are expected to support
both approaches in order to achieve good security and performance
during the transition period.
2. Wrapped ESP (WESP) Header Format
Wrapped ESP (WESP) encapsulation uses protocol number 141.
Accordingly, the (outer) protocol header (IPv4, IPv6, or Extension)
that immediately precedes the WESP header SHALL contain the value
(141) in its Protocol (IPv4) or Next Header (IPv6, Extension) field.
WESP provides additional attributes in each packet to assist in
differentiating between encrypted and non-encrypted data, and to aid
in parsing of the packet. WESP follows RFC 4303 for all IPv6 and
IPv4 considerations (e.g., alignment considerations).
This extension essentially acts as a wrapper to the existing ESP
protocol and provides an additional 4 octets at the front of the
existing ESP packet for IPv4. For IPv6, additional padding may be
required and this is described below.
The packet format may be depicted as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Wrapped ESP Header |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Existing ESP Encapsulation |
~ ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: WESP Packet Format
Grewal, et al. Standards Track [Page 5]
^L
RFC 5840 WESP for Traffic Visibility April 2010
By preserving the body of the existing ESP packet format, a compliant
implementation can simply add in the new header, without needing to
change the body of the packet. The value of the new protocol used to
identify this new header is 141. Further details are shown below:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | HdrLen | TrailerLen | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Padding (optional) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Existing ESP Encapsulation |
~ ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Detailed WESP Packet Format
Where:
Next Header, 8 bits: This field MUST be the same as the Next Header
field in the ESP trailer when using ESP in the Integrity-only mode.
When using ESP with encryption, the "Next Header" field looses this
name and semantics and becomes an empty field that MUST be
initialized to all zeros. The receiver MUST do some sanity checks
before the WESP packet is accepted. The receiver MUST ensure that
the Next Header field in the WESP header and the Next Header field in
the ESP trailer match when using ESP in the Integrity-only mode. The
packet MUST be dropped if the two do not match. Similarly, the
receiver MUST ensure that the Next Header field in the WESP header is
an empty field initialized to zero if using WESP with encryption.
The WESP flags dictate if the packet is encrypted.
HdrLen, 8 bits: Offset from the beginning of the WESP header to the
beginning of the Rest of Payload Data (i.e., past the IV, if present
and any other WESP options defined in the future) within the
encapsulated ESP header, in octets. HdrLen MUST be set to zero when
using ESP with encryption. When using integrity-only ESP, the
following HdrLen values are invalid: any value less than 12; any
value that is not a multiple of 4; any value that is not a multiple
of 8 when using IPv6. The receiver MUST ensure that this field
matches with the header offset computed from using the negotiated
Security Association (SA) and MUST drop the packet in case it does
not match.
Grewal, et al. Standards Track [Page 6]
^L
RFC 5840 WESP for Traffic Visibility April 2010
TrailerLen, 8 bits: TrailerLen contains the size of the Integrity
Check Value (ICV) being used by the negotiated algorithms within the
IPsec SA, in octets. TrailerLen MUST be set to zero when using ESP
with encryption. The receiver MUST only accept the packet if this
field matches with the value computed from using the negotiated SA.
This ensures that sender is not deliberately setting this value to
obfuscate a part of the payload from examination by a trusted
intermediary device.
Flags, 8 bits: The bits are defined most-significant-bit (MSB) first,
so bit 0 is the most significant bit of the flags octet.
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
|V V|E|P| Rsvd |
+-+-+-+-+-+-+-+-+
Figure 3: Flags Format
Version (V), 2 bits: MUST be sent as 0 and checked by the receiver.
If the version is different than an expected version number (e.g.,
negotiated via the control channel), then the packet MUST be dropped
by the receiver. Future modifications to the WESP header require a
new version number. In particular, the version of WESP defined in
this document does not allow for any extensions. However, old
implementations will still be able to find the encapsulated cleartext
packet using the HdrLen field from the WESP header, when the 'E' bit
is not set. Intermediate nodes dealing with unknown versions are not
necessarily able to parse the packet correctly. Intermediate
treatment of such packets is policy dependent (e.g., it may dictate
dropping such packets).
Encrypted Payload (E), 1 bit: Setting the Encrypted Payload bit to 1
indicates that the WESP (and therefore ESP) payload is protected with
encryption. If this bit is set to 0, then the payload is using
integrity-only ESP. Setting or clearing this bit also impacts the
value in the WESP Next Header field, as described above. The
recipient MUST ensure consistency of this flag with the negotiated
policy and MUST drop the incoming packet otherwise.
Padding header (P), 1 bit: If set (value 1), the 4-octet padding is
present. If not set (value 0), the 4-octet padding is absent. This
padding MUST be used with IPv6 in order to preserve IPv6 8-octet
alignment. If WESP is being used with UDP encapsulation (see Section
2.1 below) and IPv6, the Protocol Identifier (0x00000002) occupies 4
octets so the IPv6 padding is not needed, as the header is already on
an 8-octet boundary. This padding MUST NOT be used with IPv4, as it
is not needed to guarantee 4-octet IPv4 alignment.
Grewal, et al. Standards Track [Page 7]
^L
RFC 5840 WESP for Traffic Visibility April 2010
Rsvd, 4 bits: Reserved for future use. The reserved bits MUST be
sent as 0, and ignored by the receiver. Future documents defining
any of these bits MUST NOT affect the distinction between encrypted
and unencrypted packets or the semantics of HdrLen. In other words,
even if new bits are defined, old implementations will be able to
find the encapsulated packet correctly. Intermediate nodes dealing
with unknown reserved bits are not necessarily able to parse the
packet correctly. Intermediate treatment of such packets is policy
dependent (e.g., it may dictate dropping such packets).
Future versions of this protocol may change the version number and/or
the reserved bits sent, possibly by negotiating them over the control
channel.
As can be seen, the WESP format extends the standard ESP header by
the first 4 octets for IPv4 and optionally (see above) by 8 octets
for IPv6.
2.1. UDP Encapsulation
This section describes a mechanism for running the new packet format
over the existing UDP encapsulation of ESP as defined in RFC 3948.
This allows leveraging the existing IKE negotiation of the UDP port
for Network Address Translation Traversal (NAT-T) discovery and usage
[RFC3947] [RFC4306], as well as preserving the existing UDP ports for
ESP (port 4500). With UDP encapsulation, the packet format can be
depicted as follows.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Src Port (4500) | Dest Port (4500) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Protocol Identifier (value = 0x00000002) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | HdrLen | TrailerLen | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Existing ESP Encapsulation |
~ ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: UDP-Encapsulated WESP Header
Grewal, et al. Standards Track [Page 8]
^L
RFC 5840 WESP for Traffic Visibility April 2010
Where:
Source/Destination port (4500) and checksum: describes the UDP
encapsulation header, per RFC 3948.
Protocol Identifier: new field to demultiplex between UDP
encapsulation of IKE, UDP encapsulation of ESP per RFC 3948, and the
UDP encapsulation in this specification.
According to RFC 3948, Section 2.2, a 4-octet value of zero (0)
immediately following the UDP header indicates a Non-ESP marker,
which can be used to assume that the data following that value is an
IKE packet. Similarly, a value greater then 255 indicates that the
packet is an ESP packet and the 4-octet value can be treated as the
ESP Security Parameter Index (SPI). However, RFC 4303, Section 2.1
indicates that the values 1-255 are reserved and cannot be used as
the SPI. We leverage that knowledge and use one of these reserved
values to indicate that the UDP encapsulated ESP header contains this
new packet format for ESP encapsulation.
The remaining fields in the packet have the same meaning as per
Section 2 above.
2.2. Transport and Tunnel Mode Considerations
This extension is equally applicable to transport and tunnel mode
where the ESP Next Header field is used to differentiate between
these modes, as per the existing IPsec specifications.
2.2.1. Transport Mode Processing
In transport mode, ESP is inserted after the IP header and before a
next layer protocol, e.g., TCP, UDP, ICMP, etc. The following
diagrams illustrate how WESP is applied to the ESP transport mode for
a typical packet, on a "before and after" basis.
Grewal, et al. Standards Track [Page 9]
^L
RFC 5840 WESP for Traffic Visibility April 2010
BEFORE APPLYING WESP -IPv4
-------------------------------------------------
|orig IP hdr | ESP | | | ESP | ESP|
|(any options)| Hdr | TCP | Data | Trailer | ICV|
-------------------------------------------------
|<---- encryption ---->|
|<------- integrity -------->|
AFTER APPLYING WESP - IPv4
--------------------------------------------------------
|orig IP hdr | WESP | ESP | | | ESP | ESP|
|(any options)| Hdr | Hdr | TCP | Data | Trailer | ICV|
--------------------------------------------------------
|<---- encryption ---->|
|<------- integrity -------->|
BEFORE APPLYING WESP - IPv6
--------------------------------------------------------------
| orig |hop-by-hop,dest*,| |dest| | | ESP | ESP|
|IP hdr|routing,fragment |ESP|opt*|TCP|Data|Trailer| ICV|
--------------------------------------------------------------
|<---- encryption --->|
|<----- integrity ------->|
AFTER APPLYING WESP - IPv6
--------------------------------------------------------------
| orig |hop-by-hop,dest*,| | |dest| | | ESP | ESP|
|IP hdr|routing,fragment |WESP|ESP|opt*|TCP|Data|Trailer| ICV|
--------------------------------------------------------------
|<---- encryption --->|
|<----- integrity ------->|
* = if present, could be before WESP, after ESP, or both
All other considerations are as per RFC 4303.
2.2.2. Tunnel Mode Processing
In tunnel mode, ESP is inserted after the new IP header and before
the original IP header, as per RFC 4303. The following diagram
illustrates how WESP is applied to the ESP tunnel mode for a typical
packet, on a "before-and-after" basis.
Grewal, et al. Standards Track [Page 10]
^L
RFC 5840 WESP for Traffic Visibility April 2010
BEFORE APPLYING WESP - IPv4
---------------------------------------------------------
|new IP hdr* | | orig IP hdr* | | | ESP | ESP|
|(any options)|ESP| (any options) |TCP|Data|Trailer| ICV|
---------------------------------------------------------
|<--------- encryption --------->|
|<----------- integrity ------------>|
AFTER APPLYING WESP - IPv4
--------------------------------------------------------------
|new IP hdr* | | | orig IP hdr* | | | ESP | ESP|
|(any options)|WESP|ESP| (any options) |TCP|Data|Trailer| ICV|
--------------------------------------------------------------
|<--------- encryption --------->|
|<----------- integrity ------------>|
BEFORE APPLYING WESP - IPv6
-----------------------------------------------------------------
|new IP|new ext | |orig IP|orig ext| | | ESP | ESP|
| hdr* | hdrs* |ESP| hdr* | hdrs * |TCP|Data|Trailer| ICV|
-----------------------------------------------------------------
|<--------- encryption ---------->|
|<------------- integrity ----------->|
AFTER APPLYING WESP - IPv6
-----------------------------------------------------------------
|new IP|new ext | | |orig IP|orig ext| | | ESP | ESP|
| hdr* | hdrs* |WESP|ESP| hdr* | hdrs * |TCP|Data|Trailer| ICV|
-----------------------------------------------------------------
|<--------- encryption ---------->|
|<------------- integrity ----------->|
* = if present, construction of outer IP hdr/extensions and
modification of inner IP hdr/extensions is discussed in
the Security Architecture document.
All other considerations are as per RFC 4303.
2.3. IKE Considerations
This document assumes that WESP negotiation is performed using IKEv2.
In order to negotiate the new format of ESP encapsulation via IKEv2
[RFC4306], both parties need to agree to use the new packet format.
This can be achieved using a notification method similar to
USE_TRANSPORT_MODE, defined in RFC 4306.
Grewal, et al. Standards Track [Page 11]
^L
RFC 5840 WESP for Traffic Visibility April 2010
The notification, USE_WESP_MODE (value 16415) MUST be included in a
request message that also includes an SA payload requesting a
CHILD_SA using ESP. It signals that the sender supports the WESP
version defined in the current document and requests that the
CHILD_SA use WESP mode rather than ESP for the SA created. If the
request is accepted, the response MUST also include a notification of
type USE_WESP_MODE. If the responder declines the request, the
CHILD_SA will be established using ESP, as per RFC 4303. If this is
unacceptable to the initiator, the initiator MUST delete the SA.
Note: Except when using this option to negotiate WESP mode, all
CHILD_SAs will use standard ESP.
Negotiation of WESP in this manner preserves all other negotiation
parameters, including NAT-T [RFC3948]. NAT-T is wholly compatible
with this wrapped format and can be used as-is, without any
modifications, in environments where NAT is present and needs to be
taken into account.
WESP version negotiation is not introduced as part of this
specification. If the WESP version is updated in a future
specification, then that document MUST specify how the WESP version
is negotiated.
3. Security Considerations
As this document augments the existing ESP encapsulation format, UDP
encapsulation definitions specified in RFC 3948 and IKE negotiation
of the new encapsulation, the security observations made in those
documents also apply here. In addition, as this document allows
intermediate device visibility into IPsec ESP encapsulated frames for
the purposes of network monitoring functions, care should be taken
not to send sensitive data over connections using definitions from
this document, based on network domain/administrative policy. A
strong key agreement protocol, such as IKEv2, together with a strong
policy engine should be used in determining appropriate security
policy for the given traffic streams and data over which it is being
employed.
ESP is end-to-end and it will be impossible for the intermediate
devices to verify that all the fields in the WESP header are correct.
It is thus possible to modify the WESP header so that the packet
sneaks past a firewall if the fields in the WESP header are set to
something that the firewall will allow. The endpoint thus must
verify the sanity of the WESP header before accepting the packet. In
an extreme case, someone colluding with the attacker, could change
Grewal, et al. Standards Track [Page 12]
^L
RFC 5840 WESP for Traffic Visibility April 2010
the WESP fields back to the original values so that the attack goes
unnoticed. However, this is not a new problem and it already exists
IPsec.
4. IANA Considerations
The WESP protocol number assigned by IANA out of the IP Protocol
Number space is 141.
The USE_WESP_MODE notification number assigned out of the "IKEv2
Notify Message Types - Status Types" registry's 16384-40959 (Expert
Review) range is 16415.
The SPI value of 2 has been assigned by IANA out of the reserved SPI
range from the SPI values registry to indicate use of the WESP
protocol within a UDP-encapsulated, NAT-T environment.
IANA has created a new registry for "WESP Flags" to be managed as
follows:
The first 2 bits are the WESP Version Number. The value 0 is
assigned to the version defined in this specification. Further
assignments of the WESP Version Number are to be managed via the IANA
Policy of "Standards Action" [RFC5226]. For WESP version numbers,
the unassigned values are 1, 2, and 3. The Encrypted Payload bit is
used to indicate if the payload is encrypted or using integrity-only
ESP. The Padding Present bit is used to signal the presence of
padding. The remaining 4 bits of the WESP Flags are undefined and
future assignment is to be managed via the IANA Policy of "IETF
Review" [RFC5226].
5. Acknowledgments
The authors would like to acknowledge the following people for their
feedback on updating the definitions in this document:
David McGrew, Brian Weis, Philippe Joubert, Brian Swander, Yaron
Sheffer, Pasi Eronen, Men Long, David Durham, Prashant Dewan, Marc
Millier, Russ Housley, and Jari Arkko, among others.
Manav Bhatia would also like to acknowledge Swati and Maitri for
their continued support.
Grewal, et al. Standards Track [Page 13]
^L
RFC 5840 WESP for Traffic Visibility April 2010
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm
and Its Use With IPsec", RFC 2410, November 1998.
[RFC3948] Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and
M. Stenberg, "UDP Encapsulation of IPsec ESP Packets",
RFC 3948, January 2005.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
4303, December 2005.
[RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message
Authentication Code (GMAC) in IPsec ESP and AH", RFC
4543, May 2006.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008.
6.2. Informative References
[RFC3947] Kivinen, T., Swander, B., Huttunen, A., and V. Volpe,
"Negotiation of NAT-Traversal in the IKE", RFC 3947,
January 2005.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302, December
2005.
[RFC4306] Kaufman, C., Ed., "Internet Key Exchange (IKEv2)
Protocol", RFC 4306, December 2005.
[Heuristics] Kivinen, T. and D. McDonald, "Heuristics for Detecting
ESP-NULL packets", Work in Progress, March 2010.
Grewal, et al. Standards Track [Page 14]
^L
RFC 5840 WESP for Traffic Visibility April 2010
Authors' Addresses
Ken Grewal
Intel Corporation
2111 NE 25th Avenue, JF3-232
Hillsboro, OR 97124
USA
EMail: ken.grewal@intel.com
Gabriel Montenegro
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA
EMail: gabriel.montenegro@microsoft.com
Manav Bhatia
Alcatel-Lucent
Manyata Embassy
Nagawara Bangalore
India
EMail: manav.bhatia@alcatel-lucent.com
Grewal, et al. Standards Track [Page 15]
^L
|