idnits 2.17.1 draft-ietf-conex-destopt-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 1 instance of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: A ConEx sender SHOULD set the reserved bits in the CDO to zero. Other nodes SHOULD not interpret these bits. -- The document date (February 14, 2014) is 3721 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFCXXXX' is mentioned on line 307, but not defined -- No information found for draft-ietf-ConEx-abstract-mech - is the name correct? -- Possible downref: Normative reference to a draft: ref. 'CAM' ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Downref: Normative reference to an Informational RFC: RFC 6789 Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ConEx Working Group S. Krishnan 3 Internet-Draft Ericsson 4 Intended status: Standards Track M. Kuehlewind 5 Expires: August 18, 2014 IKR University of Stuttgart 6 C. Ucendo 7 Telefonica 8 February 14, 2014 10 IPv6 Destination Option for ConEx 11 draft-ietf-conex-destopt-06 13 Abstract 15 ConEx is a mechanism by which senders inform the network about the 16 congestion encountered by packets earlier in the same flow. This 17 document specifies an IPv6 destination option that is capable of 18 carrying ConEx markings in IPv6 datagrams. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 18, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions used in this document . . . . . . . . . . . . . . 2 56 3. Requirements for the coding of ConEx in IPv6 . . . . . . . . 2 57 4. ConEx Destination Option (CDO) . . . . . . . . . . . . . . . 3 58 5. Implementation in the fast path of ConEx-aware routers . . . 5 59 6. Compatibility with use of IPsec . . . . . . . . . . . . . . . 6 60 7. DDoS mitigation by using preferential drop . . . . . . . . . 6 61 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 62 9. Security Considerations . . . . . . . . . . . . . . . . . . . 7 63 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 64 11. Normative References . . . . . . . . . . . . . . . . . . . . 7 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 67 1. Introduction 69 ConEx [CAM] is a mechanism by which senders inform the network about 70 the congestion encountered by packets earlier in the same flow. This 71 document specifies an IPv6 destination option [RFC2460] that can be 72 used for performing ConEx markings in IPv6 datagrams. 74 The ConEx information can be used by any network element on the path 75 to e.g. do traffic management or egress policing. Additionally this 76 information will potentially be used by an audit function that checks 77 the integrity of the sender's signaling. 79 2. Conventions used in this document 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in [RFC2119]. 85 3. Requirements for the coding of ConEx in IPv6 87 R-1: The marking mechanism needs to be visible to all ConEx-capable 88 nodes on the path. 90 R-2: The mechanism needs to be able to traverse nodes that do not 91 understand the markings. This is required to ensure that ConEx can 92 be incrementally deployed over the Internet. 94 R-3: The presence of the marking mechanism should not significantly 95 alter the processing of the packet. This is required to ensure that 96 ConEx marked packets do not face any undue delays or drops due to a 97 badly chosen mechanism. 99 R-4: The markings should be immutable once set by the sender. At the 100 very least, any tampering should be detectable. 102 Based on these requirements four solutions to implement the ConEx 103 information in the IPv6 header have been investigated: hop-by-hop 104 options, destination options, using IPv6 header bits (from the flow 105 label), and new extension headers. After evaluating the different 106 solutions, the wg concluded that only the use of a destination option 107 would fulfil the requirements. 109 4. ConEx Destination Option (CDO) 111 The ConEx Destination Option (CDO) is a destination option that can 112 be included in IPv6 datagrams that are sent by ConEx-aware senders in 113 order to inform ConEx-aware nodes on the path about the congestion 114 encountered by packets earlier in the same flow. The CDO has an 115 alignment requirement of (none). 117 0 1 2 3 118 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 120 | Option Type | Option Length | 121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 122 |X|L|E|C| Reserved | 123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 125 Figure 1: ConEx Destination Option Layout 127 Option Type 129 8-bit identifier of the type of option. The option identifier 130 for the ConEx destination option will be allocated by the IANA. 132 Option Length 134 8-bit unsigned integer. The length of the option (excluding 135 the Option Type and Option Length fields). This field MUST be 136 set to the value 4. 138 X Bit 140 When this bit is set, the transport sender is using ConEx with 141 this packet. If it is not set, the sender is not using ConEx with 142 this packet. 144 L Bit 146 When this bit is set, the transport sender has experienced a loss. 148 E Bit 150 When this bit is set, the transport sender has experienced 151 ECN-signaled congestion. 153 C Bit 155 When this bit is set, the transport sender is building up 156 congestion credit in the audit. 158 Reserved 160 These bits are not used in the current specification. They 161 are set to zero on the sender and are ignored on the receiver. 163 All packets sent over a ConEx-capable connection MUST carry the CDO. 164 The CDO is immutable. Network devices SHOULD only read the flags. 165 IPSeC Authentication Header (AH) may be used to verify that the CDO 166 has not been modified. 168 If the X bit is zero all other three bits are undefined and thus 169 should be ignored. The X bit set to zero means that the connection 170 is ConEx-capable but this packet SHOULD NOT be accounted to determine 171 ConEx information in an audit function. This can be the case for 172 e.g. pure control packets not carrying any user data. As an example 173 in TCP pure ACKs are usually not ECN-capable and TCP does not have an 174 mechanism to announce the lost of a pure ACK to the sender. Thus 175 congestion information about ACKs are not available at the sender. 177 If the X bit is set, all three other bit (L, E, C) MAY be set. 178 Whenever one of these bits is set, the number of bytes carried by 179 this IP packet (including the IP header) SHOULD be accounted for 180 determining congestion or credit information. In IPv6 the number of 181 bytes can easily be calculated by adding the number 40 (length of the 182 IPv6 header in bytes) to the value present in the Payload Length 183 field in the IPv6 header. 185 Credits are sent previous to the occurence of congestion (loss or 186 ECN-CE marks) and the amount of credits should cover the congestion 187 risk. Note, the maximum congestion risk is that all packets in 188 flight get lost or ECN marked. 190 If the L or E bit is set, a congestion signal in form of loss or, 191 respectively, an ECN mark was previously expirienced by the same 192 connection. 194 In principle all of these three bits (L, E, C) MAY be set in the same 195 packet. In this case the packet size MUST be accounted more than 196 once for each respective ConEx information counter. 198 If a network node extracts the ConEx information from a connection, 199 this node is usually supposed to hold this information byte-wise, 200 e.g. comparing the total number of bytes sent with the number of 201 bytes sent with ConEx congestion mark (L, E) to determine the current 202 whole path congestion level. For ConEx-aware node processing, the 203 CDO MUST use the Payload length field of the preceding IPv6 header 204 for byte-based accounting. When equally sized packets can be 205 assumed, the accounting of the number of packets (instead the number 206 of bytes) should deliver the same result. But a network node must be 207 aware that this estimation can be quite wrong, if e.g. different 208 sized packed are send, and thus is not reliable. 210 A ConEx sender SHOULD set the reserved bits in the CDO to zero. 211 Other nodes SHOULD not interpret these bits. 213 5. Implementation in the fast path of ConEx-aware routers 215 The ConEx information is being encoded into a destination option so 216 that it does not impact forwarding performance in the non-ConEx-aware 217 nodes on the path. Since destination options are not usually 218 processed by routers, the existence of the CDO does not affect the 219 fast path processing of the datagram on non-ConEx-aware routers. i.e. 220 They are not pushed into the slow path towards the control plane for 221 exception processing. 223 The ConEx-aware nodes still need to process the CDO without severely 224 affecting forwarding. For this to be possible, the ConEx-aware 225 routers need to quickly ascertain the presence of the CDO and process 226 the option if it is present. To efficiently perform this, the CDO 227 needs to be placed in a fairly deterministic location. In order to 228 facilitate forwarding on ConEx-aware routers, ConEx-aware senders who 229 send IPv6 datagrams with the CDO MUST place the CDO as the first 230 destination option in the destination options header. 232 6. Compatibility with use of IPsec 234 In IPsec transport mode no action needs to be taken as the CDO is 235 visible to the network. When accounting ConEx information the size 236 of the Authentication Header (AH) SHOULD NOT be accounted as this 237 information has been added later. In the IPsec Tunnel model the CDO 238 SHOULD be copied to the outer IP header as this information is end- 239 to-end. Only the payload of the outer IP header minus the AH SHOULD 240 be accounted. 242 If the transport network can not be trusted authentication SHOULD be 243 used to ensure integrity of the ConEx information. If an attacker 244 would be able to remove the ConEx marks, this could cause an audit 245 device to penalize the respective connection, while the sender cannot 246 easily detect that ConEx information is missing. 248 7. DDoS mitigation by using preferential drop 250 If a router queue experiences very high load so that it has to drop 251 arriving packets, it MAY preferentially drop packets within the same 252 Diffserv PHB using the preference order given in Table 1 (1 means 253 drop first). Additionally, if a router implements preferential drop 254 it SHOULD also support ECN-marking. Preferential dropping can be 255 difficult to implement on some hardware, but if feasible it would 256 discriminate against attack traffic if done as part of the overall 257 policing framework as described in [RFC6789]. If nowhere else, 258 routers at the egress of a network SHOULD implement preferential drop 259 (stronger than the MAY above). 261 +----------------------+----------------+ 262 | | Preference | 263 +----------------------+----------------+ 264 | Not-ConEx or no CDO | 1 (drop first) | 265 | X (but not L,E or C) | 2 | 266 | X and L,E or C | 3 | 267 +----------------------+----------------+ 269 Table 1: Drop preference for ConEx packets 271 A flooding attack is inherently about congestion of a resource. As 272 load focuses on a victim, upstream queues grow, requiring honest 273 sources to pre-load packets with a higher fraction of ConEx-marks. 275 If ECN marking is supported by the downstream queues preferential 276 dropping provides the most benefits because if the queue is so 277 congested that it drops traffic, it will be CE-marking 100% of the 278 forwarded traffic. Honest sources will therefore be sending 100% 279 ConEx E-marked packets (and therefore being rate-limited at an 280 ingress policer). Senders under malicious control can either do the 281 same as honest sources, and be rate-limited at ingress, or they can 282 understate congestion. If the preferential drop ranking is 283 implemented on queues, these queues will preserve E/L-marked traffic 284 until last. So, the traffic from malicious sources will all be 285 automatically dropped first. Either way, the malicious sources 286 cannot send more than honest sources. 288 8. Acknowledgements 290 The authors would like to thank Marcelo Bagnulo, Bob Briscoe, Ingemar 291 Johansson, Joel Halpern and John Leslie for the discussions that led 292 to this document. 294 Special thanks to Bob Briscoe who contributed text and analysis work 295 on preferential dropping. 297 9. Security Considerations 299 This document does not bring up any new security issues. 301 10. IANA Considerations 303 This document defines a new IPv6 destination option for carrying 304 ConEx markings. IANA is requested to assign a new destination option 305 type in the Destination Options registry maintained at http:// 306 www.iana.org/assignments/ipv6-parameters ConEx Destination 307 Option [RFCXXXX] The act bits for this option need to be 10 and the 308 chg bit needs to be 0. 310 11. Normative References 312 [CAM] Mathis, M. and B. Briscoe, "Congestion Exposure (ConEx) 313 Concepts and Abstract Mechanism", draft-ietf-ConEx- 314 abstract-mech-05 (work in progress), July 2011. 316 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 317 Requirement Levels", BCP 14, RFC 2119, March 1997. 319 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 320 (IPv6) Specification", RFC 2460, December 1998. 322 [RFC6789] Briscoe, B., Woundy, R., and A. Cooper, "Congestion 323 Exposure (ConEx) Concepts and Use Cases", RFC 6789, 324 December 2012. 326 Authors' Addresses 328 Suresh Krishnan 329 Ericsson 330 8400 Blvd Decarie 331 Town of Mount Royal, Quebec 332 Canada 334 Email: suresh.krishnan@ericsson.com 336 Mirja Kuehlewind 337 IKR University of Stuttgart 339 Email: mirja.kuehlewind@ikr.uni-stuttgart.de 341 Carlos Ralli Ucendo 342 Telefonica 344 Email: ralli@tid.es