< draft-ietf-6man-ipv6-alt-mark-09.txt   draft-ietf-6man-ipv6-alt-mark-10.txt >
6MAN Working Group G. Fioccola 6MAN Working Group G. Fioccola
Internet-Draft T. Zhou Internet-Draft T. Zhou
Intended status: Standards Track Huawei Intended status: Standards Track Huawei
Expires: February 28, 2022 M. Cociglio Expires: March 18, 2022 M. Cociglio
Telecom Italia Telecom Italia
F. Qin F. Qin
China Mobile China Mobile
R. Pang R. Pang
China Unicom China Unicom
August 27, 2021 September 14, 2021
IPv6 Application of the Alternate Marking Method IPv6 Application of the Alternate Marking Method
draft-ietf-6man-ipv6-alt-mark-09 draft-ietf-6man-ipv6-alt-mark-10
Abstract Abstract
This document describes how the Alternate Marking Method can be used This document describes how the Alternate Marking Method can be used
as a passive performance measurement tool in an IPv6 domain. It as a passive performance measurement tool in an IPv6 domain. It
defines a new Extension Header Option to encode Alternate Marking defines a new Extension Header Option to encode Alternate Marking
information in both the Hop-by-Hop Options Header and Destination information in both the Hop-by-Hop Options Header and Destination
Options Header. Options Header.
Status of This Memo Status of This Memo
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 28, 2022. This Internet-Draft will expire on March 18, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
2. Alternate Marking application to IPv6 . . . . . . . . . . . . 3 2. Alternate Marking application to IPv6 . . . . . . . . . . . . 3
2.1. Controlled Domain . . . . . . . . . . . . . . . . . . . . 5 2.1. Controlled Domain . . . . . . . . . . . . . . . . . . . . 5
2.1.1. Alternate Marking Measurement Domain . . . . . . . . 6 2.1.1. Alternate Marking Measurement Domain . . . . . . . . 6
3. Definition of the AltMark Option . . . . . . . . . . . . . . 7 3. Definition of the AltMark Option . . . . . . . . . . . . . . 7
3.1. Data Fields Format . . . . . . . . . . . . . . . . . . . 7 3.1. Data Fields Format . . . . . . . . . . . . . . . . . . . 7
4. Use of the AltMark Option . . . . . . . . . . . . . . . . . . 8 4. Use of the AltMark Option . . . . . . . . . . . . . . . . . . 8
5. Alternate Marking Method Operation . . . . . . . . . . . . . 10 5. Alternate Marking Method Operation . . . . . . . . . . . . . 10
5.1. Packet Loss Measurement . . . . . . . . . . . . . . . . . 10 5.1. Packet Loss Measurement . . . . . . . . . . . . . . . . . 10
5.2. Packet Delay Measurement . . . . . . . . . . . . . . . . 12 5.2. Packet Delay Measurement . . . . . . . . . . . . . . . . 12
5.3. Flow Monitoring Identification . . . . . . . . . . . . . 13 5.3. Flow Monitoring Identification . . . . . . . . . . . . . 13
5.3.1. Uniqueness of FlowMonID . . . . . . . . . . . . . . . 14 5.3.1. Uniqueness of FlowMonID . . . . . . . . . . . . . . . 15
5.4. Multipoint and Clustered Alternate Marking . . . . . . . 15 5.4. Multipoint and Clustered Alternate Marking . . . . . . . 15
5.5. Data Collection and Calculation . . . . . . . . . . . . . 15 5.5. Data Collection and Calculation . . . . . . . . . . . . . 16
6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20
9.1. Normative References . . . . . . . . . . . . . . . . . . 19 9.1. Normative References . . . . . . . . . . . . . . . . . . 20
9.2. Informative References . . . . . . . . . . . . . . . . . 20 9.2. Informative References . . . . . . . . . . . . . . . . . 20
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
[RFC8321] and [RFC8889] describe a passive performance measurement [RFC8321] and [RFC8889] describe a passive performance measurement
method, which can be used to measure packet loss, latency and jitter method, which can be used to measure packet loss, latency and jitter
on live traffic. Since this method is based on marking consecutive on live traffic. Since this method is based on marking consecutive
batches of packets, the method is often referred to as the Alternate batches of packets, the method is often referred to as the Alternate
Marking Method. Marking Method.
skipping to change at page 5, line 29 skipping to change at page 5, line 29
necessary for IPv6. Indeed, the FlowMonID is designed and only used necessary for IPv6. Indeed, the FlowMonID is designed and only used
to identify the monitored flow. Flow Label and FlowMonID within the to identify the monitored flow. Flow Label and FlowMonID within the
same packet are totally disjoint, have different scope, are used to same packet are totally disjoint, have different scope, are used to
identify flows based on different criteria, and are intended for identify flows based on different criteria, and are intended for
different use cases. different use cases.
The rationale for the FlowMonID is further discussed in Section 5.3. The rationale for the FlowMonID is further discussed in Section 5.3.
This 20 bit field allows easy and flexible identification of the This 20 bit field allows easy and flexible identification of the
monitored flow and enables improved measurement correlation and finer monitored flow and enables improved measurement correlation and finer
granularity since it can be used in combination with the traditional granularity since it can be used in combination with the traditional
5-tuple to identify a flow. An important point that will be TCP/IP 5-tuple to identify a flow. An important point that will be
discussed in Section 5.3.1 is the uniqueness of the FlowMonID and how discussed in Section 5.3.1 is the uniqueness of the FlowMonID and how
to allow disambiguation of the FlowMonID in case of collision. to allow disambiguation of the FlowMonID in case of collision.
The following section highlights an important requirement for the The following section highlights an important requirement for the
application of the Alternate Marking to IPv6. The concept of the application of the Alternate Marking to IPv6. The concept of the
controlled domain is explained and it is considered an essential controlled domain is explained and it is considered an essential
precondition, as also highlighted in Section 6. precondition, as also highlighted in Section 6.
2.1. Controlled Domain 2.1. Controlled Domain
skipping to change at page 6, line 7 skipping to change at page 6, line 7
IPv6 has much more flexibility than IPv4 and innovative applications IPv6 has much more flexibility than IPv4 and innovative applications
have been proposed, but for a number of reasons, such as the have been proposed, but for a number of reasons, such as the
policies, options supported, the style of network management and policies, options supported, the style of network management and
security requirements, it is suggested to limit some of these security requirements, it is suggested to limit some of these
applications to a controlled domain. This is also the case of the applications to a controlled domain. This is also the case of the
Alternate Marking application to IPv6 as assumed hereinafter. Alternate Marking application to IPv6 as assumed hereinafter.
Therefore, the IPv6 application of the Alternate Marking Method MUST Therefore, the IPv6 application of the Alternate Marking Method MUST
be deployed in a controlled domain. It is RECOMMENDED that an be deployed in a controlled domain. It is RECOMMENDED that an
implementation rejects packets that carry Alternate Marking data and implementation filters packets that carry Alternate Marking data and
are entering or leaving the controlled domains. are entering or leaving the controlled domains.
A controlled domain is a managed network where it is required to A controlled domain is a managed network where it is required to
select, monitor and control the access to the network by enforcing select, monitor and control the access to the network by enforcing
policies at the domain boundaries in order to discard undesired policies at the domain boundaries in order to discard undesired
external packets entering the domain and check the internal packets external packets entering the domain and check the internal packets
leaving the domain. It does not necessarily mean that a controlled leaving the domain. It does not necessarily mean that a controlled
domain is a single administrative domain or a single organization. A domain is a single administrative domain or a single organization. A
controlled domain can correspond to a single administrative domain or controlled domain can correspond to a single administrative domain or
can be composed by multiple administrative domains under a defined can be composed by multiple administrative domains under a defined
skipping to change at page 8, line 27 skipping to change at page 8, line 27
o Reserved: is reserved for future use. These bits MUST be set to o Reserved: is reserved for future use. These bits MUST be set to
zero on transmission and ignored on receipt. zero on transmission and ignored on receipt.
4. Use of the AltMark Option 4. Use of the AltMark Option
The AltMark Option is the best way to implement the Alternate Marking The AltMark Option is the best way to implement the Alternate Marking
method and it is carried by the Hop-by-Hop Options header and the method and it is carried by the Hop-by-Hop Options header and the
Destination Options header. In case of Destination Option, it is Destination Options header. In case of Destination Option, it is
processed only by the source and destination nodes: the source node processed only by the source and destination nodes: the source node
inserts and the destination node removes it. While, in case of Hop- inserts and the destination node processes it. While, in case of
by-Hop Option, it may be examined by any node along the path, if Hop-by-Hop Option, it may be examined by any node along the path, if
explicitly configured to do so. explicitly configured to do so.
It is important to highlight that the Option Layout can be used both It is important to highlight that the Option Layout can be used both
as Destination Option and as Hop-by-Hop Option depending on the Use as Destination Option and as Hop-by-Hop Option depending on the Use
Cases and it is based on the chosen type of performance measurement. Cases and it is based on the chosen type of performance measurement.
In general, it is needed to perform both end to end and hop by hop In general, it is needed to perform both end to end and hop by hop
measurements, and the Alternate Marking methodology allows, by measurements, and the Alternate Marking methodology allows, by
definition, both performance measurements. In many cases the end-to- definition, both performance measurements. In many cases the end-to-
end measurement is not enough and it is required the hop-by-hop end measurement is not enough and it is required the hop-by-hop
measurement, so the most complete choice can be the Hop-by-Hop measurement, so the most complete choice can be the Hop-by-Hop
skipping to change at page 13, line 48 skipping to change at page 13, line 48
5.3. Flow Monitoring Identification 5.3. Flow Monitoring Identification
The Flow Monitoring Identification (FlowMonID) identifies the flow to The Flow Monitoring Identification (FlowMonID) identifies the flow to
be measured and is required for some general reasons: be measured and is required for some general reasons:
o First, it helps to reduce the per node configuration. Otherwise, o First, it helps to reduce the per node configuration. Otherwise,
each node needs to configure an access-control list (ACL) for each each node needs to configure an access-control list (ACL) for each
of the monitored flows. Moreover, using a flow identifier allows of the monitored flows. Moreover, using a flow identifier allows
a flexible granularity for the flow definition, indeed, it can be a flexible granularity for the flow definition, indeed, it can be
used together with the 5-tuple. used together with other identifiers (e.g. 5-tuple).
o Second, it simplifies the counters handling. Hardware processing o Second, it simplifies the counters handling. Hardware processing
of flow tuples (and ACL matching) is challenging and often incurs of flow tuples (and ACL matching) is challenging and often incurs
into performance issues, especially in tunnel interfaces. into performance issues, especially in tunnel interfaces.
o Third, it eases the data export encapsulation and correlation for o Third, it eases the data export encapsulation and correlation for
the collectors. the collectors.
The FlowMon identifier field is to uniquely identify a monitored flow The FlowMonID MUST only be used as a monitored flow identifier and
within the measurement domain. The field is set at the source node. two usage modes can be possible:
The FlowMonID can be set in two ways:
* using just the FlowMonID for identification purpose. This
entails not only an easy identification but improved correlation
as well;
* using FlowMonID in combination with the tuples to identify a
flow. This also allows finer granularity and therefore adds
flexibility to the flow identification.
The FlowMon identifier field is to determine a monitored flow within
the measurement domain. It is RECOMMENDED to use a consistent
approach in the implementation to avoid the mixture of different ways
of identifying. Therefore, all the nodes along the path and involved
into the measurement SHOULD use the same mode for identification
(FlowMonID alone or in combination with other identifiers).
The FlowMonID field is set at the source node, which is the ingress
point of the measurement domain, and can be set in two ways:
* It can be assigned by the central controller. Since the * It can be assigned by the central controller. Since the
controller knows the network topology, it can set the value controller knows the network topology, it can set the value
properly to avoid or minimize ambiguity and guarantee the properly to avoid or minimize ambiguity and guarantee the
uniqueness. In this regard, the controller can simply verify that uniqueness. In this regard, the controller can simply verify that
there is no ambiguity between different pseudo-randomly generated there is no ambiguity between different pseudo-randomly generated
FlowMonIDs on the same path. FlowMonIDs on the same path.
* It can be algorithmically generated by the source node, that can * It can be algorithmically generated by the source node, that can
set it pseudo-randomly with some chance of collision. This set it pseudo-randomly with some chance of collision. This
skipping to change at page 18, line 26 skipping to change at page 18, line 41
may vary between such limited domains. A limited administrative may vary between such limited domains. A limited administrative
domain provides the network administrator with the means to select, domain provides the network administrator with the means to select,
monitor and control the access to the network, making it a trusted monitor and control the access to the network, making it a trusted
domain. In this regard it is expected to enforce policies at the domain. In this regard it is expected to enforce policies at the
domain boundaries to filter both external packets with AltMark Option domain boundaries to filter both external packets with AltMark Option
entering the domain and internal packets with AltMark Option leaving entering the domain and internal packets with AltMark Option leaving
the domain. Therefore, the trusted domain is unlikely subject to the domain. Therefore, the trusted domain is unlikely subject to
hijacking of packets since packets with AltMark Option are processed hijacking of packets since packets with AltMark Option are processed
and used only within the controlled domain. and used only within the controlled domain.
As stated, the application to a controlled domain ensures the control
over the packets entering and leaving the domain, but despite that,
leakages may happen for different reasons, such as a failure or a
fault. In this case, nodes outside the domain MUST simply ignore
packets with AltMark Option since they should not process it.
Additionally, it is to be noted that the AltMark Option is carried by Additionally, it is to be noted that the AltMark Option is carried by
the Options Header and it may have some impact on the packet sizes the Options Header and it may have some impact on the packet sizes
for the monitored flow and on the path MTU, since some packets might for the monitored flow and on the path MTU, since some packets might
exceed the MTU. However, the relative small size (48 bit in total) exceed the MTU. However, the relative small size (48 bit in total)
of these Option Headers and its application to a controlled domain of these Option Headers and its application to a controlled domain
help to mitigate the problem. help to mitigate the problem.
It is worth mentioning that the security concerns may change based on It is worth mentioning that the security concerns may change based on
the specific deployment scenario and related threat analysis, which the specific deployment scenario and related threat analysis, which
can lead to specific security solutions that are beyond the scope of can lead to specific security solutions that are beyond the scope of
 End of changes. 13 change blocks. 
17 lines changed or deleted 40 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/