< draft-ietf-ippm-ioam-data-12.txt   draft-ietf-ippm-ioam-data-13.txt >
ippm F. Brockners, Ed. ippm F. Brockners, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Standards Track S. Bhandari, Ed. Intended status: Standards Track S. Bhandari, Ed.
Expires: August 25, 2021 Thoughtspot Expires: December 26, 2021 Thoughtspot
T. Mizrahi, Ed. T. Mizrahi, Ed.
Huawei Huawei
February 21, 2021 June 24, 2021
Data Fields for In-situ OAM Data Fields for In-situ OAM
draft-ietf-ippm-ioam-data-12 draft-ietf-ippm-ioam-data-13
Abstract Abstract
In-situ Operations, Administration, and Maintenance (IOAM) records In-situ Operations, Administration, and Maintenance (IOAM) records
operational and telemetry information in the packet while the packet operational and telemetry information in the packet while the packet
traverses a path between two points in the network. This document traverses a path in the network. This document discusses the data
discusses the data fields and associated data types for in-situ OAM. fields and associated data types for in-situ OAM. In-situ OAM data
In-situ OAM data fields can be encapsulated into a variety of fields can be encapsulated into a variety of protocols such as NSH,
protocols such as NSH, Segment Routing, Geneve, IPv6 (via extension Segment Routing, Geneve, or IPv6. In-situ OAM can be used to
header), or IPv4. In-situ OAM can be used to complement OAM complement OAM mechanisms based on, e.g., ICMP or other types of
mechanisms based on e.g. ICMP or other types of probe packets. probe packets.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 25, 2021. This Internet-Draft will expire on December 26, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 18 skipping to change at page 2, line 18
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Scope, Applicability, and Assumptions . . . . . . . . . . . . 5 4. Scope, Applicability, and Assumptions . . . . . . . . . . . . 5
5. IOAM Data-Fields, Types, Nodes . . . . . . . . . . . . . . . 6 5. IOAM Data-Fields, Types, Nodes . . . . . . . . . . . . . . . 6
5.1. IOAM Data-Fields and Option-Types . . . . . . . . . . . . 6 5.1. IOAM Data-Fields and Option-Types . . . . . . . . . . . . 7
5.2. IOAM-Domains and types of IOAM Nodes . . . . . . . . . . 7 5.2. IOAM-Domains and types of IOAM Nodes . . . . . . . . . . 7
5.3. IOAM-Namespaces . . . . . . . . . . . . . . . . . . . . . 8 5.3. IOAM-Namespaces . . . . . . . . . . . . . . . . . . . . . 9
5.4. IOAM Trace Option-Types . . . . . . . . . . . . . . . . . 11 5.4. IOAM Trace Option-Types . . . . . . . . . . . . . . . . . 11
5.4.1. Pre-allocated and Incremental Trace Option-Types . . 13 5.4.1. Pre-allocated and Incremental Trace Option-Types . . 13
5.4.2. IOAM node data fields and associated formats . . . . 17 5.4.2. IOAM node data fields and associated formats . . . . 18
5.4.2.1. Hop_Lim and node_id short format . . . . . . . . 18 5.4.2.1. Hop_Lim and node_id short format . . . . . . . . 18
5.4.2.2. ingress_if_id and egress_if_id . . . . . . . . . 18 5.4.2.2. ingress_if_id and egress_if_id . . . . . . . . . 19
5.4.2.3. timestamp seconds . . . . . . . . . . . . . . . . 19 5.4.2.3. timestamp seconds . . . . . . . . . . . . . . . . 19
5.4.2.4. timestamp subseconds . . . . . . . . . . . . . . 19 5.4.2.4. timestamp faction . . . . . . . . . . . . . . . . 20
5.4.2.5. transit delay . . . . . . . . . . . . . . . . . . 19 5.4.2.5. transit delay . . . . . . . . . . . . . . . . . . 20
5.4.2.6. namespace specific data . . . . . . . . . . . . . 20 5.4.2.6. namespace specific data . . . . . . . . . . . . . 20
5.4.2.7. queue depth . . . . . . . . . . . . . . . . . . . 20 5.4.2.7. queue depth . . . . . . . . . . . . . . . . . . . 21
5.4.2.8. Checksum Complement . . . . . . . . . . . . . . . 20 5.4.2.8. Checksum Complement . . . . . . . . . . . . . . . 21
5.4.2.9. Hop_Lim and node_id wide . . . . . . . . . . . . 21 5.4.2.9. Hop_Lim and node_id wide . . . . . . . . . . . . 22
5.4.2.10. ingress_if_id and egress_if_id wide . . . . . . . 22 5.4.2.10. ingress_if_id and egress_if_id wide . . . . . . . 22
5.4.2.11. namespace specific data wide . . . . . . . . . . 22 5.4.2.11. namespace specific data wide . . . . . . . . . . 22
5.4.2.12. buffer occupancy . . . . . . . . . . . . . . . . 22 5.4.2.12. buffer occupancy . . . . . . . . . . . . . . . . 23
5.4.2.13. Opaque State Snapshot . . . . . . . . . . . . . . 23 5.4.2.13. Opaque State Snapshot . . . . . . . . . . . . . . 23
5.4.3. Examples of IOAM node data . . . . . . . . . . . . . 23 5.4.3. Examples of IOAM node data . . . . . . . . . . . . . 24
5.5. IOAM Proof of Transit Option-Type . . . . . . . . . . . . 25 5.5. IOAM Proof of Transit Option-Type . . . . . . . . . . . . 26
5.5.1. IOAM Proof of Transit Type 0 . . . . . . . . . . . . 27 5.5.1. IOAM Proof of Transit Type 0 . . . . . . . . . . . . 28
5.6. IOAM Edge-to-Edge Option-Type . . . . . . . . . . . . . . 28 5.6. IOAM Edge-to-Edge Option-Type . . . . . . . . . . . . . . 29
6. Timestamp Formats . . . . . . . . . . . . . . . . . . . . . . 30 6. Timestamp Formats . . . . . . . . . . . . . . . . . . . . . . 31
6.1. PTP Truncated Timestamp Format . . . . . . . . . . . . . 30 6.1. PTP Truncated Timestamp Format . . . . . . . . . . . . . 31
6.2. NTP 64-bit Timestamp Format . . . . . . . . . . . . . . . 32 6.2. NTP 64-bit Timestamp Format . . . . . . . . . . . . . . . 32
6.3. POSIX-based Timestamp Format . . . . . . . . . . . . . . 33 6.3. POSIX-based Timestamp Format . . . . . . . . . . . . . . 34
7. IOAM Data Export . . . . . . . . . . . . . . . . . . . . . . 34 7. IOAM Data Export . . . . . . . . . . . . . . . . . . . . . . 35
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35
8.1. IOAM Option-Type Registry . . . . . . . . . . . . . . . . 35 8.1. IOAM Option-Type Registry . . . . . . . . . . . . . . . . 36
8.2. IOAM Trace-Type Registry . . . . . . . . . . . . . . . . 36 8.2. IOAM Trace-Type Registry . . . . . . . . . . . . . . . . 36
8.3. IOAM Trace-Flags Registry . . . . . . . . . . . . . . . . 36 8.3. IOAM Trace-Flags Registry . . . . . . . . . . . . . . . . 37
8.4. IOAM POT-Type Registry . . . . . . . . . . . . . . . . . 37 8.4. IOAM POT-Type Registry . . . . . . . . . . . . . . . . . 38
8.5. IOAM POT-Flags Registry . . . . . . . . . . . . . . . . . 37 8.5. IOAM POT-Flags Registry . . . . . . . . . . . . . . . . . 38
8.6. IOAM E2E-Type Registry . . . . . . . . . . . . . . . . . 37 8.6. IOAM E2E-Type Registry . . . . . . . . . . . . . . . . . 39
8.7. IOAM Namespace-ID Registry . . . . . . . . . . . . . . . 37 8.7. IOAM Namespace-ID Registry . . . . . . . . . . . . . . . 39
9. Management and Deployment Considerations . . . . . . . . . . 38 9. Management and Deployment Considerations . . . . . . . . . . 41
10. Security Considerations . . . . . . . . . . . . . . . . . . . 38 10. Security Considerations . . . . . . . . . . . . . . . . . . . 41
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 40 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 43
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 40 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 43
12.1. Normative References . . . . . . . . . . . . . . . . . . 40 12.1. Normative References . . . . . . . . . . . . . . . . . . 43
12.2. Informative References . . . . . . . . . . . . . . . . . 41 12.2. Informative References . . . . . . . . . . . . . . . . . 44
Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 43 Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
This document defines data fields for "in-situ" Operations, This document defines data fields for "in-situ" Operations,
Administration, and Maintenance (IOAM). In-situ OAM records OAM Administration, and Maintenance (IOAM). In-situ OAM records OAM
information within the packet while the packet traverses a particular information within the packet while the packet traverses a particular
network domain. The term "in-situ" refers to the fact that the OAM network domain. The term "in-situ" refers to the fact that the OAM
data is added to the data packets rather than being sent within data is added to the data packets rather than being sent within
packets specifically dedicated to OAM. IOAM is to complement packets specifically dedicated to OAM. IOAM is to complement
mechanisms such as Ping or Traceroute. In terms of "active" or mechanisms such as Ping or Traceroute. In terms of "active" or
"passive" OAM, "in-situ" OAM can be considered a hybrid OAM type. "passive" OAM, "in-situ" OAM can be considered a hybrid OAM type.
"In-situ" mechanisms do not require extra packets to be sent. IOAM "In-situ" mechanisms do not require extra packets to be sent. IOAM
adds information to the already available data packets and therefore adds information to the already available data packets and therefore
cannot be considered passive. In terms of the classification given cannot be considered passive. In terms of the classification given
in [RFC7799] IOAM could be portrayed as Hybrid Type 1. IOAM in [RFC7799], IOAM could be portrayed as Hybrid Type I. IOAM
mechanisms can be leveraged where mechanisms using e.g. ICMP do not mechanisms can be leveraged where mechanisms using, e.g., ICMP do not
apply or do not offer the desired results, such as proving that a apply or do not offer the desired results, such as proving that a
certain traffic flow takes a pre-defined path, SLA verification for certain traffic flow takes a pre-defined path, SLA verification for
the live data traffic, detailed statistics on traffic distribution the data traffic, detailed statistics on traffic distribution paths
paths in networks that distribute traffic across multiple paths, or in networks that distribute traffic across multiple paths, or
scenarios in which probe traffic is potentially handled differently scenarios in which probe traffic is potentially handled differently
from regular data traffic by the network devices. from regular data traffic by the network devices.
IOAM use cases and mechanisms have expanded as this document matured, The term "in situ OAM" was originally motivated by the use of OAM
resulting in additional flags and options that could trigger creation related mechanisms that add information into a packet. This document
of additional packets dedicated to OAM. The term IOAM continues to uses IOAM as a term defining the IOAM technology. IOAM includes "in-
be used for such mechanisms, in addition to the "in-situ" mechanisms situ" mechanisms, but also mechanisms that could trigger the creation
that motivated this terminology. of additional packets dedicated to OAM.
2. Contributors 2. Contributors
This document was the collective effort of several authors. The text This document was the collective effort of several authors. The text
and content were contributed by the editors and the co-authors listed and content were contributed by the editors and the co-authors listed
below. The contact information of the co-authors appears at the end below. The contact information of the co-authors appears at the end
of this document. of this document.
o Carlos Pignataro o Carlos Pignataro
o Mickey Spiegel o Mickey Spiegel
skipping to change at page 4, line 27 skipping to change at page 4, line 27
o Petr Lapukhov o Petr Lapukhov
o Remy Chang o Remy Chang
o Daniel Bernier o Daniel Bernier
3. Conventions 3. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Abbreviations used in this document: Abbreviations and definitions used in this document:
E2E Edge to Edge E2E Edge to Edge
Geneve: Generic Network Virtualization Encapsulation Geneve: Generic Network Virtualization Encapsulation [RFC8926]
[I-D.ietf-nvo3-geneve]
IOAM: In-situ Operations, Administration, and Maintenance IOAM: In-situ Operations, Administration, and Maintenance
MTU: Maximum Transmit Unit MTU: Maximum Transmit Unit
NSH: Network Service Header [RFC8300] NSH: Network Service Header [RFC8300]
OAM: Operations, Administration, and Maintenance OAM: Operations, Administration, and Maintenance
PMTU Path MTU PMTU Path MTU
POT: Proof of Transit POT: Proof of Transit
SFC: Service Function Chain SFC: Service Function Chain
Short format: "Short format" refers to an IOAM-Data-Field which
comprises 4 octets.
SID: Segment Identifier SID: Segment Identifier
SR: Segment Routing SR: Segment Routing
VXLAN-GPE: Virtual eXtensible Local Area Network, Generic Protocol VXLAN-GPE: Virtual eXtensible Local Area Network, Generic Protocol
Extension [I-D.ietf-nvo3-vxlan-gpe] Extension [I-D.ietf-nvo3-vxlan-gpe]
Wide format: "Wide format" refers to an IOAM-Data-Field which
comprises 8 octets.
4. Scope, Applicability, and Assumptions 4. Scope, Applicability, and Assumptions
IOAM deployment assumes a set of constraints, requirements, and IOAM assumes a set of constraints as well as guiding principles and
guiding principles which are described in this section. concepts that go hand in hand with the definition of the IOAM data
fields. These constraints, guiding principles, and concepts are
described in this section. A discussion of how IOAM data fields and
the associated concepts are applied to an IOAM deployment are out of
scope for this document. Please refer to
[I-D.brockners-opsawg-ioam-deployment] for IOAM deployment
considerations.
Scope: This document defines the data fields and associated data Scope: This document defines the data fields and associated data
types for in-situ OAM. The in-situ OAM data field can be types for in-situ OAM. The in-situ OAM data fields can be
encapsulated in a variety of protocols, including NSH, Segment encapsulated in a variety of protocols, including NSH, Segment
Routing, Geneve, IPv6, or IPv4. Specification details for these Routing, Geneve, and IPv6. Specification details for these different
different protocols are outside the scope of this document. It is protocols are outside the scope of this document. It is expected
expected that each such encapsulation will be defined in the relevant that each such encapsulation would be specified by an RFC, jointly
working group in the IETF. designed by the working group that develops or maintains the
encapsulation protocol and the IETF IPPM working group.
Deployment domain (or scope) of in-situ OAM deployment: IOAM is a Deployment domain (or scope) of in-situ OAM deployment: IOAM is
network domain focused feature, with "network domain" being a set of focused on "limited domains" as defined in [RFC8799]. For IOAM, a
network devices or entities within a single administration. For limited domain could for example be an enterprise campus using
example, a network domain can include an enterprise campus using
physical connections between devices or an overlay network using physical connections between devices or an overlay network using
virtual connections / tunnels for connectivity between said devices. virtual connections / tunnels for connectivity between said devices.
A network domain is defined by its perimeter or edge. Designers of A limited domain which uses IOAM is called an "IOAM domain". An IOAM
protocol encapsulations for IOAM specify mechanisms to ensure that domain is bounded by its perimeter or edge. Designers of protocol
IOAM data stays within an IOAM domain. In addition, the operator of encapsulations for IOAM specify mechanisms to ensure that IOAM data
such a domain is expected to put provisions in place to ensure that stays within an IOAM domain. In addition, the operator of such a
IOAM data does not leak beyond the edge of an IOAM domain using,for domain is expected to put provisions in place to ensure that IOAM
data does not leak beyond the edge of an IOAM domain using, for
example, packet filtering methods. The operator has to consider the example, packet filtering methods. The operator has to consider the
potential operational impact of IOAM to mechanisms such as ECMP potential operational impact of IOAM to mechanisms such as ECMP
processing (e.g. load-balancing schemes based on packet length could processing (e.g. load-balancing schemes based on packet length could
be impacted by the increased packet size due to IOAM), path MTU (i.e. be impacted by the increased packet size due to IOAM), path MTU
ensure that the MTU of all links within a domain is sufficiently (i.e., ensure that the MTU of all links within a domain is
large to support the increased packet size due to IOAM) and ICMP sufficiently large to support the increased packet size due to IOAM)
message handling (i.e. in case of IPv6, IOAM support for ICMPv6 Echo and ICMP message handling (i.e., in case of IPv6, IOAM support for
Request/Reply is desired which would translate into ICMPv6 extensions ICMPv6 Echo Request/Reply is desired which would translate into
to enable IOAM-Data-Fields to be copied from an Echo Request message ICMPv6 extensions to enable IOAM-Data-Fields to be copied from an
to an Echo Reply message). Echo Request message to an Echo Reply message).
IOAM control points: IOAM-Data-Fields are added to or removed from IOAM control points: IOAM-Data-Fields are added to or removed from
the live user traffic by the devices which form the edge of a domain. the user traffic by the devices which form the edge of a domain.
Devices which form an IOAM-Domain can add, update or remove IOAM- Devices which form an IOAM-Domain can add, update or remove IOAM-
Data-Fields. Edge devices of an IOAM-Domain can be hosts or network Data-Fields. Edge devices of an IOAM-Domain can be hosts or network
devices. devices.
Traffic-sets that IOAM is applied to: IOAM can be deployed on all or Traffic-sets that IOAM is applied to: IOAM can be deployed on all or
only on subsets of the live user traffic. Using IOAM on a selected only on subsets of the user traffic. Using IOAM on a selected set of
set of traffic (e.g., per interface, based on an access control list traffic (e.g., per interface, based on an access control list or flow
or flow specification defining a specific set of traffic, etc.) could specification defining a specific set of traffic, etc.) could be
be useful in deployments where the cost of processing IOAM-Data- useful in deployments where the cost of processing IOAM-Data-Fields
Fields by encapsulating, transit, or decapsulating node(s) might be a by encapsulating, transit, or decapsulating node(s) might be a
concern from a performance or operational perspective. Thus limiting concern from a performance or operational perspective. Thus limiting
the amount of traffic IOAM is applied to could be beneficial in some the amount of traffic IOAM is applied to could be beneficial in some
deployments. deployments.
Encapsulation independence: The definition of IOAM-Data-Fields is Encapsulation independence: The definition of IOAM-Data-Fields is
independent from the protocols the IOAM-Data-Fields are encapsulated independent from the protocols the IOAM-Data-Fields are encapsulated
into. IOAM-Data-Fields can be encapsulated into several into. IOAM-Data-Fields can be encapsulated into several
encapsulating protocols. The specification of how IOAM-Data-Fields encapsulating protocols.
are encapsulated into "parent" protocols, like e.g., NSH or IPv6 is
outside the scope of this document.
Layering: If several encapsulation protocols (e.g., in case of Layering: If several encapsulation protocols (e.g., in case of
tunneling) are stacked on top of each other, IOAM-Data-Fields could tunneling) are stacked on top of each other, IOAM-Data-Fields could
be present at multiple layers. The behavior follows the ships-in- be present at multiple layers. The behavior follows the ships-in-
the-night model, i.e. IOAM-Data-Fields in one layer are independent the-night model, i.e., IOAM-Data-Fields in one layer are independent
from IOAM-Data-Fields in another layer. Layering allows operators to from IOAM-Data-Fields in another layer. Layering allows operators to
instrument the protocol layer they want to measure. The different instrument the protocol layer they want to measure. The different
layers could, but do not have to, share the same IOAM encapsulation layers could, but do not have to, share the same IOAM encapsulation
mechanisms. mechanisms.
IOAM implementation: The definition of the IOAM-Data-Fields take the IOAM implementation: The definition of the IOAM-Data-Fields take the
specifics of devices with hardware data planes and software data specifics of devices with hardware data planes and software data
planes into account. planes into account.
5. IOAM Data-Fields, Types, Nodes 5. IOAM Data-Fields, Types, Nodes
skipping to change at page 6, line 45 skipping to change at page 7, line 12
types such as IOAM-Data-Fields, IOAM-Types, IOAM-Namespaces as well types such as IOAM-Data-Fields, IOAM-Types, IOAM-Namespaces as well
as the different types of IOAM nodes. as the different types of IOAM nodes.
5.1. IOAM Data-Fields and Option-Types 5.1. IOAM Data-Fields and Option-Types
An IOAM-Data-Field is a set of bits with a defined format and An IOAM-Data-Field is a set of bits with a defined format and
meaning, which can be stored at a certain place in a packet for the meaning, which can be stored at a certain place in a packet for the
purpose of IOAM. purpose of IOAM.
To accommodate the different uses of IOAM, IOAM-Data-Fields fall into To accommodate the different uses of IOAM, IOAM-Data-Fields fall into
different categories. In IOAM these categories are referred to as different categories. In IOAM, these categories are referred to as
IOAM-Option-Types. A common registry is maintained for IOAM-Option- IOAM-Option-Types. A common registry is maintained for IOAM-Option-
Types, see Section 8.1 for details. Corresponding to these IOAM- Types, see Section 8.1 for details. Corresponding to these IOAM-
Option-Types, different IOAM-Data-Fields are defined. IOAM-Data- Option-Types, different IOAM-Data-Fields are defined.
Fields can be encapsulated into a variety of protocols, such as NSH,
Geneve, IPv6, etc. The definition of how IOAM-Data-Fields are
encapsulated into other protocols is outside the scope of this
document.
This document defines four IOAM-Option-Types: This document defines four IOAM-Option-Types:
o Pre-allocated Trace Option-Type o Pre-allocated Trace Option-Type
o Incremental Trace Option-Type o Incremental Trace Option-Type
o Proof of Transit (POT) Option-Type o Proof of Transit (POT) Option-Type
o Edge-to-Edge (E2E) Option-Type o Edge-to-Edge (E2E) Option-Type
Future IOAM-Option-Types can be allocated by IANA, as described in
Section 8.1.
5.2. IOAM-Domains and types of IOAM Nodes 5.2. IOAM-Domains and types of IOAM Nodes
IOAM is expected to be deployed in a specific domain. The part of IOAM is expected to be deployed in a specific domain. The part of
the network which employs IOAM is referred to as the "IOAM-Domain". the network which employs IOAM is referred to as the "IOAM-Domain".
One or more IOAM-Option-Types are added to a packet upon entering the One or more IOAM-Option-Types are added to a packet upon entering the
IOAM-Domain and are removed from the packet when exiting the domain. IOAM-Domain and are removed from the packet when exiting the domain.
Within the IOAM-Domain, the IOAM-Data-Fields MAY be updated by Within the IOAM-Domain, the IOAM-Data-Fields MAY be updated by
network nodes that the packet traverses. An IOAM-Domain consists of network nodes that the packet traverses. An IOAM-Domain consists of
"IOAM encapsulating nodes", "IOAM decapsulating nodes" and "IOAM "IOAM encapsulating nodes", "IOAM decapsulating nodes" and "IOAM
transit nodes". The role of a node (i.e. encapsulating, transit, transit nodes". The role of a node (i.e., encapsulating, transit,
decapsulating) is defined within an IOAM-Namespace (see below). A decapsulating) is defined within an IOAM-Namespace (see below). A
node can have different roles in different IOAM-Namespaces. node can have different roles in different IOAM-Namespaces.
A device which adds at least one IOAM-Option-Type to the packet is A device which adds at least one IOAM-Option-Type to the packet is
called the "IOAM encapsulating node", whereas a device which removes called an "IOAM encapsulating node", whereas a device which removes
an IOAM-Option-Type is referred to as the "IOAM decapsulating node". an IOAM-Option-Type is referred to as an "IOAM decapsulating node".
Nodes within the domain which are aware of IOAM data and read and/or Nodes within the domain which are aware of IOAM data and read and/or
write or process the IOAM data are called "IOAM transit nodes". IOAM write and/or process IOAM data are called "IOAM transit nodes". IOAM
nodes which add or remove the IOAM-Data-Fields can also update the nodes which add or remove the IOAM-Data-Fields can also update the
IOAM-Data-Fields at the same time. Or in other words, IOAM IOAM-Data-Fields at the same time. Or in other words, IOAM
encapsulating or decapsulating nodes can also serve as IOAM transit encapsulating or decapsulating nodes can also serve as IOAM transit
nodes at the same time. Note that not every node in an IOAM domain nodes at the same time. Note that not every node in an IOAM domain
needs to be an IOAM transit node. For example, a deployment might needs to be an IOAM transit node. For example, a deployment might
require that packets traverse a set of firewalls which support IOAM. require that packets traverse a set of firewalls which support IOAM.
In that case, only the set of firewall nodes would be IOAM transit In that case, only the set of firewall nodes would be IOAM transit
nodes rather than all nodes. nodes rather than all nodes.
An "IOAM encapsulating node" incorporates one or more IOAM-Option- An "IOAM encapsulating node" incorporates one or more IOAM-Option-
Types (from the list of IOAM-Types, see Section 8.1) into packets Types (from the list of IOAM-Types, see Section 8.1) into packets
that IOAM is enabled for. If IOAM is enabled for a selected subset that IOAM is enabled for. If IOAM is enabled for a selected subset
of the traffic, the IOAM encapsulating node is responsible for of the traffic, the IOAM encapsulating node is responsible for
applying the IOAM functionality to the selected subset. applying the IOAM functionality to the selected subset.
An "IOAM transit node" updates one or more of the IOAM-Data-Fields. An "IOAM transit node" read and/or write and/or process one or more
If both the Pre-allocated and the Incremental Trace Option-Types are of the IOAM-Data-Fields. If both the Pre-allocated and the
present in the packet, each IOAM transit node based on configuration Incremental Trace Option-Types are present in the packet, each IOAM
and available implementation of IOAM populates IOAM trace data in transit node based on configuration and available implementation of
either Pre-allocated or Incremental Trace Option-Type but not both. IOAM populates IOAM trace data in either Pre-allocated or Incremental
A transit node MUST ignore IOAM-Option-Types that it does not Trace Option-Type but not both. A transit node MUST ignore IOAM-
understand. A transit node MUST NOT add new IOAM-Option-Types to a Option-Types that it does not understand. A transit node MUST NOT
packet, MUST NOT remove IOAM-Option-Types from a packet, and MUST NOT add new IOAM-Option-Types to a packet, MUST NOT remove IOAM-Option-
change the IOAM-Data-Fields of an IOAM Edge-to-Edge Option-Type. Types from a packet, and MUST NOT change the IOAM-Data-Fields of an
IOAM Edge-to-Edge Option-Type.
An "IOAM decapsulating node" removes IOAM-Option-Type(s) from An "IOAM decapsulating node" removes IOAM-Option-Type(s) from
packets. packets.
The role of an IOAM-encapsulating, IOAM-transit or IOAM-decapsulating The role of an IOAM-encapsulating, IOAM-transit or IOAM-decapsulating
node is always performed within a specific IOAM-Namespace. This node is always performed within a specific IOAM-Namespace. This
means that an IOAM node which is e.g. an IOAM-decapsulating node for means that an IOAM node which is, e.g., an IOAM-decapsulating node
IOAM-Namespace "A" but not for IOAM-Namespace "B" will only remove for IOAM-Namespace "A" but not for IOAM-Namespace "B" will only
the IOAM-Option-Types for IOAM-Namespace "A" from the packet. Note remove the IOAM-Option-Types for IOAM-Namespace "A" from the packet.
that this applies even for IOAM-Option-Types that the node does not Note that this applies even for IOAM-Option-Types that the node does
understand, for example an IOAM-Option-Type other than the four not understand, for example an IOAM-Option-Type other than the four
described above, that is added in a future revision. An IOAM described above, that is added in a future revision. An IOAM
decapsulating node situated at the edge of an IOAM domain MUST remove decapsulating node situated at the edge of an IOAM domain MUST remove
all IOAM-Option-Types and associated encapsulation headers for all all IOAM-Option-Types and associated encapsulation headers for all
IOAM-Namespaces from the packet. IOAM-Namespaces from the packet.
IOAM-Namespaces allow for a namespace-specific definition and IOAM-Namespaces allow for a namespace-specific definition and
interpretation of IOAM-Data-Fields. An interface-id could for interpretation of IOAM-Data-Fields. An interface-id could for
example point to a physical interface (e.g., to understand which example point to a physical interface (e.g., to understand which
physical interface of an aggregated link is used when receiving or physical interface of an aggregated link is used when receiving or
transmitting a packet) whereas in another case it could refer to a transmitting a packet) whereas in another case it could refer to a
logical interface (e.g., in case of tunnels). Please refer to logical interface (e.g., in case of tunnels). Please refer to
Section 5.3 for details on IOAM-Namespaces. Section 5.3 for details on IOAM-Namespaces.
5.3. IOAM-Namespaces 5.3. IOAM-Namespaces
A subset or all of the IOAM-Option-Types and their corresponding An IOAM-Namespace can be associated to a subset or all of the the
IOAM-Data-Fields can be associated to an IOAM-Namespace. IOAM- IOAM-Option-Types and their corresponding IOAM-Data-Fields. IOAM-
Namespaces add further context to IOAM-Option-Types and associated Namespaces add further context to IOAM-Option-Types and associated
IOAM-Data-Fields. Any IOAM-Namespace MUST interpret the IOAM-Option- IOAM-Data-Fields. The IOAM-Option-Types and associated IOAM-Data-
Types and associated IOAM-Data-Fields per the definition in this Fields are interpreted as defined in this document, regardless of the
document. IOAM-Namespaces group nodes to support different value of the IOAM-Namespace. However, IOAM-Namespaces provide a way
deployment approaches of IOAM (see a few example use-cases below) as to group nodes to support different deployment approaches of IOAM
well as resolve issues which can occur due to IOAM-Data-Fields not (see a few example use-cases below). IOAM-Namespaces also help to
being globally unique (e.g. IOAM node identifiers do not have to be resolve potential issues which can occur due to IOAM-Data-Fields not
being globally unique (e.g., IOAM node identifiers do not have to be
globally unique). IOAM-Data-Fields significance is always within a globally unique). IOAM-Data-Fields significance is always within a
particular IOAM-Namespace. particular IOAM-Namespace. Given that IOAM-Data-Fields are always
interpreted the context of a specific namespace, the namespace-id
field always needs to be carried along with the IOAM data-fields
themselves.
An IOAM-Namespace is identified by a 16-bit namespace identifier An IOAM-Namespace is identified by a 16-bit namespace identifier
(Namespace-ID). IOAM-Namespace identifiers MUST be present and (Namespace-ID). The IOAM-Namespace field is included in all the
populated in all IOAM-Option-Types. The Namespace-ID value is IOAM-Option-Types defined in this document, and MUST be included in
divided into two sub-ranges: all future IOAM-Option-Types. The Namespace-ID value is divided into
two sub-ranges:
o An operator-assigned range from 0x0001 to 0x7FFF o An operator-assigned range from 0x0001 to 0x7FFF
o An IANA-assigned range from 0x8000 to 0xFFFF o An IANA-assigned range from 0x8000 to 0xFFFF
The IANA-assigned range is intended to allow future extensions to The IANA-assigned range is intended to allow future extensions to
have new and interoperable IOAM functionality, while the operator- have new and interoperable IOAM functionality, while the operator-
assigned range is intended to be domain specific, and managed by the assigned range is intended to be domain-specific, and managed by the
network operator. The Namespace-ID value of 0x0000 is the "Default- network operator. The Namespace-ID value of 0x0000 is the "Default-
Namespace-ID". The Default-Namespace-ID indicates that no specific Namespace-ID". The Default-Namespace-ID indicates that no specific
namespace is associated with the IOAM data fields in the packet. The namespace is associated with the IOAM data fields in the packet. The
Default-Namespace-ID MUST be supported by all nodes implementing Default-Namespace-ID MUST be supported by all nodes implementing
IOAM. A use-case for the Default-Namespace-ID are deployments which IOAM. A use-case for the Default-Namespace-ID are deployments which
do not leverage specific namespaces for some or all of their packets do not leverage specific namespaces for some or all of their packets
that carry IOAM data fields. that carry IOAM data fields.
Namespace identifiers allow devices which are IOAM capable to Namespace identifiers allow devices which are IOAM capable to
determine: determine:
skipping to change at page 9, line 35 skipping to change at page 10, line 10
o whether IOAM-Option-Type(s) need to be processed by a device: If o whether IOAM-Option-Type(s) need to be processed by a device: If
the Namespace-ID contained in a packet does not match any the Namespace-ID contained in a packet does not match any
Namespace-ID the node is configured to operate on, then the node Namespace-ID the node is configured to operate on, then the node
MUST NOT change the contents of the IOAM-Data-Fields. MUST NOT change the contents of the IOAM-Data-Fields.
o which IOAM-Option-Type needs to be processed/updated in case there o which IOAM-Option-Type needs to be processed/updated in case there
are multiple IOAM-Option-Types present in the packet. Multiple are multiple IOAM-Option-Types present in the packet. Multiple
IOAM-Option-Types can be present in a packet in case of IOAM-Option-Types can be present in a packet in case of
overlapping IOAM-Domains or in case of a layered IOAM deployment. overlapping IOAM-Domains or in case of a layered IOAM deployment.
o whether IOAM-Option-Type(s) has to be removed from the packet, o whether IOAM-Option-Type(s) have to be removed from the packet,
e.g. at a domain edge or domain boundary. e.g., at a domain edge or domain boundary.
IOAM-Namespaces support several different uses: IOAM-Namespaces support several different uses:
o IOAM-Namespaces can be used by an operator to distinguish o IOAM-Namespaces can be used by an operator to distinguish
different operational domains. Devices at domain edges can filter different operational domains. Devices at domain edges can filter
on Namespace-IDs to provide for proper IOAM-Domain isolation. on Namespace-IDs to provide for proper IOAM-Domain isolation.
o IOAM-Namespaces provide additional context for IOAM-Data-Fields o IOAM-Namespaces provide additional context for IOAM-Data-Fields
and thus ensure that IOAM-Data-Fields are unique and can be and thus can be used to ensure that IOAM-Data-Fields are unique
interpreted properly by management stations or network and are interpreted properly by management stations or network
controllers. While, for example, the node identifier field controllers. For example, the node identifier field (node_id, see
(node_id, see below) does not need to be unique in a deployment below) does not need to be unique in a deployment (e.g., if an
(e.g. if an operator wishes to use different node identifiers for operator wishes to use different node identifiers for different
different IOAM layers, even within the same device; or node IOAM layers, even within the same device; or node identifiers
identifiers might not be unique for other organizational reasons, might not be unique for other organizational reasons, such as
such as after a merger of two formerly separated organizations), after a merger of two formerly separated organizations), the
the combination of node_id and Namespace-ID will always be unique. Namespace-ID can be used as a context identifier, such that the
combination of node_id and Namespace-ID will always be unique.
Similarly, IOAM-Namespaces can be used to define how certain IOAM- Similarly, IOAM-Namespaces can be used to define how certain IOAM-
Data-Fields are interpreted: IOAM offers three different timestamp Data-Fields are interpreted: IOAM offers three different timestamp
format options. The Namespace-ID can be used to determine the format options. The Namespace-ID can be used to determine the
timestamp format. IOAM-Data-Fields (e.g. buffer occupancy) which timestamp format. IOAM-Data-Fields (e.g., buffer occupancy) which
do not have a unit associated are to be interpreted within the do not have a unit associated are to be interpreted within the
context of a IOAM-Namespace. context of a IOAM-Namespace.
o IOAM-Namespaces can be used to identify different sets of devices o IOAM-Namespaces can be used to identify different sets of devices
(e.g., different types of devices) in a deployment: If an operator (e.g., different types of devices) in a deployment: If an operator
desires to insert different IOAM-Data-Fields based on the device, desires to insert different IOAM-Data-Fields based on the device,
the devices could be grouped into multiple IOAM-Namespaces. This the devices could be grouped into multiple IOAM-Namespaces. This
could be due to the fact that the IOAM feature set differs between could be due to the fact that the IOAM feature set differs between
different sets of devices, or it could be for reasons of optimized different sets of devices, or it could be for reasons of optimized
space usage in the packet header. It could also stem from space usage in the packet header. It could also stem from
skipping to change at page 11, line 10 skipping to change at page 11, line 29
belongs to, ignoring the other IOAM-Option-Type with a IOAM- belongs to, ignoring the other IOAM-Option-Type with a IOAM-
Namespace to which it doesn't belong. To retrieve a full view Namespace to which it doesn't belong. To retrieve a full view
of the deployment, the captured IOAM-Data-Fields of the two of the deployment, the captured IOAM-Data-Fields of the two
IOAM-Namespaces need to be correlated. IOAM-Namespaces need to be correlated.
5.4. IOAM Trace Option-Types 5.4. IOAM Trace Option-Types
"IOAM tracing data" is expected to be collected at every IOAM transit "IOAM tracing data" is expected to be collected at every IOAM transit
node that a packet traverses to ensure visibility into the entire node that a packet traverses to ensure visibility into the entire
path a packet takes within an IOAM-Domain. I.e., in a typical path a packet takes within an IOAM-Domain. I.e., in a typical
deployment all nodes in an IOAM-Domain would participate in IOAM and deployment, all nodes in an IOAM-Domain would participate in IOAM and
thus be IOAM transit nodes, IOAM encapsulating or IOAM decapsulating thus be IOAM transit nodes, IOAM encapsulating or IOAM decapsulating
nodes. If not all nodes within a domain support IOAM functionality nodes. If not all nodes within a domain support IOAM functionality
as defined in this document, IOAM tracing information (i.e., node as defined in this document, IOAM tracing information (i.e., node
data, see below) will only be collected on those nodes which support data, see below) will only be collected on those nodes which support
IOAM functionality as defined in this document. Nodes which do not IOAM functionality as defined in this document. Nodes which do not
support IOAM functionality as defined in this document will forward support IOAM functionality as defined in this document will forward
the packet without any changes to the IOAM-Data-Fields. The maximum the packet without any changes to the IOAM-Data-Fields. The maximum
number of hops and the minimum path MTU of the IOAM domain is assumed number of hops and the minimum path MTU of the IOAM domain is assumed
to be known. An overflow indicator (O-bit) is defined as one of the to be known. An overflow indicator (O-bit) is defined as one of the
ways to deal with situations where the PMTU was underestimated, i.e. ways to deal with situations where the PMTU was underestimated, i.e.,
where the number of hops which are IOAM capable exceeds the available where the number of hops which are IOAM capable exceeds the available
space in the packet. space in the packet.
To optimize hardware and software implementations, IOAM tracing is To optimize hardware and software implementations, IOAM tracing is
defined as two separate options. Any deployment MAY choose to defined as two separate options. A deployment can choose to
configure and support one or both of the following options. configure and support one or both of the following options.
Pre-allocated Trace-Option: This trace option is defined as a Pre-allocated Trace-Option: This trace option is defined as a
container of node data fields (see below) with pre-allocated space container of node data fields (see below) with pre-allocated space
for each node to populate its information. This option is useful for each node to populate its information. This option is useful
for implementations where it is efficient to allocate the space for implementations where it is efficient to allocate the space
once and index into the array to populate the data during transit once and index into the array to populate the data during transit
(e.g., software forwarders often fall into this class). The IOAM (e.g., software forwarders often fall into this class). The IOAM
encapsulating node allocates space for Pre-allocated Trace Option- encapsulating node allocates space for Pre-allocated Trace Option-
Type in the packet and sets corresponding fields in this IOAM- Type in the packet and sets corresponding fields in this IOAM-
skipping to change at page 12, line 13 skipping to change at page 12, line 33
its node data immediately following the option header. This type its node data immediately following the option header. This type
of trace recording is useful for some of the hardware of trace recording is useful for some of the hardware
implementations as it eliminates the need for the transit network implementations as it eliminates the need for the transit network
elements to read the full array in the option and allows for elements to read the full array in the option and allows for
arbitrarily long packets as the MTU allows. The IOAM arbitrarily long packets as the MTU allows. The IOAM
encapsulating node allocates space for the Incremental Trace encapsulating node allocates space for the Incremental Trace
Option-Type. Based on operational state and configuration, the Option-Type. Based on operational state and configuration, the
IOAM encapsulating node sets the fields in the Option-Type that IOAM encapsulating node sets the fields in the Option-Type that
control what IOAM-Data-Fields have to be collected and how large control what IOAM-Data-Fields have to be collected and how large
the node data list can grow. IOAM transit nodes push their node the node data list can grow. IOAM transit nodes push their node
data to the node data list, decrease the remaining length data to the node data list subject to any protocol constraints of
the encapsulating layer. They then decrease the remaining length
available to subsequent nodes and adjust the lengths and possibly available to subsequent nodes and adjust the lengths and possibly
checksums in outer headers. checksums in outer headers.
A particular implementation of IOAM MAY choose to support only one of IOAM encapsulating nodes and IOAM decapsulating nodes which support
the two trace option types. In the event that both options are tracing MUST support both Trace-Option-Types. For IOAM transit nodes
utilized at the same time, the Incremental Trace-Option MUST be it is sufficient to support one of the Trace-Option-Types. In the
placed before the Pre-allocated Trace-Option. Deployments which mix event that both options are utilized in a deployment at the same
devices with either the Incremental Trace-Option or the Pre-allocated time, the Incremental Trace-Option MUST be placed before the Pre-
Trace-Option could result in both Option-Types being present in a allocated Trace-Option. Deployments which mix devices with either
packet. Given that the operator knows which equipment is deployed in the Incremental Trace-Option or the Pre-allocated Trace-Option could
a particular IOAM, the operator will decide by means of configuration result in both Option-Types being present in a packet. Given that
which type(s) of trace options will be used for a particular domain. the operator knows which equipment is deployed in a particular IOAM
domain, the operator will decide by means of configuration which
type(s) of trace options will be used for a particular domain.
Every node data entry holds information for a particular IOAM transit Every node data entry holds information for a particular IOAM transit
node that is traversed by a packet. The IOAM decapsulating node node that is traversed by a packet. The IOAM decapsulating node
removes the IOAM-Option-Type(s) and processes and/or exports the removes the IOAM-Option-Type(s) and processes and/or exports the
associated data. Like all IOAM-Data-Fields, the IOAM-Data-Fields of associated data. Like all IOAM-Data-Fields, the IOAM-Data-Fields of
the IOAM-Trace-Option-Types are defined in the context of an IOAM- the IOAM-Trace-Option-Types are defined in the context of an IOAM-
Namespace. Namespace.
IOAM tracing can collect the following types of information: IOAM tracing can collect the following types of information:
o Identification of the IOAM node. An IOAM node identifier can o Identification of the IOAM node. An IOAM node identifier can
match to a device identifier or a particular control point or match to a device identifier or a particular control point or
subsystem within a device. subsystem within a device.
o Identification of the interface that a packet was received on, o Identification of the interface that a packet was received on,
i.e. ingress interface. i.e., ingress interface.
o Identification of the interface that a packet was sent out on, o Identification of the interface that a packet was sent out on,
i.e. egress interface. i.e., egress interface.
o Time of day when the packet was processed by the node as well as o Time of day when the packet was processed by the node as well as
the transit delay. Different definitions of processing time are the transit delay. Different definitions of processing time are
feasible and expected, though it is important that all devices of feasible and expected, though it is important that all devices of
an in-situ OAM domain follow the same definition. an in-situ OAM domain follow the same definition.
o Generic data: Format-free information where syntax and semantic of o Generic data: Format-free information where syntax and semantic of
the information is defined by the operator in a specific the information is defined by the operator in a specific
deployment. For a specific IOAM-Namespace, all IOAM nodes have to deployment. For a specific IOAM-Namespace, all IOAM nodes have to
interpret the generic data the same way. Examples for generic interpret the generic data the same way. Examples for generic
IOAM data include geo-location information (location of the node IOAM data include geo-location information (location of the node
at the time the packet was processed), buffer queue fill level or at the time the packet was processed), buffer queue fill level or
cache fill level at the time the packet was processed, or even a cache fill level at the time the packet was processed, or even a
battery charge level. battery charge level.
o Information to detect whether IOAM trace data was added at every o Information to detect whether IOAM trace data was added at every
hop or whether certain hops in the domain weren't IOAM transit hop or whether certain hops in the domain weren't IOAM transit
nodes. nodes.
It should be noted that the semantics of some of the node data fields
that are defined below, such as the queue depth and buffer occupancy,
are implementation specific. This approach is intended to allow IOAM
nodes with various different architectures.
5.4.1. Pre-allocated and Incremental Trace Option-Types 5.4.1. Pre-allocated and Incremental Trace Option-Types
The IOAM Pre-allocated Trace-Option and the IOAM Incremental Trace- The IOAM Pre-allocated Trace-Option and the IOAM Incremental Trace-
Option have similar formats. Except where noted below, the internal Option have similar formats. Except where noted below, the internal
formats and fields of the two trace options are identical. Both formats and fields of the two trace options are identical. Both
Trace-Options consist of a fixed size "trace option header" and a Trace-Options consist of a fixed size "trace option header" and a
variable data space to store gathered data, the "node data list". An variable data space to store gathered data, the "node data list". An
IOAM transit node (that is not an IOAM encapsulating node or IOAM IOAM transit node (that is not an IOAM encapsulating node or IOAM
decapsulating node) MUST NOT modify any of the fields in the fixed decapsulating node) MUST NOT modify any of the fields in the fixed
size "trace option header", other than "flags" and "RemainingLen", size "trace option header", other than "flags" and "RemainingLen",
i.e. an IOAM transit node MUST NOT modify the Namespace-ID, NodeLen, i.e., an IOAM transit node MUST NOT modify the Namespace-ID, NodeLen,
IOAM-Trace-Type, or Reserved fields. IOAM-Trace-Type, or Reserved fields.
Pre-allocated and incremental trace option headers: Pre-allocated and incremental trace option headers:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID |NodeLen | Flags | RemainingLen| | Namespace-ID |NodeLen | Flags | RemainingLen|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IOAM-Trace-Type | Reserved | | IOAM-Trace-Type | Reserved |
skipping to change at page 15, line 8 skipping to change at page 15, line 15
NodeLen: 5-bit unsigned integer. This field specifies the length of NodeLen: 5-bit unsigned integer. This field specifies the length of
data added by each node in multiples of 4-octets, excluding the data added by each node in multiples of 4-octets, excluding the
length of the "Opaque State Snapshot" field. length of the "Opaque State Snapshot" field.
If IOAM-Trace-Type bit 22 is not set, then NodeLen specifies the If IOAM-Trace-Type bit 22 is not set, then NodeLen specifies the
actual length added by each node. If IOAM-Trace-Type bit 22 is actual length added by each node. If IOAM-Trace-Type bit 22 is
set, then the actual length added by a node would be (NodeLen + set, then the actual length added by a node would be (NodeLen +
length of the "Opaque State Snapshot" field) in 4 octet units. length of the "Opaque State Snapshot" field) in 4 octet units.
For example, if 3 IOAM-Trace-Type bits are set and none of them For example, if 3 IOAM-Trace-Type bits are set and none of them
are wide, then NodeLen would be 3. If 3 IOAM-Trace-Type bits are are in wide format, then NodeLen would be 3. If 3 IOAM-Trace-Type
set and 2 of them are wide, then NodeLen would be 5. bits are set and 2 of them are wide, then NodeLen would be 5.
An IOAM encapsulating node MUST set NodeLen. An IOAM encapsulating node MUST set NodeLen.
A node receiving an IOAM Pre-allocated or Incremental Trace-Option A node receiving an IOAM Pre-allocated or Incremental Trace-Option
relies on the NodeLen value, or it can ignore the NodeLen value relies on the NodeLen value.
and calculate the node length from the IOAM-Trace-Type bits (see
below).
Flags 4-bit field. Flags are allocated by IANA, as specified in Flags 4-bit field. Flags are allocated by IANA, as specified in
Section 8.3. This document allocates a single flag as follows: Section 8.3. This document allocates a single flag as follows:
Bit 0 "Overflow" (O-bit) (most significant bit). If there are Bit 0 "Overflow" (O-bit) (most significant bit). In case a
not enough octets left to record node data, the network element network element is supposed to add node data to a packet, but
MUST NOT add any fields and MUST set the overflow "O-bit" to detects that there are not enough octets left to record the
"1" in the IOAM-Trace-Option header. This is useful for node data, the network element MUST NOT add any fields and MUST
transit nodes to ignore further processing of the option. set the overflow "O-bit" to "1" in the IOAM-Trace-Option
header. This is useful for transit nodes to ignore further
processing of the option.
RemainingLen: 7-bit unsigned integer. This field specifies the data RemainingLen: 7-bit unsigned integer. This field specifies the data
space in multiples of 4-octets remaining for recording the node space in multiples of 4-octets remaining for recording the node
data, before the node data list is considered to have overflowed. data, before the node data list is considered to have overflowed.
Given that the sender knows the path MTU (PMTU), the sender MAY The sender MUST assign the initial value of the RemainingLen
set the initial value of RemainingLen according to the number of field. The sender MAY calculate the value of the RemainingLen
node data bytes allowed before exceeding the MTU. Subsequent field by computing the number of node data bytes allowed before
nodes can carry out a simple comparison between RemainingLen and exceeding the path MTU (PMTU), given that the PMTU is known to the
NodeLen, along with the length of the "Opaque State Snapshot" if sender. Subsequent nodes can carry out a simple comparison
applicable, to determine whether or not data can be added by this between RemainingLen and NodeLen, along with the length of the
node. When node data is added, the node MUST decrease "Opaque State Snapshot" if applicable, to determine whether or not
RemainingLen by the amount of data added. In the pre-allocated data can be added by this node. When node data is added, the node
trace option, RemainingLen is used to derive the offset in data MUST decrease RemainingLen by the amount of data added. In the
space to record the node data element. Specifically, the pre-allocated trace option, RemainingLen is used to derive the
recording of the node data element would start from RemainingLen - offset in data space to record the node data element.
NodeLen - sizeof(opaque snapshot) in 4 octet units. If Specifically, the recording of the node data element would start
RemainingLen in a pre-allocated trace option exceeds the length of from RemainingLen - NodeLen - sizeof(opaque snapshot) in 4 octet
the option, as specified in the preceding header, then the node units. If RemainingLen in a pre-allocated trace option exceeds
the length of the option, as specified in the lower layer header
(which is not within the scope of this document), then the node
MUST NOT add any fields. MUST NOT add any fields.
IOAM-Trace-Type: A 24-bit identifier which specifies which data IOAM-Trace-Type: A 24-bit identifier which specifies which data
types are used in this node data list. types are used in this node data list.
The IOAM-Trace-Type value is a bit field. The following bits are The IOAM-Trace-Type value is a bit field. The following bits are
defined in this document, with details on each bit described in defined in this document, with details on each bit described in
the Section 5.4.2. The order of packing the data fields in each the Section 5.4.2. The order of packing the data fields in each
node data element follows the bit order of the IOAM-Trace-Type node data element follows the bit order of the IOAM-Trace-Type
field, as follows: field, as follows:
Bit 0 (Most significant bit) When set, indicates presence of Bit 0 (Most significant bit) When set, indicates presence of
Hop_Lim and node_id (short format) in the node data. Hop_Lim and node_id (short format) in the node data.
Bit 1 When set, indicates presence of ingress_if_id and Bit 1 When set, indicates presence of ingress_if_id and
egress_if_id (short format) in the node data. egress_if_id (short format) in the node data.
Bit 2 When set, indicates presence of timestamp seconds in the Bit 2 When set, indicates presence of timestamp seconds in the
node data. node data.
Bit 3 When set, indicates presence of timestamp subseconds in Bit 3 When set, indicates presence of timestamp fraction in the
the node data. node data.
Bit 4 When set, indicates presence of transit delay in the node Bit 4 When set, indicates presence of transit delay in the node
data. data.
Bit 5 When set, indicates presence of IOAM-Namespace specific Bit 5 When set, indicates presence of IOAM-Namespace specific
data (short format) in the node data. data (short format) in the node data.
Bit 6 When set, indicates presence of queue depth in the node Bit 6 When set, indicates presence of queue depth in the node
data. data.
skipping to change at page 16, line 43 skipping to change at page 17, line 5
Bit 9 When set, indicates presence of ingress_if_id and Bit 9 When set, indicates presence of ingress_if_id and
egress_if_id in wide format in the node data. egress_if_id in wide format in the node data.
Bit 10 When set, indicates presence of IOAM-Namespace specific Bit 10 When set, indicates presence of IOAM-Namespace specific
data in wide format in the node data. data in wide format in the node data.
Bit 11 When set, indicates presence of buffer occupancy in the Bit 11 When set, indicates presence of buffer occupancy in the
node data. node data.
Bit 12-21 Undefined. An IOAM encapsulating node MUST set the Bit 12-21 Undefined. These values are available for future
value of each of these bits to 0. If an IOAM transit assignment in the IOAM Trace-Type Registry (Section 8.2).
node receives a packet with one or more of these bits set Every future node data field corresponding to one of
to 1, it MUST either: these bits MUST be 4-octets long. An IOAM encapsulating
node MUST set the value of each undefined bit to 0. If
an IOAM transit node receives a packet with one or more
of these bits set to 1, it MUST either:
1. Add corresponding node data filled with the reserved 1. Add corresponding node data filled with the reserved
value 0xFFFFFFFF, after the node data fields for the value 0xFFFFFFFF, after the node data fields for the
IOAM-Trace-Type bits defined above, such that the IOAM-Trace-Type bits defined above, such that the
total node data added by this node in units of total node data added by this node in units of
4-octets is equal to NodeLen, or 4-octets is equal to NodeLen, or
2. Not add any node data fields to the packet, even for 2. Not add any node data fields to the packet, even for
the IOAM-Trace-Type bits defined above. the IOAM-Trace-Type bits defined above.
Bit 22 When set, indicates presence of variable length Opaque Bit 22 When set, indicates presence of variable length Opaque
State Snapshot field. State Snapshot field.
Bit 23 Reserved: MUST be set to zero upon transmission and Bit 23 Reserved: MUST be set to zero upon transmission and
ignored upon receipt. ignored upon receipt. This bit is reserved to allow for
future extensions of the IOAM-Trace-Type bit field.
Section 5.4.2 describes the IOAM-Data-Types and their formats. Section 5.4.2 describes the IOAM-Data-Types and their formats.
Within an IOAM-Domain possible combinations of these bits making Within an IOAM-Domain possible combinations of these bits making
the IOAM-Trace-Type can be restricted by configuration knobs. the IOAM-Trace-Type can be restricted by configuration knobs.
Reserved: 8-bits. An IOAM encapsulating node MUST set the value to Reserved: 8-bits. An IOAM encapsulating node MUST set the value to
zero upon transmission. IOAM transit nodes MUST ignore the zero upon transmission. IOAM transit nodes MUST ignore the
received value. received value.
Node data List [n]: Variable-length field. This is a list of node Node data List [n]: Variable-length field. This is a list of node
skipping to change at page 17, line 50 skipping to change at page 18, line 16
All the IOAM-Data-Fields MUST be 4-octet aligned. If a node which is All the IOAM-Data-Fields MUST be 4-octet aligned. If a node which is
supposed to update an IOAM-Data-Field is not capable of populating supposed to update an IOAM-Data-Field is not capable of populating
the value of a field set in the IOAM-Trace-Type, the field value MUST the value of a field set in the IOAM-Trace-Type, the field value MUST
be set to 0xFFFFFFFF for 4-octet fields or 0xFFFFFFFFFFFFFFFF for be set to 0xFFFFFFFF for 4-octet fields or 0xFFFFFFFFFFFFFFFF for
8-octet fields, indicating that the value is not populated, except 8-octet fields, indicating that the value is not populated, except
when explicitly specified in the field description below. when explicitly specified in the field description below.
Some IOAM-Data-Fields defined below, such as interface identifiers or Some IOAM-Data-Fields defined below, such as interface identifiers or
IOAM-Namespace specific data, are defined in both "short format" as IOAM-Namespace specific data, are defined in both "short format" as
well as "wide format". Their use is not exclusive. A deployment well as "wide format". "Short format" refers to an IOAM-Data-Field
could choose to leverage both. For example, ingress_if_id_(short which comprises 4 octets. "Wide format" refers to an IOAM-Data-Field
format) could be an identifier for the physical interface, whereas which comprises 8 octets. The use of "short format" or "wide format"
ingress_if_id_(wide format) could be an identifier for a logical sub- is not mutually exclusive. A deployment could choose to leverage
interface of that physical interface. both. For example, ingress_if_id_(short format) could be an
identifier for the physical interface, whereas ingress_if_id_(wide
format) could be an identifier for a logical sub-interface of that
physical interface.
Data fields and associated data types for each of the IOAM-Data- Data fields and associated data types for each of the IOAM-Data-
Fields are specified in the following sections. Fields are specified in the following sections. The definition of
IOAM-Data-Fields focuses on the syntax of the data-fields and avoids
specifying the semantics where feasible. This is why no units are
defined for data-fields like e.g., "buffer occupancy" or "queue
depth". With this approach, nodes can supply the information in
their native format and are not required to perform unit or format
conversions. Systems that further process IOAM information, like
e.g., a network management system are assumed to also handle unit
conversions as part of their IOAM data-fields processing. The
combination of a particular data-field and the namespace-id provides
for the context to interpret the provided data appropriately.
5.4.2.1. Hop_Lim and node_id short format 5.4.2.1. Hop_Lim and node_id short format
The "Hop_Lim and node_id short format" field is a 4-octet field that The "Hop_Lim and node_id short format" field is a 4-octet field that
is defined as follows: is defined as follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Hop_Lim: 1-octet unsigned integer. It is set to the Hop Limit value Hop_Lim: 1-octet unsigned integer. It is set to the Hop Limit value
in the packet at the node that records this data. Hop Limit in the packet at egress from the node that records this data. Hop
information is used to identify the location of the node in the Limit information is used to identify the location of the node in
communication path. This is copied from the lower layer, e.g., the communication path. This is copied from the lower layer,
TTL value in IPv4 header or hop limit field from IPv6 header of e.g., TTL value in IPv4 header or hop limit field from IPv6 header
the packet when the packet is ready for transmission. The of the packet when the packet is ready for transmission. The
semantics of the Hop_Lim field depend on the lower layer protocol semantics of the Hop_Lim field depend on the lower layer protocol
that IOAM is encapsulated into, and therefore its specific that IOAM is encapsulated into, and therefore its specific
semantics are outside the scope of this memo. The value of this semantics are outside the scope of this memo. The value of this
field MUST be set to 0xff when the lower level does not have a field MUST be set to 0xff when the lower level does not have a
TTL/Hop limit equivalent field. TTL/Hop limit equivalent field.
node_id: 3-octet unsigned integer. Node identifier field to node_id: 3-octet unsigned integer. Node identifier field to
uniquely identify a node within the IOAM-Namespace and associated uniquely identify a node within the IOAM-Namespace and associated
IOAM-Domain. The procedure to allocate, manage and map the IOAM-Domain. The procedure to allocate, manage and map the
node_ids is beyond the scope of this document. node_ids is beyond the scope of this document. See
[I-D.brockners-opsawg-ioam-deployment] for a discussion of
deployment related aspects of the node_id.
5.4.2.2. ingress_if_id and egress_if_id 5.4.2.2. ingress_if_id and egress_if_id
The "ingress_if_id and egress_if_id" field is a 4-octet field that is The "ingress_if_id and egress_if_id" field is a 4-octet field that is
defined as follows: defined as follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ingress_if_id | egress_if_id | | ingress_if_id | egress_if_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
ingress_if_id: 2-octet unsigned integer. Interface identifier to ingress_if_id: 2-octet unsigned integer. Interface identifier to
record the ingress interface the packet was received on. record the ingress interface the packet was received on.
egress_if_id: 2-octet unsigned integer. Interface identifier to egress_if_id: 2-octet unsigned integer. Interface identifier to
record the egress interface the packet is forwarded out of. record the egress interface the packet is forwarded out of.
Note that due to the fact that IOAM uses its own IOAM-Namespaces for Note that due to the fact that IOAM uses its own IOAM-Namespaces for
IOAM-Data-Fields, data fields like interface identifiers can be used IOAM-Data-Fields, data fields like interface identifiers can be used
in a flexible way to represent system resources that are associated in a flexible way to represent system resources that are associated
with ingressing or egressing packets, i.e. ingress_if_id could with ingressing or egressing packets, i.e., ingress_if_id could
represent a physical interface, a virtual or logical interface, or represent a physical interface, a virtual or logical interface, or
even a queue. even a queue.
5.4.2.3. timestamp seconds 5.4.2.3. timestamp seconds
The "timestamp seconds" field is a 4-octet unsigned integer field. The "timestamp seconds" field is a 4-octet unsigned integer field.
Absolute timestamp in seconds that specifies the time at which the It contains the absolute timestamp in seconds that specifies the time
packet was received by the node. This field has three possible at which the packet was received by the node. This field has three
formats; based on either PTP [IEEE1588v2], NTP [RFC5905], or POSIX possible formats; based on either PTP (see e.g., [RFC8877]), NTP
[POSIX]. The three timestamp formats are specified in Section 6. In [RFC5905], or POSIX [POSIX]. The three timestamp formats are
all three cases, the Timestamp Seconds field contains the 32 most specified in Section 6. In all three cases, the Timestamp Seconds
significant bits of the timestamp format that is specified in field contains the 32 most significant bits of the timestamp format
Section 6. If a node is not capable of populating this field, it that is specified in Section 6. If a node is not capable of
assigns the value 0xFFFFFFFF. Note that this is a legitimate value populating this field, it assigns the value 0xFFFFFFFF. Note that
that is valid for 1 second in approximately 136 years; the analyzer this is a legitimate value that is valid for 1 second in
has to correlate several packets or compare the timestamp value to approximately 136 years; the analyzer has to correlate several
its own time-of-day in order to detect the error indication. packets or compare the timestamp value to its own time-of-day in
order to detect the error indication.
5.4.2.4. timestamp subseconds 5.4.2.4. timestamp faction
The "timestamp subseconds" field is a 4-octet unsigned integer field. The "timestamp fraction" field is a 4-octet unsigned integer field.
Absolute timestamp in subseconds that specifies the time at which the Fraction specifies the fractional portion of the number of seconds
packet was received by the node. This field has three possible since the NTP epoch [RFC8877]. The field specifies the time at which
formats; based on either PTP [IEEE1588v2], NTP [RFC5905], or POSIX the packet was received by the node. This field has three possible
[POSIX]. The three timestamp formats are specified in Section 6. In formats; based on either PTP (see e.g., [RFC8877]), NTP [RFC5905], or
all three cases, the Timestamp Subseconds field contains the 32 least POSIX [POSIX]. The three timestamp formats are specified in
significant bits of the timestamp format that is specified in Section 6. In all three cases, the Timestamp fraction field contains
Section 6. If a node is not capable of populating this field, it the 32 least significant bits of the timestamp format that is
assigns the value 0xFFFFFFFF. Note that this is a legitimate value specified in Section 6. If a node is not capable of populating this
in the NTP format, valid for approximately 233 picoseconds in every field, it assigns the value 0xFFFFFFFF. Note that this is a
second. If the NTP format is used the analyzer has to correlate legitimate value in the NTP format, valid for approximately 233
several packets in order to detect the error indication. picoseconds in every second. If the NTP format is used the analyzer
has to correlate several packets in order to detect the error
indication.
5.4.2.5. transit delay 5.4.2.5. transit delay
The "transit delay" field is a 4-octet unsigned integer in the range The "transit delay" field is a 4-octet unsigned integer in the range
0 to 2^31-1. It is the time in nanoseconds the packet spent in the 0 to 2^31-1. It is the time in nanoseconds the packet spent in the
transit node. This can serve as an indication of the queuing delay transit node. This can serve as an indication of the queuing delay
at the node. If the transit delay exceeds 2^31-1 nanoseconds then at the node. If the transit delay exceeds 2^31-1 nanoseconds then
the top bit 'O' is set to indicate overflow and value set to the top bit 'O' is set to indicate overflow and value set to
0x80000000. When this field is part of the data field but a node 0x80000000. When this field is part of the data field but a node
populating the field is not able to fill it, the field position in populating the field is not able to fill it, the field position in
skipping to change at page 21, line 35 skipping to change at page 22, line 22
The "Hop_Lim and node_id wide" field is an 8-octet field defined as The "Hop_Lim and node_id wide" field is an 8-octet field defined as
follows: follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id ~ | Hop_Lim | node_id ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ node_id (contd) | ~ node_id (contd) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Hop_Lim: 1-octet unsigned integer. It is set to the Hop Limit value Hop_Lim: 1-octet unsigned integer. See Section 5.4.2.1 for the
in the packet at the node that records this data. Hop Limit definition of the field.
information is used to identify the location of the node in the
communication path. This is copied from the lower layer for e.g.
TTL value in IPv4 header or hop limit field from IPv6 header of
the packet. The semantics of the Hop_Lim field depend on the
lower layer protocol that IOAM is encapsulated into, and therefore
its specific semantics are outside the scope of this memo. The
value of this field MUST be set to 0xff when the lower level does
not have a TTL/Hop limit equivalent field.
node_id: 7-octet unsigned integer. Node identifier field to node_id: 7-octet unsigned integer. Node identifier field to
uniquely identify a node within the IOAM-Namespace and associated uniquely identify a node within the IOAM-Namespace and associated
IOAM-Domain. The procedure to allocate, manage and map the IOAM-Domain. The procedure to allocate, manage and map the
node_ids is beyond the scope of this document. node_ids is beyond the scope of this document.
5.4.2.10. ingress_if_id and egress_if_id wide 5.4.2.10. ingress_if_id and egress_if_id wide
The "ingress_if_id and egress_if_id wide" field is an 8-octet field The "ingress_if_id and egress_if_id wide" field is an 8-octet field
which is defined as follows: which is defined as follows:
skipping to change at page 22, line 46 skipping to change at page 23, line 23
5.4.2.12. buffer occupancy 5.4.2.12. buffer occupancy
The "buffer occupancy" field is a 4-octet unsigned integer field. The "buffer occupancy" field is a 4-octet unsigned integer field.
This field indicates the current status of the occupancy of the This field indicates the current status of the occupancy of the
common buffer pool used by a set of queues. The units of this field common buffer pool used by a set of queues. The units of this field
are implementation specific. Hence, the units are interpreted within are implementation specific. Hence, the units are interpreted within
the context of an IOAM-Namespace and/or node-id if used. The authors the context of an IOAM-Namespace and/or node-id if used. The authors
acknowledge that in some operational cases there is a need for the acknowledge that in some operational cases there is a need for the
units to be consistent across a packet path through the network, units to be consistent across a packet path through the network,
hence it is RECOMMENDED for implementations to use standard units hence it is recommended for implementations to use standard units
such as Bytes. such as Bytes.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| buffer occupancy | | buffer occupancy |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5.4.2.13. Opaque State Snapshot 5.4.2.13. Opaque State Snapshot
The "Opaque State Snapshot" is a variable length field and follows The "Opaque State Snapshot" is a variable length field and follows
skipping to change at page 23, line 46 skipping to change at page 24, line 33
Opaque data: Variable length field. This field is interpreted as Opaque data: Variable length field. This field is interpreted as
specified by the schema identified by the Schema ID. specified by the schema identified by the Schema ID.
When this field is part of the data field but a node populating the When this field is part of the data field but a node populating the
field has no opaque state data to report, the Length MUST be set to 0 field has no opaque state data to report, the Length MUST be set to 0
and the Schema ID MUST be set to 0xFFFFFF to mean no schema. and the Schema ID MUST be set to 0xFFFFFF to mean no schema.
5.4.3. Examples of IOAM node data 5.4.3. Examples of IOAM node data
An entry in the "node data list" array can have different formats, The format used for the entries in a packet's "node data list" array
following the needs of the deployment. Some deployments might only can vary from packet to packet and deployment to deployment". Some
be interested in recording the node identifiers, whereas others might deployments might only be interested in recording the node
be interested in recording node identifier and timestamp. The identifiers, whereas others might be interested in recording node
section provides example entries of the "node data list". identifiers and timestamps. This section provides example entries of
the "node data list".
0xD40000: IOAM-Trace-Type is 0xD40000 (0b110101000000000000000000) 0xD40000: IOAM-Trace-Type is 0xD40000 (0b110101000000000000000000)
then the format of node data is: then the format of node data is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ingress_if_id | egress_if_id | | ingress_if_id | egress_if_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| timestamp subseconds | | timestamp fraction |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| namespace specific data | | namespace specific data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0xC00000: IOAM-Trace-Type is 0xC00000 (0b110000000000000000000000) 0xC00000: IOAM-Trace-Type is 0xC00000 (0b110000000000000000000000)
then the format is: then the format is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
skipping to change at page 24, line 36 skipping to change at page 25, line 33
| ingress_if_id | egress_if_id | | ingress_if_id | egress_if_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0x900000: IOAM-Trace-Type is 0x900000 (0b100100000000000000000000) 0x900000: IOAM-Trace-Type is 0x900000 (0b100100000000000000000000)
then the format is: then the format is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| timestamp subseconds | | timestamp fraction |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0x840000: IOAM-Trace-Type is 0x840000 (0b100001000000000000000000) 0x840000: IOAM-Trace-Type is 0x840000 (0b100001000000000000000000)
then the format is: then the format is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| namespace specific data | | namespace specific data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0x940000: IOAM-Trace-Type is 0x940000 (0b100101000000000000000000) 0x940000: IOAM-Trace-Type is 0x940000 (0b100101000000000000000000)
then the format is: then the format is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| timestamp subseconds | | timestamp fraction |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| namespace specific data | | namespace specific data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0x308002: IOAM-Trace-Type is 0x308002 (0b001100001000000000000010) 0x308002: IOAM-Trace-Type is 0x308002 (0b001100001000000000000010)
then the format is: then the format is:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| timestamp seconds | | timestamp seconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| timestamp subseconds | | timestamp fraction |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop_Lim | node_id | | Hop_Lim | node_id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| node_id(contd) | | node_id(contd) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | Schema Id | | Length | Schema Id |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| | | |
| Opaque data | | Opaque data |
~ ~ ~ ~
. . . .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
5.5. IOAM Proof of Transit Option-Type 5.5. IOAM Proof of Transit Option-Type
IOAM Proof of Transit Option-Type is to support path or service IOAM Proof of Transit Option-Type is used to support path or service
function chain [RFC7665] verification use cases. Proof-of-transit function chain [RFC7665] verification use cases. Proof-of-transit
leverages mechanisms like Shamir's Secret Sharing Schema (SSSS) leverages mechanisms like Shamir's Secret Sharing Schema (SSSS)
[SSS]. For further information on Proof-of-transit, please refer to [SSS]. For further information on Proof-of-transit, please refer to
[I-D.ietf-sfc-proof-of-transit]. While details on how the IOAM data [I-D.ietf-sfc-proof-of-transit]. While details on how the IOAM data
for the Proof-of-transit option is processed at IOAM encapsulating, for the Proof-of-transit option is processed at IOAM encapsulating,
decapsulating and transit nodes are outside the scope of the decapsulating and transit nodes are outside the scope of the
document, all of these approaches share the need to uniquely identify document, all of these approaches share the need to uniquely identify
a packet as well as iteratively operate on a set of information that a packet as well as iteratively operate on a set of information that
is handed from node to node. Correspondingly, two pieces of is handed from node to node. Correspondingly, two pieces of
information are added as IOAM-Data-Fields to the packet: information are added as IOAM-Data-Fields to the packet:
o Random: Unique identifier for the packet (e.g., 64-bits allow for o PktID: Unique identifier for the packet.
the unique identification of 2^64 packets).
o Cumulative: Information which is handed from node to node and o Cumulative: Information which is handed from node to node and
updated by every node according to a verification algorithm. updated by every node according to a verification algorithm.
The IOAM Proof-of-Transit Option-Type consist of a fixed size "IOAM The IOAM Proof-of-Transit Option-Type consist of a fixed size "IOAM
proof of transit option header" and "IOAM proof of transit option proof of transit option header" and "IOAM proof of transit option
data fields": data fields":
IOAM proof of transit option header: IOAM proof of transit option header:
skipping to change at page 26, line 45 skipping to change at page 27, line 42
Namespace-ID value of 0x0000 is defined as the "Default-Namespace- Namespace-ID value of 0x0000 is defined as the "Default-Namespace-
ID" (see Section 5.3) and MUST be known to all the nodes ID" (see Section 5.3) and MUST be known to all the nodes
implementing IOAM. For any other Namespace-ID value that does not implementing IOAM. For any other Namespace-ID value that does not
match any Namespace-ID the node is configured to operate on, the match any Namespace-ID the node is configured to operate on, the
node MUST NOT change the contents of the IOAM-Data-Fields. node MUST NOT change the contents of the IOAM-Data-Fields.
IOAM POT Type: 8-bit identifier of a particular POT variant that IOAM POT Type: 8-bit identifier of a particular POT variant that
specifies the POT data that is included. This document defines specifies the POT data that is included. This document defines
POT Type 0: POT Type 0:
0: POT data is a 16 Octet field as described below. 0: POT data is a 16 Octet field to carry data associated to POT
procedures. [I-D.ietf-sfc-proof-of-transit] describes an
implementation of POT and provides details on the data carried
in POT data.
If a node receives an IOAM POT Type value that it does not If a node receives an IOAM POT Type value that it does not
understand, the node MUST NOT change the contents of the IOAM- understand, the node MUST NOT change, add to, or remove the
Data-Fields. contents of the OAM-Data-Fields.
IOAM POT flags: 8-bit. Following flags are defined: IOAM POT flags: 8-bit. Following flags are defined:
Bit 0 "Profile-to-use" (P-bit) (most significant bit). For IOAM Bit 0 "Profile-to-use" (P-bit) (most significant bit). For IOAM
POT types that use a maximum of two profiles to drive POT types that use a maximum of two profiles to drive
computation, indicates which POT-profile is used. The two computation, indicates which POT-profile (see
profiles are numbered 0, 1. [I-D.ietf-sfc-proof-of-transit] for details) is used. The two
profiles are numbered 0, 1. This bit conveys whether profile 0
or profile 1 is used to compute the Cumulative.
Bit 1-7 Reserved: MUST be set to zero upon transmission and Bit 1-7 Undefined: These bits are available for assignment, see
ignored upon receipt. Section 8.5. Bits which have not been assigned MUST be set to
zero upon transmission and ignored upon receipt.
POT Option data: Variable-length field. The type of which is POT Option data: Variable-length field. The type of which is
determined by the IOAM-POT-Type. determined by the IOAM-POT-Type.
5.5.1. IOAM Proof of Transit Type 0 5.5.1. IOAM Proof of Transit Type 0
IOAM proof of transit option of IOAM POT Type 0: IOAM proof of transit option of IOAM POT Type 0:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID |IOAM POT Type=0|P|R R R R R R R| | Namespace-ID |IOAM POT Type=0|P|R R R R R R R|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
| Random | | | PktID | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P
| Random(contd) | O | PktID (contd) | O
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T
| Cumulative | | | Cumulative | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| Cumulative (contd) | | | Cumulative (contd) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
Namespace-ID: 16-bit identifier of an IOAM-Namespace. The Namespace-ID: 16-bit identifier of an IOAM-Namespace (see
Namespace-ID value of 0x0000 is defined as the "Default-Namespace- Section 5.5 above).
ID" (see Section 5.3) and MUST be known to all the nodes
implementing IOAM. For any other Namespace-ID value that does not
match any Namespace-ID the node is configured to operate on, the
node MUST NOT change the contents of the IOAM-Data-Fields.
IOAM POT Type: 8-bit identifier of a particular POT variant that IOAM POT Type: 8-bit identifier of a particular POT variant that
specifies the POT data that is included. This section defines the specifies the POT data that is included (see Section 5.5 above).
POT data when the IOAM POT Type is set to the value 0. For this case here, IOAM POT Type is set to the value 0.
P bit: 1-bit. "Profile-to-use" (P-bit) (most significant bit). Bit 0: 1-bit. "Profile-to-use" (P-bit) (most significant bit), see
Indicates which POT-profile is used to generate the Cumulative. Section 5.5 above.
Any node participating in POT will have a maximum of 2 profiles
configured that drive the computation of cumulative. The two
profiles are numbered 0, 1. This bit conveys whether profile 0 or
profile 1 is used to compute the Cumulative.
R (7 bits): 7-bit IOAM POT flags for future use. MUST be set to Bit 1-7: Undefined (see Section 5.5 above).
zero upon transmission and ignored upon receipt.
Random: 64-bit Per packet Random number. PktID: 64-bit packet identifier.
Cumulative: 64-bit Cumulative that is updated at specific nodes by Cumulative: 64-bit Cumulative that is updated at specific nodes by
processing per packet Random number field and configured processing per packet PktID field and configured parameters.
parameters.
Note: Larger or smaller sizes of "Random" and "Cumulative" data are Note: Larger or smaller sizes of "PktID" and "Cumulative" data are
feasible and could be required for certain deployments (e.g. in case feasible and could be required for certain deployments, e.g., in case
of space constraints in the encapsulation protocols used). Future of space constraints in the encapsulation protocols used. Future
documents could introduce different sizes of data for "proof of documents could introduce different sizes of data for "proof of
transit". transit".
5.6. IOAM Edge-to-Edge Option-Type 5.6. IOAM Edge-to-Edge Option-Type
The IOAM Edge-to-Edge Option-Type is to carry data that is added by The IOAM Edge-to-Edge Option-Type is to carry data that is added by
the IOAM encapsulating node and interpreted by IOAM decapsulating the IOAM encapsulating node and interpreted by IOAM decapsulating
node. The IOAM transit nodes MAY process the data but MUST NOT node. The IOAM transit nodes MAY process the data but MUST NOT
modify it. modify it.
skipping to change at page 29, line 4 skipping to change at page 29, line 43
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
IOAM Edge-to-Edge Option-Type IOAM-Data-Fields MUST IOAM Edge-to-Edge Option-Type IOAM-Data-Fields MUST
be 4-octet aligned: be 4-octet aligned:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| E2E Option data field determined by IOAM-E2E-Type | | E2E Option data field determined by IOAM-E2E-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Namespace-ID: 16-bit identifier of an IOAM-Namespace. The Namespace-ID: 16-bit identifier of an IOAM-Namespace. The
Namespace-ID value of 0x0000 is defined as the "Default-Namespace- Namespace-ID value of 0x0000 is defined as the "Default-Namespace-
ID" (see Section 5.3) and MUST be known to all the nodes ID" (see Section 5.3) and MUST be known to all the nodes
implementing IOAM. For any other Namespace-ID value that does not implementing IOAM. For any other Namespace-ID value that does not
match any Namespace-ID the node is configured to operate on, then match any Namespace-ID the node is configured to operate on, then
the node MUST NOT change the contents of the IOAM-Data-Fields. the node MUST NOT change the contents of the IOAM-Data-Fields.
IOAM-E2E-Type: A 16-bit identifier which specifies which data types IOAM-E2E-Type: A 16-bit identifier which specifies which data types
are used in the E2E option data. The IOAM-E2E-Type value is a bit are used in the E2E option data. The IOAM-E2E-Type value is a bit
field. The order of packing the E2E option data field elements field. The order of packing the E2E option data field elements
follows the bit order of the IOAM-E2E-Type field, as follows: follows the bit order of the IOAM-E2E-Type field, as follows:
Bit 0 (Most significant bit) When set indicates presence of a Bit 0 (Most significant bit) When set indicates presence of a
64-bit sequence number added to a specific "packet group" 64-bit sequence number added to a specific "packet group"
which is used to detect packet loss, packet reordering, which is used to detect packet loss, packet reordering,
or packet duplication within the group. The "packet or packet duplication within the group. The "packet
group" is deployment dependent and defined at the IOAM group" is deployment dependent and defined at the IOAM
encapsulating node e.g. by n-tuple based classification encapsulating node, e.g., by n-tuple based classification
of packets. of packets. When this bit is set, "Bit 1" (for 32-bit
sequence number, see below) MUST be zero.
Bit 1 When set indicates presence of a 32-bit sequence number Bit 1 When set indicates presence of a 32-bit sequence number
added to a specific "packet group" which is used to added to a specific "packet group" which is used to
detect packet loss, packet reordering, or packet detect packet loss, packet reordering, or packet
duplication within that group. The "packet group" is duplication within that group. The "packet group" is
deployment dependent and defined at the IOAM deployment dependent and defined at the IOAM
encapsulating node e.g. by n-tuple based classification encapsulating node, e.g., by n-tuple based classification
of packets. of packets. When this bit is set, "Bit 0" (for 64-bit
sequence number, see above) MUST be zero.
Bit 2 When set indicates presence of timestamp seconds, Bit 2 When set indicates presence of timestamp seconds,
representing the time at which the packet entered the representing the time at which the packet entered the
IOAM domain. Within the IOAM encapsulating node, the IOAM domain. Within the IOAM encapsulating node, the
time that the timestamp is retrieved can depend on the time that the timestamp is retrieved can depend on the
implementation. Some possibilities are: 1) the time at implementation. Some possibilities are: 1) the time at
which the packet was received by the node, 2) the time at which the packet was received by the node, 2) the time at
which the packet was transmitted by the node, 3) when a which the packet was transmitted by the node, 3) when a
tunnel encapsulation is used, the point at which the tunnel encapsulation is used, the point at which the
packet is encapsulated into the tunnel. Each packet is encapsulated into the tunnel. Each
implementation has to document when the E2E timestamp implementation has to document when the E2E timestamp
that is going to be put in the packet is retrieved. This that is going to be put in the packet is retrieved. This
4-octet field has three possible formats; based on either 4-octet field has three possible formats; based on either
PTP [IEEE1588v2], NTP [RFC5905], or POSIX [POSIX]. The PTP (see e.g., [RFC8877]), NTP [RFC5905], or POSIX
three timestamp formats are specified in Section 6. In [POSIX]. The three timestamp formats are specified in
all three cases, the Timestamp Seconds field contains the Section 6. In all three cases, the Timestamp Seconds
32 most significant bits of the timestamp format that is field contains the 32 most significant bits of the
specified in Section 6. If a node is not capable of timestamp format that is specified in Section 6. If a
populating this field, it assigns the value 0xFFFFFFFF. node is not capable of populating this field, it assigns
Note that this is a legitimate value that is valid for 1 the value 0xFFFFFFFF. Note that this is a legitimate
second in approximately 136 years; the analyzer has to value that is valid for 1 second in approximately 136
correlate several packets or compare the timestamp value years; the analyzer has to correlate several packets or
to its own time-of-day in order to detect the error compare the timestamp value to its own time-of-day in
indication. order to detect the error indication.
Bit 3 When set indicates presence of timestamp subseconds, Bit 3 When set indicates presence of timestamp fraction,
representing the time at which the packet entered the representing the time at which the packet entered the
IOAM domain. This 4-octet field has three possible IOAM domain. This 4-octet field has three possible
formats; based on either PTP [IEEE1588v2], NTP [RFC5905], formats; based on either PTP (see e.g., [RFC8877]), NTP
or POSIX [POSIX]. The three timestamp formats are [RFC5905], or POSIX [POSIX]. The three timestamp formats
specified in Section 6. In all three cases, the are specified in Section 6. In all three cases, the
Timestamp Subseconds field contains the 32 least Timestamp fraction field contains the 32 least
significant bits of the timestamp format that is significant bits of the timestamp format that is
specified in Section 6. If a node is not capable of specified in Section 6. If a node is not capable of
populating this field, it assigns the value 0xFFFFFFFF. populating this field, it assigns the value 0xFFFFFFFF.
Note that this is a legitimate value in the NTP format, Note that this is a legitimate value in the NTP format,
valid for approximately 233 picoseconds in every second. valid for approximately 233 picoseconds in every second.
If the NTP format is used the analyzer has to correlate If the NTP format is used the analyzer has to correlate
several packets in order to detect the error indication. several packets in order to detect the error indication.
Bit 4-15 Undefined. An IOAM encapsulating node MUST set the value Bit 4-15 Undefined. An IOAM encapsulating node MUST set the value
of these bits to zero upon transmission and ignore upon of these bits to zero upon transmission and ignore upon
skipping to change at page 30, line 39 skipping to change at page 31, line 36
6. Timestamp Formats 6. Timestamp Formats
The IOAM-Data-Fields include a timestamp field which is represented The IOAM-Data-Fields include a timestamp field which is represented
in one of three possible timestamp formats. It is assumed that the in one of three possible timestamp formats. It is assumed that the
management plane is responsible for determining which timestamp management plane is responsible for determining which timestamp
format is used. format is used.
6.1. PTP Truncated Timestamp Format 6.1. PTP Truncated Timestamp Format
The Precision Time Protocol (PTP) [IEEE1588v2] uses an 80-bit The Precision Time Protocol (PTP) uses an 80-bit timestamp format.
timestamp format. The truncated timestamp format is a 64-bit field, The truncated timestamp format is a 64-bit field, which is the 64
which is the 64 least significant bits of the 80-bit PTP timestamp. least significant bits of the 80-bit PTP timestamp. The PTP
The PTP truncated format is specified in Section 4.3 of [RFC8877], truncated format is specified in Section 4.3 of [RFC8877], and the
and the details are presented below for the sake of completeness. details are presented below for the sake of completeness.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Seconds | | Seconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Nanoseconds | | Nanoseconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: PTP [IEEE1588v2] Truncated Timestamp Format Figure 1: PTP Truncated Timestamp Format
Timestamp field format: Timestamp field format:
Seconds: specifies the integer portion of the number of seconds Seconds: specifies the integer portion of the number of seconds
since the epoch. since the PTP epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: seconds. + Units: seconds.
Nanoseconds: specifies the fractional portion of the number of Nanoseconds: specifies the fractional portion of the number of
seconds since the epoch. seconds since the PTP epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: nanoseconds. The value of this field is in the range 0 + Units: nanoseconds. The value of this field is in the range 0
to (10^9)-1. to (10^9)-1.
Epoch: Epoch:
The PTP [IEEE1588v2] epoch is 1 January 1970 00:00:00 TAI, which PTP epoch. For details see e.g., [RFC8877].
is 31 December 1969 23:59:51.999918 UTC.
Resolution: Resolution:
The resolution is 1 nanosecond. The resolution is 1 nanosecond.
Wraparound: Wraparound:
This time format wraps around every 2^32 seconds, which is roughly This time format wraps around every 2^32 seconds, which is roughly
136 years. The next wraparound will occur in the year 2106. 136 years. The next wraparound will occur in the year 2106.
Synchronization Aspects: Synchronization Aspects:
It is assumed that nodes that run this protocol are synchronized It is assumed that nodes that run this protocol are synchronized
among themselves. Nodes MAY be synchronized to a global reference among themselves. Nodes MAY be synchronized to a global reference
time. Note that if PTP [IEEE1588v2] is used for synchronization, time. Note that if PTP is used for synchronization, the timestamp
the timestamp MAY be derived from the PTP-synchronized clock, MAY be derived from the PTP-synchronized clock, allowing the
allowing the timestamp to be measured with respect to the clock of timestamp to be measured with respect to the clock of an PTP
an PTP Grandmaster clock. Grandmaster clock.
The PTP truncated timestamp format is not affected by leap The PTP truncated timestamp format is not affected by leap
seconds. seconds.
6.2. NTP 64-bit Timestamp Format 6.2. NTP 64-bit Timestamp Format
The Network Time Protocol (NTP) [RFC5905] timestamp format is 64 bits The Network Time Protocol (NTP) [RFC5905] timestamp format is 64 bits
long. This format is specified in Section 4.2.1 of [RFC8877], and long. This format is specified in Section 4.2.1 of [RFC8877], and
the details are presented below for the sake of completeness. the details are presented below for the sake of completeness.
skipping to change at page 32, line 29 skipping to change at page 33, line 18
| Seconds | | Seconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fraction | | Fraction |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: NTP [RFC5905] 64-bit Timestamp Format Figure 2: NTP [RFC5905] 64-bit Timestamp Format
Timestamp field format: Timestamp field format:
Seconds: specifies the integer portion of the number of seconds Seconds: specifies the integer portion of the number of seconds
since the epoch. since the NTP epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: seconds. + Units: seconds.
Fraction: specifies the fractional portion of the number of Fraction: specifies the fractional portion of the number of
seconds since the epoch. seconds since the NTP epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: the unit is 2^(-32) seconds, which is roughly equal to + Units: the unit is 2^(-32) seconds, which is roughly equal to
233 picoseconds. 233 picoseconds.
Epoch: Epoch:
The epoch is 1 January 1900 at 00:00 UTC. NTP Epoch. For details see [RFC5905].
Resolution: Resolution:
The resolution is 2^(-32) seconds. The resolution is 2^(-32) seconds.
Wraparound: Wraparound:
This time format wraps around every 2^32 seconds, which is roughly This time format wraps around every 2^32 seconds, which is roughly
136 years. The next wraparound will occur in the year 2036. 136 years. The next wraparound will occur in the year 2036.
skipping to change at page 33, line 42 skipping to change at page 34, line 30
| Seconds | | Seconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Microseconds | | Microseconds |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: POSIX-based Timestamp Format Figure 3: POSIX-based Timestamp Format
Timestamp field format: Timestamp field format:
Seconds: specifies the integer portion of the number of seconds Seconds: specifies the integer portion of the number of seconds
since the epoch. since the POSIX epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: seconds. + Units: seconds.
Microseconds: specifies the fractional portion of the number of Microseconds: specifies the fractional portion of the number of
seconds since the epoch. seconds since the POSIX epoch.
+ Size: 32 bits. + Size: 32 bits.
+ Units: the unit is microseconds. The value of this field is in + Units: the unit is microseconds. The value of this field is in
the range 0 to (10^6)-1. the range 0 to (10^6)-1.
Epoch: Epoch:
The epoch is 1 January 1970 00:00:00 TAI, which is 31 December POSIX epoch. For details, see [POSIX], appendix A.4.16.
1969 23:59:51.999918 UTC.
Resolution: Resolution:
The resolution is 1 microsecond. The resolution is 1 microsecond.
Wraparound: Wraparound:
This time format wraps around every 2^32 seconds, which is roughly This time format wraps around every 2^32 seconds, which is roughly
136 years. The next wraparound will occur in the year 2106. 136 years. The next wraparound will occur in the year 2106.
Synchronization Aspects: Synchronization Aspects:
It is assumed that nodes that use this timestamp format run the It is assumed that nodes that use this timestamp format run the
Linux operating system, and hence use the POSIX time. In some Linux operating system, and hence use the POSIX time. In some
cases nodes MAY be synchronized to UTC using a synchronization cases nodes MAY be synchronized to UTC using a synchronization
mechanism that is outside the scope of this document, such as NTP mechanism that is outside the scope of this document, such as NTP
[RFC5905]. Thus, the timestamp MAY be derived from the NTP- [RFC5905]. Thus, the timestamp MAY be derived from the NTP-
synchronized clock, allowing the timestamp to be measured with synchronized clock, allowing the timestamp to be measured with
respect to the clock of an NTP server. respect to the clock of an NTP server.
The POSIX-based timestamp format is affected by leap seconds; it
represents the number of seconds since the epoch minus the number
of leap seconds that have occurred since the epoch. The value of
a timestamp during or slightly after a leap second could be
temporarily inaccurate.
7. IOAM Data Export 7. IOAM Data Export
IOAM nodes collect information for packets traversing a domain that IOAM nodes collect information for packets traversing a domain that
supports IOAM. IOAM decapsulating nodes as well as IOAM transit supports IOAM. IOAM decapsulating nodes as well as IOAM transit
nodes can choose to retrieve IOAM information from the packet, nodes can choose to retrieve IOAM information from the packet,
process the information further and export the information using process the information further and export the information using
e.g., IPFIX. The mechanisms and associated data formats for e.g., IPFIX. The mechanisms and associated data formats for
exporting IOAM data is outside the scope of this document. exporting IOAM data is outside the scope of this document.
Raw data export of IOAM data using IPFIX is discussed in Raw data export of IOAM data using IPFIX is discussed in
skipping to change at page 35, line 47 skipping to change at page 36, line 25
following code points are defined in this draft: following code points are defined in this draft:
0 IOAM Pre-allocated Trace Option-Type 0 IOAM Pre-allocated Trace Option-Type
1 IOAM Incremental Trace Option-Type 1 IOAM Incremental Trace Option-Type
2 IOAM POT Option-Type 2 IOAM POT Option-Type
3 IOAM E2E Option-Type 3 IOAM E2E Option-Type
4 - 127 are available for assignment via RFC Required process as per 4 - 127 are available for assignment via "IETF Review" process as per
[RFC8126]. [RFC8126].
New registration requests MUST use the following template:
Name: Name of the newly registered Option-Type.
Code point: Desired value of the requested code point.
Description: Brief description of the newly registered Option-Type.
Reference: Reference to the document that defines the new Option-
Type.
8.2. IOAM Trace-Type Registry 8.2. IOAM Trace-Type Registry
This registry defines code point for each bit in the 24-bit IOAM- This registry defines code point for each bit in the 24-bit IOAM-
Trace-Type field for Pre-allocated trace option and Incremental trace Trace-Type field for Pre-allocated Trace-Option-Type and Incremental
option defined in Section 5.4. The meaning of Bits 0 - 11 for trace Trace-Option-Type defined in Section 5.4. The meaning of Bits 0 - 11
type are defined in this document in Paragraph 5 of Section 5.4.1: is defined in this document in Paragraph 5 of Section 5.4.1:
Bit 0 hop_Lim and node_id in short format Bit 0 hop_Lim and node_id in short format
Bit 1 ingress_if_id and egress_if_id in short format Bit 1 ingress_if_id and egress_if_id in short format
Bit 2 timestamp seconds Bit 2 timestamp seconds
Bit 3 timestamp fraction
Bit 3 timestamp subseconds
Bit 4 transit delay Bit 4 transit delay
Bit 5 namespace specific data in short format Bit 5 namespace specific data in short format
Bit 6 queue depth Bit 6 queue depth
Bit 7 checksum complement Bit 7 checksum complement
Bit 8 hop_Lim and node_id in wide format Bit 8 hop_Lim and node_id in wide format
skipping to change at page 36, line 40 skipping to change at page 37, line 26
Bit 9 ingress_if_id and egress_if_id in wide format Bit 9 ingress_if_id and egress_if_id in wide format
Bit 10 namespace specific data in wide format Bit 10 namespace specific data in wide format
Bit 11 buffer occupancy Bit 11 buffer occupancy
Bit 22 variable length Opaque State Snapshot Bit 22 variable length Opaque State Snapshot
Bit 23 reserved Bit 23 reserved
The meaning for Bits 12 - 21 are available for assignment via RFC The meaning for Bits 12 - 21 are available for assignment via "IETF
Required process as per [RFC8126]. Review" process as per [RFC8126].
New registration requests MUST use the following template:
Bit: Desired bit to be allocated in the 24-bit IOAM Trace-Option-
Type field for Pre-allocated Trace-Option-Type and Incremental
Trace-Option-Type.
Description: Brief description of the newly registered bit.
Reference: Reference to the document that defines the new bit.
8.3. IOAM Trace-Flags Registry 8.3. IOAM Trace-Flags Registry
This registry defines code points for each bit in the 4 bit flags for This registry defines code points for each bit in the 4 bit flags for
the Pre-allocated trace option and for the Incremental trace option the Pre-allocated trace option and for the Incremental trace option
defined in Section 5.4. The meaning of Bit 0 (the most significant defined in Section 5.4. The meaning of Bit 0 (the most significant
bit) for trace flags is defined in this document in Paragraph 3 of bit) for trace flags is defined in this document in Paragraph 3 of
Section 5.4.1: Section 5.4.1:
Bit 0 "Overflow" (O-bit) Bit 0 "Overflow" (O-bit)
Bit 1 - 3 are available for assignment via RFC Required process as
Bit 1 - 3 are available for assignment via "IETF Review" process as
per [RFC8126]. per [RFC8126].
New registration requests MUST use the following template:
Bit: Desired bit to be allocated in the 8 bit flags field of the
Pre-allocated Trace-Option-Type and for the Incremental Trace-
Option-Type.
Description: Brief description of the newly registered bit.
Reference: Reference to the document that defines the new bit.
8.4. IOAM POT-Type Registry 8.4. IOAM POT-Type Registry
This registry defines 256 code points to define IOAM POT Type for This registry defines 256 code points to define IOAM POT Type for
IOAM proof of transit option Section 5.5. The code point value 0 is IOAM proof of transit option Section 5.5. The code point value 0 is
defined in this document: defined in this document:
0: 16 Octet POT data 0: 16 Octet POT data
1 - 255 are available for assignment via RFC Required process as per 1 - 255 are available for assignment via "IETF Review" process as per
[RFC8126]. [RFC8126].
New registration requests MUST use the following template:
Name: Name of the newly registered POT-Type.
Code point: Desired value of the requested code point.
Description: Brief description of the newly registered POT-Type.
Reference: Reference to the document that defines the new POT-Type.
8.5. IOAM POT-Flags Registry 8.5. IOAM POT-Flags Registry
This registry defines code points for each bit in the 8 bit flags for This registry defines code points for each bit in the 8 bit flags for
IOAM POT option defined in Section 5.5. The meaning of Bit 0 for IOAM POT Option-Type defined in Section 5.5. The meaning of Bit 0
IOAM POT flags is defined in this document in Section 5.5: for IOAM POT flags is defined in this document in Section 5.5:
Bit 0 "Profile-to-use" (P-bit) Bit 0 "Profile-to-use" (P-bit)
The meaning for Bits 1 - 7 are available for assignment via RFC The meaning for Bits 1 - 7 are available for assignment via "IETF
Required process as per [RFC8126]. Review" process as per [RFC8126].
New registration requests MUST use the following template:
Bit: Desired bit to be allocated in the 8 bit flags field of the
IOAM POT Option-Type.
Description: Brief description of the newly registered bit.
Reference: Reference to the document that defines the new bit.
8.6. IOAM E2E-Type Registry 8.6. IOAM E2E-Type Registry
This registry defines code points for each bit in the 16 bit IOAM- This registry defines code points for each bit in the 16 bit IOAM-
E2E-Type field for IOAM E2E option Section 5.6. The meaning of Bit 0 E2E-Type field for IOAM E2E option Section 5.6. The meaning of Bit 0
- 3 are defined in this document: - 3 are defined in this document:
Bit 0 64-bit sequence number Bit 0 64-bit sequence number
Bit 1 32-bit sequence number Bit 1 32-bit sequence number
Bit 2 timestamp seconds Bit 2 timestamp seconds
Bit 3 timestamp subseconds Bit 3 timestamp fraction
The meaning of Bits 4 - 15 are available for assignment via RFC The meaning of Bits 4 - 15 are available for assignment via "IETF
Required process as per [RFC8126]. Review" process as per [RFC8126].
New registration requests MUST use the following template:
Bit: Desired bit to be allocated in the 16 bit IOAM-E2E-Type field.
Description: Brief description of the newly registered bit.
Reference: Reference to the document that defines the new bit.
8.7. IOAM Namespace-ID Registry 8.7. IOAM Namespace-ID Registry
IANA is requested to set up an "IOAM Namespace-ID Registry", IANA is requested to set up an "IOAM Namespace-ID Registry",
containing 16-bit values. The meaning of Bit 0 is defined in this containing 16-bit values and following the template for requests
document. IANA is requested to reserve the values 0x0001 to 0x7FFF shown below. The meaning of 0x0000 is defined in this document.
for private use (managed by operators), as specified in Section 5.3 IANA is requested to reserve the values 0x0001 to 0x7FFF for private
of the current document. Registry entries for the values 0x8000 to use (managed by operators), as specified in Section 5.3 of the
0xFFFF are to be assigned via the "Expert Review" policy defined in current document. Registry entries for the values 0x8000 to 0xFFFF
[RFC8126]. Upon a new allocation request, the responsible AD will are to be assigned via the "Expert Review" policy defined in
appoint a designated expert, who will review the allocation request. [RFC8126].
The expert will post the request on the mailing list of the IPPM
working group in the IETF (ippm@ietf.org), and possibly on other
relevant mailing lists, to allow for community feedback. Based on
the review, the expert will either approve or deny the request. The
intention is that any allocation will be accompanied by a published
RFC. But in order to allow for the allocation of values prior to the
RFC being approved for publication, the designated expert can approve
allocations once it seems clear that an RFC will be published.
0: default namespace (known to all IOAM nodes) Upon receiving a new allocation request, a designated expert will
perform the following:
o Review whether the request is complete, i.e., the registration
template has been filled in. The expert will send incomplete
requests back to the requestor.
o Check whether the request is neither a duplicate of nor
conflicting with either an already existing allocation or a
pending allocation. In case of duplicates or conflicts, the
expert will ask the requestor to update the allocation request
accordingly.
o Solicit feedback from relevant working groups and communities to
ensure that the new allocation request has been properly reviewed
and that rough consensus on the request exists. At a minumum, the
expert will solicit feedback from the IPPM working group in the
IETF by posting the request to the ippm@ietf.org mailing list. If
the feedback received from the relevant working groups and
communities indicates rough consensus on the request, the expert
will approve the request and ask IANA for allocating the new
Namespace-ID. In case the expert senses a lack of consensus from
the feedback received, the expert will ask the requestor to engage
with the corresponding working groups and communities to further
review and refine the request.
It is intended that any allocation will be accompanied by a published
RFC. In order to allow for the allocation of code points prior to
the RFC being approved for publication, the designated expert can
approve allocations once it seems clear that an RFC will be
published.
0x0000: default namespace (known to all IOAM nodes)
0x0001 - 0x7FFF: reserved for private use 0x0001 - 0x7FFF: reserved for private use
0x8000 - 0xFFFF: unassigned 0x8000 - 0xFFFF: unassigned
New registration requests MUST use the following template:
Name: Name of the newly registered Namespace-ID.
Code point: Desired value of the requested Namespace-ID.
Description: Brief description of the newly registered Namespace-ID.
Reference: Reference to the document that defines the new Namespace-
ID.
Status of the registration: Status can be either "permanent" or
"provisional". Namespace-ID registrations following a successful
expert review will have the status "provisional". Once the RFC,
which defines the new Namespace-ID is published, the status is
changed to "permanent".
9. Management and Deployment Considerations 9. Management and Deployment Considerations
This document defines the structure and use of IOAM data fields. This document defines the structure and use of IOAM data fields.
This document does not define the encapsulation of IOAM data fields This document does not define the encapsulation of IOAM data fields
into different protocols. Management and deployment aspects for IOAM into different protocols. Management and deployment aspects for IOAM
have to be considered within the context of the protocol IOAM data have to be considered within the context of the protocol IOAM data
fields are encapsulated into and as such, are out of scope for this fields are encapsulated into and as such, are out of scope for this
document. For a discussion of IOAM deployment, please also refer to document. For a discussion of IOAM deployment, please also refer to
[I-D.brockners-opsawg-ioam-deployment], which outlines a framework [I-D.brockners-opsawg-ioam-deployment], which outlines a framework
for IOAM deployment and provides best current practices. for IOAM deployment and provides best current practices.
10. Security Considerations 10. Security Considerations
As discussed in [RFC7276], a successful attack on an OAM protocol in As discussed in [RFC7276], a successful attack on an OAM protocol in
general, and specifically on IOAM, can prevent the detection of general, and specifically on IOAM, can prevent the detection of
failures or anomalies, or create a false illusion of nonexistent failures or anomalies, or create a false illusion of nonexistent
ones. In particular, these threats are applicable by compromising ones. In particular, these threats are applicable by compromising
the integrity of IOAM data, either by maliciously modifying IOAM the integrity of IOAM data, either by maliciously modifying IOAM
options in transit, or by injecting packets with maliciously options in transit, or by injecting packets with maliciously
generated IOAM options generated IOAM options. All nodes in the path of a IOAM carrying
packet can perform such an attack.
The Proof of Transit Option-Type (Section Section 5.5) is used for The Proof of Transit Option-Type (see Section 5.5) is used for
verifying the path of data packets. The security considerations of verifying the path of data packets. The security considerations of
POT are further discussed in [I-D.ietf-sfc-proof-of-transit]. POT are further discussed in [I-D.ietf-sfc-proof-of-transit].
From a confidentiality perspective, although IOAM options do not In case an attacker gains access to several nodes in a network and
contain user data, they can be used for network reconnaissance, would be able to change the system software of these nodes, IOAM data
allowing attackers to collect information about network paths, fields could be misused and repurposed for a use different from what
performance, queue states, buffer occupancy and other information. is specified in this document. One type of misuse is the
implementation of a covert channel between network nodes.
Moreover, if IOAM data leaks from the IOAM domain it could enable From a confidentiality perspective, although IOAM options are not
reconnaissance beyond the scope of the IOAM domain. Note that in expected to contain user data, they can be used for network
case IOAM is used in "Direct Exporting" mode reconnaissance, allowing attackers to collect information about
[I-D.ioamteam-ippm-ioam-direct-export], the IOAM related trace network paths, performance, queue states, buffer occupancy and other
information would not be available in the customer data packets, but information. Moreover, if IOAM data leaks from the IOAM domain it
would trigger export of packet related IOAM information at every could enable reconnaissance beyond the scope of the IOAM domain.
node, thus restricting the potential threat to the management plane
and mitigating the leakage threat. IOAM data exporting and the way
it is secured is outside the scope of this document.
IOAM can be used as a means for implementing Denial of Service (DoS) IOAM can be used as a means for implementing Denial of Service (DoS)
attacks, or for amplifying them. For example, a malicious attacker attacks, or for amplifying them. For example, a malicious attacker
can add an IOAM header to packets in order to consume the resources can add an IOAM header to packets in order to consume the resources
of network devices that take part in IOAM or entities that receive, of network devices that take part in IOAM or entities that receive,
collect or analyze the IOAM data. Another example is a packet length collect or analyze the IOAM data. Another example is a packet length
attack, in which an attacker pushes headers associated with IOAM attack, in which an attacker pushes headers associated with IOAM
Option-Types into data packets, causing these packets to be increased Option-Types into data packets, causing these packets to be increased
beyond the MTU size, resulting in fragmentation or in packet drops. beyond the MTU size, resulting in fragmentation or in packet drops.
In case POT is used, an attacker could corrupt the POT data fields in
the packet, resulting in a verification failure of the POT data, even
if the packet followed the correct path.
Since IOAM options can include timestamps, if network devices use Since IOAM options can include timestamps, if network devices use
synchronization protocols then any attack on the time protocol synchronization protocols then any attack on the time protocol
[RFC7384] can compromise the integrity of the timestamp-related data [RFC7384] can compromise the integrity of the timestamp-related data
fields. fields.
At the management plane, attacks can be set up by misconfiguring or At the management plane, attacks can be set up by misconfiguring or
by maliciously configuring IOAM-enabled nodes in a way that enables by maliciously configuring IOAM-enabled nodes in a way that enables
other attacks. Thus, IOAM configuration has to be secured in a way other attacks. IOAM configuration should only managed by authorized
that authenticates authorized users and verifies the integrity of processes or users.
configuration procedures.
Solutions to ensure the integrity of IOAM data fields are outside the Solutions to ensure the integrity of IOAM data fields are outside the
scope of this document. [I-D.brockners-ippm-ioam-data-integrity] scope of this document. [I-D.brockners-ippm-ioam-data-integrity]
discusses several methods to ensure the integrity of IOAM data fields discusses several methods to ensure the integrity of IOAM data fields
for those deployments that have a need to protect the integrity of for those deployments that have a need to protect the integrity of
IOAM data fields. IOAM data fields.
The current document does not define a specific IOAM encapsulation. The current document does not define a specific IOAM encapsulation.
It has to be noted that some IOAM encapsulation types can introduce It has to be noted that some IOAM encapsulation types can introduce
specific security considerations. A specification that defines an specific security considerations. A specification that defines an
IOAM encapsulation is expected to address the respective IOAM encapsulation is expected to address the respective
encapsulation-specific security considerations. encapsulation-specific security considerations.
Notably, in most cases IOAM is expected to be deployed in specific Notably, IOAM is expected to be deployed in limited domains, thus
network domains, thus confining the potential attack vectors to confining the potential attack vectors to within the limited domain.
within the network domain. A limited administrative domain provides A limited administrative domain provides the operator with the means
the operator with the means to select, monitor, and control the to select, monitor, and control the access of all the network
access of all the network devices, making these devices trusted by devices, making these devices trusted by the operator. Indeed, in
the operator. Indeed, in order to limit the scope of threats order to limit the scope of threats mentioned above to within the
mentioned above to within the current network domain the network current limited domain the network operator is expected to enforce
operator is expected to enforce policies that prevent IOAM traffic policies that prevent IOAM traffic from leaking outside of the IOAM
from leaking outside of the IOAM domain, and prevent IOAM data from domain, and prevent IOAM data from outside the domain to be processed
outside the domain to be processed and used within the domain. and used within the domain.
The security considerations of a system that deploys IOAM, much like The security considerations of a system that deploys IOAM, much like
any system, has to be reviewed on a per-deployment-scenario basis, any system, has to be reviewed on a per-deployment-scenario basis,
based on a systems-specific threat analysis, which can lead to based on a systems-specific threat analysis, which can lead to
specific security solutions that are beyond the scope of the current specific security solutions that are beyond the scope of the current
document. Specifically, in an IOAM deployment that is not confined document. Specifically, in an IOAM deployment that is not confined
to a single LAN, but spans multiple inter-connected sites (for to a single LAN, but spans multiple inter-connected sites (for
example, using an overlay network), the inter-site links can be example, using an overlay network), the inter-site links can be
secured (e.g., by IPsec) in order to avoid external threats. secured (e.g., by IPsec) in order to avoid external threats.
skipping to change at page 40, line 38 skipping to change at page 43, line 22
Yourtchenko, Aviv Kfir, Tianran Zhou, Zhenbin (Robin) and Greg Mirsky Yourtchenko, Aviv Kfir, Tianran Zhou, Zhenbin (Robin) and Greg Mirsky
for the comments and advice. for the comments and advice.
This document leverages and builds on top of several concepts This document leverages and builds on top of several concepts
described in [I-D.kitamura-ipv6-record-route]. The authors would described in [I-D.kitamura-ipv6-record-route]. The authors would
like to acknowledge the work done by the author Hiroshi Kitamura and like to acknowledge the work done by the author Hiroshi Kitamura and
people involved in writing it. people involved in writing it.
The authors would like to gracefully acknowledge useful review and The authors would like to gracefully acknowledge useful review and
insightful comments received from Joe Clarke, Al Morton, Tom Herbert, insightful comments received from Joe Clarke, Al Morton, Tom Herbert,
Haoyu Song, Mickey Spiegel and Barak Gafni. Haoyu Song, Mickey Spiegel, Roman Danyliw, Benjamin Kaduk, Ian Swett,
Martin Duke, Francesca Palombini, Lars Eggert, Dan Romascanu and
Barak Gafni.
12. References 12. References
12.1. Normative References 12.1. Normative References
[IEEE1588v2]
Institute of Electrical and Electronics Engineers, "IEEE
Std 1588-2008 - IEEE Standard for a Precision Clock
Synchronization Protocol for Networked Measurement and
Control Systems", IEEE Std 1588-2008, 2008,
<http://standards.ieee.org/findstds/
standard/1588-2008.html>.
[POSIX] Institute of Electrical and Electronics Engineers, "IEEE [POSIX] Institute of Electrical and Electronics Engineers, "IEEE
Std 1003.1-2008 (Revision of IEEE Std 1003.1-2004) - IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2017) - IEEE
Standard for Information Technology - Portable Operating Standard for Information Technology - Portable Operating
System Interface (POSIX(R))", IEEE Std 1003.1-2008, 2008, System Interface (POSIX(TM) Base Specifications, Issue
7)", IEEE Std 1003.1-2017, 2017,
<https://standards.ieee.org/findstds/ <https://standards.ieee.org/findstds/
standard/1003.1-2008.html>. standard/1003.1-2017.html>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and Algorithms "Network Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,
<https://www.rfc-editor.org/info/rfc5905>. <https://www.rfc-editor.org/info/rfc5905>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
12.2. Informative References 12.2. Informative References
[I-D.brockners-ippm-ioam-data-integrity] [I-D.brockners-ippm-ioam-data-integrity]
Brockners, F., Bhandari, S., and T. Mizrahi, "Integrity of Brockners, F., Bhandari, S., and T. Mizrahi, "Integrity of
In-situ OAM Data Fields", draft-brockners-ippm-ioam-data- In-situ OAM Data Fields", draft-brockners-ippm-ioam-data-
integrity-00 (work in progress), January 2021. integrity-01 (work in progress), February 2021.
[I-D.brockners-opsawg-ioam-deployment] [I-D.brockners-opsawg-ioam-deployment]
Brockners, F., Bhandari, S., and d. Brockners, F., Bhandari, S., and D. Bernier, "In-situ OAM
daniel.bernier@bell.ca, "In-situ OAM Deployment", draft- Deployment", draft-brockners-opsawg-ioam-deployment-02
brockners-opsawg-ioam-deployment-02 (work in progress), (work in progress), September 2020.
September 2020.
[I-D.ietf-nvo3-geneve]
Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic
Network Virtualization Encapsulation", draft-ietf-
nvo3-geneve-16 (work in progress), March 2020.
[I-D.ietf-nvo3-vxlan-gpe] [I-D.ietf-nvo3-vxlan-gpe]
Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol (Editor), F. M., (editor), L. K., and U. E. (editor),
Extension for VXLAN (VXLAN-GPE)", draft-ietf-nvo3-vxlan- "Generic Protocol Extension for VXLAN (VXLAN-GPE)", draft-
gpe-10 (work in progress), July 2020. ietf-nvo3-vxlan-gpe-11 (work in progress), March 2021.
[I-D.ietf-sfc-proof-of-transit] [I-D.ietf-sfc-proof-of-transit]
Brockners, F., Bhandari, S., Mizrahi, T., Dara, S., and S. Brockners, F., Bhandari, S., Mizrahi, T., Dara, S., and S.
Youell, "Proof of Transit", draft-ietf-sfc-proof-of- Youell, "Proof of Transit", draft-ietf-sfc-proof-of-
transit-08 (work in progress), November 2020. transit-08 (work in progress), November 2020.
[I-D.ioamteam-ippm-ioam-direct-export]
Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F.,
Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ
OAM Direct Exporting", draft-ioamteam-ippm-ioam-direct-
export-00 (work in progress), October 2019.
[I-D.kitamura-ipv6-record-route] [I-D.kitamura-ipv6-record-route]
Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop
Option Extension", draft-kitamura-ipv6-record-route-00 Option Extension", draft-kitamura-ipv6-record-route-00
(work in progress), November 2000. (work in progress), November 2000.
[I-D.spiegel-ippm-ioam-rawexport] [I-D.spiegel-ippm-ioam-rawexport]
Spiegel, M., Brockners, F., Bhandari, S., and R. Spiegel, M., Brockners, F., Bhandari, S., and R.
Sivakolundu, "In-situ OAM raw data export with IPFIX", Sivakolundu, "In-situ OAM raw data export with IPFIX",
draft-spiegel-ippm-ioam-rawexport-04 (work in progress), draft-spiegel-ippm-ioam-rawexport-04 (work in progress),
November 2020. November 2020.
skipping to change at page 43, line 14 skipping to change at page 45, line 29
[RFC7821] Mizrahi, T., "UDP Checksum Complement in the Network Time [RFC7821] Mizrahi, T., "UDP Checksum Complement in the Network Time
Protocol (NTP)", RFC 7821, DOI 10.17487/RFC7821, March Protocol (NTP)", RFC 7821, DOI 10.17487/RFC7821, March
2016, <https://www.rfc-editor.org/info/rfc7821>. 2016, <https://www.rfc-editor.org/info/rfc7821>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300, "Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018, DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/info/rfc8300>. <https://www.rfc-editor.org/info/rfc8300>.
[RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet
Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
<https://www.rfc-editor.org/info/rfc8799>.
[RFC8877] Mizrahi, T., Fabini, J., and A. Morton, "Guidelines for [RFC8877] Mizrahi, T., Fabini, J., and A. Morton, "Guidelines for
Defining Packet Timestamps", RFC 8877, Defining Packet Timestamps", RFC 8877,
DOI 10.17487/RFC8877, September 2020, DOI 10.17487/RFC8877, September 2020,
<https://www.rfc-editor.org/info/rfc8877>. <https://www.rfc-editor.org/info/rfc8877>.
[SSS] "Shamir's Secret Sharing", [RFC8926] Gross, J., Ed., Ganga, I., Ed., and T. Sridhar, Ed.,
"Geneve: Generic Network Virtualization Encapsulation",
RFC 8926, DOI 10.17487/RFC8926, November 2020,
<https://www.rfc-editor.org/info/rfc8926>.
[SSS] Wikipedia, "Shamir's Secret Sharing",
<https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing>. <https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing>.
Contributors' Addresses Contributors' Addresses
Carlos Pignataro Carlos Pignataro
Cisco Systems, Inc. Cisco Systems, Inc.
7200-11 Kit Creek Road 7200-11 Kit Creek Road
Research Triangle Park, NC 27709 Research Triangle Park, NC 27709
United States United States
Email: cpignata@cisco.com Email: cpignata@cisco.com
Mickey Spiegel Mickey Spiegel
Barefoot Networks, an Intel company Barefoot Networks, an Intel company
4750 Patrick Henry Drive 4750 Patrick Henry Drive
Santa Clara, CA 95054 Santa Clara, CA 95054
US US
Email: mickey.spiegel@intel.com Email: mickey.spiegel@intel.com
 End of changes. 152 change blocks. 
417 lines changed or deleted 545 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/