| < draft-ietf-ippm-ioam-direct-export-02.txt | draft-ietf-ippm-ioam-direct-export-03.txt > | |||
|---|---|---|---|---|
| IPPM H. Song | IPPM H. Song | |||
| Internet-Draft Futurewei | Internet-Draft Futurewei | |||
| Intended status: Standards Track B. Gafni | Intended status: Standards Track B. Gafni | |||
| Expires: May 5, 2021 Mellanox Technologies, Inc. | Expires: August 21, 2021 Nvidia | |||
| T. Zhou | T. Zhou | |||
| Z. Li | Z. Li | |||
| Huawei | Huawei | |||
| F. Brockners | F. Brockners | |||
| S. Bhandari | Cisco | |||
| S. Bhandari, Ed. | ||||
| Thoughtspot | ||||
| R. Sivakolundu | R. Sivakolundu | |||
| Cisco | Cisco | |||
| T. Mizrahi, Ed. | T. Mizrahi, Ed. | |||
| Huawei Smart Platforms iLab | Huawei | |||
| November 1, 2020 | February 17, 2021 | |||
| In-situ OAM Direct Exporting | In-situ OAM Direct Exporting | |||
| draft-ietf-ippm-ioam-direct-export-02 | draft-ietf-ippm-ioam-direct-export-03 | |||
| Abstract | Abstract | |||
| In-situ Operations, Administration, and Maintenance (IOAM) is used | In-situ Operations, Administration, and Maintenance (IOAM) is used | |||
| for recording and collecting operational and telemetry information. | for recording and collecting operational and telemetry information. | |||
| Specifically, IOAM allows telemetry data to be pushed into data | Specifically, IOAM allows telemetry data to be pushed into data | |||
| packets while they traverse the network. This document introduces a | packets while they traverse the network. This document introduces a | |||
| new IOAM option type called the Direct Export (DEX) option, which is | new IOAM option type called the Direct Export (DEX) option, which is | |||
| used as a trigger for IOAM data to be directly exported without being | used as a trigger for IOAM data to be directly exported without being | |||
| pushed into in-flight data packets. | pushed into in-flight data packets. | |||
| skipping to change at page 1, line 46 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 5, 2021. | This Internet-Draft will expire on August 21, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 35 ¶ | skipping to change at page 2, line 35 ¶ | |||
| 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. The Direct Exporting (DEX) IOAM Option Type . . . . . . . . . 3 | 3. The Direct Exporting (DEX) IOAM Option Type . . . . . . . . . 3 | |||
| 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. The DEX Option Format . . . . . . . . . . . . . . . . . . 5 | 3.2. The DEX Option Format . . . . . . . . . . . . . . . . . . 5 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.1. IOAM Type . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4.1. IOAM Type . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.2. IOAM DEX Flags . . . . . . . . . . . . . . . . . . . . . 6 | 4.2. IOAM DEX Flags . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Performance Considerations . . . . . . . . . . . . . . . . . 6 | 5. Performance Considerations . . . . . . . . . . . . . . . . . 6 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 8 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 8 | 7.2. Informative References . . . . . . . . . . . . . . . . . 8 | |||
| Appendix A. Hop Limit and Hop Count in Direct Exporting . . . . 8 | Appendix A. Hop Limit and Hop Count in Direct Exporting . . . . 8 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 1. Introduction | 1. Introduction | |||
| IOAM [I-D.ietf-ippm-ioam-data] is used for monitoring traffic in the | IOAM [I-D.ietf-ippm-ioam-data] is used for monitoring traffic in the | |||
| network, and for incorporating IOAM data fields into in-flight data | network, and for incorporating IOAM data fields into in-flight data | |||
| packets. | packets. | |||
| skipping to change at page 3, line 17 ¶ | skipping to change at page 3, line 17 ¶ | |||
| This draft has evolved from combining some of the concepts of PBT-I | This draft has evolved from combining some of the concepts of PBT-I | |||
| from [I-D.song-ippm-postcard-based-telemetry] with immediate | from [I-D.song-ippm-postcard-based-telemetry] with immediate | |||
| exporting from [I-D.ietf-ippm-ioam-flags]. | exporting from [I-D.ietf-ippm-ioam-flags]. | |||
| 2. Conventions | 2. Conventions | |||
| 2.1. Requirement Language | 2.1. Requirement Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| document are to be interpreted as described in [RFC2119]. | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
| capitals, as shown here. | ||||
| 2.2. Terminology | 2.2. Terminology | |||
| Abbreviations used in this document: | Abbreviations used in this document: | |||
| IOAM: In-situ Operations, Administration, and Maintenance | IOAM: In-situ Operations, Administration, and Maintenance | |||
| OAM: Operations, Administration, and Maintenance | OAM: Operations, Administration, and Maintenance | |||
| DEX: Direct EXporting | DEX: Direct EXporting | |||
| skipping to change at page 7, line 28 ¶ | skipping to change at page 7, line 28 ¶ | |||
| attacker may maliciously incorporate the DEX option into transit | attacker may maliciously incorporate the DEX option into transit | |||
| packets, or maliciously remove it from packets in which it is | packets, or maliciously remove it from packets in which it is | |||
| incorporated. | incorporated. | |||
| Forcing DEX, either in synthetic packets or in transit packets may | Forcing DEX, either in synthetic packets or in transit packets may | |||
| overload the receiving entity (or entities). Since this mechanism | overload the receiving entity (or entities). Since this mechanism | |||
| affects multiple devices along the network path, it potentially | affects multiple devices along the network path, it potentially | |||
| amplifies the effect on the network bandwidth and on the receiving | amplifies the effect on the network bandwidth and on the receiving | |||
| entity's load. | entity's load. | |||
| The amplification effect of DEX may be worse in wide area networks in | ||||
| which there are multiple IOAM domains. For example, if DEX is used | ||||
| in IOAM domain 1 for exporting IOAM data to a receiving entity, then | ||||
| the exported packets of domain 1 can be forwarded through IOAM domain | ||||
| 2, in which they are subject to DEX. The exported packets of domain | ||||
| 2 may in turn be forwarded through another IOAM domain (or through | ||||
| domain 1), and theoretically this recursive amplification may | ||||
| continue infinitely. | ||||
| In order to mitigate the attacks described above, it should be | In order to mitigate the attacks described above, it should be | |||
| possible for IOAM-enabled devices to limit the exported IOAM data to | possible for IOAM-enabled devices to limit the exported IOAM data to | |||
| a configurable rate. | a configurable rate. | |||
| IOAM is assumed to be deployed in a restricted administrative domain, | IOAM is assumed to be deployed in a restricted administrative domain, | |||
| thus limiting the scope of the threats above and their affect. This | thus limiting the scope of the threats above and their affect. This | |||
| is a fundamental assumption with respect to the security aspects of | is a fundamental assumption with respect to the security aspects of | |||
| IOAM, as further discussed in [I-D.ietf-ippm-ioam-data]. | IOAM, as further discussed in [I-D.ietf-ippm-ioam-data]. | |||
| 7. References | 7. References | |||
| skipping to change at page 7, line 38 ¶ | skipping to change at page 8, line 4 ¶ | |||
| In order to mitigate the attacks described above, it should be | In order to mitigate the attacks described above, it should be | |||
| possible for IOAM-enabled devices to limit the exported IOAM data to | possible for IOAM-enabled devices to limit the exported IOAM data to | |||
| a configurable rate. | a configurable rate. | |||
| IOAM is assumed to be deployed in a restricted administrative domain, | IOAM is assumed to be deployed in a restricted administrative domain, | |||
| thus limiting the scope of the threats above and their affect. This | thus limiting the scope of the threats above and their affect. This | |||
| is a fundamental assumption with respect to the security aspects of | is a fundamental assumption with respect to the security aspects of | |||
| IOAM, as further discussed in [I-D.ietf-ippm-ioam-data]. | IOAM, as further discussed in [I-D.ietf-ippm-ioam-data]. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [I-D.ietf-ippm-ioam-data] | [I-D.ietf-ippm-ioam-data] | |||
| Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields | Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields | |||
| for In-situ OAM", draft-ietf-ippm-ioam-data-10 (work in | for In-situ OAM", draft-ietf-ippm-ioam-data-11 (work in | |||
| progress), July 2020. | progress), November 2020. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | ||||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | ||||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | ||||
| 7.2. Informative References | 7.2. Informative References | |||
| [I-D.ietf-ippm-ioam-flags] | [I-D.ietf-ippm-ioam-flags] | |||
| Mizrahi, T., Brockners, F., Bhandari, S., Sivakolundu, R., | Mizrahi, T., Brockners, F., Bhandari, S., Sivakolundu, R., | |||
| Pignataro, C., Kfir, A., Gafni, B., Spiegel, M., and J. | Pignataro, C., Kfir, A., Gafni, B., Spiegel, M., and J. | |||
| Lemon, "In-situ OAM Flags", draft-ietf-ippm-ioam-flags-03 | Lemon, "In-situ OAM Flags", draft-ietf-ippm-ioam-flags-03 | |||
| (work in progress), October 2020. | (work in progress), October 2020. | |||
| [I-D.song-ippm-postcard-based-telemetry] | [I-D.song-ippm-postcard-based-telemetry] | |||
| Song, H., Zhou, T., Li, Z., Mirsky, G., Shin, J., and K. | Song, H., Zhou, T., Li, Z., Mirsky, G., Shin, J., and K. | |||
| Lee, "Postcard-based On-Path Flow Data Telemetry using | Lee, "Postcard-based On-Path Flow Data Telemetry using | |||
| Packet Marking", draft-song-ippm-postcard-based- | Packet Marking", draft-song-ippm-postcard-based- | |||
| telemetry-08 (work in progress), October 2020. | telemetry-08 (work in progress), October 2020. | |||
| [I-D.spiegel-ippm-ioam-rawexport] | [I-D.spiegel-ippm-ioam-rawexport] | |||
| Spiegel, M., Brockners, F., Bhandari, S., and R. | Spiegel, M., Brockners, F., Bhandari, S., and R. | |||
| Sivakolundu, "In-situ OAM raw data export with IPFIX", | Sivakolundu, "In-situ OAM raw data export with IPFIX", | |||
| draft-spiegel-ippm-ioam-rawexport-03 (work in progress), | draft-spiegel-ippm-ioam-rawexport-04 (work in progress), | |||
| March 2020. | November 2020. | |||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | |||
| Writing an IANA Considerations Section in RFCs", BCP 26, | Writing an IANA Considerations Section in RFCs", BCP 26, | |||
| RFC 8126, DOI 10.17487/RFC8126, June 2017, | RFC 8126, DOI 10.17487/RFC8126, June 2017, | |||
| <https://www.rfc-editor.org/info/rfc8126>. | <https://www.rfc-editor.org/info/rfc8126>. | |||
| Appendix A. Hop Limit and Hop Count in Direct Exporting | Appendix A. Hop Limit and Hop Count in Direct Exporting | |||
| In order to help correlate and order the exported packets, it is | In order to help correlate and order the exported packets, it is | |||
| possible to include the Hop_Lim/Node_ID data field in exported | possible to include the Hop_Lim/Node_ID data field in exported | |||
| skipping to change at page 9, line 27 ¶ | skipping to change at page 9, line 44 ¶ | |||
| Haoyu Song | Haoyu Song | |||
| Futurewei | Futurewei | |||
| 2330 Central Expressway | 2330 Central Expressway | |||
| Santa Clara 95050 | Santa Clara 95050 | |||
| USA | USA | |||
| Email: haoyu.song@huawei.com | Email: haoyu.song@huawei.com | |||
| Barak Gafni | Barak Gafni | |||
| Mellanox Technologies, Inc. | Nvidia | |||
| 350 Oakmead Parkway, Suite 100 | 350 Oakmead Parkway, Suite 100 | |||
| Sunnyvale, CA 94085 | Sunnyvale, CA 94085 | |||
| U.S.A. | U.S.A. | |||
| Email: gbarak@mellanox.com | Email: gbarak@nvidia.com | |||
| Tianran Zhou | Tianran Zhou | |||
| Huawei | Huawei | |||
| 156 Beiqing Rd. | 156 Beiqing Rd. | |||
| Beijing 100095 | Beijing 100095 | |||
| China | China | |||
| Email: zhoutianran@huawei.com | Email: zhoutianran@huawei.com | |||
| Zhenbin Li | Zhenbin Li | |||
| Huawei | Huawei | |||
| skipping to change at page 10, line 4 ¶ | skipping to change at page 10, line 19 ¶ | |||
| Email: zhoutianran@huawei.com | Email: zhoutianran@huawei.com | |||
| Zhenbin Li | Zhenbin Li | |||
| Huawei | Huawei | |||
| 156 Beiqing Rd. | 156 Beiqing Rd. | |||
| Beijing 100095 | Beijing 100095 | |||
| China | China | |||
| Email: lizhenbin@huawei.com | Email: lizhenbin@huawei.com | |||
| Frank Brockners | Frank Brockners | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| Hansaallee 249, 3rd Floor | Hansaallee 249, 3rd Floor | |||
| DUESSELDORF, NORDRHEIN-WESTFALEN 40549 | DUESSELDORF, NORDRHEIN-WESTFALEN 40549 | |||
| Germany | Germany | |||
| Email: fbrockne@cisco.com | Email: fbrockne@cisco.com | |||
| Shwetha Bhandari | Shwetha Bhandari (editor) | |||
| Cisco Systems, Inc. | Thoughtspot | |||
| Cessna Business Park, Sarjapura Marathalli Outer Ring Road | 3rd Floor, Indiqube Orion, 24th Main Rd, Garden Layout, HSR Layout | |||
| Bangalore, KARNATAKA 560 087 | Bangalore, KARNATAKA 560 102 | |||
| India | India | |||
| Email: shwethab@cisco.com | Email: shwetha.bhandari@thoughtspot.com | |||
| Ramesh Sivakolundu | Ramesh Sivakolundu | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| 170 West Tasman Dr. | 170 West Tasman Dr. | |||
| SAN JOSE, CA 95134 | SAN JOSE, CA 95134 | |||
| U.S.A. | U.S.A. | |||
| Email: sramesh@cisco.com | Email: sramesh@cisco.com | |||
| Tal Mizrahi (editor) | Tal Mizrahi (editor) | |||
| Huawei Smart Platforms iLab | Huawei | |||
| 8-2 Matam | 8-2 Matam | |||
| Haifa 3190501 | Haifa 3190501 | |||
| Israel | Israel | |||
| Email: tal.mizrahi.phd@gmail.com | Email: tal.mizrahi.phd@gmail.com | |||
| End of changes. 20 change blocks. | ||||
| 25 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||