idnits 2.17.1 draft-aldrin-sfc-oam-framework-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 2 longer pages, the longest (page 3) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 12 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 23, 2015) is 3199 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'I-D.ietf-sfc-archiecture' is mentioned on line 78, but not defined == Unused Reference: 'I-D.ietf-sfc-architecture' is defined on line 479, but no explicit reference was found in the text == Outdated reference: A later version (-13) exists of draft-ietf-sfc-problem-statement-10 == Outdated reference: A later version (-11) exists of draft-ietf-sfc-architecture-09 Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Engineering Task Force S. Aldrin 2 Internet-Draft Google 3 Intended status: Informational R. Krishnan 4 Expires: January 22, 2016 Dell 5 N. Akiya 6 Big Switch 7 C. Pignataro 8 Cisco Systems 9 A. Ghanwani 10 Dell 11 July 23, 2015 13 Service Function Chaining 14 Operation, Administration and Maintenance Framework 15 draft-aldrin-sfc-oam-framework-02 17 Abstract 19 This document provides reference framework for Operations, 20 Administration and Maintenance (OAM) for Service Function 21 Chaining (SFC). 23 Requirements Language 25 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 26 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 27 document are to be interpreted as described in RFC 2119 [RFC2119]. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on January 2016. 46 Copyright Notice 48 Copyright (c) 2014 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction 65 Service Function Chaining (SFC) enables the creation of composite 66 services that consist of an ordered set of Service Functions (SF) 67 that are be applied to packets and/or frames selected as a result of 68 classification. SFC is a concept that provides 69 for more than just the application of an ordered set of SFs to 70 selected traffic; rather, it describes a method for deploying SFs in 71 a way that enables dynamic ordering and topological independence of 72 those SFs as well as the exchange of metadata between participating 73 entities. The foundations of SFC are described in the following 74 documents: 76 o SFC problem statement [I-D.ietf-sfc-problem-statement] 78 o SFC architecture [I-D.ietf-sfc-archiecture] 80 The reader is assumed to familiar with the material in these drafts. 82 This document provides reference framework for Operations, 83 Administration and Maintenance (OAM, [RFC6291]) of SFC. 84 Specifically, this document provides: 86 o In Section 2, an SFC layering model; 88 o In Section 3, aspects monitored by SFC OAM; 90 o In Section 4, functional requirements for SFC OAM; 92 o In Section 5, a gap analysis for SFC OAM. 94 1.1. Document Scope 96 The focus of this document is to provide an architectural framework 97 for SFC OAM, particularly focused on the aspect of the Operations 98 component within OAM. Actual solutions and mechanisms are outside 99 the scope of this document. 101 2. SFC Layering Model 103 Multiple layers come into play for implementing the SFC. These 104 include the service layer at which SFC operates and the underlying 105 Network, Transport, Link, etc., layers. 107 o The service layer, refered to as the "Service Layer" in Figure 1, 108 consists of classifiers and SFs, and uses the 109 transport network, which could be an overlay network, from a 110 classifier to SF and from one SF to the next. 112 o The network overlay transport layer, refer to as the "Network", 113 "Transport" and layers below in Figure 1, extends between the 114 various SFs and is mostly transparent to the SFs themselves. It 115 can leverage various overlay network technologies 116 interconnecting SFs and allows establishment of 117 service function paths (SFPs). 119 o The link layer, refer to as the "Link" in Figure 1, is dependent 120 upon the physical technology used. Ethernet is a popular choice 121 for this layer, but other alternatives are deployed (e.g. POS, 122 DWDM, etc.). 124 o----------------------Service Layer----------------------o 126 +------+ +---+ +---+ +---+ +---+ +---+ +---+ +---+ 127 |Classi|---|SF1|---|SF2|---|SF3|---|SF4|---|SF5|---|SF6|---|SF7| 128 |fier | +---+ +---+ +---+ +---+ +---+ +---+ +---+ 129 +------+ 130 o-N/W Elem 1----o o-N/w Elem 2-o o-N/W Elem 3-o 132 o-----------------o-------------------o---------------o Network 134 o-----------------o-----------------------------------o Transport 136 o--------o--------o--------o--------o--------o--------o Link 138 Figure 1: SFC Layering Example 140 3. Aspects Monitored by SFC OAM? 142 SFC operates at the service layer. For the purpose of defining 143 the OAM framework, the following aspects of the SFC must be capable of 144 monitored. 146 1. Service function: 148 SFs may be SFC-aware or SFC-unaware. An SFC-aware SF is one that 149 understands the SFC encapsulation has the SFF component co-resident with 150 the SF sub-component . An SFC-unware SF is one that does not understand 151 the SFC encapsulation (i.e. a legacy SF) and has to be accessed via an 152 separate SFF and potentially an SFC proxy function. 154 In both cases, an SF is accessed through an SFF in the SFC 155 architecture. SFC OAM must be able to monitor the SFF associated 156 with a given SF. 158 2. Service function path: 160 The SFP comprises a set of SFs that may be ordered or unordered. 161 SFC OAM must be capable of monitoring the SFP and the rendered 162 service path (RSP) that may be used by specific packets. 164 3. Classifier: 166 The classifier determines which packets are mapped to an SFP. 167 SFC OAM must be able to monitor the operation of the classifiers. 169 The figure below illustrates the various aspects monitored by SFC OAM. 171 +-SFC +-SFC OAM 172 | OAM | 173 | | _________________________________________ 174 | \ /\ Service Function Chain \ 175 | +------+ \/ \ +---+ +---+ +---+ +---+ +---+ \ 176 +----> |Classi|...(+-> ) |SF1|---|SF2|---|SF4|---|SF6|---|SF7| ) 177 |fier | \ / +-^-+ +---+ +-|-+ +-^-+ +---+ / 178 +----|-+ \/_____|_______________|_______|_________ / 179 | | +-SFCOAM+ 180 +----SFCOAM----+ +---+ +---+ 181 +SFCOAM>|SF3| |SF5| 182 | +-^-+ +-^-+ 183 +------|---+ | | 184 |Controller| +-SFCOAM+ 185 +----------+ 186 Service Function OAM (SFCOAM) 188 Figure 2: Aspects monitored by SFC OAM 190 3.1. Operation and Performance of SFs 192 3.1.1. Monitoring SF Operation 194 One SFC OAM requirement for the SF component is to 195 allow an SFC aware network device to monitor a 196 specific SF. This is accomplished by monitoring the SFF that 197 the SF is attached to. 199 A generalized way to monitor the operation of an SF is beyond the scope 200 of SFC OAM, because the functions provided by the SF are not covered by 201 SFC. SFs typically provide their own tools for monitoring. 203 An optional capability may be provided for an SFF to monitor the 204 operation of its attached SFs and report that on behalf of the SFs. 206 3.1.2. Service Function Performance Measurement 208 A second SFC OAM requirement for SF is to 209 allow an SFC aware network device to check the loss and delay to a 210 specific SF, located on the same or different network 211 devices. 213 3.2. Operation and Performance of SFPs 214 3.2.1. Monitoring SFP Operation 216 SFC OAM must be capable of monitoring one or more SFPs or RSPs that are 217 used to realize the SFC and reporting on connectivity and providing fault 218 isolation. 220 In order to perform service connectivity verification of an SFP, the 221 OAM tools could be initiated from any SFC-aware network device for 222 end-to-end paths, or partial paths terminating on a specific SF, within 223 the SFP. This OAM function is to ensure the SF's chained together has 224 connectivity as it was intended to when SFP was established. 225 Necessary return code(s) should be defined to be sent back in the 226 response to OAM packet, in order to qualify the verification. 228 When ECMP exists at the service layer on a given SFC (e.g. multiple 229 SFPs, or multiple RSPs), there must be an ability to discover and 230 traverse all available paths. 232 3.2.2. Service Function Chain Performance Measurement 234 The ingress of the SFC or an SFC-aware network 235 device must have an ability to perform loss and delay measurements 236 over the SFC as a unit (i.e. end-to-end) or to a 237 specific SF through the SFC. 239 3.3. Monitoring the Classifier 241 A classifier defines a flow and maps incoming traffic to a specific 242 SFC, and it is vital that the classifier is correctly defined and 243 functioning. SFC OAM must be able to test the definition of 244 flows and the mapping functionality to expected SFCs. 246 4. SFC OAM Functions 248 Section 3 described the various aspects monitored by SFC OAM. This 249 section explores the same from the OAM functionality 250 point of view, which many will be applicable to multiple SFC 251 components. 253 Various SFC OAM requirements provides the need for various OAM 254 functions at different layers. Many of the OAM functions at 255 different layers are already defined and in existence. In order to 256 support SFC and SF's, these functions have to be enhanced to operate 257 a single SF to multiple SF's in an SFC and also multiple SFC's. 259 4.1. Connectivity Functions 261 Connectivity is mainly an on-demand function to verify that the 262 connectivity exists between network elements and that the SFs are 263 operational. Ping is a common tool used to perform 264 this function. OAM messages should be encapsulated with necessary 265 SFC header and with OAM markings when testing the SFC component. OAM 266 messages MAY be encapsulated with necessary SFC 267 header and with OAM markings when testing the SF 268 component. Some of the OAM functions performed by connectivity 269 functions are as follows: 271 o Verify the MTU size from a source to the destination SF or through 272 the SFC. This requires the ability for OAM packet to take 273 variable length packet size. 275 o Verify the packet re-ordering and corruption. 277 o Verify the policy of an SFC or SF using OAM packet. 279 o Verification and validating forwarding paths. 281 o Proactively test alternate or protected paths to ensure 282 reliability of network configurations. 284 4.2. Continuity Functions 286 Continuity is a model where OAM messages are sent periodically to 287 validate or verify the reachability to a given SF or through a given 288 SFC. This allows the operator to monitor the network device and to 289 quickly detect failures such as link failures, network failures, 290 SF outages or SFC outages. BFD is one such function which helps 291 in detecting failures quickly. OAM functions supported by continuity 292 check are as follows: 294 o Ability to provision continuity check to a given SF or through a 295 given SFC. 297 o Notifying the failure upon failure detection for other OAM 298 functions to take appropriate action. 300 4.3. Trace Functions 302 Tracing is an important OAM function that allows the operation to 303 trigger an action (ex: response generation) from every transit device 304 on the tested layer. This function is typically useful to gather 305 information from every transit devices or to isolate the failure 306 point towards an SF or through an SFC. Mechanisms must be provided so 307 that the SFC OAM messages may be sent along the same path that a 308 given data packet would follow. Some of the OAM functions supported 309 by trace functions are: 311 o Ability to trigger action from every transit device on the tested 312 layer towards an SF or through an SFC, using TTL or other means. 314 o Ability to trigger every transit device to generate response with 315 OAM code(s) on the tested layer towards an SF or through an SFC, 316 using TTL or other means. 318 o Ability to discover and traverse ECMP paths within an SFC. 320 o Ability to skip un-supported SF's while tracing SF's in an SFC. 322 4.4. Performance Measurement Function 324 Performance management functions involve measuring of packet loss, 325 delay, delay variance, etc. These measurements could be measured 326 pro-actively and on-demand. 328 SFC OAM should provide the ability to test the packet loss 329 for an SFC. In an SFC, there are various SF's chained together. 331 Measuring packet loss is very important function. Using on-demand 332 function, the packet loss could be measured using statistical means. 333 Using OAM packets, the approximation of packet loss for a given SFC 334 could be measured. 336 Delay within an SFC could be measured from the time it takes for a 337 packet to traverse the SFC from ingress SF to egress SF. As the 338 SFC's are generally unidirectional in nature, measurement of one-way 339 delay is important. In order to measure one-way delay, the clocks 340 have to be synchronized using NTP, GPS, etc. 342 Delay variance could also be measured by sending OAM packets and 343 measuring the jitter between the packets passing through the SFC. 345 Some of the OAM functions supported by the performance measurement 346 functions are: 348 o Ability to measure the packet processing delay of a service 349 function or a service function path along an SFC. 351 o Ability to measure the packet loss of a service function or a 352 service function path along an SFC. 354 5. Gap Analysis 356 This Section identifies various OAM functions available at different 357 levels. It will also identify various gaps 358 within the existing toolset, to perform OAM function on an SFC. 360 5.1. Existing OAM Functions 362 There are various OAM tool sets available to perform OAM function and 363 network layer, protocol layers and link layers. These OAM functions 364 could validate some of the network overlay transport. Tools like 365 ping and trace are in existence to perform connectivity check and 366 tracing intermediate hops in a network. These tools support 367 different network types like IP, MPLS, TRILL etc. There is also an 368 effort to extend the tool set to provide connectivity and continuity 369 checks within overlay networks. BFD is another tool which helps in 370 detection of data forwarding failures. 372 Table 1: OAM Tool GAP Analysis 374 +----------------+--------------+-------------+--------+------------+ 375 | Layer | Connectivity | Continuity | Trace | Performance| 376 +----------------+--------------+-------------+--------+------------+ 377 | N/W Overlay | Ping | BFD, NVo3 | Trace | IPPM | 378 +----------------+--------------+-------------+--------+------------+ 379 | SF | None + None + None + None | 380 +----------------+--------------+-------------+--------+------------+ 381 | SFC | None + None + None + None | 382 +----------------+--------------+-------------+--------+------------+ 384 5.2. Missing OAM Functions 386 As shown in Table 1, OAM functions for SFC are not yet standardized. 387 Hence, there are no standards-based tools available to monitor the 388 various components identified in Section 3. 390 5.3. Required OAM Functions 392 Primary OAM functions exist for network, transport, link and other 393 layers. Tools like ping, trace, BFD, etc., exist in order to perform 394 these OAM functions. Configuration, orchestration and manageability 395 of SF and SFC could be performed using CLI, Netconf etc. 397 For configuration, manageability and orchestration, providing data 398 and information models for SFC is very much essential. With 399 virtualized SF and SFC, manageability of these functions has to be 400 done programmatically. 402 SFC OAM must provide tools that operate through various types of 403 SFs including: 405 o Transparent SFs: These SFs typically do not make any 406 modifications to the packet. In such cases, the SFF may be able 407 to process OAM messages. 409 o SFs that modify the packet: These SFs modify packet 410 fields. Certain SFs may modify only the headers 411 corresponding to the network over which it is transported, e.g. 412 the MAC headers or overlay headers. In other cases, the IP header 413 of the application's packet may be modified, e.g. NAT. In yet 414 other cases, the application session itself may be terminated and 415 a new session initiated, e.g. a load balancer that offers HTTPS 416 termination. 418 6. Open Issues 420 - Add more details on performance measurement. 422 - Call out which OAM functions can be achieved by protocol design vs 423 requiring synthetic traffic. 425 7. Security Considerations 427 SFC OAM must provide mechanisms for: 429 o Preventing usage of OAM channel for DDOS attacks. 431 o Preventing leakage of OAM packets meant for a given SFC beyond 432 that SFC. 434 o Preventing leakage of information about an sFC beyond its 435 administrative domain. 437 7. IANA Considerations 439 No action is required by IANA for this document. 441 8. Acknowledgements 443 TBD 445 9. Contributing Authors 447 Pedro A. Aranda Gutierrez 448 Telefonica I+D 449 Email: pedroa.aranda@tid.es 451 Diego Lopez 452 Telefonica I+D 453 Email: diego@tid.es 455 Joel Halpern 456 Ericsson 457 Email: joel.halpern@ericsson.com 459 Sriganesh Kini 460 Ericsson 461 Email: sriganesh.kini@ericsson.com 463 Andy Reid 464 BT 465 Email: andy.bd.reid@bt.com 467 10. References 469 10.1. Normative References 471 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 472 Requirement Levels", BCP 14, RFC 2119, March 1997. 474 [I-D.ietf-sfc-problem-statement] 475 Quinn, P. and T. Nadeau, "Service Function Chaining 476 Problem Statement", draft-ietf-sfc-problem-statement-10 477 (work in progress), August 2014. 479 [I-D.ietf-sfc-architecture] 480 Halpern J. and C. Pignataro, "Service Function Chaining 481 (SFC) Architecture", draft-ietf-sfc-architecture-09 482 (work in progress), June 2015. 484 10.2. Informative References 486 [RFC6291] Andersson, L., van Helvoort, H., Bonica, R., Romascanu, 487 D., and S. Mansfield, "Guidelines for the Use of the "OAM" 488 Acronym in the IETF", BCP 161, RFC 6291, June 2011. 490 Authors' Addresses 492 Sam K. Aldrin 493 Google 494 Email: aldrin.ietf@gmail.com 496 Ram Krishnan 497 Dell 498 Email: ramkri123@gmail.com 500 Nobo Akiya 501 Big Switch 502 Email: nobo.akiya.dev@gmail.com 504 Carlos Pignataro 505 Cisco Systems 506 Email: cpignata@cisco.com 508 Anoop Ghanwani 509 Dell 510 Email: anoop@alumni.duke.edu