idnits 2.17.1 draft-ali-spring-sr-service-programming-oam-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 2 longer pages, the longest (page 4) being 75 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 13 instances of too long lines in the document, the longest one being 9 characters in excess of 72. == There are 6 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 15, 2021) is 957 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I-D.draft-ietf-6man-spring-srv6-oam' is mentioned on line 392, but not defined == Unused Reference: 'I-D.ietf-6man-segment-routing-header' is defined on line 416, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-6man-spring-srv6-oam' is defined on line 422, but no explicit reference was found in the text == Unused Reference: 'RFC0792' is defined on line 442, but no explicit reference was found in the text == Unused Reference: 'RFC4443' is defined on line 451, but no explicit reference was found in the text == Unused Reference: 'RFC4884' is defined on line 457, but no explicit reference was found in the text == Unused Reference: 'RFC7665' is defined on line 462, but no explicit reference was found in the text == Outdated reference: A later version (-13) exists of draft-ietf-6man-spring-srv6-oam-08 == Outdated reference: A later version (-09) exists of draft-ietf-spring-sr-service-programming-03 ** Downref: Normative reference to an Informational RFC: RFC 7665 Summary: 2 errors (**), 0 flaws (~~), 12 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 spring Z. Ali 3 Internet-Draft C. Filsfils 4 Intended status: Standards Track N. Nainar 5 Expires: February 15, 2022 C. Pignataro 6 F. Clad 7 Cisco Systems, Inc. 8 F. Iqbal 9 Arista Networks 10 X. Xu 11 Alibaba 12 August 15, 2021 14 OAM for Service Programming with Segment Routing 15 draft-ali-spring-sr-service-programming-oam-04 17 Abstract 19 This document defines the Operations, Administrations and Maintenance 20 (OAM) for service programming in SR-enabled MPLS and IP networks. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on February 15, 2022. 39 Copyright Notice 41 Copyright (c) 2021 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Requirements notation . . . . . . . . . . . . . . . . . . . . 2 58 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 4. Document Scope . . . . . . . . . . . . . . . . . . . . . . . 3 60 5. OAM for Service Programming . . . . . . . . . . . . . . . . 3 61 5.1. Service Programming OAM Packet Processing . . . . . . . . 3 62 5.2. Service Programming OAM in SRv6 Data Plane . . . . . . . 3 63 5.2.1. OAM with SR-aware services . . . . . . . . . . . . . 4 64 5.2.2. OAM with SR-unaware services . . . . . . . . . . . . 4 65 5.3. Service Programming OAM in SR-MPLS Data Plane . . . . . . 5 66 5.4. Controlling OAM packet processing in Services . . . . . . 5 67 6. Illustration . . . . . . . . . . . . . . . . . . . . . . . . 5 68 6.1. SRv6 Dataplane . . . . . . . . . . . . . . . . . . . . . 5 69 6.1.1. Pinging SR Service Policy . . . . . . . . . . . . . . 6 70 6.1.2. Pinging a Service SID . . . . . . . . . . . . . . . . 7 71 6.1.3. Tracing a SR Service Policy . . . . . . . . . . . . . 7 72 6.2. SR-MPLS Dataplane . . . . . . . . . . . . . . . . . . . . 8 73 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 74 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 75 9. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 8 76 10. Normative References . . . . . . . . . . . . . . . . . . . . 8 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 79 1. Introduction 81 [I-D.ietf-spring-sr-service-programming] defines data plane 82 functionality required to implement service segments and achieve 83 service programming in SR-enabled MPLS and IP networks, as described 84 in the Segment Routing architecture. This document defines the 85 Operations, Administrations and Maintenance (OAM) for service 86 programming in SR-enabled MPLS and IP networks. 88 2. Requirements notation 90 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 91 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 92 document are to be interpreted as described in [RFC2119]. 94 3. Terminology 96 This document uses the terminologies defined in [RFC8402], 97 [I-D.ietf-spring-srv6-network-programming] 98 [I-D.ietf-spring-sr-service-programming] and so the readers are 99 expected to be familiar with the same. 101 4. Document Scope 103 The initial focus of this document to define and document the 104 machinery required to apply OAM mechanisms on SRv6 based service 105 programming. 107 Future version of this document will include the required details to 108 apply OAM mechanism on other data planes. 110 5. OAM for Service Programming 112 Section 4 of [I-D.ietf-spring-sr-service-programming] introduces 113 Service segments and the procedure of service programming when the 114 services are SR-aware and SR-unaware. By integrating the OAM 115 functionality in the services, versatile OAM tool kits can be used to 116 execute programmable OAM for service programming with Segment 117 Routing. 119 This section describes the procedure to perform basic OAM mechanisms 120 such as ping and path tracing to Service Programming 121 environment in Segment Routing network. 123 5.1. Service Programming OAM Packet Processing 125 Any services upon receiving OAM packet may apply the service 126 treatment if it cannot differentiate the OAM packet from normal data 127 packet. Depending on the service type, service treatment on OAM 128 packet may result in dropping the OAM probe packet that may cause 129 uncertainty in OAM mechanism. 131 The pseudo code for the service function SIDs in 132 [I-D.ietf-spring-sr-service-programming] has been defined to avoid 133 such uncertainty, as explained in the following subsections. 135 5.2. Service Programming OAM in SRv6 Data Plane 137 When the service programming is applied in an SRv6 network, the 138 Upper-layer header type is typically set to ICMPv6 or UDP to differentiate the 139 OAM packet from the data packets. 141 5.2.1. OAM with SR-aware services 143 As defined in section 4.1 of 144 [I-D.ietf-spring-sr-service-programming], an SR-aware service can 145 process the SR information in the packet header such as performing 146 lookup or executing the next segment, processing the upper layer 147 header, etc. 149 An SR-aware service SHOULD skip applying the service on the OAM. 150 As defined in section 9, a local policy may be used to control any 151 malicious use of OAM marker. 153 An SR-aware service follows the procedure defined in the 154 [I-D.draft-ietf-6man-spring-srv6-oam] to implement ping and trace-route 155 to a SR-aware SID and additional OAM mechanisms including the support 156 for the OAM flag (O-flag). 158 5.2.2. OAM with SR-unaware services 160 As defined in section 4.2 of 161 [I-D.ietf-spring-sr-service-programming], an SR-unaware service may 162 be a legacy service that is not able to process the SR information in 163 the packet header. SR Proxy, an entity that is external to the 164 service is used to handle the SR information processing on behalf of 165 the service. SR Proxy will remove the SR header before forwarding 166 the packet to SR-unaware services to avoid any erroneous decision due 167 to the presence of SR header that the service cannot recognize. 169 The SRv6 pseudocode for SR Proxy defined in Sections 6.1.2.1, 6.1.2.2 170 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming] handles the 171 OAM packets as explained in the following. 173 - Case 1: The service service programming segment is a transit segment. 174 In this case, if the Upper-layer header does not match Ethernet, 175 IPv4 or IPv6, the service function is skipped and packet is 176 resubmitted to the IPv6 module for transmission to the new destination 177 in the header (towards the next SRv6 segment). 179 Please refer to the following lines of SRv6 pseudocode for SR Proxy 180 defined in Sections 6.1.2.1, 6.1.2.2 181 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming], respectively. 183 In case of Static Proxy for Inner Type Ethernet: 184 S15. If (Upper-layer header type != 143 (Ethernet)) { 185 S16. Resubmit the packet to the IPv6 module for transmission to 186 the new destination. 187 S17. } 189 In case of Static Proxy for Inner Type IPv4: 190 S15. If (Upper-layer header type != 4 (IPv4)) { 191 S16. Resubmit the packet to the IPv6 module for transmission to 192 the new destination. 193 S17. } 195 In case of Static Proxy for Inner Type IPv6: 196 S15. If (Upper-layer header type != 41 (IPv6)) { 197 S16. Resubmit the packet to the IPv6 module for transmission to 198 the new destination. 199 S17. } 201 - Case 2: The service service programming segment is the ultimate segment. 202 This is the case of OAM operations are targetted to a service programming 203 SID (e.g., Ping and Trace-route to a service programming SID). 204 In this case, as part of the Upper-layer header 205 processing, the SR proxy processes to OAM payload, skips applying the 206 service on the OAM packet and responds to the OAM message, accordingly. 208 Please refer to the following lines of SRv6 pseudocode for SR Proxy 209 defined in Sections 6.1.2.1, 6.1.2.2 210 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming], respectively. 212 In case of Static Proxy for Inner Type Ethernet: 213 When processing the Upper-layer header of a packet matching a FIB 214 entry locally instantiated as an SRv6 static proxy SID for Ethernet 215 traffic, the following pseudocode is executed. 217 S01. If (Upper-layer header type != 143 (Ethernet)) { 218 S02. Process as per [I-D.ietf-spring-srv6-network-programming] 219 Section 4.1.1 220 S03. } 222 In case of Static Proxy for Inner Type IPv4: 223 When processing the Upper-layer header of a packet matching a FIB 224 entry locally instantiated as an SRv6 static proxy SID for IPv4 225 traffic, the following pseudocode is executed. 226 S01. If (Upper-layer header type != 4 (IPv4)) { 227 S02. Process as per [I-D.ietf-spring-srv6-network-programming] 228 Section 4.1.1 229 S03. } 231 In case of Static Proxy for Inner Type IPv6: 232 When processing the Upper-layer header of a packet matching a FIB 233 entry locally instantiated as an SRv6 static proxy SID for IPv6 234 traffic, the following pseudocode is executed. 235 S01. If (Upper-layer header type != 41 (IPv6)) { 236 S02. Process as per [I-D.ietf-spring-srv6-network-programming] 237 Section 4.1.1 238 S03. } 240 5.3. Service Programming OAM in SR-MPLS Data Plane 242 This section will be updated later. 244 5.4. Controlling OAM packet processing in Services 246 As mentioned in the above sections, SR-aware service or the SR proxy 247 can use the Upper-layer header to differentiate the OAM packet from 248 data packet to skip the service treatment. To avoid any intentional 249 or unintentional use of OAM, a local policy SHOULD be used in the SR- 250 aware service or SR Proxy to rate limit the incoming OAM packets. 252 6. Illustration 254 This section illustrates how the existing OAM tools can be used to 255 perform the connectivity check or path tracing of SR Service 256 Policies. 258 6.1. SRv6 Dataplane 260 This section illustrates how ICMPv6 can be used to ping or trace SR 261 service policies in an SRv6 network using the below example topology. 263 +-----------------------------------------------------+ 264 | | 265 | +---------+ | 266 | | S2 | | 267 | |(service)| | 268 | +---------+ | 269 | | | | 270 +----+----+ ---> +---------+ ---> +---------+ +----+-----+ 271 | H +--------+ S1 +--------+ SR +----+| E | 272 |(headend)| |(service)| | Proxy | |(endpoint)| 273 +----+----+ +---------+ +---------+ +----+-----+ 274 | | 275 | SRv6 Network | 276 +-----------------------------------------------------+ 277 Figure 2. SR Service Policies in SRv6 Network 279 6.1.1. Pinging SR Service Policy 281 The user interested to ping the SR service policy shown in Figure 2 282 will trigger the ICMPv6 echo request from the headend H with 283 IP6(H,S1)(SRH) and the upper layer header set to ICMPv6. The probe 284 will be processed along the path as below: 286 +-----------------------------------------------------+ 287 | | 288 | +---------+ | 289 | | S2 | | 290 | |(service)| | 291 | +---------+ | 292 | | | | 293 +----+----+ ---> +---------+ ---> +---------+ +----+-----+ 294 | H +--------+ S1 +--------+ SR +----+| E | 295 |(headend)| |(service)| | Proxy | |(endpoint)| 296 +----+----+ +---------+ +---------+ +----+-----+ 297 | | 298 +---------+ +---------+ +---------+ | 299 | |IP6(H,S1)| |IP6(H, S)| |IP6(H,E.)| | 300 | +---------+ +---------+ +---------+ | 301 | |SRH(E,..,| |SRH(E,..,| |SRH(E,..,| | 302 | | S2,..;| | S2,..;| | S2,..;| | 303 | | S1,..;| | S1,..;| | S1,..;| | 304 | | SL=i)| | SL=j)| | SL=k)| | 305 | +---------+ +---------+ +---------+ | 306 | | ICMPv6 | | ICMPv6 | | ICMPv6 | | 307 | +---------+ +---------+ +---------+ | 308 | SRv6 Network | 309 +-----------------------------------------------------+ 310 Figure 3. Ping to SR Service Policies in SRv6 Network 312 S1 (SR-aware service) will apply END function and follow the steps 313 defined in [I-D.draft-ietf-6man-spring-srv6-oam]. 314 The Upper-layer header matches ICMPv6 but 315 the Segment Left is not 0 and so the packet will be forwarded to 316 the next destination S2. Service function is skipped due to ICMPv6 317 payload. 319 SR Proxy upon receiving the packet will match the local proxy SID 320 and follow the steps defined in Sections 6.1.2.1, 6.1.2.2 321 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming]. 322 The Upper-layer header 323 does not match Ethernet, IPv4 or IPv6 and so resubmit the packet 324 to the IPv6 module for transmission to the next destination E 325 and service function is skipped. 327 The endpoint E will process the upper-layer header and reply back 328 to the initiator node H. 330 6.1.2. Pinging a Service SID 332 The user interested to ping a specific service SID SR service policy 333 shown in Figure 4 will trigger the ICMPv6 echo request from the 334 headend H with IP6(H,S1) and the upper layer header set to 335 ICMPv6. The probe will be processed along the path as below: 337 +-----------------------------------------------------+ 338 | | 339 | +---------+ | 340 | | S2 | | 341 | |(service)| | 342 | +---------+ | 343 | | | | 344 +----+----+ ---> +---------+ ---> +---------+ +----+-----+ 345 | H +--------+ S1 +--------+ SR +----+| E | 346 |(headend)| |(service)| | Proxy | |(endpoint)| 347 +----+----+ +---------+ +---------+ +----+-----+ 348 | | 349 +---------+ | 350 | |IP6(H,S1)| | 351 | +---------+ | 352 | | ICMPv6 | | 353 | +---------+ | 354 | SRv6 Network | 355 +-----------------------------------------------------+ 356 Figure 4. Ping to specific Service SID in SRv6 Network 358 S1 (SR-aware service) will follow the steps 359 defined in [I-D.draft-ietf-6man-spring-srv6-oam]. Specifically, 360 the service processes the ICMPv6 message and respond to the source, 361 accordingly. 363 S2 (SR-Unaware Service): The SR Proxy upon receiving the packet will 364 match the local proxy SID 365 and follow the steps defined in Sections 6.1.2.1, 6.1.2.2 366 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming]. 367 When processing the Upper-layer header of a packet matching a FIB 368 entry locally instantiated SID, the proxy process the ICMPv6 payload 369 and respond to it, accordingly. 371 6.1.3. Tracing a SR Service Policy 373 The user interested to trace the SR service policy shown in Figure 2 374 will trigger the ICMPv6 echo request from the headend H with 375 IPv6(H,S1)(SRH), set the upper layer header set to ICMPv6 and the TTL 376 to 1 and increment the same in the subsequent packets. The probe 377 will be processed along the path as below: 379 The first probe sent from H will reach S1 (SR-aware service) with 380 Hop Limit of 1. S1 will process TTL expiry as described in 381 [I-D.draft-ietf-6man-spring-srv6-oam] and sends 382 an ICMP Time Exceeded message to H with Code 0. 384 The second probe sent from H will reach S2 (SR Proxy) with Hop 385 Limit of 1. SR Proxy will process as defined in the step S05 in 386 Sections 6.1.2.1, 6.1.2.2 387 and 6.1.2.3 of [I-D.ietf-spring-sr-service-programming] and sends 388 an ICMP Time Exceeded message to H with Code 0. 390 The third probe sent from H will reach E with Hop Limit of 1. E 391 processes TTL expiry as described in 392 [I-D.draft-ietf-6man-spring-srv6-oam] and send an ICMP Time 393 Exceeded message to H with Code 0. 395 6.2. SR-MPLS Dataplane 397 To be Updated. 399 7. IANA Considerations 401 None. 403 8. Security Considerations 405 A local policy may be used to control any malicious use of OAM 406 marker. More details are to be added in a future revision of the 407 document. 409 9. Acknowledgement 411 Authors would like to thank Bruno Decraene for review and useful 412 comments. 414 10. Normative References 416 [I-D.ietf-6man-segment-routing-header] 417 Filsfils, C., Dukes, D., Previdi, S., Leddy, J., 418 Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header 419 (SRH)", draft-ietf-6man-segment-routing-header-26 (work in 420 progress), October 2019. 422 [I-D.ietf-6man-spring-srv6-oam] 423 Ali, Z., Filsfils, C., Matsushima, S., Voyer, D., and M. 424 Chen, "Operations, Administration, and Maintenance (OAM) 425 in Segment Routing Networks with IPv6 Data plane (SRv6)", 426 draft-ietf-6man-spring-srv6-oam-08 (work in progress), 427 October 2020. 429 [I-D.ietf-spring-sr-service-programming] 430 Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, 431 d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., 432 Henderickx, W., and S. Salsano, "Service Programming with 433 Segment Routing", draft-ietf-spring-sr-service- 434 programming-03 (work in progress), September 2020. 436 [I-D.ietf-spring-srv6-network-programming] 437 Filsfils, C., Camarillo, P., Leddy, J., Voyer, D., 438 Matsushima, S., and Z. Li, "SRv6 Network Programming", 439 draft-ietf-spring-srv6-network-programming-28 (work in 440 progress), December 2020. 442 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 443 RFC 792, DOI 10.17487/RFC0792, September 1981, 444 . 446 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 447 Requirement Levels", BCP 14, RFC 2119, 448 DOI 10.17487/RFC2119, March 1997, 449 . 451 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 452 Control Message Protocol (ICMPv6) for the Internet 453 Protocol Version 6 (IPv6) Specification", STD 89, 454 RFC 4443, DOI 10.17487/RFC4443, March 2006, 455 . 457 [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, 458 "Extended ICMP to Support Multi-Part Messages", RFC 4884, 459 DOI 10.17487/RFC4884, April 2007, 460 . 462 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 463 Chaining (SFC) Architecture", RFC 7665, 464 DOI 10.17487/RFC7665, October 2015, 465 . 467 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 468 Decraene, B., Litkowski, S., and R. Shakir, "Segment 469 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 470 July 2018, . 472 Authors' Addresses 473 Zafar Ali 474 Cisco Systems, Inc. 475 US 477 Email: zali@cisco.com 479 Clarence Filsfils 480 Cisco Systems, Inc. 481 Belgium 483 Email: cfilsfils@cisco.com 485 Nagendra Kumar Nainar 486 Cisco Systems, Inc. 487 7200-12 Kit Creek Road 488 Research Triangle Park, NC 27709 489 US 491 Email: naikumar@cisco.com 493 Carlos Pignataro 494 Cisco Systems, Inc. 495 7200 Kit Creek Road 496 Research Triangle Park, NC 27709-4987 497 US 499 Email: cpignata@cisco.com 501 Francois Clad 502 Cisco Systems, Inc. 503 France 505 Email: fclad@cisco.com 507 Faisal Iqbal 508 Arista Networks 510 Email: faisal.ietf@gmail.com 511 Xiaohu Xu 512 Alibaba 514 Email: xiaohu.xxh@alibaba-inc.com