idnits 2.17.1 draft-brockners-ippm-ioam-geneve-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 3, 2018) is 2246 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2784' is defined on line 293, but no explicit reference was found in the text == Unused Reference: 'RFC3232' is defined on line 298, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-01 == Outdated reference: A later version (-16) exists of draft-ietf-nvo3-geneve-05 ** Downref: Normative reference to an Informational RFC: RFC 3232 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ippm F. Brockners 3 Internet-Draft S. Bhandari 4 Intended status: Standards Track V. Govindan 5 Expires: September 4, 2018 C. Pignataro 6 Cisco 7 H. Gredler 8 RtBrick Inc. 9 J. Leddy 10 Comcast 11 S. Youell 12 JMPC 13 T. Mizrahi 14 Marvell 15 P. Lapukhov 16 Facebook 17 B. Gafni 18 A. Kfir 19 Mellanox Technologies, Inc. 20 M. Spiegel 21 Barefoot Networks 22 March 3, 2018 24 Geneve encapsulation for In-situ OAM Data 25 draft-brockners-ippm-ioam-geneve-00 27 Abstract 29 In-situ Operations, Administration, and Maintenance (IOAM) records 30 operational and telemetry information in the packet while the packet 31 traverses a path between two points in the network. This document 32 outlines how IOAM data fields are encapsulated in Geneve. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on September 4, 2018. 50 Copyright Notice 52 Copyright (c) 2018 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2.1. Requirement Language . . . . . . . . . . . . . . . . . . 3 70 2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 71 3. IOAM Data Field Encapsulation in Geneve . . . . . . . . . . . 3 72 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 73 4.1. Discussion of the encapsulation approach . . . . . . . . 5 74 4.2. IOAM and the use of the Geneve O-bit . . . . . . . . . . 6 75 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 76 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 77 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 78 8. Normative References . . . . . . . . . . . . . . . . . . . . 7 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 81 1. Introduction 83 In-situ OAM (IOAM) records OAM information within the packet while 84 the packet traverses a particular network domain. The term "in-situ" 85 refers to the fact that the IOAM data fields are added to the data 86 packets rather than is being sent within packets specifically 87 dedicated to OAM. This document defines how IOAM data fields are 88 transported as part of the Geneve [I-D.ietf-nvo3-geneve] 89 encapsulation. The IOAM data fields are defined in 90 [I-D.ietf-ippm-ioam-data]. 92 2. Conventions 94 2.1. Requirement Language 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 98 document are to be interpreted as described in [RFC2119]. 100 2.2. Abbreviations 102 Abbreviations used in this document: 104 IOAM: In-situ Operations, Administration, and Maintenance 106 OAM: Operations, Administration, and Maintenance 108 Geneve: Generic Network Virtualization Encapsulation 110 3. IOAM Data Field Encapsulation in Geneve 112 Geneve is defined in [I-D.ietf-nvo3-geneve]. IOAM data fields are 113 carried in the Geneve header as a tunnel option, using a single 114 Geneve Option Class TBD_IOAM. The different IOAM data fields defined 115 in [I-D.ietf-ippm-ioam-data] are added as TLVs using that Geneve 116 Option Class. In an administrative domain where IOAM is used, 117 insertion of the IOAM header in Geneve is enabled at the Geneve 118 tunnel endpoints, which also serve as IOAM encapsulating/ 119 decapsulating nodes by means of configuration. 121 0 1 2 3 122 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+ 124 |Ver| Opt Len |O|C| Rsvd. | Protocol Type | | 125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Hdr 126 | Virtual Network Identifier (VNI) | Reserved | | 127 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+ 128 | Option Class = TBD_IOAM | Type |R|R|R| Length | | 129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 130 ! | O 131 ! | A 132 ~ IOAM Option and Data Space ~ M 133 | | | 134 | | | 135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 136 | | 137 | | 138 | Payload + Padding (L2/L3/ESP/...) | 139 | | 140 | | 141 | | 142 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 Figure 1: IOAM data encapsulation in Geneve 146 The Geneve header and fields are defined in [I-D.ietf-nvo3-geneve]. 147 The Geneve Option Class value for use with IOAM is TBD_IOAM. 149 The fields related to the encapsulation of IOAM data fields in Geneve 150 are defined as follows: 152 Option Class: 16-bit unsigned integer that determines the IOAM 153 option class. The value is from the IANA registry setup for 154 Geneve option classes as defined in [I-D.ietf-nvo3-geneve]. 156 Type: 8-bit field defining the IOAM Option type, as defined in 157 Section 7.2 of [I-D.ietf-ippm-ioam-data]. 159 R (3 bits): Option control flags reserved for future use. MUST be 160 zero on transmission and ignored on receipt. 162 Length: 5-bit unsigned integer. Length of the IOAM HDR in 4-octet 163 units. 165 IOAM Option and Data Space: IOAM option header and data is present 166 as defined by the Type field, and is defined in Section 4 of 167 [I-D.ietf-ippm-ioam-data]. 169 Multiple IOAM options MAY be included within the Geneve 170 encapsulation. For example, if a Geneve encapsulation contains two 171 IOAM options before a data payload, there would be two fields with 172 TBD_IOAM Option Class each, differentiated by the Type field which 173 specifies the type of the IOAM data included. 175 4. Considerations 177 This section summarizes a set of considerations on the overall 178 approach taken for IOAM data encapsulation in Geneve, as well as 179 deployment considerations. 181 4.1. Discussion of the encapsulation approach 183 This section is to support the working group discussion in selecting 184 the most appropriate approach for encapsulating IOAM data fields in 185 Geneve. 187 An encapsulation of IOAM data fields in Geneve should be friendly to 188 an implementation in both hardware as well as software forwarders and 189 support a wide range of deployment cases, including large networks 190 that desire to leverage multiple IOAM data fields at the same time. 192 Hardware and software friendly implementation: Hardware forwarders 193 benefit from an encapsulation that minimizes iterative look-ups of 194 fields within the packet: Any operation which looks up the value 195 of a field within the packet, based on which another lookup is 196 performed, consumes additional gates and time in an implementation 197 - both of which are desired to be kept to a minimum. This means 198 that flat TLV structures are to be preferred over nested TLV 199 structures. IOAM data fields are grouped into three option 200 categories: Trace, proof-of-transit, and edge-to-edge. Each of 201 these three options defines a TLV structure. A hardware-friendly 202 encapsulation approach avoids grouping these three option 203 categories into yet another TLV structure, but would rather carry 204 the options as a serial sequence. 206 Total length of the IOAM data fields: The total length of IOAM 207 data can grow quite large in case multiple different IOAM data 208 fields are used and large path-lengths need to be considered. If 209 for example an operator would consider using the IOAM trace option 210 and capture node-id, app_data, egress/ingress interface-id, 211 timestamp seconds, timestamps nanoseconds at every hop, then a 212 total of 20 octets would be added to the packet at every hop. In 213 case this particular deployment would have a maximum path length 214 of 15 hops in the IOAM domain, then a maximum of 300 octets of 215 IOAM data were to be encapsulated in the packet. 217 Concerns with the current encapsulation approach: 219 Hardware support: Using Geneve tunnel options to encapsulate IOAM 220 data fields leads to a nested TLV structure. Each IOAM data field 221 option (trace, proof-of-transit, and edge-to-edge) represents a 222 type, with the different IOAM data fields being TLVs within this 223 the particular option type. Nested TLVs require iterative look- 224 ups, a fact that creates potential challenges for implementations 225 in hardware. It would be desirable to offer a way to encapsulate 226 IOAM in a way that keeps TLV nesting to a minimum. 228 Length: Geneve tunnel option length is a 5-bit field in the 229 current specification [I-D.ietf-nvo3-geneve] resulting in a 230 maximum option length of 128 (2^5 x 4) octets which constrains the 231 use of IOAM to either small domains or a few IOAM data fields 232 only. Support for large domains with a variety of IOAM data 233 fields would be desirable. 235 4.2. IOAM and the use of the Geneve O-bit 237 [I-D.ietf-nvo3-geneve] defines an "O bit" for OAM packets. Per 238 [I-D.ietf-nvo3-geneve] the O bit indicates that the packet contains a 239 control message instead of data payload. Packets that carry IOAM 240 data fields in addition to regular data payload / customer traffic 241 must not set the O bit. Packets that carry only IOAM data fields 242 without any payload must set the O bit. 244 5. IANA Considerations 246 IANA is requested to allocate a Geneve "option class" numbers for 247 IOAM: 249 +---------------+-------------+---------------+ 250 | Option Class | Description | Reference | 251 +---------------+-------------+---------------+ 252 | x | TBD_IOAM | This document | 253 +---------------+-------------+---------------+ 255 6. Security Considerations 257 The security considerations of Geneve are discussed in 258 [I-D.ietf-nvo3-geneve], and the security considerations of IOAM in 259 general are discussed in [I-D.ietf-ippm-ioam-data]. 261 IOAM is considered a "per domain" feature, where one or several 262 operators decide on leveraging and configuring IOAM according to 263 their needs. Still, operators need to properly secure the IOAM 264 domain to avoid malicious configuration and use, which could include 265 injecting malicious IOAM packets into a domain. 267 7. Acknowledgements 269 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 270 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 271 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 272 and Andrew Yourtchenko for the comments and advice. 274 8. Normative References 276 [I-D.ietf-ippm-ioam-data] 277 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 278 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 279 P., Chang, R., and d. daniel.bernier@bell.ca, "Data Fields 280 for In-situ OAM", draft-ietf-ippm-ioam-data-01 (work in 281 progress), October 2017. 283 [I-D.ietf-nvo3-geneve] 284 Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic 285 Network Virtualization Encapsulation", draft-ietf- 286 nvo3-geneve-05 (work in progress), September 2017. 288 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 289 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 290 RFC2119, March 1997, . 293 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 294 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 295 DOI 10.17487/RFC2784, March 2000, . 298 [RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced 299 by an On-line Database", RFC 3232, DOI 10.17487/RFC3232, 300 January 2002, . 302 Authors' Addresses 304 Frank Brockners 305 Cisco Systems, Inc. 306 Hansaallee 249, 3rd Floor 307 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 308 Germany 310 Email: fbrockne@cisco.com 311 Shwetha Bhandari 312 Cisco Systems, Inc. 313 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 314 Bangalore, KARNATAKA 560 087 315 India 317 Email: shwethab@cisco.com 319 Vengada Prasad Govindan 320 Cisco Systems, Inc. 322 Email: venggovi@cisco.com 324 Carlos Pignataro 325 Cisco Systems, Inc. 326 7200-11 Kit Creek Road 327 Research Triangle Park, NC 27709 328 United States 330 Email: cpignata@cisco.com 332 Hannes Gredler 333 RtBrick Inc. 335 Email: hannes@rtbrick.com 337 John Leddy 338 Comcast 340 Email: John_Leddy@cable.comcast.com 342 Stephen Youell 343 JP Morgan Chase 344 25 Bank Street 345 London E14 5JP 346 United Kingdom 348 Email: stephen.youell@jpmorgan.com 349 Tal Mizrahi 350 Marvell 351 6 Hamada St. 352 Yokneam 20692 353 Israel 355 Email: talmi@marvell.com 357 Petr Lapukhov 358 Facebook 359 1 Hacker Way 360 Menlo Park, CA 94025 361 US 363 Email: petr@fb.com 365 Barak Gafni 366 Mellanox Technologies, Inc. 367 350 Oakmead Parkway, Suite 100 368 Sunnyvale, CA 94085 369 U.S.A. 371 Email: gbarak@mellanox.com 373 Aviv Kfir 374 Mellanox Technologies, Inc. 375 350 Oakmead Parkway, Suite 100 376 Sunnyvale, CA 94085 377 U.S.A. 379 Email: avivk@mellanox.com 381 Mickey Spiegel 382 Barefoot Networks 383 2185 Park Boulevard 384 Palo Alto, CA 94306 385 US 387 Email: mspiegel@barefootnetworks.com