idnits 2.17.1 draft-brockners-ippm-ioam-geneve-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 19, 2020) is 1246 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2784' is defined on line 338, but no explicit reference was found in the text == Unused Reference: 'RFC3232' is defined on line 343, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-10 == Outdated reference: A later version (-05) exists of draft-weis-ippm-ioam-eth-04 ** Downref: Normative reference to an Informational RFC: RFC 3232 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ippm F. Brockners, Ed. 3 Internet-Draft Cisco 4 Intended status: Standards Track S. Bhandari 5 Expires: May 23, 2021 Thoughtspot 6 V. Govindan 7 C. Pignataro, Ed. 8 N. Nainar, Ed. 9 Cisco 10 H. Gredler 11 RtBrick Inc. 12 J. Leddy 14 S. Youell 15 JMPC 16 T. Mizrahi 17 Huawei Network.IO Innovation Lab 18 P. Lapukhov 19 Facebook 20 B. Gafni 21 A. Kfir 22 Mellanox Technologies, Inc. 23 M. Spiegel 24 Barefoot Networks, an Intel company 25 November 19, 2020 27 Geneve encapsulation for In-situ OAM Data 28 draft-brockners-ippm-ioam-geneve-05 30 Abstract 32 In-situ Operations, Administration, and Maintenance (IOAM) records 33 operational and telemetry information in the packet while the packet 34 traverses a path between two points in the network. This document 35 proposes a new Geneve tunnel option and outlines how IOAM data fields 36 are carried in the option data field. 38 Status of This Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at https://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on May 23, 2021. 55 Copyright Notice 57 Copyright (c) 2020 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents 62 (https://trustee.ietf.org/license-info) in effect on the date of 63 publication of this document. Please review these documents 64 carefully, as they describe your rights and restrictions with respect 65 to this document. Code Components extracted from this document must 66 include Simplified BSD License text as described in Section 4.e of 67 the Trust Legal Provisions and are provided without warranty as 68 described in the Simplified BSD License. 70 Table of Contents 72 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 73 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 74 2.1. Requirement Language . . . . . . . . . . . . . . . . . . 3 75 2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 76 3. IOAM Data Field Encapsulation in Geneve . . . . . . . . . . . 3 77 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 78 4.1. Discussion of the encapsulation approach . . . . . . . . 5 79 4.2. IOAM and the use of the Geneve O-bit . . . . . . . . . . 6 80 4.3. Transit devices . . . . . . . . . . . . . . . . . . . . . 6 81 4.4. Additional Encapsulation Consideration . . . . . . . . . 7 82 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 83 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 84 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 85 8. Normative References . . . . . . . . . . . . . . . . . . . . 7 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 88 1. Introduction 90 In-situ OAM (IOAM) records OAM information within the packet while 91 the packet traverses a particular network domain. The term "in-situ" 92 refers to the fact that the IOAM data fields are added to the data 93 packets rather than is being sent within packets specifically 94 dedicated to OAM. This document proposes a new Geneve tunnel option 95 and defines how IOAM data fields are transported as part of the 96 tunnel option in the Geneve [I-D.ietf-nvo3-geneve] encapsulation. 97 The IOAM data fields are defined in [I-D.ietf-ippm-ioam-data]. 99 2. Conventions 101 2.1. Requirement Language 103 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 105 document are to be interpreted as described in [RFC2119]. 107 2.2. Abbreviations 109 Abbreviations used in this document: 111 IOAM: In-situ Operations, Administration, and Maintenance 113 OAM: Operations, Administration, and Maintenance 115 Geneve: Generic Network Virtualization Encapsulation 117 3. IOAM Data Field Encapsulation in Geneve 119 Geneve is defined in [I-D.ietf-nvo3-geneve]. When Geneve 120 encapsulation header is used, IOAM data fields can either be carried 121 after the Geneve header, identified by the next protocol field or can 122 be carried in the Geneve header itself as a tunnel option. The 123 former approach is defined in [I-D.weis-ippm-ioam-eth] while the 124 latter approach is defined in this document. 126 IOAM data fields are carried using a single Geneve Option Class 127 TBD_IOAM. The different IOAM data fields defined in 128 [I-D.ietf-ippm-ioam-data] are added as TLVs using that Geneve Option 129 Class. In an administrative domain where IOAM is used, insertion of 130 the IOAM header in Geneve is enabled at the Geneve tunnel endpoints, 131 which also serve as IOAM encapsulating/decapsulating nodes by means 132 of configuration. 134 0 1 2 3 135 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+ 137 |Ver| Opt Len |O|C| Rsvd. | Protocol Type | | 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Hdr 139 | Virtual Network Identifier (VNI) | Reserved | | 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+ 141 | Option Class = TBD_IOAM | Type |R|R|R| Length | | 142 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 143 ! | O 144 ! | A 145 ~ IOAM Option and Data Space ~ M 146 | | | 147 | | | 148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 149 | | 150 | | 151 | Payload + Padding (L2/L3/ESP/...) | 152 | | 153 | | 154 | | 155 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 157 Figure 1: IOAM data encapsulation in Geneve 159 The Geneve header and fields are defined in [I-D.ietf-nvo3-geneve]. 160 The Geneve Option Class value for use with IOAM is TBD_IOAM. 162 The fields related to the encapsulation of IOAM data fields in Geneve 163 are defined as follows: 165 Option Class: 16-bit unsigned integer that determines the IOAM 166 option class. The value is from the IANA registry setup for 167 Geneve option classes as defined in [I-D.ietf-nvo3-geneve]. 169 Type: 8-bit field defining the IOAM Option type, as defined in 170 Section 7.2 of [I-D.ietf-ippm-ioam-data]. The 'C' bit MUST be set 171 to zero. 173 R (3 bits): Option control flags reserved for future use. The flags 174 MUST be set to zero on transmission and ignored on receipt. 176 Length: 5-bit unsigned integer. Length of the IOAM HDR in 4-octet 177 units. 179 IOAM Option and Data Space: IOAM option header and data is present 180 as defined by the Type field, and is defined in Section 4 of 181 [I-D.ietf-ippm-ioam-data]. 183 Multiple distinct IOAM Option-Types MAY be included within the same 184 Geneve encapsulation. Each IOAM Option-Type MUST occur at most once 185 within the same Geneve encapsulation. For example, if a Geneve 186 encapsulation contains two IOAM Option-Types before a data payload, 187 there would be two fields with TBD_IOAM Option Class each, 188 differentiated by the Type field which specifies the type of the IOAM 189 data included. 191 4. Considerations 193 This section summarizes a set of considerations on the overall 194 approach taken for IOAM data encapsulation in Geneve, as well as 195 deployment considerations. 197 4.1. Discussion of the encapsulation approach 199 This section is to support the working group discussion in selecting 200 the most appropriate approach for encapsulating IOAM data fields in 201 Geneve. 203 An encapsulation of IOAM data fields in Geneve should be friendly to 204 an implementation in both hardware as well as software forwarders and 205 support a wide range of deployment cases, including large networks 206 that desire to leverage multiple IOAM data fields at the same time. 208 Hardware and software friendly implementation: Hardware forwarders 209 benefit from an encapsulation that minimizes iterative look-ups of 210 fields within the packet: Any operation which looks up the value 211 of a field within the packet, based on which another lookup is 212 performed, consumes additional gates and time in an implementation 213 - both of which are desired to be kept to a minimum. This means 214 that flat TLV structures are to be preferred over nested TLV 215 structures. IOAM data fields are grouped into three option 216 categories: Trace, proof-of-transit, and edge-to-edge. Each of 217 these three options defines a TLV structure. A hardware-friendly 218 encapsulation approach avoids grouping these three option 219 categories into yet another TLV structure, but would rather carry 220 the options as a serial sequence. 222 Total length of the IOAM data fields: The total length of IOAM 223 data can grow quite large in case multiple different IOAM data 224 fields are used and large path-lengths need to be considered. If 225 for example an operator would consider using the IOAM trace option 226 and capture node-id, app_data, egress/ingress interface-id, 227 timestamp seconds, timestamps nanoseconds at every hop, then a 228 total of 20 octets would be added to the packet at every hop. In 229 case this particular deployment would have a maximum path length 230 of 15 hops in the IOAM domain, then a maximum of 300 octets of 231 IOAM data were to be encapsulated in the packet. 233 Concerns with the current encapsulation approach: 235 Hardware support: Using Geneve tunnel options to encapsulate IOAM 236 data fields leads to a nested TLV structure. Each IOAM data field 237 option (trace, proof-of-transit, and edge-to-edge) represents a 238 type, with the different IOAM data fields being TLVs within this 239 the particular option type. Nested TLVs require iterative look- 240 ups, a fact that creates potential challenges for implementations 241 in hardware. It would be desirable to offer a way to encapsulate 242 IOAM in a way that keeps TLV nesting to a minimum. 244 Length: Geneve tunnel option length is a 5-bit field in the 245 current specification [I-D.ietf-nvo3-geneve] resulting in a 246 maximum option length of 128 (2^5 x 4) octets which constrains the 247 use of IOAM to either small domains or a few IOAM data fields 248 only. Support for large domains with a variety of IOAM data 249 fields would be desirable. 251 4.2. IOAM and the use of the Geneve O-bit 253 [I-D.ietf-nvo3-geneve] defines an "O bit" for Control packets. Per 254 [I-D.ietf-nvo3-geneve] the O bit indicates that the packet contains a 255 control message instead of data payload. Packets that carry IOAM 256 data fields in addition to regular data payload / customer traffic 257 must not set the O bit. Packets that carry only IOAM data fields 258 without any payload must set the O bit. 260 4.3. Transit devices 262 If IOAM is deployed in domains where UDP port numbers are not 263 controlled and do not have a domain-wide meaning, such as on the 264 global Internet, transit devices MUST NOT attempt to modify the IOAM 265 data contained in the IOAM option class. In case UDP port numbers 266 are not controlled there might be UDP packets, which leverage the UDP 267 port number that Geneve utilizes, i.e. 6081, but the payload of these 268 packets isn't Geneve. The scenario and associated reasoning is 269 discussed in [RFC7605] which states that "it is important to 270 recognize that any interpretation of port numbers -- except at the 271 endpoints -- may be incorrect, because port numbers are meaningful 272 only at the endpoints." 274 4.4. Additional Encapsulation Consideration 276 Geneve encapsulation header supports carrying IOAM data fields either 277 as part of the tunnel option or as the protocol data unit that 278 follows the Geneve header. An operator may choose to enable either 279 of the options but it is not recommended to include both in the same 280 data packet. 282 5. IANA Considerations 284 IANA is requested to allocate a Geneve "option class" numbers for 285 IOAM: 287 +---------------+-------------+---------------+ 288 | Option Class | Description | Reference | 289 +---------------+-------------+---------------+ 290 | x | TBD_IOAM | This document | 291 +---------------+-------------+---------------+ 293 6. Security Considerations 295 The security considerations of Geneve are discussed in 296 [I-D.ietf-nvo3-geneve], and the security considerations of IOAM in 297 general are discussed in [I-D.ietf-ippm-ioam-data]. 299 IOAM is considered a "per domain" feature, where one or several 300 operators decide on leveraging and configuring IOAM according to 301 their needs. Still, operators need to properly secure the IOAM 302 domain to avoid malicious configuration and use, which could include 303 injecting malicious IOAM packets into a domain. 305 7. Acknowledgements 307 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 308 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 309 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 310 Andrew Yourtchenko and Nagendra Kumar Nainar for the comments and 311 advice. 313 8. Normative References 315 [I-D.ietf-ippm-ioam-data] 316 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 317 for In-situ OAM", draft-ietf-ippm-ioam-data-10 (work in 318 progress), July 2020. 320 [I-D.ietf-nvo3-geneve] 321 Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic 322 Network Virtualization Encapsulation", draft-ietf- 323 nvo3-geneve-16 (work in progress), March 2020. 325 [I-D.weis-ippm-ioam-eth] 326 Weis, B., Brockners, F., Hill, C., Bhandari, S., Govindan, 327 V., Pignataro, C., Gredler, H., Leddy, J., Youell, S., 328 Mizrahi, T., Kfir, A., Gafni, B., Lapukhov, P., and M. 329 Spiegel, "EtherType Protocol Identification of In-situ OAM 330 Data", draft-weis-ippm-ioam-eth-04 (work in progress), May 331 2020. 333 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 334 Requirement Levels", BCP 14, RFC 2119, 335 DOI 10.17487/RFC2119, March 1997, 336 . 338 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 339 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 340 DOI 10.17487/RFC2784, March 2000, 341 . 343 [RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced 344 by an On-line Database", RFC 3232, DOI 10.17487/RFC3232, 345 January 2002, . 347 [RFC7605] Touch, J., "Recommendations on Using Assigned Transport 348 Port Numbers", BCP 165, RFC 7605, DOI 10.17487/RFC7605, 349 August 2015, . 351 Authors' Addresses 353 Frank Brockners (editor) 354 Cisco Systems, Inc. 355 Hansaallee 249, 3rd Floor 356 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 357 Germany 359 Email: fbrockne@cisco.com 360 Shwetha Bhandari 361 Thoughtspot 362 3rd Floor, Indiqube Orion, 24th Main Rd, HSR Layout 363 Bangalore, KARNATAKA 560 102 364 India 366 Email: shwetha.bhandari@thoughtspot.com 368 Vengada Prasad Govindan 369 Cisco Systems, Inc. 371 Email: venggovi@cisco.com 373 Carlos Pignataro (editor) 374 Cisco Systems, Inc. 375 7200-11 Kit Creek Road 376 Research Triangle Park, NC 27709 377 United States 379 Email: cpignata@cisco.com 381 Nagendra Kumar Nainar (editor) 382 Cisco Systems, Inc. 383 7200-11 Kit Creek Road 384 Research Triangle Park, NC 27709 385 United States 387 Email: naikumar@cisco.com 389 Hannes Gredler 390 RtBrick Inc. 392 Email: hannes@rtbrick.com 394 John Leddy 395 United States 397 Email: john@leddy.net 398 Stephen Youell 399 JP Morgan Chase 400 25 Bank Street 401 London E14 5JP 402 United Kingdom 404 Email: stephen.youell@jpmorgan.com 406 Tal Mizrahi 407 Huawei Network.IO Innovation Lab 408 Israel 410 Email: tal.mizrahi.phd@gmail.com 412 Petr Lapukhov 413 Facebook 414 1 Hacker Way 415 Menlo Park, CA 94025 416 US 418 Email: petr@fb.com 420 Barak Gafni 421 Mellanox Technologies, Inc. 422 350 Oakmead Parkway, Suite 100 423 Sunnyvale, CA 94085 424 U.S.A. 426 Email: gbarak@mellanox.com 428 Aviv Kfir 429 Mellanox Technologies, Inc. 430 350 Oakmead Parkway, Suite 100 431 Sunnyvale, CA 94085 432 U.S.A. 434 Email: avivk@mellanox.com 435 Mickey Spiegel 436 Barefoot Networks, an Intel company 437 4750 Patrick Henry Drive 438 Santa Clara, CA 95054 439 US 441 Email: mickey.spiegel@intel.com