idnits 2.17.1 draft-brockners-ippm-ioam-vxlan-gpe-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 27, 2018) is 2122 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'ETYPES' is defined on line 293, but no explicit reference was found in the text == Unused Reference: 'RFC2784' is defined on line 314, but no explicit reference was found in the text == Unused Reference: 'RFC3232' is defined on line 319, but no explicit reference was found in the text == Unused Reference: 'I-D.brockners-proof-of-transit' is defined on line 331, but no explicit reference was found in the text == Unused Reference: 'RFC7665' is defined on line 337, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ETYPES' == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-02 == Outdated reference: A later version (-13) exists of draft-ietf-nvo3-vxlan-gpe-06 ** Downref: Normative reference to an Informational draft: draft-ietf-nvo3-vxlan-gpe (ref. 'I-D.ietf-nvo3-vxlan-gpe') ** Downref: Normative reference to an Informational RFC: RFC 3232 Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ippm F. Brockners 3 Internet-Draft S. Bhandari 4 Intended status: Standards Track V. Govindan 5 Expires: December 29, 2018 C. Pignataro 6 Cisco 7 H. Gredler 8 RtBrick Inc. 9 J. Leddy 10 Comcast 11 S. Youell 12 JMPC 13 T. Mizrahi 14 Marvell 15 A. Kfir 16 B. Gafni 17 Mellanox Technologies, Inc. 18 P. Lapukhov 19 Facebook 20 M. Spiegel 21 Barefoot Networks 22 June 27, 2018 24 VXLAN-GPE Encapsulation for In-situ OAM Data 25 draft-brockners-ippm-ioam-vxlan-gpe-01 27 Abstract 29 In-situ Operations, Administration, and Maintenance (IOAM) records 30 operational and telemetry information in the packet while the packet 31 traverses a path between two points in the network. This document 32 outlines how IOAM data fields are encapsulated in VXLAN-GPE. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on December 29, 2018. 50 Copyright Notice 52 Copyright (c) 2018 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 2.1. Requirement Language . . . . . . . . . . . . . . . . . . 3 70 2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 71 3. IOAM Data Field Encapsulation in VXLAN-GPE . . . . . . . . . 3 72 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 73 4.1. Discussion of the encapsulation approach . . . . . . . . 5 74 4.2. IOAM and the use of the VXLAN O-bit . . . . . . . . . . . 6 75 4.3. Transit devices . . . . . . . . . . . . . . . . . . . . . 6 76 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 77 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 78 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 79 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 80 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 81 8.2. Informative References . . . . . . . . . . . . . . . . . 8 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 84 1. Introduction 86 In-situ OAM (IOAM) records OAM information within the packet while 87 the packet traverses a particular network domain. The term "in-situ" 88 refers to the fact that the IOAM data fields are added to the data 89 packets rather than being sent within packets specifically dedicated 90 to OAM. This document defines how IOAM data fields are transported 91 as part of the VXLAN-GPE [I-D.ietf-nvo3-vxlan-gpe] encapsulation. 92 The IOAM data fields are defined in [I-D.ietf-ippm-ioam-data]. An 93 implementation of IOAM which leverages VXLAN-GPE to carry the IOAM 94 data is available from the FD.io open source software project 95 [FD.io]. 97 2. Conventions 99 2.1. Requirement Language 101 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 102 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 103 document are to be interpreted as described in [RFC2119]. 105 2.2. Abbreviations 107 Abbreviations used in this document: 109 IOAM: In-situ Operations, Administration, and Maintenance 111 OAM: Operations, Administration, and Maintenance 113 VXLAN-GPE: Virtual eXtensible Local Area Network, Generic Protocol 114 Extension 116 3. IOAM Data Field Encapsulation in VXLAN-GPE 118 VXLAN-GPE is defined in [I-D.ietf-nvo3-vxlan-gpe]. IOAM data fields 119 are carried in VXLAN-GPE using a next protocol value of TBD_IOAM. An 120 IOAM header is added containing the different IOAM data fields 121 defined in [I-D.ietf-ippm-ioam-data]. In an administrative domain 122 where IOAM is used, insertion of the IOAM header in VXLAN-GPE is 123 enabled at the VXLAN-GPE tunnel endpoints, which also serve as IOAM 124 encapsulating/decapsulating nodes by means of configuration. 126 0 1 2 3 127 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 128 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 129 | Outer Ethernet Header | 130 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 131 | Outer IP Header | 132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 133 | Outer UDP Header | 134 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+ 135 |R|R|Ver|I|P|R|O| Reserved | NP=TBD_IOAM | | 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ GPE 137 | Virtual Network Identifier (VNI) | Reserved | | 138 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 139 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 140 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 141 ! | O 142 ! | A 143 ~ IOAM Option and Data Space ~ M 144 | | | 145 | | | 146 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 147 | | 148 | | 149 | Payload + Padding (L2/L3/ESP/...) | 150 | | 151 | | 152 | | 153 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 155 Figure 1: IOAM data encapsulation in VXLAN-GPE 157 The VXLAN-GPE header and fields are defined in 158 [I-D.ietf-nvo3-vxlan-gpe]. The VXLAN Next Protocol value for IOAM is 159 TBD_IOAM. 161 The IOAM related fields in VXLAN-GPE are defined as follows: 163 IOAM-Type: 8-bit field defining the IOAM Option type, as defined in 164 Section 7.2 of [I-D.ietf-ippm-ioam-data]. 166 IOAM HDR len: 8-bit unsigned integer. Length of the IOAM HDR in 167 4-octet units. 169 Reserved: 8-bit reserved field MUST be set to zero upon transmission 170 and ignored upon receipt. 172 Next Protocol: 8-bit unsigned integer that determines the type of 173 header following IOAM protocol. The value is from the IANA 174 registry setup for VXLAN GPE Next Protocol defined in 175 [I-D.ietf-nvo3-vxlan-gpe]. 177 IOAM Option and Data Space: IOAM option header and data is present 178 as specified by the IOAM-Type field, and is defined in Section 4 179 of [I-D.ietf-ippm-ioam-data]. 181 Multiple IOAM options MAY be included within the VXLAN-GPE 182 encapsulation. For example, if a VXLAN-GPE encapsulation contains 183 two IOAM options before a data payload, the Next Protocol field of 184 the first IOAM option will contain the value of TBD_IOAM, while the 185 Next Protocol field of the second IOAM option will contain the VXLAN 186 "Next Protocol" number indicating the type of the data payload. 188 4. Considerations 190 This section summarizes a set of considerations on the overall 191 approach taken for IOAM data encapsulation in VXLAN-GPE, as well as 192 deployment considerations. 194 4.1. Discussion of the encapsulation approach 196 This section is to support the working group discussion in selecting 197 the most appropriate approach for encapsulating IOAM data fields in 198 VXLAN-GPE. 200 An encapsulation of IOAM data fields in VXLAN-GPE should be friendly 201 to an implementation in both hardware as well as software forwarders. 202 Hardware forwarders benefit from an encapsulation that minimizes 203 iterative look-ups of fields within the packet: Any operation which 204 looks up the value of a field within the packet, based on which 205 another lookup is performed, consumes additional gates and time in an 206 implementation - both of which are desired to be kept to a minimum. 207 This means that flat TLV structures are to be preferred over nested 208 TLV structures. IOAM data fields are grouped into three option 209 categories: Trace, proof-of-transit, and edge-to-edge. Each of these 210 three options defines a TLV structure. A hardware-friendly 211 encapsulation approach avoids grouping these three option categories 212 into yet another TLV structure, but would rather carry the options as 213 a serial sequence. 215 Two approaches for encapsulating IOAM data fields in VXLAN-GPE could 216 be considered: 218 1. Use a single GPE protocol type for all IOAM types: IOAM would 219 receive a single GPE protocol type code point. A "sub-type" 220 field would then specify what IOAM options type (trace, proof-of- 221 transit, edge-to-edge) is carried. 223 2. Use one GPE protocol type per IOAM options type: Each IOAM data 224 field option (trace, proof-of-transit, and edge-to-edge) would be 225 specified by its own "next protocol", i.e. each IOAM options type 226 becomes its own GPE protocol type with a dedicated code point. 227 This implies that in case additional IOAM option types would be 228 added in the future, additional GPE protocol type code points 229 would need to be allocated. 231 The first option has been chosen here. Multiple back-to-back IOAM 232 options can be encoded as a succession of IOAM headers, with the same 233 single GPE protocol type appearing as the next protocol before each 234 IOAM header, but different sub-types within each IOAM header. 236 4.2. IOAM and the use of the VXLAN O-bit 238 [I-D.ietf-nvo3-vxlan-gpe] defines an "O bit" for OAM packets. Per 239 [I-D.ietf-nvo3-vxlan-gpe] the O bit indicates that the packet 240 contains an OAM message instead of data payload. Packets that carry 241 IOAM data fields in addition to regular data payload / customer 242 traffic must not set the O bit. Packets that carry only IOAM data 243 fields without any payload must set the O bit. 245 4.3. Transit devices 247 If IOAM is deployed in domains where UDP port numbers are not 248 controlled and do not have a domain-wide meaning, such as on the 249 global Internet, transit devices MUST NOT attempt to modify the IOAM 250 data contained in the IOAM header following the VXLAN-GPE header. In 251 case UDP port numbers are not controlled there might be UDP packets 252 specifying the same UDP port number that VXLAN-GPE utilizes, i.e. 253 4790, but with a payload that is not VXLAN-GPE. The scenario and 254 associated reasoning is discussed in [RFC7605] which states that "it 255 is important to recognize that any interpretation of port numbers -- 256 except at the endpoints -- may be incorrect, because port numbers are 257 meaningful only at the endpoints." 259 5. IANA Considerations 261 IANA is requested to allocate a protocol number for the following 262 VXLAN-GPE "Next Protocols" related to IOAM: 264 +---------------+-------------+---------------+ 265 | Next Protocol | Description | Reference | 266 +---------------+-------------+---------------+ 267 | x | TBD_IOAM | This document | 268 +---------------+-------------+---------------+ 270 6. Security Considerations 272 The security considerations of VXLAN-GPE are discussed in 273 [I-D.ietf-nvo3-vxlan-gpe], and the security considerations of IOAM in 274 general are discussed in [I-D.ietf-ippm-ioam-data]. 276 IOAM is considered a "per domain" feature, where one or several 277 operators decide on leveraging and configuring IOAM according to 278 their needs. Still, operators need to properly secure the IOAM 279 domain to avoid malicious configuration and use, which could include 280 injecting malicious IOAM packets into a domain. 282 7. Acknowledgements 284 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 285 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 286 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 287 and Andrew Yourtchenko for the comments and advice. 289 8. References 291 8.1. Normative References 293 [ETYPES] "IANA Ethernet Numbers", 294 . 297 [I-D.ietf-ippm-ioam-data] 298 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 299 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 300 P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, 301 "Data Fields for In-situ OAM", draft-ietf-ippm-ioam- 302 data-02 (work in progress), March 2018. 304 [I-D.ietf-nvo3-vxlan-gpe] 305 Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol 306 Extension for VXLAN", draft-ietf-nvo3-vxlan-gpe-06 (work 307 in progress), April 2018. 309 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 310 Requirement Levels", BCP 14, RFC 2119, 311 DOI 10.17487/RFC2119, March 1997, . 314 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 315 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 316 DOI 10.17487/RFC2784, March 2000, . 319 [RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced 320 by an On-line Database", RFC 3232, DOI 10.17487/RFC3232, 321 January 2002, . 323 [RFC7605] Touch, J., "Recommendations on Using Assigned Transport 324 Port Numbers", BCP 165, RFC 7605, DOI 10.17487/RFC7605, 325 August 2015, . 327 8.2. Informative References 329 [FD.io] "Fast Data Project: FD.io", . 331 [I-D.brockners-proof-of-transit] 332 Brockners, F., Bhandari, S., Dara, S., Pignataro, C., 333 Leddy, J., Youell, S., Mozes, D., and T. Mizrahi, "Proof 334 of Transit", draft-brockners-proof-of-transit-05 (work in 335 progress), May 2018. 337 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 338 Chaining (SFC) Architecture", RFC 7665, 339 DOI 10.17487/RFC7665, October 2015, . 342 Authors' Addresses 344 Frank Brockners 345 Cisco Systems, Inc. 346 Hansaallee 249, 3rd Floor 347 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 348 Germany 350 Email: fbrockne@cisco.com 352 Shwetha Bhandari 353 Cisco Systems, Inc. 354 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 355 Bangalore, KARNATAKA 560 087 356 India 358 Email: shwethab@cisco.com 360 Vengada Prasad Govindan 361 Cisco Systems, Inc. 363 Email: venggovi@cisco.com 364 Carlos Pignataro 365 Cisco Systems, Inc. 366 7200-11 Kit Creek Road 367 Research Triangle Park, NC 27709 368 United States 370 Email: cpignata@cisco.com 372 Hannes Gredler 373 RtBrick Inc. 375 Email: hannes@rtbrick.com 377 John Leddy 378 Comcast 380 Email: John_Leddy@cable.comcast.com 382 Stephen Youell 383 JP Morgan Chase 384 25 Bank Street 385 London E14 5JP 386 United Kingdom 388 Email: stephen.youell@jpmorgan.com 390 Tal Mizrahi 391 Marvell 392 6 Hamada St. 393 Yokneam 20692 394 Israel 396 Email: talmi@marvell.com 398 Aviv Kfir 399 Mellanox Technologies, Inc. 400 350 Oakmead Parkway, Suite 100 401 Sunnyvale, CA 94085 402 U.S.A. 404 Email: avivk@mellanox.com 405 Barak Gafni 406 Mellanox Technologies, Inc. 407 350 Oakmead Parkway, Suite 100 408 Sunnyvale, CA 94085 409 U.S.A. 411 Email: gbarak@mellanox.com 413 Petr Lapukhov 414 Facebook 415 1 Hacker Way 416 Menlo Park, CA 94025 417 US 419 Email: petr@fb.com 421 Mickey Spiegel 422 Barefoot Networks 423 2185 Park Boulevard 424 Palo Alto, CA 94306 425 US 427 Email: mspiegel@barefootnetworks.com