idnits 2.17.1 

draft-bryant-mpls-sfl-framework-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (October 18, 2015) is 3112 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Outdated reference: A later version (-03) exists of
     draft-bryant-mpls-flow-ident-02


     Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	MPLS                                                           S. Bryant
3	Internet-Draft                                                G. Swallow
4	Intended status: Informational                              S. Sivabalan
5	Expires: April 20, 2016                                    Cisco Systems
6	                                                               G. Mirsky
7	                                                                Ericsson
8	                                                                 M. Chen
9	                                                                   Z. Li
10	                                                                  Huawei
11	                                                        October 18, 2015

13	                    Synonymous Flow Label Framework
14	                   draft-bryant-mpls-sfl-framework-00

16	Abstract

18	   draft-bryant-mpls-flow-ident describes the requirement for
19	   introducing flow identities within the MPLS architecture.  This
20	   document describes a method of accomplishing this by using a
21	   technique called Synonymous Flow Labels in which labels which mimic
22	   the behaviour of other labels provide the identification service.
23	   These identifiers can be used to trigger per-flow operations on the
24	   on the packet at the receiving label switching router.

26	Status of This Memo

28	   This Internet-Draft is submitted in full conformance with the
29	   provisions of BCP 78 and BCP 79.

31	   Internet-Drafts are working documents of the Internet Engineering
32	   Task Force (IETF).  Note that other groups may also distribute
33	   working documents as Internet-Drafts.  The list of current Internet-
34	   Drafts is at http://datatracker.ietf.org/drafts/current/.

36	   Internet-Drafts are draft documents valid for a maximum of six months
37	   and may be updated, replaced, or obsoleted by other documents at any
38	   time.  It is inappropriate to use Internet-Drafts as reference
39	   material or to cite them other than as "work in progress."

41	   This Internet-Draft will expire on April 20, 2016.

43	Copyright Notice

45	   Copyright (c) 2015 IETF Trust and the persons identified as the
46	   document authors.  All rights reserved.

48	   This document is subject to BCP 78 and the IETF Trust's Legal
49	   Provisions Relating to IETF Documents
50	   (http://trustee.ietf.org/license-info) in effect on the date of
51	   publication of this document.  Please review these documents
52	   carefully, as they describe your rights and restrictions with respect
53	   to this document.  Code Components extracted from this document must
54	   include Simplified BSD License text as described in Section 4.e of
55	   the Trust Legal Provisions and are provided without warranty as
56	   described in the Simplified BSD License.

58	Table of Contents

60	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
61	   2.  Synonymous Flow Labels  . . . . . . . . . . . . . . . . . . .   2
62	   3.  User Service Traffic in the Data Plane  . . . . . . . . . . .   4
63	     3.1.  Applications Label Present  . . . . . . . . . . . . . . .   4
64	       3.1.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   4
65	     3.2.  Single Label Stack  . . . . . . . . . . . . . . . . . . .   5
66	       3.2.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   6
67	     3.3.  Aggregation of SFL Actions  . . . . . . . . . . . . . . .   6
68	   4.  Equal Cost Multipath Considerations . . . . . . . . . . . . .   7
69	   5.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   8
70	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
71	   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
72	   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   8
73	   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
74	     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
75	     9.2.  Informative References  . . . . . . . . . . . . . . . . .   9
76	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

78	1.  Introduction

80	   [I-D.bryant-mpls-flow-ident] describes the requirement for
81	   introducing flow identities within the MPLS architecture.

83	   This document describes a method of accomplishing this by using a
84	   technique called Synonymous Flow Labels (SFL) (see (Section 2)) in
85	   which labels which mimic the behaviour of other labels provide the
86	   identification service.  These identifiers can be used to trigger
87	   per-flow operations on the packet at the receiving label switching
88	   router.

90	2.  Synonymous Flow Labels

92	   An SFL is defined to be a label that causes exactly the same
93	   behaviour at the egress Label Switching Router (LSR) as the label it
94	   replaces, but in addition also causes an agreed action to take place
95	   on the packet.  There are many possible additional actions such as
96	   the measurement of the number of received packets in a flow,
97	   triggering IPFIX inspection, triggering other types of Deep Packet
98	   Inspection, or identification of the packet source.  In, for example,
99	   a Performance Monitoring (PM) application, the agreed action could be
100	   the recording of the receipt of the packet by incrementing a packet
101	   counter.  This is a natural action in many MPLS implementations, and
102	   where supported this permits the implementation of high quality
103	   packet loss measurement without any change to the packet forwarding
104	   system.

106	   Consider an MPLS application such as a pseudowire (PW), and consider
107	   that it is desired to use the approach specified in this document to
108	   make a packet loss measurement.  By some method outside the scope of
109	   this text, two labels, synonymous with the PW labels are obtained
110	   from the egress terminating provider edge (T-PE).  By alternating
111	   between these SFLs and using them in place of the PW label, the PW
112	   packets may be batched for counting without any impact on the PW
113	   forwarding behaviour (note that strictly only one SFL is needed in
114	   this application, but that is an optimization that is a matter for
115	   the implementor).

117	   Now consider an MPLS application that is multi-point to point such as
118	   a VPN.  Here it is necessary to identify a packet batch from a
119	   specific source.  This is achieved by making the SFLs source
120	   specific, so that batches from one source are marked differently from
121	   batches from another source.  The sources all operate independently
122	   and asynchronously from each other, independently co-ordinating with
123	   the destination.  Each ingress is thus able to establish its own SFL
124	   to identify the sub-flow and thus enable PM per flow.

126	   Finally we need to consider the case where there is no MPLS
127	   application label such as occurs when sending IP over an LSP.  In
128	   this case introducing an SFL that was synonymous with the LSP label
129	   would introduce network wide forwarding state.  This would not be
130	   acceptable for scaling reasons.  We therefore have no choice but to
131	   introduce an additional label.  Where penultimate hop popping (PHP)
132	   is in use, the semantics of this additional label can be similar to
133	   the LSP label.  Where PHP is not in use, the semantics are similar to
134	   an MPLS explicit NULL.  In both of these cases the label has the
135	   additional semantics of the SFL.

137	   Note that to achieve the goals set out in Section 1 SFLs need to be
138	   allocated from the platform label table.

140	3.  User Service Traffic in the Data Plane

142	   As noted in Section 2 it is necessary to consider two cases:

144	   1.  Applications label present

146	   2.  Single label stack

148	3.1.  Applications Label Present

150	   Figure 1 shows the case in which both an LSP label and an application
151	   label are present in the MPLS label stack.  Traffic with no SFL
152	   function present runs over the "normal" stack, and SFL enabled flows
153	   run over the SFL stack with the SFL used to indicate the packet
154	   batch.

156	     +-----------------+          +-----------------+
157	     |                 |          |                 |
158	     |      LSP        |          |      LSP        | <May be PHPed
159	     |     Label       |          |     Label       |
160	     +-----------------+          +-----------------+
161	     |                 |          |                 |
162	     |  Application    |          | Synonymous Flow |
163	     |     Label       |          |     Label       |
164	     +-----------------+          +-----------------+ <= Bottom of stack
165	     |                 |          |                 |
166	     |   Payload       |          |   Payload       |
167	     |                 |          |                 |
168	     +-----------------+          +-----------------+

170	    "Normal" Label Stack         Label Stack with SFL

172	    Figure 1: Use of Synonymous Labels In A Two Label MPLS Label Stack

174	   At the egress LSR the LSP label is popped (if present).  Then the SFL
175	   is processed in exactly the same way as the corresponding application
176	   label would have been processed.

178	3.1.1.  Setting TTL and the Traffic Class Bits

180	   The TTL and the Traffic Class bits [RFC5462] in the SFL LSE would
181	   normally be set to the same value as would have been set in the label
182	   that the SFL is synonymous with.  However it is recognised that there
183	   may be an applications need to set the SFL to some other value.  An
184	   example would be where it was desired to cause the SFL to trigger an
185	   action in the TTL expiry exception path as part of the label action.

187	3.2.  Single Label Stack

189	   Figure 2 shows the case in which only an LSP label is present in the
190	   MPLS label stack.  Traffic with no SFL function present runs over the
191	   "normal" stack and SFL enabled flows run over the SFL stack with the
192	   SFL used to indicate the packet batch.  However in this case it is
193	   necessary for the ingress LSR to first push the SFL and then to push
194	   the LSP label.

196	                                  +-----------------+
197	                                  |                 |
198	                                  |      LSP        | <= May be PHPed
199	                                  |     Label       |
200	     +-----------------+          +-----------------+
201	     |                 |          |                 | <= Synonymous with
202	     |      LSP        |          | Synonymous Flow |    Explicit NULL
203	     |     Label       |          |     Label       |
204	     +-----------------+          +-----------------+ <= Bottom of stack
205	     |                 |          |                 |
206	     |   Payload       |          |   Payload       |
207	     |                 |          |                 |
208	     +-----------------+          +-----------------+

210	    "Normal" Label Stack         Label Stack with SFL

212	   Figure 2: Use of Synonymous Labels In A Single Label MPLS Label Stack

214	   At the receiving LSR it is necessary to consider two cases:

216	   1.  Where the LSP label is still present

218	   2.  Where the LSP label is penultimate hop popped

220	   If the LSP label is present, it processed exactly as it would
221	   normally processed and then it is popped.  This reveals the SFL which
222	   in the case of RFC6374 measurements is simply counted and then
223	   discarded.  In this respect the processing of the SFL is synonymous
224	   with an Explicit NULL.  As the SFL is the bottom of stack, the IP
225	   packet that follows is processed as normal.

227	   If the LSP label is not present due to PHP action in the upstream
228	   LSR, two almost equivalent processing actions can take place.  Either
229	   the SFL can be treated as an LSP label that was not PHPed and the
230	   additional associated SFL action is taken when the label is
231	   processed.  Alternatively, it can be treated as an explicit NULL with
232	   associated SFL actions.  From the perspective of the measurement
233	   system described in this document the behaviour of two approaches are
234	   indistinguishable and thus either may be implemented.

236	3.2.1.  Setting TTL and the Traffic Class Bits

238	   The TTL and the Traffic Class considerations described in
239	   Section 3.1.1 apply.

241	3.3.  Aggregation of SFL Actions

243	   There are cases where it is desirable to aggregate an SFL action
244	   against a number of labels.  For example where it is desirable to
245	   have one counter record the number of packets received over a group
246	   of application labels, or where the number of labels used by a single
247	   application is large, and consequently the increase in the number of
248	   allocated labels needed to support the SFL actions consequently
249	   becomes too large to be viable.  In these circumstances it would be
250	   necessary to introduce an additional label in the stack to act as an
251	   aggregate instruction.  This is not strictly a synonymous action in
252	   that the SFL is not replacing a existing label, but is somewhat
253	   similar to the single label case shown in Section 3.2, and the same
254	   signalling, management and configuration tools would be applicable.

256	                                  +-----------------+
257	                                  |                 |
258	                                  |      LSP        | < May be PHPed
259	                                  |     Label       |
260	     +-----------------+          +-----------------+
261	     |                 |          |                 |
262	     |      LSP        |          |   Aggregate     |
263	     |     Label       |          |      SFL        |
264	     +-----------------+          +-----------------+
265	     |                 |          |                 |
266	     |  Application    |          |  Application    |
267	     |     Label       |          |     Label       |
268	     +-----------------+          +-----------------+ <= Bottom of stack
269	     |                 |          |                 |
270	     |   Payload       |          |   Payload       |
271	     |                 |          |                 |
272	     +-----------------+          +-----------------+

274	    "Normal" Label Stack         Label Stack with SFL

276	                      Figure 3: Aggregate SFL Actions

278	   The Aggregate SFL is shown in the label stack depicted in Figure 3 as
279	   preceding the application label, however the choice of position
280	   before, or after, the application label will be application specific.
281	   In the case described in Section 3.1, by definition the SFL has the
282	   full application context.  In this case the positioning will depend
283	   on whether the SFL action needs the full context of the application
284	   to perform its action and whether the complexity of the application
285	   will be increased by finding an SFL following the application label.

287	   This third SFL case requires further though by the authors and this
288	   section will be updated in a future version of this draft to reflect
289	   those thoughts.

291	4.  Equal Cost Multipath Considerations

293	   The introduction to an SFL to an existing may cause that flow to take
294	   a different path through the network under conditions of Equal Cost
295	   Multipath (ECMP).  This is turn may invalidate the certain uses of
296	   the SFL such as performance measurement applications.  Where this is
297	   a problem there are two solutions worthy of consideration:

299	   1.  The operator can elect to always run with the SFL in place in the
300	       MPLS label stack.

302	   2.  The operator can elect to use [RFC6790] Entropy Labels which, in
303	       a network that fully supports this type of ECMP, results in the
304	       ECMP decision being independent of the value of the other labels
305	       in the label stack.

307	5.  Privacy Considerations

309	   Recent IETF concerns on pervasive monitoring are described in
310	   [RFC7258].  The inclusion of originating and/or flow information in a
311	   packet provides more identity information and hence potentially
312	   degrades the privacy of the communication.  Whilst the inclusion of
313	   the additional granularity does allow greater insight into the flow
314	   characteristics it does not specifically identify which node
315	   originated the packet other than by inspection of the network at the
316	   point of ingress, or inspection of the control protocol packets.
317	   This privacy threat may be mitigated by encrypting the control
318	   protocol packets, regularly changing the synonymous labels and by
319	   concurrently using a number of such labels.  The minimizing the scope
320	   of the identity indication can be useful in minimizing the
321	   observability of the flow characteristics.

323	6.  Security Considerations

325	   The issue noted in Section 5 is a security consideration.  There are
326	   no other new security issues associated with the MPLS dataplane.  Any
327	   control protocol used to request SFLs will need to ensure the
328	   legitimacy of the request.

330	7.  IANA Considerations

332	   This draft makes no IANA requests.

334	8.  Acknowledgements

336	   TBD

338	9.  References

340	9.1.  Normative References

342	   [RFC5462]  Andersson, L. and R. Asati, "Multiprotocol Label Switching
343	              (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
344	              Class" Field", RFC 5462, DOI 10.17487/RFC5462, February
345	              2009, <http://www.rfc-editor.org/info/rfc5462>.

347	9.2.  Informative References

349	   [I-D.bryant-mpls-flow-ident]
350	              Bryant, S., Pignataro, C., Chen, M., Li, Z., and G.
351	              Mirsky, "MPLS Flow Identification", draft-bryant-mpls-
352	              flow-ident-02 (work in progress), September 2015.

354	   [RFC6790]  Kompella, K., Drake, J., Amante, S., Henderickx, W., and
355	              L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
356	              RFC 6790, DOI 10.17487/RFC6790, November 2012,
357	              <http://www.rfc-editor.org/info/rfc6790>.

359	   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
360	              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
361	              2014, <http://www.rfc-editor.org/info/rfc7258>.

363	Authors' Addresses

365	   Stewart Bryant
366	   Cisco Systems

368	   Email: stbryant@cisco.com

370	   George Swallow
371	   Cisco Systems

373	   Email: swallow@cisco.com

375	   Siva Sivabalan
376	   Cisco Systems

378	   Email: msiva@cisco.com

380	   Greg Mirsky
381	   Ericsson

383	   Email: gregory.mirsky@ericsson.com

385	   Mach(Guoyi) Chen
386	   Huawei

388	   Email: mach.chen@huawei.com
389	   Zhenbin(Robin)  Li
390	   Huawei

392	   Email: lizhenbin@huawei.com