idnits 2.17.1 

draft-bryant-mpls-sfl-framework-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (April 25, 2017) is 2558 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Outdated reference: A later version (-07) exists of
     draft-ietf-mpls-flow-ident-04


     Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	MPLS Working Group                                             S. Bryant
3	Internet-Draft                                                   M. Chen
4	Intended status: Informational                                     Z. Li
5	Expires: October 27, 2017                                         Huawei
6	                                                              G. Swallow
7	                                                            S. Sivabalan
8	                                                           Cisco Systems
9	                                                               G. Mirsky
10	                                                                Ericsson
11	                                                          April 25, 2017

13	                    Synonymous Flow Label Framework
14	                   draft-bryant-mpls-sfl-framework-04

16	Abstract

18	   draft-ietf-mpls-flow-ident describes the requirement for introducing
19	   flow identities within the MPLS architecture.  This document
20	   describes a method of accomplishing this by using a technique called
21	   Synonymous Flow Labels in which labels which mimic the behaviour of
22	   other labels provide the identification service.  These identifiers
23	   can be used to trigger per-flow operations on the on the packet at
24	   the receiving label switching router.

26	Status of This Memo

28	   This Internet-Draft is submitted in full conformance with the
29	   provisions of BCP 78 and BCP 79.

31	   Internet-Drafts are working documents of the Internet Engineering
32	   Task Force (IETF).  Note that other groups may also distribute
33	   working documents as Internet-Drafts.  The list of current Internet-
34	   Drafts is at http://datatracker.ietf.org/drafts/current/.

36	   Internet-Drafts are draft documents valid for a maximum of six months
37	   and may be updated, replaced, or obsoleted by other documents at any
38	   time.  It is inappropriate to use Internet-Drafts as reference
39	   material or to cite them other than as "work in progress."

41	   This Internet-Draft will expire on October 27, 2017.

43	Copyright Notice

45	   Copyright (c) 2017 IETF Trust and the persons identified as the
46	   document authors.  All rights reserved.

48	   This document is subject to BCP 78 and the IETF Trust's Legal
49	   Provisions Relating to IETF Documents
50	   (http://trustee.ietf.org/license-info) in effect on the date of
51	   publication of this document.  Please review these documents
52	   carefully, as they describe your rights and restrictions with respect
53	   to this document.  Code Components extracted from this document must
54	   include Simplified BSD License text as described in Section 4.e of
55	   the Trust Legal Provisions and are provided without warranty as
56	   described in the Simplified BSD License.

58	Table of Contents

60	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
61	   2.  Synonymous Flow Labels  . . . . . . . . . . . . . . . . . . .   2
62	   3.  User Service Traffic in the Data Plane  . . . . . . . . . . .   3
63	     3.1.  Applications Label Present  . . . . . . . . . . . . . . .   4
64	       3.1.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   4
65	     3.2.  Single Label Stack  . . . . . . . . . . . . . . . . . . .   4
66	       3.2.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   6
67	     3.3.  Aggregation of SFL Actions  . . . . . . . . . . . . . . .   6
68	   4.  Equal Cost Multipath Considerations . . . . . . . . . . . . .   7
69	   5.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   7
70	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
71	   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   7
72	   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
73	     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   8
74	     8.2.  Informative References  . . . . . . . . . . . . . . . . .   8
75	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   8

77	1.  Introduction

79	   [I-D.ietf-mpls-flow-ident] describes the requirement for introducing
80	   flow identities within the MPLS architecture.

82	   This document describes a method of accomplishing this by using a
83	   technique called Synonymous Flow Labels (SFL) (see (Section 2)) in
84	   which labels which mimic the behaviour of other labels provide the
85	   identification service.  These identifiers can be used to trigger
86	   per-flow operations on the packet at the receiving label switching
87	   router.

89	2.  Synonymous Flow Labels

91	   An SFL is defined to be a label that causes exactly the same
92	   behaviour at the egress Label Switching Router (LSR) as the label it
93	   replaces, but in addition also causes an agreed action to take place
94	   on the packet.  There are many possible additional actions such as
95	   the measurement of the number of received packets in a flow,
96	   triggering IPFIX inspection, triggering other types of Deep Packet
97	   Inspection, or identification of the packet source.  In, for example,
98	   a Performance Monitoring (PM) application, the agreed action could be
99	   the recording of the receipt of the packet by incrementing a packet
100	   counter.  This is a natural action in many MPLS implementations, and
101	   where supported this permits the implementation of high quality
102	   packet loss measurement without any change to the packet forwarding
103	   system.

105	   Consider an MPLS application such as a pseudowire (PW), and consider
106	   that it is desired to use the approach specified in this document to
107	   make a packet loss measurement.  By some method outside the scope of
108	   this text, two labels, synonymous with the PW labels are obtained
109	   from the egress terminating provider edge (T-PE).  By alternating
110	   between these SFLs and using them in place of the PW label, the PW
111	   packets may be batched for counting without any impact on the PW
112	   forwarding behaviour (note that strictly only one SFL is needed in
113	   this application, but that is an optimization that is a matter for
114	   the implementor).

116	   Now consider an MPLS application that is multi-point to point such as
117	   a VPN.  Here it is necessary to identify a packet batch from a
118	   specific source.  This is achieved by making the SFLs source
119	   specific, so that batches from one source are marked differently from
120	   batches from another source.  The sources all operate independently
121	   and asynchronously from each other, independently co-ordinating with
122	   the destination.  Each ingress is thus able to establish its own SFL
123	   to identify the sub-flow and thus enable PM per flow.

125	   Finally we need to consider the case where there is no MPLS
126	   application label such as occurs when sending IP over an LSP.  In
127	   this case introducing an SFL that was synonymous with the LSP label
128	   would introduce network wide forwarding state.  This would not be
129	   acceptable for scaling reasons.  We therefore have no choice but to
130	   introduce an additional label.  Where penultimate hop popping (PHP)
131	   is in use, the semantics of this additional label can be similar to
132	   the LSP label.  Where PHP is not in use, the semantics are similar to
133	   an MPLS explicit NULL.  In both of these cases the label has the
134	   additional semantics of the SFL.

136	   Note that to achieve the goals set out in Section 1 SFLs need to be
137	   allocated from the platform label table.

139	3.  User Service Traffic in the Data Plane

141	   As noted in Section 2 it is necessary to consider two cases:

143	   1.  Applications label present
144	   2.  Single label stack

146	3.1.  Applications Label Present

148	   Figure 1 shows the case in which both an LSP label and an application
149	   label are present in the MPLS label stack.  Traffic with no SFL
150	   function present runs over the "normal" stack, and SFL enabled flows
151	   run over the SFL stack with the SFL used to indicate the packet
152	   batch.

154	    +-----------------+          +-----------------+
155	    |                 |          |                 |
156	    |      LSP        |          |      LSP        | <May be PHPed
157	    |     Label       |          |     Label       |
158	    +-----------------+          +-----------------+
159	    |                 |          |                 |
160	    |  Application    |          | Synonymous Flow |
161	    |     Label       |          |     Label       |
162	    +-----------------+          +-----------------+ <= Bottom of stack
163	    |                 |          |                 |
164	    |   Payload       |          |   Payload       |
165	    |                 |          |                 |
166	    +-----------------+          +-----------------+

168	   "Normal" Label Stack         Label Stack with SFL

170	    Figure 1: Use of Synonymous Labels In A Two Label MPLS Label Stack

172	   At the egress LSR the LSP label is popped (if present).  Then the SFL
173	   is processed in exactly the same way as the corresponding application
174	   label would have been processed.

176	3.1.1.  Setting TTL and the Traffic Class Bits

178	   The TTL and the Traffic Class bits [RFC5462] in the SFL LSE would
179	   normally be set to the same value as would have been set in the label
180	   that the SFL is synonymous with.  However it is recognised that there
181	   may be an applications need to set the SFL to some other value.  An
182	   example would be where it was desired to cause the SFL to trigger an
183	   action in the TTL expiry exception path as part of the label action.

185	3.2.  Single Label Stack

187	   Figure 2 shows the case in which only an LSP label is present in the
188	   MPLS label stack.  Traffic with no SFL function present runs over the
189	   "normal" stack and SFL enabled flows run over the SFL stack with the
190	   SFL used to indicate the packet batch.  However in this case it is
191	   necessary for the ingress LSR to first push the SFL and then to push
192	   the LSP label.

194	                                 +-----------------+
195	                                 |                 |
196	                                 |      LSP        | <= May be PHPed
197	                                 |     Label       |
198	    +-----------------+          +-----------------+
199	    |                 |          |                 | <= Synonymous with
200	    |      LSP        |          | Synonymous Flow |    Explicit NULL
201	    |     Label       |          |     Label       |
202	    +-----------------+          +-----------------+ <= Bottom of stack
203	    |                 |          |                 |
204	    |   Payload       |          |   Payload       |
205	    |                 |          |                 |
206	    +-----------------+          +-----------------+

208	   "Normal" Label Stack         Label Stack with SFL

210	   Figure 2: Use of Synonymous Labels In A Single Label MPLS Label Stack

212	   At the receiving LSR it is necessary to consider two cases:

214	   1.  Where the LSP label is still present

216	   2.  Where the LSP label is penultimate hop popped

218	   If the LSP label is present, it processed exactly as it would
219	   normally processed and then it is popped.  This reveals the SFL which
220	   in the case of [RFC6374] measurements is simply counted and then
221	   discarded.  In this respect the processing of the SFL is synonymous
222	   with an Explicit NULL.  As the SFL is the bottom of stack, the IP
223	   packet that follows is processed as normal.

225	   If the LSP label is not present due to PHP action in the upstream
226	   LSR, two almost equivalent processing actions can take place.  Either
227	   the SFL can be treated as an LSP label that was not PHPed and the
228	   additional associated SFL action is taken when the label is
229	   processed.  Alternatively, it can be treated as an explicit NULL with
230	   associated SFL actions.  From the perspective of the measurement
231	   system described in this document the behaviour of two approaches are
232	   indistinguishable and thus either may be implemented.

234	3.2.1.  Setting TTL and the Traffic Class Bits

236	   The TTL and the Traffic Class considerations described in
237	   Section 3.1.1 apply.

239	3.3.  Aggregation of SFL Actions

241	   There are cases where it is desirable to aggregate an SFL action
242	   against a number of labels.  For example where it is desirable to
243	   have one counter record the number of packets received over a group
244	   of application labels, or where the number of labels used by a single
245	   application is large, and consequently the increase in the number of
246	   allocated labels needed to support the SFL actions consequently
247	   becomes too large to be viable.  In these circumstances it would be
248	   necessary to introduce an additional label in the stack to act as an
249	   aggregate instruction.  This is not strictly a synonymous action in
250	   that the SFL is not replacing a existing label, but is somewhat
251	   similar to the single label case shown in Section 3.2, and the same
252	   signalling, management and configuration tools would be applicable.

254	                                 +-----------------+
255	                                 |                 |
256	                                 |      LSP        | < May be PHPed
257	                                 |     Label       |
258	    +-----------------+          +-----------------+
259	    |                 |          |                 |
260	    |      LSP        |          |   Aggregate     |
261	    |     Label       |          |      SFL        |
262	    +-----------------+          +-----------------+
263	    |                 |          |                 |
264	    |  Application    |          |  Application    |
265	    |     Label       |          |     Label       |
266	    +-----------------+          +-----------------+ <= Bottom of stack
267	    |                 |          |                 |
268	    |   Payload       |          |   Payload       |
269	    |                 |          |                 |
270	    +-----------------+          +-----------------+

272	   "Normal" Label Stack         Label Stack with SFL

274	                      Figure 3: Aggregate SFL Actions

276	   The Aggregate SFL is shown in the label stack depicted in Figure 3 as
277	   preceding the application label, however the choice of position
278	   before, or after, the application label will be application specific.
279	   In the case described in Section 3.1, by definition the SFL has the
280	   full application context.  In this case the positioning will depend
281	   on whether the SFL action needs the full context of the application
282	   to perform its action and whether the complexity of the application
283	   will be increased by finding an SFL following the application label.

285	4.  Equal Cost Multipath Considerations

287	   The introduction to an SFL to an existing may cause that flow to take
288	   a different path through the network under conditions of Equal Cost
289	   Multipath (ECMP).  This is turn may invalidate the certain uses of
290	   the SFL such as performance measurement applications.  Where this is
291	   a problem there are two solutions worthy of consideration:

293	   1.  The operator can elect to always run with the SFL in place in the
294	       MPLS label stack.

296	   2.  The operator can elect to use [RFC6790] Entropy Labels which, in
297	       a network that fully supports this type of ECMP, results in the
298	       ECMP decision being independent of the value of the other labels
299	       in the label stack.

301	5.  Privacy Considerations

303	   Recent IETF concerns on pervasive monitoring are described in
304	   [RFC7258].  The inclusion of originating and/or flow information in a
305	   packet provides more identity information and hence potentially
306	   degrades the privacy of the communication.  Whilst the inclusion of
307	   the additional granularity does allow greater insight into the flow
308	   characteristics it does not specifically identify which node
309	   originated the packet other than by inspection of the network at the
310	   point of ingress, or inspection of the control protocol packets.
311	   This privacy threat may be mitigated by encrypting the control
312	   protocol packets, regularly changing the synonymous labels and by
313	   concurrently using a number of such labels.  Minimizing the scope of
314	   the identity indication can be useful in minimizing the observability
315	   of the flow characteristics.

317	6.  Security Considerations

319	   The issue noted in Section 5 is a security consideration.  There are
320	   no other new security issues associated with the MPLS dataplane.  Any
321	   control protocol used to request SFLs will need to ensure the
322	   legitimacy of the request.

324	7.  IANA Considerations

326	   This draft makes no IANA requests.

328	8.  References

330	8.1.  Normative References

332	   [RFC5462]  Andersson, L. and R. Asati, "Multiprotocol Label Switching
333	              (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
334	              Class" Field", RFC 5462, DOI 10.17487/RFC5462, February
335	              2009, <http://www.rfc-editor.org/info/rfc5462>.

337	8.2.  Informative References

339	   [I-D.ietf-mpls-flow-ident]
340	              Bryant, S., Pignataro, C., Chen, M., Li, Z., and G.
341	              Mirsky, "MPLS Flow Identification Considerations", draft-
342	              ietf-mpls-flow-ident-04 (work in progress), February 2017.

344	   [RFC6374]  Frost, D. and S. Bryant, "Packet Loss and Delay
345	              Measurement for MPLS Networks", RFC 6374,
346	              DOI 10.17487/RFC6374, September 2011,
347	              <http://www.rfc-editor.org/info/rfc6374>.

349	   [RFC6790]  Kompella, K., Drake, J., Amante, S., Henderickx, W., and
350	              L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
351	              RFC 6790, DOI 10.17487/RFC6790, November 2012,
352	              <http://www.rfc-editor.org/info/rfc6790>.

354	   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
355	              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
356	              2014, <http://www.rfc-editor.org/info/rfc7258>.

358	Authors' Addresses

360	   Stewart Bryant
361	   Huawei

363	   Email: stewart.bryant@gmail.com

365	   Mach Chen
366	   Huawei

368	   Email: mach.chen@huawei.com

370	   Zhenbin Li
371	   Huawei

373	   Email: lizhenbin@huawei.com
374	   George Swallow
375	   Cisco Systems

377	   Email: swallow@cisco.com

379	   Siva Sivabalan
380	   Cisco Systems

382	   Email: msiva@cisco.com

384	   Gregory Mirsky
385	   Ericsson

387	   Email: gregory.mirsky@eicsson.com