idnits 2.17.1 draft-ietf-ippm-ioam-data-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 20, 2018) is 2007 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '0' on line 640 -- Looks like a reference, but probably isn't: '1' on line 479 -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE1588v2' -- Possible downref: Non-RFC (?) normative reference: ref. 'POSIX' == Outdated reference: A later version (-09) exists of draft-ietf-ntp-packet-timestamps-04 == Outdated reference: A later version (-16) exists of draft-ietf-nvo3-geneve-08 == Outdated reference: A later version (-13) exists of draft-ietf-nvo3-vxlan-gpe-06 == Outdated reference: A later version (-07) exists of draft-spiegel-ippm-ioam-rawexport-00 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 ippm F. Brockners 3 Internet-Draft S. Bhandari 4 Intended status: Standards Track C. Pignataro 5 Expires: April 23, 2019 Cisco 6 H. Gredler 7 RtBrick Inc. 8 J. Leddy 9 Comcast 10 S. Youell 11 JPMC 12 T. Mizrahi 13 Huawei Network.IO Innovation Lab 14 D. Mozes 16 P. Lapukhov 17 Facebook 18 R. Chang 19 Barefoot Networks 20 D. Bernier 21 Bell Canada 22 J. Lemon 23 Broadcom 24 October 20, 2018 26 Data Fields for In-situ OAM 27 draft-ietf-ippm-ioam-data-04 29 Abstract 31 In-situ Operations, Administration, and Maintenance (IOAM) records 32 operational and telemetry information in the packet while the packet 33 traverses a path between two points in the network. This document 34 discusses the data fields and associated data types for in-situ OAM. 35 In-situ OAM data fields can be embedded into a variety of transports 36 such as NSH, Segment Routing, Geneve, native IPv6 (via extension 37 header), or IPv4. In-situ OAM can be used to complement OAM 38 mechanisms based on e.g. ICMP or other types of probe packets. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at https://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on April 23, 2019. 57 Copyright Notice 59 Copyright (c) 2018 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents 64 (https://trustee.ietf.org/license-info) in effect on the date of 65 publication of this document. Please review these documents 66 carefully, as they describe your rights and restrictions with respect 67 to this document. Code Components extracted from this document must 68 include Simplified BSD License text as described in Section 4.e of 69 the Trust Legal Provisions and are provided without warranty as 70 described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 76 3. Scope, Applicability, and Assumptions . . . . . . . . . . . . 4 77 4. IOAM Data Types and Formats . . . . . . . . . . . . . . . . . 5 78 4.1. IOAM Namespaces . . . . . . . . . . . . . . . . . . . . . 6 79 4.2. IOAM Tracing Options . . . . . . . . . . . . . . . . . . 8 80 4.2.1. Pre-allocated and Incremental Trace Options . . . . . 10 81 4.2.2. IOAM node data fields and associated formats . . . . 15 82 4.2.3. Examples of IOAM node data . . . . . . . . . . . . . 20 83 4.3. IOAM Proof of Transit Option . . . . . . . . . . . . . . 22 84 4.3.1. IOAM Proof of Transit Type 0 . . . . . . . . . . . . 23 85 4.4. IOAM Edge-to-Edge Option . . . . . . . . . . . . . . . . 24 86 5. Timestamp Formats . . . . . . . . . . . . . . . . . . . . . . 26 87 5.1. PTP Truncated Timestamp Format . . . . . . . . . . . . . 26 88 5.2. NTP 64-bit Timestamp Format . . . . . . . . . . . . . . . 28 89 5.3. POSIX-based Timestamp Format . . . . . . . . . . . . . . 29 90 6. IOAM Data Export . . . . . . . . . . . . . . . . . . . . . . 30 91 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 92 7.1. Creation of a new In-Situ OAM Protocol Parameters 93 Registry (IOAM) Protocol Parameters IANA registry . . . . 31 94 7.2. IOAM Type Registry . . . . . . . . . . . . . . . . . . . 31 95 7.3. IOAM Trace Type Registry . . . . . . . . . . . . . . . . 32 96 7.4. IOAM Trace Flags Registry . . . . . . . . . . . . . . . . 32 97 7.5. IOAM POT Type Registry . . . . . . . . . . . . . . . . . 33 98 7.6. IOAM POT Flags Registry . . . . . . . . . . . . . . . . . 33 99 7.7. IOAM E2E Type Registry . . . . . . . . . . . . . . . . . 33 100 7.8. IOAM Namespace-ID Registry . . . . . . . . . . . . . . . 33 101 8. Security Considerations . . . . . . . . . . . . . . . . . . . 34 102 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 35 103 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 35 104 10.1. Normative References . . . . . . . . . . . . . . . . . . 35 105 10.2. Informative References . . . . . . . . . . . . . . . . . 36 106 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 108 1. Introduction 110 This document defines data fields for "in-situ" Operations, 111 Administration, and Maintenance (IOAM). In-situ OAM records OAM 112 information within the packet while the packet traverses a particular 113 network domain. The term "in-situ" refers to the fact that the OAM 114 data is added to the data packets rather than is being sent within 115 packets specifically dedicated to OAM. IOAM is to complement 116 mechanisms such as Ping or Traceroute, or more recent active probing 117 mechanisms as described in [I-D.lapukhov-dataplane-probe]. In terms 118 of "active" or "passive" OAM, "in-situ" OAM can be considered a 119 hybrid OAM type. While no extra packets are sent, IOAM adds 120 information to the packets therefore cannot be considered passive. 121 In terms of the classification given in [RFC7799] IOAM could be 122 portrayed as Hybrid Type 1. "In-situ" mechanisms do not require 123 extra packets to be sent and hence don't change the packet traffic 124 mix within the network. IOAM mechanisms can be leveraged where 125 mechanisms using e.g. ICMP do not apply or do not offer the desired 126 results, such as proving that a certain traffic flow takes a pre- 127 defined path, SLA verification for the live data traffic, detailed 128 statistics on traffic distribution paths in networks that distribute 129 traffic across multiple paths, or scenarios in which probe traffic is 130 potentially handled differently from regular data traffic by the 131 network devices. 133 2. Conventions 135 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 136 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 137 document are to be interpreted as described in [RFC2119]. 139 Abbreviations used in this document: 141 E2E Edge to Edge 143 Geneve: Generic Network Virtualization Encapsulation 144 [I-D.ietf-nvo3-geneve] 146 IOAM: In-situ Operations, Administration, and Maintenance 148 MTU: Maximum Transmit Unit 150 NSH: Network Service Header [RFC8300] 152 OAM: Operations, Administration, and Maintenance 154 POT: Proof of Transit 156 SFC: Service Function Chain 158 SID: Segment Identifier 160 SR: Segment Routing 162 VXLAN-GPE: Virtual eXtensible Local Area Network, Generic Protocol 163 Extension [I-D.ietf-nvo3-vxlan-gpe] 165 3. Scope, Applicability, and Assumptions 167 IOAM deployment assumes a set of constraints, requirements, and 168 guiding principles which are described in this section. 170 Scope: This document defines the data fields and associated data 171 types for in-situ OAM. The in-situ OAM data field can be transported 172 by a variety of transport protocols, including NSH, Segment Routing, 173 Geneve, IPv6, or IPv4. Specification details for these different 174 transport protocols are outside the scope of this document. 176 Deployment domain (or scope) of in-situ OAM deployment: IOAM is a 177 network domain focused feature, with "network domain" being a set of 178 network devices or entities within a single administration. For 179 example, a network domain can include an enterprise campus using 180 physical connections between devices or an overlay network using 181 virtual connections / tunnels for connectivity between said devices. 182 A network domain is defined by its perimeter or edge. Designers of 183 carrier protocols for IOAM must specify mechanisms to ensure that 184 IOAM data stays within an IOAM domain. In addition, the operator of 185 such a domain is expected to put provisions in place to ensure that 186 IOAM data does not leak beyond the edge of an IOAM domain, e.g. using 187 for example packet filtering methods. The operator should consider 188 potential operational impact of IOAM to mechanisms such as ECMP 189 processing (e.g. load-balancing schemes based on packet length could 190 be impacted by the increased packet size due to IOAM), path MTU (i.e. 191 ensure that the MTU of all links within a domain is sufficiently 192 large to support the increased packet size due to IOAM) and ICMP 193 message handling (i.e. in case of a native IPv6 transport, IOAM 194 support for ICMPv6 Echo Request/Reply could desired which would 195 translate into ICMPv6 extensions to enable IOAM data fields to be 196 copied from an Echo Request message to an Echo Reply message). 198 IOAM control points: IOAM data fields are added to or removed from 199 the live user traffic by the devices which form the edge of a domain. 200 Devices within an IOAM domain can update and/or add IOAM data-fields. 201 Domain edge devices can be hosts or network devices. 203 Traffic-sets that IOAM is applied to: IOAM can be deployed on all or 204 only on subsets of the live user traffic. It SHOULD be possible to 205 enable IOAM on a selected set of traffic (e.g., per interface, based 206 on an access control list or flow specification defining a specific 207 set of traffic, etc.) The selected set of traffic can also be all 208 traffic. 210 Encapsulation independence: Data formats for IOAM SHOULD be defined 211 in a transport-independent manner. IOAM applies to a variety of 212 encapsulating protocols. A definition of how IOAM data fields are 213 carried by different transport protocols is outside the scope of this 214 document. 216 Layering: If several encapsulation protocols (e.g., in case of 217 tunneling) are stacked on top of each other, IOAM data-records could 218 be present at every layer. The behavior follows the ships-in-the- 219 night model, i.e. IOAM data in one layer is independent from IOAM 220 data in another layer. Layering allows operators to instrument the 221 protocol layer they want to measure. The different layers could, but 222 do not have to share the same IOAM encapsulation and decapsulation. 224 Combination with active OAM mechanisms: IOAM should be usable for 225 active network probing, enabling for example a customized version of 226 traceroute. Decapsulating IOAM nodes may have an ability to send the 227 IOAM information retrieved from the packet back to the source address 228 of the packet or to the encapsulating node. 230 IOAM implementation: The IOAM data-field definitions take the 231 specifics of devices with hardware data-plane and software data-plane 232 into account. 234 4. IOAM Data Types and Formats 236 This section defines IOAM data types and data fields and associated 237 data types required for IOAM. 239 To accommodate the different uses of IOAM, IOAM data fields fall into 240 different categories, e.g. edge-to-edge, per node tracing, or for 241 proof of transit. In IOAM these categories are referred to as IOAM- 242 Types. A common registry is maintained for IOAM-Types, see 243 Section 7.2 for details. Corresponding to these IOAM-Types, 244 different IOAM data fields are defined. IOAM data fields can be 245 encapsulated into a variety of protocols, such as NSH, Geneve, IPv6, 246 etc. The definition of how IOAM data fields are encapsulated into 247 other protocols is outside the scope of this document. 249 IOAM is expected to be deployed in a specific domain rather than on 250 the overall Internet. The part of the network which employs IOAM is 251 referred to as the "IOAM-domain". IOAM data is added to a packet 252 upon entering the IOAM-domain and is removed from the packet when 253 exiting the domain. Within the IOAM-domain, the IOAM data may be 254 updated by network nodes that the packet traverses. The device which 255 adds an IOAM data container to the packet to capture IOAM data is 256 called the "IOAM encapsulating node", whereas the device which 257 removes the IOAM data container is referred to as the "IOAM 258 decapsulating node". Nodes within the domain which are aware of IOAM 259 data and read and/or write or process the IOAM data are called "IOAM 260 transit nodes". IOAM nodes which add or remove the IOAM data 261 container can also update the IOAM data fields at the same time. Or 262 in other words, IOAM encapsulation or decapsulating nodes can also 263 serve as IOAM transit nodes at the same time. Note that not every 264 node in an IOAM domain needs to be an IOAM transit node. For 265 example, a Segment Routing deployment might require the segment 266 routing path to be verified. In that case, only the SR nodes would 267 also be IOAM transit nodes rather than all nodes. 269 4.1. IOAM Namespaces 271 IOAM data fields are defined within an IOAM namespace. An IOAM 272 namespace is identified by a 16-bit namespace identifier (Namespace- 273 ID). Namespace identifiers MUST be present and populated in all IOAM 274 option headers. The Namespace-ID value is divided into two sub- 275 ranges: 277 o An operator-assigned range from 0x0001 to 0x7FFF 279 o An IANA-assigned range from 0x8000 to 0xFFFF 281 The IANA-assigned range is intended to allow future extensions to 282 have new and interoperable IOAM functionality, while the operator- 283 assigned range is intended to be domain specific, and managed by the 284 network operator. The Namespace-ID value of 0x0000 is default and 285 known to all the nodes implementing IOAM. 287 Namespace identifiers allow devices which are IOAM capable to 288 determine: 290 o whether IOAM option header(s) need to be processed by a device: If 291 the Namespace-ID contained in a packet does not match any 292 Namespace-ID the node is configured to operate on, then the node 293 MUST NOT change the contents of the IOAM data fields. 295 o which IOAM option headers need to be processed/updated in case 296 there are multiple IOAM option headers present in the packet. 297 Multiple option headers can be present in a packet in case of 298 overlapping IOAM domains or in case of a layered IOAM deployment. 300 o whether IOAM option header(s) should be removed from the packet, 301 e.g. at a domain edge or domain boundary. 303 IOAM namespaces support several different uses: 305 o Namespaces can be used by an operator to distinguish different 306 operational domains. Devices at domain edges can filter on 307 Namespace-IDs to provide for proper IOAM domain isolation. 309 o Namespaces provide additional context for IOAM data fields and 310 thus ensure that IOAM data is unique. While, for example, the 311 IOAM node identifier (Node-ID) does not have to be unique in a 312 deployment, the combination of Node-ID and Namespace-ID will 313 always be unique. Similarly, namespaces can be used to define how 314 certain IOAM data fields are interpreted: IOAM offers three 315 different timestamp format options. The Namespace-ID can be used 316 to determine the timestamp format. 318 o Namespaces can be used to identify different sets of devices 319 (e.g., different types of devices) in a deployment: If an operator 320 desires to insert different IOAM data based on the device, the 321 devices could be grouped into multiple namespaces. This could be 322 due to the fact that the IOAM feature set differs between 323 different sets of devices, or it could be for reasons of optimized 324 space usage in the packet header. This could also stem from 325 hardware or operational limitations on the size of the trace data 326 that can be added and processed, preventing collection of a full 327 trace for a flow. 329 * Assigning different Namespace-IDs to different sets of nodes or 330 network partitions and using the Namespace-ID as a selector at 331 the IOAM encapsulating node, a full trace for a flow could be 332 collected and constructed via partial traces in different 333 packets of the same flow. Example: An operator could choose to 334 group the devices of a domain into two namespaces, in a way 335 that at average, only every second hop would be recorded by any 336 device. To retrieve a full view of the deployment, the 337 captured IOAM data fields of the two namespaces need to be 338 correlated. 340 * Assigning different Namespace-IDs to different sets of nodes or 341 network partitions and using a separate IOAM header for each 342 Namespace-ID, a full trace for a flow could be collected and 343 constructed via partial traces from each IOAM header in each of 344 the packets in the flow. Example: An operator could choose to 345 group the devices of a domain into two namespaces, in a way 346 that each namespace is represented by one of two IOAM headers 347 in the packet. Each node would record data only for the IOAM 348 namespace that it belongs to, ignoring the other IOAM header 349 with a namespace to which it doesn't belong. To retrieve a 350 full view of the deployment, the captured IOAM data fields of 351 the two namespaces need to be correlated. 353 4.2. IOAM Tracing Options 355 "IOAM tracing data" is expected to be collected at every node that a 356 packet traverses to ensure visibility into the entire path a packet 357 takes within an IOAM domain, i.e., in a typical deployment all nodes 358 in an in-situ OAM-domain would participate in IOAM and thus be IOAM 359 transit nodes, IOAM encapsulating or IOAM decapsulating nodes. If 360 not all nodes within a domain are IOAM capable, IOAM tracing 361 information will only be collected on those nodes which are IOAM 362 capable. Nodes which are not IOAM capable will forward the packet 363 without any changes to the IOAM data fields. The maximum number of 364 hops and the minimum path MTU of the IOAM domain is assumed to be 365 known. 367 To optimize hardware and software implementations tracing is defined 368 as two separate options. Any deployment MAY choose to configure and 369 support one or both of the following options. An implementation of 370 the transport protocol that carries these in-situ OAM data MAY choose 371 to support only one of the options. In the event that both options 372 are utilized at the same time, the Incremental Trace Option MUST be 373 placed before the Pre-allocated Trace Option. Given that the 374 operator knows which equipment is deployed in a particular IOAM, the 375 operator will decide by means of configuration which type(s) of trace 376 options will be enabled for a particular domain. 378 Pre-allocated Trace Option: This trace option is defined as a 379 container of node data fields with pre-allocated space for each 380 node to populate its information. This option is useful for 381 software implementations where it is efficient to allocate the 382 space once and index into the array to populate the data during 383 transit. The IOAM encapsulating node allocates the option header 384 and sets the fields in the option header. The in situ OAM 385 encapsulating node allocates an array which is used to store 386 operational data retrieved from every node while the packet 387 traverses the domain. IOAM transit nodes update the content of 388 the array. A pointer which is part of the IOAM trace data points 389 to the next empty slot in the array, which is where the next IOAM 390 transit node fills in its data. 392 Incremental Trace Option: This trace option is defined as a 393 container of node data fields where each node allocates and pushes 394 its node data immediately following the option header. This type 395 of trace recording is useful for some of the hardware 396 implementations as this eliminates the need for the transit 397 network elements to read the full array in the option and allows 398 for arbitrarily long packets as the MTU allows. The in-situ OAM 399 encapsulating node allocates the option header. The in-situ OAM 400 encapsulating node based on operational state and configuration 401 sets the fields in the header that control what node data fields 402 should be collected, and how large the node data list can grow. 403 The in-situ OAM transit nodes push their node data to the node 404 data list, decrease the remaining length available to subsequent 405 nodes, and adjust the lengths and possibly checksums in outer 406 headers. 408 Every node data entry is to hold information for a particular IOAM 409 transit node that is traversed by a packet. The in-situ OAM 410 decapsulating node removes the IOAM data and processes and/or exports 411 the metadata. IOAM data uses its own name-space for information such 412 as node identifier or interface identifier. This allows for a 413 domain-specific definition and interpretation. For example: In one 414 case an interface-id could point to a physical interface (e.g., to 415 understand which physical interface of an aggregated link is used 416 when receiving or transmitting a packet) whereas in another case it 417 could refer to a logical interface (e.g., in case of tunnels). 419 The following IOAM data is defined for IOAM tracing: 421 o Identification of the IOAM node. An IOAM node identifier can 422 match to a device identifier or a particular control point or 423 subsystem within a device. 425 o Identification of the interface that a packet was received on, 426 i.e. ingress interface. 428 o Identification of the interface that a packet was sent out on, 429 i.e. egress interface. 431 o Time of day when the packet was processed by the node. Different 432 definitions of processing time are feasible and expected, though 433 it is important that all devices of an in-situ OAM domain follow 434 the same definition. 436 o Generic data: Format-free information where syntax and semantic of 437 the information is defined by the operator in a specific 438 deployment. For a specific deployment, all IOAM nodes should 439 interpret the generic data the same way. Examples for generic 440 IOAM data include geo-location information (location of the node 441 at the time the packet was processed), buffer queue fill level or 442 cache fill level at the time the packet was processed, or even a 443 battery charge level. 445 o A mechanism to detect whether IOAM trace data was added at every 446 hop or whether certain hops in the domain weren't in-situ OAM 447 transit nodes. 449 The "node data list" array in the packet is populated iteratively as 450 the packet traverses the network, starting with the last entry of the 451 array, i.e., "node data list [n]" is the first entry to be populated, 452 "node data list [n-1]" is the second one, etc. 454 4.2.1. Pre-allocated and Incremental Trace Options 456 The in-situ OAM pre-allocated trace option and the in-situ OAM 457 incremental trace option have similar formats. Except where noted 458 below, the internal formats and fields of the two trace options are 459 identical. 461 Pre-allocated and incremental trace option headers: 463 0 1 2 3 464 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 465 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 466 | Namespace-ID |NodeLen | Flags | RemainingLen| 467 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 468 | IOAM-Trace-Type | Reserved | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 471 The trace option data MUST be 4-octet aligned: 473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 474 | | | 475 | node data list [0] | | 476 | | | 477 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ D 478 | | a 479 | node data list [1] | t 480 | | a 481 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 ~ ... ~ S 483 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ p 484 | | a 485 | node data list [n-1] | c 486 | | e 487 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 488 | | | 489 | node data list [n] | | 490 | | | 491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 493 Namespace-ID: 16-bit identifier of an IOAM namespace. The 494 Namespace-ID value of 0x0000 is defined as the default value and 495 MUST be known to all the nodes implementing IOAM. For any other 496 Namespace-ID value that does not match any Namespace-ID the node 497 is configured to operate on, the node MUST NOT change the contents 498 of the IOAM data fields. 500 NodeLen: 5-bit unsigned integer. This field specifies the length of 501 data added by each node in multiples of 4-octets, excluding the 502 length of the "Opaque State Snapshot" field. 504 If IOAM-Trace-Type bit 7 is not set, then NodeLen specifies the 505 actual length added by each node. If IOAM-Trace-Type bit 7 is 506 set, then the actual length added by a node would be (NodeLen + 507 Opaque Data Length). 509 For example, if 3 IOAM-Trace-Type bits are set and none of them 510 are wide, then NodeLen would be 3. If 3 IOAM-Trace-Type bits are 511 set and 2 of them are wide, then NodeLen would be 5. 513 An IOAM encapsulating node must set NodeLen. 515 A node receiving an IOAM Pre-allocated or Incremental Trace Option 516 may rely on the NodeLen value, or it may ignore the NodeLen value 517 and calculate the node length from the IOAM-Trace-Type bits. 519 Flags 4-bit field. Following flags are defined: 521 Bit 0 "Overflow" (O-bit) (most significant bit). This bit is set 522 by the network element if there is not enough number of octets 523 left to record node data, no field is added and the overflow 524 "O-bit" must be set to "1" in the header. This is useful for 525 transit nodes to ignore further processing of the option. 527 Bit 1 "Loopback" (L-bit). Loopback mode is used to send a copy 528 of a packet back towards the source. Loopback mode assumes 529 that a return path from transit nodes and destination nodes 530 towards the source exists. The encapsulating node decides 531 (e.g. using a filter) which packets loopback mode is enabled 532 for by setting the loopback bit. The encapsulating node also 533 needs to ensure that sufficient space is available in the IOAM 534 header for loopback operation. The loopback bit when set 535 indicates to the transit nodes processing this option to create 536 a copy of the packet received and send this copy of the packet 537 back to the source of the packet while it continues to forward 538 the original packet towards the destination. The source 539 address of the original packet is used as destination address 540 in the copied packet. The address of the node performing the 541 copy operation is used as the source address. The L-bit MUST 542 be cleared in the copy of the packet that a node sends back 543 towards the source. On its way back towards the source, the 544 packet is processed like a regular packet with IOAM 545 information. Once the return packet reaches the IOAM domain 546 boundary IOAM decapsulation occurs as with any other packet 547 containing IOAM information. 549 Bit 2-3 Reserved: Must be zero. 551 RemainingLen: 7-bit unsigned integer. This field specifies the data 552 space in multiples of 4-octets remaining for recording the node 553 data, before the node data list is considered to have overflowed. 555 When RemainingLen reaches 0, nodes are no longer allowed to add 556 node data. Given that the sender knows the minimum path MTU, the 557 sender MAY set the initial value of RemainingLen according to the 558 number of node data bytes allowed before exceeding the MTU. 559 Subsequent nodes can carry out a simple comparison between 560 RemainingLen and NodeLen, along with the length of the "Opaque 561 State Snapshot" if applicable, to determine whether or not data 562 can be added by this node. When node data is added, the node MUST 563 decrease RemainingLen by the amount of data added. In the pre- 564 allocated trace option, this is used as an offset in data space to 565 record the node data element. 567 IOAM-Trace-Type: A 16-bit identifier which specifies which data 568 types are used in this node data list. 570 The IOAM-Trace-Type value is a bit field. The following bit 571 fields are defined in this document, with details on each field 572 described in the Section 4.2.2. The order of packing the data 573 fields in each node data element follows the bit order of the 574 IOAM-Trace-Type field, as follows: 576 Bit 0 (Most significant bit) When set indicates presence of 577 Hop_Lim and node_id in the node data. 579 Bit 1 When set indicates presence of ingress_if_id and 580 egress_if_id (short format) in the node data. 582 Bit 2 When set indicates presence of timestamp seconds in the 583 node data. 585 Bit 3 When set indicates presence of timestamp subseconds in 586 the node data. 588 Bit 4 When set indicates presence of transit delay in the node 589 data. 591 Bit 5 When set indicates presence of namespace specific data 592 (short format) in the node data. 594 Bit 6 When set indicates presence of queue depth in the node 595 data. 597 Bit 7 When set indicates presence of variable length Opaque 598 State Snapshot field. 600 Bit 8 When set indicates presence of Hop_Lim and node_id in 601 wide format in the node data. 603 Bit 9 When set indicates presence of ingress_if_id and 604 egress_if_id in wide format in the node data. 606 Bit 10 When set indicates presence of namespace specific data in 607 wide format in the node data. 609 Bit 11 When set indicates presence of buffer occupancy in the 610 node data. 612 Bit 12-22 Undefined. An IOAM encapsulating node must set the 613 value of each of these bits to 0. If an IOAM transit 614 node receives a packet with one or more of these bits set 615 to 1, it must either: 617 1. Add corresponding node data filled with the reserved 618 value 0xFFFFFFFF, after the node data fields for the 619 IOAM-Trace-Type bits defined above, such that the 620 total node data added by this node in units of 621 4-octets is equal to NodeLen, or 623 2. Not add any node data fields to the packet, even for 624 the IOAM-Trace-Type bits defined above. 626 Bit 23 When set indicates presence of the Checksum Complement 627 node data. 629 Section 4.2.2 describes the IOAM data types and their formats. 630 Within an in-situ OAM domain possible combinations of these bits 631 making the IOAM-Trace-Type can be restricted by configuration 632 knobs. 634 Reserved: 8-bits. Must be zero. 636 Node data List [n]: Variable-length field. The type of which is 637 determined by the IOAM-Trace-Type bit representing the n-th node 638 data in the node data list. The node data list is encoded 639 starting from the last node data of the path. The first element 640 of the node data list (node data list [0]) contains the last node 641 of the path while the last node data of the node data list (node 642 data list[n]) contains the first node data of the path traced. In 643 the pre-allocated trace option, the index contained in 644 RemainingLen identifies the offset for current active node data to 645 be populated. 647 4.2.2. IOAM node data fields and associated formats 649 All the data fields MUST be 4-octet aligned. If a node which is 650 supposed to update an IOAM data field is not capable of populating 651 the value of a field set in the IOAM-Trace-Type, the field value MUST 652 be set to 0xFFFFFFFF for 4-octet fields or 0xFFFFFFFFFFFFFFFF for 653 8-octet fields, indicating that the value is not populated, except 654 when explicitly specified in the field description below. 656 Data field and associated data type for each of the data field is 657 shown below: 659 Hop_Lim and node_id: 4-octet field defined as follows: 661 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 662 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 663 | Hop_Lim | node_id | 664 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 666 Hop_Lim: 1-octet unsigned integer. It is set to the Hop Limit 667 value in the packet at the node that records this data. Hop 668 Limit information is used to identify the location of the node 669 in the communication path. This is copied from the lower 670 layer, e.g., TTL value in IPv4 header or hop limit field from 671 IPv6 header of the packet when the packet is ready for 672 transmission. The semantics of the Hop_Lim field depend on the 673 lower layer protocol that IOAM is encapsulated over, and 674 therefore its specific semantics are outside the scope of this 675 memo. 677 node_id: 3-octet unsigned integer. Node identifier field to 678 uniquely identify a node within in-situ OAM domain. The 679 procedure to allocate, manage and map the node_ids is beyond 680 the scope of this document. 682 ingress_if_id and egress_if_id: 4-octet field defined as follows: 684 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 685 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 686 | ingress_if_id | egress_if_id | 687 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 689 ingress_if_id: 2-octet unsigned integer. Interface identifier to 690 record the ingress interface the packet was received on. 692 egress_if_id: 2-octet unsigned integer. Interface identifier to 693 record the egress interface the packet is forwarded out of. 695 timestamp seconds: 4-octet unsigned integer. Absolute timestamp in 696 seconds that specifies the time at which the packet was received 697 by the node. This field has three possible formats; based on 698 either PTP [IEEE1588v2], NTP [RFC5905], or POSIX [POSIX]. The 699 three timestamp formats are specified in Section 5. In all three 700 cases, the Timestamp Seconds field contains the 32 most 701 significant bits of the timestamp format that is specified in 702 Section 5. If a node is not capable of populating this field, it 703 assigns the value 0xFFFFFFFF. Note that this is a legitimate 704 value that is valid for 1 second in approximately 136 years; the 705 analyzer should correlate several packets or compare the timestamp 706 value to its own time-of-day in order to detect the error 707 indication. 709 timestamp subseconds: 4-octet unsigned integer. Absolute timestamp 710 in subseconds that specifies the time at which the packet was 711 received by the node. This field has three possible formats; 712 based on either PTP [IEEE1588v2], NTP [RFC5905], or POSIX [POSIX]. 713 The three timestamp formats are specified in Section 5. In all 714 three cases, the Timestamp Subseconds field contains the 32 least 715 significant bits of the timestamp format that is specified in 716 Section 5. If a node is not capable of populating this field, it 717 assigns the value 0xFFFFFFFF. Note that this is a legitimate 718 value in the NTP format, valid for approximately 233 picoseconds 719 in every second. If the NTP format is used the analyzer should 720 correlate several packets in order to detect the error indication. 722 transit delay: 4-octet unsigned integer in the range 0 to 2^31-1. 723 It is the time in nanoseconds the packet spent in the transit 724 node. This can serve as an indication of the queuing delay at the 725 node. If the transit delay exceeds 2^31-1 nanoseconds then the 726 top bit 'O' is set to indicate overflow and value set to 727 0x80000000. When this field is part of the data field but a node 728 populating the field is not able to fill it, the field position in 729 the field must be filled with value 0xFFFFFFFF to mean not 730 populated. 732 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 733 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 734 |O| transit delay | 735 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 737 namespace specific data: 4-octet field which can be used by the node 738 to add namespace specific data. This represents a "free-format" 739 4-octet bit field with its semantics defined in the context of a 740 specific namespace. 742 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 743 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 744 | namespace specific data | 745 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 747 queue depth: 4-octet unsigned integer field. This field indicates 748 the current length of the egress interface queue of the interface 749 from where the packet is forwarded out. The queue depth is 750 expressed as the current number of memory buffers used by the 751 queue (a packet may consume one or more memory buffers, depending 752 on its size). 754 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 755 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 756 | queue depth | 757 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 759 Opaque State Snapshot: Variable length field. It allows the network 760 element to store an arbitrary state in the node data field, 761 without a pre-defined schema. The schema is to be defined within 762 the context of a namespace. The schema needs to be made known to 763 the analyzer by some out-of-band mechanism. The specification of 764 this mechanism is beyond the scope of this document. A 24-bit 765 "Schema Id" field, interpreted within the context of a namespace, 766 indicates which particular schema is used, and should be 767 configured on the network element by the operator. 769 0 1 2 3 770 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 771 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 772 | Length | Schema ID | 773 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 774 | | 775 | | 776 | Opaque data | 777 ~ ~ 778 . . 779 . . 780 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 782 Length: 1-octet unsigned integer. It is the length in multiples 783 of 4-octets of the Opaque data field that follows Schema Id. 785 Schema ID: 3-octet unsigned integer identifying the schema of 786 Opaque data. 788 Opaque data: Variable length field. This field is interpreted as 789 specified by the schema identified by the Schema ID. 791 When this field is part of the data field but a node populating 792 the field has no opaque state data to report, the Length must be 793 set to 0 and the Schema ID must be set to 0xFFFFFF to mean no 794 schema. 796 Hop_Lim and node_id wide: 8-octet field defined as follows: 798 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 799 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 800 | Hop_Lim | node_id ~ 801 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 802 ~ node_id (contd) | 803 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 805 Hop_Lim: 1-octet unsigned integer. It is set to the Hop Limit 806 value in the packet at the node that records this data. Hop 807 Limit information is used to identify the location of the node 808 in the communication path. This is copied from the lower layer 809 for e.g. TTL value in IPv4 header or hop limit field from IPv6 810 header of the packet. The semantics of the Hop_Lim field 811 depend on the lower layer protocol that IOAM is encapsulated 812 over, and therefore its specific semantics are outside the 813 scope of this memo. 815 node_id: 7-octet unsigned integer. Node identifier field to 816 uniquely identify a node within in-situ OAM domain. The 817 procedure to allocate, manage and map the node_ids is beyond 818 the scope of this document. 820 ingress_if_id and egress_if_id wide: 8-octet field defined as 821 follows: 823 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 824 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 825 | ingress_if_id | 826 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 827 | egress_if_id | 828 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 830 ingress_if_id: 4-octet unsigned integer. Interface identifier to 831 record the ingress interface the packet was received on. 833 egress_if_id: 4-octet unsigned integer. Interface identifier to 834 record the egress interface the packet is forwarded out of. 836 namespace specific data wide: 8-octet field which can be used by the 837 node to add namespace specific data. This represents a "free- 838 format" 8-octet bit field with its semantics defined in the 839 context of a specific namespace. 841 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 842 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 843 | namespace specific data ~ 844 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 845 ~ namespace specific data (contd) | 846 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 848 buffer occupancy: 4-octet unsigned integer field. This field 849 indicates the current status of the buffer occupancy. The buffer 850 occupancy is expressed as the current number of memory buffers 851 used by the set of queues that share a common buffer pool. 853 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 854 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 855 | buffer occupancy | 856 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 858 Checksum Complement: 4-octet node data which contains a two-octet 859 Checksum Complement field, and a 2-octet reserved field. The 860 Checksum Complement is useful when IOAM is transported over 861 encapsulations that make use of a UDP transport, such as VXLAN-GPE 862 or Geneve. Without the Checksum Complement, nodes adding IOAM 863 node data must update the UDP Checksum field. When the Checksum 864 Complement is present, an IOAM encapsulating node or IOAM transit 865 node adding node data MUST carry out one of the following two 866 alternatives in order to maintain the correctness of the UDP 867 Checksum value: 869 1. Recompute the UDP Checksum field. 871 2. Use the Checksum Complement to make a checksum-neutral update 872 in the UDP payload; the Checksum Complement is assigned a 873 value that complements the rest of the node data fields that 874 were added by the current node, causing the existing UDP 875 Checksum field to remain correct. 877 IOAM decapsulating nodes MUST recompute the UDP Checksum field, 878 since they do not know whether previous hops modified the UDP 879 Checksum field or the Checksum Complement field. 881 Checksum Complement fields are used in a similar manner in 882 [RFC7820] and [RFC7821]. 884 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 885 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 886 | Checksum Complement | Reserved | 887 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 889 4.2.3. Examples of IOAM node data 891 An entry in the "node data list" array can have different formats, 892 following the needs of the deployment. Some deployments might only 893 be interested in recording the node identifiers, whereas others might 894 be interested in recording node identifier and timestamp. The 895 section defines different types that an entry in "node data list" can 896 take. 898 0xD400: IOAM-Trace-Type is 0xD400 then the format of node data is: 900 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 902 | Hop_Lim | node_id | 903 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 904 | ingress_if_id | egress_if_id | 905 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 | timestamp subseconds | 907 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 908 | namespace specific data | 909 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 911 0xC000: IOAM-Trace-Type is 0xC000 then the format is: 913 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 914 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 915 | Hop_Lim | node_id | 916 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 917 | ingress_if_id | egress_if_id | 918 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 920 0x9000: IOAM-Trace-Type is 0x9000 then the format is: 922 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 923 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 924 | Hop_Lim | node_id | 925 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 926 | timestamp subseconds | 927 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 929 0x8400: IOAM-Trace-Type is 0x8400 then the format is: 931 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 932 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 933 | Hop_Lim | node_id | 934 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 935 | namespace specific data | 936 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 938 0x9400: IOAM-Trace-Type is 0x9400 then the format is: 940 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 941 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 942 | Hop_Lim | node_id | 943 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 944 | timestamp subseconds | 945 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 946 | namespace specific data | 947 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 949 0x3180: IOAM-Trace-Type is 0x3180 then the format is: 951 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 952 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 953 | timestamp seconds | 954 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 955 | timestamp subseconds | 956 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 957 | Length | Schema Id | 958 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 959 | | 960 | | 961 | Opaque data | 962 ~ ~ 963 . . 964 . . 965 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 966 | Hop_Lim | node_id | 967 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 968 | node_id(contd) | 969 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 971 4.3. IOAM Proof of Transit Option 973 IOAM Proof of Transit data is to support the path or service function 974 chain [RFC7665] verification use cases. Proof-of-transit uses 975 methods like nested hashing or nested encryption of the IOAM data or 976 mechanisms such as Shamir's Secret Sharing Schema (SSSS). While 977 details on how the IOAM data for the proof of transit option is 978 processed at IOAM encapsulating, decapsulating and transit nodes are 979 outside the scope of the document, all of these approaches share the 980 need to uniquely identify a packet as well as iteratively operate on 981 a set of information that is handed from node to node. 982 Correspondingly, two pieces of information are added as IOAM data to 983 the packet: 985 o Random: Unique identifier for the packet (e.g., 64-bits allow for 986 the unique identification of 2^64 packets). 988 o Cumulative: Information which is handed from node to node and 989 updated by every node according to a verification algorithm. 991 IOAM proof of transit option: 993 IOAM proof of transit option header: 995 0 1 2 3 996 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 997 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 998 | Namespace-ID |IOAM POT Type | IOAM POT flags| 999 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1001 IOAM proof of transit option data MUST be 4-octet aligned.: 1003 0 1 2 3 1004 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1005 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1006 | POT Option data field determined by IOAM-POT-Type | 1007 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1009 Namespace-ID: 16-bit identifier of an IOAM namespace. The 1010 Namespace-ID value of 0x0000 is defined as the default value and 1011 MUST be known to all the nodes implementing IOAM. For any other 1012 Namespace-ID value that does not match any Namespace-ID the node 1013 is configured to operate on, the node MUST NOT change the contents 1014 of the IOAM data fields. 1016 IOAM POT Type: 8-bit identifier of a particular POT variant that 1017 specifies the POT data that is included. This document defines 1018 POT Type 0: 1020 0: POT data is a 16 Octet field as described below. 1022 IOAM POT flags: 8-bit. Following flags are defined: 1024 Bit 0 "Profile-to-use" (P-bit) (most significant bit). For IOAM 1025 POT types that use a maximum of two profiles to drive 1026 computation, indicates which POT-profile is used. The two 1027 profiles are numbered 0, 1. 1029 Bit 1-7 Reserved: Must be set to zero upon transmission and 1030 ignored upon receipt. 1032 POT Option data: Variable-length field. The type of which is 1033 determined by the IOAM-POT-Type. 1035 4.3.1. IOAM Proof of Transit Type 0 1037 IOAM proof of transit option of IOAM POT Type 0: 1039 0 1 2 3 1040 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1041 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1042 | Namespace-ID |IOAM POT Type=0|P|R R R R R R R| 1043 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 1044 | Random | | 1045 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P 1046 | Random(contd) | O 1047 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T 1048 | Cumulative | | 1049 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 1050 | Cumulative (contd) | | 1051 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 1053 Namespace-ID: 16-bit identifier of an IOAM namespace. The 1054 Namespace-ID value of 0x0000 is defined as the default value and 1055 MUST be known to all the nodes implementing IOAM. For any other 1056 Namespace-ID value that does not match any Namespace-ID the node 1057 is configured to operate on, the node MUST NOT change the contents 1058 of the IOAM data fields. 1060 IOAM POT Type: 8-bit identifier of a particular POT variant that 1061 specifies the POT data that is included. This section defines the 1062 POT data when the IOAM POT Type is set to the value 0. 1064 P bit: 1-bit. "Profile-to-use" (P-bit) (most significant bit). 1065 Indicates which POT-profile is used to generate the Cumulative. 1066 Any node participating in POT will have a maximum of 2 profiles 1067 configured that drive the computation of cumulative. The two 1068 profiles are numbered 0, 1. This bit conveys whether profile 0 or 1069 profile 1 is used to compute the Cumulative. 1071 R (7 bits): 7-bit IOAM POT flags for future use. MUST be set to 1072 zero upon transmission and ignored upon receipt. 1074 Random: 64-bit Per packet Random number. 1076 Cumulative: 64-bit Cumulative that is updated at specific nodes by 1077 processing per packet Random number field and configured 1078 parameters. 1080 Note: Larger or smaller sizes of "Random" and "Cumulative" data are 1081 feasible and could be required for certain deployments (e.g. in case 1082 of space constraints in the transport protocol used). Future 1083 versions of this document will address different sizes of data for 1084 "proof of transit". 1086 4.4. IOAM Edge-to-Edge Option 1088 The IOAM edge-to-edge option is to carry data that is added by the 1089 IOAM encapsulating node and interpreted by IOAM decapsulating node. 1090 The IOAM transit nodes MAY process the data without modifying it. 1092 IOAM edge-to-edge option: 1094 IOAM edge-to-edge option header: 1096 0 1 2 3 1097 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1098 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1099 | Namespace-ID | IOAM-E2E-Type | 1100 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1102 IOAM edge-to-edge option data MUST be 4-octet aligned: 1104 0 1 2 3 1105 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1106 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1107 | E2E Option data field determined by IOAM-E2E-Type | 1108 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1110 Namespace-ID: 16-bit identifier of an IOAM namespace. The 1111 Namespace-ID value of 0x0000 is defined as the default value and 1112 MUST be known to all the nodes implementing IOAM. For any other 1113 Namespace-ID value that does not match any Namespace-ID the node 1114 is configured to operate on, then the node MUST NOT change the 1115 contents of the IOAM data fields. 1117 IOAM-E2E-Type: A 16-bit identifier which specifies which data types 1118 are used in the E2E option data. The IOAM-E2E-Type value is a bit 1119 field. The order of packing the E2E option data field elements 1120 follows the bit order of the IOAM-E2E-Type field, as follows: 1122 Bit 0 (Most significant bit) When set indicates presence of a 1123 64-bit sequence number added to a specific tube which is 1124 used to detect packet loss, packet reordering, or packet 1125 duplication for that tube. Each tube leverages a 1126 dedicated namespace for its sequence numbers. 1128 Bit 1 When set indicates presence of a 32-bit sequence number 1129 added to a specific tube which is used to detect packet 1130 loss, packet reordering, or packet duplication for that 1131 tube. Each tube leverages a dedicated namespace for its 1132 sequence numbers. 1134 Bit 2 When set indicates presence of timestamp seconds for the 1135 transmission of the frame. This 4-octet field has three 1136 possible formats; based on either PTP [IEEE1588v2], NTP 1137 [RFC5905], or POSIX [POSIX]. The three timestamp formats 1138 are specified in Section 5. In all three cases, the 1139 Timestamp Seconds field contains the 32 most significant 1140 bits of the timestamp format that is specified in 1141 Section 5. If a node is not capable of populating this 1142 field, it assigns the value 0xFFFFFFFF. Note that this 1143 is a legitimate value that is valid for 1 second in 1144 approximately 136 years; the analyzer should correlate 1145 several packets or compare the timestamp value to its own 1146 time-of-day in order to detect the error indication. 1148 Bit 3 When set indicates presence of timestamp subseconds for 1149 the transmission of the frame. This 4-octet field has 1150 three possible formats; based on either PTP [IEEE1588v2], 1151 NTP [RFC5905], or POSIX [POSIX]. The three timestamp 1152 formats are specified in Section 5. In all three cases, 1153 the Timestamp Subseconds field contains the 32 least 1154 significant bits of the timestamp format that is 1155 specified in Section 5. If a node is not capable of 1156 populating this field, it assigns the value 0xFFFFFFFF. 1157 Note that this is a legitimate value in the NTP format, 1158 valid for approximately 233 picoseconds in every second. 1159 If the NTP format is used the analyzer should correlate 1160 several packets in order to detect the error indication. 1162 Bit 4-15 Undefined. An IOAM encapsulating node Must set the value 1163 of these bits to zero upon transmission and ignore upon 1164 receipt. 1166 E2E Option data: Variable-length field. The type of which is 1167 determined by the IOAM-E2E-Type. 1169 5. Timestamp Formats 1171 The IOAM data fields include a timestamp field which is represented 1172 in one of three possible timestamp formats. It is assumed that the 1173 management plane is responsible for determining which timestamp 1174 format is used. 1176 5.1. PTP Truncated Timestamp Format 1178 The Precision Time Protocol (PTP) [IEEE1588v2] uses an 80-bit 1179 timestamp format. The truncated timestamp format is a 64-bit field, 1180 which is the 64 least significant bits of the 80-bit PTP timestamp. 1181 The PTP truncated format is specified in Section 4.3 of 1182 [I-D.ietf-ntp-packet-timestamps], and the details are presented below 1183 for the sake of completeness. 1185 0 1 2 3 1186 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1188 | Seconds | 1189 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1190 | Nanoseconds | 1191 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1193 Figure 1: PTP [IEEE1588v2] Truncated Timestamp Format 1195 Timestamp field format: 1197 Seconds: specifies the integer portion of the number of seconds 1198 since the epoch. 1200 + Size: 32 bits. 1202 + Units: seconds. 1204 Nanoseconds: specifies the fractional portion of the number of 1205 seconds since the epoch. 1207 + Size: 32 bits. 1209 + Units: nanoseconds. The value of this field is in the range 0 1210 to (10^9)-1. 1212 Epoch: 1214 The PTP [IEEE1588v2] epoch is 1 January 1970 00:00:00 TAI, which 1215 is 31 December 1969 23:59:51.999918 UTC. 1217 Resolution: 1219 The resolution is 1 nanosecond. 1221 Wraparound: 1223 This time format wraps around every 2^32 seconds, which is roughly 1224 136 years. The next wraparound will occur in the year 2106. 1226 Synchronization Aspects: 1228 It is assumed that nodes that run this protocol are synchronized 1229 among themselves. Nodes may be synchronized to a global reference 1230 time. Note that if PTP [IEEE1588v2] is used for synchronization, 1231 the timestamp may be derived from the PTP-synchronized clock, 1232 allowing the timestamp to be measured with respect to the clock of 1233 an PTP Grandmaster clock. 1235 The PTP truncated timestamp format is not affected by leap 1236 seconds. 1238 5.2. NTP 64-bit Timestamp Format 1240 The Network Time Protocol (NTP) [RFC5905] timestamp format is 64 bits 1241 long. This format is specified in Section 4.2.1 of 1242 [I-D.ietf-ntp-packet-timestamps], and the details are presented below 1243 for the sake of completeness. 1245 0 1 2 3 1246 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1247 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1248 | Seconds | 1249 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1250 | Fraction | 1251 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1253 Figure 2: NTP [RFC5905] 64-bit Timestamp Format 1255 Timestamp field format: 1257 Seconds: specifies the integer portion of the number of seconds 1258 since the epoch. 1260 + Size: 32 bits. 1262 + Units: seconds. 1264 Fraction: specifies the fractional portion of the number of 1265 seconds since the epoch. 1267 + Size: 32 bits. 1269 + Units: the unit is 2^(-32) seconds, which is roughly equal to 1270 233 picoseconds. 1272 Epoch: 1274 The epoch is 1 January 1900 at 00:00 UTC. 1276 Resolution: 1278 The resolution is 2^(-32) seconds. 1280 Wraparound: 1282 This time format wraps around every 2^32 seconds, which is roughly 1283 136 years. The next wraparound will occur in the year 2036. 1285 Synchronization Aspects: 1287 Nodes that use this timestamp format will typically be 1288 synchronized to UTC using NTP [RFC5905]. Thus, the timestamp may 1289 be derived from the NTP-synchronized clock, allowing the timestamp 1290 to be measured with respect to the clock of an NTP server. 1292 The NTP timestamp format is affected by leap seconds; it 1293 represents the number of seconds since the epoch minus the number 1294 of leap seconds that have occurred since the epoch. The value of 1295 a timestamp during or slightly after a leap second may be 1296 temporarily inaccurate. 1298 5.3. POSIX-based Timestamp Format 1300 This timestamp format is based on the POSIX time format [POSIX]. The 1301 detailed specification of the timestamp format used in this document 1302 is presented below. 1304 0 1 2 3 1305 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1307 | Seconds | 1308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1309 | Microseconds | 1310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1312 Figure 3: POSIX-based Timestamp Format 1314 Timestamp field format: 1316 Seconds: specifies the integer portion of the number of seconds 1317 since the epoch. 1319 + Size: 32 bits. 1321 + Units: seconds. 1323 Microseconds: specifies the fractional portion of the number of 1324 seconds since the epoch. 1326 + Size: 32 bits. 1328 + Units: the unit is microseconds. The value of this field is in 1329 the range 0 to (10^6)-1. 1331 Epoch: 1333 The epoch is 1 January 1970 00:00:00 TAI, which is 31 December 1334 1969 23:59:51.999918 UTC. 1336 Resolution: 1338 The resolution is 1 microsecond. 1340 Wraparound: 1342 This time format wraps around every 2^32 seconds, which is roughly 1343 136 years. The next wraparound will occur in the year 2106. 1345 Synchronization Aspects: 1347 It is assumed that nodes that use this timestamp format run Linux 1348 operating system, and hence use the POSIX time. In some cases 1349 nodes may be synchronized to UTC using a synchronization mechanism 1350 that is outside the scope of this document, such as NTP [RFC5905]. 1351 Thus, the timestamp may be derived from the NTP-synchronized 1352 clock, allowing the timestamp to be measured with respect to the 1353 clock of an NTP server. 1355 The POSIX-based timestamp format is affected by leap seconds; it 1356 represents the number of seconds since the epoch minus the number 1357 of leap seconds that have occurred since the epoch. The value of 1358 a timestamp during or slightly after a leap second may be 1359 temporarily inaccurate. 1361 6. IOAM Data Export 1363 IOAM nodes collect information for packets traversing a domain that 1364 supports IOAM. IOAM decapsulating nodes as well as IOAM transit 1365 nodes can choose to retrieve IOAM information from the packet, 1366 process the information further and export the information using 1367 e.g., IPFIX. 1369 Raw data export of IOAM data using IPFIX is discussed in 1370 [I-D.spiegel-ippm-ioam-rawexport]. 1372 7. IANA Considerations 1374 This document requests the following IANA Actions. 1376 7.1. Creation of a new In-Situ OAM Protocol Parameters Registry (IOAM) 1377 Protocol Parameters IANA registry 1379 IANA is requested to create a new protocol registry for "In-Situ OAM 1380 (IOAM) Protocol Parameters". This is the common registry that will 1381 include registrations for all IOAM namespaces. Each Registry, whose 1382 names are listed below: 1384 IOAM Type 1386 IOAM Trace Type 1388 IOAM Trace flags 1390 IOAM POT Type 1392 IOAM POT flags 1394 IOAM E2E Type 1396 IOAM Namespace-ID 1398 will contain the current set of possibilities defined in this 1399 document. New registries in this name space are created via RFC 1400 Required process as per [RFC8126]. 1402 The subsequent sub-sections detail the registries herein contained. 1404 7.2. IOAM Type Registry 1406 This registry defines 128 code points for the IOAM-Type field for 1407 identifying IOAM options as explained in Section 4. The following 1408 code points are defined in this draft: 1410 0 IOAM Pre-allocated Trace Option Type 1412 1 IOAM Incremental Trace Option Type 1414 2 IOAM POT Option Type 1416 3 IOAM E2E Option Type 1418 4 - 127 are available for assignment via RFC Required process as per 1419 [RFC8126]. 1421 7.3. IOAM Trace Type Registry 1423 This registry defines code point for each bit in the 16-bit IOAM- 1424 Trace-Type field for Pre-allocated trace option and Incremental trace 1425 option defined in Section 4.2. The meaning of Bits 0 - 11 for trace 1426 type are defined in this document in Paragraph 5 of Section 4.2.1: 1428 Bit 0 hop_Lim and node_id in short format 1430 Bit 1 ingress_if_id and egress_if_id in short format 1432 Bit 2 timestamp seconds 1434 Bit 3 timestamp subseconds 1436 Bit 4 transit delay 1438 Bit 5 namespace specific data in short format 1440 Bit 6 queue depth 1442 Bit 7 variable length Opaque State Snapshot 1444 Bit 8 hop_Lim and node_id in wide format 1446 Bit 9 ingress_if_id and egress_if_id in wide format 1448 Bit 10 namespace specific data in wide format 1450 Bit 11 buffer occupancy 1452 Bit 23 checksum complement 1454 The meaning for Bits 12 - 22 are available for assignment via RFC 1455 Required process as per [RFC8126]. 1457 7.4. IOAM Trace Flags Registry 1459 This registry defines code points for each bit in the 4 bit flags for 1460 Pre-allocated trace option and Incremental trace option defined in 1461 Section 4.2. The meaning of Bit 0 - 1 for trace flags are defined in 1462 this document in Paragraph 3 of Section 4.2.1: 1464 Bit 0 "Overflow" (O-bit) 1466 Bit 1 "Loopback" (L-bit) 1467 The meaning for Bits 2 - 3 are available for assignment via RFC 1468 Required process as per [RFC8126]. 1470 7.5. IOAM POT Type Registry 1472 This registry defines 256 code points to define IOAM POT Type for 1473 IOAM proof of transit option Section 4.3. The code point value 0 is 1474 defined in this document: 1476 0: 16 Octet POT data 1478 1 - 255 are available for assignment via RFC Required process as per 1479 [RFC8126]. 1481 7.6. IOAM POT Flags Registry 1483 This registry defines code points for each bit in the 8 bit flags for 1484 IOAM POT option defined in Section 4.3. The meaning of Bit 0 for 1485 IOAM POT flags is defined in this document in Section 4.3: 1487 Bit 0 "Profile-to-use" (P-bit) 1489 The meaning for Bits 1 - 7 are available for assignment via RFC 1490 Required process as per [RFC8126]. 1492 7.7. IOAM E2E Type Registry 1494 This registry defines code points for each bit in the 16 bit IOAM- 1495 E2E-Type field for IOAM E2E option Section 4.4. The meaning of Bit 0 1496 - 3 are defined in this document: 1498 Bit 0 64-bit sequence number 1500 Bit 1 32-bit sequence number 1502 Bit 2 timestamp seconds 1504 Bit 3 timestamp subseconds 1506 The meaning of Bits 4 - 15 are available for assignment via RFC 1507 Required process as per [RFC8126]. 1509 7.8. IOAM Namespace-ID Registry 1511 IANA is requested to set up an "IOAM Namespace-ID Registry", 1512 containing 16-bit values. The meaning of Bit 0 is defined in this 1513 document. IANA is requested to reserve the values 0x0001 to 0x7FFF 1514 for private use (managed by operators), as specified in Section 4.1 1515 of the current document. Registry entries for the values 0x8000 to 1516 0xFFFF are to be assigned via the "Expert Review" policy defined in 1517 [RFC8126]. 1519 0: default namespace (known to all IOAM nodes) 1521 0x0001 - 0x7FFF: reserved for private use 1523 0x8000 - 0xFFFF: unassigned 1525 8. Security Considerations 1527 As discussed in [RFC7276], a successful attack on an OAM protocol in 1528 general, and specifically on IOAM, can prevent the detection of 1529 failures or anomalies, or create a false illusion of nonexistent 1530 ones. 1532 The Proof of Transit option (Section Section 4.3) is used for 1533 verifying the path of data packets. The security considerations of 1534 POT are further discussed in [I-D.brockners-proof-of-transit]. 1536 The data elements of IOAM can be used for network reconnaissance, 1537 allowing attackers to collect information about network paths, 1538 performance, queue states, buffer occupancy and other information. 1540 IOAM can be used as a means for implementing Denial of Service (DoS) 1541 attacks, or for amplifying them. For example, a malicious attacker 1542 can add an IOAM header to packets in order to consume the resources 1543 of network devices that take part in IOAM or collectors that analyze 1544 the IOAM data. Another example is a packet length attack, in which 1545 an attacker pushes IOAM headers into data packets, causing these 1546 packets to be increased beyond the MTU size, resulting in 1547 fragmentation or in packet drops. 1549 Since IOAM options may include timestamps, if network devices use 1550 synchronization protocols then any attack on the time protocol 1551 [RFC7384] can compromise the integrity of the timestamp-related data 1552 fields. 1554 At the management plane, attacks may be implemented by misconfiguring 1555 or by maliciously configuring IOAM-enabled nodes in a way that 1556 enables other attacks. Thus, IOAM configuration should be secured in 1557 a way that authenticates authorized users and verifies the integrity 1558 of configuration procedures. 1560 Notably, IOAM is expected to be deployed in specific network domains, 1561 thus confining the potential attack vectors to within the network 1562 domain. Indeed, in order to limit the scope of threats to within the 1563 current network domain the network operator is expected to enforce 1564 policies that prevent IOAM traffic from leaking outside of the IOAM 1565 domain, and prevent IOAM data from outside the domain to be processed 1566 and used within the domain. 1568 9. Acknowledgements 1570 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 1571 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 1572 Nadahalli, LJ Wobker, Erik Nordmark, Vengada Prasad Govindan, and 1573 Andrew Yourtchenko for the comments and advice. 1575 This document leverages and builds on top of several concepts 1576 described in [I-D.kitamura-ipv6-record-route]. The authors would 1577 like to acknowledge the work done by the author Hiroshi Kitamura and 1578 people involved in writing it. 1580 The authors would like to gracefully acknowledge useful review and 1581 insightful comments received from Joe Clarke, Al Morton, and Mickey 1582 Spiegel. 1584 10. References 1586 10.1. Normative References 1588 [IEEE1588v2] 1589 Institute of Electrical and Electronics Engineers, "IEEE 1590 Std 1588-2008 - IEEE Standard for a Precision Clock 1591 Synchronization Protocol for Networked Measurement and 1592 Control Systems", IEEE Std 1588-2008, 2008, 1593 . 1596 [POSIX] Institute of Electrical and Electronics Engineers, "IEEE 1597 Std 1003.1-2008 (Revision of IEEE Std 1003.1-2004) - IEEE 1598 Standard for Information Technology - Portable Operating 1599 System Interface (POSIX(R))", IEEE Std 1003.1-2008, 2008, 1600 . 1603 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1604 Requirement Levels", BCP 14, RFC 2119, 1605 DOI 10.17487/RFC2119, March 1997, 1606 . 1608 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 1609 "Network Time Protocol Version 4: Protocol and Algorithms 1610 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 1611 . 1613 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1614 Writing an IANA Considerations Section in RFCs", BCP 26, 1615 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1616 . 1618 10.2. Informative References 1620 [I-D.brockners-proof-of-transit] 1621 Brockners, F., Bhandari, S., Dara, S., Pignataro, C., 1622 Leddy, J., Youell, S., Mozes, D., and T. Mizrahi, "Proof 1623 of Transit", draft-brockners-proof-of-transit-05 (work in 1624 progress), May 2018. 1626 [I-D.ietf-ntp-packet-timestamps] 1627 Mizrahi, T., Fabini, J., and A. Morton, "Guidelines for 1628 Defining Packet Timestamps", draft-ietf-ntp-packet- 1629 timestamps-04 (work in progress), October 2018. 1631 [I-D.ietf-nvo3-geneve] 1632 Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic 1633 Network Virtualization Encapsulation", draft-ietf- 1634 nvo3-geneve-08 (work in progress), October 2018. 1636 [I-D.ietf-nvo3-vxlan-gpe] 1637 Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol 1638 Extension for VXLAN", draft-ietf-nvo3-vxlan-gpe-06 (work 1639 in progress), April 2018. 1641 [I-D.kitamura-ipv6-record-route] 1642 Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop 1643 Option Extension", draft-kitamura-ipv6-record-route-00 1644 (work in progress), November 2000. 1646 [I-D.lapukhov-dataplane-probe] 1647 Lapukhov, P. and r. remy@barefootnetworks.com, "Data-plane 1648 probe for in-band telemetry collection", draft-lapukhov- 1649 dataplane-probe-01 (work in progress), June 2016. 1651 [I-D.spiegel-ippm-ioam-rawexport] 1652 Spiegel, M., Brockners, F., Bhandari, S., and R. 1653 Sivakolundu, "In-situ OAM raw data export with IPFIX", 1654 draft-spiegel-ippm-ioam-rawexport-00 (work in progress), 1655 March 2018. 1657 [RFC7276] Mizrahi, T., Sprecher, N., Bellagamba, E., and Y. 1658 Weingarten, "An Overview of Operations, Administration, 1659 and Maintenance (OAM) Tools", RFC 7276, 1660 DOI 10.17487/RFC7276, June 2014, 1661 . 1663 [RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in 1664 Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384, 1665 October 2014, . 1667 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 1668 Chaining (SFC) Architecture", RFC 7665, 1669 DOI 10.17487/RFC7665, October 2015, 1670 . 1672 [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with 1673 Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, 1674 May 2016, . 1676 [RFC7820] Mizrahi, T., "UDP Checksum Complement in the One-Way 1677 Active Measurement Protocol (OWAMP) and Two-Way Active 1678 Measurement Protocol (TWAMP)", RFC 7820, 1679 DOI 10.17487/RFC7820, March 2016, 1680 . 1682 [RFC7821] Mizrahi, T., "UDP Checksum Complement in the Network Time 1683 Protocol (NTP)", RFC 7821, DOI 10.17487/RFC7821, March 1684 2016, . 1686 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 1687 "Network Service Header (NSH)", RFC 8300, 1688 DOI 10.17487/RFC8300, January 2018, 1689 . 1691 Authors' Addresses 1693 Frank Brockners 1694 Cisco Systems, Inc. 1695 Hansaallee 249, 3rd Floor 1696 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 1697 Germany 1699 Email: fbrockne@cisco.com 1700 Shwetha Bhandari 1701 Cisco Systems, Inc. 1702 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 1703 Bangalore, KARNATAKA 560 087 1704 India 1706 Email: shwethab@cisco.com 1708 Carlos Pignataro 1709 Cisco Systems, Inc. 1710 7200-11 Kit Creek Road 1711 Research Triangle Park, NC 27709 1712 United States 1714 Email: cpignata@cisco.com 1716 Hannes Gredler 1717 RtBrick Inc. 1719 Email: hannes@rtbrick.com 1721 John Leddy 1722 Comcast 1723 United States 1725 Email: John_Leddy@cable.comcast.com 1727 Stephen Youell 1728 JP Morgan Chase 1729 25 Bank Street 1730 London E14 5JP 1731 United Kingdom 1733 Email: stephen.youell@jpmorgan.com 1735 Tal Mizrahi 1736 Huawei Network.IO Innovation Lab 1737 Israel 1739 Email: tal.mizrahi.phd@gmail.com 1740 David Mozes 1742 Email: mosesster@gmail.com 1744 Petr Lapukhov 1745 Facebook 1746 1 Hacker Way 1747 Menlo Park, CA 94025 1748 US 1750 Email: petr@fb.com 1752 Remy Chang 1753 Barefoot Networks 1754 4750 Patrick Henry Drive 1755 Santa Clara, CA 95054 1756 US 1758 Daniel Bernier 1759 Bell Canada 1760 Canada 1762 Email: daniel.bernier@bell.ca 1764 John Lemon 1765 Broadcom 1766 270 Innovation Drive 1767 San Jose, CA 95134 1768 US 1770 Email: john.lemon@broadcom.com