idnits 2.17.1 draft-ietf-ippm-stamp-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 19, 2018) is 1956 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-04) exists of draft-ietf-ippm-port-twamp-test-03 -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE.1588.2008' == Outdated reference: A later version (-12) exists of draft-ietf-ippm-stamp-yang-02 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Mirsky 3 Internet-Draft ZTE Corp. 4 Intended status: Standards Track G. Jun 5 Expires: May 23, 2019 ZTE Corporation 6 H. Nydell 7 Accedian Networks 8 R. Foote 9 Nokia 10 November 19, 2018 12 Simple Two-way Active Measurement Protocol 13 draft-ietf-ippm-stamp-04 15 Abstract 17 This document describes a Simple Two-way Active Measurement Protocol 18 which enables the measurement of both one-way and round-trip 19 performance metrics like delay, delay variation, and packet loss. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on May 23, 2019. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Conventions used in this document . . . . . . . . . . . . . . 3 57 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 59 3. Softwarization of Performance Measurement . . . . . . . . . . 3 60 4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 61 4.1. Session-Sender Behavior and Packet Format . . . . . . . . 4 62 4.1.1. Session-Sender Packet Format in Unauthenticated Mode 4 63 4.1.2. Session-Sender Packet Format in Authenticated Mode . 7 64 4.2. Session-Reflector Behavior and Packet Format . . . . . . 8 65 4.2.1. Session-Reflector Packet Format in Unauthenticated 66 Mode . . . . . . . . . . . . . . . . . . . . . . . . 8 67 4.2.2. Session-Reflector Packet Format in Authenticated Mode 10 68 4.3. Integrity and Confidentiality Protection in STAMP . . . . 12 69 4.4. Interoperability with TWAMP Light . . . . . . . . . . . . 12 70 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 72 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 73 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 74 8.1. Normative References . . . . . . . . . . . . . . . . . . 13 75 8.2. Informative References . . . . . . . . . . . . . . . . . 14 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 78 1. Introduction 80 Development and deployment of Two-Way Active Measurement Protocol 81 (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined 82 features such as Reflect Octets and Symmetrical Size for TWAMP 83 provided invaluable experience. Several independent implementations 84 exist, have been deployed and provide important operational 85 performance measurements. At the same time, there has been 86 noticeable interest in using a simpler mechanism for active 87 performance monitoring that can provide deterministic behavior and 88 inherit separation of control (vendor-specific configuration or 89 orchestration) and test functions. One of such is Performance 90 Measurement from IP Edge to Customer Equipment using TWAMP Light from 91 Broadband Forum ([BBF.TR-390]). This document defines active 92 performance measurement test protocol, Simple Two-way Active 93 Measurement Protocol (STAMP), that enables measurement of both one- 94 way and round-trip performance metrics like delay, delay variation, 95 and packet loss. 97 2. Conventions used in this document 99 2.1. Terminology 101 AES Advanced Encryption Standard 103 CBC Cipher Block Chaining 105 ECB Electronic Cookbook 107 KEK Key-encryption Key 109 STAMP - Simple Two-way Active Measurement Protocol 111 NTP - Network Time Protocol 113 PTP - Precision Time Protocol 115 HMAC Hashed Message Authentication Code 117 OWAMP One-Way Active Measurement Protocol 119 TWAMP Two-Way Active Measurement Protocol 121 2.2. Requirements Language 123 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 124 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 125 "OPTIONAL" in this document are to be interpreted as described in BCP 126 14 [RFC2119] [RFC8174] when, and only when, they appear in all 127 capitals, as shown here. 129 3. Softwarization of Performance Measurement 131 Figure 1 presents Simple Two-way Active Measurement Protocol (STAMP) 132 Session-Sender and Session-Reflector with a measurement session. The 133 configuration and management of the STAMP Session-Sender, Session- 134 Reflector and management of the STAMP sessions can be achieved 135 through various means. Command Line Interface, OSS/BSS using SNMP or 136 SDN using Netconf/YANG are but a few examples. 138 o----------------------------------------------------------o 139 | Configuration and | 140 | Management | 141 o----------------------------------------------------------o 142 || || 143 || || 144 || || 145 +----------------------+ +-------------------------+ 146 | STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | 147 +----------------------+ +-------------------------+ 149 Figure 1: STAMP Reference Model 151 4. Theory of Operation 153 STAMP Session-Sender transmits test packets toward STAMP Session- 154 Reflector. STAMP Session-Reflector receives Session-Sender's packet 155 and acts according to the configuration and optional control 156 information communicated in the Session-Sender's test packet. STAMP 157 defines two different test packet formats, one for packets 158 transmitted by the STAMP-Session-Sender and one for packets 159 transmitted by the STAMP-Session-Reflector. STAMP supports two 160 modes: unauthenticated and authenticated. Unauthenticated STAMP test 161 packets are compatible on the wire with unauthenticated TWAMP-Test 162 [RFC5357] packet formats. 164 By default, STAMP uses symmetrical packets, i.e., size of the packet 165 transmitted by Session-Reflector equals the size of the packet 166 received by the Session-Reflector. 168 4.1. Session-Sender Behavior and Packet Format 170 4.1.1. Session-Sender Packet Format in Unauthenticated Mode 172 Because STAMP supports symmetrical test packets, STAMP Session-Sender 173 packet has a minimum size of 44 octets in unauthenticated mode, see 174 Figure 2, and 48 octets in the authenticated mode, see Figure 4. 176 For unauthenticated mode: 178 0 1 2 3 179 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 181 | Sequence Number | 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 183 | Timestamp | 184 | | 185 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 186 | Error Estimate | | 187 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 188 | | 189 | | 190 | MBZ (27 octets) | 191 | | 192 | | 193 | | 194 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | | Server Octets | | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 197 | Remaining Packet Padding (to be reflected) | 198 ~ (length in octets specified in Server Octets) ~ 199 + +-+-+-+-+-+-+-+-+ 200 | | Comp.MBZ | 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 | Type | Length | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 ~ Value ~ 205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 Figure 2: STAMP Session-Sender test packet format in unauthenticated 208 mode 210 where fields are defined as the following: 212 o Sequence Number is four octets long field. For each new session 213 its value starts at zero and is incremented with each transmitted 214 packet. 216 o Timestamp is eight octets long field. STAMP node MUST support 217 Network Time Protocol (NTP) version 4 64-bit timestamp format 218 [RFC5905]. STAMP node MAY support IEEE 1588v2 Precision Time 219 Protocol truncated 64-bit timestamp format [IEEE.1588.2008]. 221 o Error Estimate is two octets long field with format displayed in 222 Figure 3 223 0 1 224 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 225 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 226 |S|Z| Scale | Multiplier | 227 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 229 Figure 3: Error Estimate Format 231 where S, Scale, and Multiplier fields are interpreted as they have 232 been defined in section 4.1.2 [RFC4656]; and Z field - as has been 233 defined in section 2.3 [RFC8186]: 235 * 0 - NTP 64 bit format of a timestamp; 237 * 1 - PTPv2 truncated format of a timestamp. 239 The STAMP Session-Sender and Session-Reflector MAY use, not use, 240 or set value of the Z field in accordance with the timestamp 241 format in use. This optional field is to enhance operations, but 242 local configuration or defaults could be used in its place. 244 o Must-be-Zero (MBZ) field in the session-sender unauthenticated 245 packet is 27 octets long. It MUST be all zeroed on the 246 transmission and ignored on receipt. 248 o Server Octets field is two octets long field. It MUST follow the 249 27 octets long MBZ field. The Reflect Octets capability defined 250 in [RFC6038]. The value in the Server Octets field equals the 251 number of octets the Session-Reflector is expected to copy back to 252 the Session-Sender starting with the Server Octets field. Thus 253 the minimal non-zero value for the Server Octets field is two. 254 Therefore, the value of one is invalid. If none of Payload to be 255 copied, the value of the Server Octets field MUST be set to zero 256 on transmit. 258 o Remaining Packet Padding is an optional field of variable length. 259 The number of octets in the Remaining Packet Padding field is the 260 value of the Server Octets field less the length of the Server 261 Octets field. 263 o Comp.MBZ is variable length field used to achieve alignment on a 264 word boundary. Thus the length of Comp.MBZ field may be only 0, 265 1, 2 or 3 octets. The value of the field MUST be zeroed on 266 transmission and ignored on receipt. 268 The unauthenticated STAMP Session-Sender packet MAY include Type- 269 Length-Value encodings that immediately follow the Comp. MBZ field. 271 o Type field is two octets long. The value of the Type field is the 272 codepoint allocated by IANA Section 5 that identifies data in the 273 Value field. 275 o Length is two octets long field, and its value is the length of 276 the Value field in octets. 278 o Value field contains the application specific information. The 279 length of the Value field MUST be four octets aligned. 281 4.1.2. Session-Sender Packet Format in Authenticated Mode 283 For authenticated mode: 285 0 1 2 3 286 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | Sequence Number | 289 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 290 | | 291 | MBZ (12 octets) | 292 | | 293 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 | Timestamp | 295 | | 296 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 297 | Error Estimate | | 298 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 299 ~ ~ 300 | MBZ (70 octets) | 301 ~ ~ 302 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 303 | Type | Length | 304 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 305 ~ Value ~ 306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 ~ Comp.MBZ ~ 308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 | | 310 | HMAC (16 octets) | 311 | | 312 | | 313 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 315 Figure 4: STAMP Session-Sender test packet format in authenticated 316 mode 318 The field definitions are the same as the unauthenticated mode, 319 listed in Section 4.1.1. Also, Comp.MBZ field is variable length 320 field to align the packet on 16 octets boundary. Also, the packet 321 includes a key-hashed message authentication code (HMAC) ([RFC2104]) 322 hash at the end of the PDU. 324 4.2. Session-Reflector Behavior and Packet Format 326 The Session-Reflector receives the STAMP test packet, verifies it, 327 prepares and transmits the reflected test packet. 329 Two modes of STAMP Session-Reflector characterize the expected 330 behavior and, consequently, performance metrics that can be measured: 332 o Stateless - STAMP Session-Reflector does not maintain test state 333 and will reflect the received sequence number without 334 modification. As a result, only round-trip packet loss can be 335 calculated while the reflector is operating in stateless mode. 337 o Stateful - STAMP Session-Reflector maintains test state thus 338 enabling the ability to determine forward loss, gaps recognized in 339 the received sequence number. As a result, both near-end 340 (forward) and far-end (backward) packet loss can be computed. 341 That implies that the STAMP Session-Reflector MUST keep a state 342 for each accepted STAMP-test session, uniquely identifying STAMP- 343 test packets to one such session instance, and enabling adding a 344 sequence number in the test reply that is individually incremented 345 on a per-session basis. 347 4.2.1. Session-Reflector Packet Format in Unauthenticated Mode 349 For unauthenticated mode: 351 0 1 2 3 352 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | Sequence Number | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | Timestamp | 357 | | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 | Error Estimate | MBZ | 360 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 361 | Receive Timestamp | 362 | | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Session-Sender Sequence Number | 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 | Session-Sender Timestamp | 367 | | 368 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 369 | Session-Sender Error Estimate | MBZ | 370 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 |Ses-Sender TTL | | 372 +-+-+-+-+-+-+-+-+ + 373 | | 374 ~ Packet Padding (reflected) ~ 375 + +-+-+-+-+-+-+-+-+ 376 | | Comp.MBZ | 377 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 378 | Type | Length | 379 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 380 ~ Value ~ 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 383 Figure 5: STAMP Session-Reflector test packet format in 384 unauthenticated mode 386 where fields are defined as the following: 388 o Sequence Number is four octets long field. The value of the 389 Sequence Number field is set according to the mode of the STAMP 390 Session-Reflector: 392 * in the stateless mode the Session-Reflector copies the value 393 from the received STAMP test packet's Sequence Number field; 395 * in the stateful mode the Session-Reflector counts the received 396 STAMP test packets in each test session and uses that counter 397 to set the value of the Sequence Number field. 399 o Timestamp and Receiver Timestamp fields are each eight octets 400 long. The format of these fields, NTP or PTPv2, indicated by the 401 Z flag of the Error Estimate field as described in Section 4.1. 403 o Error Estimate has the same size and interpretation as described 404 in Section 4.1. 406 o Session-Sender Sequence Number, Session-Sender Timestamp, and 407 Session-Sender Error Estimate are copies of the corresponding 408 fields in the STAMP test packet sent by the Session-Sender. 410 o Session-Sender TTL is one octet long field, and its value is the 411 copy of the TTL field from the received STAMP test packet. 413 o Packet Padding (reflected) is an optional variable length field. 414 The length of the Packet Padding (reflected) field MUST be equal 415 to the value of the Server Octets field (Figure 2). If the value 416 is non-zero, the Session-Reflector MUST copy number of octets 417 equal to the value of Server Octets field starting with the Server 418 Octets field. 420 o Comp.MBZ is variable length field used to achieve alignment on a 421 word boundary. Thus the length of Comp.MBZ field may be only 0, 422 1, 2 or 3 octets. The value of the field MUST be zeroed on 423 transmission and ignored on receipt. 425 4.2.2. Session-Reflector Packet Format in Authenticated Mode 427 For the authenticated mode: 429 0 1 2 3 430 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 431 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 432 | Sequence Number | 433 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 434 | MBZ (12 octets) | 435 | | 436 | | 437 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 | Timestamp | 439 | | 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 | Error Estimate | | 442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 443 | MBZ (6 octets) | 444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 | Receive Timestamp | 446 | | 447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 448 | MBZ (8 octets) | 449 | | 450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 451 | Session-Sender Sequence Number | 452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 453 | MBZ (12 octets) | 454 | | 455 | | 456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 457 | Session-Sender Timestamp | 458 | | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | Session-Sender Error Estimate | | 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 462 | MBZ (6 octets) | 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 |Ses-Sender TTL | | 465 +-+-+-+-+-+-+-+-+ + 466 | | 467 | MBZ (15 octets) | 468 | | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 470 | Type | Length | 471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 472 ~ Value ~ 473 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 474 ~ Comp.MBZ ~ 475 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 | HMAC (16 octets) | 477 | | 478 | | 479 | | 480 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 482 Figure 6: STAMP Session-Reflector test packet format in authenticated 483 mode 485 The field definitions are the same as the unauthenticated mode, 486 listed in Section 4.2.1. Additionally, the packet MAY include 487 Comp.MBZ field is variable length field to align the packet on 16 488 octets boundary. Also, STAMP Session-Reflector test packet format in 489 authenticated mode includes a key (HMAC) ([RFC2104]) hash at the end 490 of the PDU. 492 4.3. Integrity and Confidentiality Protection in STAMP 494 To provide integrity protection, each STAMP message is being 495 authenticated by adding Hashed Message Authentication Code (HMAC). 496 STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use 497 of it in IPSec defined in [RFC4868]); hence the length of the HMAC 498 field is 16 octets. HMAC uses own key and the definition of the 499 mechanism to distribute the HMAC key is outside the scope of this 500 specification. One example is to use an orchestrator to configure 501 HMAC key based on STAMP YANG data model [I-D.ietf-ippm-stamp-yang]. 502 HMAC MUST be verified as early as possible to avoid using or 503 propagating corrupted data. 505 If confidentiality protection for STAMP is required, encryption at 506 the higher level MUST be used. 508 4.4. Interoperability with TWAMP Light 510 One of the essential requirements to STAMP is the ability to 511 interwork with TWAMP Light device. There are two possible 512 combinations for such use case: 514 o STAMP Session-Sender with TWAMP Light Session-Reflector; 516 o TWAMP Light Session-Sender with STAMP Session-Reflector. 518 In the former case, Session-Sender MAY not be aware that its Session- 519 Reflector does not support STAMP. For example, TWAMP Light Session- 520 Reflector may not support the use of UDP port 862 as defined in 521 [I-D.ietf-ippm-port-twamp-test]. Thus STAMP Session-Sender MUST be 522 able to send test packets to destination UDP port number from the 523 Dynamic and/or Private Ports range 49152-65535, test management 524 system should find port number that both devices can use. And if any 525 of TLV-based STAMP extensions are used, the TWAMP Light Session- 526 Reflector will view them as Packet Padding field. The Session-Sender 527 SHOULD use the default format for its timestamps - NTP. And it MAY 528 use PTPv2 timestamp format. 530 In the latter scenario, the test management system should set STAMP 531 Session-Reflector to use UDP port number from the Dynamic and/or 532 Private Ports range. As for Packet Padding field that the TWAMP 533 Light Session-Sender includes in its transmitted packet, the STAMP 534 Session-Reflector will process it according to [RFC6038] and return 535 reflected packet of the symmetrical size. The Session-Reflector MUST 536 use the default format for its timestamps - NTP. 538 5. IANA Considerations 540 This document doesn't have any IANA action. This section may be 541 removed before the publication. 543 6. Security Considerations 545 Use of HMAC-SHA-256 in the authenticated mode protects the data 546 integrity of the STAMP test packets. 548 7. Acknowledgments 550 Authors express their appreciation to Jose Ignacio Alvarez-Hamelin 551 and Brian Weis for their great insights into the security and 552 identity protection, and the most helpful and practical suggestions. 554 8. References 556 8.1. Normative References 558 [BBF.TR-390] 559 "Performance Measurement from IP Edge to Customer 560 Equipment using TWAMP Light", BBF TR-390, May 2017. 562 [I-D.ietf-ippm-port-twamp-test] 563 Morton, A. and G. Mirsky, "OWAMP and TWAMP Well-Known Port 564 Assignments", draft-ietf-ippm-port-twamp-test-03 (work in 565 progress), November 2018. 567 [IEEE.1588.2008] 568 "Standard for a Precision Clock Synchronization Protocol 569 for Networked Measurement and Control Systems", 570 IEEE Standard 1588, March 2008. 572 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 573 Requirement Levels", BCP 14, RFC 2119, 574 DOI 10.17487/RFC2119, March 1997, 575 . 577 [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. 578 Zekauskas, "A One-way Active Measurement Protocol 579 (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, 580 . 582 [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. 583 Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", 584 RFC 5357, DOI 10.17487/RFC5357, October 2008, 585 . 587 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 588 "Network Time Protocol Version 4: Protocol and Algorithms 589 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 590 . 592 [RFC6038] Morton, A. and L. Ciavattone, "Two-Way Active Measurement 593 Protocol (TWAMP) Reflect Octets and Symmetrical Size 594 Features", RFC 6038, DOI 10.17487/RFC6038, October 2010, 595 . 597 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 598 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 599 May 2017, . 601 [RFC8186] Mirsky, G. and I. Meilik, "Support of the IEEE 1588 602 Timestamp Format in a Two-Way Active Measurement Protocol 603 (TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017, 604 . 606 8.2. Informative References 608 [I-D.ietf-ippm-stamp-yang] 609 Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active 610 Measurement Protocol (STAMP) Data Model", draft-ietf-ippm- 611 stamp-yang-02 (work in progress), September 2018. 613 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 614 Hashing for Message Authentication", RFC 2104, 615 DOI 10.17487/RFC2104, February 1997, 616 . 618 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 619 384, and HMAC-SHA-512 with IPsec", RFC 4868, 620 DOI 10.17487/RFC4868, May 2007, 621 . 623 Authors' Addresses 625 Greg Mirsky 626 ZTE Corp. 628 Email: gregimirsky@gmail.com 629 Guo Jun 630 ZTE Corporation 631 68# Zijinghua Road 632 Nanjing, Jiangsu 210012 633 P.R.China 635 Phone: +86 18105183663 636 Email: guo.jun2@zte.com.cn 638 Henrik Nydell 639 Accedian Networks 641 Email: hnydell@accedian.com 643 Richard Foote 644 Nokia 646 Email: footer.foote@nokia.com