idnits 2.17.1 draft-ietf-ippm-stamp-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 12, 2019) is 1718 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE.1588.2008' == Outdated reference: A later version (-10) exists of draft-ietf-ippm-stamp-option-tlv-00 == Outdated reference: A later version (-12) exists of draft-ietf-ippm-stamp-yang-03 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Mirsky 3 Internet-Draft ZTE Corp. 4 Intended status: Standards Track G. Jun 5 Expires: February 13, 2020 ZTE Corporation 6 H. Nydell 7 Accedian Networks 8 R. Foote 9 Nokia 10 August 12, 2019 12 Simple Two-way Active Measurement Protocol 13 draft-ietf-ippm-stamp-07 15 Abstract 17 This document describes a Simple Two-way Active Measurement Protocol 18 which enables the measurement of both one-way and round-trip 19 performance metrics like delay, delay variation, and packet loss. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on February 13, 2020. 38 Copyright Notice 40 Copyright (c) 2019 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Conventions used in this document . . . . . . . . . . . . . . 3 57 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 59 3. Softwarization of Performance Measurement . . . . . . . . . . 3 60 4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 61 4.1. Session-Sender Behavior and Packet Format . . . . . . . . 5 62 4.1.1. Session-Sender Packet Format in Unauthenticated Mode 5 63 4.1.2. Session-Sender Packet Format in Authenticated Mode . 6 64 4.2. Session-Reflector Behavior and Packet Format . . . . . . 7 65 4.2.1. Session-Reflector Packet Format in Unauthenticated 66 Mode . . . . . . . . . . . . . . . . . . . . . . . . 8 67 4.2.2. Session-Reflector Packet Format in Authenticated Mode 9 68 4.3. Integrity and Confidentiality Protection in STAMP . . . . 10 69 4.4. Interoperability with TWAMP Light . . . . . . . . . . . . 11 70 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 71 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 72 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 73 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 74 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 75 8.2. Informative References . . . . . . . . . . . . . . . . . 14 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 78 1. Introduction 80 Development and deployment of Two-Way Active Measurement Protocol 81 (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined 82 features such as Reflect Octets and Symmetrical Size for TWAMP 83 provided invaluable experience. Several independent implementations 84 exist, have been deployed and provide important operational 85 performance measurements. At the same time, there has been 86 noticeable interest in using a more straightforward mechanism for 87 active performance monitoring that can provide deterministic behavior 88 and inherit separation of control (vendor-specific configuration or 89 orchestration) and test functions. One of such is Performance 90 Measurement from IP Edge to Customer Equipment using TWAMP Light from 91 Broadband Forum [BBF.TR-390] used as the reference TWAMP Light that, 92 according to [RFC8545], includes sub-set of TWAMP-Test functions in 93 combination with other applications that provide, for example, 94 control and security. This document defines an active performance 95 measurement test protocol, Simple Two-way Active Measurement Protocol 96 (STAMP), that enables measurement of both one-way and round-trip 97 performance metrics like delay, delay variation, and packet loss. 98 Some TWAMP extensions, e.g., [RFC7750] are supported by the 99 extensions to STAMP base specification in 100 [I-D.ietf-ippm-stamp-option-tlv]. 102 2. Conventions used in this document 104 2.1. Terminology 106 AES Advanced Encryption Standard 108 CBC Cipher Block Chaining 110 ECB Electronic Cookbook 112 KEK Key-encryption Key 114 STAMP - Simple Two-way Active Measurement Protocol 116 NTP - Network Time Protocol 118 PTP - Precision Time Protocol 120 HMAC Hashed Message Authentication Code 122 OWAMP One-Way Active Measurement Protocol 124 TWAMP Two-Way Active Measurement Protocol 126 MBZ May be Zero 128 2.2. Requirements Language 130 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 131 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 132 "OPTIONAL" in this document are to be interpreted as described in BCP 133 14 [RFC2119] [RFC8174] when, and only when, they appear in all 134 capitals, as shown here. 136 3. Softwarization of Performance Measurement 138 Figure 1 presents the Simple Two-way Active Measurement Protocol 139 (STAMP) Session-Sender, and Session-Reflector with a measurement 140 session. The configuration and management of the STAMP Session- 141 Sender, Session-Reflector, and management of the STAMP sessions can 142 be achieved through various means. Command Line Interface, OSS/BSS 143 (operations support system/business support system as a combination 144 of two systems used to support a range of telecommunication services) 145 using SNMP or controllers in Software-Defined Networking using 146 Netconf/YANG are but a few examples. 148 o----------------------------------------------------------o 149 | Configuration and | 150 | Management | 151 o----------------------------------------------------------o 152 || || 153 || || 154 || || 155 +----------------------+ +-------------------------+ 156 | STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | 157 +----------------------+ +-------------------------+ 159 Figure 1: STAMP Reference Model 161 4. Theory of Operation 163 STAMP Session-Sender transmits test packets over UDP transport toward 164 STAMP Session-Reflector. A STAMP Session-Sender MUST use UDP port 165 862 (TWAMP-Test Receiver Port) as the default destination UDP port 166 number. A STAMP implementation of Session-Sender MUST be able to use 167 UDP port numbers from User, a.k.a. Registered, Ports and Dynamic, 168 a.k.a. Private or Ephemeral, Ports ranges defined in [RFC6335]. 169 Before using numbers from the User Ports range, the possible impact 170 on the network MUST be carefully studied and agreed by all users of 171 the network. 173 STAMP Session-Reflector receives Session-Sender's packet and acts 174 according to the configuration and optional control information 175 communicated in the Session-Sender's test packet. An implementation 176 of STAMP Session-Reflector by default MUST use receive STAMP test 177 packets on UDP port 862. An implementation of Session-Reflector that 178 supports this specification MUST be able to define the port number to 179 receive STAMP test packets from User Ports and Dynamic Ports ranges 180 that are defined in [RFC6335]. STAMP defines two different test 181 packet formats, one for packets transmitted by the STAMP-Session- 182 Sender and one for packets transmitted by the STAMP-Session- 183 Reflector. 185 STAMP supports two modes: unauthenticated and authenticated. 186 Unauthenticated STAMP test packets, defined in Section 4.1.1 and 187 Section 4.2.1, ensure interworking between STAMP and TWAMP Light as 188 described in Section 4.4 packet formats. 190 By default, STAMP uses symmetrical packets, i.e., size of the packet 191 transmitted by Session-Reflector equals the size of the packet 192 received by the Session-Reflector. 194 4.1. Session-Sender Behavior and Packet Format 196 Because STAMP supports symmetrical test packets, STAMP Session-Sender 197 packet has a minimum size of 44 octets in unauthenticated mode, see 198 Figure 2, and 112 octets in the authenticated mode, see Figure 4. 200 4.1.1. Session-Sender Packet Format in Unauthenticated Mode 202 STAMP Session-Sender packet format in unauthenticated mode: 204 0 1 2 3 205 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 206 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 207 | Sequence Number | 208 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 | Timestamp | 210 | | 211 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 212 | Error Estimate | | 213 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 214 | | 215 | | 216 | MBZ (30 octets) | 217 | | 218 | | 219 | | 220 | | 221 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 223 Figure 2: STAMP Session-Sender test packet format in unauthenticated 224 mode 226 where fields are defined as the following: 228 o Sequence Number is four octets long field. For each new session 229 its value starts at zero and is incremented with each transmitted 230 packet. 232 o Timestamp is eight octets long field. STAMP node MUST support 233 Network Time Protocol (NTP) version 4 64-bit timestamp format 234 [RFC5905], the format used in [RFC5357]. STAMP node MAY support 235 IEEE 1588v2 Precision Time Protocol truncated 64-bit timestamp 236 format [IEEE.1588.2008], the format used in [RFC8186]. 238 o Error Estimate is two octets long field with format displayed in 239 Figure 3 241 0 1 242 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 243 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 244 |S|Z| Scale | Multiplier | 245 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 Figure 3: Error Estimate Format 249 where S, Scale, and Multiplier fields are interpreted as they have 250 been defined in section 4.1.2 [RFC4656]; and Z field - as has been 251 defined in section 2.3 [RFC8186]: 253 * 0 - NTP 64 bit format of a timestamp; 255 * 1 - PTPv2 truncated format of a timestamp. 257 The STAMP Session-Sender and Session-Reflector MAY use, not use, 258 or set value of the Z field in accordance with the timestamp 259 format in use. This optional field is to enhance operations, but 260 local configuration or defaults could be used in its place. 262 o May-be-Zero (MBZ) field in the session-sender unauthenticated 263 packet is 30 octets long. It MAY be all zeroed on the 264 transmission and MUST be ignored on receipt. 266 4.1.2. Session-Sender Packet Format in Authenticated Mode 268 STAMP Session-Sender packet format in authenticated mode: 270 0 1 2 3 271 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 272 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 273 | Sequence Number | 274 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 275 | | 276 | MBZ (12 octets) | 277 | | 278 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 | Timestamp | 280 | | 281 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 282 | Error Estimate | | 283 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 284 ~ ~ 285 | MBZ (70 octets) | 286 ~ ~ 287 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 288 | | 289 | HMAC (16 octets) | 290 | | 291 | | 292 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 294 Figure 4: STAMP Session-Sender test packet format in authenticated 295 mode 297 The field definitions are the same as the unauthenticated mode, 298 listed in Section 4.1.1. Also, MBZ fields are used to align the 299 packet on 16 octets boundary. The value of the field MAY be zeroed 300 on transmission and MUST be ignored on receipt. Also, the packet 301 includes a key-hashed message authentication code (HMAC) ([RFC2104]) 302 hash at the end of the PDU. The detailed use of the HMAC field is 303 described in Section 4.3. 305 4.2. Session-Reflector Behavior and Packet Format 307 The Session-Reflector receives the STAMP test packet, verifies it, 308 prepares and transmits the reflected test packet. 310 Two modes of STAMP Session-Reflector characterize the expected 311 behavior and, consequently, performance metrics that can be measured: 313 o Stateless - STAMP Session-Reflector does not maintain test state 314 and will reflect the received sequence number without 315 modification. As a result, only round-trip packet loss can be 316 calculated while the reflector is operating in stateless mode. 318 o Stateful - STAMP Session-Reflector maintains test state thus 319 enabling the ability to determine forward loss, gaps recognized in 320 the received sequence number. As a result, both near-end 321 (forward) and far-end (backward) packet loss can be computed. 322 That implies that the STAMP Session-Reflector MUST keep a state 323 for each accepted STAMP-test session, uniquely identifying STAMP- 324 test packets to one such session instance, and enabling adding a 325 sequence number in the test reply that is individually incremented 326 on a per-session basis. 328 4.2.1. Session-Reflector Packet Format in Unauthenticated Mode 330 For unauthenticated mode: 332 0 1 2 3 333 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 334 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 335 | Sequence Number | 336 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 | Timestamp | 338 | | 339 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 340 | Error Estimate | MBZ | 341 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 342 | Receive Timestamp | 343 | | 344 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 345 | Session-Sender Sequence Number | 346 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 347 | Session-Sender Timestamp | 348 | | 349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 350 | Session-Sender Error Estimate | MBZ | 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 |Ses-Sender TTL | MBZ | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 355 Figure 5: STAMP Session-Reflector test packet format in 356 unauthenticated mode 358 where fields are defined as the following: 360 o Sequence Number is four octets long field. The value of the 361 Sequence Number field is set according to the mode of the STAMP 362 Session-Reflector: 364 * in the stateless mode the Session-Reflector copies the value 365 from the received STAMP test packet's Sequence Number field; 367 * in the stateful mode the Session-Reflector counts the received 368 STAMP test packets in each test session and uses that counter 369 to set the value of the Sequence Number field. 371 o Timestamp and Receiver Timestamp fields are each eight octets 372 long. The format of these fields, NTP or PTPv2, indicated by the 373 Z flag of the Error Estimate field as described in Section 4.1. 375 o Error Estimate has the same size and interpretation as described 376 in Section 4.1. 378 o Session-Sender Sequence Number, Session-Sender Timestamp, and 379 Session-Sender Error Estimate are copies of the corresponding 380 fields in the STAMP test packet sent by the Session-Sender. 382 o Session-Sender TTL is one octet long field, and its value is the 383 copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the 384 received STAMP test packet. 386 o MBZ is used to achieve alignment on a four octets boundary. The 387 value of the field MAY be zeroed on transmission and MUST be 388 ignored on receipt. 390 4.2.2. Session-Reflector Packet Format in Authenticated Mode 392 For the authenticated mode: 394 0 1 2 3 395 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 396 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 397 | Sequence Number | 398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 | MBZ (12 octets) | 400 | | 401 | | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 | Timestamp | 404 | | 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 | Error Estimate | | 407 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 408 | MBZ (6 octets) | 409 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 410 | Receive Timestamp | 411 | | 412 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 413 | MBZ (8 octets) | 414 | | 415 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 416 | Session-Sender Sequence Number | 417 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 418 | MBZ (12 octets) | 419 | | 420 | | 421 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 422 | Session-Sender Timestamp | 423 | | 424 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 425 | Session-Sender Error Estimate | | 426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 427 | MBZ (6 octets) | 428 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 429 |Ses-Sender TTL | | 430 +-+-+-+-+-+-+-+-+ + 431 | | 432 | MBZ (15 octets) | 433 | | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 | HMAC (16 octets) | 436 | | 437 | | 438 | | 439 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 Figure 6: STAMP Session-Reflector test packet format in authenticated 442 mode 444 The field definitions are the same as the unauthenticated mode, 445 listed in Section 4.2.1. Additionally, the MBZ field is used to 446 align the packet on 16 octets boundary. The value of the field MAY 447 be zeroed on transmission and MUST be ignored on receipt. Also, 448 STAMP Session-Reflector test packet format in authenticated mode 449 includes a key (HMAC) ([RFC2104]) hash at the end of the PDU. The 450 detailed use of the HMAC field is in Section 4.3. 452 4.3. Integrity and Confidentiality Protection in STAMP 454 To provide integrity protection, each STAMP message is being 455 authenticated by adding Hashed Message Authentication Code (HMAC). 456 STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use 457 of it in IPSec defined in [RFC4868]); hence the length of the HMAC 458 field is 16 octets. HMAC uses its own key, and the definition of the 459 mechanism to distribute the HMAC key is outside the scope of this 460 specification. One example is to use an orchestrator to configure 461 HMAC key based on STAMP YANG data model [I-D.ietf-ippm-stamp-yang]. 463 HMAC MUST be verified as early as possible to avoid using or 464 propagating corrupted data. 466 If confidentiality protection for STAMP is required, encryption at 467 the higher level MUST be used. For example, STAMP packets could be 468 transmitted in the dedicated IPsec tunnel or share the IPsec tunnel 469 with the monitored flow. 471 4.4. Interoperability with TWAMP Light 473 One of the essential requirements to STAMP is the ability to 474 interwork with a TWAMP Light device. There are two possible 475 combinations for such use case: 477 o STAMP Session-Sender with TWAMP Light Session-Reflector; 479 o TWAMP Light Session-Sender with STAMP Session-Reflector. 481 In the former case, the Session-Sender MAY not be aware that its 482 Session-Reflector does not support STAMP. For example, a TWAMP Light 483 Session-Reflector may not support the use of UDP port 862 as defined 484 in [RFC8545]. Thus STAMP Session-Sender MAY use port numbers as 485 defined in Section 4. If any of STAMP extensions are used, the TWAMP 486 Light Session-Reflector will view them as Packet Padding field. The 487 Session-Sender SHOULD use the default format for its timestamps - 488 NTP. And it MAY use PTPv2 timestamp format. 490 In the latter scenario, if a TWAMP Light Session-Sender does not 491 support the use of UDP port 862, the test management system MUST set 492 STAMP Session-Reflector to use UDP port number as defined in 493 Section 4. If the TWAMP Light Session-Sender includes Packet Padding 494 field in its transmitted packet, the STAMP Session-Reflector will 495 return the reflected packet of the symmetrical size if the size of 496 the received test packet is larger than the size of the STAMP base 497 packet. The Session-Reflector MUST be set to use the default format 498 for its timestamps, NTP. 500 STAMP does not support the Reflect Octets capability defined in 501 [RFC6038]. If the Server Octets field is present in the TWAMP 502 Session-Sender packet, STAMP Session-Reflector will not copy the 503 content starting from the Server Octets field but will transmit the 504 reflected packet of equal size. 506 5. IANA Considerations 508 This document doesn't have any IANA action. This section may be 509 removed before the publication. 511 6. Security Considerations 513 In general, all the security considerations related to TWAMP-Test, 514 discussed in [RFC5357] apply to STAMP. Since STAMP uses the well- 515 known UDP port number allocated for the OWAMP-Test/TWAMP-Test 516 Receiver port, the security considerations and measures to mitigate 517 the risk of the attack using the registered port number documented in 518 Section 6 [RFC8545] equally apply to STAMP. Because of the control 519 and management of a STAMP test being outside the scope of this 520 specification only the more general requirement is set: 522 To mitigate the possible attack vector, the control, and 523 management of a STAMP test session MUST use the secured transport. 525 Load of STAMP test packets offered to a network MUST be carefully 526 estimated, and the possible impact on the existing services MUST 527 be thoroughly analyzed before launching the test session. 528 [RFC8085] section 3.1.5 provides guidance on handling network load 529 for UDP-based protocol. While the characteristic of test traffic 530 depends on the test objective, it is highly recommended to stay in 531 the limits as provided in [RFC8085]. 533 STAMP test packets can be transmitted with the destination UDP port 534 number from the User Ports range, as defined in Section 4, that is 535 already or will be assigned by IANA. The possible impact of the 536 STAMP test packets on the network MUST be thoroughly analyzed, and 537 the use of STAMP for each case MUST be agreed by all users on the 538 network before starting the STAMP test session. 540 Use of HMAC-SHA-256 in the authenticated mode protects the data 541 integrity of the STAMP test packets. 543 7. Acknowledgments 545 Authors express their appreciation to Jose Ignacio Alvarez-Hamelin 546 and Brian Weis for their great insights into the security and 547 identity protection, and the most helpful and practical suggestions. 548 Also, our sincere thanks to David Ball and Rakesh Gandhi or their 549 thorough reviews and helpful comments. 551 8. References 553 8.1. Normative References 555 [IEEE.1588.2008] 556 "Standard for a Precision Clock Synchronization Protocol 557 for Networked Measurement and Control Systems", 558 IEEE Standard 1588, March 2008. 560 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 561 Requirement Levels", BCP 14, RFC 2119, 562 DOI 10.17487/RFC2119, March 1997, 563 . 565 [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. 566 Zekauskas, "A One-way Active Measurement Protocol 567 (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, 568 . 570 [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. 571 Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", 572 RFC 5357, DOI 10.17487/RFC5357, October 2008, 573 . 575 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 576 "Network Time Protocol Version 4: Protocol and Algorithms 577 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 578 . 580 [RFC6038] Morton, A. and L. Ciavattone, "Two-Way Active Measurement 581 Protocol (TWAMP) Reflect Octets and Symmetrical Size 582 Features", RFC 6038, DOI 10.17487/RFC6038, October 2010, 583 . 585 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 586 Cheshire, "Internet Assigned Numbers Authority (IANA) 587 Procedures for the Management of the Service Name and 588 Transport Protocol Port Number Registry", BCP 165, 589 RFC 6335, DOI 10.17487/RFC6335, August 2011, 590 . 592 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 593 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 594 May 2017, . 596 [RFC8186] Mirsky, G. and I. Meilik, "Support of the IEEE 1588 597 Timestamp Format in a Two-Way Active Measurement Protocol 598 (TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017, 599 . 601 [RFC8545] Morton, A., Ed. and G. Mirsky, Ed., "Well-Known Port 602 Assignments for the One-Way Active Measurement Protocol 603 (OWAMP) and the Two-Way Active Measurement Protocol 604 (TWAMP)", RFC 8545, DOI 10.17487/RFC8545, March 2019, 605 . 607 8.2. Informative References 609 [BBF.TR-390] 610 "Performance Measurement from IP Edge to Customer 611 Equipment using TWAMP Light", BBF TR-390, May 2017. 613 [I-D.ietf-ippm-stamp-option-tlv] 614 Mirsky, G., Xiao, M., Jun, G., Nydell, H., and R. Foote, 615 "Simple Two-way Active Measurement Protocol Optional 616 Extensions", draft-ietf-ippm-stamp-option-tlv-00 (work in 617 progress), July 2019. 619 [I-D.ietf-ippm-stamp-yang] 620 Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active 621 Measurement Protocol (STAMP) Data Model", draft-ietf-ippm- 622 stamp-yang-03 (work in progress), March 2019. 624 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 625 Hashing for Message Authentication", RFC 2104, 626 DOI 10.17487/RFC2104, February 1997, 627 . 629 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 630 384, and HMAC-SHA-512 with IPsec", RFC 4868, 631 DOI 10.17487/RFC4868, May 2007, 632 . 634 [RFC7750] Hedin, J., Mirsky, G., and S. Baillargeon, "Differentiated 635 Service Code Point and Explicit Congestion Notification 636 Monitoring in the Two-Way Active Measurement Protocol 637 (TWAMP)", RFC 7750, DOI 10.17487/RFC7750, February 2016, 638 . 640 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 641 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 642 March 2017, . 644 Authors' Addresses 646 Greg Mirsky 647 ZTE Corp. 649 Email: gregimirsky@gmail.com 650 Guo Jun 651 ZTE Corporation 652 68# Zijinghua Road 653 Nanjing, Jiangsu 210012 654 P.R.China 656 Phone: +86 18105183663 657 Email: guo.jun2@zte.com.cn 659 Henrik Nydell 660 Accedian Networks 662 Email: hnydell@accedian.com 664 Richard Foote 665 Nokia 667 Email: footer.foote@nokia.com