idnits 2.17.1 draft-ietf-ippm-stamp-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 18, 2019) is 1652 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-10) exists of draft-ietf-ippm-stamp-option-tlv-01 -- Possible downref: Non-RFC (?) normative reference: ref. 'IEEE.1588.2008' ** Downref: Normative reference to an Informational RFC: RFC 2104 == Outdated reference: A later version (-12) exists of draft-ietf-ippm-stamp-yang-04 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group G. Mirsky 3 Internet-Draft ZTE Corp. 4 Intended status: Standards Track G. Jun 5 Expires: April 20, 2020 ZTE Corporation 6 H. Nydell 7 Accedian Networks 8 R. Foote 9 Nokia 10 October 18, 2019 12 Simple Two-way Active Measurement Protocol 13 draft-ietf-ippm-stamp-09 15 Abstract 17 This document describes a Simple Two-way Active Measurement Protocol 18 which enables the measurement of both one-way and round-trip 19 performance metrics like delay, delay variation, and packet loss. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on April 20, 2020. 38 Copyright Notice 40 Copyright (c) 2019 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Conventions used in this document . . . . . . . . . . . . . . 3 57 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 59 3. Operation and Management of Performance Measurement Based on 60 STAMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 62 4.1. UDP Port Numbers in STAMP Testing . . . . . . . . . . . . 5 63 4.2. Session-Sender Behavior and Packet Format . . . . . . . . 5 64 4.2.1. Session-Sender Packet Format in Unauthenticated Mode 5 65 4.2.2. Session-Sender Packet Format in Authenticated Mode . 7 66 4.3. Session-Reflector Behavior and Packet Format . . . . . . 8 67 4.3.1. Session-Reflector Packet Format in Unauthenticated 68 Mode . . . . . . . . . . . . . . . . . . . . . . . . 9 69 4.3.2. Session-Reflector Packet Format in Authenticated Mode 10 70 4.4. Integrity Protection in STAMP . . . . . . . . . . . . . . 11 71 4.5. Confidentiality Protection in STAMP . . . . . . . . . . . 12 72 4.6. Interoperability with TWAMP Light . . . . . . . . . . . . 12 73 5. Operational Considerations . . . . . . . . . . . . . . . . . 13 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 75 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 76 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 77 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 78 9.1. Normative References . . . . . . . . . . . . . . . . . . 14 79 9.2. Informative References . . . . . . . . . . . . . . . . . 15 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 82 1. Introduction 84 Development and deployment of the Two-Way Active Measurement Protocol 85 (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined 86 Symmetrical Size for TWAMP, provided invaluable experience. Several 87 independent implementations of both TWAMP and TWAMP Light exist, have 88 been deployed, and provide important operational performance 89 measurements. 91 At the same time, there has been noticeable interest in using a more 92 straightforward mechanism for active performance monitoring that can 93 provide deterministic behavior and inherent separation of control 94 (vendor-specific configuration or orchestration) and test functions. 95 Recent work on IP Edge to Customer Equipment using TWAMP Light from 96 Broadband Forum [BBF.TR-390] demonstrated that interoperability among 97 implementations of TWAMP Light is difficult because the composition 98 and operation of TWAMP Light were not sufficiently specified in 99 [RFC5357]. According to [RFC8545], TWAMP Light includes a sub-set of 100 TWAMP-Test functions. Thus, to have a comprehensive tool to measure 101 packet loss and delay requires support by other applications that 102 provide, for example, control and security. 104 This document defines an active performance measurement test 105 protocol, Simple Two-way Active Measurement Protocol (STAMP), that 106 enables measurement of both one-way and round-trip performance 107 metrics like delay, delay variation, and packet loss. Some TWAMP 108 extensions, e.g., [RFC7750] are supported by the extensions to STAMP 109 base specification in [I-D.ietf-ippm-stamp-option-tlv]. 111 2. Conventions used in this document 113 2.1. Terminology 115 STAMP - Simple Two-way Active Measurement Protocol 117 NTP - Network Time Protocol 119 PTP - Precision Time Protocol 121 HMAC Hashed Message Authentication Code 123 OWAMP One-Way Active Measurement Protocol 125 TWAMP Two-Way Active Measurement Protocol 127 MBZ Must be Zero 129 2.2. Requirements Language 131 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 132 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 133 "OPTIONAL" in this document are to be interpreted as described in BCP 134 14 [RFC2119] [RFC8174] when, and only when, they appear in all 135 capitals, as shown here. 137 3. Operation and Management of Performance Measurement Based on STAMP 139 Figure 1 presents the Simple Two-way Active Measurement Protocol 140 (STAMP) Session-Sender, and Session-Reflector with a measurement 141 session. In this document, a measurement session also referred to as 142 STAMP session, is the bi-directional packet flow between one specific 143 Session-Sender and one particular Session-Reflector for a time 144 duration. The configuration and management of the STAMP Session- 145 Sender, Session-Reflector, and management of the STAMP sessions are 146 outside the scope of this document and can be achieved through 147 various means. A few examples are: Command Line Interface, 148 telecommunication services' OSS/BSS systems, SNMP, and Netconf/YANG- 149 based SDN controllers. 151 o----------------------------------------------------------o 152 | Configuration and | 153 | Management | 154 o----------------------------------------------------------o 155 || || 156 || || 157 || || 158 +----------------------+ +-------------------------+ 159 | STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | 160 +----------------------+ +-------------------------+ 162 Figure 1: STAMP Reference Model 164 4. Theory of Operation 166 STAMP Session-Sender transmits test packets over UDP transport toward 167 STAMP Session-Reflector. STAMP Session-Reflector receives Session- 168 Sender's packet and acts according to the configuration. Two modes 169 of STAMP Session-Reflector characterize the expected behavior and, 170 consequently, performance metrics that can be measured: 172 o Stateless - STAMP Session-Reflector does not maintain test state 173 and will use the value in the Sequence Number field in the 174 received packet as the value for the Sequence Number field in the 175 reflected packet. As a result, values in Sequence Number and 176 Session-Sender Sequence Number fields are the same, and only 177 round-trip packet loss can be calculated while the reflector is 178 operating in stateless mode. 180 o Stateful - STAMP Session-Reflector maintains test state thus 181 enabling the ability to determine forward loss, gaps recognized in 182 the received sequence number. As a result, both near-end 183 (forward) and far-end (backward) packet loss can be computed. 184 That implies that the STAMP Session-Reflector MUST keep a state 185 for each configured STAMP-test session, uniquely identifying 186 STAMP-test packets to one such session instance, and enabling 187 adding a sequence number in the test reply that is individually 188 incremented on a per-session basis. 190 STAMP supports two authentication modes: unauthenticated and 191 authenticated. Unauthenticated STAMP test packets, defined in 192 Section 4.2.1 and Section 4.3.1, ensure interworking between STAMP 193 and TWAMP Light as described in Section 4.6 packet formats. 195 By default, STAMP uses symmetrical packets, i.e., size of the packet 196 transmitted by Session-Reflector equals the size of the packet 197 received by the Session-Reflector. 199 4.1. UDP Port Numbers in STAMP Testing 201 A STAMP Session-Sender MUST use UDP port 862 (TWAMP-Test Receiver 202 Port) as the default destination UDP port number. A STAMP 203 implementation of Session-Sender MUST be able to use as the 204 destination UDP port numbers from User, a.k.a. Registered, Ports and 205 Dynamic, a.k.a. Private or Ephemeral, Ports ranges defined in 206 [RFC6335]. Before using numbers from the User Ports range, the 207 possible impact on the network MUST be carefully studied and agreed 208 by all users of the network domain where the test has been planned. 210 An implementation of STAMP Session-Reflector by default MUST receive 211 STAMP test packets on UDP port 862. An implementation of Session- 212 Reflector that supports this specification MUST be able to define the 213 port number to receive STAMP test packets from User Ports and Dynamic 214 Ports ranges that are defined in [RFC6335]. STAMP defines two 215 different test packet formats, one for packets transmitted by the 216 STAMP-Session-Sender and one for packets transmitted by the STAMP- 217 Session-Reflector. 219 4.2. Session-Sender Behavior and Packet Format 221 A STAMP Session-Reflector supports the symmetrical size of test 222 packets [RFC6038] as the default behavior. A reflected test packet 223 includes more information and thus is larger. Because of that, the 224 base STAMP Session-Sender packet is padded to match the size of a 225 reflected STAMP test packet. Hence, the base STAMP Session-Sender 226 packet has a minimum size of 44 octets in unauthenticated mode, see 227 Figure 2, and 112 octets in the authenticated mode, see Figure 4. 228 The variable length of a test packet in STAMP is supported by using 229 Extra Padding TLV defined in [I-D.ietf-ippm-stamp-option-tlv]. 231 4.2.1. Session-Sender Packet Format in Unauthenticated Mode 233 STAMP Session-Sender packet format in unauthenticated mode: 235 0 1 2 3 236 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 237 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 238 | Sequence Number | 239 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 | Timestamp | 241 | | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | Error Estimate | | 244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 245 | | 246 | | 247 | Reserved (30 octets) | 248 | | 249 | | 250 | | 251 | | 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 Figure 2: STAMP Session-Sender test packet format in unauthenticated 255 mode 257 where fields are defined as the following: 259 o Sequence Number is four octets long field. For each new session 260 its value starts at zero and is incremented with each transmitted 261 packet. 263 o Timestamp is eight octets long field. STAMP node MUST support 264 Network Time Protocol (NTP) version 4 64-bit timestamp format 265 [RFC5905], the format used in [RFC5357]. STAMP node MAY support 266 IEEE 1588v2 Precision Time Protocol (PTP) truncated 64-bit 267 timestamp format [IEEE.1588.2008], the format used in [RFC8186]. 268 The use of the specific format, NTP or PTP, is part of 269 configuration of the Session-Sender or the particular test 270 session. 272 o Error Estimate is two octets long field with format displayed in 273 Figure 3 275 0 1 276 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 278 |S|Z| Scale | Multiplier | 279 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 Figure 3: Error Estimate Format 283 where S, Scale, and Multiplier fields are interpreted as they have 284 been defined in section 4.1.2 [RFC4656]; and Z field - as has been 285 defined in section 2.3 [RFC8186]: 287 * 0 - NTP 64 bit format of a timestamp; 289 * 1 - PTPv2 truncated format of a timestamp. 291 The default behavior of the STAMP Session-Sender and Session- 292 Reflector is to use the NTP 64-bit timestamp format (Z field value 293 of 0) An operator, using configuration/management function, MAY 294 configure STAMP Session-Sender and Session-Reflector to using the 295 PTPv2 truncated format of a timestamp (Z field value of 1). Note, 296 that an implementation of a Session-Sender that supports this 297 specification MAY be configured to use PTPv2 format of a timestamp 298 even though the Session-Reflector is configured to use NTP format. 300 o Reserved field in the Session-Sender unauthenticated packet is 30 301 octets long. It MUST be all zeroed on the transmission and MUST 302 be ignored on receipt. 304 4.2.2. Session-Sender Packet Format in Authenticated Mode 306 STAMP Session-Sender packet format in authenticated mode: 308 0 1 2 3 309 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 311 | Sequence Number | 312 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 313 | | 314 | MBZ (12 octets) | 315 | | 316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 317 | Timestamp | 318 | | 319 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 320 | Error Estimate | | 321 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 322 ~ ~ 323 | MBZ (70 octets) | 324 ~ ~ 325 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 326 | | 327 | HMAC (16 octets) | 328 | | 329 | | 330 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 Figure 4: STAMP Session-Sender test packet format in authenticated 333 mode 335 The field definitions are the same as the unauthenticated mode, 336 listed in Section 4.2.1. Also, Must-Be-Zero (MBZ) fields are used to 337 to make the packet length a multiple of 16 octets. The value of the 338 field MUST be zeroed on transmission and MUST be ignored on receipt. 339 Note, that the MBZ field is used to calculate a key-hashed message 340 authentication code (HMAC) ([RFC2104]) hash. Also, the packet 341 includes HMAC hash at the end of the PDU. The detailed use of the 342 HMAC field is described in Section 4.4. 344 4.3. Session-Reflector Behavior and Packet Format 346 The Session-Reflector receives the STAMP test packet and verifies it. 347 If the base STAMP test packet validated, the Session-Reflector, that 348 supports this specification, prepares and transmits the reflected 349 test packet symmetric to the packet received from the Session-Sender 350 copying the content beyond the size of the base STAMP packet (see 351 Section 4.2). 353 4.3.1. Session-Reflector Packet Format in Unauthenticated Mode 355 For unauthenticated mode: 357 0 1 2 3 358 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 359 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 360 | Sequence Number | 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | Timestamp | 363 | | 364 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 365 | Error Estimate | MBZ | 366 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 367 | Receive Timestamp | 368 | | 369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 370 | Session-Sender Sequence Number | 371 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 372 | Session-Sender Timestamp | 373 | | 374 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 375 | Session-Sender Error Estimate | MBZ | 376 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 377 |Ses-Sender TTL | Reserved | 378 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 380 Figure 5: STAMP Session-Reflector test packet format in 381 unauthenticated mode 383 where fields are defined as the following: 385 o Sequence Number is four octets long field. The value of the 386 Sequence Number field is set according to the mode of the STAMP 387 Session-Reflector: 389 * in the stateless mode, the Session-Reflector copies the value 390 from the received STAMP test packet's Sequence Number field; 392 * in the stateful mode, the Session-Reflector counts the 393 transmitted STAMP test packets. It starts with zero and is 394 incremented by one for each subsequent packet for each test 395 session. The Session-Reflector uses that counter to set the 396 value of the Sequence Number field. 398 o Timestamp and Receive Timestamp fields are each eight octets long. 399 The format of these fields, NTP or PTPv2, indicated by the Z field 400 of the Error Estimate field as described in Section 4.2. Receive 401 Timestamp is the time the test packet was received by the Session- 402 Reflector. Timestamp - the time taken by the Session-Reflector at 403 the start of transmitting the test packet. 405 o Error Estimate has the same size and interpretation as described 406 in Section 4.2. It is applicable to both Timestamp and Receive 407 Timestamp. 409 o Session-Sender Sequence Number, Session-Sender Timestamp, and 410 Session-Sender Error Estimate are copies of the corresponding 411 fields in the STAMP test packet sent by the Session-Sender. 413 o Session-Sender TTL is one octet long field, and its value is the 414 copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the 415 received STAMP test packet. 417 o MBZ is used to achieve alignment of fields within the packet on a 418 four octets boundary. The value of the field MUST be zeroed on 419 transmission and MUST be ignored on receipt. 421 o Reserved field in the Session-Reflector unauthenticated packet is 422 three octets long. It MUST be all zeroed on the transmission and 423 MUST be ignored on receipt. 425 4.3.2. Session-Reflector Packet Format in Authenticated Mode 427 For the authenticated mode: 429 0 1 2 3 430 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 431 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 432 | Sequence Number | 433 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 434 | MBZ (12 octets) | 435 | | 436 | | 437 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 | Timestamp | 439 | | 440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 441 | Error Estimate | | 442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 443 | MBZ (6 octets) | 444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 445 | Receive Timestamp | 446 | | 447 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 448 | MBZ (8 octets) | 449 | | 450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 451 | Session-Sender Sequence Number | 452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 453 | MBZ (12 octets) | 454 | | 455 | | 456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 457 | Session-Sender Timestamp | 458 | | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 | Session-Sender Error Estimate | | 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + 462 | MBZ (6 octets) | 463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 464 |Ses-Sender TTL | | 465 +-+-+-+-+-+-+-+-+ + 466 | | 467 | MBZ (15 octets) | 468 | | 469 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 470 | HMAC (16 octets) | 471 | | 472 | | 473 | | 474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 476 Figure 6: STAMP Session-Reflector test packet format in authenticated 477 mode 479 The field definitions are the same as the unauthenticated mode, 480 listed in Section 4.3.1. Additionally, the MBZ field is used to to 481 make the packet length a multiple of 16 octets. The value of the 482 field MUST be zeroed on transmission and MUST be ignored on receipt. 483 Note, that the MBZ field is used to calculate HMAC hash value. Also, 484 STAMP Session-Reflector test packet format in authenticated mode 485 includes HMAC ([RFC2104]) hash at the end of the PDU. The detailed 486 use of the HMAC field is in Section 4.4. 488 4.4. Integrity Protection in STAMP 490 Authenticated mode provides integrity protection to each STAMP 491 message by adding Hashed Message Authentication Code (HMAC). STAMP 492 uses HMAC-SHA-256 truncated to 128 bits (similarly to the use of it 493 in IPSec defined in [RFC4868]); hence the length of the HMAC field is 494 16 octets. In the Authenticated mode, HMAC covers the first six 495 blocks (96 octets). HMAC uses its own key that may be unique for 496 each STAMP test session; key management and the mechanisms to 497 distribute the HMAC key are outside the scope of this specification. 498 One example is to use an orchestrator to configure HMAC key based on 499 STAMP YANG data model [I-D.ietf-ippm-stamp-yang]. HMAC MUST be 500 verified as early as possible to avoid using or propagating corrupted 501 data. 503 Future specifications may define the use of other, more advanced 504 cryptographic algorithms, possibly providing an update to the STAMP 505 YANG data model [I-D.ietf-ippm-stamp-yang]. 507 4.5. Confidentiality Protection in STAMP 509 If confidentiality protection for STAMP is required, a STAMP test 510 session MUST use a secured transport. For example, STAMP packets 511 could be transmitted in the dedicated IPsec tunnel or share the IPsec 512 tunnel with the monitored flow. Also, Datagram Transport Layer 513 Security protocol would provide the desired confidentiality 514 protection. 516 4.6. Interoperability with TWAMP Light 518 One of the essential requirements to STAMP is the ability to 519 interwork with a TWAMP Light device. Because STAMP and TWAMP use 520 different algorithms in Authenticated mode (HMAC-SHA-256 vs. HMAC- 521 SHA-1), interoperability is only considered for Unauthenticated mode. 522 There are two possible combinations for such use case: 524 o STAMP Session-Sender with TWAMP Light Session-Reflector; 526 o TWAMP Light Session-Sender with STAMP Session-Reflector. 528 In the former case, the Session-Sender might not be aware that its 529 Session-Reflector does not support STAMP. For example, a TWAMP Light 530 Session-Reflector may not support the use of UDP port 862 as 531 specified in [RFC8545]. Thus Section 4. permits a STAMP Session- 532 Sender to use alternative ports. If any of STAMP extensions are 533 used, the TWAMP Light Session-Reflector will view them as Packet 534 Padding field. 536 In the latter scenario, if a TWAMP Light Session-Sender does not 537 support the use of UDP port 862, the test management system MUST set 538 STAMP Session-Reflector to use UDP port number, as permitted by 539 Section 4. The Session-Reflector MUST be set to use the default 540 format for its timestamps, NTP. 542 A STAMP Session-Reflector that supports this specification would 543 transmit the base packet (Figure 5) regardless of the size of the 544 Padding field in the packet received from TWAMP Session-Sender. 545 Also, STAMP does not support the Reflect Octets capability defined in 546 [RFC6038]. If the Server Octets field is present in the TWAMP 547 Session-Sender packet, STAMP Session-Reflector will not copy the 548 content starting from the Server Octets field and will transmit the 549 reflected packet, as displayed in Figure 5. 551 5. Operational Considerations 553 STAMP is intended to be used on production networks to enable the 554 operator to assess service level agreements based on packet delay, 555 delay variation, and loss. When using STAMP over the Internet, 556 especially when STAMP test packets are transmitted with the 557 destination UDP port number from the User Ports range, the possible 558 impact of the STAMP test packets MUST be thoroughly analyzed. The 559 use of STAMP for each case MUST be agreed by users of nodes hosting 560 the Session-Sender and Session-Reflector before starting the STAMP 561 test session. 563 Also, the use of the well-known port number as the destination UDP 564 port number in STAMP test packets transmitted by a Session-Sender 565 would not impede the ability to measure performance in an Equal Cost 566 Multipath environment and analysis in Section 5.3 [RFC8545] fully 567 applies to STAMP. 569 6. IANA Considerations 571 This document doesn't have any IANA action. This section may be 572 removed before the publication. 574 7. Security Considerations 576 [RFC5357] does not identify security considerations specific to 577 TWAMP-Test but refers to security considerations identified for OWAMP 578 in [RFC4656]. Since both OWAMP and TWAMP include control plane and 579 data plane components, only security considerations related to OWAMP- 580 Test, discussed in Sections 6.2, 6.3 [RFC4656] apply to STAMP. 582 STAMP uses the well-known UDP port number allocated for the OWAMP- 583 Test/TWAMP-Test Receiver port. Thus the security considerations and 584 measures to mitigate the risk of the attack using the registered port 585 number documented in Section 6 [RFC8545] equally apply to STAMP. 586 Because of the control and management of a STAMP test being outside 587 the scope of this specification only the more general requirement is 588 set: 590 To mitigate the possible attack vector, the control, and 591 management of a STAMP test session MUST use the secured transport. 593 The load of the STAMP test packets offered to a network MUST be 594 carefully estimated, and the possible impact on the existing 595 services MUST be thoroughly analyzed before launching the test 596 session. [RFC8085] section 3.1.5 provides guidance on handling 597 network load for UDP-based protocol. While the characteristic of 598 test traffic depends on the test objective, it is highly 599 recommended to stay in the limits as provided in [RFC8085]. 601 Use of HMAC-SHA-256 in the authenticated mode protects the data 602 integrity of the STAMP test packets. 604 8. Acknowledgments 606 Authors express their appreciation to Jose Ignacio Alvarez-Hamelin 607 and Brian Weis for their great insights into the security and 608 identity protection, and the most helpful and practical suggestions. 609 Also, our sincere thanks to David Ball and Rakesh Gandhi or their 610 thorough reviews and helpful comments. 612 9. References 614 9.1. Normative References 616 [I-D.ietf-ippm-stamp-option-tlv] 617 Mirsky, G., Xiao, M., Jun, G., Nydell, H., Foote, R., and 618 A. Masputra, "Simple Two-way Active Measurement Protocol 619 Optional Extensions", draft-ietf-ippm-stamp-option-tlv-01 620 (work in progress), September 2019. 622 [IEEE.1588.2008] 623 "Standard for a Precision Clock Synchronization Protocol 624 for Networked Measurement and Control Systems", 625 IEEE Standard 1588, March 2008. 627 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 628 Hashing for Message Authentication", RFC 2104, 629 DOI 10.17487/RFC2104, February 1997, 630 . 632 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 633 Requirement Levels", BCP 14, RFC 2119, 634 DOI 10.17487/RFC2119, March 1997, 635 . 637 [RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. 638 Zekauskas, "A One-way Active Measurement Protocol 639 (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, 640 . 642 [RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. 643 Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", 644 RFC 5357, DOI 10.17487/RFC5357, October 2008, 645 . 647 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 648 "Network Time Protocol Version 4: Protocol and Algorithms 649 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 650 . 652 [RFC6038] Morton, A. and L. Ciavattone, "Two-Way Active Measurement 653 Protocol (TWAMP) Reflect Octets and Symmetrical Size 654 Features", RFC 6038, DOI 10.17487/RFC6038, October 2010, 655 . 657 [RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. 658 Cheshire, "Internet Assigned Numbers Authority (IANA) 659 Procedures for the Management of the Service Name and 660 Transport Protocol Port Number Registry", BCP 165, 661 RFC 6335, DOI 10.17487/RFC6335, August 2011, 662 . 664 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 665 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 666 May 2017, . 668 [RFC8186] Mirsky, G. and I. Meilik, "Support of the IEEE 1588 669 Timestamp Format in a Two-Way Active Measurement Protocol 670 (TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017, 671 . 673 [RFC8545] Morton, A., Ed. and G. Mirsky, Ed., "Well-Known Port 674 Assignments for the One-Way Active Measurement Protocol 675 (OWAMP) and the Two-Way Active Measurement Protocol 676 (TWAMP)", RFC 8545, DOI 10.17487/RFC8545, March 2019, 677 . 679 9.2. Informative References 681 [BBF.TR-390] 682 "Performance Measurement from IP Edge to Customer 683 Equipment using TWAMP Light", BBF TR-390, May 2017. 685 [I-D.ietf-ippm-stamp-yang] 686 Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active 687 Measurement Protocol (STAMP) Data Model", draft-ietf-ippm- 688 stamp-yang-04 (work in progress), September 2019. 690 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 691 384, and HMAC-SHA-512 with IPsec", RFC 4868, 692 DOI 10.17487/RFC4868, May 2007, 693 . 695 [RFC7750] Hedin, J., Mirsky, G., and S. Baillargeon, "Differentiated 696 Service Code Point and Explicit Congestion Notification 697 Monitoring in the Two-Way Active Measurement Protocol 698 (TWAMP)", RFC 7750, DOI 10.17487/RFC7750, February 2016, 699 . 701 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 702 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 703 March 2017, . 705 Authors' Addresses 707 Greg Mirsky 708 ZTE Corp. 710 Email: gregimirsky@gmail.com 712 Guo Jun 713 ZTE Corporation 714 68# Zijinghua Road 715 Nanjing, Jiangsu 210012 716 P.R.China 718 Phone: +86 18105183663 719 Email: guo.jun2@zte.com.cn 721 Henrik Nydell 722 Accedian Networks 724 Email: hnydell@accedian.com 726 Richard Foote 727 Nokia 729 Email: footer.foote@nokia.com