idnits 2.17.1 

draft-ietf-mpls-sfl-framework-09.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (July 08, 2020) is 1389 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  == Outdated reference: A later version (-09) exists of
     draft-bryant-mpls-sfl-control-08


     Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	MPLS Working Group                                             S. Bryant
3	Internet-Draft                                Fururewei Technologies Inc
4	Intended status: Informational                                   M. Chen
5	Expires: January 9, 2021                                          Huawei
6	                                                              G. Swallow
7	                                               Southend Technical Center
8	                                                            S. Sivabalan
9	                                                       Ciena Corporation
10	                                                               G. Mirsky
11	                                                               ZTE Corp.
12	                                                           July 08, 2020

14	                    Synonymous Flow Label Framework
15	                    draft-ietf-mpls-sfl-framework-09

17	Abstract

19	   RFC 8372 (MPLS Flow Identification Considerations) describes the
20	   requirement for introducing flow identities within the MPLS
21	   architecture.  This document describes a method of accomplishing this
22	   by using a technique called Synonymous Flow Labels in which labels
23	   which mimic the behaviour of other labels provide the identification
24	   service.  These identifiers can be used to trigger per-flow
25	   operations on the packet at the receiving label switching router.

27	Status of This Memo

29	   This Internet-Draft is submitted in full conformance with the
30	   provisions of BCP 78 and BCP 79.

32	   Internet-Drafts are working documents of the Internet Engineering
33	   Task Force (IETF).  Note that other groups may also distribute
34	   working documents as Internet-Drafts.  The list of current Internet-
35	   Drafts is at https://datatracker.ietf.org/drafts/current/.

37	   Internet-Drafts are draft documents valid for a maximum of six months
38	   and may be updated, replaced, or obsoleted by other documents at any
39	   time.  It is inappropriate to use Internet-Drafts as reference
40	   material or to cite them other than as "work in progress."

42	   This Internet-Draft will expire on January 9, 2021.

44	Copyright Notice

46	   Copyright (c) 2020 IETF Trust and the persons identified as the
47	   document authors.  All rights reserved.

49	   This document is subject to BCP 78 and the IETF Trust's Legal
50	   Provisions Relating to IETF Documents
51	   (https://trustee.ietf.org/license-info) in effect on the date of
52	   publication of this document.  Please review these documents
53	   carefully, as they describe your rights and restrictions with respect
54	   to this document.  Code Components extracted from this document must
55	   include Simplified BSD License text as described in Section 4.e of
56	   the Trust Legal Provisions and are provided without warranty as
57	   described in the Simplified BSD License.

59	Table of Contents

61	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
62	   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   2
63	   3.  Synonymous Flow Labels  . . . . . . . . . . . . . . . . . . .   3
64	   4.  User Service Traffic in the Data Plane  . . . . . . . . . . .   4
65	     4.1.  Applications Label Present  . . . . . . . . . . . . . . .   4
66	       4.1.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   5
67	     4.2.  Single Label Stack  . . . . . . . . . . . . . . . . . . .   5
68	       4.2.1.  Setting TTL and the Traffic Class Bits  . . . . . . .   6
69	     4.3.  Aggregation of SFL Actions  . . . . . . . . . . . . . . .   6
70	   5.  Equal Cost Multipath Considerations . . . . . . . . . . . . .   7
71	   6.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   8
72	   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
73	   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
74	   9.  Contributing Authors  . . . . . . . . . . . . . . . . . . . .   8
75	   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
76	     10.1.  Normative References . . . . . . . . . . . . . . . . . .   8
77	     10.2.  Informative References . . . . . . . . . . . . . . . . .   9
78	   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

80	1.  Introduction

82	   [RFC8372] (MPLS Flow Identification Considerations) describes the
83	   requirement for introducing flow identities within the MPLS
84	   architecture.  This document describes a method of accomplishing this
85	   by using a technique called Synonymous Flow Labels (SFL) in which
86	   labels which mimic the behaviour of other labels provide the
87	   identification service.  These identifiers can be used to trigger
88	   per-flow operations on the packet at the receiving label switching
89	   router.

91	2.  Requirements Language

93	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
94	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
95	   "OPTIONAL" in this document are to be interpreted as described in BCP
96	   14 [RFC2119] [RFC8174] when, and only when, they appear in all
97	   capitals, as shown here.

99	3.  Synonymous Flow Labels

101	   An SFL is defined to be a label that causes exactly the same
102	   behaviour at the egress Label Switching Router (LSR) as the label it
103	   replaces, but in addition also causes an agreed action to take place
104	   on the packet.  There are many possible additional actions such as
105	   the measurement of the number of received packets in a flow,
106	   triggering IPFIX inspection, triggering other types of Deep Packet
107	   Inspection, or identification of the packet source.  In, for example,
108	   a Performance Monitoring (PM) application, the agreed action could be
109	   the recording of the receipt of the packet by incrementing a packet
110	   counter.  This is a natural action in many MPLS implementations, and
111	   where supported this permits the implementation of high quality
112	   packet loss measurement without any change to the packet forwarding
113	   system.

115	   As an example application of this technology, let us consider a
116	   pseudowire (PW) [RFC3985] on which it is desired to make packet loss
117	   measurement.  Two labels, synonymous with the PW labels, are obtained
118	   from the egress terminating provider edge (T-PE).  By alternating
119	   between these SFLs and using them in place of the PW label, the PW
120	   packets may be batched for counting without any impact on the PW
121	   forwarding behavior (note that strictly only one SFL is needed in
122	   this application, but that is an optimization that is a matter for
123	   the implementor).  The method of obtaining these additional labels is
124	   outside the scope of this text, however, one control protocol that
125	   provides a method of obtaining SFLs is described in
126	   [I-D.bryant-mpls-sfl-control].

128	   Now consider an MPLS application that is multi-point to point such as
129	   a VPN.  Here it is necessary to identify a packet batch from a
130	   specific source.  This is achieved by making the SFLs source
131	   specific, so that batches from one source are marked differently from
132	   batches from another source.  The sources all operate independently
133	   and asynchronously from each other, independently co-ordinating with
134	   the destination.  Each ingress is thus able to establish its own SFL
135	   to identify the sub-flow and thus enable PM per flow.

137	   Finally we need to consider the case where there is no MPLS
138	   application label such as occurs when sending IP over an LSP.  In
139	   this case introducing an SFL that was synonymous with the LSP label
140	   would introduce network wide forwarding state.  This would not be
141	   acceptable for scaling reasons.  We therefore have no choice but to
142	   introduce an additional label.  Where penultimate hop popping (PHP)
143	   is in use, the semantics of this additional label can be similar to
144	   the LSP label.  Where PHP is not in use, the semantics are similar to
145	   an MPLS explicit NULL [RFC3032].  In both of these cases the label
146	   has the additional semantics of the SFL.

148	   Note that to achieve the goals set out in Section 1 SFLs need to be
149	   allocated from the platform label table.

151	4.  User Service Traffic in the Data Plane

153	   As noted in Section 3 it is necessary to consider two cases:

155	   1.  Applications label present

157	   2.  Single label stack

159	4.1.  Applications Label Present

161	   Figure 1 shows the case in which both an LSP label and an application
162	   label are present in the MPLS label stack.  Traffic with no SFL
163	   function present runs over the "normal" stack, and SFL enabled flows
164	   run over the SFL stack with the SFL used to indicate the packet
165	   batch.

167	    +-----------------+          +-----------------+
168	    |                 |          |                 |
169	    |      LSP        |          |      LSP        | <May be PHPed
170	    |     Label       |          |     Label       |
171	    +-----------------+          +-----------------+
172	    |                 |          |                 |
173	    |  Application    |          | Synonymous Flow |
174	    |     Label       |          |     Label       |
175	    +-----------------+          +-----------------+ <= Bottom of stack
176	    |                 |          |                 |
177	    |   Payload       |          |   Payload       |
178	    |                 |          |                 |
179	    +-----------------+          +-----------------+

181	   "Normal" Label Stack         Label Stack with SFL

183	    Figure 1: Use of Synonymous Labels In A Two Label MPLS Label Stack

185	   At the egress LSR the LSP label is popped (if present).  Then the SFL
186	   is processed in exactly the same way as the corresponding application
187	   label would have been processed.

189	4.1.1.  Setting TTL and the Traffic Class Bits

191	   The TTL and the Traffic Class bits [RFC5462] in the SFL LSE would
192	   normally be set to the same value as would have been set in the label
193	   that the SFL is synonymous with.  However it is recognised that there
194	   may be an applications need to set the SFL to some other value.  An
195	   example would be where it was desired to cause the SFL to trigger an
196	   action in the TTL expiry exception path as part of the label action.

198	4.2.  Single Label Stack

200	   Figure 2 shows the case in which only an LSP label is present in the
201	   MPLS label stack.  Traffic with no SFL function present runs over the
202	   "normal" stack and SFL enabled flows run over the SFL stack with the
203	   SFL used to indicate the packet batch.  However in this case it is
204	   necessary for the ingress LSR to first push the SFL and then to push
205	   the LSP label.

207	                                 +-----------------+
208	                                 |                 |
209	                                 |      LSP        | <= May be PHPed
210	                                 |     Label       |
211	    +-----------------+          +-----------------+
212	    |                 |          |                 | <= Synonymous with
213	    |      LSP        |          | Synonymous Flow |    Explicit NULL
214	    |     Label       |          |     Label       |
215	    +-----------------+          +-----------------+ <= Bottom of stack
216	    |                 |          |                 |
217	    |   Payload       |          |   Payload       |
218	    |                 |          |                 |
219	    +-----------------+          +-----------------+

221	   "Normal" Label Stack         Label Stack with SFL

223	   Figure 2: Use of Synonymous Labels In A Single Label MPLS Label Stack

225	   At the receiving LSR it is necessary to consider two cases:

227	   1.  Where the LSP label is still present

229	   2.  Where the LSP label is penultimate hop popped

231	   If the LSP label is present, it processed exactly as it would
232	   normally processed and then it is popped.  This reveals the SFL which
233	   in the case of [RFC6374] measurements is simply counted and then
234	   discarded.  In this respect the processing of the SFL is synonymous
235	   with an MPLS Explicit NULL.  As the SFL is the bottom of stack, the
236	   IP packet that follows is processed as normal.

238	   If the LSP label is not present due to PHP action in the upstream
239	   LSR, two almost equivalent processing actions can take place.  Either
240	   the SFL can be treated as an LSP label that was not PHPed and the
241	   additional associated SFL action is taken when the label is
242	   processed.  Alternatively, it can be treated as an MPLS Explicit NULL
243	   with associated SFL actions.  From the perspective of the measurement
244	   system described in this document the behaviour of two approaches are
245	   indistinguishable and thus either may be implemented.

247	4.2.1.  Setting TTL and the Traffic Class Bits

249	   The TTL and the Traffic Class considerations described in
250	   Section 4.1.1 apply.

252	4.3.  Aggregation of SFL Actions

254	   There are cases where it is desirable to aggregate an SFL action
255	   against a number of labels.  For example where it is desirable to
256	   have one counter record the number of packets received over a group
257	   of application labels, or where the number of labels used by a single
258	   application is large, and consequently the increase in the number of
259	   allocated labels needed to support the SFL actions consequently
260	   becomes too large to be viable.  In these circumstances it would be
261	   necessary to introduce an additional label in the stack to act as an
262	   aggregate instruction.  This is not strictly a synonymous action in
263	   that the SFL is not replacing a existing label, but is somewhat
264	   similar to the single label case shown in Section 4.2, and the same
265	   signalling, management and configuration tools would be applicable.

267	                                 +-----------------+
268	                                 |                 |
269	                                 |      LSP        | < May be PHPed
270	                                 |     Label       |
271	    +-----------------+          +-----------------+
272	    |                 |          |                 |
273	    |      LSP        |          |   Aggregate     |
274	    |     Label       |          |      SFL        |
275	    +-----------------+          +-----------------+
276	    |                 |          |                 |
277	    |  Application    |          |  Application    |
278	    |     Label       |          |     Label       |
279	    +-----------------+          +-----------------+ <= Bottom of stack
280	    |                 |          |                 |
281	    |   Payload       |          |   Payload       |
282	    |                 |          |                 |
283	    +-----------------+          +-----------------+

285	   "Normal" Label Stack         Label Stack with SFL

287	                      Figure 3: Aggregate SFL Actions

289	   The Aggregate SFL is shown in the label stack depicted in Figure 3 as
290	   preceding the application label, however the choice of position
291	   before, or after, the application label will be application specific.
292	   In the case described in Section 4.1, by definition the SFL has the
293	   full application context.  In this case the positioning will depend
294	   on whether the SFL action needs the full context of the application
295	   to perform its action and whether the complexity of the application
296	   will be increased by finding an SFL following the application label.

298	5.  Equal Cost Multipath Considerations

300	   The introduction to an SFL to an existing flow may cause that flow to
301	   take a different path through the network under conditions of Equal
302	   Cost Multipath (ECMP).  This in turn may invalidate the certain uses
303	   of the SFL such as performance measurement applications.  Where this
304	   is a problem there are two solutions worthy of consideration:

306	   1.  The operator can elect to always run with the SFL in place in the
307	       MPLS label stack.

309	   2.  The operator can elect to use [RFC6790] Entropy Labels in a
310	       network that fully supports this type of ECMP.  If this approach
311	       is adopted, the intervening MPLS network MUST NOT load balance on
312	       any packet field other than the entropy label.  Note that this is
313	       stricter than the text in Section 4.2 of [RFC6790].  In networks
314	       in which the ECMP decision is independent of both the value of
315	       any other label in the label stack, and the MPLS payload, the
316	       path of the flow with the SFL will be congruent with the path
317	       without the SFL.

319	6.  Privacy Considerations

321	   IETF concerns on pervasive monitoring are described in [RFC7258].
322	   The inclusion of originating and/or flow information in a packet
323	   provides more identity information and hence potentially degrades the
324	   privacy of the communication.  Whilst the inclusion of the additional
325	   granularity does allow greater insight into the flow characteristics
326	   it does not specifically identify which node originated the packet
327	   other than by inspection of the network at the point of ingress, or
328	   inspection of the control protocol packets.  This privacy threat may
329	   be mitigated by encrypting the control protocol packets, regularly
330	   changing the synonymous labels and by concurrently using a number of
331	   such labels.  Minimizing the scope of the identity indication can be
332	   useful in minimizing the observability of the flow characteristics.

334	7.  Security Considerations

336	   There are no new security issues associated with the MPLS dataplane.
337	   Any control protocol used to request SFLs will need to ensure the
338	   legitimacy of the request.

340	8.  IANA Considerations

342	   This draft makes no IANA requests.

344	9.  Contributing Authors

346	   Zhenbin Li
347	   Huawei
348	   Email: lizhenbin@huawei.com

350	10.  References

352	10.1.  Normative References

354	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
355	              Requirement Levels", BCP 14, RFC 2119,
356	              DOI 10.17487/RFC2119, March 1997,
357	              <https://www.rfc-editor.org/info/rfc2119>.

359	   [RFC3032]  Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y.,
360	              Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack
361	              Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
362	              <https://www.rfc-editor.org/info/rfc3032>.

364	   [RFC5462]  Andersson, L. and R. Asati, "Multiprotocol Label Switching
365	              (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic
366	              Class" Field", RFC 5462, DOI 10.17487/RFC5462, February
367	              2009, <https://www.rfc-editor.org/info/rfc5462>.

369	   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
370	              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
371	              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

373	10.2.  Informative References

375	   [I-D.bryant-mpls-sfl-control]
376	              Bryant, S., Swallow, G., and S. Sivabalan, "A Simple
377	              Control Protocol for MPLS SFLs", draft-bryant-mpls-sfl-
378	              control-08 (work in progress), June 2020.

380	   [RFC3985]  Bryant, S., Ed. and P. Pate, Ed., "Pseudo Wire Emulation
381	              Edge-to-Edge (PWE3) Architecture", RFC 3985,
382	              DOI 10.17487/RFC3985, March 2005,
383	              <https://www.rfc-editor.org/info/rfc3985>.

385	   [RFC6374]  Frost, D. and S. Bryant, "Packet Loss and Delay
386	              Measurement for MPLS Networks", RFC 6374,
387	              DOI 10.17487/RFC6374, September 2011,
388	              <https://www.rfc-editor.org/info/rfc6374>.

390	   [RFC6790]  Kompella, K., Drake, J., Amante, S., Henderickx, W., and
391	              L. Yong, "The Use of Entropy Labels in MPLS Forwarding",
392	              RFC 6790, DOI 10.17487/RFC6790, November 2012,
393	              <https://www.rfc-editor.org/info/rfc6790>.

395	   [RFC7258]  Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
396	              Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May
397	              2014, <https://www.rfc-editor.org/info/rfc7258>.

399	   [RFC8372]  Bryant, S., Pignataro, C., Chen, M., Li, Z., and G.
400	              Mirsky, "MPLS Flow Identification Considerations",
401	              RFC 8372, DOI 10.17487/RFC8372, May 2018,
402	              <https://www.rfc-editor.org/info/rfc8372>.

404	Authors' Addresses

406	   Stewart Bryant
407	   Fururewei Technologies Inc

409	   Email: sb@stewartbryant.com

411	   Mach Chen
412	   Huawei

414	   Email: mach.chen@huawei.com

416	   George Swallow
417	   Southend Technical Center

419	   Email: swallow.ietf@gmail.com

421	   Siva Sivabalan
422	   Ciena Corporation

424	   Email: ssivabal@ciena.com

426	   Gregory Mirsky
427	   ZTE Corp.

429	   Email: gregimirsky@gmail.com