idnits 2.17.1 draft-ietf-sfc-ioam-nsh-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 31, 2018) is 2128 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2784' is defined on line 294, but no explicit reference was found in the text == Unused Reference: 'RFC3232' is defined on line 299, but no explicit reference was found in the text == Unused Reference: 'RFC7665' is defined on line 312, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-02 ** Downref: Normative reference to an Informational RFC: RFC 3232 Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 sfc F. Brockners 3 Internet-Draft S. Bhandari 4 Intended status: Standards Track V. Govindan 5 Expires: December 2, 2018 C. Pignataro 6 Cisco 7 H. Gredler 8 RtBrick Inc. 9 J. Leddy 10 Comcast 11 S. Youell 12 JMPC 13 T. Mizrahi 14 Marvell 15 D. Mozes 17 P. Lapukhov 18 Facebook 19 R. Chang 20 Barefoot Networks 21 May 31, 2018 23 NSH Encapsulation for In-situ OAM Data 24 draft-ietf-sfc-ioam-nsh-00 26 Abstract 28 In-situ Operations, Administration, and Maintenance (OAM) records 29 operational and telemetry information in the packet while the packet 30 traverses a path between two points in the network. This document 31 outlines how IOAM data fields are encapsulated in the Network Service 32 Header (NSH). 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on December 2, 2018. 50 Copyright Notice 52 Copyright (c) 2018 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. IOAM data fields encapsulation in NSH . . . . . . . . . . . . 3 70 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 71 4.1. Discussion of the encapsulation approach . . . . . . . . 5 72 4.2. IOAM and the use of the NSH O-bit . . . . . . . . . . . . 6 73 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 74 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 75 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 77 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 78 8.2. Informative References . . . . . . . . . . . . . . . . . 8 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 81 1. Introduction 83 In-situ OAM (IOAM) records OAM information within the packet while 84 the packet traverses a particular network domain. The term "in-situ" 85 refers to the fact that the OAM data is added to the data packets 86 rather than is being sent within packets specifically dedicated to 87 OAM. This document defines how IOAM data fields are transported as 88 part of the Network Service Header (NSH) [RFC8300] encapsulation. 89 The IOAM data fields are defined in [I-D.ietf-ippm-ioam-data]. An 90 implementation of IOAM which leverages NSH to carry the IOAM data is 91 available from the FD.io open source software project [FD.io]. 93 2. Conventions 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 97 document are to be interpreted as described in [RFC2119]. 99 Abbreviations used in this document: 101 IOAM: In-situ Operations, Administration, and Maintenance 103 NSH: Network Service Header 105 OAM: Operations, Administration, and Maintenance 107 TLV: Type, Length, Value 109 3. IOAM data fields encapsulation in NSH 111 NSH is defined in [RFC8300]. IOAM data fields are carried in NSH 112 using a next protocol header which follows the NSH MDx metadata TLVs. 113 An IOAM header is added containing the different IOAM data fields 114 defined in [I-D.ietf-ippm-ioam-data]. In an administrative domain 115 where IOAM is used, insertion of the IOAM header in NSH is enabled at 116 the NSH tunnel endpoints, which also serve as IOAM encapsulating/ 117 decapsulating nodes by means of configuration. 119 0 1 2 3 120 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 122 |Ver|O|C|R|R|R|R|R|R| Length | MD Type | NP = TBD_IOAM | | 123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N 124 | Service Path Identifer | Service Index | S 125 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ H 126 | ... | | 127 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 128 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 130 ! | O 131 ! | A 132 ~ IOAM Option and Data Space ~ M 133 | | | 134 | | | 135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 136 | | 137 | | 138 | Payload + Padding (L2/L3/ESP/...) | 139 | | 140 | | 141 | | 142 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 144 The NSH header and fields are defined in [RFC8300]. The "NSH Next 145 Protocol" value (referred to as "NP" in the diagram above) is 146 TBD_IOAM. 148 The IOAM related fields in NSH are defined as follows: 150 IOAM-Type: 8-bit field defining the IOAM Option type, as defined in 151 Section 7.2 of [I-D.ietf-ippm-ioam-data]. 153 IOAM HDR Len: 8 bit Length field contains the length of the IOAM 154 header in 4-octet units. 156 Reserved bits: Reserved bits are present for future use. The 157 reserved bits MUST be set to 0x0 upon transmission and ignored 158 upon receipt. 160 Next Protocol: 8-bit unsigned integer that determines the type of 161 header following IOAM protocol. 163 IOAM Option and Data Space: IOAM option header and data is present 164 as specified by the IOAM-Type field, and is defined in Section 4 165 of [I-D.ietf-ippm-ioam-data]. 167 Multiple IOAM options MAY be included within the NSH encapsulation. 168 For example, if a NSH encapsulation contains two IOAM options before 169 a data payload, the Next Protocol field of the first IOAM option will 170 contain the value of TBD_IOAM, while the Next Protocol field of the 171 second IOAM option will contain the "NSH Next Protocol" number 172 indicating the type of the data payload. 174 4. Considerations 176 This section summarizes a set of considerations on the overall 177 approach taken for IOAM data encapsulation in NSH, as well as 178 deployment considerations. 180 4.1. Discussion of the encapsulation approach 182 This section is to support the working group discussion in selecting 183 the most appropriate approach for encapsulating IOAM data fields in 184 NSH. 186 An encapsulation of IOAM data fields in NSH should be friendly to an 187 implementation in both hardware as well as software forwarders and 188 support a wide range of deployment cases, including large networks 189 that desire to leverage multiple IOAM data fields at the same time. 191 Hardware and software friendly implementation: Hardware forwarders 192 benefit from an encapsulation that minimizes iterative look-ups of 193 fields within the packet: Any operation which looks up the value 194 of a field within the packet, based on which another lookup is 195 performed, consumes additional gates and time in an implementation 196 - both of which are desired to be kept to a minimum. This means 197 that flat TLV structures are to be preferred over nested TLV 198 structures. IOAM data fields are grouped into three option 199 categories: Trace, proof-of-transit, and edge-to-edge. Each of 200 these three options defines a TLV structure. A hardware-friendly 201 encapsulation approach avoids grouping these three option 202 categories into yet another TLV structure, but would rather carry 203 the options as a serial sequence. 205 Total length of the IOAM data fields: The total length of IOAM 206 data can grow quite large in case multiple different IOAM data 207 fields are used and large path-lengths need to be considered. If 208 for example an operator would consider using the IOAM trace option 209 and capture node-id, app_data, egress/ingress interface-id, 210 timestamp seconds, timestamps nanoseconds at every hop, then a 211 total of 20 octets would be added to the packet at every hop. In 212 case this particular deployment would have a maximum path length 213 of 15 hops in the IOAM domain, then a maximum of 300 octets of 214 IOAM data were to be encapsulated in the packet. 216 Different approaches for encapsulating IOAM data fields in NSH could 217 be considered: 219 1. Encapsulation of IOAM data fields as "NSH MD Type 2" (see 220 [RFC8300], section 2.5). Each IOAM data field option (trace, 221 proof-of-transit, and edge-to-edge) would be specified by a type, 222 with the different IOAM data fields being TLVs within this the 223 particular option type. NSH MD Type 2 offers support for 224 variable length meta-data. The length field is 6-bits, resulting 225 in a maximum of 256 (2^6 x 4) octets. 227 2. Encapsulation of IOAM data fields using the "Next Protocol" 228 field. Each IOAM data field option (trace, proof-of-transit, and 229 edge-to-edge) would be specified by its own "next protocol". 231 3. Encapsulation of IOAM data fields using the "Next Protocol" 232 field. A single NSH protocol type code point would be allocated 233 for IOAM. A "sub-type" field would then specify what IOAM 234 options type (trace, proof-of-transit, edge-to-edge) is carried. 236 The third option has been chosen here. This option avoids the 237 additional layer of TLV nesting that the use of NSH MD Type 2 would 238 result in. In addition, this option does not constrain IOAM data to 239 a maximum of 256 octets, thus allowing support for very large 240 deployments. 242 4.2. IOAM and the use of the NSH O-bit 244 [RFC8300] defines an "O bit" for OAM packets. Per [RFC8300] the O 245 bit must be set for OAM packets and must not be set for non-OAM 246 packets. Packets with IOAM data included MUST follow this 247 definition, i.e. the O bit MUST NOT be set for regular customer 248 traffic which also carries IOAM data and the O bit MUST be set for 249 OAM packets which carry only IOAM data without any regular data 250 payload. 252 5. IANA Considerations 254 IANA is requested to allocate protocol numbers for the following "NSH 255 Next Protocol" related to IOAM: 257 +---------------+-------------+---------------+ 258 | Next Protocol | Description | Reference | 259 +---------------+-------------+---------------+ 260 | x | TBD_IOAM | This document | 261 +---------------+-------------+---------------+ 263 6. Security Considerations 265 IOAM is considered a "per domain" feature, where one or several 266 operators decide on leveraging and configuring IOAM according to 267 their needs. Still, operators need to properly secure the IOAM 268 domain to avoid malicious configuration and use, which could include 269 injecting malicious IOAM packets into a domain. 271 7. Acknowledgements 273 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 274 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 275 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 276 and Andrew Yourtchenko for the comments and advice. 278 8. References 280 8.1. Normative References 282 [I-D.ietf-ippm-ioam-data] 283 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 284 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 285 P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, 286 "Data Fields for In-situ OAM", draft-ietf-ippm-ioam- 287 data-02 (work in progress), March 2018. 289 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 290 Requirement Levels", BCP 14, RFC 2119, 291 DOI 10.17487/RFC2119, March 1997, . 294 [RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. 295 Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, 296 DOI 10.17487/RFC2784, March 2000, . 299 [RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced 300 by an On-line Database", RFC 3232, DOI 10.17487/RFC3232, 301 January 2002, . 303 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 304 "Network Service Header (NSH)", RFC 8300, 305 DOI 10.17487/RFC8300, January 2018, . 308 8.2. Informative References 310 [FD.io] "Fast Data Project: FD.io", . 312 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 313 Chaining (SFC) Architecture", RFC 7665, 314 DOI 10.17487/RFC7665, October 2015, . 317 Authors' Addresses 319 Frank Brockners 320 Cisco Systems, Inc. 321 Hansaallee 249, 3rd Floor 322 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 323 Germany 325 Email: fbrockne@cisco.com 327 Shwetha Bhandari 328 Cisco Systems, Inc. 329 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 330 Bangalore, KARNATAKA 560 087 331 India 333 Email: shwethab@cisco.com 335 Vengada Prasad Govindan 336 Cisco Systems, Inc. 338 Email: venggovi@cisco.com 340 Carlos Pignataro 341 Cisco Systems, Inc. 342 7200-11 Kit Creek Road 343 Research Triangle Park, NC 27709 344 United States 346 Email: cpignata@cisco.com 348 Hannes Gredler 349 RtBrick Inc. 351 Email: hannes@rtbrick.com 352 John Leddy 353 Comcast 355 Email: John_Leddy@cable.comcast.com 357 Stephen Youell 358 JP Morgan Chase 359 25 Bank Street 360 London E14 5JP 361 United Kingdom 363 Email: stephen.youell@jpmorgan.com 365 Tal Mizrahi 366 Marvell 367 6 Hamada St. 368 Yokneam 20692 369 Israel 371 Email: talmi@marvell.com 373 David Mozes 375 Email: mosesster@gmail.com 377 Petr Lapukhov 378 Facebook 379 1 Hacker Way 380 Menlo Park, CA 94025 381 US 383 Email: petr@fb.com 385 Remy Chang 386 Barefoot Networks 387 2185 Park Boulevard 388 Palo Alto, CA 94306 389 US