idnits 2.17.1 draft-ietf-sfc-ioam-nsh-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 11, 2019) is 1863 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-04 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC F. Brockners 3 Internet-Draft S. Bhandari 4 Intended status: Standards Track V. Govindan 5 Expires: September 12, 2019 C. Pignataro 6 Cisco 7 H. Gredler 8 RtBrick Inc. 9 J. Leddy 10 Comcast 11 S. Youell 12 JPMC 13 T. Mizrahi 14 Huawei Network.IO Innovation Lab 15 D. Mozes 17 P. Lapukhov 18 Facebook 19 R. Chang 20 Barefoot Networks 21 March 11, 2019 23 Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data 24 draft-ietf-sfc-ioam-nsh-01 26 Abstract 28 In-situ Operations, Administration, and Maintenance (IOAM) records 29 operational and telemetry information in the packet while the packet 30 traverses a path between two points in the network. This document 31 outlines how IOAM data fields are encapsulated in the Network Service 32 Header (NSH). 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at http://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on September 12, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (http://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. IOAM data fields encapsulation in NSH . . . . . . . . . . . . 3 70 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 71 4.1. Discussion of the encapsulation approach . . . . . . . . 5 72 4.2. IOAM and the use of the NSH O-bit . . . . . . . . . . . . 6 73 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 74 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 75 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 77 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 78 8.2. Informative References . . . . . . . . . . . . . . . . . 8 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 81 1. Introduction 83 In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], records 84 OAM information within the packet while the packet traverses a 85 particular network domain. The term "in-situ" refers to the fact 86 that the OAM data is added to the data packets rather than is being 87 sent within packets specifically dedicated to OAM. This document 88 defines how IOAM data fields are transported as part of the Network 89 Service Header (NSH) [RFC8300] encapsulation for the Service Function 90 Chaining (SFC) [RFC7665]. The IOAM data fields are defined in 91 [I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages 92 NSH to carry the IOAM data is available from the FD.io open source 93 software project [FD.io]. 95 2. Conventions 97 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 98 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 99 "OPTIONAL" in this document are to be interpreted as described in BCP 100 14 [RFC2119] [RFC8174] when, and only when, they appear in all 101 capitals, as shown here. 103 Abbreviations used in this document: 105 IOAM: In-situ Operations, Administration, and Maintenance 107 NSH: Network Service Header 109 OAM: Operations, Administration, and Maintenance 111 SFC: Service Function Chaining 113 TLV: Type, Length, Value 115 3. IOAM data fields encapsulation in NSH 117 The NSH is defined in [RFC8300]. IOAM data fields are carried in NSH 118 using a next protocol header which follows the NSH MD context 119 headers. An IOAM header is added containing the different IOAM data 120 fields defined in [I-D.ietf-ippm-ioam-data]. In an administrative 121 domain where IOAM is used, insertion of the IOAM header in NSH is 122 enabled at the NSH tunnel endpoints, which also serve as IOAM 123 encapsulating/decapsulating nodes by means of configuration. 125 0 1 2 3 126 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 127 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 128 |Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | | 129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N 130 | Service Path Identifier | Service Index | S 131 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ H 132 | ... | | 133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 134 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 135 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 136 ! | O 137 ! | A 138 ~ IOAM Option and Data Space ~ M 139 | | | 140 | | | 141 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 142 | | 143 | | 144 | Payload + Padding (L2/L3/ESP/...) | 145 | | 146 | | 147 | | 148 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 150 The NSH header and fields are defined in [RFC8300]. The "NSH Next 151 Protocol" value (referred to as "NP" in the diagram above) is 152 TBD_IOAM. 154 The IOAM related fields in NSH are defined as follows: 156 IOAM-Type: 8-bit field defining the IOAM Option type, as defined 157 in Section 7.2 of [I-D.ietf-ippm-ioam-data]. 159 IOAM HDR Len: 8 bit Length field contains the length of the IOAM 160 header in 4-octet units. 162 Reserved bits: Reserved bits are present for future use. The 163 reserved bits MUST be set to 0x0 upon transmission and ignored 164 upon receipt. 166 Next Protocol: 8-bit unsigned integer that determines the type of 167 header following IOAM protocol. The semantics of this field 168 are identical to the Next Protocol field in [RFC8300]. 170 IOAM Option and Data Space: IOAM option header and data is 171 present as specified by the IOAM-Type field, and is defined in 172 Section 4 of [I-D.ietf-ippm-ioam-data]. 174 Multiple IOAM options MAY be included within the NSH encapsulation. 175 For example, if a NSH encapsulation contains two IOAM options before 176 a data payload, the Next Protocol field of the first IOAM option will 177 contain the value of TBD_IOAM, while the Next Protocol field of the 178 second IOAM option will contain the "NSH Next Protocol" number 179 indicating the type of the data payload. 181 4. Considerations 183 This section summarizes a set of considerations on the overall 184 approach taken for IOAM data encapsulation in NSH, as well as 185 deployment considerations. 187 4.1. Discussion of the encapsulation approach 189 This section is to support the working group discussion in selecting 190 the most appropriate approach for encapsulating IOAM data fields in 191 NSH. 193 An encapsulation of IOAM data fields in NSH should be friendly to an 194 implementation in both hardware as well as software forwarders and 195 support a wide range of deployment cases, including large networks 196 that desire to leverage multiple IOAM data fields at the same time. 198 Hardware and software friendly implementation: Hardware forwarders 199 benefit from an encapsulation that minimizes iterative look-ups of 200 fields within the packet: Any operation which looks up the value 201 of a field within the packet, based on which another lookup is 202 performed, consumes additional gates and time in an implementation 203 - both of which are desired to be kept to a minimum. This means 204 that flat TLV structures are to be preferred over nested TLV 205 structures. IOAM data fields are grouped into three option 206 categories: Trace, proof-of-transit, and edge-to-edge. Each of 207 these three options defines a TLV structure. A hardware-friendly 208 encapsulation approach avoids grouping these three option 209 categories into yet another TLV structure, but would rather carry 210 the options as a serial sequence. 212 Total length of the IOAM data fields: The total length of IOAM 213 data can grow quite large in case multiple different IOAM data 214 fields are used and large path-lengths need to be considered. If 215 for example an operator would consider using the IOAM trace option 216 and capture node-id, app_data, egress/ingress interface-id, 217 timestamp seconds, timestamps nanoseconds at every hop, then a 218 total of 20 octets would be added to the packet at every hop. In 219 case this particular deployment would have a maximum path length 220 of 15 hops in the IOAM domain, then a maximum of 300 octets of 221 IOAM data were to be encapsulated in the packet. 223 Different approaches for encapsulating IOAM data fields in NSH could 224 be considered: 226 1. Encapsulation of IOAM data fields as "NSH MD Type 2" (see 227 [RFC8300], Section 2.5). Each IOAM data field option (trace, 228 proof-of-transit, and edge-to-edge) would be specified by a type, 229 with the different IOAM data fields being TLVs within this the 230 particular option type. NSH MD Type 2 offers support for 231 variable length meta-data. The length field is 6-bits, resulting 232 in a maximum of 256 (2^6 x 4) octets. 234 2. Encapsulation of IOAM data fields using the "Next Protocol" 235 field. Each IOAM data field option (trace, proof-of-transit, and 236 edge-to-edge) would be specified by its own "next protocol". 238 3. Encapsulation of IOAM data fields using the "Next Protocol" 239 field. A single NSH protocol type code point would be allocated 240 for IOAM. A "sub-type" field would then specify what IOAM 241 options type (trace, proof-of-transit, edge-to-edge) is carried. 243 The third option has been chosen here. This option avoids the 244 additional layer of TLV nesting that the use of NSH MD Type 2 would 245 result in. In addition, this option does not constrain IOAM data to 246 a maximum of 256 octets, thus allowing support for very large 247 deployments. 249 4.2. IOAM and the use of the NSH O-bit 251 [RFC8300] defines an "O bit" for OAM packets. Per [RFC8300] the O 252 bit must be set for OAM packets and must not be set for non-OAM 253 packets. Packets with IOAM data included MUST follow this 254 definition, i.e. the O bit MUST NOT be set for regular customer 255 traffic which also carries IOAM data and the O bit MUST be set for 256 OAM packets which carry only IOAM data without any regular data 257 payload. 259 5. IANA Considerations 261 IANA is requested to allocate protocol numbers for the following "NSH 262 Next Protocol" related to IOAM: 264 +---------------+-------------+---------------+ 265 | Next Protocol | Description | Reference | 266 +---------------+-------------+---------------+ 267 | x | TBD_IOAM | This document | 268 +---------------+-------------+---------------+ 270 6. Security Considerations 272 IOAM is considered a "per domain" feature, where one or several 273 operators decide on leveraging and configuring IOAM according to 274 their needs. Still, operators need to properly secure the IOAM 275 domain to avoid malicious configuration and use, which could include 276 injecting malicious IOAM packets into a domain. 278 7. Acknowledgements 280 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 281 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 282 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 283 and Andrew Yourtchenko for the comments and advice. 285 8. References 287 8.1. Normative References 289 [I-D.ietf-ippm-ioam-data] 290 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 291 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 292 P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, 293 "Data Fields for In-situ OAM", draft-ietf-ippm-ioam- 294 data-04 (work in progress), October 2018. 296 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 297 Requirement Levels", BCP 14, RFC 2119, 298 DOI 10.17487/RFC2119, March 1997, . 301 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 302 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 303 May 2017, . 305 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 306 "Network Service Header (NSH)", RFC 8300, 307 DOI 10.17487/RFC8300, January 2018, . 310 8.2. Informative References 312 [FD.io] "Fast Data Project: FD.io", . 314 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 315 Chaining (SFC) Architecture", RFC 7665, 316 DOI 10.17487/RFC7665, October 2015, . 319 Authors' Addresses 321 Frank Brockners 322 Cisco Systems, Inc. 323 Hansaallee 249, 3rd Floor 324 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 325 Germany 327 Email: fbrockne@cisco.com 329 Shwetha Bhandari 330 Cisco Systems, Inc. 331 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 332 Bangalore, KARNATAKA 560 087 333 India 335 Email: shwethab@cisco.com 337 Vengada Prasad Govindan 338 Cisco Systems, Inc. 340 Email: venggovi@cisco.com 342 Carlos Pignataro 343 Cisco Systems, Inc. 344 7200-11 Kit Creek Road 345 Research Triangle Park, NC 27709 346 United States 348 Email: cpignata@cisco.com 350 Hannes Gredler 351 RtBrick Inc. 353 Email: hannes@rtbrick.com 354 John Leddy 355 Comcast 357 Email: John_Leddy@cable.comcast.com 359 Stephen Youell 360 JP Morgan Chase 361 25 Bank Street 362 London E14 5JP 363 United Kingdom 365 Email: stephen.youell@jpmorgan.com 367 Tal Mizrahi 368 Huawei Network.IO Innovation Lab 369 Israel 371 Email: tal.mizrahi.phd@gmail.com 373 David Mozes 375 Email: mosesster@gmail.com 377 Petr Lapukhov 378 Facebook 379 1 Hacker Way 380 Menlo Park, CA 94025 381 US 383 Email: petr@fb.com 385 Remy Chang 386 Barefoot Networks 387 2185 Park Boulevard 388 Palo Alto, CA 94306 389 US