idnits 2.17.1 draft-ietf-sfc-ioam-nsh-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 19, 2020) is 1499 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-08 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC F. Brockners, Ed. 3 Internet-Draft S. Bhandari, Ed. 4 Intended status: Standards Track Cisco 5 Expires: September 20, 2020 March 19, 2020 7 Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data 8 draft-ietf-sfc-ioam-nsh-03 10 Abstract 12 In-situ Operations, Administration, and Maintenance (IOAM) records 13 operational and telemetry information in the packet while the packet 14 traverses a path between two points in the network. This document 15 outlines how IOAM data fields are encapsulated in the Network Service 16 Header (NSH). 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on September 20, 2020. 35 Copyright Notice 37 Copyright (c) 2020 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 54 3. IOAM data fields encapsulation in NSH . . . . . . . . . . . . 3 55 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 4 56 4.1. Discussion of the encapsulation approach . . . . . . . . 4 57 4.2. IOAM and the use of the NSH O-bit . . . . . . . . . . . . 5 58 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 59 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 60 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 61 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 6 62 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 63 9.1. Normative References . . . . . . . . . . . . . . . . . . 8 64 9.2. Informative References . . . . . . . . . . . . . . . . . 8 65 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 67 1. Introduction 69 In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], records 70 OAM information within the packet while the packet traverses a 71 particular network domain. The term "in-situ" refers to the fact 72 that the OAM data is added to the data packets rather than is being 73 sent within packets specifically dedicated to OAM. This document 74 defines how IOAM data fields are transported as part of the Network 75 Service Header (NSH) [RFC8300] encapsulation for the Service Function 76 Chaining (SFC) [RFC7665]. The IOAM-Data-Fields are defined in 77 [I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages 78 NSH to carry the IOAM data is available from the FD.io open source 79 software project [FD.io]. 81 2. Conventions 83 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 84 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 85 "OPTIONAL" in this document are to be interpreted as described in BCP 86 14 [RFC2119] [RFC8174] when, and only when, they appear in all 87 capitals, as shown here. 89 Abbreviations used in this document: 91 IOAM: In-situ Operations, Administration, and Maintenance 93 NSH: Network Service Header 95 OAM: Operations, Administration, and Maintenance 97 SFC: Service Function Chaining 98 TLV: Type, Length, Value 100 3. IOAM data fields encapsulation in NSH 102 The NSH is defined in [RFC8300]. IOAM-Data-Fields are carried in NSH 103 using a next protocol header which follows the NSH MD context 104 headers. An IOAM header is added containing the different IOAM-Data- 105 Fields defined in [I-D.ietf-ippm-ioam-data]. In an administrative 106 domain where IOAM is used, insertion of the IOAM header in NSH is 107 enabled at the NSH tunnel endpoints, which also serve as IOAM 108 encapsulating/decapsulating nodes by means of configuration. 110 0 1 2 3 111 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 112 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 113 |Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | | 114 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N 115 | Service Path Identifier | Service Index | S 116 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ H 117 | ... | | 118 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 119 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 121 ! | O 122 ! | A 123 ~ IOAM Option and Data Space ~ M 124 | | | 125 | | | 126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 127 | | 128 | | 129 | Payload + Padding (L2/L3/ESP/...) | 130 | | 131 | | 132 | | 133 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 135 The NSH header and fields are defined in [RFC8300]. The "NSH Next 136 Protocol" value (referred to as "NP" in the diagram above) is 137 TBD_IOAM. 139 The IOAM related fields in NSH are defined as follows: 141 IOAM-Type: 8-bit field defining the IOAM-Option-Type, as defined 142 in the IOAM Option-Type Registry (see Section 7.2 of 143 [I-D.ietf-ippm-ioam-data]). 145 IOAM HDR Len: 8 bit Length field contains the length of the IOAM 146 header in 4-octet units. 148 Reserved bits: Reserved bits are present for future use. The 149 reserved bits MUST be set to 0x0 upon transmission and ignored 150 upon receipt. 152 Next Protocol: 8-bit unsigned integer that determines the type of 153 header following IOAM. The semantics of this field are 154 identical to the Next Protocol field in [RFC8300]. 156 IOAM Option and Data Space: IOAM-Option-Type and IOAM-Data-Field 157 as specified by the IOAM-Type field are present (see Section 4 158 of [I-D.ietf-ippm-ioam-data]). 160 Multiple IOAM-Option-Types MAY be included within the NSH 161 encapsulation. For example, if a NSH encapsulation contains two 162 IOAM-Option-Types before a data payload, the Next Protocol field of 163 the first IOAM option will contain the value of TBD_IOAM, while the 164 Next Protocol field of the second IOAM-Option-Type will contain the 165 "NSH Next Protocol" number indicating the type of the data payload. 167 4. Considerations 169 This section summarizes a set of considerations on the overall 170 approach taken for IOAM data encapsulation in NSH, as well as 171 deployment considerations. 173 4.1. Discussion of the encapsulation approach 175 This section discusses several approaches for encapsulating IOAM- 176 Data-Fields in NSH and presents the rationale for the approach chosen 177 in this document. 179 An encapsulation of IOAM-Data-Fields in NSH should be friendly to an 180 implementation in both hardware as well as software forwarders and 181 support a wide range of deployment cases, including large networks 182 that desire to leverage multiple IOAM-Data-Fields at the same time. 184 Hardware and software friendly implementation: Hardware forwarders 185 benefit from an encapsulation that minimizes iterative look-ups of 186 fields within the packet: Any operation which looks up the value of a 187 field within the packet, based on which another lookup is performed, 188 consumes additional gates and time in an implementation - both of 189 which are desired to be kept to a minimum. This means that flat TLV 190 structures are to be preferred over nested TLV structures. IOAM- 191 Data-Fields are grouped into several categories, including trace, 192 proof-of-transit, and edge-to-edge. Each of these options defines a 193 TLV structure. A hardware-friendly encapsulation approach avoids 194 grouping these three option categories into yet another TLV 195 structure, but would rather carry the options as a serial sequence. 197 Total length of the IOAM-Data-Fields: The total length of IOAM-Data- 198 Fields can grow quite large in case multiple different IOAM-Data- 199 Fields are used and large path-lengths need to be considered. If for 200 example an operator would consider using the IOAM Trace Option-Type 201 and capture node-id, app_data, egress/ingress interface-id, timestamp 202 seconds, timestamps nanoseconds at every hop, then a total of 20 203 octets would be added to the packet at every hop. In case this 204 particular deployment would have a maximum path length of 15 hops in 205 the IOAM domain, then a maximum of 300 octets were to be encapsulated 206 in the packet. 208 Different approaches for encapsulating IOAM-Data-Fields in NSH could 209 be considered: 211 1. Encapsulation of IOAM-Data-Fields as "NSH MD Type 2" (see 212 [RFC8300], Section 2.5). Each IOAM-Option-Type (e.g. trace, 213 proof-of-transit, and edge-to-edge) would be specified by a type, 214 with the different IOAM-Data-Fields being TLVs within this the 215 particular option type. NSH MD Type 2 offers support for 216 variable length meta-data. The length field is 6-bits, resulting 217 in a maximum of 256 (2^6 x 4) octets. 219 2. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 220 field. Each IOAM-Option-Type (e.g trace, proof-of-transit, and 221 edge-to-edge) would be specified by its own "next protocol". 223 3. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 224 field. A single NSH protocol type code point would be allocated 225 for IOAM. A "sub-type" field would then specify what IOAM 226 options type (trace, proof-of-transit, edge-to-edge) is carried. 228 The third option has been chosen here. This option avoids the 229 additional layer of TLV nesting that the use of NSH MD Type 2 would 230 result in. In addition, this option does not constrain IOAM data to 231 a maximum of 256 octets, thus allowing support for very large 232 deployments. 234 4.2. IOAM and the use of the NSH O-bit 236 [RFC8300] defines an "O bit" for OAM packets. Per [RFC8300] the O 237 bit must be set for OAM packets and must not be set for non-OAM 238 packets. Packets with IOAM data included MUST follow this 239 definition, i.e. the O bit MUST NOT be set for regular customer 240 traffic which also carries IOAM data and the O bit MUST be set for 241 OAM packets which carry only IOAM data without any regular data 242 payload. 244 5. IANA Considerations 246 IANA is requested to allocate protocol numbers for the following "NSH 247 Next Protocol" related to IOAM: 249 +---------------+-------------+---------------+ 250 | Next Protocol | Description | Reference | 251 +---------------+-------------+---------------+ 252 | x | TBD_IOAM | This document | 253 +---------------+-------------+---------------+ 255 6. Security Considerations 257 IOAM is considered a "per domain" feature, where one or several 258 operators decide on leveraging and configuring IOAM according to 259 their needs. Still, operators need to properly secure the IOAM 260 domain to avoid malicious configuration and use, which could include 261 injecting malicious IOAM packets into a domain. For additional IOAM 262 related security considerations, see Section 8 in 263 [I-D.ietf-ippm-ioam-data]. 265 7. Acknowledgements 267 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 268 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 269 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 270 and Andrew Yourtchenko for the comments and advice. 272 8. Contributors 274 In addition to editors listed on the title page, the following people 275 have contributed to this document: 277 Vengada Prasad Govindan 278 Cisco Systems, Inc. 279 Email: venggovi@cisco.com 280 Carlos Pignataro 281 Cisco Systems, Inc. 282 7200-11 Kit Creek Road 283 Research Triangle Park, NC 27709 284 United States 285 Email: cpignata@cisco.com 287 Hannes Gredler 288 RtBrick Inc. 289 Email: hannes@rtbrick.com 291 John Leddy 292 Email: john@leddy.net 294 Stephen Youell 295 JP Morgan Chase 296 25 Bank Street 297 London E14 5JP 298 United Kingdom 299 Email: stephen.youell@jpmorgan.com 301 Tal Mizrahi 302 Huawei Network.IO Innovation Lab 303 Israel 304 Email: tal.mizrahi.phd@gmail.com 306 David Mozes 307 Email: mosesster@gmail.com 309 Petr Lapukhov 310 Facebook 311 1 Hacker Way 312 Menlo Park, CA 94025 313 US 314 Email: petr@fb.com 315 Remy Chang 316 Barefoot Networks 317 2185 Park Boulevard 318 Palo Alto, CA 94306 319 US 321 9. References 323 9.1. Normative References 325 [I-D.ietf-ippm-ioam-data] 326 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 327 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 328 P., remy@barefootnetworks.com, r., daniel.bernier@bell.ca, 329 d., and J. Lemon, "Data Fields for In-situ OAM", draft- 330 ietf-ippm-ioam-data-08 (work in progress), October 2019. 332 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 333 Requirement Levels", BCP 14, RFC 2119, 334 DOI 10.17487/RFC2119, March 1997, 335 . 337 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 338 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 339 May 2017, . 341 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 342 "Network Service Header (NSH)", RFC 8300, 343 DOI 10.17487/RFC8300, January 2018, 344 . 346 9.2. Informative References 348 [FD.io] "Fast Data Project: FD.io", . 350 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 351 Chaining (SFC) Architecture", RFC 7665, 352 DOI 10.17487/RFC7665, October 2015, 353 . 355 Authors' Addresses 356 Frank Brockners (editor) 357 Cisco Systems, Inc. 358 Hansaallee 249, 3rd Floor 359 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 360 Germany 362 Email: fbrockne@cisco.com 364 Shwetha Bhandari (editor) 365 Cisco Systems, Inc. 366 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 367 Bangalore, KARNATAKA 560 087 368 India 370 Email: shwethab@cisco.com