idnits 2.17.1 draft-ietf-sfc-ioam-nsh-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (27 April 2022) is 728 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-03) exists of draft-ietf-sfc-oam-packet-01 == Outdated reference: A later version (-05) exists of draft-ietf-ippm-ioam-deployment-01 == Outdated reference: A later version (-11) exists of draft-ietf-ippm-ioam-direct-export-07 == Outdated reference: A later version (-10) exists of draft-ietf-ippm-ioam-flags-07 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC F. Brockners, Ed. 3 Internet-Draft Cisco 4 Intended status: Standards Track S. Bhandari, Ed. 5 Expires: 29 October 2022 Thoughtspot 6 27 April 2022 8 Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data 9 draft-ietf-sfc-ioam-nsh-09 11 Abstract 13 In-situ Operations, Administration, and Maintenance (IOAM) is used 14 for recording and collecting operational and telemetry information 15 while the packet traverses a path between two points in the network. 16 This document outlines how IOAM data fields are encapsulated with the 17 Network Service Header (NSH). 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on 29 October 2022. 36 Copyright Notice 38 Copyright (c) 2022 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 43 license-info) in effect on the date of publication of this document. 44 Please review these documents carefully, as they describe your rights 45 and restrictions with respect to this document. Code Components 46 extracted from this document must include Revised BSD License text as 47 described in Section 4.e of the Trust Legal Provisions and are 48 provided without warranty as described in the Revised BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 54 3. IOAM encapsulation with NSH . . . . . . . . . . . . . . . . . 3 55 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 56 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 57 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 58 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 5 59 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 60 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 61 8.2. Informative References . . . . . . . . . . . . . . . . . 7 62 Appendix A. Discussion of the IOAM encapsulation approach . . . 7 63 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 65 1. Introduction 67 In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], is used 68 to record and collect OAM information while the packet traverses a 69 particular network domain. The term "in-situ" refers to the fact 70 that the OAM data is added to the data packets rather than is being 71 sent within packets specifically dedicated to OAM. This document 72 defines how IOAM data fields are transported as part of the Network 73 Service Header (NSH) [RFC8300] encapsulation for the Service Function 74 Chaining (SFC) [RFC7665]. The IOAM-Data-Fields are defined in 75 [I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages 76 NSH to carry the IOAM data is available from the FD.io open source 77 software project [FD.io]. 79 2. Conventions 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 83 "OPTIONAL" in this document are to be interpreted as described in BCP 84 14 [RFC2119] [RFC8174] when, and only when, they appear in all 85 capitals, as shown here. 87 Abbreviations used in this document: 89 IOAM: In-situ Operations, Administration, and Maintenance 91 NSH: Network Service Header 93 OAM: Operations, Administration, and Maintenance 95 SFC: Service Function Chaining 97 TLV: Type, Length, Value 99 3. IOAM encapsulation with NSH 101 The NSH is defined in [RFC8300]. IOAM-Data-Fields are carried as NSH 102 payload using a next protocol header which follows the NSH headers. 103 An IOAM header is added containing the different IOAM-Data-Fields. 104 The IOAM-Data-Fields MUST follow the definitions corresponding to 105 IOAM-Option-Types (e.g. see Section 5 of [I-D.ietf-ippm-ioam-data] 106 and Section 3.2 of [I-D.ietf-ippm-ioam-direct-export]). In an 107 administrative domain where IOAM is used, insertion of the IOAM 108 header in NSH is enabled at the NSH tunnel endpoints, which also 109 serve as IOAM encapsulating/decapsulating nodes by means of 110 configuration. See [I-D.ietf-ippm-ioam-deployment] for a discussion 111 of deployment related aspects of IOAM-Data-fields. 113 0 1 2 3 114 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 115 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 116 |Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | | 117 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N 118 | Service Path Identifier | Service Index | S 119 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ H 120 | ... | | 121 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 122 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 123 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 124 ! | O 125 ! | A 126 ~ IOAM Option and Optional Data Space ~ M 127 | | | 128 | | | 129 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 130 | | 131 | | 132 | Payload + Padding (L2/L3/ESP/...) | 133 | | 134 | | 135 | | 136 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 138 The NSH header and fields are defined in [RFC8300]. The O-bit MUST 139 be handled following the rules in [I-D.ietf-sfc-oam-packet]. The 140 "NSH Next Protocol" value (referred to as "NP" in the diagram above) 141 is TBD_IOAM. 143 The IOAM related fields in NSH are defined as follows: 145 IOAM-Type: 8-bit field defining the IOAM-Option-Type, as defined 146 in the IOAM Option-Type Registry specified in 147 [I-D.ietf-ippm-ioam-data]. 149 IOAM HDR Len: 8 bit Length field contains the length of the IOAM 150 header in 4-octet units. 152 Reserved bits: Reserved bits are present for future use. The 153 reserved bits MUST be set to 0x0 upon transmission and ignored 154 upon receipt. 156 Next Protocol: 8-bit unsigned integer that determines the type of 157 header following IOAM. The semantics of this field are 158 identical to the Next Protocol field in [RFC8300]. 160 IOAM Option and Data Space: IOAM-Data-Fields as specified by the 161 IOAM-Type field. IOAM-Data-Fields are defined corresponding to 162 the IOAM-Option-Type (e.g. see Section 5 of 163 [I-D.ietf-ippm-ioam-data] and Section 3.2 of 164 [I-D.ietf-ippm-ioam-direct-export]). 166 Multiple IOAM-Option-Types MAY be included within the NSH 167 encapsulation. For example, if a NSH encapsulation contains two 168 IOAM-Option-Types before a data payload, the Next Protocol field of 169 the first IOAM option will contain the value of TBD_IOAM, while the 170 Next Protocol field of the second IOAM-Option-Type will contain the 171 "NSH Next Protocol" number indicating the type of the data payload. 172 The applicability of the IOAM Active and Loopback flags 173 [I-D.ietf-ippm-ioam-flags] is outside the scope of this document and 174 may be specified in the future. When a packet with IOAM is received 175 at an NSH based forwarding node such as an Service Function Forwarder 176 (SFF) that does not understand IOAM header, it SHOULD drop the 177 packet. The mechanism to maintain and notify of such events are 178 outside the scope of this document. 180 4. IANA Considerations 182 IANA is requested to allocate protocol numbers for the following "NSH 183 Next Protocol" related to IOAM: 185 +---------------+-------------+---------------+ 186 | Next Protocol | Description | Reference | 187 +---------------+-------------+---------------+ 188 | x | TBD_IOAM | This document | 189 +---------------+-------------+---------------+ 191 5. Security Considerations 193 IOAM is considered a "per domain" feature, where one or several 194 operators decide on leveraging and configuring IOAM according to 195 their needs. Still, operators need to properly secure the IOAM 196 domain to avoid malicious configuration and use, which could include 197 injecting malicious IOAM packets into a domain. For additional IOAM 198 related security considerations, see Section 10 in 199 [I-D.ietf-ippm-ioam-data]. For additional OAM and NSH related 200 security considerations see Section 5 of [I-D.ietf-sfc-oam-packet]. 202 6. Acknowledgements 204 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 205 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 206 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 207 Andrew Yourtchenko, Greg Mirsky and Mohamed Boucadair for the 208 comments and advice. 210 7. Contributors 212 In addition to editors listed on the title page, the following people 213 have contributed to this document: 215 Vengada Prasad Govindan 216 Cisco Systems, Inc. 217 Email: venggovi@cisco.com 219 Carlos Pignataro 220 Cisco Systems, Inc. 221 7200-11 Kit Creek Road 222 Research Triangle Park, NC 27709 223 United States 224 Email: cpignata@cisco.com 226 Hannes Gredler 227 RtBrick Inc. 228 Email: hannes@rtbrick.com 230 John Leddy 231 Email: john@leddy.net 233 Stephen Youell 234 JP Morgan Chase 235 25 Bank Street 236 London E14 5JP 237 United Kingdom 238 Email: stephen.youell@jpmorgan.com 239 Tal Mizrahi 240 Huawei Network.IO Innovation Lab 241 Israel 242 Email: tal.mizrahi.phd@gmail.com 244 David Mozes 245 Email: mosesster@gmail.com 247 Petr Lapukhov 248 Facebook 249 1 Hacker Way 250 Menlo Park, CA 94025 251 US 252 Email: petr@fb.com 254 Remy Chang 255 Barefoot Networks 256 2185 Park Boulevard 257 Palo Alto, CA 94306 258 US 260 8. References 262 8.1. Normative References 264 [I-D.ietf-ippm-ioam-data] 265 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 266 for In-situ OAM", Work in Progress, Internet-Draft, draft- 267 ietf-ippm-ioam-data-17, 13 December 2021, 268 . 271 [I-D.ietf-sfc-oam-packet] 272 Boucadair, M., "OAM Packet and Behavior in the Network 273 Service Header (NSH)", Work in Progress, Internet-Draft, 274 draft-ietf-sfc-oam-packet-01, 25 April 2022, 275 . 278 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 279 Requirement Levels", BCP 14, RFC 2119, 280 DOI 10.17487/RFC2119, March 1997, 281 . 283 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 284 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 285 May 2017, . 287 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 288 "Network Service Header (NSH)", RFC 8300, 289 DOI 10.17487/RFC8300, January 2018, 290 . 292 8.2. Informative References 294 [FD.io] "Fast Data Project: FD.io", . 296 [I-D.ietf-ippm-ioam-deployment] 297 Brockners, F., Bhandari, S., Bernier, D., and T. Mizrahi, 298 "In-situ OAM Deployment", Work in Progress, Internet- 299 Draft, draft-ietf-ippm-ioam-deployment-01, 11 April 2022, 300 . 303 [I-D.ietf-ippm-ioam-direct-export] 304 Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., 305 Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ 306 OAM Direct Exporting", Work in Progress, Internet-Draft, 307 draft-ietf-ippm-ioam-direct-export-07, 13 October 2021, 308 . 311 [I-D.ietf-ippm-ioam-flags] 312 Mizrahi, T., Brockners, F., Bhandari, S., Sivakolundu, R., 313 Pignataro, C., Kfir, A., Gafni, B., Spiegel, M., and J. 314 Lemon, "In-situ OAM Loopback and Active Flags", Work in 315 Progress, Internet-Draft, draft-ietf-ippm-ioam-flags-07, 316 13 October 2021, . 319 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 320 Chaining (SFC) Architecture", RFC 7665, 321 DOI 10.17487/RFC7665, October 2015, 322 . 324 Appendix A. Discussion of the IOAM encapsulation approach 326 This section lists several approaches considered for encapsulating 327 IOAM with NSH and presents the rationale for the approach chosen in 328 this document. 330 An encapsulation of IOAM-Data-Fields in NSH should be friendly to an 331 implementation in both hardware as well as software forwarders and 332 support a wide range of deployment cases, including large networks 333 that desire to leverage multiple IOAM-Data-Fields at the same time. 335 Hardware and software friendly implementation: Hardware forwarders 336 benefit from an encapsulation that minimizes iterative look-ups of 337 fields within the packet: Any operation which looks up the value of a 338 field within the packet, based on which another lookup is performed, 339 consumes additional gates and time in an implementation - both of 340 which are desired to be kept to a minimum. This means that flat TLV 341 structures are to be preferred over nested TLV structures. IOAM- 342 Data-Fields are grouped into several categories, including trace, 343 proof-of-transit, and edge-to-edge. Each of these options defines a 344 TLV structure. A hardware-friendly encapsulation approach avoids 345 grouping these three option categories into yet another TLV 346 structure, but would rather carry the options as a serial sequence. 348 Total length of the IOAM-Data-Fields: The total length of IOAM-Data- 349 Fields can grow quite large in case multiple different IOAM-Data- 350 Fields are used and large path-lengths need to be considered. If for 351 example an operator would consider using the IOAM Trace Option-Type 352 and capture node-id, app_data, egress/ingress interface-id, timestamp 353 seconds, timestamps nanoseconds at every hop, then a total of 20 354 octets would be added to the packet at every hop. In case this 355 particular deployment would have a maximum path length of 15 hops in 356 the IOAM domain, then a maximum of 300 octets were to be encapsulated 357 in the packet. 359 Different approaches for encapsulating IOAM-Data-Fields in NSH could 360 be considered: 362 1. Encapsulation of IOAM-Data-Fields as "NSH MD Type 2" (see 363 [RFC8300], Section 2.5). Each IOAM-Option-Type (e.g. trace, 364 proof-of-transit, and edge-to-edge) would be specified by a type, 365 with the different IOAM-Data-Fields being TLVs within this the 366 particular option type. NSH MD Type 2 offers support for 367 variable length meta-data. The length field is 6-bits, resulting 368 in a maximum of 256 (2^6 x 4) octets. 370 2. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 371 field. Each IOAM-Option-Type (e.g trace, proof-of-transit, and 372 edge-to-edge) would be specified by its own "next protocol". 374 3. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 375 field. A single NSH protocol type code point would be allocated 376 for IOAM. A "sub-type" field would then specify what IOAM 377 options type (trace, proof-of-transit, edge-to-edge) is carried. 379 The third option has been chosen here. This option avoids the 380 additional layer of TLV nesting that the use of NSH MD Type 2 would 381 result in. In addition, this option does not constrain IOAM data to 382 a maximum of 256 octets, thus allowing support for very large 383 deployments. 385 Authors' Addresses 387 Frank Brockners (editor) 388 Cisco Systems, Inc. 389 Hansaallee 249, 3rd Floor 390 40549 DUESSELDORF 391 Germany 392 Email: fbrockne@cisco.com 394 Shwetha Bhandari (editor) 395 Thoughtspot 396 3rd Floor, Indiqube Orion, 24th Main Rd, Garden Layout, HSR Layout 397 Bangalore, KARNATAKA 560 102 398 India 399 Email: shwetha.bhandari@thoughtspot.com