idnits 2.17.1 draft-ietf-sfc-ioam-nsh-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 18, 2022) is 708 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-03) exists of draft-ietf-sfc-oam-packet-01 == Outdated reference: A later version (-05) exists of draft-ietf-ippm-ioam-deployment-01 == Outdated reference: A later version (-11) exists of draft-ietf-ippm-ioam-direct-export-07 == Outdated reference: A later version (-10) exists of draft-ietf-ippm-ioam-flags-07 Summary: 0 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC F. Brockners, Ed. 3 Internet-Draft Cisco 4 Intended status: Standards Track S. Bhandari, Ed. 5 Expires: November 19, 2022 Thoughtspot 6 May 18, 2022 8 Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data 9 draft-ietf-sfc-ioam-nsh-10 11 Abstract 13 In-situ Operations, Administration, and Maintenance (IOAM) is used 14 for recording and collecting operational and telemetry information 15 while the packet traverses a path between two points in the network. 16 This document outlines how IOAM data fields are encapsulated with the 17 Network Service Header (NSH). 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on November 19, 2022. 36 Copyright Notice 38 Copyright (c) 2022 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 55 3. IOAM encapsulation with NSH . . . . . . . . . . . . . . . . . 3 56 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 57 5. Security Considerations . . . . . . . . . . . . . . . . . . . 5 58 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 59 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 5 60 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 61 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 62 8.2. Informative References . . . . . . . . . . . . . . . . . 7 63 Appendix A. Discussion of the IOAM encapsulation approach . . . 8 64 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 66 1. Introduction 68 In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], is used 69 to record and collect OAM information while the packet traverses a 70 particular network domain. The term "in-situ" refers to the fact 71 that the OAM data is added to the data packets rather than is being 72 sent within packets specifically dedicated to OAM. This document 73 defines how IOAM data fields are transported as part of the Network 74 Service Header (NSH) [RFC8300] encapsulation for the Service Function 75 Chaining (SFC) [RFC7665]. The IOAM-Data-Fields are defined in 76 [I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages 77 NSH to carry the IOAM data is available from the FD.io open source 78 software project [FD.io]. 80 2. Conventions 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 84 "OPTIONAL" in this document are to be interpreted as described in BCP 85 14 [RFC2119] [RFC8174] when, and only when, they appear in all 86 capitals, as shown here. 88 Abbreviations used in this document: 90 IOAM: In-situ Operations, Administration, and Maintenance 92 NSH: Network Service Header 94 OAM: Operations, Administration, and Maintenance 95 SFC: Service Function Chaining 97 TLV: Type, Length, Value 99 3. IOAM encapsulation with NSH 101 The NSH is defined in [RFC8300]. IOAM-Data-Fields are carried as NSH 102 payload using a next protocol header which follows the NSH headers. 103 An IOAM header is added containing the different IOAM-Data-Fields. 104 The IOAM-Data-Fields MUST follow the definitions corresponding to 105 IOAM-Option-Types (e.g. see Section 5 of [I-D.ietf-ippm-ioam-data] 106 and Section 3.2 of [I-D.ietf-ippm-ioam-direct-export]). In an 107 administrative domain where IOAM is used, insertion of the IOAM 108 header in NSH is enabled at the NSH tunnel endpoints, which also 109 serve as IOAM encapsulating/decapsulating nodes by means of 110 configuration. There can be multiple IOAM headers added by 111 encapsulating nodes as configured. The IOAM transit nodes (e.g. an 112 SFF) MUST process all the IOAM headers that are relevant based on its 113 configuration. See [I-D.ietf-ippm-ioam-deployment] for a discussion 114 of deployment related aspects of IOAM-Data-fields. 116 0 1 2 3 117 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 118 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 119 |Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | | 120 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N 121 | Service Path Identifier | Service Index | S 122 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ H 123 | ... | | 124 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 125 | IOAM-Type | IOAM HDR len | Reserved | Next Protocol | | 126 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I 127 ! | O 128 ! | A 129 ~ IOAM Option and Optional Data Space ~ M 130 | | | 131 | | | 132 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 133 | | 134 | | 135 | Payload + Padding (L2/L3/ESP/...) | 136 | | 137 | | 138 | | 139 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 141 The NSH header and fields are defined in [RFC8300]. The O-bit MUST 142 be handled following the rules in [I-D.ietf-sfc-oam-packet]. The 143 "NSH Next Protocol" value (referred to as "NP" in the diagram above) 144 is TBD_IOAM. 146 The IOAM related fields in NSH are defined as follows: 148 IOAM-Type: 8-bit field defining the IOAM-Option-Type, as defined 149 in the IOAM Option-Type Registry specified in 150 [I-D.ietf-ippm-ioam-data]. 152 IOAM HDR Len: 8 bit Length field contains the length of the IOAM 153 header in 4-octet units. 155 Reserved bits: Reserved bits are present for future use. The 156 reserved bits MUST be set to 0x0 upon transmission and ignored 157 upon receipt. 159 Next Protocol: 8-bit unsigned integer that determines the type of 160 header following IOAM. The semantics of this field are 161 identical to the Next Protocol field in [RFC8300]. 163 IOAM Option and Data Space: IOAM-Data-Fields as specified by the 164 IOAM-Type field. IOAM-Data-Fields are defined corresponding to 165 the IOAM-Option-Type (e.g. see Section 5 of 166 [I-D.ietf-ippm-ioam-data] and Section 3.2 of 167 [I-D.ietf-ippm-ioam-direct-export]). 169 Multiple IOAM-Option-Types MAY be included within the NSH 170 encapsulation. For example, if a NSH encapsulation contains two 171 IOAM-Option-Types before a data payload, the Next Protocol field of 172 the first IOAM option will contain the value of TBD_IOAM, while the 173 Next Protocol field of the second IOAM-Option-Type will contain the 174 "NSH Next Protocol" number indicating the type of the data payload. 175 The applicability of the IOAM Active and Loopback flags 176 [I-D.ietf-ippm-ioam-flags] is outside the scope of this document and 177 may be specified in the future. When a packet with IOAM is received 178 at an NSH based forwarding node such as an Service Function Forwarder 179 (SFF) that does not understand IOAM header, it SHOULD drop the 180 packet. The mechanism to maintain and notify of such events are 181 outside the scope of this document. 183 4. IANA Considerations 185 IANA is requested to allocate protocol numbers for the following "NSH 186 Next Protocol" related to IOAM: 188 +---------------+-------------+---------------+ 189 | Next Protocol | Description | Reference | 190 +---------------+-------------+---------------+ 191 | x | TBD_IOAM | This document | 192 +---------------+-------------+---------------+ 194 5. Security Considerations 196 IOAM is considered a "per domain" feature, where one or several 197 operators decide on leveraging and configuring IOAM according to 198 their needs. Still, operators need to properly secure the IOAM 199 domain to avoid malicious configuration and use, which could include 200 injecting malicious IOAM packets into a domain. For additional IOAM 201 related security considerations, see Section 10 in 202 [I-D.ietf-ippm-ioam-data]. For additional OAM and NSH related 203 security considerations see Section 5 of [I-D.ietf-sfc-oam-packet]. 205 6. Acknowledgements 207 The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari 208 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya 209 Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, 210 Andrew Yourtchenko, Greg Mirsky and Mohamed Boucadair for the 211 comments and advice. 213 7. Contributors 215 In addition to editors listed on the title page, the following people 216 have contributed to this document: 218 Vengada Prasad Govindan 219 Cisco Systems, Inc. 220 Email: venggovi@cisco.com 222 Carlos Pignataro 223 Cisco Systems, Inc. 224 7200-11 Kit Creek Road 225 Research Triangle Park, NC 27709 226 United States 227 Email: cpignata@cisco.com 229 Hannes Gredler 230 RtBrick Inc. 231 Email: hannes@rtbrick.com 232 John Leddy 233 Email: john@leddy.net 235 Stephen Youell 236 JP Morgan Chase 237 25 Bank Street 238 London E14 5JP 239 United Kingdom 240 Email: stephen.youell@jpmorgan.com 242 Tal Mizrahi 243 Huawei Network.IO Innovation Lab 244 Israel 245 Email: tal.mizrahi.phd@gmail.com 247 David Mozes 248 Email: mosesster@gmail.com 250 Petr Lapukhov 251 Facebook 252 1 Hacker Way 253 Menlo Park, CA 94025 254 US 255 Email: petr@fb.com 257 Remy Chang 258 Barefoot Networks 259 2185 Park Boulevard 260 Palo Alto, CA 94306 261 US 263 8. References 265 8.1. Normative References 267 [I-D.ietf-ippm-ioam-data] 268 Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields 269 for In-situ OAM", draft-ietf-ippm-ioam-data-17 (work in 270 progress), December 2021. 272 [I-D.ietf-sfc-oam-packet] 273 Boucadair, M., "OAM Packet and Behavior in the Network 274 Service Header (NSH)", draft-ietf-sfc-oam-packet-01 (work 275 in progress), April 2022. 277 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 278 Requirement Levels", BCP 14, RFC 2119, 279 DOI 10.17487/RFC2119, March 1997, 280 . 282 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 283 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 284 May 2017, . 286 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 287 "Network Service Header (NSH)", RFC 8300, 288 DOI 10.17487/RFC8300, January 2018, 289 . 291 8.2. Informative References 293 [FD.io] "Fast Data Project: FD.io", . 295 [I-D.ietf-ippm-ioam-deployment] 296 Brockners, F., Bhandari, S., Bernier, D., and T. Mizrahi, 297 "In-situ OAM Deployment", draft-ietf-ippm-ioam- 298 deployment-01 (work in progress), April 2022. 300 [I-D.ietf-ippm-ioam-direct-export] 301 Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., 302 Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ 303 OAM Direct Exporting", draft-ietf-ippm-ioam-direct- 304 export-07 (work in progress), October 2021. 306 [I-D.ietf-ippm-ioam-flags] 307 Mizrahi, T., Brockners, F., Bhandari, S., Sivakolundu, R., 308 Pignataro, C., Kfir, A., Gafni, B., Spiegel, M., and J. 309 Lemon, "In-situ OAM Loopback and Active Flags", draft- 310 ietf-ippm-ioam-flags-07 (work in progress), October 2021. 312 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 313 Chaining (SFC) Architecture", RFC 7665, 314 DOI 10.17487/RFC7665, October 2015, 315 . 317 Appendix A. Discussion of the IOAM encapsulation approach 319 This section lists several approaches considered for encapsulating 320 IOAM with NSH and presents the rationale for the approach chosen in 321 this document. 323 An encapsulation of IOAM-Data-Fields in NSH should be friendly to an 324 implementation in both hardware as well as software forwarders and 325 support a wide range of deployment cases, including large networks 326 that desire to leverage multiple IOAM-Data-Fields at the same time. 328 Hardware and software friendly implementation: Hardware forwarders 329 benefit from an encapsulation that minimizes iterative look-ups of 330 fields within the packet: Any operation which looks up the value of a 331 field within the packet, based on which another lookup is performed, 332 consumes additional gates and time in an implementation - both of 333 which are desired to be kept to a minimum. This means that flat TLV 334 structures are to be preferred over nested TLV structures. IOAM- 335 Data-Fields are grouped into several categories, including trace, 336 proof-of-transit, and edge-to-edge. Each of these options defines a 337 TLV structure. A hardware-friendly encapsulation approach avoids 338 grouping these three option categories into yet another TLV 339 structure, but would rather carry the options as a serial sequence. 341 Total length of the IOAM-Data-Fields: The total length of IOAM-Data- 342 Fields can grow quite large in case multiple different IOAM-Data- 343 Fields are used and large path-lengths need to be considered. If for 344 example an operator would consider using the IOAM Trace Option-Type 345 and capture node-id, app_data, egress/ingress interface-id, timestamp 346 seconds, timestamps nanoseconds at every hop, then a total of 20 347 octets would be added to the packet at every hop. In case this 348 particular deployment would have a maximum path length of 15 hops in 349 the IOAM domain, then a maximum of 300 octets were to be encapsulated 350 in the packet. 352 Different approaches for encapsulating IOAM-Data-Fields in NSH could 353 be considered: 355 1. Encapsulation of IOAM-Data-Fields as "NSH MD Type 2" (see 356 [RFC8300], Section 2.5). Each IOAM-Option-Type (e.g. trace, 357 proof-of-transit, and edge-to-edge) would be specified by a type, 358 with the different IOAM-Data-Fields being TLVs within this the 359 particular option type. NSH MD Type 2 offers support for 360 variable length meta-data. The length field is 6-bits, resulting 361 in a maximum of 256 (2^6 x 4) octets. 363 2. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 364 field. Each IOAM-Option-Type (e.g trace, proof-of-transit, and 365 edge-to-edge) would be specified by its own "next protocol". 367 3. Encapsulation of IOAM-Data-Fields using the "Next Protocol" 368 field. A single NSH protocol type code point would be allocated 369 for IOAM. A "sub-type" field would then specify what IOAM 370 options type (trace, proof-of-transit, edge-to-edge) is carried. 372 The third option has been chosen here. This option avoids the 373 additional layer of TLV nesting that the use of NSH MD Type 2 would 374 result in. In addition, this option does not constrain IOAM data to 375 a maximum of 256 octets, thus allowing support for very large 376 deployments. 378 Authors' Addresses 380 Frank Brockners (editor) 381 Cisco Systems, Inc. 382 Hansaallee 249, 3rd Floor 383 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 384 Germany 386 Email: fbrockne@cisco.com 388 Shwetha Bhandari (editor) 389 Thoughtspot 390 3rd Floor, Indiqube Orion, 24th Main Rd, Garden Layout, HSR Layout 391 Bangalore, KARNATAKA 560 102 392 India 394 Email: shwetha.bhandari@thoughtspot.com