idnits 2.17.1 draft-ietf-sfc-multi-layer-oam-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (8 October 2021) is 930 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-15) exists of draft-ietf-sfc-nsh-tlv-08 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC WG G. Mirsky 3 Internet-Draft Ericsson 4 Updates: 8300 (if approved) W. Meng 5 Intended status: Standards Track ZTE Corporation 6 Expires: 11 April 2022 T. Ao 7 Individual contributor 8 K. Leung 9 Cisco System 10 G. Mishra 11 Verizon Inc. 12 8 October 2021 14 Active OAM for Service Function Chaining 15 draft-ietf-sfc-multi-layer-oam-14 17 Abstract 19 A set of requirements for active Operation, Administration, and 20 Maintenance (OAM) of Service Function Chains (SFCs) in a network is 21 presented in this document. Based on these requirements, an 22 encapsulation of active OAM messages in SFC and a mechanism to detect 23 and localize defects are described. 25 This document updates RFC 8300. Particularly, it updates the 26 definition of O (OAM) bit in the Network Service Header (NSH) (RFC 27 8300) and defines how an active OAM message is identified in the NSH. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on 11 April 2022. 46 Copyright Notice 48 Copyright (c) 2021 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 53 license-info) in effect on the date of publication of this document. 54 Please review these documents carefully, as they describe your rights 55 and restrictions with respect to this document. Code Components 56 extracted from this document must include Simplified BSD License text 57 as described in Section 4.e of the Trust Legal Provisions and are 58 provided without warranty as described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 63 2. Terminology and Conventions . . . . . . . . . . . . . . . . . 4 64 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 65 2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 4 66 3. Requirements for Active OAM in SFC . . . . . . . . . . . . . 5 67 4. Active OAM Identification in the NSH . . . . . . . . . . . . 7 68 5. Active SFC OAM Header . . . . . . . . . . . . . . . . . . . . 8 69 6. Echo Request/Echo Reply for SFC . . . . . . . . . . . . . . . 9 70 6.1. Return Codes . . . . . . . . . . . . . . . . . . . . . . 11 71 6.2. Authentication in Echo Request/Reply . . . . . . . . . . 12 72 6.3. SFC Echo Request Transmission . . . . . . . . . . . . . . 12 73 6.3.1. Source TLV . . . . . . . . . . . . . . . . . . . . . 13 74 6.4. SFC Echo Request Reception . . . . . . . . . . . . . . . 14 75 6.4.1. Errored TLVs TLV . . . . . . . . . . . . . . . . . . 15 76 6.5. SFC Echo Reply Transmission . . . . . . . . . . . . . . . 15 77 6.5.1. SFC Reply Path TLV . . . . . . . . . . . . . . . . . 16 78 6.5.2. Theory of Operation . . . . . . . . . . . . . . . . . 17 79 6.5.3. SFC Echo Reply Reception . . . . . . . . . . . . . . 18 80 6.5.4. Tracing an SFP . . . . . . . . . . . . . . . . . . . 19 81 6.6. Verification of the SFP Consistency . . . . . . . . . . . 19 82 6.6.1. SFP Consistency Verification packet . . . . . . . . . 19 83 6.6.2. SFF Information Record TLV . . . . . . . . . . . . . 20 84 6.6.3. SF Information Sub-TLV . . . . . . . . . . . . . . . 21 85 6.6.4. SF Information Sub-TLV Construction . . . . . . . . . 22 86 7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 87 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 24 88 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24 89 9.1. SFC Active OAM Protocol . . . . . . . . . . . . . . . . . 25 90 9.2. SFC Active OAM . . . . . . . . . . . . . . . . . . . . . 25 91 9.2.1. Version in the Active SFC OAM Header . . . . . . . . 25 92 9.2.2. SFC Active OAM Message Type . . . . . . . . . . . . . 25 93 9.2.3. SFC Active OAM Header Flags . . . . . . . . . . . . . 26 95 9.3. SFC Echo Request/Echo Reply Parameters . . . . . . . . . 27 96 9.3.1. SFC Echo Request/Reply Version . . . . . . . . . . . 27 97 9.3.2. SFC Echo Request Flags . . . . . . . . . . . . . . . 27 98 9.3.3. SFC Echo Request/Echo Reply Message Types . . . . . . 28 99 9.3.4. SFC Echo Reply Modes . . . . . . . . . . . . . . . . 29 100 9.3.5. SFC Echo Return Codes . . . . . . . . . . . . . . . . 30 101 9.4. SFC Active OAM TLV Type . . . . . . . . . . . . . . . . . 31 102 9.5. SFF Information Record TLV Type . . . . . . . . . . . . . 32 103 9.6. SF Information Sub-TLV Type . . . . . . . . . . . . . . . 33 104 9.7. SF Identifier Types . . . . . . . . . . . . . . . . . . . 33 105 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 106 10.1. Normative References . . . . . . . . . . . . . . . . . . 33 107 10.2. Informative References . . . . . . . . . . . . . . . . . 34 108 Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 36 109 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 111 1. Introduction 113 [RFC7665] defines data plane elements necessary to implement a 114 Service Function Chaining (SFC). These include: 116 1. Classifiers that perform the classification of incoming packets. 117 Such classification may result in associating a received packet 118 to a service function chain. 120 2. Service Function Forwarders (SFFs) that are responsible for 121 forwarding traffic to one or more connected Service Functions 122 (SFs) according to the information carried in the SFC 123 encapsulation and handling traffic coming back from the SFs and 124 forwarding it to the next SFF. 126 3. SFs that are responsible for executing specific service treatment 127 on received packets. 129 There are different views from different levels of the SFC. One is 130 the service function chain, an entirely abstract view, which defines 131 an ordered set of SFs that must be applied to packets selected based 132 on classification rules. But service function chain doesn't specify 133 the exact mapping between SFFs and SFs. Thus, another logical 134 construct used in SFC is a Service Function Path (SFP). According to 135 [RFC7665], SFP is the instantiation of the SFC in the network and 136 provides a level of indirection between the entirely abstract SFCs 137 and a fully specified ordered list of SFFs and SFs identities that 138 the packet will visit when it traverses the SFC. The latter entity 139 is referred to as Rendered Service Path (RSP). The main difference 140 between SFP and RSP is that the former is the logical construct, 141 while the latter is the realization of the SFP via the sequence of 142 specific SFC data plane elements. 144 This document defines how active Operation, Administration and 145 Maintenance (OAM), per [RFC7799] definition of active OAM, is 146 identified when Network Service Header (NSH) is used as the SFC 147 encapsulation. Following the analysis of SFC OAM in [RFC8924], this 148 document applies and, when necessary, extends requirements listed in 149 Section 4 of [RFC8924] for the use of active OAM in an SFP supporting 150 fault management and performance monitoring. Active OAM tools, 151 conformant to the requirements listed in Section 3, improve, for 152 example, troubleshooting efficiency and defect localization in SFP 153 because they specifically address the architectural principles of 154 NSH. For that purpose, SFC Echo Request and Echo Reply are specified 155 in Section 6. This mechanism enables on-demand Continuity Check, 156 Connectivity Verification, among other operations over SFC in 157 networks, addresses functionalities discussed in Sections 4.1, 4.2, 158 and 4.3 of [RFC8924]. SFC Echo Request and Echo Reply, defined in 159 this document, can be used with encapsulations other than NSH, for 160 example, using MPLS encapsulation, as described in [RFC8595]. The 161 applicability of the SFC Echo Request/Reply mechanism in SFC 162 encapsulations other than NSH is outside the scope of this document. 163 Also, this document updates Section 2.2 of [RFC8300] in part of the 164 definition of O bit in the NSH. 166 2. Terminology and Conventions 168 The terminology defined in [RFC7665] is used extensively throughout 169 this document, and the reader is expected to be familiar with it. 171 In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC 172 architecture. 174 2.1. Requirements Language 176 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 177 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 178 "OPTIONAL" in this document are to be interpreted as described in BCP 179 14 [RFC2119] [RFC8174] when, and only when, they appear in all 180 capitals, as shown here. 182 2.2. Acronyms 184 E2E: End-to-End 186 FM: Fault Management 188 NSH: Network Service Header 190 OAM: Operations, Administration, and Maintenance 191 RSP: Rendered Service Path 193 SF: Service Function 195 SFC: Service Function Chain 197 SFF: Service Function Forwarder 199 SFP: Service Function Path 201 MAC: Message Authentication Code 203 3. Requirements for Active OAM in SFC 205 As discussed in [RFC8924], SFC-specific means are needed to perform 206 the OAM task of fault management (FM) in an SFC architecture, 207 including failure detection, defect characterization, and 208 localization. This document defines the set of requirements for 209 active FM OAM mechanisms to be used in an SFC architecture. 211 +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ 212 |SFI11| |SFI12| |SFI21| |SFI22| |SFI31| |SFI32| 213 +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ 214 \ / \ / \ / 215 +----------+ +----+ +----+ +----+ 216 |Classifier|---|SFF1|---------|SFF2|----------|SFF3| 217 +----------+ +----+ +----+ +----+ 219 Figure 1: An Example of SFC Data Plane Architecture 221 The architecture example depicted in Figure 1 considers a service 222 function chain that includes three distinct service functions. In 223 this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is 224 connected to two instances of the same service function. End-to-end 225 (E2E) SFC OAM has the Classifier as the ingress and SFF3 as its 226 egress. Segment SFC OAM is between two elements that are part of the 227 same SFP. Following are the requirements for an FM SFC OAM, whether 228 with the E2E or segment scope: 230 REQ#1: Packets of active SFC OAM SHOULD be fate sharing with the 231 monitored SFC data in the forward direction from ingress toward 232 egress endpoint(s) of the OAM test. 234 The fate sharing, in the SFC environment, is achieved when a test 235 packet traverses the same path and receives the same treatment in the 236 transport layer as an SFC-encapsulated packet (e.g., NSH). 238 REQ#2: SFC OAM MUST support monitoring of the continuity of the 239 SFP between any of its elements. 241 An SFC failure might be declared when several consecutive test 242 packets are not received within a pre-determined time. For example, 243 in the E2E FM SFC OAM case, the egress, SFF3, in the example in 244 Figure 1, could be the entity that detects the SFP's failure by 245 monitoring a flow of periodic test packets. The ingress may be 246 capable of recovering from the failure, e.g., using redundant SFC 247 elements. Thus, it is beneficial for the egress to signal the new 248 defect state to the ingress, which in this example is the Classifier. 249 Hence the following requirement: 251 REQ#3: SFC OAM MUST support Remote Defect Indication notification 252 by the egress to the ingress. 254 REQ#4: SFC OAM MUST support connectivity verification of the SFP. 255 Definition of the misconnection defect, entry, and exit criteria 256 are outside the scope of this document. 258 Once the SFF1 detects the defect, the objective of the SFC OAM 259 changes from the detection of a defect to defect characterization and 260 localization. 262 REQ#5: SFC OAM MUST support fault localization of the Loss of 263 Continuity Check within an SFP. 265 REQ#6: SFC OAM MUST support an SFP tracing to discover the RSP. 267 In the example presented in Figure 1, two distinct instances of the 268 same service function share the same SFF. In this example, the SFP 269 can be realized over several RSPs that use different instances of SF 270 of the same type. For instance, RSP1(SFI11--SFI21--SFI31) and 271 RSP2(SFI12--SFI22--SFI32). Available RSPs can be discovered using 272 the trace function discussed in Section 4.3 [RFC8924] or the 273 procedure defined in Section 6.5.4. 275 REQ#7: SFC OAM MUST have the ability to discover and exercise all 276 available RSPs in the network. 278 The SFC OAM layer model described in [RFC8924] offers an approach for 279 defect localization within a service function chain. As the first 280 step, the SFP's continuity for SFFs that are part of the same SFP 281 could be verified. After the reachability of SFFs has already been 282 verified, SFFs that serve an SF may be used as a test packet source. 283 In such a case, SFF can act as a proxy for another element within the 284 service function chain. 286 REQ#8: SFC OAM MUST be able to trigger on-demand FM with responses 287 being directed towards the initiator of such proxy request. 289 4. Active OAM Identification in the NSH 291 The O bit in the NSH is defined in [RFC8300] as follows: 293 O bit: Setting this bit indicates an OAM packet. 295 This document updates that definition as follows: 297 O bit: Setting this bit indicates an OAM command and/or data in 298 the NSH Context Header or packet payload. 300 Active SFC OAM is defined as a combination of OAM commands and/or 301 data included in a message that immediately follows the NSH. To 302 identify the active OAM message, the "Next Protocol" field MUST be 303 set to Active SFC OAM (TBA1) (Section 9.1). The rules for 304 interpreting the values of the O bit and the "Next Protocol" field 305 are as follows: 307 * O bit set and the "Next Protocol" value does not match one of 308 identifying active or hybrid OAM protocols (per classification 309 defined in [RFC7799]), e.g., defined in Section 9.1 Active SFC OAM 310 (TBA1). 312 - a Fixed-Length Context Header or Variable-Length Context 313 Header(s) contain an OAM command or data. 315 - the "Next Protocol" field determines the type of payload. 317 * O bit set and the "Next Protocol" value matches one of identifying 318 active or hybrid OAM protocols: 320 - the payload that immediately follows the NSH MUST contain an 321 OAM command or data. 323 * O bit is clear: 325 - no OAM in a Fixed-Length Context Header or Variable-Length 326 Context Header(s). 328 - the payload determined by the "Next Protocol" field MUST be 329 present. 331 * O bit is clear, and the "Next Protocol" field identifies active or 332 hybrid OAM protocol MUST be identified and reported as an 333 erroneous combination. An implementation MAY have control to 334 enable processing of the OAM payload. 336 One conclusion from the above-listed rules of processing the O bit 337 and the "Next Protocol" field is to avoid the combination of OAM in 338 an NSH Context Header (Fixed-Length or Variable-Length) and the 339 payload immediately following the NSH because there is no unambiguous 340 way to identify such combination using the O bit and the Next 341 Protocol field. 343 5. Active SFC OAM Header 345 As demonstrated in Section 4 [RFC8924] and Section 3 of this 346 document, SFC OAM is required to perform multiple tasks. Several 347 active OAM protocols could be used to address all the requirements. 348 When IP/UDP encapsulation of an SFC OAM control message is used, 349 protocols can be demultiplexed using the destination UDP port number. 350 But extra IP/UDP headers, especially in an IPv6 network, add 351 noticeable overhead. This document defines Active OAM Header 352 (Figure 2) to demultiplex active OAM protocols on an SFC. 354 0 1 2 3 355 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 356 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 | V | Msg Type | Flags | Length | 358 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 ~ SFC Active OAM Control Packet ~ 360 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 Figure 2: SFC Active OAM Header 364 V - two-bit-long field indicates the current version of the SFC 365 active OAM header. The current value is 0. The version number is 366 to be incremented whenever a change is made that affects the 367 ability of an implementation to parse or process the SFC Active 368 OAM header correctly. For example, if syntactic or semantic 369 changes are made to any of the fixed fields. 371 Msg Type - six bits long field identifies OAM protocol, e.g., Echo 372 Request/Reply or Bidirectional Forwarding Detection. 374 Flags - eight bits long field carries bit flags that define 375 optional capability and thus processing of the SFC active OAM 376 control packet, e.g., optional timestamping. No flags are defined 377 in this document, and therefore, the bit flags MUST be zeroed on 378 transmission and ignored on receipt. 380 Length - two octets long field that is the length of the SFC 381 active OAM control packet in octets. 383 6. Echo Request/Echo Reply for SFC 385 Echo Request/Reply is a well-known active OAM mechanism extensively 386 used to verify a path's continuity, detect inconsistencies between a 387 state in control and the data planes, and localize defects in the 388 data plane. ICMP ([RFC0792] for IPv4 and [RFC4443] for IPv6 389 networks, respectively) and [RFC8029] are examples of broadly used 390 active OAM protocols based on the Echo Request/Reply principle. The 391 SFC Echo Request/Reply defined in this document addresses several 392 requirements listed in Section 3. Specifically, it can be used to 393 check the continuity of an SFP, trace an SFP, or localize the failure 394 within an SFP. The SFC Echo Request/Reply control message format is 395 presented in Figure 3. 397 0 1 2 3 398 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 399 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 400 | V | Reserved | Echo Request Flags | 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 402 | Message Type | Reply mode | Return Code |Return Subcode | 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 | Sender's Handle | 405 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 | Sequence Number | 407 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 408 ~ TLVs ~ 409 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 411 Figure 3: SFC Echo Request/Reply Format 413 The interpretation of the fields is as follows: 415 Version (V) is a two-bit field that indicates the current version 416 of the SFC Echo Request/Reply. The current value is 0. The 417 version number is to be incremented whenever a change is made that 418 affects the ability of an implementation to parse or process the 419 control packet correctly. If a packet presumed to carry an SFC 420 Echo Request/Reply is received at an SFF, and the SFF does not 421 understand the Version field value, the packet MUST be discarded, 422 and the event SHOULD be logged. 424 Reserved - fourteen-bit field. It MUST be zeroed on transmission 425 and ignored on receipt. 427 The Echo Request Flags is a two-octet bit vector field. Note that 428 a flag defined in the Flags field of the SFC Active OAM header in 429 Figure 2 has no implication of those defined in the Echo Request 430 Flags field of an Echo Request/Reply message. 432 The Message Type is a one-octet field that reflects the packet 433 type. Value TBA3 identifies Echo Request and TBA4 - Echo Reply. 435 The Reply Mode is a one-octet field. It defines the type of the 436 return path requested by the sender of the Echo Request. 438 Return Codes and Subcodes are one-octet fields each. These can be 439 used to inform the sender about the result of processing its 440 request. Initial Return Code values are provided in Table 1. For 441 all Return Code values defined in this document, the value of the 442 Return Subcode field MUST be set to zero. 444 The Sender's Handle is a four-octet field. It MUST be filled in 445 by the sender of the Echo Request and returned unchanged by the 446 Echo Reply sender (if a reply mandated). The sender of the Echo 447 Request SHOULD use a pseudo-random number generator to set the 448 value of the Sender's Handle field. 450 The Sequence Number is a four-octet field, and it is assigned by 451 the sender and can be, for example, used to detect missed replies. 452 Initial Sequence Number MUST be randomly generated and then SHOULD 453 be monotonically increasing in the course of the test session. 455 0 1 2 3 456 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 457 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 458 | Type | Reserved | Length | 459 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 460 ~ Value ~ 461 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 462 Figure 4: SFC Echo Request/Reply TLV Format 464 TLV is a variable-length field. Multiple TLVs MAY be placed in an 465 SFC Echo Request/Reply packet. Additional TLVs may be enclosed 466 within a given TLV, subject to the semantics of the (outer) TLV in 467 question. If more than one TLV is to be included, the value of the 468 Type field of the outmost outer TLV MUST be set to "Multiple TLVs 469 Used" (TBA12), as assigned by IANA according to Section 9.4. 470 Figure 4 presents the format of an SFC Echo Request/Reply TLV, where 471 fields are defined as follows: 473 Type - a one-octet-long field that characterizes the 474 interpretation of the Value field. Type values allocated 475 according to Section 9.4. 477 Reserved - one-octet-long field. The value of the Type field 478 determines its interpretation and encoding. 480 Length - two-octet-long field equal to the Value field's length in 481 octets. 483 Value - a variable-length field. The value of the Type field 484 determines its interpretation and encoding. 486 6.1. Return Codes 488 The value of the Return Code field is set to zero by the sender of an 489 Echo Request. The receiver of said Echo Request can set it to one of 490 the values listed in Table 1 in the corresponding Echo Reply that it 491 generates (in cases when the reply is requested). 493 +=======+============================================+ 494 | Value | Description | 495 +=======+============================================+ 496 | 0 | No Return Code | 497 +-------+--------------------------------------------+ 498 | 1 | Malformed Echo Request received | 499 +-------+--------------------------------------------+ 500 | 2 | One or more of the TLVs was not understood | 501 +-------+--------------------------------------------+ 502 | 3 | Authentication failed | 503 +-------+--------------------------------------------+ 505 Table 1: SFC Echo Return Codes 507 6.2. Authentication in Echo Request/Reply 509 Authentication can be used to protect the integrity of the 510 information in SFC Echo Request and/or Echo Reply. In the 511 [I-D.ietf-sfc-nsh-integrity] a variable-length Context Header has 512 been defined to protect the integrity of the NSH and the payload. 513 The header can also be used for the optional encryption of sensitive 514 metadata. MAC#1 Context Header is more suitable for the integrity 515 protection of active SFC OAM, particularly of the defined in this 516 document SFC Echo Request and Echo Reply. On the other hand, using 517 MAC#2 Context Header allows the detection of mishandling of the O-bit 518 by a transient SFC element. 520 6.3. SFC Echo Request Transmission 522 SFC Echo Request control packet MUST use the appropriate transport 523 encapsulation of the monitored SFP. If the NSH is used, Echo Request 524 MUST set O bit, as defined in [RFC8300]. NSH MUST be immediately 525 followed by the SFC Active OAM Header defined in Section 4. The 526 Message Type field's value in the SFC Active OAM Header MUST be set 527 to SFC Echo Request/Echo Reply value (TBA2) per Section 9.2.2. 529 Value of the Reply Mode field MAY be set to: 531 * Do Not Reply (TBA5) if one-way monitoring is desired. If the Echo 532 Request is used to measure synthetic packet loss, the receiver may 533 report loss measurement results to a remote node. Note that ways 534 of learning the identity of that node are outside the scope of 535 this specification. 537 * Reply via an IPv4/IPv6 UDP Packet (TBA6) value likely will be the 538 most used. 540 * Reply via Application Level Control Channel (TBA7) value if the 541 SFP may have bi-directional paths. 543 * Reply via Specified Path (TBA8) value to enforce the use of the 544 particular return path specified in the included TLV to verify bi- 545 directional continuity and also increase the robustness of the 546 monitoring by selecting a more stable path. Section 6.5.1 547 provides an example of communicating an explicit path for the Echo 548 Reply. 550 6.3.1. Source TLV 552 Responder to the SFC Echo Request encapsulates the SFC Echo Reply 553 message in IP/UDP packet if the Reply mode is "Reply via an IPv4/IPv6 554 UDP Packet". Because the NSH does not identify the ingress node that 555 generated the Echo Request, the source ID MUST be included in the 556 message and used as the IP destination address and destination UDP 557 port number of the SFC Echo Reply. The sender of the SFC Echo 558 Request MUST include an SFC Source TLV (Figure 5). 560 0 1 2 3 561 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 563 | Source ID | Reserved1 | Length | 564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 565 | Port Number | Reserved2 | 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 567 | IP Address | 568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 570 Figure 5: SFC Source TLV 572 where 574 Source ID Type is a one-octet-long field and has the value of 575 TBA13 Section 9.4. 577 Reserved1 - one-octet-long field. 579 Length is a two-octets-long field, and the value equals the length 580 of the Value field in octets. The value of the Length field can 581 be 8 or 20. If the value of the field is neither, the Source TLV 582 is considered to be malformed. 584 Port Number is a two-octets-long field. It contains the UDP port 585 number of the sender of the SFC OAM control message. The value of 586 the field MUST be used as the destination UDP port number in the 587 IP/UDP encapsulation of the SFC Echo Reply message. 589 Reserved2 is a two-octets-long field. The field MUST be zeroed on 590 transmit and ignored on receipt. 592 IP Address field contains the IP address of the sender of the SFC 593 OAM control message, IPv4 or IPv6. The value of the field MUST be 594 used as the destination IP address in the IP/UDP encapsulation of 595 the SFC Echo Reply message. 597 A single Source ID TLV for each address family, i.e., IPv4 and IPv6, 598 MAY be present in an SFC Echo Request message. If the Source TLVs 599 for both address families are present in an SFC Echo Request message, 600 the SFF MUST NOT replicate an SFC Echo Reply but choose the 601 destination IP address for the SFC Echo Reply based on the local 602 policy. If more than one Source ID TLV per the address family is 603 present, the receiver MUST use the first TLV and ignore the rest. 605 6.4. SFC Echo Request Reception 607 Punting received SFC Echo Request to the control plane is triggered 608 by one of the following packet processing exceptions: NSH TTL 609 expiration, NSH Service Index (SI) expiration, or the receiver is the 610 terminal SFF for an SFP. 612 Firstly, if the SFC Echo Request is integrity-protected, the 613 receiving SFF first MUST verify the authentication. Then the 614 receiver SFF MUST validate the Source TLV, as defined in 615 Section 6.3.1. Suppose the authentication validation has failed and 616 the Source TLV is considered properly formatted. In that case, the 617 SFF MUST send to the system identified in the Source TLV (see 618 Section 6.5), according to a rate-limit control mechanism, an SFC 619 Echo Reply with the Return Code set to "Authentication failed" and 620 the Subcode set to zero. If the Source TLV is determined malformed, 621 the received SFC Echo Request processing is stopped, the message is 622 dropped, and the event SHOULD be logged, according to a rate-limiting 623 control for logging. Then, the SFF that has received an SFC Echo 624 Request verifies the rest of the received packet's general sanity. 625 If the packet is not well-formed, the receiver SFF SHOULD send an SFC 626 Echo Reply with the Return Code set to "Malformed Echo Request 627 received" and the Subcode set to zero under the control of the rate- 628 limiting mechanism to the system identified in the Source TLV (see 629 Section 6.5). If there are any TLVs that the SFF does not 630 understand, the SFF MUST send an SFC Echo Reply with the Return Code 631 set to 2 ("One or more TLVs was not understood") and set the Subcode 632 to zero. In the latter case, the SFF MAY include an Errored TLVs TLV 633 (Section 6.4.1) that, as sub-TLVs, contains only the misunderstood 634 TLVs. Sender's Handle and Sequence Number fields are not examined 635 but are included in the SFC Echo Reply message. If the sanity check 636 of the received Echo Request succeeded, then the SFF at the end of 637 the SFP MUST set the Return Code value to 5 ("End of the SFP") and 638 the Subcode set to zero. If the SFF is not at the end of the SFP and 639 the TTL value is 1, the value of the Return Code MUST be set to 4 640 ("TTL Exceeded") and the Subcode set to zero. In all other cases, 641 SFF MUST set the Return Code value to 0 ("No Return Code") and the 642 Subcode set to zero. 644 6.4.1. Errored TLVs TLV 646 If the Return Code for the Echo Reply is determined as 2 ("One or 647 more TLVs was not understood"), the Errored TLVs TLV might be 648 included in an Echo Reply. The use of this TLV is meant to inform 649 the sender of an Echo Request of TLVs either not supported by an 650 implementation or parsed and found to be in error. 652 0 1 2 3 653 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 654 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 655 | Errored TLVs | Reserved | Length | 656 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 657 | Value | 658 . . 659 . . 660 . . 661 | | 662 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 664 Figure 6: Errored TLVs TLV 666 where 668 The Errored TLVs Type MUST be set to TBA14 Section 9.4. 670 Reserved - one-octet-long field. 672 Length - two-octet-long field equal to the length of the Value 673 field in octets. 675 The Value field contains the TLVs, encoded as sub-TLVs, that were 676 not understood or failed to be parsed correctly. 678 6.5. SFC Echo Reply Transmission 680 The "Reply Mode" field directs whether and how the Echo Reply message 681 should be sent. The Echo Request sender MAY use TLVs to request that 682 the corresponding Echo Reply be transmitted over the specified path. 683 Section 6.5.1 provides an example of a TLV that specifies the return 684 path of the Echo Reply. Value TBA3 is the "Do not reply" mode and 685 suppresses the Echo Reply packet transmission. The default value 686 (TBA6) for the Reply mode field requests the responder to send the 687 Echo Reply packet out-of-band as IPv4 or IPv6 UDP packet. 689 6.5.1. SFC Reply Path TLV 691 While SFC Echo Request always traverses the SFP, it is directed to, 692 the corresponding Echo Reply usually is sent over an IP network. 693 There are scenarios when it is beneficial to direct the responder to 694 use a path other than the IP network. This section defines a new 695 Type-Length-Value (TLV), Reply Service Function Path TLV, for Reply 696 via Specified Path mode of SFC Echo Reply. 698 The Reply Service Function Path TLV can provide an efficient 699 mechanism to test SFCs, such as bidirectional and hybrid SFC, as 700 defined in Section 2.2 [RFC7665]. For example, it allows an operator 701 to test both directions of the bidirectional or hybrid SFP with a 702 single SFC Echo Request/Echo Reply operation. 704 The SFC Reply Path TLV carries the information that sufficiently 705 identifies the return SFP that the SFC Echo Reply message is expected 706 to follow. The format of SFC Reply Path TLV is shown in Figure 7. 708 0 1 2 3 709 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 710 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 711 |SFC Reply Path | Reserved | Length | 712 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 713 | Reply Service Function Path | 714 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 716 Figure 7: SFC Reply TLV Format 718 where: 720 * SFC Reply Path Type: is a one-octet-long, indicates the TLV that 721 contains information about the SFC Reply path. IANA is requested 722 to assign value (TBA23), 724 * Reserved - one-octet-long field. 726 * Length: is two octets long, MUST be equal to 4 728 * Reply Service Function Path is used to describe the return path 729 that an SFC Echo Reply is requested to follow. 731 The format of the Reply Service Function Path field displayed in 732 Figure 8 733 0 1 2 3 734 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 735 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 736 | Reply Service Function Path Identifier | Service Index | 737 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 739 Figure 8: Reply Service Function Path Field Format 741 where: 743 * Reply Service Function Path Identifier: SFP identifier for the 744 path that the SFC Echo Reply message is requested to be sent over. 746 * Service Index: the value for the Service Index field in the NSH of 747 the SFC Echo Reply message. 749 6.5.2. Theory of Operation 751 [RFC7110] defined mechanism to control return path for MPLS LSP Echo 752 Reply. In SFC's case, the return path is an SFP along which the SFC 753 Echo Reply message MUST be transmitted. Hence, the SFC Reply Path 754 TLV included in the SFC Echo Request message MUST sufficiently 755 identify the SFP that the sender of the Echo Request message expects 756 the receiver to use for the corresponding SFC Echo Reply. 758 When sending an Echo Request, the sender MUST set the value of Reply 759 Mode field to "Reply via Specified Path", defined in Section 6.3, and 760 if the specified path is an SFC path, the Request MUST include SFC 761 Reply Path TLV. The SFC Reply Path TLV consists of the identifier of 762 the reverse SFP and an appropriate Service Index. 764 The Message Authentication Code (MAC) Context Header that is defined 765 in [I-D.ietf-sfc-nsh-integrity] MAY be used to protect the SFC Echo 766 Request's integrity when using the SFC Return Path TLV. If the NSH 767 of the received SFC Echo Request includes the MAC Context Header, the 768 packet's authentication MUST be verified before using any data. If 769 the verification fails, the receiver MUST stop processing the SFC 770 Return Path TLV and MUST send the SFC Echo Reply with the Return 771 Codes value set to the value Authentication failed from the IANA's 772 Return Codes sub-registry of the SFC Echo Request/Echo Reply 773 Parameters registry. 775 The destination SFF of the SFP being tested or the SFF at which SFC 776 TTL expired (as per [RFC8300]) may be sending the Echo Reply. The 777 processing described below equally applies to both cases and is 778 referred to as responding SFF. 780 If the Echo Request message with SFC Reply Path TLV, received by the 781 responding SFF, has Reply Mode value of "Reply via Specified Path" 782 but no SFC Reply Path TLV is present, then the responding SFF MUST 783 send Echo Reply with Return Code set to 6 ("Reply Path TLV is 784 missing"). If the responding SFF cannot find the requested SFP it 785 MUST send Echo Reply with Return Code set to 7 ("Reply SFP was not 786 found") and include the SFC Reply Path TLV from the Echo Request 787 message. 789 Suppose the SFC Echo Request receiver cannot determine whether the 790 specified return path SFP has the route to the initiator. In that 791 case, it SHOULD set the value of the Return Codes field to 8 792 ("Unverifiable Reply Path"). The receiver MAY drop the Echo Request 793 when it cannot determine whether SFP's return path has the route to 794 the initiator. When sending Echo Request, the sender SHOULD choose a 795 proper source address according to the specified return path SFP to 796 help the receiver find the viable return path. 798 6.5.2.1. Bi-directional SFC Case 800 The ability to specify the return path for an Echo Reply might be 801 used in the case of bi-directional SFC. The egress SFF of the 802 forward SFP might not be co-located with a classifier of the reverse 803 SFP, and thus the egress SFF has no information about the reverse 804 path of an SFC. Because of that, even for bi-directional SFC, a 805 reverse SFP needs to be indicated in a Reply Path TLV in the Echo 806 Request message. 808 6.5.3. SFC Echo Reply Reception 810 An SFF SHOULD NOT accept SFC Echo Reply unless the received message 811 passes the following checks: 813 * the received SFC Echo Reply is well-formed; 815 * it has an outstanding SFC Echo Request sent from the UDP port that 816 matches destination UDP port number of the received packet; 818 * if the matching to the Echo Request found, the value of the 819 Sender's Handle in the Echo Request sent is equal to the value of 820 Sender's Handle in the Echo Reply received; 822 * if all checks passed, the SFF checks if the Sequence Number in the 823 Echo Request sent matches to the Sequence Number in the Echo Reply 824 received. 826 6.5.4. Tracing an SFP 828 SFC Echo Request/Reply can be used to isolate a defect detected in 829 the SFP and trace an RSP. As for ICMP echo request/reply [RFC0792] 830 and MPLS echo request/reply [RFC8029], this mode is referred to as 831 "traceroute". In the traceroute mode, the sender transmits a 832 sequence of SFC Echo Request messages starting with the NSH TTL value 833 set to 1 and is incremented by 1 in each next Echo Request packet. 834 The sender stops transmitting SFC Echo Request packets when the 835 Return Code in the received Echo Reply equals 5 ("End of the SFP"). 837 Suppose a specialized information element (e.g., IPv6 Flow Label 838 [RFC6437] or Flow ID [I-D.ietf-sfc-nsh-tlv]) is used for distributing 839 the load across Equal Cost Multi-Path or Link Aggregation Group 840 paths. In that case, such an element MAY also be used for the SFC 841 OAM traffic. Doing so is meant to control whether the SFC Echo 842 Request follows the same RSP as the monitored flow. 844 6.6. Verification of the SFP Consistency 846 The consistency of an SFP can be verified by comparing the view of 847 the SFP from the control or management plane with information 848 collected from traversed by an SFC NSH Echo Request message. Every 849 SFF that receives the Consistency Verification Request (CVReq) MUST 850 perform the following actions: 852 * Collect information of the traversed by the CVReq packet SFs and 853 send it to the ingress SFF as CVRep packet over IP network; 855 * Forward the CVReq to the next downstream SFF if the one exists. 857 As a result, the ingress SFF collects information about all traversed 858 SFFs and SFs, information on the actual path the CVReq packet has 859 traveled. That information is used to verify the SFC's path 860 consistency. The mechanism for the SFP consistency verification is 861 outside the scope of this document. 863 6.6.1. SFP Consistency Verification packet 865 For the verification of an SFP consistency, two new types of messages 866 to the SFC Echo Request/Reply operation defined in Section 6 with the 867 following values detailed in Table 10: 869 * TBA16 - SFP Consistency Verification Request 871 * TBA17 - SFP Consistency Verification Reply 872 Upon receiving the CVReq, the SFF MUST respond with the Consistency 873 Verification Reply (CVRep). The SFF MUST include the SFs 874 information, as described in Section 6.6.3 and Section 6.6.2. 876 The initiator of CVReq MAY require the collected information in the 877 CVRep be sent in the integrity-protected mode using the Message 878 Authentication Code (MAC) Context Header, defined in 879 [I-D.ietf-sfc-nsh-integrity]. If the NSH of the received SFC Echo 880 Reply includes the MAC Context Header, the authentication of the 881 packet MUST be verified before using any data. If the verification 882 fails, the receiver MUST stop processing the SFF Information Record 883 TLV and notify an operator. Specification of the notification 884 mechanism is outside the scope of this document. 886 6.6.2. SFF Information Record TLV 888 For CVReq, the SFF MUST include the Information of SFs into the SF 889 Information Record TLV in the CVRep message. Every SFF sends back a 890 single CVRep message, including information on all the SFs attached 891 to the SFF on the SFP as requested in the CVReq message. 893 0 1 2 3 894 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 895 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 896 |SFF Record TLV | Reserved | Length | 897 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 898 | Service Path Identifier (SPI) | Reserved | 899 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 900 | | 901 | SF Information Sub-TLV | 902 ~ ~ 903 | | 904 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 906 Figure 9: SFF Information Record TLV 908 SFF Information Record TLV is a variable-length TLV that includes the 909 information of all SFFs mapped to the particular SFF instance for the 910 specified SFP. Figure 9 presents the format of an SFC Echo Request/ 911 Reply TLV, where fields are defined as the following: 913 Reserved - one-octet-long field. 915 Service Path Identifier (SPI): The identifier of SFP to which all 916 the SFs in this TLV belong. 918 SF Information Sub-TLV: The Sub-TLV is as defined in Figure 10. 920 6.6.3. SF Information Sub-TLV 922 Every SFF receiving CVReq packet MUST include the SF characteristic 923 data into the CVRep packet. The data format of an SF sub-TLV, 924 included in a CVRep packet, is displayed in Figure 10. 926 After the CVReq message traverses the SFP, all the information of the 927 SFs on the SFP is collected from the TLVs included in CVRep messages. 929 0 1 2 3 930 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 931 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 932 |SF sub-TLV| Reserved | Length | 933 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 934 |Service Index | SF Type | SF ID Type | 935 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 936 | SF Identifiers | 937 ~ ~ 938 | | 939 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 941 Figure 10: Service Function information sub-TLV 943 SF sub-TLV Type: Two octets long field. It indicates that the TLV is 944 an SF TLV that contains the information of one SF. 946 Length: Two octets long field. The value of the field is the length 947 of the data following the Length field counted in octets. 949 Service Index: Indicates the SF's position on the SFP. 951 SF Type: Two octets long field. It is defined in [RFC9015] and 952 indicates the type of SF, e.g., Firewall, Deep Packet Inspection, WAN 953 optimization controller, etc. 955 Reserved: For future use. MUST be zeroed on transmission and MUST be 956 ignored on receipt. 958 SF ID Type: One octet-long field with values defined as Section 9.7. 960 SF Identifier: An identifier of the SF. The length of the SF 961 Identifier depends on the type of the SF ID Type. For example, if 962 the SF Identifier is its IPv4 address, the SF Identifier should be 32 963 bits. SF ID Type and SF Identifier may be a list, of the SFs 964 included in a load balance group. 966 6.6.4. SF Information Sub-TLV Construction 968 Each SFF in the SFP MUST send one and only one CVRep corresponding to 969 the CVReq. If only one SF is attached to the SFF in such SFP, only 970 one SF information sub-TLV is included in the CVRep. If several SFs 971 attached to the SFF in the SFP, SF Information Sub-TLV MUST be 972 constructed as described below in either Section 6.6.4.1 and 973 Section 6.6.4.2. 975 6.6.4.1. Multiple SFs as hops of SFP 977 Multiple SFs attached to the same SFF are the hops of the SFP. The 978 service indexes of these SFs are different. Service function types 979 of these SFs could be different or be the same. Information about 980 all SFs MAY be included in the CVRep message. Information about each 981 SF MUST be listed as separate SF Information Sub-TLVs in the CVRep 982 message. 984 An example of the SFP consistency verification procedure for this 985 case is shown in Figure 11. The Service Function Path(SPI=x) is 986 SF1->SF2->SF4->SF3. The SF1, SF2, and SF3 are attached to SFF1, and 987 SF4 is attached to SFF2. The CVReq message is sent to the SFFs in 988 the sequence of the SFP(SFF1->SFF2->SFF1). Every SFF(SFF1, SFF2) 989 replies with the information of SFs belonging to the SFP. The SF 990 information Sub-TLV in Figure 10 contains information for each SF 991 (SF1, SF2, SF3, and SF4). 993 SF1 SF2 SF4 SF3 994 +------+------+ | | 995 CVReq ......> SFF1 ......> SFF2 ......> SFF1 996 (SPI=x) . . . 997 <............ <.......... <........... 998 CVRep1(SF1,SF2) CVRep2(SF4) CVRep3(SF3) 1000 Figure 11: Example 1 for CVRep with multiple SFs 1002 6.6.4.2. Multiple SFs for load balance 1004 Multiple SFs may be attached to the same SFF to balance the load; in 1005 other words, that means that the particular traffic flow will 1006 traverse only one of these SFs. These SFs have the same Service 1007 Function Type and Service Index. For this case, the SF identifiers 1008 and SF ID Type of all these SFs will be listed in the SF Identifiers 1009 field and SF ID Type in a single SF information sub-TLV of the CVRep 1010 message. The number of these SFs can be calculated using the SF ID 1011 Type and the value of the Length field of the sub-TLV. 1013 An example of the SFP consistency verification procedure for this 1014 case is shown in Figure 12. The Service Function Path (SPI=x) is 1015 SF1a/SF1b->SF2a/SF2b. The Service Functions SF1a and SF1b are 1016 attached to SFF1, which balances the load among them. The Service 1017 Functions SF2a and SF2b are attached to SFF2, which, in turn, 1018 balances its load between them. The CVReq message is sent to the 1019 SFFs in the sequence of the SFP (i.e. SFF1->SFF2). Every SFF (SFF1, 1020 SFF2) replies with the information of SFs belonging to the SFP. The 1021 SF information Sub-TLV in Figure 10 contains information for all SFs 1022 at that hop. 1024 /SF1a /SF2a 1025 \SF1b \SF2b 1026 | | 1027 SFF1 SFF2 1028 CVReq .........> . .........> . 1029 (SPI=x) . . 1030 <............ <............... 1031 CVRep1({SF1a,SF1b}) CVRep2({SF2a,SF2b}) 1033 Figure 12: Example 2 for CVRep with multiple SFs 1035 7. Security Considerations 1037 When the integrity protection for SFC active OAM, and SFC Echo 1038 Request/Reply in particular, is required, it is RECOMMENDED to use 1039 one of the Context Headers defined in [I-D.ietf-sfc-nsh-integrity]. 1040 MAC#1 (Message Authentication Code) Context Header could be more 1041 suitable for active SFC OAM because it does not require re- 1042 calculation of the MAC when the value of the NSH Base Header's TTL 1043 field is changed. The integrity protection for SFC active OAM can 1044 also be achieved using mechanisms in the underlay data plane. For 1045 example, if the underlay is an IPv6 network, IP Authentication Header 1046 [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can 1047 be used to provide integrity protection. Confidentiality for the SFC 1048 Echo Request/Reply exchanges can be achieved using the IP 1049 Encapsulating Security Payload Header [RFC4303]. Also, the security 1050 needs for SFC Echo Request/Reply are similar to those of ICMP ping 1051 [RFC0792], [RFC4443] and MPLS LSP ping [RFC8029]. 1053 There are at least three approaches to attacking a node in the 1054 overlay network using the mechanisms defined in the document. One is 1055 a Denial-of-Service attack, sending an SFC Echo Request to overload 1056 an element of the SFC. The second may use spoofing, hijacking, 1057 replying, or otherwise tampering with SFC Echo Requests and/or 1058 replies to misrepresent, alter the operator's view of the state of 1059 the SFC. The third is an unauthorized source using an SFC Echo 1060 Request/Reply to obtain information about the SFC and/or its 1061 elements, e.g., SFF or SF. 1063 It is RECOMMENDED that implementations throttle the SFC ping traffic 1064 going to the control plane to mitigate potential Denial-of-Service 1065 attacks. 1067 Reply and spoofing attacks involving faking or replying to SFC Echo 1068 Reply messages would have to match the Sender's Handle and Sequence 1069 Number of an outstanding SFC Echo Request message, which is highly 1070 unlikely. Thus the non-matching reply would be discarded. 1072 To protect against unauthorized sources trying to obtain information 1073 about the overlay and/or underlay, an implementation MAY check that 1074 the source of the Echo Request is indeed part of the SFP. 1076 Also, since Service Function sub-TLV discloses information about the 1077 SFP the spoofed CVReq packet may be used to obtain network 1078 information, it is RECOMMENDED that implementations provide a means 1079 of checking the source addresses of CVReq messages, specified in SFC 1080 Source TLV Section 6.3.1, against an access list before accepting the 1081 message. 1083 8. Acknowledgments 1085 The authors greatly appreciate the thorough review and the most 1086 helpful comments from Dan Wing, Dirk von Hugo, and Mohamed Boucadair. 1087 The authors are thankful to John Drake for his review and the 1088 reference to the work on BGP Control Plane for NSH SFC. The authors 1089 express their appreciation to Joel M. Halpern for his suggestion 1090 about the load-balancing scenario. 1092 9. IANA Considerations 1093 9.1. SFC Active OAM Protocol 1095 IANA is requested to assign a new type from the SFC Next Protocol 1096 registry as follows: 1098 +=======+================+===============+ 1099 | Value | Description | Reference | 1100 +=======+================+===============+ 1101 | TBA1 | SFC Active OAM | This document | 1102 +-------+----------------+---------------+ 1104 Table 2: SFC Active OAM Protocol 1106 9.2. SFC Active OAM 1108 IANA is requested to create a new SFC Active OAM registry. 1110 9.2.1. Version in the Active SFC OAM Header 1112 IANA is requested to create in the SFC Active OAM registry a new sub- 1113 registry called "SFC Active OAM Header Version". All code points are 1114 assigned according to the "IETF Review" procedure specified in 1115 [RFC8126]. The remaining code points to be allocated according to 1116 Table 3: 1118 +==============+=======================+===============+ 1119 | Version | Description | Reference | 1120 +==============+=======================+===============+ 1121 | Version 0b00 | Protocol as defined | This document | 1122 | | by this specification | | 1123 +--------------+-----------------------+---------------+ 1124 | Version 0b01 | Unassigned | This document | 1125 +--------------+-----------------------+---------------+ 1126 | Version 0b10 | Unassigned | This document | 1127 +--------------+-----------------------+---------------+ 1128 | Version 0b11 | Unassigned | This document | 1129 +--------------+-----------------------+---------------+ 1131 Table 3: SFC Active OAM Header Version 1133 9.2.2. SFC Active OAM Message Type 1135 IANA is requested to create in the SFC Active OAM registry a new sub- 1136 registry called "SFC Active OAM Message Type". All code points in 1137 the range 1 through 32767 in this registry shall be allocated 1138 according to the "IETF Review" procedure specified in [RFC8126]. The 1139 remaining code points to be allocated according to Table 4: 1141 +===============+=============+=========================+ 1142 | Value | Description | Reference | 1143 +===============+=============+=========================+ 1144 | 0 | Reserved | | 1145 +---------------+-------------+-------------------------+ 1146 | 1 - 32767 | Reserved | IETF Consensus | 1147 +---------------+-------------+-------------------------+ 1148 | 32768 - 65530 | Reserved | First Come First Served | 1149 +---------------+-------------+-------------------------+ 1150 | 65531 - 65534 | Reserved | Private Use | 1151 +---------------+-------------+-------------------------+ 1152 | 65535 | Reserved | | 1153 +---------------+-------------+-------------------------+ 1155 Table 4: SFC Active OAM Message Type 1157 IANA is requested to assign a new type from the SFC Active OAM 1158 Message Type sub-registry as follows: 1160 +=======+=============================+===============+ 1161 | Value | Description | Reference | 1162 +=======+=============================+===============+ 1163 | TBA2 | SFC Echo Request/Echo Reply | This document | 1164 +-------+-----------------------------+---------------+ 1166 Table 5: SFC Echo Request/Echo Reply Type 1168 9.2.3. SFC Active OAM Header Flags 1170 IANA is requested to create in the SFC Active OAM registry the new 1171 sub-registry SFC Active OAM Flags. 1173 This sub-registry tracks the assignment of 8 flags in the Flags field 1174 of the SFC Active OAM Header. The flags are numbered from 0 (most 1175 significant bit, transmitted first) to 7. 1177 New entries are assigned by Standards Action. 1179 +============+=============+===============+ 1180 | Bit Number | Description | Reference | 1181 +============+=============+===============+ 1182 | 7-0 | Unassigned | This document | 1183 +------------+-------------+---------------+ 1185 Table 6: SFC Active OAM Header Flags 1187 9.3. SFC Echo Request/Echo Reply Parameters 1189 IANA is requested to create a new SFC Echo Request/Echo Reply 1190 Parameters registry. 1192 9.3.1. SFC Echo Request/Reply Version 1194 IANA is requested to create in the SFC Echo Request/Echo Reply 1195 Parameters registry a new sub-registry called "SFC Echo Request/Reply 1196 Version". All code points assigned according to the "IETF Review" 1197 procedure specified in [RFC8126]. The remaining code points to be 1198 allocated according to Table 7: 1200 +==============+=======================+===============+ 1201 | Version | Description | Reference | 1202 +==============+=======================+===============+ 1203 | Version 0b00 | Protocol as defined | This document | 1204 | | by this specification | | 1205 +--------------+-----------------------+---------------+ 1206 | Version 0b01 | Unassigned | This document | 1207 +--------------+-----------------------+---------------+ 1208 | Version 0b10 | Unassigned | This document | 1209 +--------------+-----------------------+---------------+ 1210 | Version 0b11 | Unassigned | This document | 1211 +--------------+-----------------------+---------------+ 1213 Table 7: SFC Echo Request/Reply Version 1215 9.3.2. SFC Echo Request Flags 1217 IANA is requested to create in the SFC Echo Request/Echo Reply 1218 Parameters registry the new sub-registry SFC Echo Request Flags. 1220 This sub-registry tracks the assignment of 16 flags in the SFC Echo 1221 Request Flags field of the SFC Echo Request message. The flags are 1222 numbered from 0 (most significant bit, transmitted first) to 15. 1224 New entries are assigned by Standards Action. 1226 +============+=============+===============+ 1227 | Bit Number | Description | Reference | 1228 +============+=============+===============+ 1229 | 15-0 | Unassigned | This document | 1230 +------------+-------------+---------------+ 1232 Table 8: SFC Echo Request Flags 1234 9.3.3. SFC Echo Request/Echo Reply Message Types 1236 IANA is requested to create in the SFC Echo Request/Echo Reply 1237 Parameters registry the new sub-registry Message Types. All code 1238 points in the range 1 through 175 in this registry shall be allocated 1239 according to the "IETF Review" procedure specified in [RFC8126]. 1240 Code points in the range 176 through 239 in this registry shall be 1241 allocated according to the "First Come First Served" procedure 1242 specified in [RFC8126]. The remaining code points are allocated as 1243 specified in Table 9. 1245 +===========+==============+===============+ 1246 | Value | Description | Reference | 1247 +===========+==============+===============+ 1248 | 0 | Reserved | This document | 1249 +-----------+--------------+---------------+ 1250 | 1- 175 | Unassigned | This document | 1251 +-----------+--------------+---------------+ 1252 | 176 - 239 | Unassigned | This document | 1253 +-----------+--------------+---------------+ 1254 | 240 - 251 | Experimental | This document | 1255 +-----------+--------------+---------------+ 1256 | 252 - 254 | Private Use | This document | 1257 +-----------+--------------+---------------+ 1258 | 255 | Reserved | This document | 1259 +-----------+--------------+---------------+ 1261 Table 9: SFC Echo Request/Echo Reply 1262 Message Types 1264 IANA is requested to assign values as listed in Table 10. 1266 +=======+======================================+===============+ 1267 | Value | Description | Reference | 1268 +=======+======================================+===============+ 1269 | TBA3 | SFC Echo Request | This document | 1270 +-------+--------------------------------------+---------------+ 1271 | TBA4 | SFC Echo Reply | This document | 1272 +-------+--------------------------------------+---------------+ 1273 | TBA16 | SFP Consistency Verification Request | This document | 1274 +-------+--------------------------------------+---------------+ 1275 | TBA17 | SFP Consistency Verification Reply | This document | 1276 +-------+--------------------------------------+---------------+ 1278 Table 10: SFC Echo Request/Echo Reply Message Types Values 1280 9.3.4. SFC Echo Reply Modes 1282 IANA is requested to create in the SFC Echo Request/Echo Reply 1283 Parameters registry the new sub-registry Reply Mode. All code points 1284 in the range 1 through 175 in this registry shall be allocated 1285 according to the "IETF Review" procedure specified in [RFC8126]. 1286 Code points in the range 176 through 239 in this registry shall be 1287 allocated according to the "First Come First Served" procedure 1288 specified in [RFC8126]. The remaining code points are allocated 1289 according to Table 11. 1291 +===========+==============+===============+ 1292 | Value | Description | Reference | 1293 +===========+==============+===============+ 1294 | 0 | Reserved | This document | 1295 +-----------+--------------+---------------+ 1296 | 1- 175 | Unassigned | This document | 1297 +-----------+--------------+---------------+ 1298 | 176 - 239 | Unassigned | This document | 1299 +-----------+--------------+---------------+ 1300 | 240 - 251 | Experimental | This document | 1301 +-----------+--------------+---------------+ 1302 | 252 - 254 | Private Use | This document | 1303 +-----------+--------------+---------------+ 1304 | 255 | Reserved | This document | 1305 +-----------+--------------+---------------+ 1307 Table 11: SFC Echo Reply Mode 1309 All code points in the range 1 through 191 in this registry shall be 1310 allocated according to the "IETF Review" procedure specified in 1311 [RFC8126] and assign values as listed in Table 12. 1313 +=======+====================================+===============+ 1314 | Value | Description | Reference | 1315 +=======+====================================+===============+ 1316 | 0 | Reserved | | 1317 +-------+------------------------------------+---------------+ 1318 | TBA5 | Do Not Reply | This document | 1319 +-------+------------------------------------+---------------+ 1320 | TBA6 | Reply via an IPv4/IPv6 UDP Packet | This document | 1321 +-------+------------------------------------+---------------+ 1322 | TBA7 | Reply via Application Level | This document | 1323 | | Control Channel | | 1324 +-------+------------------------------------+---------------+ 1325 | TBA8 | Reply via Specified Path | This document | 1326 +-------+------------------------------------+---------------+ 1327 | TBA9 | Reply via an IPv4/IPv6 UDP Packet | This document | 1328 | | with the data integrity protection | | 1329 +-------+------------------------------------+---------------+ 1330 | TBA10 | Reply via Application Level | This document | 1331 | | Control Channel with the data | | 1332 | | integrity protection | | 1333 +-------+------------------------------------+---------------+ 1334 | TBA11 | Reply via Specified Path with the | This document | 1335 | | data integrity protection | | 1336 +-------+------------------------------------+---------------+ 1338 Table 12: SFC Echo Reply Mode Values 1340 9.3.5. SFC Echo Return Codes 1342 IANA is requested to create in the SFC Echo Request/Echo Reply 1343 Parameters registry the new sub-registry Return Codes as described in 1344 Table 13. 1346 +=========+=============+=========================+ 1347 | Value | Description | Reference | 1348 +=========+=============+=========================+ 1349 | 0-191 | Unassigned | IETF Review | 1350 +---------+-------------+-------------------------+ 1351 | 192-251 | Unassigned | First Come First Served | 1352 +---------+-------------+-------------------------+ 1353 | 252-254 | Unassigned | Private Use | 1354 +---------+-------------+-------------------------+ 1355 | 255 | Reserved | | 1356 +---------+-------------+-------------------------+ 1358 Table 13: SFC Echo Return Codes 1360 Values defined for the Return Codes sub-registry are listed in 1361 Table 14. 1363 +=======+=================================+===============+ 1364 | Value | Description | Reference | 1365 +=======+=================================+===============+ 1366 | 0 | No Return Code | This document | 1367 +-------+---------------------------------+---------------+ 1368 | 1 | Malformed Echo Request received | This document | 1369 +-------+---------------------------------+---------------+ 1370 | 2 | One or more of the TLVs was not | This document | 1371 | | understood | | 1372 +-------+---------------------------------+---------------+ 1373 | 3 | Authentication failed | This document | 1374 +-------+---------------------------------+---------------+ 1375 | 4 | TTL Exceeded | This document | 1376 +-------+---------------------------------+---------------+ 1377 | 5 | End of the SFP | This document | 1378 +-------+---------------------------------+---------------+ 1379 | 6 | Reply Path TLV is missing | This document | 1380 +-------+---------------------------------+---------------+ 1381 | 7 | Reply SFP was not found | This document | 1382 +-------+---------------------------------+---------------+ 1383 | 8 | Unverifiable Reply Path | This document | 1384 +-------+---------------------------------+---------------+ 1386 Table 14: SFC Echo Return Codes Values 1388 9.4. SFC Active OAM TLV Type 1390 IANA is requested to create the SFC Active OAM TLV Type registry. 1391 All code points in the range 1 through 175 in this registry shall be 1392 allocated according to the "IETF Review" procedure specified in 1393 [RFC8126]. Code points in the range 176 through 239 in this registry 1394 shall be allocated according to the "First Come First Served" 1395 procedure specified in [RFC8126]. The remaining code points are 1396 allocated according to Table 15: 1398 +===========+==============+===============+ 1399 | Value | Description | Reference | 1400 +===========+==============+===============+ 1401 | 0 | Reserved | This document | 1402 +-----------+--------------+---------------+ 1403 | 1- 175 | Unassigned | This document | 1404 +-----------+--------------+---------------+ 1405 | 176 - 239 | Unassigned | This document | 1406 +-----------+--------------+---------------+ 1407 | 240 - 251 | Experimental | This document | 1408 +-----------+--------------+---------------+ 1409 | 252 - 254 | Private Use | This document | 1410 +-----------+--------------+---------------+ 1411 | 255 | Reserved | This document | 1412 +-----------+--------------+---------------+ 1414 Table 15: SFC Active OAM TLV Type Registry 1416 This document defines the following new values in SFC Active OAM TLV 1417 Type registry: 1419 +========+======================+===============+ 1420 | Value | Description | Reference | 1421 +========+======================+===============+ 1422 | TBA12 | Multiple TLVs Used | This document | 1423 +--------+----------------------+---------------+ 1424 | TBA13 | Source ID TLV | This document | 1425 +--------+----------------------+---------------+ 1426 | TBA14 | Errored TLVs | This document | 1427 +--------+----------------------+---------------+ 1428 | TBA23 | SFC Reply Path Type | This document | 1429 +--------+----------------------+---------------+ 1431 Table 16: SFC OAM Type Values 1433 9.5. SFF Information Record TLV Type 1435 IANA is requested to assign a new type value from SFC OAM TLV Type 1436 registry as follows: 1438 +=======+=============================+===============+ 1439 | Value | Description | Reference | 1440 +=======+=============================+===============+ 1441 | TBA18 | SFF Information Record Type | This document | 1442 +-------+-----------------------------+---------------+ 1444 Table 17: SFF-Information Record 1446 9.6. SF Information Sub-TLV Type 1448 IANA is requested to assign a new type value from SFC OAM TLV Type 1449 registry as follows: 1451 +=======+================+===============+ 1452 | Value | Description | Reference | 1453 +=======+================+===============+ 1454 | TBA19 | SF Information | This document | 1455 +-------+----------------+---------------+ 1457 Table 18: SF-Information Sub-TLV Type 1459 9.7. SF Identifier Types 1461 IANA is requested to create in the registry SF Types the new sub- 1462 registry SF Identifier Types. All code points in the range 1 through 1463 191 in this registry shall be allocated according to the "IETF 1464 Review" procedure as specified in [RFC8126] and assign values as 1465 follows: 1467 +=============+=============+=========================+ 1468 | Value | Description | Reference | 1469 +=============+=============+=========================+ 1470 | 0 | Reserved | This document | 1471 +-------------+-------------+-------------------------+ 1472 | TBA20 | IPv4 | This document | 1473 +-------------+-------------+-------------------------+ 1474 | TBA21 | IPv6 | This document | 1475 +-------------+-------------+-------------------------+ 1476 | TBA22 | MAC | This document | 1477 +-------------+-------------+-------------------------+ 1478 | TBA22+1-191 | Unassigned | IETF Review | 1479 +-------------+-------------+-------------------------+ 1480 | 192-251 | Unassigned | First Come First Served | 1481 +-------------+-------------+-------------------------+ 1482 | 252-254 | Unassigned | Private Use | 1483 +-------------+-------------+-------------------------+ 1484 | 255 | Reserved | This document | 1485 +-------------+-------------+-------------------------+ 1487 Table 19: SF Identifier Type 1489 10. References 1491 10.1. Normative References 1493 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1494 Requirement Levels", BCP 14, RFC 2119, 1495 DOI 10.17487/RFC2119, March 1997, 1496 . 1498 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1499 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1500 May 2017, . 1502 [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., 1503 "Network Service Header (NSH)", RFC 8300, 1504 DOI 10.17487/RFC8300, January 2018, 1505 . 1507 10.2. Informative References 1509 [I-D.ietf-sfc-nsh-integrity] 1510 Boucadair, M., Reddy, T., and D. Wing, "Integrity 1511 Protection for the Network Service Header (NSH) and 1512 Encryption of Sensitive Context Headers", Work in 1513 Progress, Internet-Draft, draft-ietf-sfc-nsh-integrity-09, 1514 20 September 2021, . 1517 [I-D.ietf-sfc-nsh-tlv] 1518 Wei, Y., Elzur, U., Majee, S., Pignataro, C., and D. E. 1519 Eastlake, "Network Service Header Metadata Type 2 1520 Variable-Length Context Headers", Work in Progress, 1521 Internet-Draft, draft-ietf-sfc-nsh-tlv-08, 1 September 1522 2021, . 1525 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1526 RFC 792, DOI 10.17487/RFC0792, September 1981, 1527 . 1529 [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, 1530 DOI 10.17487/RFC4302, December 2005, 1531 . 1533 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 1534 RFC 4303, DOI 10.17487/RFC4303, December 2005, 1535 . 1537 [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 1538 Control Message Protocol (ICMPv6) for the Internet 1539 Protocol Version 6 (IPv6) Specification", STD 89, 1540 RFC 4443, DOI 10.17487/RFC4443, March 2006, 1541 . 1543 [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, 1544 "IPv6 Flow Label Specification", RFC 6437, 1545 DOI 10.17487/RFC6437, November 2011, 1546 . 1548 [RFC7110] Chen, M., Cao, W., Ning, S., Jounay, F., and S. Delord, 1549 "Return Path Specified Label Switched Path (LSP) Ping", 1550 RFC 7110, DOI 10.17487/RFC7110, January 2014, 1551 . 1553 [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function 1554 Chaining (SFC) Architecture", RFC 7665, 1555 DOI 10.17487/RFC7665, October 2015, 1556 . 1558 [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with 1559 Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, 1560 May 2016, . 1562 [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., 1563 Aldrin, S., and M. Chen, "Detecting Multiprotocol Label 1564 Switched (MPLS) Data-Plane Failures", RFC 8029, 1565 DOI 10.17487/RFC8029, March 2017, 1566 . 1568 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1569 Writing an IANA Considerations Section in RFCs", BCP 26, 1570 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1571 . 1573 [RFC8595] Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based 1574 Forwarding Plane for Service Function Chaining", RFC 8595, 1575 DOI 10.17487/RFC8595, June 2019, 1576 . 1578 [RFC8924] Aldrin, S., Pignataro, C., Ed., Kumar, N., Ed., Krishnan, 1579 R., and A. Ghanwani, "Service Function Chaining (SFC) 1580 Operations, Administration, and Maintenance (OAM) 1581 Framework", RFC 8924, DOI 10.17487/RFC8924, October 2020, 1582 . 1584 [RFC9015] Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L. 1585 Jalil, "BGP Control Plane for the Network Service Header 1586 in Service Function Chaining", RFC 9015, 1587 DOI 10.17487/RFC9015, June 2021, 1588 . 1590 Contributors' Addresses 1592 Cui Wang 1593 Individual contributor 1595 Email: lindawangjoy@gmail.com 1597 Bhumip Khasnabish 1598 Individual contributor 1600 Email: vumip1@gmail.com 1602 Zhonghua Chen 1603 China Telecom 1604 No.1835, South PuDong Road 1605 Shanghai 1606 201203 1607 China 1609 Phone: +86 18918588897 1610 Email: 18918588897@189.cn 1612 Authors' Addresses 1614 Greg Mirsky 1615 Ericsson 1617 Email: gregimirsky@gmail.com 1619 Wei Meng 1620 ZTE Corporation 1621 No.50 Software Avenue, Yuhuatai District 1622 Nanjing, 1623 China 1625 Email: meng.wei2@zte.com.cn 1626 Ting Ao 1627 Individual contributor 1628 No.889, BiBo Road 1629 Shanghai 1630 201203 1631 China 1633 Phone: +86 17721209283 1634 Email: 18555817@qq.com 1636 Kent Leung 1637 Cisco System 1638 170 West Tasman Drive 1639 San Jose, CA 95134, 1640 United States of America 1642 Email: kleung@cisco.com 1644 Gyan Mishra 1645 Verizon Inc. 1647 Email: gyan.s.mishra@verizon.com