idnits 2.17.1 draft-ietf-sfc-offloads-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 2, 2017) is 2582 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'NSH' is mentioned on line 396, but not defined ** Downref: Normative reference to an Informational draft: draft-ietf-sfc-architecture (ref. 'I-D.ietf-sfc-architecture') == Outdated reference: A later version (-28) exists of draft-ietf-sfc-nsh-12 -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Service Function Chaining S. Kumar 3 Internet-Draft Cisco Systems, Inc. 4 Intended status: Standards Track J. Guichard 5 Expires: October 4, 2017 Huawei Technologies Co.,Ltd. 6 P. Quinn 7 Cisco Systems, Inc. 8 J. Halpern 9 Ericsson 10 S. Majee 11 F5 Networks 12 April 2, 2017 14 Service Function Simple Offloads 15 draft-ietf-sfc-offloads-00 17 Abstract 19 Service Function Chaining (SFC) enables services to be delivered by 20 selective traffic steering through an ordered set of service 21 functions. Once classified into an SFC, the traffic for a given flow 22 is steered through all the service functions of the SFC for the life 23 of the traffic flow even though this is often not necessary. 24 Steering traffic to service functions only while required and not 25 otherwise, leads to shorter SFC forwarding paths with improved 26 latencies, reduced resource consumption and better user experience. 28 This document describes the rationale, techniques and necessary 29 protocol extensions to achieve such optimization, with focus on one 30 such technique termed "simple offloads". 32 Status of This Memo 34 This Internet-Draft is submitted in full conformance with the 35 provisions of BCP 78 and BCP 79. 37 Internet-Drafts are working documents of the Internet Engineering 38 Task Force (IETF). Note that other groups may also distribute 39 working documents as Internet-Drafts. The list of current Internet- 40 Drafts is at http://datatracker.ietf.org/drafts/current/. 42 Internet-Drafts are draft documents valid for a maximum of six months 43 and may be updated, replaced, or obsoleted by other documents at any 44 time. It is inappropriate to use Internet-Drafts as reference 45 material or to cite them other than as "work in progress." 47 This Internet-Draft will expire on October 4, 2017. 49 Copyright Notice 51 Copyright (c) 2017 IETF Trust and the persons identified as the 52 document authors. All rights reserved. 54 This document is subject to BCP 78 and the IETF Trust's Legal 55 Provisions Relating to IETF Documents 56 (http://trustee.ietf.org/license-info) in effect on the date of 57 publication of this document. Please review these documents 58 carefully, as they describe your rights and restrictions with respect 59 to this document. Code Components extracted from this document must 60 include Simplified BSD License text as described in Section 4.e of 61 the Trust Legal Provisions and are provided without warranty as 62 described in the Simplified BSD License. 64 Table of Contents 66 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 68 2. Definition Of Terms . . . . . . . . . . . . . . . . . . . . . 3 69 3. Service Function Path Reduction . . . . . . . . . . . . . . . 4 70 3.1. Bypass . . . . . . . . . . . . . . . . . . . . . . . . . 4 71 3.2. Simple Offload . . . . . . . . . . . . . . . . . . . . . 5 72 3.2.1. Stateful SFF . . . . . . . . . . . . . . . . . . . . 7 73 3.2.2. Packet Re-ordering . . . . . . . . . . . . . . . . . 7 74 3.2.3. Race Conditions . . . . . . . . . . . . . . . . . . . 8 75 3.2.4. Policy Implications . . . . . . . . . . . . . . . . . 8 76 3.2.5. Capabilities Exchange . . . . . . . . . . . . . . . . 8 77 4. Methods For SFP Reduction . . . . . . . . . . . . . . . . . . 9 78 4.1. SFP In-band Offload . . . . . . . . . . . . . . . . . . . 9 79 4.1.1. Progression Of SFP Reduction . . . . . . . . . . . . 11 80 4.2. Service Controller Offload . . . . . . . . . . . . . . . 12 81 5. Simple Offload Data-plane Signaling . . . . . . . . . . . . . 13 82 5.1. Offload Flags Definition . . . . . . . . . . . . . . . . 14 83 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 84 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 85 7.1. Standard Class Registry . . . . . . . . . . . . . . . . . 15 86 7.1.1. Simple Offloads TLV . . . . . . . . . . . . . . . . . 15 87 8. Security Considerations . . . . . . . . . . . . . . . . . . . 16 88 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 89 9.1. Normative References . . . . . . . . . . . . . . . . . . 16 90 9.2. Informative References . . . . . . . . . . . . . . . . . 16 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 93 1. Introduction 95 Service function chaining involves steering traffic flows through a 96 set of service functions in a specific order. Such an ordered list 97 of service functions is called a Service Function Chain (SFC). The 98 actual forwarding path used to realize an SFC is called the Service 99 Function Path (SFP). 101 Service functions forming an SFC are hosted at different points in 102 the network, often co-located with different types of service 103 functions to form logical groupings. Applying a SFC thus requires 104 traffic steering by the SFC infrastructure from one service function 105 to the next until all the service functions of the SFC are applied. 106 Service functions know best what type of traffic they can service and 107 how much traffic needs to be delivered to them to achieve complete 108 delivery of service. As a consequence any service function may 109 potentially request, within its policy constraints, traffic no longer 110 be delivered to it or its function be performed by the SFC 111 infrastructure, if such a mechanism is available. 113 While there are several possible means to achieve this, one of the 114 most flexible, directly connected to functional semantics, is based 115 on allowing service functions themselves to evaluate a particular 116 flow and reflect the result of this evaluation back to the SFC 117 infrastructure. 119 This document outlines the "simple offloads" mechanism that avoids 120 steering traffic to service functions on flow boundary, on request 121 from the service functions, while still ensuring compliance to the 122 instantiated policy that mandates the SFC. 124 1.1. Requirements Language 126 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 127 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 128 document are to be interpreted as described in RFC 2119 [RFC2119]. 130 2. Definition Of Terms 132 This document uses the following terms. Additional terms are defined 133 in [RFC7498], [I-D.ietf-sfc-architecture] and [I-D.ietf-sfc-nsh]. 135 Service Controller (SC): The entity responsible for managing the 136 service chains, including create/read/update/delete actions as 137 well as programming the service forwarding state in the network - 138 SFP distribution. 140 Classifier (CF): The entity, responsible for selecting traffic as 141 well as SFP, based on policy, and forwarding the selected traffic 142 on the SFP after adding the necessary encapsulation. Classifier 143 is implicitly an SFF. 145 Offload: A request or a directive from the SF to alter the SFP so as 146 to remove the requesting SF from the SFP while maintaining the 147 effect of the removed SF on the offloaded flow. 149 3. Service Function Path Reduction 151 The packet forwarding path of a SFP involves the classifier, one or 152 more SFFs and all the SFs that are part of the SFP. Packets of a 153 flow are forwarded along this path to each of the SFs, for the life 154 of the flow, whether SFs perform the full function in treating the 155 packet or reapply the cached result, from the last application of the 156 function, on the residual packets of the flow. In other words, every 157 packet on the flow incurs the same latency and the end-to-end SFP 158 latency remains more or less constant subject to the nature of the 159 SFs involved. If an SF can be removed from the SFP, for a specific 160 flow, traffic steering to the SF is avoided for that flow; thus 161 leading to a shorter SFP for the flow. When multiple SFs in a SFP 162 are removed, the SFP starts to converge towards the optimum path, 163 incurring a fraction of the latency associated with traversing the 164 SFP. 166 Although SFs are removed from the SFP, the corresponding SFC is not 167 changed - this is subtle but an important characteristic of this 168 mechanism. In other words, this mechanism does not alter the SFC and 169 still uses the SFP associated with the SFC. 171 There are two primary approaches to removing an SF from the SFP. 172 Namely, 174 o Bypass: Mechanism that alters the SFC. Described in this draft 175 for completeness. 177 o Simple Offload: Mechanism that alters the SFP alone, does not 178 affect the SFC. This is the primary focus of this draft. 180 3.1. Bypass 182 Many service functions do not deliver service to certain types of 183 traffic. For instance, typical WAN optimization service functions 184 are geared towards optimizing TCP traffic and add no value to non-TCP 185 traffic. Non-TCP traffic thus can bypass such a service function. 186 Even in the case of TCP, a WAN optimization SF may not be able to 187 service the traffic if the corresponding TCP flow is not seen by it 188 from inception. In such a situation a WAN optimization SF can avoid 189 the overhead of processing such a flow or reserving resources for it, 190 if it had the ability to request such flows not be steered to it. In 191 other words such service functions need the ability to request they 192 be bypassed for a specified flow from a certain time in the life of 193 that flow. 195 A seemingly simple alternative is to require service functions pre 196 specify the traffic flow types they add value to, such as the one- 197 tuple: IP protocol-type described above. A classifier built to use 198 such data exposed by SFs, may thus enable bypassing such SFs for 199 specific flows by way of selecting a different SFC that does not 200 contain the SF being removed. 202 Although knowledge of detailed SF profiles helps SFC selection at the 203 classifier starting the SFC, it leads to shortcomings. 205 o It adds to the overhead of classification at that classifier as 206 all SF classification requirements have to be met by the 207 classifier. 209 o It leads to conflicts in classification requirements between the 210 classifier and the SFs. Classification needs of different SFs in 211 the same SFC may vary. A classifier thus cannot classify traffic 212 based on the classification of one of the SFs in the chain. For 213 instance, even though a flow is uninteresting to one SF on an SFC, 214 it may be interesting to another SF in the same SFC. 216 o The trigger for bypassing an SF may be dynamic as opposed to the 217 static classification at the classifier - it may originate at the 218 SFs themselves and involve the control and policy planes. The 219 policy and control planes may react to such a trigger by 220 instructing the classifier to select a different SFC for the flow, 221 thereby achieving SF bypass. 223 3.2. Simple Offload 225 Service delivery by a class of service functions involves inspecting 226 the initial portion of the traffic and determining whether traffic 227 should be permitted or dropped. In some service functions, such an 228 inspection may be limited to just the five tuple, in some others it 229 may involve protocol headers, and in yet others it may involve 230 inspection of the byte stream or application content based on the 231 policy specified. Firewall service functions fall into such a class, 232 for example. In all such instances, servicing involves determining 233 whether to permit the traffic to proceed onwards or to deny the 234 traffic from proceeding onwards and drop the traffic. In some cases, 235 dropping of the traffic may be accompanied with the generation of a 236 response to the originator of traffic or to the destination or both. 237 Once the service function determines the result - permit or deny (or 238 drop), it simply applies the same result to the residual packets of 239 the flow by caching the result in the flow state. 241 In essence, the effect of service delivery is a PERMIT or a DENY 242 action on the traffic of a flow. This class of service functions can 243 avoid all the overhead of processing such traffic at the SF, by 244 simply requesting another entity in the SFP, to assume the function 245 of performing the action determined by the service function. Since 246 PERMIT and DENY are very simple actions, other entities in the SFP 247 are very likely to be able to perform them on behalf of the 248 requesting SF. A service function can thus offload simple functions 249 to other entities in the SFP. 251 As with PERMIT and DENY actions, there are others which are simple 252 enough to be supported. Some are listed here for illustration. 254 Unidirectional Offload: Client-Server communication, typical of HTTP 255 request-response transactions, imposes higher cost on SFs in one 256 direction. Reponses often carry more bytes, sometimes orders of 257 mangnitude more, as compared to requests. SFs could avoid the 258 cost of moving the bits in the response direction to which it may 259 add no value, once the policy is satisfied, if the response flow 260 can be offloaded. Hence Offloads must be requestable on a 261 unidirectional flow boundary. 263 TCP Control Exception Offload: Most SFs maintain flow state and 264 would like to know when a flow terminates, so SFs can cleanup the 265 flow state and associated resources. Such SFs need to receive 266 the TCP control packets, the ones with control flags [RFC0793] 267 set, on the flow even when the flow itself is offloaded, in order 268 to perform such activity. Hence Offloads must be predicatable to 269 offload all but the TCP control packets of a flow. 271 Time Limited Offload: SF policy may dictate flows be limited to 272 certain period of time among other reasons to optimize SF load. 273 SFs can request a flow be offloaded for a specific time duration 274 after which, all traffic on that flow gets redirected to the SF 275 as was done before the offload was initiated. Hence Offloads 276 must be requestable on a time limit. 278 Volume Limited Offload: As with time limited offlaods, SF policy may 279 dictate flows be limited to certain volume of data. SFs can 280 request a flow be offloaded until a specified number of bytes 281 traverse the flow. Hence Offloads must be requestable on a 282 volume limit. 284 Since SFF is the one steering traffic to the SFs and hence is on the 285 SFP, it is a natural entity to assume the offload function. A SF not 286 interested in traffic being steered to it can simply perform a simple 287 offload by indicating a PERMIT action along with an OFFLOAD request. 288 The SFF responsible for steering the traffic to the SF takes note of 289 the ACTION and offload request. The OFFLOAD directive and the ACTION 290 received from the requesting SF are cached against the SF for that 291 flow. Once cached, residual packets on the flow are serviced by the 292 cached directive and action as if being serviced by the corresponding 293 SF. 295 3.2.1. Stateful SFF 297 SFFs are the closest SFC infrastructure entities to the service 298 functions. SFFs may be state-full and hence can cache the offload 299 and action in both of the unidirectional flows of a connection. As a 300 consequence, action and offload become effective on both the flows 301 simultaneously and remain so until cancelled or the flow terminates. 303 SFFs may not always honor the offload requests received from SFs. 304 This does not affect the correctness of the SFP in any way. It 305 implies that the SFs can expect traffic to arrive on a flow, which it 306 offloaded, and hence must service them, which may involve requesting 307 an offload again. It is natural to think of an acknowledgement 308 mechanism to provide offload guarantees to the SFs but such a 309 mechanism just adds to the overhead while not providing significant 310 benefit. Offload serves as a best effort mechanism. 312 3.2.2. Packet Re-ordering 314 The simple offload mechanism creates short time-windows where packet 315 re-ordering may occur. While SFs request flows be offloaded to SFFs, 316 packets may still be in flight at various points along the SFP, 317 including some between the SFF and the SF. Once the offload decision 318 is received and committed into the flow entry at the SFF, any packets 319 arriving after and destined to the offloading SF are treated to the 320 offload decision and forwarded along (if it is a PERMIT action). 321 Inflight packets to the offloading SF may arrive at the SFF after one 322 or more packets are already treated to the offload decision and 323 forwarded along. 325 This is a transitional effect and may not occur in all cases. For 326 instance, if the decision to offload a flow by an SF is based on the 327 first packet of TCP flow, a reasonable time window exists between the 328 offload action being committed into the SFF and arrival of subsequent 329 packet of the same flow at that SFF. Likewise, request/response 330 based protocols such as HTTP may not always be subject to the re- 331 ordering effects. 333 3.2.3. Race Conditions 335 The tuple that make up an end-to-end flow or connection, such as a 336 five tuple TCP connection, may be reused in a very short span of time 337 when very high performing end points are involved. A very remote 338 manifestation of this behavior may involve the wrong incarnation of a 339 flow at the SFF receiving the flow offload request from a SF. 341 Implementations of simple offloads must thus be aware of such a 342 possibility and include appropriate measures to address it. It is 343 important to note that a SFF must maintain correctness and hence it 344 is acceptable to not honor a simple offloads request to resolve such 345 an occurrence. After all SFs exist with right security posture to 346 protect against malicious traffic. 348 A simple and widely used method to serialize reuse of tuples is to 349 use an incarnation number in addition to the five-tuple. The 350 steering SFF can pass an opaque cookie, which in its simplest form 351 could be the incarnation number, that is preserved by the SF and 352 passed along with the simple offload request. SFF can thus correctly 353 identify the right incarnation of the flow. SYN detection at the SFF 354 to take corrective action is another option. The SFF implementations 355 may employ any technique deemed appropriate. 357 3.2.4. Policy Implications 359 Offload mechanism may be controlled by the policy layer. The SFs 360 themselves may have a static policy to utilize the capability offered 361 by the SFC infrastructure. They could also be dynamic and controlled 362 by the specific policy layer under which the SFs operate. 364 Similarly, the SFC infrastructure, specifically the classifiers and 365 the SFFs, may be under the SFC infrastructure control plane policy 366 controlling the decision to honor offloads from an SF. This policy 367 in turn may be coarse-grain, at the SF level, and hence static. It 368 can also be fine grain and hence dynamic but it adds to the overhead 369 of policy distribution. 371 Policy model related to offloads is out of scope of this document. 373 3.2.5. Capabilities Exchange 375 Simple offloads can be exposed and negotiated a priori as a 376 capability between the SFFs and the SFs or the corresponding control 377 layers. In the simplest of the implementations, this is provided by 378 the SFC infrastructure and the SFs are statically configured to 379 utilize them without capabilities negotiation, within the constraints 380 of the SF specific policies. 382 Capabilities exchange is outside the scope of this document. 384 4. Methods For SFP Reduction 386 There are a number of different models that may be used to facilitate 387 SFP shortening. 389 The methods discussed in the following sections require signaling 390 among the participant components to communicate offload and permit/ 391 deny actions. The signaling may be performed in the data-plane or in 392 the control plane. 394 a. Data-plane: A SFC specific communication channel is needed for 395 SFs to communicate the offload request along with the SF treated 396 packet. [NSH] defines a header specifically for carrying SFP 397 along with metadata and provides such a channel for use with 398 offloads. Necessary bits need to be allocated in NSH to convey 399 the action as well as the offload directive. This signaling may 400 be limited to SF and SFF or may continue from one SFF to another 401 SFF or the classifier. It may also involve signaling directly 402 from the SF to the classifier. 404 b. Control-plane: Messages are required between the SF and the 405 service controller as well as between the SFF and the service 406 controller. Service controller messaging is out of scope of this 407 document and it is assumed to be service controller specific, 408 which may include open or standard interfaces. 410 4.1. SFP In-band Offload 412 SFs receive traffic on an overlay from the SFF. SFs service the 413 traffic and turn them back to the SFF on an overlay or forward the 414 traffic on the underlay. In the former case, along with returning 415 the traffic to SFF, they can perform simple offload by signaling 416 OFFLOAD and ACTION to the SFF. SFF caches the OFFLOAD and ACTION 417 while forwarding the serviced packet onwards to the next service hop 418 on the SFP or dropping it as per the ACTION. This may continue from 419 one hop to the next on the SFP. SFF can now enforce the OFFLOAD and 420 ACTION on the residual packets of the flow. 422 By performing such hop-by-hop offloads, SFP can be reduced from its 423 original length, steering traffic to only the SFFs and the SFs that 424 really need to see the traffic. 426 Figure 1 to Figure 3 show an example of SF and SFF performing offload 427 operations, with PERMIT action, and the effect thereafter on the SFP. 429 SFID(1) SFID(2) SFID(3) 430 +------+ +------+ +------+ 431 ....| SF1 |.... ....| SF2 |.... ....| SF3 |.... 432 . +------+ . . +------+ . . +------+ . 433 . | . . | . . | . 434 . | . . | . . | . 435 . | . . | . . | . 436 . | . . | . . | . 437 . | . . | . . | . 438 +----+ . +------+ . . +------+ . . +------+ . 439 | CF |------| SFF1 |-----------| SFF2 |-----------| SFF3 |------ Net 440 +----+ . +------+ . . +------+ . . +------+ . 441 . . . . . . 442 SFP1 ... ..... ..... ... > 444 SFC1 = {SF1, SF2, SF3} 445 SFC1 -> SFP1 447 Where, 448 SFC1 is a service function chain 449 SF1, SF2 and SF3 are three service functions 450 SFP1 is the servcie function path for SFC1 451 CF is the classifier starting SFP1 based on policy 453 Note: Network forwarders are omitted from the figure for simplicity 455 Figure 1: SFC1 with corresponding SFP1 456 O 457 f 458 SFID(1) f +- SFID(2) SFID(3) 459 +------+ l | +------+ +------+ 460 ....| SF1 |.... o | | SF2 | ....| SF3 |.... 461 . +------+ . a | +------+ . +------+ . 462 . | . d | | . | . 463 . | . | | . | . 464 . | . | | . | . 465 . | . v | . | . 466 . | . | . | . 467 +----+ . +------+ . +------+ . +------+ . 468 | CF |------| SFF1 |-----------| SFF2 |-----------| SFF3 |----- Net 469 +----+ . +------+ . +------+ . +------+ . 470 . . . . 471 SFP1 ... ........................ ... > 473 Figure 2: SFP1 after SFID(2) performs an Offload 475 O O 476 f f 477 f +- SFID(1) SFID(2) f +- SFID(3) 478 l | +------+ +------+ l | +------+ 479 o | | SF1 | | SF2 | o | | SF3 | 480 a | +------+ +------+ a | +------+ 481 d | | | d | | 482 | | | | | 483 | | | | | 484 v | | v | 485 | | | 486 +----+ +------+ +------+ +------+ 487 | CF |------| SFF1 |-----------| SFF2 |-----------| SFF3 |----- Net 488 +----+ +------+ +------+ +------+ 489 SFP1 .......................................................... > 491 Figure 3: SFP1 after SFID(1) and SFID(3) perform Offloads 493 4.1.1. Progression Of SFP Reduction 495 SFP reduction happens one SFF at a time: by collapsing the SFF-to-SF 496 hops into the SFF or the SFC infrastructure. 498 Figure 1 to Figure 3 show one sequence of offload events that lead to 499 a shorter SFP. 501 Corresponding transformation of the actual forwarding path is 502 captured by the states below. 504 Stage-1: Prior to any offloads, service function path SFP1 505 (corresponding to SFC1) has the following actual forwarding path 506 as shown in Figure 1: 507 CF -> 508 SFF1 -> SF1 -> SFF1 -> 509 SFF2 -> SF2 -> SFF2 -> 510 SFF3 -> SF3 -> SFF3 -> 512 Stage-2: After SF2 performs a simple offload, service function path 513 SFP1 changes to the one represented below, as also shown in 514 Figure 2: 515 CF -> 516 SFF1 -> SF1 -> SFF1 -> 517 SFF2 -> 518 SFF3 -> SF3 -> SFF3 -> 520 Stage-3: After SF1 and SF3 both perform simple offloads, service 521 function path SFP1 changes to the one represented below, as also 522 show in Figure 3: 523 CF -> 524 SFF1 -> 525 SFF2 -> 526 SFF3 -> 528 When all the SFs in a SFP perform offloads the forwarding path is 529 reduced to pass through just the SFFs. 531 4.2. Service Controller Offload 533 Each SF signals the service controller of the OFFLOAD and ACTION via 534 control plane messaging for a specific flow. The service controller 535 then signals the appropriate SFFs to offload the requested SFs, there 536 by achieving the hop-by-hop offload behavior. 538 The service controller has full knowledge of all the SFs of the SFP 539 offloading the flow and hence can determine the optimum SFP within 540 the Service Controller and program the appropriate SFFs to achieve 541 SFP optimization. 543 5. Simple Offload Data-plane Signaling 545 Since Offload and action are signaled at the time of returning the 546 traffic to SFF, post servicing the traffic, such signaling can be 547 integrated into the SFC service header of the packet. 549 Figure 4 and Figure 5 show the bits necessary to achieve the 550 signaling using the SFC encapsulation as described in 551 [I-D.ietf-sfc-nsh]. In particular, for NSH MD-Type1 header format, 552 the offload bits are communicated via the flags field in the very 553 first byte of the fixed context headers. For NSH MD-Type2 header 554 format, the offload bits are communicated via a new standard TLV - 555 Simple Offload TLV. The standard TLV is requested to be allocated 556 from the TLV Class, "Standard Class", from the IANA. 558 By integrating the signaling with the packets, the simple offloads 559 scale with the traffic in the data plane. 561 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 562 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 563 |D| F |X| Context Header 1 | 564 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 565 |B|U|T|D|R|R|R|R| Context Header 2 | 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 567 | Context Header 3 | 568 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 569 | Context Header 4 | 570 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 572 X : Extend flags into first byte of "Context Header 2" 573 B : Bidirectional Offload 574 U : Unidirectional Offload 575 T : TCP-control Exception Offload 576 D : Drop Offload 578 Figure 4: NSH Type-1 Offload Bits shown for DC Allocation 580 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 581 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 582 | STANDARD CLASS | SimpleOffload |0|0|0| 0x2 | 583 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 584 |B|U|T|D|S|V|R|R|R|R|R|R| Offload-data | 585 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 587 B : Bidirectional Offload 588 U : Unidirectional Offload 589 T : TCP-control Exception Offload 590 D : Drop Offload 591 S : Time Limited Offload 592 V : Volume Limited Offload 594 Figure 5: NSH Type-2 Offload Bits 596 5.1. Offload Flags Definition 598 Offload Control Flags: 600 B, Bidirectional Offload: SF requests both flows in the connection, 601 described by the payload, be offloaded, by setting B=1. B=0 602 otherwise. 604 U, Unidirectional Offload: SF requests only the current flow in the 605 connection, described by the payload, be offloaded, by setting 606 U=1. U=0 otherwise. 608 One and only one of 'B' and 'U' MUST be specified to indicate 609 offload. In the event a NSH encapsulated packet is received with 610 both 'B' and 'U' offload flags set to 1, 'B' MUST take precedence. 612 Offload Function Flags: 614 B|U, Permit Offload: When either B=1 or U=1, the implicit function 615 is to PERMIT or allow all packets on the flow(s) to traverse 616 along the SFP, unless over-ridden by other functional flags. 618 D, Drop Offload: Setting D=1, requests packets on the offloaded 619 flow(s) be dropped; D MUST be set to 0 otherwise. D=1 modifies 620 the default PERMIT behavior of 'B' and 'U' flags. 622 T, TCP-control Exception Offload: Setting T=1 requests TCP control 623 packets to be exempted from Offload behavior. TCP control 624 packets MUST continue to be forwarded to the SF while the rest of 625 the packets must be allowed to bypass the SF contingent upon the 626 application of other offload flags. T MUST be set to 0 627 otherwise. 629 S, Time Limited Offload: Setting S=1 requests the flow(s) to be 630 offloaded for the duration specified, in seconds, in offload-data 631 field. After that duration, offload behavior must be cancelled 632 and affected flow(s) MUST be redirected to the SF. S MUST be set 633 to 0 otherwise. 635 V, Volume Limited Offload: Setting V=1 requests the flow(s) to be 636 offloaded until the volume of data specified, in Kilo Bytes, in 637 offload-data field has traversed the flow(s). After that volume 638 of data has traversed, offload behavior must be cancelled and 639 affected flow(s) MUST be redirected to the SF. V MUST be set to 640 0 otherwise. 642 6. Acknowledgements 644 The authors would like to thank Abhjit Patra, Nagaraj Bagepalli, Kent 645 Leung, Erik Nordmark, Diego Lopez for their comments, thoughtful 646 questions and suggestions, review, etc. 648 7. IANA Considerations 650 7.1. Standard Class Registry 652 IANA is requested to allocate a "STANDARD" class from the TLV Class 653 registry. Allocation of the registry values under this class shall 654 follow the "IETF Review" policy defined in RFC 5226 [RFC5226]. 656 7.1.1. Simple Offloads TLV 658 IANA is requested to allocate TLV type with value 0x1 from the 659 STANDARD TLV class registry. The format of the "Simple Offloads" TLV 660 is as defined in this draft. 662 +------+-----------------+------------------------+---------------+ 663 | TLV# | Name | Description | Reference | 664 +------+-----------------+------------------------+---------------+ 665 | 1 | Simple Offloads | SF Flow Offload to SFF | This document | 666 +------+-----------------+------------------------+---------------+ 668 Table 1: Standard Class Registry 670 8. Security Considerations 672 Security of the offload signaling mechanism is very important. This 673 document does not advocate any additional security mechanisms beyond 674 the data plane and control plane signaling security mechanisms. 676 9. References 678 9.1. Normative References 680 [I-D.ietf-sfc-architecture] 681 Halpern, J. and C. Pignataro, "Service Function Chaining 682 (SFC) Architecture", draft-ietf-sfc-architecture-11 (work 683 in progress), July 2015. 685 [I-D.ietf-sfc-nsh] 686 Quinn, P. and U. Elzur, "Network Service Header", draft- 687 ietf-sfc-nsh-12 (work in progress), February 2017. 689 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 690 Requirement Levels", BCP 14, RFC 2119, 691 DOI 10.17487/RFC2119, March 1997, 692 . 694 9.2. Informative References 696 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 697 RFC 793, DOI 10.17487/RFC0793, September 1981, 698 . 700 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 701 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 702 DOI 10.17487/RFC5226, May 2008, 703 . 705 [RFC7498] Quinn, P., Ed. and T. Nadeau, Ed., "Problem Statement for 706 Service Function Chaining", RFC 7498, 707 DOI 10.17487/RFC7498, April 2015, 708 . 710 Authors' Addresses 712 Surendra Kumar 713 Cisco Systems, Inc. 715 Email: surendra.stds@gmail.com 716 Jim Guichard 717 Huawei Technologies Co.,Ltd. 719 Email: jguichard1966@gmail.com 721 Paul Quinn 722 Cisco Systems, Inc. 724 Email: paulq@cisco.com 726 Joel Halpern 727 Ericsson 729 Email: joel.halpern@ericsson.com 731 Sumandra Majee 732 F5 Networks 734 Email: S.Majee@F5.com