idnits 2.17.1 draft-ioamteam-ippm-ioam-direct-export-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 12, 2019) is 1658 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-sfc-ioam-nsh' is defined on line 369, but no explicit reference was found in the text == Unused Reference: 'I-D.ioametal-ippm-6man-ioam-ipv6-options' is defined on line 374, but no explicit reference was found in the text == Unused Reference: 'RFC7799' is defined on line 387, but no explicit reference was found in the text == Outdated reference: A later version (-17) exists of draft-ietf-ippm-ioam-data-07 == Outdated reference: A later version (-16) exists of draft-song-ippm-postcard-based-telemetry-05 ** Downref: Normative reference to an Informational draft: draft-song-ippm-postcard-based-telemetry (ref. 'I-D.song-ippm-postcard-based-telemetry') == Outdated reference: A later version (-13) exists of draft-ietf-sfc-ioam-nsh-02 == Outdated reference: A later version (-07) exists of draft-spiegel-ippm-ioam-rawexport-02 Summary: 1 error (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPPM H. Song 3 Internet-Draft Futurewei 4 Intended status: Standards Track B. Gafni 5 Expires: April 14, 2020 Mellanox Technologies, Inc. 6 T. Zhou 7 Z. Li 8 Huawei 9 F. Brockners 10 S. Bhandari 11 R. Sivakolundu 12 Cisco 13 T. Mizrahi, Ed. 14 Huawei Smart Platforms iLab 15 October 12, 2019 17 In-situ OAM Direct Exporting 18 draft-ioamteam-ippm-ioam-direct-export-00 20 Abstract 22 In-situ Operations, Administration, and Maintenance (IOAM) is used 23 for recording and collecting operational and telemetry information. 24 Specifically, IOAM allows telemetry data to be pushed into data 25 packets while they traverse the network. This document introduces a 26 new IOAM option type called the Direct Export (DEX) option, which is 27 used as a trigger for IOAM data to be directly exported to a 28 collector without being pushed into in-flight data packets. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on April 14, 2020. 47 Copyright Notice 49 Copyright (c) 2019 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2.1. Requirement Language . . . . . . . . . . . . . . . . . . 3 67 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 68 3. The Direct Exporting (DEX) IOAM Option Type . . . . . . . . . 3 69 3.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 3 70 3.2. The DEX Option Format . . . . . . . . . . . . . . . . . . 5 71 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 72 4.1. IOAM Type . . . . . . . . . . . . . . . . . . . . . . . . 6 73 4.2. IOAM DEX Flags . . . . . . . . . . . . . . . . . . . . . 6 74 5. Performance Considerations . . . . . . . . . . . . . . . . . 7 75 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 76 7. Topics for Further Discussion . . . . . . . . . . . . . . . . 7 77 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 78 8.1. Normative References . . . . . . . . . . . . . . . . . . 8 79 8.2. Informative References . . . . . . . . . . . . . . . . . 9 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 82 1. Introduction 84 IOAM [I-D.ietf-ippm-ioam-data] is used for monitoring traffic in the 85 network, and for incorporating IOAM data fields into in-flight data 86 packets. 88 IOAM makes use of four possible IOAM options, defined in 89 [I-D.ietf-ippm-ioam-data]: Pre-allocated Trace Option, Incremental 90 Trace Option, Proof of Transit (POT) Option, and Edge-to-Edge Option. 92 This document defines a new IOAM option type (also known as an IOAM 93 type) called the Direct Export (DEX) option. This option is used as 94 a trigger for IOAM nodes to export IOAM data to a collector. 96 This draft has evolved from combining some of the concepts of PBT-I 97 from [I-D.song-ippm-postcard-based-telemetry] with immediate 98 exporting from [I-D.mizrahi-ippm-ioam-flags]. 100 2. Conventions 102 2.1. Requirement Language 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 106 document are to be interpreted as described in [RFC2119]. 108 2.2. Terminology 110 Abbreviations used in this document: 112 IOAM: In-situ Operations, Administration, and Maintenance 114 OAM: Operations, Administration, and Maintenance 116 DEX: Direct EXporting 118 3. The Direct Exporting (DEX) IOAM Option Type 120 3.1. Overview 122 The DEX option is used as a trigger for exporting telemetry data to a 123 collector. 125 This option is incorporated into data packets by an IOAM 126 encapsulating node, and removed by an IOAM decapsulating node, as 127 illustrated in Figure 1. The option can be read but not modified by 128 transit nodes. Note: the terms IOAM encapsulating, decapsulating and 129 transit nodes are as defined in [I-D.ietf-ippm-ioam-data]. 131 +-----------+ 132 | Telemetry | 133 | Data | 134 | Collector | 135 +-----------+ 136 ^ 137 |Exported IOAM data 138 | 139 | 140 | 141 +--------------+------+-------+--------------+ 142 | | | | 143 | | | | 144 User +---+----+ +---+----+ +---+----+ +---+----+ 145 packets |Encapsu-| | Transit| | Transit| |Decapsu-| 146 --------->|lating |====>| Node |====>| Node |====>|lating |----> 147 |Node | | A | | B | |Node | 148 +--------+ +--------+ +--------+ +--------+ 149 Insert DEX Export Export Remove DEX 150 option and IOAM data IOAM data option and 151 export data export data 153 Figure 1: DEX Architecture 155 The DEX option is used as a trigger to export IOAM data to a 156 collector. The trigger applies to transit nodes, the decapsulating 157 node, and the encapsulating node: 159 o An IOAM encapsulating node configured to incorporate the DEX 160 option encapsulates the packet with the DEX option, and exports 161 the requested IOAM data immediately. The IOAM encapsulating node 162 is the only type of node allowed to push the DEX option. 164 o A transit node that processes a packet with the DEX option is 165 expected to export the requested IOAM data. 167 o An IOAM decapsulating node that processes a packet with the DEX 168 option is expected to export the requested IOAM data, and 169 decapsulate the IOAM header. 171 As in [I-D.ietf-ippm-ioam-data], the DEX option may be incorporated 172 into all or a subset of the traffic that is forwarded by the 173 encapsulating node. Moreover, IOAM nodes MAY send exported data for 174 all traversing packets that carry the DEX option, or MAY selectively 175 export data only for a subset of these packets. 177 The DEX option specifies which data fields should be exported to the 178 collector, as specified in Section 3.2. The format and encapsulation 179 of the packet that contains the exported data is not within the scope 180 of the current document. For example, the export format can be based 181 on [I-D.spiegel-ippm-ioam-rawexport]. 183 A transit IOAM node that does not support the DEX option SHOULD 184 ignore it. A decapsulating node that does not support the DEX option 185 MUST remove it, along with any other IOAM options carried in the 186 packet if such exist. 188 3.2. The DEX Option Format 190 The format of the DEX option is depicted in Figure 2. The length of 191 the DEX option is either 8 octets or 16 octets, as the Flow ID and 192 the Sequence Number fields (summing up to 8 octets) are optional. It 193 is assumed that the lower layer protocol indicates the length of the 194 DEX option, thus indicating whether the two optional fields are 195 present. 197 0 1 2 3 198 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 199 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 | Namespace-ID | Flags | 201 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 202 | IOAM-Trace-Type | Reserved | 203 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 | Flow ID (optional) | 205 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 206 | Sequence Number (Optional) | 207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 209 Figure 2: DEX Option Format 211 Namespace-ID A 16-bit identifier of the IOAM namespace, as defined 212 in [I-D.ietf-ippm-ioam-data]. 214 Flags A 16-bit field, comprised of 16 one-bit subfields. 215 Flags are allocated by IANA, as defined in 216 Section 4.2. 218 IOAM-Trace-Type A 24-bit identifier which specifies which data fields 219 should be exported. The format of this field is as 220 defined in [I-D.ietf-ippm-ioam-data]. Specifically, 221 bit 23, which corresponds to the Checksum Complement 222 data field, should be assigned to be zero by the IOAM 223 encapsulating node, and ignored by transit and 224 decapsulating nodes. The reason for this is that the 225 Checksum Complement is intended for in-flight packet 226 modifications and is not relevant for direct 227 exporting. 229 Reserved This field SHOULD be ignored by the receiver. 231 Flow ID A 32-bit flow identifier. If the actual Flow ID is 232 shorter than 32 bits, it is zero padded in its most 233 significant bits. The field is set at the 234 encapsulating node. The Flow ID can be uniformly 235 assigned by a central controller or algorithmically 236 generated by the encapsulating node. The latter 237 approach cannot guarantee the uniqueness of Flow ID, 238 yet the conflict probability is small due to the 239 large Flow ID space. The Flow ID can be used to 240 correlate the exported data of the same flow from 241 multiple nodes and from multiple packets. 243 Sequence Number A 32-bit sequence number starting from 0 and 244 increasing by 1 for each following monitored packet 245 from the same flow at the encapsulating node. The 246 Sequence Number, when combined with the Flow ID, 247 provides a convenient approach to correlate the 248 exported data from the same user packet. 250 4. IANA Considerations 252 4.1. IOAM Type 254 The "IOAM Type Registry" was defined in Section 7.2 of 255 [I-D.ietf-ippm-ioam-data]. IANA is requested to allocate the 256 following code point from the "IOAM Type Registry" as follows: 258 TBD-type IOAM Direct Export (DEX) Option Type 260 If possible, IANA is requested to allocate code point 4 (TBD-type). 262 4.2. IOAM DEX Flags 264 IANA is requested to define an "IOAM DEX Flags" registry. This 265 registry includes 16 flag bits. Allocation should be performed based 266 on the "RFC Required" procedure, as defined in [RFC8126]. 268 5. Performance Considerations 270 The DEX option triggers exported packets to be exported to a 271 collector, which in some cases may impact the collector's 272 performance, or the performance along the paths leading to the 273 collector. 275 Therefore, rate limiting may be enabled so as to ensure that direct 276 exporting is used at a rate that does not significantly affect the 277 network bandwidth, and does not overload the collector (or the source 278 node in the case of loopback). It should be possible to use each DEX 279 on a subset of the data traffic. 281 6. Security Considerations 283 The security considerations of IOAM in general are discussed in 284 [I-D.ietf-ippm-ioam-data]. Specifically, an attacker may try to use 285 the functionality that is defined in this document to attack the 286 network. 288 An attacker may attempt to overload network devices by injecting 289 synthetic packets that include the DEX option. Similarly, an on-path 290 attacker may maliciously incorporate the DEX option into transit 291 packets. 293 Forcing DEX, either in synthetic packets or in transit packets may 294 overload the collector or analyzer devices. Since this mechanism 295 affects multiple devices along the network path, it potentially 296 amplifies the effect on the network bandwidth and on the collector's 297 load. 299 In order to mitigate the attacks described above, it should be 300 possible for IOAM-enabled devices to limit the exported IOAM data to 301 a configurable rate. 303 IOAM is assumed to be deployed in a restricted administrative domain, 304 thus limiting the scope of the threats above and their affect. This 305 is a fundamental assumption with respect to the security aspects of 306 IOAM, as further discussed in [I-D.ietf-ippm-ioam-data]. 308 7. Topics for Further Discussion 310 o Hop Limit / Hop Count: in order to help correlate and order the 311 exported packets, it is possible to include a 1-octet Hop Count 312 field in the DEX header (presumably by claiming some space from 313 the Flags field). Its value starts from 0 at the encapsulating 314 node and is incremented by each IOAM transit node that supports 315 the DEX option. The Hop Count field value is also included in the 316 exported packet. An alternative approach is to use the Hop_Lim/ 317 Node_ID data field; if the IOAM-Trace-Type 318 [I-D.ietf-ippm-ioam-data] has the Hop_Lim/Node_ID bit set, then 319 exported packets include the Hop_Lim/Node_ID data field, which 320 contains the TTL/Hop Limit value from a lower layer protocol. The 321 main advantage of the Hop_Lim/Node_ID approach is that it provides 322 information about the current hop count without requiring each 323 transit node to modify the DEX option, thus simplifying the data 324 plane functionality of Direct Exporting. The main advantage of 325 the Hop Count approach is that it counts the number of IOAM- 326 capable nodes without relying on the lower layer TTL, especially 327 when the lower layer cannot prvide the accurate TTL information, 328 e.g., Layer 2 Ethernet or hierarchical VPN. It also explicitly 329 allows to detect a case where an IOAM-capable node fails to export 330 packets to the collector. In order to facilitate the Hop Count 331 approach it is possible to use a flag to indicate an optional Hop 332 Count field, which enables to control the tradeoff. On one hand 333 it addresses the use cases that the Hop_Lim/Node_ID cannot cover, 334 and on the other hand it does not require transit switches to 335 update the option if it is not supported or disabled. Further 336 discussion is required about the tradeoff between the two 337 alternatives. 339 8. References 341 8.1. Normative References 343 [I-D.ietf-ippm-ioam-data] 344 Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., 345 Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, 346 P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, 347 "Data Fields for In-situ OAM", draft-ietf-ippm-ioam- 348 data-07 (work in progress), September 2019. 350 [I-D.mizrahi-ippm-ioam-flags] 351 Mizrahi, T., Brockners, F., Bhandari, S., Sivakolundu, R., 352 Pignataro, C., Kfir, A., Gafni, B., Spiegel, M., and J. 353 Lemon, "In-situ OAM Flags", draft-mizrahi-ippm-ioam- 354 flags-00 (work in progress), July 2019. 356 [I-D.song-ippm-postcard-based-telemetry] 357 Song, H., Zhou, T., Li, Z., Shin, J., and K. Lee, 358 "Postcard-based On-Path Flow Data Telemetry", draft-song- 359 ippm-postcard-based-telemetry-05 (work in progress), 360 September 2019. 362 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 363 Requirement Levels", BCP 14, RFC 2119, 364 DOI 10.17487/RFC2119, March 1997, 365 . 367 8.2. Informative References 369 [I-D.ietf-sfc-ioam-nsh] 370 Brockners, F. and S. Bhandari, "Network Service Header 371 (NSH) Encapsulation for In-situ OAM (IOAM) Data", draft- 372 ietf-sfc-ioam-nsh-02 (work in progress), September 2019. 374 [I-D.ioametal-ippm-6man-ioam-ipv6-options] 375 Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., 376 Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., 377 Lapukhov, P., Spiegel, M., Krishnan, S., and R. Asati, 378 "In-situ OAM IPv6 Options", draft-ioametal-ippm-6man-ioam- 379 ipv6-options-02 (work in progress), March 2019. 381 [I-D.spiegel-ippm-ioam-rawexport] 382 Spiegel, M., Brockners, F., Bhandari, S., and R. 383 Sivakolundu, "In-situ OAM raw data export with IPFIX", 384 draft-spiegel-ippm-ioam-rawexport-02 (work in progress), 385 July 2019. 387 [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with 388 Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, 389 May 2016, . 391 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 392 Writing an IANA Considerations Section in RFCs", BCP 26, 393 RFC 8126, DOI 10.17487/RFC8126, June 2017, 394 . 396 Authors' Addresses 398 Haoyu Song 399 Futurewei 400 2330 Central Expressway 401 Santa Clara 95050 402 USA 404 Email: haoyu.song@huawei.com 405 Barak Gafni 406 Mellanox Technologies, Inc. 407 350 Oakmead Parkway, Suite 100 408 Sunnyvale, CA 94085 409 U.S.A. 411 Email: gbarak@mellanox.com 413 Tianran Zhou 414 Huawei 415 156 Beiqing Rd. 416 Beijing 100095 417 China 419 Email: zhoutianran@huawei.com 421 Zhenbin Li 422 Huawei 423 156 Beiqing Rd. 424 Beijing 100095 425 China 427 Email: lizhenbin@huawei.com 429 Frank Brockners 430 Cisco Systems, Inc. 431 Hansaallee 249, 3rd Floor 432 DUESSELDORF, NORDRHEIN-WESTFALEN 40549 433 Germany 435 Email: fbrockne@cisco.com 437 Shwetha Bhandari 438 Cisco Systems, Inc. 439 Cessna Business Park, Sarjapura Marathalli Outer Ring Road 440 Bangalore, KARNATAKA 560 087 441 India 443 Email: shwethab@cisco.com 444 Ramesh Sivakolundu 445 Cisco Systems, Inc. 446 170 West Tasman Dr. 447 SAN JOSE, CA 95134 448 U.S.A. 450 Email: sramesh@cisco.com 452 Tal Mizrahi (editor) 453 Huawei Smart Platforms iLab 454 Israel 456 Email: tal.mizrahi.phd@gmail.com