idnits 2.17.1 draft-penno-sfc-trace-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 49 characters in excess of 72. == There are 1 instance of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 257 has weird spacing: '...rop the packe...' == Line 260 has weird spacing: '...ce that will...' == Line 261 has weird spacing: '... number of...' -- The document date (September 30, 2015) is 3130 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC4291' is mentioned on line 150, but not defined == Unused Reference: 'RFC2616' is defined on line 310, but no explicit reference was found in the text == Unused Reference: 'I-D.quinn-sfc-nsh' is defined on line 328, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) == Outdated reference: A later version (-15) exists of draft-penno-sfc-yang-13 Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SFC Netmod R. Penno 3 Internet-Draft P. Quinn 4 Intended status: Standards Track C. Pignataro 5 Expires: April 2, 2016 Cisco Systems 6 D. Zhou 7 Intel Corporation 8 September 30, 2015 10 Services Function Chaining Traceroute 11 draft-penno-sfc-trace-03 13 Abstract 15 This document defines a protocol that checks the liveness and report 16 the service-hops of a service path. . 18 Requirements Language 20 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 21 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 22 document are to be interpreted as described in RFC 2119 [RFC2119]. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on April 2, 2016. 41 Copyright Notice 43 Copyright (c) 2015 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 2. Definitions and Acronyms . . . . . . . . . . . . . . . . . . 2 60 3. SFC Trace . . . . . . . . . . . . . . . . . . . . . . . . . . 2 61 4. Service Function Behavior . . . . . . . . . . . . . . . . . . 6 62 5. Service Function Forwarder Behavior . . . . . . . . . . . . . 6 63 6. Implementation . . . . . . . . . . . . . . . . . . . . . . . 7 64 7. SFC Reverse Trace . . . . . . . . . . . . . . . . . . . . . . 7 65 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 66 9. Security Considerations . . . . . . . . . . . . . . . . . . . 7 67 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 68 11. Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 69 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 70 12.1. Normative References . . . . . . . . . . . . . . . . . . 7 71 12.2. Informative References . . . . . . . . . . . . . . . . . 8 72 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 74 1. Introduction 76 This document defines a protocol that allows a user to check liveness 77 and get reports of the service-hops of a service path 79 2. Definitions and Acronyms 81 The reader should be familiar with the terms contained in 82 [I-D.ietf-sfc-architecture], ,[I-D.ietf-sfc-architecture] and 83 [I-D.quinn-vxlan-gpe] 85 3. SFC Trace 87 A trace packet uses the same NSH header as MD-type 1 with a few 88 differences: OAM Bit and Next Protocol. 90 SFC Trace Request packet format 92 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 93 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ 94 |Ver|1|C|R|R|R|R|R|R| Length | MD-type=0x1 | OAM Protocol | | 95 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 96 | Service Path ID | Service Index | | 97 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 98 | Mandatory Context Header | |S 99 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |F 100 | Mandatory Context Header | |C 101 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 102 | Mandatory Context Header | | 103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 104 | Mandatory Context Header | | 105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ < 106 |Trace Msg Type | SIL | Dest Port | |O 107 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A 108 | Dest IP Address | |M 109 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 110 | Dest IP Address | |T 111 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R 112 | Dest IP Address | |A 113 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |C 114 | Dest IP Address | |E 115 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ 117 (postamble) 119 Ver: 1 121 OAM Bit: 1 123 Length: 6 125 MD-Type: 1 127 Next Protocol: OAM Protocol 129 Trace Msg Type: 1 for Trace Request and 2 for Trace Report 131 SIL: Service Index Limit: At least one less than the Starting Index 133 Dest Port: The trace report must be sent to this destination Port 135 Dest IP: the trace report must be sent to this destination IP 136 address 138 For simplicity in building and parsing request and response packets, 139 NSH Trace always uses fixed-size 128-bit IP address fields for both 140 IPv6 addresses and IPv4 addresses. 142 When the address field holds an IPv6 address, the fixed-size 128-bit 143 IP address field holds the IPv6 address stored as is. 145 When the address field holds an IPv4 address, an IPv4-mapped IPv6 146 address [RFC4291] is used (::ffff:0:0/96). This has the first 80 147 bits set to zero and the next 16 set to one, while its last 32 bits 148 are filled with the IPv4 address. This is unambiguously 149 distinguishable from a native IPv6 address, because an IPv4-mapped 150 IPv6 address [RFC4291] would not be valid for a mapping. 152 When checking for an IPv4-mapped IPv6 address, all of the first 96 153 bits MUST be checked for the pattern -- it is not sufficient to check 154 for ones in bits 81-96. 156 The all-zeros IPv6 address MUST be expressed by filling the fixed- 157 size 128-bit IP address field with all zeros (::). 159 The all-zeros IPv4 address MUST be expressed by 80 bits of zeros, 16 160 bits of ones, and 32 bits of zeros (::ffff:0:0). 162 Allowing the client to insert the destination IP and port where it 163 expects to receive reports in the NSH header allows for NAT 164 traversal. In other words, if the client is behind a NAT, it can 165 acquire a stable external IP:port and put as the destnation IP and 166 port in the NSH header. This would allow NSH traceroute to function 167 behind a NAT. 169 SFC Trace Report 171 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 172 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ 173 |Ver|1|C|R|R|R|R|R|R| Length | MD-type=0x1 | OAM Protocol | | 174 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 175 | Service Path ID | Service Index | | 176 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 177 | Mandatory Context Header | |S 178 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |F 179 | Mandatory Context Header | |C 180 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 181 | Mandatory Context Header | | 182 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 183 | Mandatory Context Header | | 184 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ < 185 |Trace Msg Type | SIL | Dest Port | |O 186 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A 187 | Dest IP Address | |M 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 189 | Dest IP Address | |T 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R 191 | Dest IP Address | |A 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |C 193 | Dest IP Address | |E 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ 195 | SF Type Len | SF Type ... | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 | SF Name Len | SF Name ... | 198 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 200 (postamble) 202 A trace report packet carries the identification of the Service 203 Function that last processed the packet. In all other aspects it is 204 exactly the same as a trace request. 206 SF Type Len: The Type Length in 4-byte words. 208 SF Type: A string representing the SF type padded to a 4-byte 209 boundary and encoded with UTF-8. Service types can be found and 210 registered in [I-D.penno-sfc-yang]. 212 SF Name Len: The Name Length in 4-byte words. 214 SF Name: A string representing the Service Function padded to a 215 4-byte boundary and encoded with UTF-8. Service Function names 216 and configuration can be found in [I-D.penno-sfc-yang]. 218 4. Service Function Behavior 220 When a Service Function receives a SFC Trace request packet it 221 performs the following actions: 223 1. Decrement Service Index 225 2. If Service Index is equal to the Services Index Limit add its 226 identifying information at the end of the existing headers 228 3. Send packet back to Service Function Forwarder 230 5. Service Function Forwarder Behavior 232 A SFF will route trace packets based on service path ID and services 233 index just like any other NSH packet. This guarantees that a trace 234 packet follows the same path as data packets. The SFF will drop it 235 and generate a report only in the following conditions: 237 o If the SI is equal or less than SIL 239 o If it can not find the next service-hop. 241 o If a SFF receives a trace packet with SI = 0. 243 In the cases enumerated above the SFF will proceed as following to 244 build a trace report packet. 246 1. The SFF will use the same encapsulation as the received packet. 248 2. The destination IP:port will be the destination IP:port found in 249 the OAM Trace NSH headers 251 3. The entire NSH +Trace Request headers + Report section will be 252 copied from the received packet 254 4. The SFF will change the trace message type to trace report 256 If a SFF can not find the next service-hop for a trace packet, it 257 will drop the packet and generate a report packet even if SIL is 258 different from SI. This guarantees that the trace ends at the end of 259 the path irrespective if SI has reached SIL or not. More 260 importantly, it allow users to perform a trace that will traverse 261 the entire path without having to know before hand the number of 262 service-hops in the path by setting SIL to zero. 264 6. Implementation 266 SFC Trace was implemented in the Opendaylight projects and output of 267 a 3 service-hop network can be found below. 269 sff_client.py --remote-sff-ip 10.0.1.41 --remote-sff-port 4789 --sfp-id 22 --sfp-index 255 --trace-req --num-trace-hops 3 271 Sending Trace packet to Service Path and Service Index: (22, 255) 272 Trace response... 273 Service-hop: 0. Service Type: dpi, Service Name: SF1, Address of Reporting SFF: ('10.0.1.41', 4789) 274 Service-hop: 1. Service Type: firewall, Service Name: SF4, Address of Reporting SFF: ('10.0.1.42', 4789) 275 Service-hop: 2. Service Type: napt44, Service Name: SF5, Address of Reporting SFF: ('10.0.1.43', 4789) 276 Trace end 278 Implementation guideline for the client: If the trace request has a 279 service index limit that would put the end of the trace beyond the 280 service path, for example, starting Index=255, SIL=252 but only 2 281 service-hops in the path, the last trace response will have no report 282 information. This is because no SF would detect that it is the end 283 of the trace and include a report information 285 7. SFC Reverse Trace 287 Tracing a reverse path by sending a packet to the forward path is not 288 always possible. The reason is that the sets of SFFs used in the 289 forward and reverse might not have common elements. 291 8. IANA Considerations 293 OAM Protocol Type and a OAM protocol Message type. 295 9. Security Considerations 297 10. Acknowledgements 299 11. Changes 301 12. References 303 12.1. Normative References 305 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 306 Requirement Levels", BCP 14, RFC 2119, 307 DOI 10.17487/RFC2119, March 1997, 308 . 310 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 311 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 312 Transfer Protocol -- HTTP/1.1", RFC 2616, 313 DOI 10.17487/RFC2616, June 1999, 314 . 316 12.2. Informative References 318 [I-D.ietf-sfc-architecture] 319 Halpern, J. and C. Pignataro, "Service Function Chaining 320 (SFC) Architecture", draft-ietf-sfc-architecture-11 (work 321 in progress), July 2015. 323 [I-D.penno-sfc-yang] 324 Penno, R., Quinn, P., Zhou, D., and J. Li, "Yang Data 325 Model for Service Function Chaining", draft-penno-sfc- 326 yang-13 (work in progress), March 2015. 328 [I-D.quinn-sfc-nsh] 329 Quinn, P., Guichard, J., Surendra, S., Smith, M., 330 Henderickx, W., Nadeau, T., Agarwal, P., Manur, R., 331 Chauhan, A., Halpern, J., Majee, S., Elzur, U., Melman, 332 D., Garg, P., McConnell, B., Wright, C., and K. Kevin, 333 "Network Service Header", draft-quinn-sfc-nsh-07 (work in 334 progress), February 2015. 336 [I-D.quinn-vxlan-gpe] 337 Quinn, P., Manur, R., Kreeger, L., Lewis, D., Maino, F., 338 Smith, M., Agarwal, P., Yong, L., Xu, X., Elzur, U., Garg, 339 P., and D. Melman, "Generic Protocol Extension for VXLAN", 340 draft-quinn-vxlan-gpe-04 (work in progress), February 341 2015. 343 Authors' Addresses 345 Reinaldo Penno 346 Cisco Systems 347 170 West Tasman Dr 348 San Jose CA 349 USA 351 Email: repenno@cisco.com 352 Paul Quinn 353 Cisco Systems 354 170 West Tasman Dr 355 San Jose CA 356 USA 358 Email: paulq@cisco.com 360 Carlos Pignataro 361 Cisco Systems 362 170 West Tasman Dr 363 San Jose CA 364 USA 366 Email: cpignata@cisco.com 368 Danny Zhou 369 Intel Corporation 370 2200 Mission College Blvd. 371 Santa Clara CA 372 USA 374 Email: danny.zhou@intel.com