| draft-ietf-ippm-ioam-flags-05.txt | draft-ietf-ippm-ioam-flags-06.txt | |||
|---|---|---|---|---|
| IPPM T. Mizrahi | IPPM T. Mizrahi | |||
| Internet-Draft Huawei | Internet-Draft Huawei | |||
| Intended status: Standards Track F. Brockners | Intended status: Standards Track F. Brockners | |||
| Expires: January 26, 2022 Cisco | Expires: March 1, 2022 Cisco | |||
| S. Bhandari, Ed. | S. Bhandari, Ed. | |||
| Thoughtspot | Thoughtspot | |||
| R. Sivakolundu | R. Sivakolundu | |||
| C. Pignataro | C. Pignataro | |||
| Cisco | Cisco | |||
| A. Kfir | A. Kfir | |||
| B. Gafni | B. Gafni | |||
| Nvidia | Nvidia | |||
| M. Spiegel | M. Spiegel | |||
| Barefoot Networks | Barefoot Networks | |||
| J. Lemon | J. Lemon | |||
| Broadcom | Broadcom | |||
| July 25, 2021 | August 28, 2021 | |||
| In-situ OAM Flags | In-situ OAM Loopback and Active Flags | |||
| draft-ietf-ippm-ioam-flags-05 | draft-ietf-ippm-ioam-flags-06 | |||
| Abstract | Abstract | |||
| In-situ Operations, Administration, and Maintenance (IOAM) records | In-situ Operations, Administration, and Maintenance (IOAM) records | |||
| operational and telemetry information in the packet while the packet | operational and telemetry information in packets while they traverse | |||
| traverses a path between two points in the network. This document | a path between two points in the network. This document defines two | |||
| presents new flags in the IOAM Trace Option headers. Specifically, | new flags in the IOAM Trace Option headers, specifically the the | |||
| the document defines the Loopback and Active flags. | Loopback and Active flags. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 26, 2022. | This Internet-Draft will expire on March 1, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | |||
| 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. New IOAM Trace Option Flags . . . . . . . . . . . . . . . . . 3 | 3. New IOAM Trace Option Flags . . . . . . . . . . . . . . . . . 3 | |||
| 4. Loopback in IOAM . . . . . . . . . . . . . . . . . . . . . . 3 | 4. Loopback in IOAM . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4.1. Loopback Overview . . . . . . . . . . . . . . . . . . . . 3 | 4.1. Loopback: Encapsulating Node Functionality . . . . . . . 4 | |||
| 4.2. Loopback: Encapsulating Node Functionality . . . . . . . 4 | 4.1.1. Loopback Packet Selection . . . . . . . . . . . . . . 5 | |||
| 4.2.1. Overview . . . . . . . . . . . . . . . . . . . . . . 4 | 4.2. Receiving and Processing Loopback . . . . . . . . . . . . 5 | |||
| 4.2.2. Loopback Packet Selection . . . . . . . . . . . . . . 5 | 4.3. Loopback on the Return Path . . . . . . . . . . . . . . . 6 | |||
| 4.3. Receiving and Processing Loopback . . . . . . . . . . . . 6 | 4.4. Terminating a Looped Back Packet . . . . . . . . . . . . 6 | |||
| 4.4. Loopback on the Return Path . . . . . . . . . . . . . . . 6 | ||||
| 4.5. Terminating a Looped Back Packet . . . . . . . . . . . . 6 | ||||
| 5. Active Measurement with IOAM . . . . . . . . . . . . . . . . 7 | 5. Active Measurement with IOAM . . . . . . . . . . . . . . . . 7 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. Performance Considerations . . . . . . . . . . . . . . . . . 9 | 7. Performance Considerations . . . . . . . . . . . . . . . . . 9 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 12 | 9.2. Informative References . . . . . . . . . . . . . . . . . 11 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 1. Introduction | 1. Introduction | |||
| IOAM [I-D.ietf-ippm-ioam-data] is used for monitoring traffic in the | IOAM [I-D.ietf-ippm-ioam-data] is used for monitoring traffic in the | |||
| network by incorporating IOAM data fields into in-flight data | network by incorporating IOAM data fields into in-flight data | |||
| packets. | packets. | |||
| IOAM data may be represented in one of four possible IOAM options: | IOAM data may be represented in one of four possible IOAM options: | |||
| Pre-allocated Trace Option, Incremental Trace Option, Proof of | Pre-allocated Trace Option, Incremental Trace Option, Proof of | |||
| skipping to change at page 3, line 30 ¶ | skipping to change at page 3, line 28 ¶ | |||
| IOAM: In-situ Operations, Administration, and Maintenance | IOAM: In-situ Operations, Administration, and Maintenance | |||
| OAM: Operations, Administration, and Maintenance | OAM: Operations, Administration, and Maintenance | |||
| 3. New IOAM Trace Option Flags | 3. New IOAM Trace Option Flags | |||
| This document defines two new flags in the Pre-allocated and | This document defines two new flags in the Pre-allocated and | |||
| Incremental Trace options: | Incremental Trace options: | |||
| Bit 1 "Loopback" (L-bit). Loopback mode is used to send a copy of a | Bit 1 "Loopback" (L-bit). When set, the Loopback flag triggers | |||
| packet back towards the source, as further described in Section 4. | sending a copy of a packet back towards the source, as further | |||
| described in Section 4. | ||||
| Bit 2 "Active" (A-bit). When set, this indicates that this is an | Bit 2 "Active" (A-bit). When set, the Active flag indicates that a | |||
| active IOAM packet, where "active" is used in the sense defined in | packet is an active measurement packet rather than a data packet, | |||
| [RFC7799], rather than a data packet. The packet may be an IOAM | where "active" is used in the sense defined in [RFC7799]. The | |||
| probe packet, or a replicated data packet (the second and third | packet may be an IOAM probe packet, or a replicated data packet | |||
| use cases of Section 5). | (the second and third use cases of Section 5). | |||
| 4. Loopback in IOAM | 4. Loopback in IOAM | |||
| 4.1. Loopback Overview | The Loopback flag is used to request that each transit device along | |||
| the path loops back a copy of the data packet to the sender. | ||||
| Loopback is used for triggering each transit device along the path to | Loopback allows an IOAM encapsulating node to trace the path to a | |||
| loop back a copy of the data packet. Loopback allows an IOAM | given destination, and to receive per-hop data about both the forward | |||
| encapsulating node to trace the path to a given destination, and to | and the return path. Loopback is intended to provide an accelerated | |||
| receive per-hop data about both the forward and the return path. | alternative to Traceroute, that allows the encapsulating node to | |||
| Loopback is intended to provide an accelerated alternative to | receive responses from multiple transit nodes along the path in less | |||
| Traceroute, that allows the encapsulating node to receive responses | then one round-trip-time, and by sending a single packet. | |||
| from multiple transit nodes along the path in less then one round- | ||||
| trip-time, and by sending a single packet. | ||||
| As illustrated in Figure 1, an IOAM encapsulating node can push an | As illustrated in Figure 1, an IOAM encapsulating node can push an | |||
| IOAM encapsulation that includes the Loopback flag onto some or all | IOAM encapsulation that includes the Loopback flag onto some or all | |||
| of the packets it forwards. The IOAM transit node and the | of the packets it forwards. The IOAM transit node and the | |||
| decapsulating node both creates copies of the packet and loop them | decapsulating node both creates copies of the packet and loop them | |||
| back to the encapsulating node. The decapsulating node also | back to the encapsulating node. The decapsulating node also | |||
| terminates the IOAM encapsulation, and then forwards the packet | terminates the IOAM encapsulation, and then forwards the packet | |||
| towards the destination. The two IOAM looped back copies are | towards the destination. The two IOAM looped back copies are | |||
| terminated by the encapsulating node. | terminated by the encapsulating node. | |||
| skipping to change at page 4, line 42 ¶ | skipping to change at page 4, line 37 ¶ | |||
| Figure 1: Loopback in IOAM. | Figure 1: Loopback in IOAM. | |||
| Loopback can be used only if a return path from transit nodes and | Loopback can be used only if a return path from transit nodes and | |||
| destination nodes towards the source (encapsulating node) exists. | destination nodes towards the source (encapsulating node) exists. | |||
| Specifically, loopback is only applicable in encapsulations in which | Specifically, loopback is only applicable in encapsulations in which | |||
| the identity of the encapsulating node is available in the | the identity of the encapsulating node is available in the | |||
| encapsulation header. If an encapsulating node receives a looped | encapsulation header. If an encapsulating node receives a looped | |||
| back packet that was not originated from the current encapsulating | back packet that was not originated from the current encapsulating | |||
| node, the packet is dropped. | node, the packet is dropped. | |||
| 4.2. Loopback: Encapsulating Node Functionality | 4.1. Loopback: Encapsulating Node Functionality | |||
| 4.2.1. Overview | ||||
| The encapsulating node either generates synthetic packets with an | The encapsulating node either generates synthetic packets with an | |||
| IOAM trace option that has the loopback flag set, or sets the loopack | IOAM trace option that has the Loopback flag set, or sets the loopack | |||
| flag in a subset of the in-transit data packets. Loopback is used | flag in a subset of the in-transit data packets. Loopback is used | |||
| either proactively or on-demand, i.e., when a failure is detected. | either proactively or on-demand, i.e., when a failure is detected. | |||
| The encapsulating node also needs to ensure that sufficient space is | The encapsulating node also needs to ensure that sufficient space is | |||
| available in the IOAM header for loopback operation, which includes | available in the IOAM header for loopback operation, which includes | |||
| transit nodes adding trace data on the original path and then again | transit nodes adding trace data on the original path and then again | |||
| on the return path. | on the return path. | |||
| An IOAM trace option that has the loopback bit set MUST have the | An IOAM trace option that has the Loopback flag set MUST have the | |||
| value '1' in the most significant bit of IOAM-Trace-Type, and '0' in | value '1' in the most significant bit of IOAM-Trace-Type, and '0' in | |||
| the rest of the bits of IOAM-Trace-Type. Thus, every transit node | the rest of the bits of IOAM-Trace-Type. Thus, every transit node | |||
| that processes this trace option only adds a single data field, which | that processes this trace option only adds a single data field, which | |||
| is the Hop_Lim and node_id data field. The reason for allowing a | is the Hop_Lim and node_id data field. The reason for allowing a | |||
| single data field per hop is to minimize the impact of amplification | single data field per hop is to minimize the impact of amplification | |||
| attacks. | attacks. | |||
| IOAM encapsulating nodes MUST NOT push an IOAM encapsulation with the | IOAM encapsulating nodes MUST NOT push an IOAM encapsulation with the | |||
| Loopback flag onto data packets that already include an IOAM | Loopback flag onto data packets that already include an IOAM | |||
| encapsulation. This requirement is intended to prevent IOAM Loopback | encapsulation. This requirement is intended to prevent IOAM Loopback | |||
| nesting, where looped back packets may be subject to loopback in a | nesting, where looped back packets may be subject to loopback in a | |||
| nested IOAM domain. | nested IOAM domain. | |||
| 4.2.2. Loopback Packet Selection | 4.1.1. Loopback Packet Selection | |||
| If an IOAM encapsulating node incorporates the Loopback flag into all | If an IOAM encapsulating node incorporates the Loopback flag into all | |||
| the traffic it forwards it may lead to an excessive amount of looped | the traffic it forwards it may lead to an excessive amount of looped | |||
| back packets, which may overload the network and the encapsulating | back packets, which may overload the network and the encapsulating | |||
| node. Therefore, an IOAM encapsulating node that supports the | node. Therefore, an IOAM encapsulating node that supports the | |||
| Loopback flag MUST support the ability to incorporate the Loopback | Loopback flag MUST support the ability to incorporate the Loopback | |||
| flag selectively into a subset of the packets that are forwarded by | flag selectively into a subset of the packets that are forwarded by | |||
| it. | it. | |||
| Various methods of packet selection and sampling have been previously | Various methods of packet selection and sampling have been previously | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 5, line 47 ¶ | |||
| network operators. If there is an upper bound, M, on the number of | network operators. If there is an upper bound, M, on the number of | |||
| IOAM transit nodes in any path in the network, then it is recommended | IOAM transit nodes in any path in the network, then it is recommended | |||
| to use an N such that N >> M. The rationale is that a packet that | to use an N such that N >> M. The rationale is that a packet that | |||
| includes the Loopback flag triggers a looped back packet from each | includes the Loopback flag triggers a looped back packet from each | |||
| IOAM transit node along the path for a total of M looped back | IOAM transit node along the path for a total of M looped back | |||
| packets. Thus, if N >> M then the number of looped back packets is | packets. Thus, if N >> M then the number of looped back packets is | |||
| significantly lower than the number of data packets forwarded by the | significantly lower than the number of data packets forwarded by the | |||
| IOAM encapsulating node. If there is no prior knowledge about the | IOAM encapsulating node. If there is no prior knowledge about the | |||
| network topology or size, it is recommended to use N>100. | network topology or size, it is recommended to use N>100. | |||
| 4.3. Receiving and Processing Loopback | 4.2. Receiving and Processing Loopback | |||
| A loopback bit that is set indicates to the transit nodes processing | A Loopback flag that is set indicates to the transit nodes processing | |||
| this option that they are to create a copy of the received packet and | this option that they are to create a copy of the received packet and | |||
| send the copy back to the source of the packet. In this context the | send the copy back to the source of the packet. In this context the | |||
| source is the IOAM encapsulating node, and it is assumed that the | source is the IOAM encapsulating node, and it is assumed that the | |||
| source address is available in the encapsulation header. Thus, the | source address is available in the encapsulation header. Thus, the | |||
| source address of the original packet is used as the destination | source address of the original packet is used as the destination | |||
| address in the copied packet. The address of the node performing the | address in the copied packet. The address of the node performing the | |||
| copy operation is used as the source address. The IOAM transit node | copy operation is used as the source address. The IOAM transit node | |||
| pushes the required data field *after* creating the copy of the | pushes the required data field *after* creating the copy of the | |||
| packet, in order to allow any egress-dependent information to be set | packet, in order to allow any egress-dependent information to be set | |||
| based on the egress of the copy rather than the original packet. The | based on the egress of the copy rather than the original packet. The | |||
| skipping to change at page 6, line 35 ¶ | skipping to change at page 6, line 29 ¶ | |||
| Loopback flag MUST support the ability to limit the rate of the | Loopback flag MUST support the ability to limit the rate of the | |||
| looped back packets. The rate of looped back packets SHOULD be | looped back packets. The rate of looped back packets SHOULD be | |||
| limited so that the number of looped back packets is significantly | limited so that the number of looped back packets is significantly | |||
| lower than the number of packets that are forwarded by the device. | lower than the number of packets that are forwarded by the device. | |||
| The looped back data rate SHOULD NOT exceed 1/N of the interface | The looped back data rate SHOULD NOT exceed 1/N of the interface | |||
| capacity on any of the IOAM node's interfaces. It is recommended to | capacity on any of the IOAM node's interfaces. It is recommended to | |||
| use N>100. Depending on the IOAM node's architecture considerations, | use N>100. Depending on the IOAM node's architecture considerations, | |||
| the loopback response rate may be limited to a lower number in order | the loopback response rate may be limited to a lower number in order | |||
| to avoid loading the IOAM node. | to avoid loading the IOAM node. | |||
| 4.4. Loopback on the Return Path | 4.3. Loopback on the Return Path | |||
| On its way back towards the source, the copied packet is processed | On its way back towards the source, the copied packet is processed | |||
| like any other packet with IOAM information, including adding any | like any other packet with IOAM information, including adding any | |||
| requested data at each transit node (assuming there is sufficient | requested data at each transit node (assuming there is sufficient | |||
| space). | space). | |||
| 4.5. Terminating a Looped Back Packet | 4.4. Terminating a Looped Back Packet | |||
| Once the return packet reaches the IOAM domain boundary, IOAM | Once the return packet reaches the IOAM domain boundary, IOAM | |||
| decapsulation occurs as with any other packet containing IOAM | decapsulation occurs as with any other packet containing IOAM | |||
| information. Note that the looped back packet does not have the | information. Note that the looped back packet does not have the | |||
| L-bit set. The IOAM encapsulating node that initiated the original | L-bit set. The IOAM encapsulating node that initiated the original | |||
| loopback packet recognizes a received packet as an IOAM looped-back | loopback packet recognizes a received packet as an IOAM looped-back | |||
| packet by checking the Node ID in the Hop_Lim/node_id field that | packet by checking the Node ID in the Hop_Lim/node_id field that | |||
| corresponds to the first hop. If the Node ID matches the current | corresponds to the first hop. If the Node ID matches the current | |||
| IOAM node, it indicates that this is a looped back packet that was | IOAM node, it indicates that this is a looped back packet that was | |||
| initiated by the current IOAM node, and processed accordingly. If | initiated by the current IOAM node, and processed accordingly. If | |||
| skipping to change at page 7, line 22 ¶ | skipping to change at page 7, line 17 ¶ | |||
| node that is not the IOAM node that initiated the loopback, the node | node that is not the IOAM node that initiated the loopback, the node | |||
| does not process the packet as a loopback; the IOAM encapsulation is | does not process the packet as a loopback; the IOAM encapsulation is | |||
| removed, and since the packet does not have any payload it is | removed, and since the packet does not have any payload it is | |||
| terminated. In either case, when the packet reaches the IOAM | terminated. In either case, when the packet reaches the IOAM | |||
| boundary its IOAM encapsulation is removed, preventing IOAM | boundary its IOAM encapsulation is removed, preventing IOAM | |||
| information from leaking out from the IOAM domain. | information from leaking out from the IOAM domain. | |||
| 5. Active Measurement with IOAM | 5. Active Measurement with IOAM | |||
| Active measurement methods [RFC7799] make use of synthetically | Active measurement methods [RFC7799] make use of synthetically | |||
| generated packets in order to facilitate the measurement. This | generated packets in order to facilitate measurement. This section | |||
| section presents use cases of active measurement using the IOAM | presents use cases of active measurement using the IOAM Active flag. | |||
| Active flag. | ||||
| The active flag indicates that a packet is used for active | The Active flag indicates that a packet is used for active | |||
| measurement. An IOAM decapsulating node that receives a packet with | measurement. An IOAM decapsulating node that receives a packet with | |||
| the Active flag set in one of its Trace options must terminate the | the Active flag set in one of its Trace options must terminate the | |||
| packet. The active flag is intended to simplify the implementation | packet. The Active flag is intended to simplify the implementation | |||
| of decapsulating nodes by indicating that the packet should not be | of decapsulating nodes by indicating that the packet should not be | |||
| forwarded further. It is not intended as a replacement for existing | forwarded further. It is not intended as a replacement for existing | |||
| active OAM protocols, which may run in higher layers and make use of | active OAM protocols, which may run in higher layers and make use of | |||
| the active flag. | the Active flag. | |||
| An example of an IOAM deployment scenario is illustrated in Figure 2. | An example of an IOAM deployment scenario is illustrated in Figure 2. | |||
| The figure depicts two endpoints, a source and a destination. The | The figure depicts two endpoints, a source and a destination. The | |||
| data traffic from the source to the destination is forwarded through | data traffic from the source to the destination is forwarded through | |||
| a set of network devices, including an IOAM encapsulating node, which | a set of network devices, including an IOAM encapsulating node, which | |||
| incorporates one or more IOAM options, a decapsulating node, which | incorporates one or more IOAM options, a decapsulating node, which | |||
| removes the IOAM options, optionally one or more transit nodes. The | removes the IOAM options, optionally one or more transit nodes. The | |||
| IOAM options are encapsulated in one of the IOAM encapsulation types, | IOAM options are encapsulated in one of the IOAM encapsulation types, | |||
| e.g., [I-D.ietf-sfc-ioam-nsh], or [I-D.ietf-ippm-ioam-ipv6-options]. | e.g., [I-D.ietf-sfc-ioam-nsh], or [I-D.ietf-ippm-ioam-ipv6-options]. | |||
| skipping to change at page 8, line 26 ¶ | skipping to change at page 8, line 14 ¶ | |||
| This draft focuses on three possible use cases of active measurement | This draft focuses on three possible use cases of active measurement | |||
| using IOAM. These use cases are described using the example of | using IOAM. These use cases are described using the example of | |||
| Figure 2. | Figure 2. | |||
| o Endpoint active measurement: synthetic probe packets are sent | o Endpoint active measurement: synthetic probe packets are sent | |||
| between the source and destination, traversing the IOAM domain. | between the source and destination, traversing the IOAM domain. | |||
| Since the probe packets are sent between the endpoints, these | Since the probe packets are sent between the endpoints, these | |||
| packets are treated as data packets by the IOAM domain, and do not | packets are treated as data packets by the IOAM domain, and do not | |||
| require special treatment at the IOAM layer. Specifically, the | require special treatment at the IOAM layer. Specifically, the | |||
| active flag is not used in this case, and the IOAM layer needs not | Active flag is not used in this case, and the IOAM layer needs not | |||
| be aware that an active measurement mechanism is used at a higher | be aware that an active measurement mechanism is used at a higher | |||
| layer. | layer. | |||
| o IOAM active measurement using probe packets within the IOAM | o IOAM active measurement using probe packets within the IOAM | |||
| domain: probe packets are generated and transmitted by the IOAM | domain: probe packets are generated and transmitted by the IOAM | |||
| encapsulating node, and are expected to be terminated by the | encapsulating node, and are expected to be terminated by the | |||
| decapsulating node. IOAM data related to probe packets may be | decapsulating node. IOAM data related to probe packets may be | |||
| exported by one or more nodes along its path, by an exporting | exported by one or more nodes along its path, by an exporting | |||
| protocol that is outside the scope of this document (e.g., | protocol that is outside the scope of this document (e.g., | |||
| [I-D.spiegel-ippm-ioam-rawexport]). Probe packets include a Trace | [I-D.spiegel-ippm-ioam-rawexport]). Probe packets include a Trace | |||
| skipping to change at page 8, line 50 ¶ | skipping to change at page 8, line 38 ¶ | |||
| o IOAM active measurement using replicated data packets: probe | o IOAM active measurement using replicated data packets: probe | |||
| packets are created by the encapsulating node by selecting some or | packets are created by the encapsulating node by selecting some or | |||
| all of the en route data packets and replicating them. A selected | all of the en route data packets and replicating them. A selected | |||
| data packet that is replicated, and its (possibly truncated) copy | data packet that is replicated, and its (possibly truncated) copy | |||
| is forwarded with one or more IOAM option, while the original | is forwarded with one or more IOAM option, while the original | |||
| packet is forwarded normally, without IOAM options. To the extent | packet is forwarded normally, without IOAM options. To the extent | |||
| possible, the original data packet and its replica are forwarded | possible, the original data packet and its replica are forwarded | |||
| through the same path. The replica includes a Trace Option that | through the same path. The replica includes a Trace Option that | |||
| has its Active flag set, indicating that the decapsulating node | has its Active flag set, indicating that the decapsulating node | |||
| should terminate it. It should be noted that the current document | should terminate it. It should be noted that the current document | |||
| defines the role of the active flag in allowing the decapsulating | defines the role of the Active flag in allowing the decapsulating | |||
| node to terminate the packet, but the replication functionality in | node to terminate the packet, but the replication functionality in | |||
| this context is outside the scope of this document. | this context is outside the scope of this document. | |||
| If the volume of traffic that incorporates the Active flag is large, | If the volume of traffic that incorporates the Active flag is large, | |||
| it may overload the network and the IOAM node(s) that process the | it may overload the network and the IOAM node(s) that process the | |||
| active measurement packet. Thus, the rate of the traffic that | active measurement packet. Thus, the rate of the traffic that | |||
| includes the Active flag rate SHOULD NOT exceed 1/N of the interface | includes the Active flag rate SHOULD NOT exceed 1/N of the interface | |||
| capacity on any of the IOAM node's interfaces. It is recommended to | capacity on any of the IOAM node's interfaces. It is recommended to | |||
| use N>100. Depending on the IOAM node's architecture considerations, | use N>100. Depending on the IOAM node's architecture considerations, | |||
| the rate of Active-enabled IOAM packets may be limited to a lower | the rate of Active-enabled IOAM packets may be limited to a lower | |||
| skipping to change at page 9, line 33 ¶ | skipping to change at page 9, line 22 ¶ | |||
| Bit 2 "Active" (A-bit) | Bit 2 "Active" (A-bit) | |||
| Note that bit 0 is the most significant bit in the Flags Registry. | Note that bit 0 is the most significant bit in the Flags Registry. | |||
| 7. Performance Considerations | 7. Performance Considerations | |||
| Each of the flags that are defined in this document may have | Each of the flags that are defined in this document may have | |||
| performance implications. When using the loopback mechanism a copy | performance implications. When using the loopback mechanism a copy | |||
| of the data packet is sent back to the sender, thus generating more | of the data packet is sent back to the sender, thus generating more | |||
| traffic than originally sent by the endpoints. Using active | traffic than originally sent by the endpoints. Using active | |||
| measurement with the active flag requires the use of synthetic | measurement with the Active flag requires the use of synthetic | |||
| (overhead) traffic. | (overhead) traffic. | |||
| Each of the mechanisms that use the flags above has a cost in terms | Each of the mechanisms that use the flags above has a cost in terms | |||
| of the network bandwidth, and may potentially load the node that | of the network bandwidth, and may potentially load the node that | |||
| analyzes the data. Therefore, it MUST be possible to use each of the | analyzes the data. Therefore, it MUST be possible to use each of the | |||
| mechanisms on a subset of the data traffic; an encapsulating node | mechanisms on a subset of the data traffic; an encapsulating node | |||
| needs to be able to set the Loopback and Active flag selectively, in | needs to be able to set the Loopback and Active flag selectively, in | |||
| a way that considers the effect on the network performance, as | a way that considers the effect on the network performance, as | |||
| further discussed in Section 4.2.2 and Section 5. | further discussed in Section 4.1.1 and Section 5. | |||
| Transit and decapsulating nodes that support Loopback need to be able | Transit and decapsulating nodes that support Loopback need to be able | |||
| to limit the looped back packets (Section 4.3) so as to ensure that | to limit the looped back packets (Section 4.2) so as to ensure that | |||
| the mechanisms are used at a rate that does not significantly affect | the mechanisms are used at a rate that does not significantly affect | |||
| the network bandwidth, and does not overload the source node in the | the network bandwidth, and does not overload the source node in the | |||
| case of loopback. | case of loopback. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| The security considerations of IOAM in general are discussed in | The security considerations of IOAM in general are discussed in | |||
| [I-D.ietf-ippm-ioam-data]. Specifically, an attacker may try to use | [I-D.ietf-ippm-ioam-data]. Specifically, an attacker may try to use | |||
| the functionality that is defined in this document to attack the | the functionality that is defined in this document to attack the | |||
| network. | network. | |||
| skipping to change at page 10, line 22 ¶ | skipping to change at page 10, line 9 ¶ | |||
| An attacker may attempt to overload network devices by injecting | An attacker may attempt to overload network devices by injecting | |||
| synthetic packets that include an IOAM Trace Option with one or more | synthetic packets that include an IOAM Trace Option with one or more | |||
| of the flags defined in this document. Similarly, an on-path | of the flags defined in this document. Similarly, an on-path | |||
| attacker may maliciously set one or more of the flags of transit | attacker may maliciously set one or more of the flags of transit | |||
| packets. | packets. | |||
| o Loopback flag: an attacker that sets this flag, either in | o Loopback flag: an attacker that sets this flag, either in | |||
| synthetic packets or transit packet, can potentially cause an | synthetic packets or transit packet, can potentially cause an | |||
| amplification, since each device along the path creates a copy of | amplification, since each device along the path creates a copy of | |||
| the data packet and sends it back to the source. The attacker can | the data packet and sends it back to the source. The attacker can | |||
| potentially leverage the loopback flag for a Distributed Denial of | potentially leverage the Loopback flag for a Distributed Denial of | |||
| Service (DDoS) attack, as multiple devices send looped-back copies | Service (DDoS) attack, as multiple devices send looped-back copies | |||
| of a packet to a single source. | of a packet to a single source. | |||
| o Active flag: the impact of synthetic packets with the active flag | o Active flag: the impact of synthetic packets with the Active flag | |||
| is no worse than synthetic data packets in which the Active flag | is no worse than synthetic data packets in which the Active flag | |||
| is not set. By setting the active flag in en route packets an | is not set. By setting the Active flag in en route packets an | |||
| attacker can prevent these packets from reaching their | attacker can prevent these packets from reaching their | |||
| destination, since the packet is terminated by the decapsulating | destination, since the packet is terminated by the decapsulating | |||
| device; however, note that an on-path attacker may achieve the | device; however, note that an on-path attacker may achieve the | |||
| same goal by changing the destination address of a packet. | same goal by changing the destination address of a packet. | |||
| Another potential threat is amplification; if an attacker causes | Another potential threat is amplification; if an attacker causes | |||
| transit switches to replicate more packets than they are intended | transit switches to replicate more packets than they are intended | |||
| to replicate, either by setting the Active flag or by sending | to replicate, either by setting the Active flag or by sending | |||
| synthetic packets, then traffic is amplified, causing bandwidth | synthetic packets, then traffic is amplified, causing bandwidth | |||
| degredation. As mentioned in Section 5, the specification of the | degredation. As mentioned in Section 5, the specification of the | |||
| replication mechanism is not within the scope of this document. A | replication mechanism is not within the scope of this document. A | |||
| skipping to change at page 11, line 9 ¶ | skipping to change at page 10, line 45 ¶ | |||
| worse than in the conventional case. | worse than in the conventional case. | |||
| In order to mitigate the performance-related attacks described above, | In order to mitigate the performance-related attacks described above, | |||
| as described in Section 7 it should be possible for IOAM-enabled | as described in Section 7 it should be possible for IOAM-enabled | |||
| devices to selectively apply the mechanisms that use the flags | devices to selectively apply the mechanisms that use the flags | |||
| defined in this document to a subset of the traffic, and to limit the | defined in this document to a subset of the traffic, and to limit the | |||
| performance of synthetically generated packets to a configurable | performance of synthetically generated packets to a configurable | |||
| rate. Specifically, IOAM nodes should be able to: | rate. Specifically, IOAM nodes should be able to: | |||
| o Limit the rate of IOAM packets with the Loopback flag (IOAM | o Limit the rate of IOAM packets with the Loopback flag (IOAM | |||
| encapsulating nodes), as discussed in Section 4.2.2. | encapsulating nodes), as discussed in Section 4.1.1. | |||
| o Limit the rate of looped back packets (IOAM transit and | o Limit the rate of looped back packets (IOAM transit and | |||
| decapsulating nodes), as discussed in Section 4.3. | decapsulating nodes), as discussed in Section 4.2. | |||
| o Limit the rate of IOAM packets with the Active flag (IOAM | o Limit the rate of IOAM packets with the Active flag (IOAM | |||
| encapsulating nodes), as discussed in Section 5. | encapsulating nodes), as discussed in Section 5. | |||
| As defined in Section 4, transit nodes that process a packet with the | As defined in Section 4, transit nodes that process a packet with the | |||
| Loopback flag only add a single data field, and truncate any payload | Loopback flag only add a single data field, and truncate any payload | |||
| that follows the IOAM option(s), thus significanly limiting the | that follows the IOAM option(s), thus significanly limiting the | |||
| possible impact of an amplification attack. | possible impact of an amplification attack. | |||
| IOAM is assumed to be deployed in a restricted administrative domain, | IOAM is assumed to be deployed in a restricted administrative domain, | |||
| skipping to change at page 12, line 12 ¶ | skipping to change at page 11, line 45 ¶ | |||
| Selection Techniques", RFC 7014, DOI 10.17487/RFC7014, | Selection Techniques", RFC 7014, DOI 10.17487/RFC7014, | |||
| September 2013, <https://www.rfc-editor.org/info/rfc7014>. | September 2013, <https://www.rfc-editor.org/info/rfc7014>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.ietf-ippm-ioam-ipv6-options] | [I-D.ietf-ippm-ioam-ipv6-options] | |||
| Bhandari, S., Brockners, F., Pignataro, C., Gredler, H., | Bhandari, S. and F. Brockners, "In-situ OAM IPv6 Options", | |||
| Leddy, J., Youell, S., Mizrahi, T., Kfir, A., Gafni, B., | draft-ietf-ippm-ioam-ipv6-options-06 (work in progress), | |||
| Lapukhov, P., Spiegel, M., Krishnan, S., Asati, R., and M. | July 2021. | |||
| Smith, "In-situ OAM IPv6 Options", draft-ietf-ippm-ioam- | ||||
| ipv6-options-05 (work in progress), February 2021. | ||||
| [I-D.ietf-sfc-ioam-nsh] | [I-D.ietf-sfc-ioam-nsh] | |||
| Brockners, F. and S. Bhandari, "Network Service Header | Brockners, F. and S. Bhandari, "Network Service Header | |||
| (NSH) Encapsulation for In-situ OAM (IOAM) Data", draft- | (NSH) Encapsulation for In-situ OAM (IOAM) Data", draft- | |||
| ietf-sfc-ioam-nsh-05 (work in progress), December 2020. | ietf-sfc-ioam-nsh-06 (work in progress), July 2021. | |||
| [I-D.spiegel-ippm-ioam-rawexport] | [I-D.spiegel-ippm-ioam-rawexport] | |||
| Spiegel, M., Brockners, F., Bhandari, S., and R. | Spiegel, M., Brockners, F., Bhandari, S., and R. | |||
| Sivakolundu, "In-situ OAM raw data export with IPFIX", | Sivakolundu, "In-situ OAM raw data export with IPFIX", | |||
| draft-spiegel-ippm-ioam-rawexport-05 (work in progress), | draft-spiegel-ippm-ioam-rawexport-05 (work in progress), | |||
| July 2021. | July 2021. | |||
| [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with | [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with | |||
| Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, | Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, | |||
| May 2016, <https://www.rfc-editor.org/info/rfc7799>. | May 2016, <https://www.rfc-editor.org/info/rfc7799>. | |||
| End of changes. 35 change blocks. | ||||
| 67 lines changed or deleted | 59 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||