| draft-ietf-ippm-ioam-ipv6-options-06.txt | draft-ietf-ippm-ioam-ipv6-options-07.txt | |||
|---|---|---|---|---|
| ippm S. Bhandari, Ed. | ippm S. Bhandari, Ed. | |||
| Internet-Draft Thoughtspot | Internet-Draft Thoughtspot | |||
| Intended status: Standards Track F. Brockners, Ed. | Intended status: Standards Track F. Brockners, Ed. | |||
| Expires: February 1, 2022 Cisco | Expires: August 10, 2022 Cisco | |||
| July 31, 2021 | February 6, 2022 | |||
| In-situ OAM IPv6 Options | In-situ OAM IPv6 Options | |||
| draft-ietf-ippm-ioam-ipv6-options-06 | draft-ietf-ippm-ioam-ipv6-options-07 | |||
| Abstract | Abstract | |||
| In-situ Operations, Administration, and Maintenance (IOAM) records | In-situ Operations, Administration, and Maintenance (IOAM) records | |||
| operational and telemetry information in the packet while the packet | operational and telemetry information in the packet while the packet | |||
| traverses a path between two points in the network. This document | traverses a path between two points in the network. This document | |||
| outlines how IOAM data fields are encapsulated in IPv6. | outlines how IOAM data fields are encapsulated in IPv6. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 1, 2022. | This Internet-Draft will expire on August 10, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 2 | 2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 3.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 | 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. In-situ OAM Metadata Transport in IPv6 . . . . . . . . . . . 4 | 4. In-situ OAM Metadata Transport in IPv6 . . . . . . . . . . . 3 | |||
| 5. IOAM Deployment In IPv6 Networks . . . . . . . . . . . . . . 7 | 5. IOAM Deployment In IPv6 Networks . . . . . . . . . . . . . . 6 | |||
| 5.1. Considerations for IOAM deployment in IPv6 networks . . . 7 | 5.1. Considerations for IOAM deployment in IPv6 networks . . . 6 | |||
| 5.2. IOAM domains bounded by hosts . . . . . . . . . . . . . . 8 | 5.2. IOAM domains bounded by hosts . . . . . . . . . . . . . . 7 | |||
| 5.3. IOAM domains bounded by network devices . . . . . . . . . 8 | 5.3. IOAM domains bounded by network devices . . . . . . . . . 7 | |||
| 5.4. Deployment options . . . . . . . . . . . . . . . . . . . 8 | 5.4. Deployment options . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.4.1. IPv6-in-IPv6 encapsulation . . . . . . . . . . . . . 8 | 5.4.1. IP-in-IPv6 encapsulation with ULA . . . . . . . . . . 8 | |||
| 5.4.2. IP-in-IPv6 encapsulation with ULA . . . . . . . . . . 9 | 5.4.2. x-in-IPv6 Encapsulation that is used Independently . 8 | |||
| 5.4.3. x-in-IPv6 Encapsulation that is used Independently . 10 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 9.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 11 | Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 11 | |||
| Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 12 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | ||||
| 1. Introduction | 1. Introduction | |||
| In-situ Operations, Administration, and Maintenance (IOAM) records | In-situ Operations, Administration, and Maintenance (IOAM) records | |||
| operational and telemetry information in the packet while the packet | operational and telemetry information in the packet while the packet | |||
| traverses a path between two points in the network. This document | traverses a path between two points in the network. This document | |||
| outlines how IOAM data fields are encapsulated in the IPv6 [RFC8200] | outlines how IOAM data fields are encapsulated in the IPv6 [RFC8200] | |||
| and discusses deployment options for networks that use | and discusses deployment options for networks that use | |||
| IPv6-encapsulated IOAM data fields. These options have distinct | IPv6-encapsulated IOAM data fields. These options have distinct | |||
| deployment considerations; for example, the IOAM domain can either be | deployment considerations; for example, the IOAM domain can either be | |||
| skipping to change at page 3, line 4 ¶ | skipping to change at page 2, line 51 ¶ | |||
| 2. Contributors | 2. Contributors | |||
| This document was the collective effort of several authors. The text | This document was the collective effort of several authors. The text | |||
| and content were contributed by the editors and the co-authors listed | and content were contributed by the editors and the co-authors listed | |||
| below. The contact information of the co-authors appears at the end | below. The contact information of the co-authors appears at the end | |||
| of this document. | of this document. | |||
| o Carlos Pignataro | o Carlos Pignataro | |||
| o Hannes Gredler | o Hannes Gredler | |||
| o John Leddy | ||||
| o John Leddy | ||||
| o Stephen Youell | o Stephen Youell | |||
| o Tal Mizrahi | o Tal Mizrahi | |||
| o Aviv Kfir | o Aviv Kfir | |||
| o Barak Gafni | o Barak Gafni | |||
| o Petr Lapukhov | o Petr Lapukhov | |||
| skipping to change at page 4, line 23 ¶ | skipping to change at page 4, line 16 ¶ | |||
| two types of extension headers in IPv6 packets - either Hop-by-Hop | two types of extension headers in IPv6 packets - either Hop-by-Hop | |||
| Options header or Destination options header. Deployments select one | Options header or Destination options header. Deployments select one | |||
| of these extension header types depending on how IOAM is used, as | of these extension header types depending on how IOAM is used, as | |||
| described in section 4 of [I-D.ietf-ippm-ioam-data]. Multiple | described in section 4 of [I-D.ietf-ippm-ioam-data]. Multiple | |||
| options with the same Option Type MAY appear in the same Hop-by-Hop | options with the same Option Type MAY appear in the same Hop-by-Hop | |||
| Options or Destination Options header, with distinct content. | Options or Destination Options header, with distinct content. | |||
| In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly | In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly | |||
| enabled per interface on every node within the IOAM domain. Unless a | enabled per interface on every node within the IOAM domain. Unless a | |||
| particular interface is explicitly enabled (i.e., explicitly | particular interface is explicitly enabled (i.e., explicitly | |||
| configured) for IOAM, a router MUST drop packets that contain | configured) for IOAM, a router MUST ignore IOAM Options. As | |||
| extension headers carrying IOAM data-fields. This is the default | additional security, IOAM domains SHOULD provide a mechanism to | |||
| behavior and is independent of whether the Hop-by-Hop options or | prevent injections at ingress or leaks at egress. | |||
| Destination options are used to encode the IOAM data. This ensures | ||||
| that IOAM data does not unintentionally get forwarded outside the | ||||
| IOAM domain. | ||||
| An IPv6 packet carrying IOAM data in an Extension header can have | An IPv6 packet carrying IOAM data in an Extension header can have | |||
| other extension headers, compliant with [RFC8200]. | other extension headers, compliant with [RFC8200]. | |||
| IPv6 Hop-by-Hop and Destination Option format for carrying in-situ | IPv6 Hop-by-Hop and Destination Option format for carrying in-situ | |||
| OAM data fields: | OAM data fields: | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Option Type | Opt Data Len | Reserved | IOAM Type | | | Option Type | Opt Data Len | Reserved | IOAM Type | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ | |||
| skipping to change at page 8, line 36 ¶ | skipping to change at page 8, line 10 ¶ | |||
| For deployments where the IOAM domain is bounded by network devices, | For deployments where the IOAM domain is bounded by network devices, | |||
| network devices such as routers form the edge of an IOAM domain. | network devices such as routers form the edge of an IOAM domain. | |||
| Network devices will perform the operation of IOAM data field | Network devices will perform the operation of IOAM data field | |||
| encapsulation and decapsulation. | encapsulation and decapsulation. | |||
| 5.4. Deployment options | 5.4. Deployment options | |||
| This section lists out possible deployment options that can be | This section lists out possible deployment options that can be | |||
| employed to meet the requirements listed in Section 5.1. | employed to meet the requirements listed in Section 5.1. | |||
| 5.4.1. IPv6-in-IPv6 encapsulation | 5.4.1. IP-in-IPv6 encapsulation with ULA | |||
| The "IPv6-in-IPv6" approach preserves the original IP packet and add | ||||
| an IPv6 header including IOAM data fields in an extension header in | ||||
| front of it, to forward traffic within and across an IOAM domain. | ||||
| The overlay network formed by the additional IPv6 header with the | ||||
| IOAM data fields included in an extension header is referred to as | ||||
| IOAM Overlay Network (ION) in this document. | ||||
| The following steps should be taken to perform an IPv6-in-IPv6 | ||||
| approach: | ||||
| 1. The source address of the outer IPv6 header is that of the IOAM | ||||
| encapsulating node. The destination address of the outer IPv6 | ||||
| header is the same as the inner IPv6 destination address, i.e., | ||||
| the destination address of the packet does not change. | ||||
| 2. To simplify debugging in case of leaked IOAM data fields, | ||||
| consider a new IOAM E2E destination option to identify the Source | ||||
| IOAM domain (AS, v6 prefix). Insert this option into the IOAM | ||||
| destination options EH attached to the outer IPv6 header. This | ||||
| additional information would allow for easy identification of an | ||||
| AS operator that is the source of packets with leaked IOAM | ||||
| information. Note that leaked packets with IOAM data fields | ||||
| would only occur in case a router would be misconfigured. | ||||
| 3. All the IOAM options are defined with type "00" - skip over this | ||||
| option and continue processing the header. Presence of these | ||||
| options must not cause packet drops in network elements that do | ||||
| not understand the option. In addition, | ||||
| [I-D.ietf-6man-hbh-header-handling] should be considered. | ||||
| 5.4.2. IP-in-IPv6 encapsulation with ULA | ||||
| The "IP-in-IPv6 encapsulation with ULA" [RFC4193] approach can be | The "IP-in-IPv6 encapsulation with ULA" [RFC4193] approach can be | |||
| used to apply IOAM to either an IPv6 or an IPv4 network. In | used to apply IOAM to either an IPv6 or an IPv4 network. In | |||
| addition, it fulfills requirement C4 (avoid leaks) by using ULA for | addition, it fulfills requirement C4 (avoid leaks) by using ULA for | |||
| the ION. Similar to the IPv6-in-IPv6 encapsulation approach above, | the ION. Similar to the IPv6-in-IPv6 encapsulation approach above, | |||
| the original IP packet is preserved. An IPv6 header including IOAM | the original IP packet is preserved. An IPv6 header including IOAM | |||
| data fields in an extension header is added in front of it, to | data fields in an extension header is added in front of it, to | |||
| forward traffic within and across the IOAM domain. IPv6 addresses | forward traffic within and across the IOAM domain. IPv6 addresses | |||
| for the ION, i.e. the outer IPv6 addresses are assigned from the ULA | for the ION, i.e. the outer IPv6 addresses are assigned from the ULA | |||
| space. Addressing and routing in the ION are to be configured so | space. Addressing and routing in the ION are to be configured so | |||
| skipping to change at page 10, line 7 ¶ | skipping to change at page 8, line 46 ¶ | |||
| in Section 4 of [RFC4193] are properly followed, the probability of | in Section 4 of [RFC4193] are properly followed, the probability of | |||
| leaks in this approach will be almost close to zero. If the packets | leaks in this approach will be almost close to zero. If the packets | |||
| do leak through IOAM egress device misconfiguration or partial IOAM | do leak through IOAM egress device misconfiguration or partial IOAM | |||
| egress device failure, the packets' ULA destination address is | egress device failure, the packets' ULA destination address is | |||
| invalid outside of the IOAM domain. There is no exterior destination | invalid outside of the IOAM domain. There is no exterior destination | |||
| to be reached, and the packets will be dropped when they encounter | to be reached, and the packets will be dropped when they encounter | |||
| either a router external to the IOAM domain that has a packet filter | either a router external to the IOAM domain that has a packet filter | |||
| that drops packets with ULA destinations, or a router that does not | that drops packets with ULA destinations, or a router that does not | |||
| have a default route. | have a default route. | |||
| 5.4.3. x-in-IPv6 Encapsulation that is used Independently | 5.4.2. x-in-IPv6 Encapsulation that is used Independently | |||
| In some cases it is desirable to monitor a domain that uses an | In some cases it is desirable to monitor a domain that uses an | |||
| overlay network that is deployed independently of the need for IOAM, | overlay network that is deployed independently of the need for IOAM, | |||
| e.g., an overlay network that runs Geneve-in-IPv6, or VXLAN-in-IPv6. | e.g., an overlay network that runs Geneve-in-IPv6, or VXLAN-in-IPv6. | |||
| In this case IOAM can be encapsulated in as an extension header in | In this case IOAM can be encapsulated in as an extension header in | |||
| the tunnel (outer) IPv6 header. Thus, the tunnel encapsulating node | the tunnel (outer) IPv6 header. Thus, the tunnel encapsulating node | |||
| is also the IOAM encapsulating node, and the tunnel end point is also | is also the IOAM encapsulating node, and the tunnel end point is also | |||
| the IOAM decapsulating node. | the IOAM decapsulating node. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| skipping to change at page 11, line 13 ¶ | skipping to change at page 10, line 7 ¶ | |||
| [I-D.kitamura-ipv6-record-route]. The authors would like to | [I-D.kitamura-ipv6-record-route]. The authors would like to | |||
| acknowledge the work done by the author Hiroshi Kitamura and people | acknowledge the work done by the author Hiroshi Kitamura and people | |||
| involved in writing it. | involved in writing it. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [I-D.ietf-ippm-ioam-data] | [I-D.ietf-ippm-ioam-data] | |||
| Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields | Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields | |||
| for In-situ OAM", draft-ietf-ippm-ioam-data-14 (work in | for In-situ OAM", draft-ietf-ippm-ioam-data-17 (work in | |||
| progress), June 2021. | progress), December 2021. | |||
| [I-D.ietf-ippm-ioam-direct-export] | [I-D.ietf-ippm-ioam-direct-export] | |||
| Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., | Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., | |||
| Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ | Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ | |||
| OAM Direct Exporting", draft-ietf-ippm-ioam-direct- | OAM Direct Exporting", draft-ietf-ippm-ioam-direct- | |||
| export-05 (work in progress), July 2021. | export-07 (work in progress), October 2021. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.ietf-6man-hbh-header-handling] | ||||
| Baker, F. and R. Bonica, "IPv6 Hop-by-Hop Options | ||||
| Extension Header", March 2016. | ||||
| [I-D.kitamura-ipv6-record-route] | [I-D.kitamura-ipv6-record-route] | |||
| Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop | Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop | |||
| Option Extension", draft-kitamura-ipv6-record-route-00 | Option Extension", draft-kitamura-ipv6-record-route-00 | |||
| (work in progress), November 2000. | (work in progress), November 2000. | |||
| [RFC1772] Rekhter, Y. and P. Gross, "Application of the Border | [RFC1772] Rekhter, Y. and P. Gross, "Application of the Border | |||
| Gateway Protocol in the Internet", RFC 1772, | Gateway Protocol in the Internet", RFC 1772, | |||
| DOI 10.17487/RFC1772, March 1995, | DOI 10.17487/RFC1772, March 1995, | |||
| <https://www.rfc-editor.org/info/rfc1772>. | <https://www.rfc-editor.org/info/rfc1772>. | |||
| End of changes. 14 change blocks. | ||||
| 69 lines changed or deleted | 29 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||