draft-ietf-ippm-ioam-ipv6-options-06.txt   draft-ietf-ippm-ioam-ipv6-options-07.txt 
ippm S. Bhandari, Ed. ippm S. Bhandari, Ed.
Internet-Draft Thoughtspot Internet-Draft Thoughtspot
Intended status: Standards Track F. Brockners, Ed. Intended status: Standards Track F. Brockners, Ed.
Expires: February 1, 2022 Cisco Expires: August 10, 2022 Cisco
July 31, 2021 February 6, 2022
In-situ OAM IPv6 Options In-situ OAM IPv6 Options
draft-ietf-ippm-ioam-ipv6-options-06 draft-ietf-ippm-ioam-ipv6-options-07
Abstract Abstract
In-situ Operations, Administration, and Maintenance (IOAM) records In-situ Operations, Administration, and Maintenance (IOAM) records
operational and telemetry information in the packet while the packet operational and telemetry information in the packet while the packet
traverses a path between two points in the network. This document traverses a path between two points in the network. This document
outlines how IOAM data fields are encapsulated in IPv6. outlines how IOAM data fields are encapsulated in IPv6.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 1, 2022. This Internet-Draft will expire on August 10, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 3.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3
4. In-situ OAM Metadata Transport in IPv6 . . . . . . . . . . . 4 4. In-situ OAM Metadata Transport in IPv6 . . . . . . . . . . . 3
5. IOAM Deployment In IPv6 Networks . . . . . . . . . . . . . . 7 5. IOAM Deployment In IPv6 Networks . . . . . . . . . . . . . . 6
5.1. Considerations for IOAM deployment in IPv6 networks . . . 7 5.1. Considerations for IOAM deployment in IPv6 networks . . . 6
5.2. IOAM domains bounded by hosts . . . . . . . . . . . . . . 8 5.2. IOAM domains bounded by hosts . . . . . . . . . . . . . . 7
5.3. IOAM domains bounded by network devices . . . . . . . . . 8 5.3. IOAM domains bounded by network devices . . . . . . . . . 7
5.4. Deployment options . . . . . . . . . . . . . . . . . . . 8 5.4. Deployment options . . . . . . . . . . . . . . . . . . . 8
5.4.1. IPv6-in-IPv6 encapsulation . . . . . . . . . . . . . 8 5.4.1. IP-in-IPv6 encapsulation with ULA . . . . . . . . . . 8
5.4.2. IP-in-IPv6 encapsulation with ULA . . . . . . . . . . 9 5.4.2. x-in-IPv6 Encapsulation that is used Independently . 8
5.4.3. x-in-IPv6 Encapsulation that is used Independently . 10 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 9
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.2. Informative References . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . 11 Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 11
Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction 1. Introduction
In-situ Operations, Administration, and Maintenance (IOAM) records In-situ Operations, Administration, and Maintenance (IOAM) records
operational and telemetry information in the packet while the packet operational and telemetry information in the packet while the packet
traverses a path between two points in the network. This document traverses a path between two points in the network. This document
outlines how IOAM data fields are encapsulated in the IPv6 [RFC8200] outlines how IOAM data fields are encapsulated in the IPv6 [RFC8200]
and discusses deployment options for networks that use and discusses deployment options for networks that use
IPv6-encapsulated IOAM data fields. These options have distinct IPv6-encapsulated IOAM data fields. These options have distinct
deployment considerations; for example, the IOAM domain can either be deployment considerations; for example, the IOAM domain can either be
skipping to change at page 3, line 4 skipping to change at page 2, line 51
2. Contributors 2. Contributors
This document was the collective effort of several authors. The text This document was the collective effort of several authors. The text
and content were contributed by the editors and the co-authors listed and content were contributed by the editors and the co-authors listed
below. The contact information of the co-authors appears at the end below. The contact information of the co-authors appears at the end
of this document. of this document.
o Carlos Pignataro o Carlos Pignataro
o Hannes Gredler o Hannes Gredler
o John Leddy
o John Leddy
o Stephen Youell o Stephen Youell
o Tal Mizrahi o Tal Mizrahi
o Aviv Kfir o Aviv Kfir
o Barak Gafni o Barak Gafni
o Petr Lapukhov o Petr Lapukhov
skipping to change at page 4, line 23 skipping to change at page 4, line 16
two types of extension headers in IPv6 packets - either Hop-by-Hop two types of extension headers in IPv6 packets - either Hop-by-Hop
Options header or Destination options header. Deployments select one Options header or Destination options header. Deployments select one
of these extension header types depending on how IOAM is used, as of these extension header types depending on how IOAM is used, as
described in section 4 of [I-D.ietf-ippm-ioam-data]. Multiple described in section 4 of [I-D.ietf-ippm-ioam-data]. Multiple
options with the same Option Type MAY appear in the same Hop-by-Hop options with the same Option Type MAY appear in the same Hop-by-Hop
Options or Destination Options header, with distinct content. Options or Destination Options header, with distinct content.
In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly In order for IOAM to work in IPv6 networks, IOAM MUST be explicitly
enabled per interface on every node within the IOAM domain. Unless a enabled per interface on every node within the IOAM domain. Unless a
particular interface is explicitly enabled (i.e., explicitly particular interface is explicitly enabled (i.e., explicitly
configured) for IOAM, a router MUST drop packets that contain configured) for IOAM, a router MUST ignore IOAM Options. As
extension headers carrying IOAM data-fields. This is the default additional security, IOAM domains SHOULD provide a mechanism to
behavior and is independent of whether the Hop-by-Hop options or prevent injections at ingress or leaks at egress.
Destination options are used to encode the IOAM data. This ensures
that IOAM data does not unintentionally get forwarded outside the
IOAM domain.
An IPv6 packet carrying IOAM data in an Extension header can have An IPv6 packet carrying IOAM data in an Extension header can have
other extension headers, compliant with [RFC8200]. other extension headers, compliant with [RFC8200].
IPv6 Hop-by-Hop and Destination Option format for carrying in-situ IPv6 Hop-by-Hop and Destination Option format for carrying in-situ
OAM data fields: OAM data fields:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option Type | Opt Data Len | Reserved | IOAM Type | | Option Type | Opt Data Len | Reserved | IOAM Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
skipping to change at page 8, line 36 skipping to change at page 8, line 10
For deployments where the IOAM domain is bounded by network devices, For deployments where the IOAM domain is bounded by network devices,
network devices such as routers form the edge of an IOAM domain. network devices such as routers form the edge of an IOAM domain.
Network devices will perform the operation of IOAM data field Network devices will perform the operation of IOAM data field
encapsulation and decapsulation. encapsulation and decapsulation.
5.4. Deployment options 5.4. Deployment options
This section lists out possible deployment options that can be This section lists out possible deployment options that can be
employed to meet the requirements listed in Section 5.1. employed to meet the requirements listed in Section 5.1.
5.4.1. IPv6-in-IPv6 encapsulation 5.4.1. IP-in-IPv6 encapsulation with ULA
The "IPv6-in-IPv6" approach preserves the original IP packet and add
an IPv6 header including IOAM data fields in an extension header in
front of it, to forward traffic within and across an IOAM domain.
The overlay network formed by the additional IPv6 header with the
IOAM data fields included in an extension header is referred to as
IOAM Overlay Network (ION) in this document.
The following steps should be taken to perform an IPv6-in-IPv6
approach:
1. The source address of the outer IPv6 header is that of the IOAM
encapsulating node. The destination address of the outer IPv6
header is the same as the inner IPv6 destination address, i.e.,
the destination address of the packet does not change.
2. To simplify debugging in case of leaked IOAM data fields,
consider a new IOAM E2E destination option to identify the Source
IOAM domain (AS, v6 prefix). Insert this option into the IOAM
destination options EH attached to the outer IPv6 header. This
additional information would allow for easy identification of an
AS operator that is the source of packets with leaked IOAM
information. Note that leaked packets with IOAM data fields
would only occur in case a router would be misconfigured.
3. All the IOAM options are defined with type "00" - skip over this
option and continue processing the header. Presence of these
options must not cause packet drops in network elements that do
not understand the option. In addition,
[I-D.ietf-6man-hbh-header-handling] should be considered.
5.4.2. IP-in-IPv6 encapsulation with ULA
The "IP-in-IPv6 encapsulation with ULA" [RFC4193] approach can be The "IP-in-IPv6 encapsulation with ULA" [RFC4193] approach can be
used to apply IOAM to either an IPv6 or an IPv4 network. In used to apply IOAM to either an IPv6 or an IPv4 network. In
addition, it fulfills requirement C4 (avoid leaks) by using ULA for addition, it fulfills requirement C4 (avoid leaks) by using ULA for
the ION. Similar to the IPv6-in-IPv6 encapsulation approach above, the ION. Similar to the IPv6-in-IPv6 encapsulation approach above,
the original IP packet is preserved. An IPv6 header including IOAM the original IP packet is preserved. An IPv6 header including IOAM
data fields in an extension header is added in front of it, to data fields in an extension header is added in front of it, to
forward traffic within and across the IOAM domain. IPv6 addresses forward traffic within and across the IOAM domain. IPv6 addresses
for the ION, i.e. the outer IPv6 addresses are assigned from the ULA for the ION, i.e. the outer IPv6 addresses are assigned from the ULA
space. Addressing and routing in the ION are to be configured so space. Addressing and routing in the ION are to be configured so
skipping to change at page 10, line 7 skipping to change at page 8, line 46
in Section 4 of [RFC4193] are properly followed, the probability of in Section 4 of [RFC4193] are properly followed, the probability of
leaks in this approach will be almost close to zero. If the packets leaks in this approach will be almost close to zero. If the packets
do leak through IOAM egress device misconfiguration or partial IOAM do leak through IOAM egress device misconfiguration or partial IOAM
egress device failure, the packets' ULA destination address is egress device failure, the packets' ULA destination address is
invalid outside of the IOAM domain. There is no exterior destination invalid outside of the IOAM domain. There is no exterior destination
to be reached, and the packets will be dropped when they encounter to be reached, and the packets will be dropped when they encounter
either a router external to the IOAM domain that has a packet filter either a router external to the IOAM domain that has a packet filter
that drops packets with ULA destinations, or a router that does not that drops packets with ULA destinations, or a router that does not
have a default route. have a default route.
5.4.3. x-in-IPv6 Encapsulation that is used Independently 5.4.2. x-in-IPv6 Encapsulation that is used Independently
In some cases it is desirable to monitor a domain that uses an In some cases it is desirable to monitor a domain that uses an
overlay network that is deployed independently of the need for IOAM, overlay network that is deployed independently of the need for IOAM,
e.g., an overlay network that runs Geneve-in-IPv6, or VXLAN-in-IPv6. e.g., an overlay network that runs Geneve-in-IPv6, or VXLAN-in-IPv6.
In this case IOAM can be encapsulated in as an extension header in In this case IOAM can be encapsulated in as an extension header in
the tunnel (outer) IPv6 header. Thus, the tunnel encapsulating node the tunnel (outer) IPv6 header. Thus, the tunnel encapsulating node
is also the IOAM encapsulating node, and the tunnel end point is also is also the IOAM encapsulating node, and the tunnel end point is also
the IOAM decapsulating node. the IOAM decapsulating node.
6. Security Considerations 6. Security Considerations
skipping to change at page 11, line 13 skipping to change at page 10, line 7
[I-D.kitamura-ipv6-record-route]. The authors would like to [I-D.kitamura-ipv6-record-route]. The authors would like to
acknowledge the work done by the author Hiroshi Kitamura and people acknowledge the work done by the author Hiroshi Kitamura and people
involved in writing it. involved in writing it.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-ippm-ioam-data] [I-D.ietf-ippm-ioam-data]
Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields
for In-situ OAM", draft-ietf-ippm-ioam-data-14 (work in for In-situ OAM", draft-ietf-ippm-ioam-data-17 (work in
progress), June 2021. progress), December 2021.
[I-D.ietf-ippm-ioam-direct-export] [I-D.ietf-ippm-ioam-direct-export]
Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F., Song, H., Gafni, B., Zhou, T., Li, Z., Brockners, F.,
Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ Bhandari, S., Sivakolundu, R., and T. Mizrahi, "In-situ
OAM Direct Exporting", draft-ietf-ippm-ioam-direct- OAM Direct Exporting", draft-ietf-ippm-ioam-direct-
export-05 (work in progress), July 2021. export-07 (work in progress), October 2021.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[I-D.ietf-6man-hbh-header-handling]
Baker, F. and R. Bonica, "IPv6 Hop-by-Hop Options
Extension Header", March 2016.
[I-D.kitamura-ipv6-record-route] [I-D.kitamura-ipv6-record-route]
Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop Kitamura, H., "Record Route for IPv6 (PR6) Hop-by-Hop
Option Extension", draft-kitamura-ipv6-record-route-00 Option Extension", draft-kitamura-ipv6-record-route-00
(work in progress), November 2000. (work in progress), November 2000.
[RFC1772] Rekhter, Y. and P. Gross, "Application of the Border [RFC1772] Rekhter, Y. and P. Gross, "Application of the Border
Gateway Protocol in the Internet", RFC 1772, Gateway Protocol in the Internet", RFC 1772,
DOI 10.17487/RFC1772, March 1995, DOI 10.17487/RFC1772, March 1995,
<https://www.rfc-editor.org/info/rfc1772>. <https://www.rfc-editor.org/info/rfc1772>.
 End of changes. 14 change blocks. 
69 lines changed or deleted 29 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/