draft-ietf-sfc-ioam-nsh-02.txt   draft-ietf-sfc-ioam-nsh-03.txt 
SFC F. Brockners, Ed. SFC F. Brockners, Ed.
Internet-Draft S. Bhandari, Ed. Internet-Draft S. Bhandari, Ed.
Intended status: Standards Track Cisco Intended status: Standards Track Cisco
Expires: March 14, 2020 September 11, 2019 Expires: September 20, 2020 March 19, 2020
Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data
draft-ietf-sfc-ioam-nsh-02 draft-ietf-sfc-ioam-nsh-03
Abstract Abstract
In-situ Operations, Administration, and Maintenance (IOAM) records In-situ Operations, Administration, and Maintenance (IOAM) records
operational and telemetry information in the packet while the packet operational and telemetry information in the packet while the packet
traverses a path between two points in the network. This document traverses a path between two points in the network. This document
outlines how IOAM data fields are encapsulated in the Network Service outlines how IOAM data fields are encapsulated in the Network Service
Header (NSH). Header (NSH).
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 14, 2020. This Internet-Draft will expire on September 20, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 17 skipping to change at page 2, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. IOAM data fields encapsulation in NSH . . . . . . . . . . . . 3 3. IOAM data fields encapsulation in NSH . . . . . . . . . . . . 3
4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 4 4. Considerations . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. Discussion of the encapsulation approach . . . . . . . . 4 4.1. Discussion of the encapsulation approach . . . . . . . . 4
4.2. IOAM and the use of the NSH O-bit . . . . . . . . . . . . 5 4.2. IOAM and the use of the NSH O-bit . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 6 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
9.1. Normative References . . . . . . . . . . . . . . . . . . 8 9.1. Normative References . . . . . . . . . . . . . . . . . . 8
9.2. Informative References . . . . . . . . . . . . . . . . . 8 9.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], records In-situ OAM (IOAM), as defined in [I-D.ietf-ippm-ioam-data], records
OAM information within the packet while the packet traverses a OAM information within the packet while the packet traverses a
particular network domain. The term "in-situ" refers to the fact particular network domain. The term "in-situ" refers to the fact
that the OAM data is added to the data packets rather than is being that the OAM data is added to the data packets rather than is being
sent within packets specifically dedicated to OAM. This document sent within packets specifically dedicated to OAM. This document
defines how IOAM data fields are transported as part of the Network defines how IOAM data fields are transported as part of the Network
Service Header (NSH) [RFC8300] encapsulation for the Service Function Service Header (NSH) [RFC8300] encapsulation for the Service Function
Chaining (SFC) [RFC7665]. The IOAM data fields are defined in Chaining (SFC) [RFC7665]. The IOAM-Data-Fields are defined in
[I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages [I-D.ietf-ippm-ioam-data]. An implementation of IOAM which leverages
NSH to carry the IOAM data is available from the FD.io open source NSH to carry the IOAM data is available from the FD.io open source
software project [FD.io]. software project [FD.io].
2. Conventions 2. Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
skipping to change at page 3, line 8 skipping to change at page 3, line 8
NSH: Network Service Header NSH: Network Service Header
OAM: Operations, Administration, and Maintenance OAM: Operations, Administration, and Maintenance
SFC: Service Function Chaining SFC: Service Function Chaining
TLV: Type, Length, Value TLV: Type, Length, Value
3. IOAM data fields encapsulation in NSH 3. IOAM data fields encapsulation in NSH
The NSH is defined in [RFC8300]. IOAM data fields are carried in NSH The NSH is defined in [RFC8300]. IOAM-Data-Fields are carried in NSH
using a next protocol header which follows the NSH MD context using a next protocol header which follows the NSH MD context
headers. An IOAM header is added containing the different IOAM data headers. An IOAM header is added containing the different IOAM-Data-
fields defined in [I-D.ietf-ippm-ioam-data]. In an administrative Fields defined in [I-D.ietf-ippm-ioam-data]. In an administrative
domain where IOAM is used, insertion of the IOAM header in NSH is domain where IOAM is used, insertion of the IOAM header in NSH is
enabled at the NSH tunnel endpoints, which also serve as IOAM enabled at the NSH tunnel endpoints, which also serve as IOAM
encapsulating/decapsulating nodes by means of configuration. encapsulating/decapsulating nodes by means of configuration.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
|Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | | |Ver|O|U| TTL | Length |U|U|U|U|MD Type| NP = TBD_IOAM | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ N
| Service Path Identifier | Service Index | S | Service Path Identifier | Service Index | S
skipping to change at page 3, line 47 skipping to change at page 3, line 47
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The NSH header and fields are defined in [RFC8300]. The "NSH Next The NSH header and fields are defined in [RFC8300]. The "NSH Next
Protocol" value (referred to as "NP" in the diagram above) is Protocol" value (referred to as "NP" in the diagram above) is
TBD_IOAM. TBD_IOAM.
The IOAM related fields in NSH are defined as follows: The IOAM related fields in NSH are defined as follows:
IOAM-Type: 8-bit field defining the IOAM Option type, as defined IOAM-Type: 8-bit field defining the IOAM-Option-Type, as defined
in Section 7.2 of [I-D.ietf-ippm-ioam-data]. in the IOAM Option-Type Registry (see Section 7.2 of
[I-D.ietf-ippm-ioam-data]).
IOAM HDR Len: 8 bit Length field contains the length of the IOAM IOAM HDR Len: 8 bit Length field contains the length of the IOAM
header in 4-octet units. header in 4-octet units.
Reserved bits: Reserved bits are present for future use. The Reserved bits: Reserved bits are present for future use. The
reserved bits MUST be set to 0x0 upon transmission and ignored reserved bits MUST be set to 0x0 upon transmission and ignored
upon receipt. upon receipt.
Next Protocol: 8-bit unsigned integer that determines the type of Next Protocol: 8-bit unsigned integer that determines the type of
header following IOAM protocol. The semantics of this field header following IOAM. The semantics of this field are
are identical to the Next Protocol field in [RFC8300]. identical to the Next Protocol field in [RFC8300].
IOAM Option and Data Space: IOAM option header and data is IOAM Option and Data Space: IOAM-Option-Type and IOAM-Data-Field
present as specified by the IOAM-Type field, and is defined in as specified by the IOAM-Type field are present (see Section 4
Section 4 of [I-D.ietf-ippm-ioam-data]. of [I-D.ietf-ippm-ioam-data]).
Multiple IOAM options MAY be included within the NSH encapsulation. Multiple IOAM-Option-Types MAY be included within the NSH
For example, if a NSH encapsulation contains two IOAM options before encapsulation. For example, if a NSH encapsulation contains two
a data payload, the Next Protocol field of the first IOAM option will IOAM-Option-Types before a data payload, the Next Protocol field of
contain the value of TBD_IOAM, while the Next Protocol field of the the first IOAM option will contain the value of TBD_IOAM, while the
second IOAM option will contain the "NSH Next Protocol" number Next Protocol field of the second IOAM-Option-Type will contain the
indicating the type of the data payload. "NSH Next Protocol" number indicating the type of the data payload.
4. Considerations 4. Considerations
This section summarizes a set of considerations on the overall This section summarizes a set of considerations on the overall
approach taken for IOAM data encapsulation in NSH, as well as approach taken for IOAM data encapsulation in NSH, as well as
deployment considerations. deployment considerations.
4.1. Discussion of the encapsulation approach 4.1. Discussion of the encapsulation approach
This section is to support the working group discussion in selecting This section discusses several approaches for encapsulating IOAM-
the most appropriate approach for encapsulating IOAM data fields in Data-Fields in NSH and presents the rationale for the approach chosen
NSH. in this document.
An encapsulation of IOAM data fields in NSH should be friendly to an An encapsulation of IOAM-Data-Fields in NSH should be friendly to an
implementation in both hardware as well as software forwarders and implementation in both hardware as well as software forwarders and
support a wide range of deployment cases, including large networks support a wide range of deployment cases, including large networks
that desire to leverage multiple IOAM data fields at the same time. that desire to leverage multiple IOAM-Data-Fields at the same time.
Hardware and software friendly implementation: Hardware forwarders Hardware and software friendly implementation: Hardware forwarders
benefit from an encapsulation that minimizes iterative look-ups of benefit from an encapsulation that minimizes iterative look-ups of
fields within the packet: Any operation which looks up the value fields within the packet: Any operation which looks up the value of a
of a field within the packet, based on which another lookup is field within the packet, based on which another lookup is performed,
performed, consumes additional gates and time in an implementation consumes additional gates and time in an implementation - both of
- both of which are desired to be kept to a minimum. This means which are desired to be kept to a minimum. This means that flat TLV
that flat TLV structures are to be preferred over nested TLV structures are to be preferred over nested TLV structures. IOAM-
structures. IOAM data fields are grouped into three option Data-Fields are grouped into several categories, including trace,
categories: Trace, proof-of-transit, and edge-to-edge. Each of proof-of-transit, and edge-to-edge. Each of these options defines a
these three options defines a TLV structure. A hardware-friendly TLV structure. A hardware-friendly encapsulation approach avoids
encapsulation approach avoids grouping these three option grouping these three option categories into yet another TLV
categories into yet another TLV structure, but would rather carry structure, but would rather carry the options as a serial sequence.
the options as a serial sequence.
Total length of the IOAM data fields: The total length of IOAM Total length of the IOAM-Data-Fields: The total length of IOAM-Data-
data can grow quite large in case multiple different IOAM data Fields can grow quite large in case multiple different IOAM-Data-
fields are used and large path-lengths need to be considered. If Fields are used and large path-lengths need to be considered. If for
for example an operator would consider using the IOAM trace option example an operator would consider using the IOAM Trace Option-Type
and capture node-id, app_data, egress/ingress interface-id, and capture node-id, app_data, egress/ingress interface-id, timestamp
timestamp seconds, timestamps nanoseconds at every hop, then a seconds, timestamps nanoseconds at every hop, then a total of 20
total of 20 octets would be added to the packet at every hop. In octets would be added to the packet at every hop. In case this
case this particular deployment would have a maximum path length particular deployment would have a maximum path length of 15 hops in
of 15 hops in the IOAM domain, then a maximum of 300 octets of the IOAM domain, then a maximum of 300 octets were to be encapsulated
IOAM data were to be encapsulated in the packet. in the packet.
Different approaches for encapsulating IOAM data fields in NSH could Different approaches for encapsulating IOAM-Data-Fields in NSH could
be considered: be considered:
1. Encapsulation of IOAM data fields as "NSH MD Type 2" (see 1. Encapsulation of IOAM-Data-Fields as "NSH MD Type 2" (see
[RFC8300], Section 2.5). Each IOAM data field option (trace, [RFC8300], Section 2.5). Each IOAM-Option-Type (e.g. trace,
proof-of-transit, and edge-to-edge) would be specified by a type, proof-of-transit, and edge-to-edge) would be specified by a type,
with the different IOAM data fields being TLVs within this the with the different IOAM-Data-Fields being TLVs within this the
particular option type. NSH MD Type 2 offers support for particular option type. NSH MD Type 2 offers support for
variable length meta-data. The length field is 6-bits, resulting variable length meta-data. The length field is 6-bits, resulting
in a maximum of 256 (2^6 x 4) octets. in a maximum of 256 (2^6 x 4) octets.
2. Encapsulation of IOAM data fields using the "Next Protocol" 2. Encapsulation of IOAM-Data-Fields using the "Next Protocol"
field. Each IOAM data field option (trace, proof-of-transit, and field. Each IOAM-Option-Type (e.g trace, proof-of-transit, and
edge-to-edge) would be specified by its own "next protocol". edge-to-edge) would be specified by its own "next protocol".
3. Encapsulation of IOAM data fields using the "Next Protocol" 3. Encapsulation of IOAM-Data-Fields using the "Next Protocol"
field. A single NSH protocol type code point would be allocated field. A single NSH protocol type code point would be allocated
for IOAM. A "sub-type" field would then specify what IOAM for IOAM. A "sub-type" field would then specify what IOAM
options type (trace, proof-of-transit, edge-to-edge) is carried. options type (trace, proof-of-transit, edge-to-edge) is carried.
The third option has been chosen here. This option avoids the The third option has been chosen here. This option avoids the
additional layer of TLV nesting that the use of NSH MD Type 2 would additional layer of TLV nesting that the use of NSH MD Type 2 would
result in. In addition, this option does not constrain IOAM data to result in. In addition, this option does not constrain IOAM data to
a maximum of 256 octets, thus allowing support for very large a maximum of 256 octets, thus allowing support for very large
deployments. deployments.
skipping to change at page 6, line 25 skipping to change at page 6, line 24
+---------------+-------------+---------------+ +---------------+-------------+---------------+
| x | TBD_IOAM | This document | | x | TBD_IOAM | This document |
+---------------+-------------+---------------+ +---------------+-------------+---------------+
6. Security Considerations 6. Security Considerations
IOAM is considered a "per domain" feature, where one or several IOAM is considered a "per domain" feature, where one or several
operators decide on leveraging and configuring IOAM according to operators decide on leveraging and configuring IOAM according to
their needs. Still, operators need to properly secure the IOAM their needs. Still, operators need to properly secure the IOAM
domain to avoid malicious configuration and use, which could include domain to avoid malicious configuration and use, which could include
injecting malicious IOAM packets into a domain. injecting malicious IOAM packets into a domain. For additional IOAM
related security considerations, see Section 8 in
[I-D.ietf-ippm-ioam-data].
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari
Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya
Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker, Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker,
and Andrew Yourtchenko for the comments and advice. and Andrew Yourtchenko for the comments and advice.
8. Contributors 8. Contributors
skipping to change at page 7, line 32 skipping to change at page 8, line 4
David Mozes David Mozes
Email: mosesster@gmail.com Email: mosesster@gmail.com
Petr Lapukhov Petr Lapukhov
Facebook Facebook
1 Hacker Way 1 Hacker Way
Menlo Park, CA 94025 Menlo Park, CA 94025
US US
Email: petr@fb.com Email: petr@fb.com
Remy Chang Remy Chang
Barefoot Networks Barefoot Networks
2185 Park Boulevard 2185 Park Boulevard
Palo Alto, CA 94306 Palo Alto, CA 94306
US US
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-ippm-ioam-data] [I-D.ietf-ippm-ioam-data]
Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., Brockners, F., Bhandari, S., Pignataro, C., Gredler, H.,
Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov,
P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, P., remy@barefootnetworks.com, r., daniel.bernier@bell.ca,
"Data Fields for In-situ OAM", draft-ietf-ippm-ioam- d., and J. Lemon, "Data Fields for In-situ OAM", draft-
data-06 (work in progress), July 2019. ietf-ippm-ioam-data-08 (work in progress), October 2019.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
 End of changes. 26 change blocks. 
62 lines changed or deleted 64 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/