draft-ietf-sfc-multi-layer-oam-04.txt   draft-ietf-sfc-multi-layer-oam-05.txt 
SFC WG G. Mirsky SFC WG G. Mirsky
Internet-Draft ZTE Corp. Internet-Draft ZTE Corp.
Updates: 8300 (if approved) W. Meng Updates: 8300 (if approved) W. Meng
Intended status: Standards Track ZTE Corporation Intended status: Standards Track ZTE Corporation
Expires: May 21, 2020 B. Khasnabish Expires: November 21, 2020 B. Khasnabish
C. Wang C. Wang
Individual contributor Individual contributor
November 18, 2019 May 20, 2020
Active OAM for Service Function Chains in Networks Active OAM for Service Function Chains in Networks
draft-ietf-sfc-multi-layer-oam-04 draft-ietf-sfc-multi-layer-oam-05
Abstract Abstract
A set of requirements for active Operation, Administration and A set of requirements for active Operation, Administration and
Maintenance (OAM) of Service Function Chains (SFCs) in networks is Maintenance (OAM) of Service Function Chains (SFCs) in networks is
presented. Based on these requirements an encapsulation of active presented. Based on these requirements an encapsulation of active
OAM message in SFC and a mechanism to detect and localize defects OAM message in SFC and a mechanism to detect and localize defects
described. Also, this document updates RFC 8300 in the definition of described. Also, this document updates RFC 8300 in the definition of
O (OAM) bit in the Network Service Header (NSH) and defines how the O (OAM) bit in the Network Service Header (NSH) and defines how the
active OAM message identified in SFC NSH. active OAM message identified in SFC NSH.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 21, 2020. This Internet-Draft will expire on November 21, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 27 skipping to change at page 2, line 27
3. Requirements for Active OAM in SFC Network . . . . . . . . . 4 3. Requirements for Active OAM in SFC Network . . . . . . . . . 4
4. Active OAM Identification in SFC NSH . . . . . . . . . . . . 5 4. Active OAM Identification in SFC NSH . . . . . . . . . . . . 5
5. Echo Request/Echo Reply for SFC in Networks . . . . . . . . . 7 5. Echo Request/Echo Reply for SFC in Networks . . . . . . . . . 7
5.1. Return Codes . . . . . . . . . . . . . . . . . . . . . . 9 5.1. Return Codes . . . . . . . . . . . . . . . . . . . . . . 9
5.2. SFC Echo Request Transmission . . . . . . . . . . . . . . 9 5.2. SFC Echo Request Transmission . . . . . . . . . . . . . . 9
5.3. SFC Echo Request Reception . . . . . . . . . . . . . . . 9 5.3. SFC Echo Request Reception . . . . . . . . . . . . . . . 9
5.3.1. Errored TLVs TLV . . . . . . . . . . . . . . . . . . 10 5.3.1. Errored TLVs TLV . . . . . . . . . . . . . . . . . . 10
5.4. SFC Echo Reply Transmission . . . . . . . . . . . . . . . 10 5.4. SFC Echo Reply Transmission . . . . . . . . . . . . . . . 10
5.5. SFC Echo Reply Reception . . . . . . . . . . . . . . . . 11 5.5. SFC Echo Reply Reception . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
8.1. SFC Active OAM Protocol . . . . . . . . . . . . . . . . . 13 8.1. SFC Active OAM Protocol . . . . . . . . . . . . . . . . . 13
8.2. SFC Active OAM Message Type . . . . . . . . . . . . . . . 13 8.2. SFC Active OAM Message Type . . . . . . . . . . . . . . . 13
8.3. SFC Echo Request/Echo Reply Parameters . . . . . . . . . 14 8.3. SFC Echo Request/Echo Reply Parameters . . . . . . . . . 14
8.4. SFC Echo Request/Echo Reply Message Types . . . . . . . . 14 8.4. SFC Echo Request/Echo Reply Message Types . . . . . . . . 14
8.5. SFC Echo Reply Modes . . . . . . . . . . . . . . . . . . 14 8.5. SFC Echo Reply Modes . . . . . . . . . . . . . . . . . . 14
8.6. SFC Echo Return Codes . . . . . . . . . . . . . . . . . . 15 8.6. SFC Echo Return Codes . . . . . . . . . . . . . . . . . . 15
8.7. SFC TLV Type . . . . . . . . . . . . . . . . . . . . . . 15 8.7. SFC TLV Type . . . . . . . . . . . . . . . . . . . . . . 15
8.8. SFC OAM UDP Port . . . . . . . . . . . . . . . . . . . . 16 8.8. SFC OAM UDP Port . . . . . . . . . . . . . . . . . . . . 16
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
skipping to change at page 12, line 18 skipping to change at page 12, line 18
o if all checks passed, the SFF checks if the Sequence Number in the o if all checks passed, the SFF checks if the Sequence Number in the
echo request sent matches to the Sequence Number in the echo reply echo request sent matches to the Sequence Number in the echo reply
received. received.
6. Security Considerations 6. Security Considerations
Overlay Echo Request/Reply operates within the domain of the overlay Overlay Echo Request/Reply operates within the domain of the overlay
network and thus inherits any security considerations that apply to network and thus inherits any security considerations that apply to
the use of that overlay technology and, consequently, underlay data the use of that overlay technology and, consequently, underlay data
plane. Also, the security needs for SFC echo request/reply are plane. For example, if the underlay is IPv6 network, IP
Authentication Header [RFC4302] or IP Encapsulating Security Payload
Header [RFC4303] can be used to provide integrity protection.
Confidentiality for the NSH echo request/reply exchanges can be
achieved using the IP Encapsulating Security Payload Header
[RFC4303]. Also, the security needs for SFC echo request/reply are
similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping
[RFC8029]. [RFC8029].
There are at least three approaches of attacking a node in the There are at least three approaches of attacking a node in the
overlay network using the mechanisms defined in the document. One is overlay network using the mechanisms defined in the document. One is
a Denial-of-Service attack, by sending SFC ping to overload an a Denial-of-Service attack, by sending SFC ping to overload an
element of the SFC. The second may use spoofing, hijacking, element of the SFC. The second may use spoofing, hijacking,
replying, or otherwise tampering with SFC echo requests and/or replying, or otherwise tampering with SFC echo requests and/or
replies to misrepresent, alter operator's view of the state of the replies to misrepresent, alter operator's view of the state of the
SFC. The third is an unauthorized source using an SFC echo request/ SFC. The third is an unauthorized source using an SFC echo request/
skipping to change at page 17, line 34 skipping to change at page 17, line 34
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>. <https://www.rfc-editor.org/info/rfc792>.
[RFC1423] Balenson, D., "Privacy Enhancement for Internet Electronic [RFC1423] Balenson, D., "Privacy Enhancement for Internet Electronic
Mail: Part III: Algorithms, Modes, and Identifiers", Mail: Part III: Algorithms, Modes, and Identifiers",
RFC 1423, DOI 10.17487/RFC1423, February 1993, RFC 1423, DOI 10.17487/RFC1423, February 1993,
<https://www.rfc-editor.org/info/rfc1423>. <https://www.rfc-editor.org/info/rfc1423>.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
DOI 10.17487/RFC4302, December 2005,
<https://www.rfc-editor.org/info/rfc4302>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005,
<https://www.rfc-editor.org/info/rfc4303>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89, Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006, RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>. <https://www.rfc-editor.org/info/rfc4443>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665, Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015, DOI 10.17487/RFC7665, October 2015,
<https://www.rfc-editor.org/info/rfc7665>. <https://www.rfc-editor.org/info/rfc7665>.
 End of changes. 8 change blocks. 
7 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/