IPPM Working Group X. Min Internet-Draft G. Mirsky Intended status: Standards Track ZTE Expires: June 21, 2019 L. Bo China Telecom December 18, 2018 Extended OAM to Carry In-situ OAM Capabilities draft-xiao-ippm-ioam-conf-state-02 Abstract This document describes an extension for OAM packets including MPLS LSP Ping/Traceroute [RFC8029], ICMP Ping/Traceroute for SRv6 [I-D.ali-spring-srv6-oam] and SFC Ping/Traceroute [I-D.ietf-sfc-multi-layer-oam], which can be used within an IOAM domain, allowing the IOAM encapsulating node to acquire IOAM capabilities of each IOAM transit node and/or IOAM decapsulating node easily and dynamically. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 21, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect Min, et al. Expires June 21, 2019 [Page 1] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 1.1.1. Terminology . . . . . . . . . . . . . . . . . . . . . 3 1.1.2. Requirements Language . . . . . . . . . . . . . . . . 3 2. IOAM Capabilities Formats . . . . . . . . . . . . . . . . . . 4 2.1. IOAM Capabilities TLV . . . . . . . . . . . . . . . . . . 4 2.1.1. IOAM Tracing Capabilities sub-TLV . . . . . . . . . . 5 2.1.2. IOAM Proof of Transit Capabilities sub-TLV . . . . . 6 2.1.3. IOAM Edge-to-Edge Capabilities sub-TLV . . . . . . . 7 2.1.4. IOAM End-of-Domain sub-TLV . . . . . . . . . . . . . 9 3. Operational Guide . . . . . . . . . . . . . . . . . . . . . . 9 4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 10 7. Normative References . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction The Data Fields for In-situ OAM (IOAM) [I-D.ietf-ippm-ioam-data] defines data fields for IOAM which records OAM information within the packet while the packet traverses a particular network domain, which is called an IOAM domain. IOAM can be used to complement OAM mechanisms based on, e.g., ICMP or other types of probe packets, and IOAM mechanisms can be leveraged where mechanisms using, e.g., ICMP do not apply or do not offer the desired results. As specified in [I-D.ietf-ippm-ioam-data], within the IOAM-domain, the IOAM data may be updated by network nodes that the packet traverses. The device which adds an IOAM data container to the packet to capture IOAM data is called the "IOAM encapsulating node", whereas the device which removes the IOAM data container is referred to as the "IOAM decapsulating node". Nodes within the domain which are aware of IOAM data and read and/or write or process the IOAM data are called "IOAM transit nodes". Both the IOAM encapsulating node and the decapsulating node are referred to as domain edge devices, which can be hosts or network devices. In order to add accurate IOAM data container to the packet, the IOAM encapsulating node needs to know IOAM capabilities at the IOAM transit nodes and/or the IOAM decapsulating node in a whole, e.g., Min, et al. Expires June 21, 2019 [Page 2] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 how many IOAM transit nodes will add tracing data and what kinds of data fields will be added. This document describes an extension for OAM packets including MPLS LSP Ping/Traceroute [RFC8029], ICMP Ping/ Traceroute for SRv6 [I-D.ali-spring-srv6-oam] and SFC Ping/Traceroute [I-D.ietf-sfc-multi-layer-oam], which can be used within an IOAM domain, allowing the IOAM encapsulating node to acquire IOAM capabilities of each IOAM transit node and/or IOAM decapsulating node easily and dynamically. 1.1. Conventions Used in This Document 1.1.1. Terminology E2E: Edge to Edge ICMP: Internet Control Message Protocol IOAM: In-situ Operations, Administration, and Maintenance LSP: Label Switched Path MPLS: Multi-Protocol Label Switching MTU: Maximum Transmission Unit NTP: Network Time Protocol OAM: Operations, Administration, and Maintenance POSIX: Portable Operating System Interface POT: Proof of Transit PTP: Precision Time Protocol SFC: Service Function Chain SRv6: Segment Routing with IPv6 Data plane TTL: Time to Live 1.1.2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Min, et al. Expires June 21, 2019 [Page 3] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 2. IOAM Capabilities Formats 2.1. IOAM Capabilities TLV IOAM Capabilities uses TLV (Type-Length-Value tuple) which have the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = IOAM Capabilities | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Namespace-IDs Length | Sub-TLVs Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . List of Namespace-IDs . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . List of Sub-TLVs . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: IOAM Capabilities TLV When this TLV is present in the echo request sent by an IOAM encapsulating node, it means that the IOAM encapsulating node requests the receiving node to reply with its IOAM capabilities. If there is no IOAM capabilities to be reported by the receiving node, then this TLV SHOULD be ignored by the receiving node. List of Namespace-IDs MAY be included in this TLV of echo request, it means that the IOAM encapsulating node requests only the IOAM capabilities which matchs one of the Namespace-IDs. The Namespace-ID has the same definition as what's specified in [I-D.ietf-ippm-ioam-data]. When this TLV is present in the echo reply sent by an IOAM transit node and/or an IOAM decapsulating node, it means that IOAM function is enabled at this node and this TLV contains IOAM capabilities of the sender. List of Namespace-IDs MAY be included in this TLV of echo reply. It means that the IOAM capabilities included in this TLV match one of the Namespace-IDs. If a List of Namespace-IDs is present in the TLV of echo request, then the List of Namespace-IDs in the TLV of echo reply MUST be a subset of that one. List of Sub-TLVs which contain the IOAM capabilities SHOULD be included in this TLV of the echo reply. Note that the IOAM encapsulating node or the IOAM decapsulating node can also be an IOAM transit node. Min, et al. Expires June 21, 2019 [Page 4] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 Type is set to the value which indicates that it's an IOAM Capabilities TLV. Length is the length of the TLV's Value field in octets, Namespace- IDs Length is the Length of the List of Namespace-IDs field in octets, Sub-TLVs Length is the length of the List of Sub-TLVs field in octets. Value field of this TLV or any Sub-TLV is zero padded to align to a 4-octet boundary. Based on the data fields for IOAM specified in [I-D.ietf-ippm-ioam-data], four kinds of Sub-TLVs are defined in this document, and in an IOAM Capabilities TLV the same kind of Sub-TLV can appear more times than one with different Namespace-ID. 2.1.1. IOAM Tracing Capabilities sub-TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-type = Tracing Conf Data | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IOAM-Trace-Type |F| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Namespace-ID | Egress_if_MTU | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress_if_id (short or wide format) ...... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: IOAM Tracing Capabilities Sub-TLV When this sub-TLV is present in the IOAM Capabilities TLV, it means that the sending node is an IOAM transit node and IOAM tracing function is enabled at this IOAM transit node. Sub-type is set to the value which indicates that it's an IOAM Tracing Capabilities sub-TLV. Length is the length of the sub-TLV's Value field in octets, if Egress_if_id is in the short format which is 16 bits long, it MUST be set to 10, and if Egress_if_id is in the wide format which is 32 bits long, it MUST be set to 12. IOAM-Trace-Type field has the same definition as what's specified in section 4.2 of [I-D.ietf-ippm-ioam-data]. Min, et al. Expires June 21, 2019 [Page 5] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 F bit is specified to indicate whether the pre-allocated trace or incremental trace is enabled. F bit is set to 1 when pre-allocated trace is enabled and set to 0 when the incremental trace is enabled. The meaning and difference of pre-allocated trace and incremental trace are described in section 4.1 of [I-D.ietf-ippm-ioam-data]. If the IOAM encapsulating node receives different F bit value from different IOAM transit node, then the IOAM encapsulating node will reserve data space in the IOAM header for the IOAM transit node that set F bit to 1, and the IOAM encapsulating node won't reserve data space in the IOAM header for the IOAM transit node that set F bit to 0. Reserved field is reserved for future use and MUST be set to zero. Namespace-ID field has the same definition as what's specified in section 4.2 of [I-D.ietf-ippm-ioam-data]. Egress_if_MTU field has 16 bits and specifies the MTU of the egress interface out of which the sending node would forward the received echo request. Egress_if_id field has 16 bits (in short format) or 32 bits (in wide format) and specifies the identifier of the egress interface out of which the sending node would forward the received echo request. 2.1.2. IOAM Proof of Transit Capabilities sub-TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-type = POT Conf Data | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Namespace-ID | IOAM-POT-Type |P|SoR|Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: IOAM Proof of Transit Capabilities Sub-TLV When this sub-TLV is present in the IOAM Capabilities TLV, it means that the sending node is an IOAM transit node and IOAM proof of transit function is enabled at this IOAM transit node. Sub-type is set to the value which indicates that it's an IOAM Proof of Transit Capabilities sub-TLV. Length is the length of the sub-TLV's Value field in octets, and MUST be set to 4. Min, et al. Expires June 21, 2019 [Page 6] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 Namespace-ID field has the same definition as what's specified in section 4.3 of [I-D.ietf-ippm-ioam-data]. IOAM-POT-Type field and P bit have the same definition as what's specified in section 4.3 of [I-D.ietf-ippm-ioam-data]. If the IOAM encapsulating node receives IOAM-POT-Type and/or P bit values from an IOAM transit node that are different from its own, then the IOAM encapsulating node MAY choose to abandon the proof of transit function or to select one kind of IOAM-POT-Type and P bit, it's based on the policy applied to the IOAM encapsulating node. SoR field has two bits which means the size of "Random" and "Cumulative" data, which are specified in section 4.3 of [I-D.ietf-ippm-ioam-data]. This document defines SoR as follow: 0b00 means 64-bit "Random" and 64-bit "Cumulative" data. 0b01~0b11: Reserved for future standardization Reserved field is reserved for future use and MUST be set to zero. 2.1.3. IOAM Edge-to-Edge Capabilities sub-TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-type = E2E Conf Data | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Namespace-ID | IOAM-E2E-Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |TSF|TSL| Reserved | Must Be Zero | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: IOAM Edge-to-Edge Capabilities Sub-TLV When this sub-TLV is present in the IOAM Capabilities TLV, it means that the sending node is an IOAM decapsulating node and IOAM edge-to- edge function is enabled at this IOAM decapsulating node. That is to say, if the IOAM encapsulating node receives this sub-TLV, the IOAM encapsulating node can determine that the node which sends this sub- TLV is an IOAM decapsulating node. Sub-type is set to the value which indicates that it's an IOAM Edge- to-Edge Capabilities sub-TLV. Min, et al. Expires June 21, 2019 [Page 7] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 Length is the length of the sub-TLV's Value field in octets, and MUST be set to 8. Namespace-ID field has the same definition as what's specified in section 4.4 of [I-D.ietf-ippm-ioam-data]. IOAM-E2E-Type field has the same definition as what's specified in section 4.4 of [I-D.ietf-ippm-ioam-data]. TSF field specifies the timestamp format used by the sending node. This document defines TSF as follow: 0b00: PTP timestamp format 0b01: NTP timestamp format 0b10: POSIX timestamp format 0b11: Reserved for future standardization TSL field specifies the timestamp length used by the sending node. This document defines TSL as follow: When TSF field is set to 0b00 which indicates PTP timestamp format: 0b00: 64-bit PTPv1 timestamp as defined in IEEE1588-2008 [IEEE1588v2] 0b01: 80-bit PTPv2 timestamp as defined in IEEE1588-2008 [IEEE1588v2] 0b10~0b11: Reserved for future standardization When TSF field is set to 0b01 which indicates NTP timestamp format: 0b00: 32-bit NTP timestamp as defined in NTPv4 [RFC5905] 0b01: 64-bit NTP timestamp as defined in NTPv4 [RFC5905] 0b10: 128-bit NTP timestamp as defined in NTPv4 [RFC5905] 0b11: Reserved for future standardization When TSF field is set to 0b10 or 0b11, the TSL field would be ignored. Min, et al. Expires June 21, 2019 [Page 8] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 Reserved field is reserved for future use and MUST be set to zero. 2.1.4. IOAM End-of-Domain sub-TLV 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sub-type = End of Domain | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Namespace-ID | Must Be Zero | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: IOAM End of Domain Sub-TLV When this sub-TLV is present in the IOAM Capabilities TLV, it means that the sending node is an IOAM decapsulating node. That is to say, if the IOAM encapsulating node receives this sub-TLV, the IOAM encapsulating node can determine that the node which sends this sub- TLV is an IOAM decapsulating node. When the IOAM Edge-to-Edge Capabilities sub-TLV is present in the IOAM Capabilities TLV sent by the IOAM decapsulating node, the IOAM End-of-Domain sub-TLV doesn't need to be present in the same IOAM Capabilities TLV, otherwise the End-of-Domain sub-TLV MUST be present in the IOAM Capabilities TLV sent by the IOAM decapsulating node. Since both the IOAM Edge-to- Edge Capabilities sub-TLV and the IOAM End-of-Domain sub-TLV can be used to indicate that the sending node is an IOAM decapsulating node, it's recommended to include only the IOAM Edge-to-Edge Capabilities sub-TLV if IOAM edge-to-edge function is enabled at this IOAM decapsulating node. Length is the length of the sub-TLV's Value field in octets, and MUST be set to 4. Namespace-ID field has the same definition as what's specified in section 4.4 of [I-D.ietf-ippm-ioam-data]. 3. Operational Guide Once the IOAM encapsulating node is triggered to acquire IOAM capabilities of each IOAM transit node and/or IOAM decapsulating node, the IOAM encapsulating node will send a batch of echo requests that include the IOAM Capabilities TLV, first with TTL equal to 1 to reach the nearest node which may be an IOAM transit node or not, then with TTL equal to 2 to reach the second nearest node which also may be an IOAM transit node or not, on the analogy of this to increase 1 to TTL every time the IOAM encapsulating node sends a new echo Min, et al. Expires June 21, 2019 [Page 9] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 request, until the IOAM encapsulating node receives echo reply sent by the IOAM decapsulating node, which must contain the IOAM Capabilities TLV including the IOAM Edge-to-Edge Capabilities sub-TLV or the IOAM End-of-Domain sub-TLV. The IOAM encapsulating node may be triggered by the device administrator, the network management, the network controller, or even the live user traffic, and the specific triggering mechanisms are outside the scope of this document. Each IOAM transit node and/or IOAM decapsulating node that receives an echo request containing the IOAM Capabilities TLV will send an echo reply to the IOAM encapsulating node, and within the echo reply, there must be an IOAM Capabilities TLV containing one or more sub- TLVs. The IOAM Capabilities TLV contained in the echo request would be ignored by the receiving node that is unaware of IOAM. 4. Security Considerations Knowledge of the state of the IOAM domain may be considered confidential. Implementations SHOULD provide a means of filtering the addresses to which echo reply messages, MPLS LSP Ping/Traceroute, ICMP Ping/Traceroute for SRv6 or SFC Ping/Traceroute, may be sent. 5. IANA Considerations This document has no IANA actions. 6. Acknowledgements The authors appreciate the f2f discussion with Frank Brockners on this document. 7. Normative References [I-D.ali-spring-srv6-oam] Ali, Z., Filsfils, C., Kumar, N., Pignataro, C., faiqbal@cisco.com, f., Gandhi, R., Leddy, J., Matsushima, S., Raszuk, R., daniel.voyer@bell.ca, d., Dawra, G., Peirens, B., Chen, M., and G. Naik, "Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 Data plane (SRv6)", draft-ali-spring- srv6-oam-02 (work in progress), October 2018. Min, et al. Expires June 21, 2019 [Page 10] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 [I-D.ietf-ippm-ioam-data] Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, P., Chang, R., daniel.bernier@bell.ca, d., and J. Lemon, "Data Fields for In-situ OAM", draft-ietf-ippm-ioam- data-04 (work in progress), October 2018. [I-D.ietf-sfc-multi-layer-oam] Mirsky, G., Meng, W., Khasnabish, B., and C. Wang, "Active OAM for Service Function Chains in Networks", draft-ietf- sfc-multi-layer-oam-00 (work in progress), November 2018. [IEEE1588v2] Institute of Electrical and Electronics Engineers, "IEEE Std 1588-2008 - IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems", IEEE Std 1588-2008, 2008, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, . [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., Aldrin, S., and M. Chen, "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures", RFC 8029, DOI 10.17487/RFC8029, March 2017, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . Authors' Addresses Min, et al. Expires June 21, 2019 [Page 11] Internet-Draft Extended OAM to Carry IOAM Capa December 2018 Xiao Min ZTE Nanjing China Phone: +86 25 88016574 Email: xiao.min2@zte.com.cn Greg Mirsky ZTE USA Email: gregimirsky@gmail.com Lei Bo China Telecom Beijing China Phone: +86 10 50902903 Email: leibo.bri@chinatelecom.cn Min, et al. Expires June 21, 2019 [Page 12]