IPv6 Destination Option for ConEx
The information below is for an old version of the document.
This is an older version of an Internet-Draft that was ultimately published as RFC 7837.
|Authors||Suresh Krishnan , Mirja Kühlewind , Carlos Ucendo|
|RFC stream||Internet Engineering Task Force (IETF)|
OPSDIR Last Call review (of -09) Has Nits
SECDIR Last Call review (of -09) Has Issues
|Additional resources||Mailing list discussion|
|Stream||WG state||WG Document|
|IESG||IESG state||I-D Exists|
|Send notices to||(None)|
ConEx Working Group S. Krishnan Internet-Draft Ericsson Intended status: Standards Track M. Kuehlewind Expires: April 24, 2014 IKR University of Stuttgart C. Ucendo Telefonica October 21, 2013 IPv6 Destination Option for ConEx draft-ietf-conex-destopt-05 Abstract ConEx is a mechanism by which senders inform the network about the congestion encountered by packets earlier in the same flow. This document specifies an IPv6 destination option that is capable of carrying ConEx markings in IPv6 datagrams. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 24, 2014. Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Krishnan, et al. Expires April 24, 2014 [Page 1] Internet-Draft ConEx Destination Option October 2013 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions used in this document . . . . . . . . . . . . . . . 3 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Requirements for the coding of ConEx in IPv6 . . . . . . . . . 3 5. ConEx Destination Option (CDO) . . . . . . . . . . . . . . . . 4 6. Implementation in the fast path of ConEx-aware routers . . . . 6 7. Compatibility with use of IPsec . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 9. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 11. Normative References . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Krishnan, et al. Expires April 24, 2014 [Page 2] Internet-Draft ConEx Destination Option October 2013 1. Introduction ConEx [CAM] is a mechanism by which senders inform the network about the congestion encountered by packets earlier in the same flow. This document specifies an IPv6 destination option [RFC2460] that can be used for performing ConEx markings in IPv6 datagrams. The ConEx information can be used by any network element on the path to e.g. do traffic management or egress policing. Additionally this information will potentially be used by an audit function that checks the integrity of the sender's signaling. 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Background The ConEx working group came up with a list of requirements that had to be met by any ConEx coding. It then considered several alternative mechanisms in Ipv6 and evaluated their suitability for ConEx marking. There were no mechanisms found that were completely suitable, but the only mechanism that came close to meeting the requirements was IPv6 destination options. The analysis of the different alternatives can be found in [draft-krishnan-conex-ipv6]. 4. Requirements for the coding of ConEx in IPv6 R-1: The marking mechanism needs to be visible to all ConEx-capable nodes on the path. R-2: The mechanism needs to be able to traverse nodes that do not understand the markings. This is required to ensure that ConEx can be incrementally deployed over the Internet. R-3: The presence of the marking mechanism should not significantly alter the processing of the packet. This is required to ensure that ConEx marked packets do not face any undue delays or drops due to a badly chosen mechanism. R-4: The markings should be immutable once set by the sender. At the very least, any tampering should be detectable. Krishnan, et al. Expires April 24, 2014 [Page 3] Internet-Draft ConEx Destination Option October 2013 Based on these requirements four solutions to implement the ConEx information in the IPv6 header have been investigated: hop-by-hop options, destination options, using IPv6 header bits (from the flow label), and new extension headers. After evaluating the different solutions, the wg concluded that only the use of a destination option would fulfil the requirements. 5. ConEx Destination Option (CDO) The ConEx Destination Option (CDO) is a destination option that can be included in IPv6 datagrams that are sent by ConEx-aware senders in order to inform ConEx-aware nodes on the path about the congestion encountered by packets earlier in the same flow. The CDO has an alignment requirement of (none). 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Option Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |X|L|E|C| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: ConEx Destination Option Layout Krishnan, et al. Expires April 24, 2014 [Page 4] Internet-Draft ConEx Destination Option October 2013 Option Type 8-bit identifier of the type of option. The option identifier for the ConEx destination option will be allocated by the IANA. Option Length 8-bit unsigned integer. The length of the option (excluding the Option Type and Option Length fields). This field MUST be set to the value 4. X Bit When this bit is set, the transport sender is using ConEx with this packet. If it is not set, the sender is not using ConEx with this packet. L Bit When this bit is set, the transport sender has experienced a loss. E Bit When this bit is set, the transport sender has experienced ECN-signaled congestion. C Bit When this bit is set, the transport sender is building up congestion credit in the audit. Reserved These bits are not used in the current specification. They are set to zero on the sender and are ignored on the receiver. All packets sent over a ConEx-capable connection MUST carry the CDO. The CDO is immutable. Network devices SHOULD only read the flags. IPSeC Authentication Header (AH) may be used to verify that the CDO has not been modified. If the X bit is zero all other three bits are undefined and thus should be ignored. The X bit set to zero means that the connection is ConEx-capable but this packet SHOULD NOT be accounted to determine ConEx information in an audit function. This can be the case for e.g. pure control packets not carrying any user data. As an example in TCP pure ACKs are usually not ECN-capable and TCP does not have an mechanism to announce the lost of a pure ACK to the sender. Thus Krishnan, et al. Expires April 24, 2014 [Page 5] Internet-Draft ConEx Destination Option October 2013 congestion information about ACKs are not available at the sender. If the X bit is set, all three other bit (L, E, C) MAY be set. Whenever one of these bits is set, the number of bytes carried by this IP packet (including the IP header) SHOULD be accounted for determining congestion or credit information. In IPv6 the number of bytes can easily be calculated by adding the number 40 (length of the IPv6 header in bytes) to the value present in the Payload Length field in the IPv6 header. Credits are sent previous to the occurence of congestion (loss or ECN-CE marks) and the amount of credits should cover the congestion risk. Note, the maximum congestion risk is that all packets in flight get lost or ECN marked. If the L or E bit is set, a congestion signal in form of loss or, respectively, an ECN mark was previously expirienced by the same connection. In principle all of these three bits (L, E, C) MAY be set in the same packet. In this case the packet size MUST be accounted more than once for each respective ConEx information counter. If a network node extracts the ConEx information from a connection, this node is usually supposed to hold this information byte-wise, e.g. comparing the total number of bytes sent with the number of bytes sent with ConEx congestion mark (L, E) to determine the current whole path congestion level. For ConEx-aware node processing, the CDO MUST use the Payload length field of the preceding IPv6 header for byte-based accounting. When equally sized packets can be assumed, the accounting of the number of packets (instead the number of bytes) should deliver the same result. But a network node must be aware that this estimation can be quite wrong, if e.g. different sized packed are send, and thus is not reliable. A ConEx sender SHOULD set the reserved bits in the CDO to zero. Other nodes SHOULD not interpret these bits. ToDo: Preferential drop of not ConEx-marked packets... 6. Implementation in the fast path of ConEx-aware routers The ConEx information is being encoded into a destination option so that it does not impact forwarding performance in the non-ConEx-aware nodes on the path. Since destination options are not usually processed by routers, the existence of the CDO does not affect the fast path processing of the datagram on non-ConEx-aware routers. i.e. Krishnan, et al. Expires April 24, 2014 [Page 6] Internet-Draft ConEx Destination Option October 2013 They are not pushed into the slow path towards the control plane for exception processing. The ConEx-aware nodes still need to process the CDO without severely affecting forwarding. For this to be possible, the ConEx-aware routers need to quickly ascertain the presence of the CDO and process the option if it is present. To efficiently perform this, the CDO needs to be placed in a fairly deterministic location. In order to facilitate forwarding on ConEx-aware routers, ConEx-aware senders who send IPv6 datagrams with the CDO MUST place the CDO as the first destination option in the destination options header. 7. Compatibility with use of IPsec In IPsec transport mode no action needs to be taken as the CDO is visible to the network. When accounting ConEx information the size of the Authentication Header (AH) SHOULD NOT be accounted as this information has been added later. In the IPsec Tunnel model the CDO SHOULD be copied to the outer IP header as this information is end- to-end. Only the payload of the outer IP header minus the AH SHOULD be accounted. 8. Acknowledgements The authors would like to thank Marcelo Bagnulo, Bob Briscoe, Ingemar Johansson, Joel Halpern and John Leslie for the discussions that led to this document. 9. Security Considerations This document does not bring up any new security issues. 10. IANA Considerations This document defines a new IPv6 destination option for carrying ConEx markings. IANA is requested to assign a new destination option type in the Destination Options registry maintained at http://www.iana.org/assignments/ipv6-parameters <TBA1> ConEx Destination Option [RFCXXXX] The act bits for this option need to be 10 and the chg bit needs to be 0. Krishnan, et al. Expires April 24, 2014 [Page 7] Internet-Draft ConEx Destination Option October 2013 11. Normative References [CAM] Mathis, M. and B. Briscoe, "Congestion Exposure (ConEx) Concepts and Abstract Mechanism", draft-ietf-ConEx-abstract-mech-05 (work in progress), July 2011. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, December 1998. Authors' Addresses Suresh Krishnan Ericsson 8400 Blvd Decarie Town of Mount Royal, Quebec Canada Email: firstname.lastname@example.org Mirja Kuehlewind IKR University of Stuttgart Email: email@example.com Carlos Ralli Ucendo Telefonica Email: firstname.lastname@example.org Krishnan, et al. Expires April 24, 2014 [Page 8]