SFC                                                    F. Brockners, Ed.
Internet-Draft                                                     Cisco
Intended status: Standards Track                        S. Bhandari, Ed.
Expires: April 3, 2023                                       Thoughtspot
                                                      September 30, 2022


 Network Service Header (NSH) Encapsulation for In-situ OAM (IOAM) Data
                       draft-ietf-sfc-ioam-nsh-11

Abstract

   In-situ Operations, Administration, and Maintenance (IOAM) is used
   for recording and collecting operational and telemetry information
   while the packet traverses a path between two points in the network.
   This document outlines how IOAM data fields are encapsulated with the
   Network Service Header (NSH).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 3, 2023.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of




Brockners & Bhandari      Expires April 3, 2023                 [Page 1]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  IOAM encapsulation with NSH . . . . . . . . . . . . . . . . .   3
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   7.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .   5
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Appendix A.  Discussion of the IOAM encapsulation approach  . . .   8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   In-situ OAM (IOAM), as defined in [RFC9197], is used to record and
   collect OAM information while the packet traverses a particular
   network domain.  The term "in-situ" refers to the fact that the OAM
   data is added to the data packets rather than is being sent within
   packets specifically dedicated to OAM.  This document defines how
   IOAM data fields are transported as part of the Network Service
   Header (NSH) [RFC8300] encapsulation for the Service Function
   Chaining (SFC) [RFC7665].  The IOAM-Data-Fields are defined in
   [RFC9197].  An implementation of IOAM which leverages NSH to carry
   the IOAM data is available from the FD.io open source software
   project [FD.io].

2.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   Abbreviations used in this document:

   IOAM:      In-situ Operations, Administration, and Maintenance

   NSH:       Network Service Header

   OAM:       Operations, Administration, and Maintenance




Brockners & Bhandari      Expires April 3, 2023                 [Page 2]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


   SFC:       Service Function Chaining

   TLV:       Type, Length, Value

3.  IOAM encapsulation with NSH

   The NSH is defined in [RFC8300].  IOAM-Data-Fields are carried as NSH
   payload using a next protocol header which follows the NSH headers.
   An IOAM header is added containing the different IOAM-Data-Fields.
   The IOAM-Data-Fields MUST follow the definitions corresponding to
   IOAM-Option-Types (e.g., see Section 5 of [RFC9197] and Section 3.2
   of [I-D.ietf-ippm-ioam-direct-export]).  In an administrative domain
   where IOAM is used, insertion of the IOAM header in NSH is enabled at
   the NSH tunnel endpoints, which also serve as IOAM encapsulating/
   decapsulating nodes by means of configuration.  The operator MUST
   ensure that all nodes along the service path support IOAM.  Otherwise
   packets with IOAM are likely to be dropped per [RFC8300].  There can
   be multiple IOAM headers added by encapsulating nodes as configured.
   The IOAM transit nodes (e.g., an SFF) MUST process all the IOAM
   headers that are relevant based on its configuration.  See
   [I-D.ietf-ippm-ioam-deployment] for a discussion of deployment
   related aspects of IOAM-Data-fields.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
   |Ver|O|U|    TTL    |   Length  |U|U|U|U|MD Type| NP = TBD_IOAM |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  N
   |          Service Path Identifier              | Service Index |  S
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  H
   |                            ...                                |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
   |  IOAM-Type    | IOAM HDR len  |    Reserved   | Next Protocol |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  I
   !                                                               |  O
   !                                                               |  A
   ~                 IOAM Option and Optional Data Space           ~  M
   |                                                               |  |
   |                                                               |  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+
   |                                                               |
   |                                                               |
   |                 Payload + Padding (L2/L3/ESP/...)             |
   |                                                               |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




Brockners & Bhandari      Expires April 3, 2023                 [Page 3]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


   The NSH header and fields are defined in [RFC8300].  The O-bit MUST
   be handled following the rules in [I-D.ietf-sfc-oam-packet].  The
   "NSH Next Protocol" value (referred to as "NP" in the diagram above)
   is TBD_IOAM.

   The IOAM related fields in NSH are defined as follows:



      IOAM-Type:  8-bit field defining the IOAM-Option-Type, as defined
         in the IOAM Option-Type Registry specified in [RFC9197].

      IOAM HDR Len:  8 bit Length field contains the length of the IOAM
         header in 4-octet units.

      Reserved bits:  Reserved bits are present for future use.  The
         reserved bits MUST be set to 0x0 upon transmission and ignored
         upon receipt.

      Next Protocol:  8-bit unsigned integer that determines the type of
         header following IOAM.  The semantics of this field are
         identical to the Next Protocol field in [RFC8300].

      IOAM Option and Data Space:  IOAM-Data-Fields as specified by the
         IOAM-Type field.  IOAM-Data-Fields are defined corresponding to
         the IOAM-Option-Type (e.g., see Section 5 of [RFC9197] and
         Section 3.2 of [I-D.ietf-ippm-ioam-direct-export]).

   Multiple IOAM-Option-Types MAY be included within the NSH
   encapsulation.  For example, if a NSH encapsulation contains two
   IOAM-Option-Types before a data payload, the Next Protocol field of
   the first IOAM option will contain the value of TBD_IOAM, while the
   Next Protocol field of the second IOAM-Option-Type will contain the
   "NSH Next Protocol" number indicating the type of the data payload.
   The applicability of the IOAM Active and Loopback flags
   [I-D.ietf-ippm-ioam-flags] is outside the scope of this document and
   may be specified in the future.  When a packet with IOAM is received
   at an NSH based forwarding node such as an Service Function Forwarder
   (SFF) that does not understand IOAM header, it SHOULD drop the
   packet.  The mechanism to maintain and notify of such events are
   outside the scope of this document.

4.  IANA Considerations

   IANA is requested to allocate protocol numbers for the following "NSH
   Next Protocol" related to IOAM:





Brockners & Bhandari      Expires April 3, 2023                 [Page 4]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


                 +---------------+-------------+---------------+
                 | Next Protocol | Description | Reference     |
                 +---------------+-------------+---------------+
                 | x             | TBD_IOAM    | This document |
                 +---------------+-------------+---------------+


5.  Security Considerations

   IOAM is considered a "per domain" feature, where one or several
   operators decide on leveraging and configuring IOAM according to
   their needs.  Still, operators need to properly secure the IOAM
   domain to avoid malicious configuration and use, which could include
   injecting malicious IOAM packets into a domain.  For additional IOAM
   related security considerations, see Section 10 in [RFC9197].  For
   additional OAM and NSH related security considerations see Section 5
   of [I-D.ietf-sfc-oam-packet].

6.  Acknowledgements

   The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari
   Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya
   Nadahalli, Stefano Previdi, Hemant Singh, Erik Nordmark, LJ Wobker,
   Andrew Yourtchenko, Greg Mirsky and Mohamed Boucadair for the
   comments and advice.

7.  Contributors

   In addition to editors listed on the title page, the following people
   have contributed to this document:

      Vengada Prasad Govindan
      Cisco Systems, Inc.
      Email: venggovi@cisco.com


      Carlos Pignataro
      Cisco Systems, Inc.
      7200-11 Kit Creek Road
      Research Triangle Park, NC  27709
      United States
      Email: cpignata@cisco.com


      Hannes Gredler
      RtBrick Inc.
      Email: hannes@rtbrick.com




Brockners & Bhandari      Expires April 3, 2023                 [Page 5]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


      John Leddy
      Email: john@leddy.net


      Stephen Youell
      JP Morgan Chase
      25 Bank Street
      London  E14 5JP
      United Kingdom
      Email: stephen.youell@jpmorgan.com


      Tal Mizrahi
      Huawei Network.IO Innovation Lab
      Israel
      Email: tal.mizrahi.phd@gmail.com


      David Mozes
      Email: mosesster@gmail.com


      Petr Lapukhov
      Facebook
      1 Hacker Way
      Menlo Park, CA  94025
      US
      Email: petr@fb.com


      Remy Chang
      Barefoot Networks
      2185 Park Boulevard
      Palo Alto, CA  94306
      US


8.  References

8.1.  Normative References

   [I-D.ietf-sfc-oam-packet]
              Boucadair, M., "OAM Packet and Behavior in the Network
              Service Header (NSH)", draft-ietf-sfc-oam-packet-01 (work
              in progress), April 2022,
              <https://www.ietf.org/archive/id/draft-ietf-sfc-oam-
              packet-01.txt>.




Brockners & Bhandari      Expires April 3, 2023                 [Page 6]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8300]  Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
              "Network Service Header (NSH)", RFC 8300,
              DOI 10.17487/RFC8300, January 2018,
              <https://www.rfc-editor.org/info/rfc8300>.

   [RFC9197]  Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi,
              Ed., "Data Fields for In Situ Operations, Administration,
              and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197,
              May 2022, <https://www.rfc-editor.org/info/rfc9197>.

8.2.  Informative References

   [FD.io]    "Fast Data Project: FD.io", <https://fd.io/>.

   [I-D.ietf-ippm-ioam-deployment]
              Brockners, F., Bhandari, S., Bernier, D., and T. Mizrahi,
              "In-situ OAM Deployment", draft-ietf-ippm-ioam-
              deployment-01 (work in progress), April 2022,
              <https://www.ietf.org/archive/id/draft-ietf-ippm-ioam-
              deployment-01.txt>.

   [I-D.ietf-ippm-ioam-direct-export]
              Song, H., Gafni, B., Brockners, F., Bhandari, S., and T.
              Mizrahi, "In-situ OAM Direct Exporting", draft-ietf-ippm-
              ioam-direct-export-11 (work in progress), September 2022,
              <https://www.ietf.org/archive/id/draft-ietf-ippm-ioam-
              direct-export-11.txt>.

   [I-D.ietf-ippm-ioam-flags]
              Mizrahi, T., Brockners, F., Bhandari, S., Gafni, B., and
              M. Spiegel, "In-situ OAM Loopback and Active Flags",
              draft-ietf-ippm-ioam-flags-10 (work in progress), August
              2022, <https://www.ietf.org/archive/id/draft-ietf-ippm-
              ioam-flags-10.txt>.

   [RFC7665]  Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
              Chaining (SFC) Architecture", RFC 7665,
              DOI 10.17487/RFC7665, October 2015,
              <https://www.rfc-editor.org/info/rfc7665>.



Brockners & Bhandari      Expires April 3, 2023                 [Page 7]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


Appendix A.  Discussion of the IOAM encapsulation approach

   This section lists several approaches considered for encapsulating
   IOAM with NSH and presents the rationale for the approach chosen in
   this document.

   An encapsulation of IOAM-Data-Fields in NSH should be friendly to an
   implementation in both hardware as well as software forwarders and
   support a wide range of deployment cases, including large networks
   that desire to leverage multiple IOAM-Data-Fields at the same time.

   Hardware and software friendly implementation: Hardware forwarders
   benefit from an encapsulation that minimizes iterative look-ups of
   fields within the packet: Any operation which looks up the value of a
   field within the packet, based on which another lookup is performed,
   consumes additional gates and time in an implementation - both of
   which are desired to be kept to a minimum.  This means that flat TLV
   structures are to be preferred over nested TLV structures.  IOAM-
   Data-Fields are grouped into several categories, including trace,
   proof-of-transit, and edge-to-edge.  Each of these options defines a
   TLV structure.  A hardware-friendly encapsulation approach avoids
   grouping these three option categories into yet another TLV
   structure, but would rather carry the options as a serial sequence.

   Total length of the IOAM-Data-Fields: The total length of IOAM-Data-
   Fields can grow quite large in case multiple different IOAM-Data-
   Fields are used and large path-lengths need to be considered.  If for
   example an operator would consider using the IOAM Trace Option-Type
   and capture node-id, app_data, egress/ingress interface-id, timestamp
   seconds, timestamps nanoseconds at every hop, then a total of 20
   octets would be added to the packet at every hop.  In case this
   particular deployment would have a maximum path length of 15 hops in
   the IOAM domain, then a maximum of 300 octets were to be encapsulated
   in the packet.

   Different approaches for encapsulating IOAM-Data-Fields in NSH could
   be considered:

   1.  Encapsulation of IOAM-Data-Fields as "NSH MD Type 2" (see
       [RFC8300], Section 2.5).  Each IOAM-Option-Type (e.g., trace,
       proof-of-transit, and edge-to-edge) would be specified by a type,
       with the different IOAM-Data-Fields being TLVs within this the
       particular option type.  NSH MD Type 2 offers support for
       variable length meta-data.  The length field is 6-bits, resulting
       in a maximum of 256 (2^6 x 4) octets.






Brockners & Bhandari      Expires April 3, 2023                 [Page 8]


Internet-Draft      NSH encapsulation for In-situ OAM     September 2022


   2.  Encapsulation of IOAM-Data-Fields using the "Next Protocol"
       field.  Each IOAM-Option-Type (e.g trace, proof-of-transit, and
       edge-to-edge) would be specified by its own "next protocol".

   3.  Encapsulation of IOAM-Data-Fields using the "Next Protocol"
       field.  A single NSH protocol type code point would be allocated
       for IOAM.  A "sub-type" field would then specify what IOAM
       options type (trace, proof-of-transit, edge-to-edge) is carried.

   The third option has been chosen here.  This option avoids the
   additional layer of TLV nesting that the use of NSH MD Type 2 would
   result in.  In addition, this option does not constrain IOAM data to
   a maximum of 256 octets, thus allowing support for very large
   deployments.

Authors' Addresses

   Frank Brockners (editor)
   Cisco Systems, Inc.
   Hansaallee 249, 3rd Floor
   DUESSELDORF, NORDRHEIN-WESTFALEN  40549
   Germany

   Email: fbrockne@cisco.com


   Shwetha Bhandari (editor)
   Thoughtspot
   3rd Floor, Indiqube Orion, 24th Main Rd, Garden Layout, HSR Layout
   Bangalore, KARNATAKA 560 102
   India

   Email: shwetha.bhandari@thoughtspot.com


















Brockners & Bhandari      Expires April 3, 2023                 [Page 9]