draft-ietf-6man-spring-srv6-oam-12.txt   draft-ietf-6man-spring-srv6-oam-13.txt 
6man Z. Ali 6man Z. Ali
Internet-Draft C. Filsfils Internet-Draft C. Filsfils
Intended status: Standards Track Cisco Systems Intended status: Standards Track Cisco Systems
Expires: June 1, 2022 S. Matsushima Expires: July 27, 2022 S. Matsushima
Softbank Softbank
D. Voyer D. Voyer
Bell Canada Bell Canada
M. Chen M. Chen
Huawei Huawei
November 28, 2021 January 23, 2022
Operations, Administration, and Maintenance (OAM) in Segment Routing Operations, Administration, and Maintenance (OAM) in Segment Routing
Networks with IPv6 Data plane (SRv6) Networks with IPv6 Data plane (SRv6)
draft-ietf-6man-spring-srv6-oam-12 draft-ietf-6man-spring-srv6-oam-13
Abstract Abstract
This document describes how the existing IPv6 mechanisms for ping and This document describes how the existing IPv6 mechanisms for ping and
traceroute can be used in an SRv6 network. The document also traceroute can be used in an SRv6 network. The document also
specifies the OAM flag in the Segment Routing Header (SRH) for specifies the OAM flag in the Segment Routing Header (SRH) for
performing controllable and predictable flow sampling from segment performing controllable and predictable flow sampling from segment
endpoints. In addition, the document describes how a centralized endpoints. In addition, the document describes how a centralized
monitoring system performs a path continuity check between any nodes monitoring system performs a path continuity check between any nodes
within an SRv6 domain. within an SRv6 domain.
skipping to change at page 1, line 43 skipping to change at page 1, line 43
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 1, 2022. This Internet-Draft will expire on July 27, 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 25 skipping to change at page 2, line 25
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Terminology and Reference Topology . . . . . . . . . . . 4 1.3. Terminology and Reference Topology . . . . . . . . . . . 4
2. OAM Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 5 2. OAM Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. O-flag in Segment Routing Header . . . . . . . . . . . . 5 2.1. O-flag in Segment Routing Header . . . . . . . . . . . . 5
2.1.1. O-flag Processing . . . . . . . . . . . . . . . . . . 6 2.1.1. O-flag Processing . . . . . . . . . . . . . . . . . . 6
2.2. OAM Operations . . . . . . . . . . . . . . . . . . . . . 8 2.2. OAM Operations . . . . . . . . . . . . . . . . . . . . . 8
3. Illustrations . . . . . . . . . . . . . . . . . . . . . . . . 8 3. Implementation Status . . . . . . . . . . . . . . . . . . . . 8
3.1. Ping in SRv6 Networks . . . . . . . . . . . . . . . . . . 9 4. Security Considerations . . . . . . . . . . . . . . . . . . . 9
3.1.1. Pinging an IPv6 Address via a Segment-list . . . . . 9 5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9
3.1.2. Pinging a SID . . . . . . . . . . . . . . . . . . . . 10 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
3.2. Traceroute . . . . . . . . . . . . . . . . . . . . . . . 11 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.1. Traceroute to an IPv6 Address via a Segment-list . . 11 7.1. Normative References . . . . . . . . . . . . . . . . . . 10
3.2.2. Traceroute to a SID . . . . . . . . . . . . . . . . . 13 7.2. Informative References . . . . . . . . . . . . . . . . . 10
3.3. A Hybrid OAM Using O-flag . . . . . . . . . . . . . . . . 15 Appendix A. Illustrations . . . . . . . . . . . . . . . . . . . 12
3.4. Monitoring of SRv6 Paths . . . . . . . . . . . . . . . . 17 A.1. Ping in SRv6 Networks . . . . . . . . . . . . . . . . . . 12
4. Implementation Status . . . . . . . . . . . . . . . . . . . . 18 A.1.1. Pinging an IPv6 Address via a Segment-list . . . . . 13
5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 A.1.2. Pinging a SID . . . . . . . . . . . . . . . . . . . . 14
6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 19 A.2. Traceroute . . . . . . . . . . . . . . . . . . . . . . . 15
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 A.2.1. Traceroute to an IPv6 Address via a Segment-list . . 15
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 A.2.2. Traceroute to a SID . . . . . . . . . . . . . . . . . 17
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 20 A.3. A Hybrid OAM Using O-flag . . . . . . . . . . . . . . . . 18
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 A.4. Monitoring of SRv6 Paths . . . . . . . . . . . . . . . . 21
10.1. Normative References . . . . . . . . . . . . . . . . . . 21 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 22
10.2. Informative References . . . . . . . . . . . . . . . . . 22 Appendix C. Contributors . . . . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
As Segment Routing with IPv6 data plane (SRv6) [RFC8402] simply adds As Segment Routing with IPv6 data plane (SRv6) [RFC8402] simply adds
a new type of Routing Extension Header, existing IPv6 OAM mechanisms a new type of Routing Extension Header, existing IPv6 OAM mechanisms
can be used in an SRv6 network. This document describes how the can be used in an SRv6 network. This document describes how the
existing IPv6 mechanisms for ping and traceroute can be used in an existing IPv6 mechanisms for ping and traceroute can be used in an
SRv6 network. This includes illustrations of pinging an SRv6 SID to SRv6 network. This includes illustrations of pinging an SRv6 SID to
verify that the SID is reachable and is locally programmed at the verify that the SID is reachable and is locally programmed at the
skipping to change at page 7, line 40 skipping to change at page 7, line 40
If the penultimate segment of a segment-list is a Penultimate Segment If the penultimate segment of a segment-list is a Penultimate Segment
Pop (PSP) SID, telemetry data from the ultimate segment cannot be Pop (PSP) SID, telemetry data from the ultimate segment cannot be
requested. This is because, when the penultimate segment is a PSP requested. This is because, when the penultimate segment is a PSP
SID, the SRH is removed at the penultimate segment and the O-flag is SID, the SRH is removed at the penultimate segment and the O-flag is
not processed at the ultimate segment. not processed at the ultimate segment.
The processing node MUST rate-limit the number of packets punted to The processing node MUST rate-limit the number of packets punted to
the OAM process to a configurable rate. This is to avoid hitting any the OAM process to a configurable rate. This is to avoid hitting any
performance impact on the OAM and the telemetry collection processes. performance impact on the OAM and the telemetry collection processes.
Failure in implementing the rate limit can lead to a denial-of- Failure in implementing the rate limit can lead to a denial-of-
service attack, as detailed in Section 5. service attack, as detailed in section 4.
The OAM process MUST NOT process the copy of the packet or respond to The OAM process MUST NOT process the copy of the packet or respond to
any upper-layer header (like ICMP, UDP, etc.) payload to prevent any upper-layer header (like ICMP, UDP, etc.) payload to prevent
multiple evaluations of the datagram. multiple evaluations of the datagram.
The OAM process is expected to be located on the routing node The OAM process is expected to be located on the routing node
processing the packet. Although the specification of the OAM process processing the packet. Although the specification of the OAM process
or the external controller operations are beyond the scope of this or the external controller operations are beyond the scope of this
document, the OAM process SHOULD NOT be topologically distant from document, the OAM process SHOULD NOT be topologically distant from
the routing node, as this is likely to create significant security the routing node, as this is likely to create significant security
and congestion issues. How to correlate the data collected from and congestion issues. How to correlate the data collected from
different nodes at an external controller is also outside the scope different nodes at an external controller is also outside the scope
of the document. Section 3 illustrates use of the O-flag for of the document. Appendix A illustrates use of the O-flag for
implementing a hybrid OAM mechanism, where the "hybrid" implementing a hybrid OAM mechanism, where the "hybrid"
classification is based on RFC7799 [RFC7799]. classification is based on RFC7799 [RFC7799].
2.2. OAM Operations 2.2. OAM Operations
IPv6 OAM operations can be performed for any SRv6 SID whose behavior IPv6 OAM operations can be performed for any SRv6 SID whose behavior
allows Upper Layer Header processing for an applicable OAM payload allows Upper Layer Header processing for an applicable OAM payload
(e.g., ICMP, UDP). (e.g., ICMP, UDP).
Ping to an SRv6 SID is used to verify that the SID is reachable and Ping to an SRv6 SID is used to verify that the SID is reachable and
is locally programmed at the target node. Traceroute to a SID is is locally programmed at the target node. Traceroute to a SID is
used for hop-by-hop fault localization as well as path tracing to a used for hop-by-hop fault localization as well as path tracing to a
SID. Section 3 illustrates the ICMPv6 based ping and the UDP based SID. Appendix A illustrates the ICMPv6 based ping and the UDP based
traceroute mechanisms for ping and traceroute to an SRv6 SID. traceroute mechanisms for ping and traceroute to an SRv6 SID.
Although this document only illustrates ICMPv6 ping and UDP based Although this document only illustrates ICMPv6 ping and UDP based
traceroute to an SRv6 SID, the procedures are equally applicable to traceroute to an SRv6 SID, the procedures are equally applicable to
other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding
Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe
message processing [I-D.gandhi-spring-stamp-srpm], etc.). message processing [I-D.gandhi-spring-stamp-srpm], etc.).
Specifically, as long as local configuration allows the Upper-layer Specifically, as long as local configuration allows the Upper-layer
Header processing of the applicable OAM payload for SRv6 SIDs, the Header processing of the applicable OAM payload for SRv6 SIDs, the
existing IPv6 OAM techniques can be used to target a probe to a existing IPv6 OAM techniques can be used to target a probe to a
(remote) SID. (remote) SID.
skipping to change at page 8, line 43 skipping to change at page 8, line 43
exercise all of its processing depending on its behavior definition. exercise all of its processing depending on its behavior definition.
For example, ping to an End.X SID [RFC8986] only validates the SID is For example, ping to an End.X SID [RFC8986] only validates the SID is
locally programmed at the target node and does not validate switching locally programmed at the target node and does not validate switching
to the correct outgoing interface. To exercise the behavior of a to the correct outgoing interface. To exercise the behavior of a
target SID, the OAM operation should construct the probe in a manner target SID, the OAM operation should construct the probe in a manner
similar to a data packet that exercises the SID behavior, i.e. to similar to a data packet that exercises the SID behavior, i.e. to
include that SID as a transit SID in either an SRH or IPv6 DA of an include that SID as a transit SID in either an SRH or IPv6 DA of an
outer IPv6 header or as appropriate based on the definition of the outer IPv6 header or as appropriate based on the definition of the
SID behavior. SID behavior.
3. Illustrations 3. Implementation Status
This section shows how some of the existing IPv6 OAM mechanisms can This section is to be removed prior to publishing as an RFC.
See [I-D.matsushima-spring-srv6-deployment-status] for updated
deployment and interoperability reports.
4. Security Considerations
[RFC8754] defines the notion of an SR domain and use of SRH within
the SR domain. The use of OAM procedures described in this document
is restricted to an SR domain. For example, similar to the SID
manipulation, O-flag manipulation is not considered as a threat
within the SR domain. Procedures for securing an SR domain are
defined the section 5.1 and section 7 of [RFC8754].
As noted in section 7.1 of [RFC8754], compromised nodes within the SR
domain may mount attacks. The O-flag may be set by an attacking node
attempting a denial-of-service attack on the OAM process at the
segment endpoint node. An implementation correctly implementing the
rate limiting in section 2.1.1 is not susceptible to that denial-of-
service attack. Additionally, SRH Flags are protected by the HMAC
TLV, as described in section 2.1.2.1 of [RFC8754]. Once an HMAC is
generated for a segment list with the O-flag set, it can be used for
an arbitrary amount of traffic using that segment list with O-flag
set.
The security properties of the channel used to send exported packets
marked by the O-flag will depend on the specific OAM processes used.
An on-path attacker able to observe this OAM channel could conduct
traffic analysis, or potentially eavesdropping (depending on the OAM
configuration), of this telemetry for the entire SR domain from such
a vantage point.
This document does not impose any additional security challenges to
be considered beyond security threats described in [RFC4884],
[RFC4443], [RFC0792], [RFC8754] and [RFC8986].
5. Privacy Considerations
The per-packet marking capabilities of the O-flag provides a granular
mechanism to collect telemetry. When this collection is deployed by
an operator with knowledge and consent of the users, it will enable a
variety of diagnostics and monitoring to support the OAM and security
operations use cases needed for resilient network operations.
However, this collection mechanism will also provide an explicit
protocol mechanism to operators for surveillance and pervasive
monitoring use cases done contrary to the user's consent.
6. IANA Considerations
This document requests that IANA allocate the following registration
in the "Segment Routing Header Flags" sub-registry for the "Internet
Protocol Version 6 (IPv6) Parameters" registry maintained by IANA:
+-------+------------------------------+---------------+
| Bit | Description | Reference |
+=======+==============================+===============+
| 2 | O-flag | This document |
+-------+------------------------------+---------------+
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
(SRv6) Network Programming", RFC 8986,
DOI 10.17487/RFC8986, February 2021,
<https://www.rfc-editor.org/info/rfc8986>.
7.2. Informative References
[I-D.gandhi-spring-stamp-srpm]
Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens,
B., and R. Foote, "Performance Measurement Using Simple
TWAMP (STAMP) for Segment Routing Networks", draft-gandhi-
spring-stamp-srpm-07 (work in progress), July 2021.
[I-D.ietf-ippm-ioam-data]
Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields
for In-situ OAM", draft-ietf-ippm-ioam-data-11 (work in
progress), November 2020.
[I-D.matsushima-spring-srv6-deployment-status]
Matsushima, S., Filsfils, C., Ali, Z., Li, Z., and K.
Rajaraman, "SRv6 Implementation and Deployment Status",
draft-matsushima-spring-srv6-deployment-status-11 (work in
progress), February 2021.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<https://www.rfc-editor.org/info/rfc2328>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
"Extended ICMP to Support Multi-Part Messages", RFC 4884,
DOI 10.17487/RFC4884, April 2007,
<https://www.rfc-editor.org/info/rfc4884>.
[RFC5476] Claise, B., Ed., Johnson, A., and J. Quittek, "Packet
Sampling (PSAMP) Protocol Specifications", RFC 5476,
DOI 10.17487/RFC5476, March 2009,
<https://www.rfc-editor.org/info/rfc5476>.
[RFC5837] Atlas, A., Ed., Bonica, R., Ed., Pignataro, C., Ed., Shen,
N., and JR. Rivers, "Extending ICMP for Interface and
Next-Hop Identification", RFC 5837, DOI 10.17487/RFC5837,
April 2010, <https://www.rfc-editor.org/info/rfc5837>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model
for IP Flow Information Export (IPFIX)", RFC 7012,
DOI 10.17487/RFC7012, September 2013,
<https://www.rfc-editor.org/info/rfc7012>.
[RFC7799] Morton, A., "Active and Passive Metrics and Methods (with
Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
May 2016, <https://www.rfc-editor.org/info/rfc7799>.
[RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S.
Pallagatti, "Seamless Bidirectional Forwarding Detection
(S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016,
<https://www.rfc-editor.org/info/rfc7880>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N.
Kumar, "A Scalable and Topology-Aware MPLS Data-Plane
Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July
2018, <https://www.rfc-editor.org/info/rfc8403>.
[RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and
C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of
IGP Traffic Engineering Performance Metric Extensions",
RFC 8571, DOI 10.17487/RFC8571, March 2019,
<https://www.rfc-editor.org/info/rfc8571>.
Appendix A. Illustrations
This appendix shows how some of the existing IPv6 OAM mechanisms can
be used in an SRv6 network. It also illustrates an OAM mechanism for be used in an SRv6 network. It also illustrates an OAM mechanism for
performing controllable and predictable flow sampling from segment performing controllable and predictable flow sampling from segment
endpoints. How centralized OAM technique in [RFC8403] can be endpoints. How centralized OAM technique in [RFC8403] can be
extended for SRv6 is also described in this Section. extended for SRv6 is also described in this appendix.
3.1. Ping in SRv6 Networks A.1. Ping in SRv6 Networks
The existing mechanism to perform the reachability checks, along the The existing mechanism to perform the reachability checks, along the
shortest path, continues to work without any modification. Any IPv6 shortest path, continues to work without any modification. Any IPv6
node (SRv6 capable or a non-SRv6 capable) can initiate, transit, and node (SRv6 capable or a non-SRv6 capable) can initiate, transit, and
egress a ping packet. egress a ping packet.
The following subsections outline some additional use cases of the The following subsections outline some additional use cases of the
ICMPv6 ping in the SRv6 networks. ICMPv6 ping in the SRv6 networks.
3.1.1. Pinging an IPv6 Address via a Segment-list A.1.1. Pinging an IPv6 Address via a Segment-list
If an SRv6-capable ingress node wants to ping an IPv6 address via an If an SRv6-capable ingress node wants to ping an IPv6 address via an
arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6 arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6
ping with an SR header containing the SID list <S1, S2, S3>. This is ping with an SR header containing the SID list <S1, S2, S3>. This is
illustrated using the topology in Figure 1. User issues a ping from illustrated using the topology in Figure 1. User issues a ping from
node N1 to a loopback of node N5, via segment list node N1 to a loopback of node N5, via segment list
<2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in
the example is End.X SID, as described in [RFC8986], but the the example is End.X SID, as described in [RFC8986], but the
procedure is equally applicable to any other (transit) SID type. procedure is equally applicable to any other (transit) SID type.
skipping to change at page 10, line 29 skipping to change at page 14, line 17
packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a
PSP SID, node N4 executes the SID like any other data packet with PSP SID, node N4 executes the SID like any other data packet with
DA = 2001:db8:K:4:X52:: and removes the SRH. DA = 2001:db8:K:4:X52:: and removes the SRH.
o The echo request packet at N5 arrives as an IPv6 packet with or o The echo request packet at N5 arrives as an IPv6 packet with or
without an SRH. If N5 receives the packet with SRH, it skips SRH without an SRH. If N5 receives the packet with SRH, it skips SRH
processing (SL=0). In either case, Node N5 performs the standard processing (SL=0). In either case, Node N5 performs the standard
ICMPv6 processing on the echo request and responds with the echo ICMPv6 processing on the echo request and responds with the echo
reply message to N1. The echo reply message is IP routed. reply message to N1. The echo reply message is IP routed.
3.1.2. Pinging a SID A.1.2. Pinging a SID
The ping mechanism described above applies equally to perform SID The ping mechanism described above applies equally to perform SID
reachability check and to validate the SID is locally programmed at reachability check and to validate the SID is locally programmed at
the target node. This is explained using an example in the the target node. This is explained using an example in the
following. The example uses ping to an END SID, as described in following. The example uses ping to an END SID, as described in
[RFC8986], but the procedure is equally applicable to ping any other [RFC8986], but the procedure is equally applicable to ping any other
SID behaviors. SID behaviors.
Consider the example where the user wants to ping a remote SID Consider the example where the user wants to ping a remote SID
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6
skipping to change at page 11, line 21 skipping to change at page 15, line 11
o If the target SID (2001:db8:K:4::) is not locally instantiated and o If the target SID (2001:db8:K:4::) is not locally instantiated and
does not represent a local interface, the packet is discarded does not represent a local interface, the packet is discarded
o If the target SID (2001:db8:K:4::) is locally instantiated or o If the target SID (2001:db8:K:4::) is locally instantiated or
represents a local interface, the node processes the upper layer represents a local interface, the node processes the upper layer
header. As part of the upper layer header processing node N4 header. As part of the upper layer header processing node N4
respond to the ICMPv6 echo request message and responds with the respond to the ICMPv6 echo request message and responds with the
echo reply message. The echo reply message is IP routed. echo reply message. The echo reply message is IP routed.
3.2. Traceroute A.2. Traceroute
The existing traceroute mechanisms, along the shortest path, The existing traceroute mechanisms, along the shortest path,
continues to work without any modification. Any IPv6 node (SRv6 continues to work without any modification. Any IPv6 node (SRv6
capable or a non-SRv6 capable) can initiate, transit, and egress a capable or a non-SRv6 capable) can initiate, transit, and egress a
traceroute probe. traceroute probe.
The following subsections outline some additional use cases of the The following subsections outline some additional use cases of the
traceroute in the SRv6 networks. traceroute in the SRv6 networks.
3.2.1. Traceroute to an IPv6 Address via a Segment-list A.2.1. Traceroute to an IPv6 Address via a Segment-list
If an SRv6-capable ingress node wants to traceroute to IPv6 address If an SRv6-capable ingress node wants to traceroute to IPv6 address
via an arbitrary segment list <S1, S2, S3>, it needs to initiate a via an arbitrary segment list <S1, S2, S3>, it needs to initiate a
traceroute probe with an SR header containing the SID list <S1, S2, traceroute probe with an SR header containing the SID list <S1, S2,
S3>. User issues a traceroute from node N1 to a loopback of node N5, S3>. User issues a traceroute from node N1 to a loopback of node N5,
via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID
behavior used in the example is End.X SID, as described in [RFC8986], behavior used in the example is End.X SID, as described in [RFC8986],
but the procedure is equally applicable to any other (transit) SID but the procedure is equally applicable to any other (transit) SID
type. Figure 3 contains sample output for the traceroute request. type. Figure 3 contains sample output for the traceroute request.
skipping to change at page 12, line 31 skipping to change at page 16, line 13
Figure 3 A sample traceroute output at an SRv6-capable node Figure 3 A sample traceroute output at an SRv6-capable node
In the sample traceroute output, the information displayed at each In the sample traceroute output, the information displayed at each
hop is obtained using the contents of the "Time Exceeded" or hop is obtained using the contents of the "Time Exceeded" or
"Destination Unreachable" ICMPv6 responses. These ICMPv6 responses "Destination Unreachable" ICMPv6 responses. These ICMPv6 responses
are IP routed. are IP routed.
In the sample traceroute output, the information for link3 is In the sample traceroute output, the information for link3 is
returned by N3, which is a non-SRv6 capable node. Nonetheless, the returned by N3, which is a non-SRv6 capable node. Nonetheless, the
ingress node is able to display SR header contents as the packet ingress node is able to display SR header contents as the packet
travels through the IPv6 classic node. This is because the "Time travels through the non-SRv6 capable node. This is because the "Time
Exceeded Message" ICMPv6 message can contain as much of the invoking Exceeded Message" ICMPv6 message can contain as much of the invoking
packet as possible without the ICMPv6 packet exceeding the minimum packet as possible without the ICMPv6 packet exceeding the minimum
IPv6 MTU [RFC4443]. The SR header is included in these ICMPv6 IPv6 MTU [RFC4443]. The SR header is included in these ICMPv6
messages initiated by the non-SRv6 capable transit nodes that are not messages initiated by the non-SRv6 capable transit nodes that are not
running SRv6 software. Specifically, a node generating ICMPv6 running SRv6 software. Specifically, a node generating ICMPv6
message containing a copy of the invoking packet does not need to message containing a copy of the invoking packet does not need to
understand the extension header(s) in the invoking packet. understand the extension header(s) in the invoking packet.
The segment list information returned for the first hop is returned The segment list information returned for the first hop is returned
by N2, which is an SRv6-capable node. Just like for the second hop, by N2, which is an SRv6-capable node. Just like for the second hop,
the ingress node is able to display SR header contents for the first the ingress node is able to display SR header contents for the first
hop. hop.
There is no difference in processing of the traceroute probe at an There is no difference in processing of the traceroute probe at an
IPv6 classic node and an SRv6-capable node. Similarly, both IPv6 SRv6-capable and a non-SRv6 capable node. Similarly, both
classic and SRv6-capable nodes may use the address of the interface SRv6-capable and non-SRv6 capable nodes may use the address of the
on which probe was received as the source address in the ICMPv6 interface on which probe was received as the source address in the
response. ICMPv6 extensions defined in [RFC5837] can be used to ICMPv6 response. ICMPv6 extensions defined in [RFC5837] can be used
display information about the IP interface through which the datagram to display information about the IP interface through which the
would have been forwarded had it been forwardable, and the IP next datagram would have been forwarded had it been forwardable, and the
hop to which the datagram would have been forwarded, the IP interface IP next hop to which the datagram would have been forwarded, the IP
upon which a datagram arrived, the sub-IP component of an IP interface upon which a datagram arrived, the sub-IP component of an
interface upon which a datagram arrived. IP interface upon which a datagram arrived.
The IP address of the interface on which the traceroute probe was The IP address of the interface on which the traceroute probe was
received is useful. This information can also be used to verify if received is useful. This information can also be used to verify if
SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly
by N2 and N4, respectively. Specifically, the information displayed by N2 and N4, respectively. Specifically, the information displayed
for the second hop contains the incoming interface address for the second hop contains the incoming interface address
2001:db8:2:3:31:: at N3. This matches with the expected interface 2001:db8:2:3:31:: at N3. This matches with the expected interface
bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the
information displayed for the fourth hop contains the incoming information displayed for the fourth hop contains the incoming
interface address 2001:db8:4:5::52:: at N5. This matches with the interface address 2001:db8:4:5::52:: at N5. This matches with the
expected interface bound to the End.X behavior 2001:db8:K:4:X52:: expected interface bound to the End.X behavior 2001:db8:K:4:X52::
(link10). (link10).
3.2.2. Traceroute to a SID A.2.2. Traceroute to a SID
The classic traceroute described in the previous section applies The mechanism to traceroute an IPv6 Address via a Segment-list
equally to traceroute a remote SID behavior, as explained using an described in the previous section applies equally to traceroute a
example in the following. The example uses traceroute to an END SID, remote SID behavior, as explained using an example in the following.
as described in [RFC8986], but the procedure is equally applicable to The example uses traceroute to an END SID, as described in [RFC8986],
tracerouting any other SID behaviors. but the procedure is equally applicable to tracerouting any other SID
behaviors.
Please note that traceroute to a SID is exemplified using UDP probes. Please note that traceroute to a SID is exemplified using UDP probes.
However, the procedure is equally applicable to other implementations However, the procedure is equally applicable to other implementations
of traceroute mechanism. The UDP encoded message to traceroute a SID of traceroute mechanism. The UDP encoded message to traceroute a SID
would use the UDP ports assigned by IANA for "traceroute use". would use the UDP ports assigned by IANA for "traceroute use".
Consider the example where the user wants to traceroute a remote SID Consider the example where the user wants to traceroute a remote SID
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute
probe is processed at the individual nodes along the path as follows: probe is processed at the individual nodes along the path as follows:
skipping to change at page 15, line 5 skipping to change at page 18, line 34
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1)
2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec 2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec 3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
Figure 4 A sample output for hop-by-hop traceroute to a SID Figure 4 A sample output for hop-by-hop traceroute to a SID
3.3. A Hybrid OAM Using O-flag A.3. A Hybrid OAM Using O-flag
This section illustrates a hybrid OAM mechanism using the the O-flag. This section illustrates a hybrid OAM mechanism using the the O-flag.
Without loss of the generality, the illustration assumes N100 is a Without loss of the generality, the illustration assumes N100 is a
centralized controller. centralized controller.
The illustration is different than the In-situ OAM defined in [I.D- The illustration is different than the In-situ OAM defined in [I.D-
draft-ietf-ippm-ioam-data]. This is because In-situ OAM records draft-ietf-ippm-ioam-data]. This is because In-situ OAM records
operational and telemetry information in the packet as the packet operational and telemetry information in the packet as the packet
traverses a path between two points in the network [I.D-draft-ietf- traverses a path between two points in the network [I.D-draft-ietf-
ippm-ioam-data]. The illustration in this subsection does not ippm-ioam-data]. The illustration in this subsection does not
skipping to change at page 17, line 19 skipping to change at page 21, line 5
2. 2.
o The controller N100 processes and correlates the copy of the o The controller N100 processes and correlates the copy of the
packets sent from nodes N1, N4 and N7 to find segment-by-segment packets sent from nodes N1, N4 and N7 to find segment-by-segment
delays and provide other hybrid OAM information related to packet delays and provide other hybrid OAM information related to packet
P1. For segment-by-segment delay computation, it is assumed that P1. For segment-by-segment delay computation, it is assumed that
clock are synchronized time across the SR domain. clock are synchronized time across the SR domain.
o The process continues for any other sampled packets. o The process continues for any other sampled packets.
3.4. Monitoring of SRv6 Paths A.4. Monitoring of SRv6 Paths
In the recent past, network operators demonstrated interest in In the recent past, network operators demonstrated interest in
performing network OAM functions in a centralized manner. [RFC8403] performing network OAM functions in a centralized manner. [RFC8403]
describes such a centralized OAM mechanism. Specifically, the describes such a centralized OAM mechanism. Specifically, the
document describes a procedure that can be used to perform path document describes a procedure that can be used to perform path
continuity check between any nodes within an SR domain from a continuity check between any nodes within an SR domain from a
centralized monitoring system. However, the document focuses on SR centralized monitoring system. However, the document focuses on SR
networks with MPLS data plane. This document describes how the networks with MPLS data plane. This document describes how the
concept can be used to perform path monitoring in an SRv6 network concept can be used to perform path monitoring in an SRv6 network
from a centralized controller. from a centralized controller.
skipping to change at page 18, line 34 skipping to change at page 22, line 20
o Node N100 executes the standard SRv6 END behavior. It o Node N100 executes the standard SRv6 END behavior. It
decapsulates the header and consume the probe for OAM processing. decapsulates the header and consume the probe for OAM processing.
The information in the OAM payload is used to detect any missing The information in the OAM payload is used to detect any missing
probes, round trip delay, etc. probes, round trip delay, etc.
The OAM payload type or the information carried in the OAM probe is a The OAM payload type or the information carried in the OAM probe is a
local implementation decision at the controller and is outside the local implementation decision at the controller and is outside the
scope of this document. scope of this document.
4. Implementation Status Appendix B. Acknowledgements
This section is to be removed prior to publishing as an RFC.
See [I-D.matsushima-spring-srv6-deployment-status] for updated
deployment and interoperability reports.
5. Security Considerations
[RFC8754] defines the notion of an SR domain and use of SRH within
the SR domain. The use of OAM procedures described in this document
is restricted to an SR domain. For example, similar to the SID
manipulation, O-flag manipulation is not considered as a threat
within the SR domain. Procedures for securing an SR domain are
defined the section 5.1 and section 7 of [RFC8754].
As noted in section 7.1 of [RFC8754], compromised nodes within the SR
domain may mount attacks. The O-flag may be set by an attacking node
attempting a denial-of-service attack on the OAM process at the
segment endpoint node. An implementation correctly implementing the
rate limiting in section 2.1.1 is not susceptible to that denial-of-
service attack. Additionally, SRH Flags are protected by the HMAC
TLV, as described in Section 2.1.2.1 of [RFC8754]. Once an HMAC is
generated for a segment list with the O-flag set, it can be used for
an arbitrary amount of traffic using that segment list with O-flag
set.
The security properties of the channel used to send exported packets
marked by the O-flag will depend on the specific OAM processes used.
An on-path attacker able to observe this OAM channel could conduct
traffic analysis, or potentially eavesdropping (depending on the OAM
configuration), of this telemetry for the entire SR domain from such
a vantage point.
This document does not impose any additional security challenges to
be considered beyond security threats described in [RFC4884],
[RFC4443], [RFC0792], [RFC8754] and [RFC8986].
6. Privacy Considerations
The per-packet marking capabilities of the O-flag provides a granular
mechanism to collect telemetry. When this collection is deployed by
an operator with knowledge and consent of the users, it will enable a
variety of diagnostics and monitoring to support the OAM and security
operations use cases needed for resilient network operations.
However, this collection mechanism will also provide an explicit
protocol mechanism to operators for surveillance and pervasive
monitoring use cases done contrary to the user's consent.
7. IANA Considerations
This document requests that IANA allocate the following registration
in the "Segment Routing Header Flags" sub-registry for the "Internet
Protocol Version 6 (IPv6) Parameters" registry maintained by IANA:
+-------+------------------------------+---------------+
| Bit | Description | Reference |
+=======+==============================+===============+
| 2 | O-flag | This document |
+-------+------------------------------+---------------+
8. Acknowledgements
The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob
Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu Song Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu Song
for their review comments. for their review comments.
9. Contributors Appendix C. Contributors
The following people have contributed to this document: The following people have contributed to this document:
Robert Raszuk Robert Raszuk
Bloomberg LP Bloomberg LP
Email: robert@raszuk.net Email: robert@raszuk.net
John Leddy John Leddy
Individual Individual
Email: john@leddy.net Email: john@leddy.net
skipping to change at page 21, line 21 skipping to change at page 23, line 34
Email: ddukes@cisco.com Email: ddukes@cisco.com
Cheng Li Cheng Li
Huawei Huawei
Email: chengli13@huawei.com Email: chengli13@huawei.com
Faisal Iqbal Faisal Iqbal
Individual Individual
Email: faisal.ietf@gmail.com Email: faisal.ietf@gmail.com
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
(SRv6) Network Programming", RFC 8986,
DOI 10.17487/RFC8986, February 2021,
<https://www.rfc-editor.org/info/rfc8986>.
10.2. Informative References
[I-D.gandhi-spring-stamp-srpm]
Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens,
B., and R. Foote, "Performance Measurement Using Simple
TWAMP (STAMP) for Segment Routing Networks", draft-gandhi-
spring-stamp-srpm-07 (work in progress), July 2021.
[I-D.ietf-ippm-ioam-data]
Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields
for In-situ OAM", draft-ietf-ippm-ioam-data-11 (work in
progress), November 2020.
[I-D.matsushima-spring-srv6-deployment-status]
Matsushima, S., Filsfils, C., Ali, Z., Li, Z., and K.
Rajaraman, "SRv6 Implementation and Deployment Status",
draft-matsushima-spring-srv6-deployment-status-11 (work in
progress), February 2021.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998,
<https://www.rfc-editor.org/info/rfc2328>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
"Extended ICMP to Support Multi-Part Messages", RFC 4884,
DOI 10.17487/RFC4884, April 2007,
<https://www.rfc-editor.org/info/rfc4884>.
[RFC5476] Claise, B., Ed., Johnson, A., and J. Quittek, "Packet
Sampling (PSAMP) Protocol Specifications", RFC 5476,
DOI 10.17487/RFC5476, March 2009,
<https://www.rfc-editor.org/info/rfc5476>.
[RFC5837] Atlas, A., Ed., Bonica, R., Ed., Pignataro, C., Ed., Shen,
N., and JR. Rivers, "Extending ICMP for Interface and
Next-Hop Identification", RFC 5837, DOI 10.17487/RFC5837,
April 2010, <https://www.rfc-editor.org/info/rfc5837>.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010,
<https://www.rfc-editor.org/info/rfc5880>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model
for IP Flow Information Export (IPFIX)", RFC 7012,
DOI 10.17487/RFC7012, September 2013,
<https://www.rfc-editor.org/info/rfc7012>.
[RFC7799] Morton, A., "Active and Passive Metrics and Methods (with
Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799,
May 2016, <https://www.rfc-editor.org/info/rfc7799>.
[RFC7880] Pignataro, C., Ward, D., Akiya, N., Bhatia, M., and S.
Pallagatti, "Seamless Bidirectional Forwarding Detection
(S-BFD)", RFC 7880, DOI 10.17487/RFC7880, July 2016,
<https://www.rfc-editor.org/info/rfc7880>.
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
[RFC8403] Geib, R., Ed., Filsfils, C., Pignataro, C., Ed., and N.
Kumar, "A Scalable and Topology-Aware MPLS Data-Plane
Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July
2018, <https://www.rfc-editor.org/info/rfc8403>.
[RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and
C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of
IGP Traffic Engineering Performance Metric Extensions",
RFC 8571, DOI 10.17487/RFC8571, March 2019,
<https://www.rfc-editor.org/info/rfc8571>.
Authors' Addresses Authors' Addresses
Zafar Ali Zafar Ali
Cisco Systems Cisco Systems
Email: zali@cisco.com Email: zali@cisco.com
Clarence Filsfils Clarence Filsfils
Cisco Systems Cisco Systems
Email: cfilsfil@cisco.com Email: cfilsfil@cisco.com
 End of changes. 26 change blocks. 
227 lines changed or deleted 228 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/