SFC WG | G. Mirsky |
Internet-Draft | ZTE Corp. |
Updates: 8300 (if approved) | W. Meng |
Intended status: Standards Track | ZTE Corporation |
Expires: September 9, 2019 | B. Khasnabish |
Individual contributor | |
C. Wang | |
March 8, 2019 |
Active OAM for Service Function Chains in Networks
draft-ietf-sfc-multi-layer-oam-02
A set of requirements for active Operation, Administration and Maintenance (OAM) of Service Function Chains (SFCs) in networks is presented. Based on these requirements an encapsulation of active OAM message in SFC and a mechanism to detect and localize defects described. Also, this document updates RFC 8300 in the definition of O (OAM) bit in the Network Service Header (NSH) and defines how the active OAM message identified in SFC NSH.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 9, 2019.
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[RFC7665] defines components necessary to implement Service Function Chain (SFC). These include a classifier which performs the classification of incoming packets. A Service Function Forwarder (SFF) is responsible for forwarding traffic to one or more connected Service Functions (SFs) according to the information carried in the SFC encapsulation. SFF also handles traffic coming back from the SF and transports the data packets to the next SFF. And the SFF serves as termination element of the Service Function Path (SFP). SF is responsible for the specific treatment of received packets.
Resulting from that SFC is constructed by a number of these components, there are different views from different levels of the SFC. One is the SFC, entirely abstract entity, which defines an ordered set of SFs that must be applied to packets selected as a result of classification. But SFC doesn't specify the exact mapping between SFFs and SFs. Thus there exists another semi-abstract entity referred to as SFP. SFP is the instantiation of the SFC in the network and provides a level of indirection between the entirely abstract SFC and a fully specified ordered list of SFFs and SFs identities that the packet will visit when it traverses the SFC. The latter entity is being referred to as Rendered Service Path (RSP). The main difference between SFP and RSP is that in the former the authority to select the SFF/SF has been delegated to the network.
This document defines how active Operation, Administration and Maintenance (OAM), per [RFC7799] definition of active OAM, identified in Network Service Header (NSH) SFC, lists requirements to improve the troubleshooting efficiency, and defines SFC Echo request and Echo reply that enables on-demand Continuity Check, Connectivity Verification among other operations over SFC in networks. Also, this document updates Section 2.2 of [RFC8300] in part of the definition of O bit in the (NSH).
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
Unless explicitly specified in this document, active OAM in SFC and SFC OAM are being used interchangeably.
e2e: End-to-End
FM: Fault Management
NSH: Network Service Header
OAM: Operations, Administration, and Maintenance
PRNG: Pseudorandom number generator
RDI: Remote Defect Indication
RSP: Rendered Service Path
SMI Structure of Management Information
SF: Service Function
SFC: Service Function Chain
SFF: Service Function Forwarder
SFP: Service Function Path
To perform the OAM task of fault management (FM) in an SFC, that includes failure detection, defect characterization and localization, this document defines the set of requirements for active OAM mechanisms to be used on an SFC.
+---+ +---+ +---+ +---+ +---+ +---+ |SF1| |SF2| |SF3| |SF4| |SF5| |SF6| +---+ +---+ +---+ +---+ +---+ +---+ \ / \ / \ / +----------+ +----+ +----+ +----+ |Classifier|-------|SFF1|---------|SFF2|--------|SFF3| +----------+ +----+ +----+ +----+
Figure 1: SFC reference model
In the example presented in Figure 1, the service SFP1 may be realized through two independent RSPs, RSP1(SF1--SF3--SF5) and RSP2(SF2--SF4--SF5). To perform end-to-end (e2e) FM SFC OAM:
The egress, SFF3 in the example in Figure 1, is the entity that detects the failure of the SFC. It must be able to signal the new defect state to the ingress SFF1. Hence the following requirement:
Once the SFF1 detects the defect objective of OAM switches from failure detection to defect characterization and localization.
It is practical, as presented in Figure 1, that several SFs share the same SFF. In such case, SFP1 may be realized over two RSPs, RSP1(SF1--SF3--SF5) and RSP2(SF2--SF4--SF6).
In the process of localizing the SFC failure, separating SFC OAM layers is an efficient approach. To achieve that continuity among SFFs that are part of the same SFP should be verified. Once SFFs reachability along the particular SFP has been confirmed task of defect localization may focus on SF reachability verification. Because reachability of SFFs has already verified, SFF local to the SF may be used as a source of the test packets.
The interpretation of O bit flag in the NSH header is defined in [RFC8300] as: Section 8.1. The rules of interpreting the values of O bit and the Next Protocol field are as follows:
This document updates the definition of O bit as follows:
Active SFC OAM defined as a combination of OAM commands and/or data included in a message that immediately follows the NSH. To identify the active OAM message the value on the Next Protocol field MUST be set to Active SFC OAM (TBA1) according to
From the above-listed rules follows the recommendation to avoid combination of OAM in a Fixed-Length Context Header or Variable-Length Context Header(s) and in the payload immediately following the SFC NSH because there is no unambiguous way to identify such combination using the O bit and the Next Protocol field.
Several active OAM protocols will be needed to address all the requirements listed in Section 3. Destination UDP port number may identify protocols if IP/UDP encapsulation used. But extra IP/UDP headers, especially in the case of IPv6, add noticeable overhead. This document defines Active OAM Header Figure 2 to demultiplex active OAM protocols on an SFC.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | V | Msg Type | Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ SFC Active OAM Control Packet ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: SFC Active OAM Header
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version Number | Global Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message Type | Reply mode | Return Code | Return S.code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sender's Handle | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ TLVs ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: SFC Echo Request/Reply format
Echo Request/Reply is a well-known active OAM mechanism that is extensively used to detect inconsistencies between a state in control and the data planes, localize defects in the data plane. The format of the Echo request/Echo reply control packet is to support ping and traceroute functionality in SFC in networks Figure 3 resembles the format of MPLS LSP Ping [RFC8029] with some exceptions.
The interpretation of the fields is as follows:
Value Meaning ----- ------- 0 No Return Code 1 Malformed echo request received 2 One or more of the TLVs was not understood
The Return Code is set to zero by the sender of an echo request. The receiver of said echo request can set it to one of the values listed below in the corresponding echo reply that it generates.
SFC echo request control packet MUST use the appropriate encapsulation of the monitored SFP. If Network Service Header (NSH) is used, echo request MUST set O bit, as defined in [RFC8300]. SFC NSH MUST be immediately followed by the SFC Active OAM Header defined in Section 4. Message Type field in the SFC Active OAM Header MUST be set to SFC Echo Request/Echo Reply value (TBA2) per Section 8.2.
Value of the Reply Mode field MAY be set to:
Sending an SFC echo request to the control plane is triggered by one of the following packet processing exceptions: NSH TTL expiration, NSH Service Index (SI) expiration or the receiver is the terminal SFF for an SFP.
Firstly, the SFF that has received an SFC echo request verifies the general sanity of the received packet. If the packet is not well- formed, the receiver SFF SHOULD send an SFC echo reply with the Return Code set to "Malformed echo request received" and the Subcode set to zero. If there are any TLVs not marked as "Ignore" (i.e., if the TLV type is less than 32768, see Section 3) that SFF does not understand, the SFF SHOULD send an SFC echo reply with the Return Code set to "TLV not understood" and set the Subcode to zero. In the latter case, the SFF SHOULD include an Errored TLVs TLV that as sub-TLVs contains only the misunderstood TLVs. The header field's Sender's Handle, Sequence Number are not examined but are included in the SFC echo reply message.
The Reply Mode field directs whether and how the echo reply message should be sent. The sender of the echo request MAY use TLVs to request that the corresponding echo reply is transmitted over the specified path. Value TBA3 is referred to as "Do not reply" mode and suppresses transmission of echo reply packet. The default value (TBA6) for the Reply mode field requests the responder to send the echo reply packet out-of-band as IPv4 or IPv6 UDP packet.
Responder to the SFC echo request sends the echo reply over IP network if the Reply mode is Reply via an IPv4/IPv6 UDP Packet. Because SFC NSH does not identify the ingress of the SFP the echo request, the source ID MUST be included in the message and used as the IP destination address for IP/UDP encapsulation of the SFC echo reply. The sender of the SFC echo request MUST include SFC Source TLV Figure 4.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SFC OAM Source ID Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: SFC Source TLV
The UDP destination port for SFC Echo Reply TBA10 will be allocated by IANA Section 8.8.
An SFF SHOULD NOT accept SFC echo reply unless the received passes the following checks:
Overlay Echo Request/Reply operates within the domain of the overlay network and thus inherits any security considerations that apply to the use of that overlay technology and, consequently, underlay data plane. Also, the security needs for SFC echo request/reply are similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping [RFC8029].
There are at least three approaches of attacking a node in the overlay network using the mechanisms defined in the document. One is a Denial-of-Service attack, by sending SFC ping to overload an element of the SFC. The second may use spoofing, hijacking, replying, or otherwise tampering with SFC echo requests and/or replies to misrepresent, alter operator's view of the state of the SFC. The third is an unauthorized source using an SFC echo request/reply to obtain information about the SFC and/or its elements, e.g. SFF or SF.
It is RECOMMENDED that implementations throttle the SFC ping traffic going to the control plane to mitigate potential Denial-of-Service attacks.
Reply and spoofing attacks involving faking or replying SFC echo reply messages would have to match the Sender's Handle and Sequence Number of an outstanding SFC echo request message which is highly unlikely. Thus the non-matching reply would be discarded.
To protect against unauthorized sources trying to obtain information about the overlay and/or underlay an implementation MAY check that the source of the echo request is indeed part of the SFP.
Authors greatly appreciate thorough review and the most helpful comments from Dan Wing and Dirk von Hugo.
IANA is requested to assign a new type from the SFC Next Protocol registry as follows:
Value | Description | Reference |
---|---|---|
TBA1 | SFC Active OAM | This document |
IANA is requested to create a new registry called "SFC Active OAM Message Type". All code points in the range 1 through 32767 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126]. Remaining code points to be allocated according to the table Table 2:
Value | Description | Reference |
---|---|---|
0 | Reserved | |
1 - 32767 | Reserved | IETF Consensus |
32768 - 65530 | Reserved | First Come First Served |
65531 - 65534 | Reserved | Private Use |
65535 | Reserved |
IANA is requested to assign new type from the SFC Active OAM Message Type registry as follows:
Value | Description | Reference |
---|---|---|
TBA2 | SFC Echo Request/Echo Reply | This document |
IANA is requested to create new SFC Echo Request/Echo Reply Parameters registry.
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Message Types. All code points in the range 1 through 191 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126] and assign values as follows:
Value | Description | Reference |
---|---|---|
0 | Reserved | |
TBA3 | SFC Echo Request | This document |
TBA4 | SFC Echo Reply | This document |
TBA4+1-191 | Unassigned | IETF Review |
192-251 | Unassigned | First Come First Served |
252-254 | Unassigned | Private Use |
255 | Reserved |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Reply Modes All code points in the range 1 through 191 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126] and assign values as follows:
Value | Description | Reference |
---|---|---|
0 | Reserved | |
TBA5 | Do Not Reply | This document |
TBA6 | Reply via an IPv4/IPv6 UDP Packet | This document |
TBA7 | Reply via Application Level Control Channel | This document |
TBA8 | Reply via Specified Path | This document |
TBA8+1-191 | Unassigned | IETF Review |
192-251 | Unassigned | First Come First Served |
252-254 | Unassigned | Private Use |
255 | Reserved |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Return Codes:
Value | Description | Reference |
---|---|---|
0-191 | Unassigned | IETF Review |
192-251 | Unassigned | First Come First Served |
252-254 | Unassigned | Private Use |
255 | Reserved |
Value Meaning ----- ------- 0 No Return Code 1 Malformed echo request received 2 One or more of the TLVs was not understood
Return Codes defined in this document are the following:
IANA is requested to create SFC OAM TLV Type registry. All code points in the range 1 through 32759 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126]. Code points in the range 32760 through 65279 in this registry shall be allocated according to the "First Come First Served" procedure as specified in [RFC8126]. Remaining code points are allocated according to the Table 7:
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1- 32767 | Mandatory TLV, unassigned | IETF Review |
32768 - 65279 | Optional TLV, unassigned | First Come First Served |
65280 - 65519 | Experimental | This document |
65520 - 65534 | Private Use | This document |
65535 | Reserved | This document |
This document defines the following new value in SFC OAM TLV Type registry:
Value | Description | Reference |
---|---|---|
TBA9 | Source IP Address | This document |
IANA is requested to allocate UDP port number according to
Service Name | Port Number | Transport Protocol | Description | Semantics Definition | Reference |
---|---|---|---|---|---|
SFC OAM | TBA10 | UDP | SFC OAM | Section 5.4 | This document |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC8174] | Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017. |
[RFC8300] | Quinn, P., Elzur, U. and C. Pignataro, "Network Service Header (NSH)", RFC 8300, DOI 10.17487/RFC8300, January 2018. |