Internet DRAFT - draft-ietf-sfc-nsh-ecn-support
draft-ietf-sfc-nsh-ecn-support
SFC Working Group D. Eastlake
Internet-Draft Futurewei Technologies
Intended status: Standards Track B. Briscoe
Expires: 25 April 2024 Independent
Y. Li
Huawei Technologies
A. Malis
Malis Consulting
X. Wei
Huawei Technologies
23 October 2023
Explicit Congestion Notification (ECN) and Congestion Feedback Using the
Network Service Header (NSH) and IPFIX
draft-ietf-sfc-nsh-ecn-support-12
Abstract
Explicit Congestion Notification (ECN) allows a forwarding element to
notify downstream devices of the onset of congestion without having
to drop packets. Coupled with a means to feed information about
congestion back to upstream nodes, this can improve network
efficiency through better congestion control, frequently without
packet drops. This document specifies ECN and congestion feedback
support within a Service Function Chaining (SFC) enabled domain
through use of the Network Service Header (NSH, RFC 8300) and IP Flow
Information Export (IPFIX, RFC 7011) protocol.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 25 April 2024.
Eastlake, et al. Expires 25 April 2024 [Page 1]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. NSH Background . . . . . . . . . . . . . . . . . . . . . 3
1.2. ECN Background . . . . . . . . . . . . . . . . . . . . . 5
1.3. Tunnel Congestion Feedback Background . . . . . . . . . . 5
1.4. Conventions Used in This Document . . . . . . . . . . . . 7
2. The NSH ECN Field . . . . . . . . . . . . . . . . . . . . . . 8
3. ECN Support in the NSH . . . . . . . . . . . . . . . . . . . 9
3.1. At The Ingress . . . . . . . . . . . . . . . . . . . . . 11
3.2. At Transit Nodes . . . . . . . . . . . . . . . . . . . . 12
3.2.1. At NSH Transit Nodes . . . . . . . . . . . . . . . . 12
3.2.2. At an SF/Proxy . . . . . . . . . . . . . . . . . . . 13
3.2.3. At Other Forwarding Nodes . . . . . . . . . . . . . . 14
3.3. At Exit/Egress/End . . . . . . . . . . . . . . . . . . . 14
3.4. Congestion Statistics and More Complex Cases . . . . . . 15
4. Tunnel Congestion Feedback Support . . . . . . . . . . . . . 16
4.1. Congestion Level Measurements . . . . . . . . . . . . . . 16
4.2. Congestion Information Delivery . . . . . . . . . . . . . 18
4.3. IPFIX Extensions . . . . . . . . . . . . . . . . . . . . 19
4.3.1. nshServicePathID . . . . . . . . . . . . . . . . . . 20
4.3.2. tunnelEcnCeCeByteTotalCount . . . . . . . . . . . . . 20
4.3.3. tunnelEcnEctNectBytetTotalCount . . . . . . . . . . . 20
4.3.4. tunnelEcnCeNectByteTotalCount . . . . . . . . . . . . 21
4.3.5. tunnelEcnCeEctByteTotalCount . . . . . . . . . . . . 21
4.3.6. tunnelEcnEctEctByteTotalCount . . . . . . . . . . . . 21
4.3.7. tunnelEcnCEMarkedRatio . . . . . . . . . . . . . . . 22
4.4. IPFIX over NSH . . . . . . . . . . . . . . . . . . . . . 22
5. Example of Use . . . . . . . . . . . . . . . . . . . . . . . 23
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
6.1. SFC NSH Header ECN Bits . . . . . . . . . . . . . . . . . 26
6.2. SFC NSH Next Protocol Value . . . . . . . . . . . . . . . 26
6.3. IPFIX Information Element IDs . . . . . . . . . . . . . . 26
6.4. Security Considerations . . . . . . . . . . . . . . . . . 28
Eastlake, et al. Expires 25 April 2024 [Page 2]
Internet-Draft NSH ECN & Congestion Feedback October 2023
7. Normative References . . . . . . . . . . . . . . . . . . . . 28
8. Informative References . . . . . . . . . . . . . . . . . . . 29
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction
Explicit Congestion Notification (ECN [RFC3168]) allows a forwarding
element to notify downstream nodes of the onset of congestion without
having to drop packets. Coupled with a means to feed information
about congestion back to upstream nodes, this can improve network
efficiency through better congestion control, frequently without
packet drops. This document specifies ECN and congestion feedback
support within a Service Function Chaining (SFC [RFC7665]) enabled
domain through use of the Network Service Header (NSH [RFC8300]) and
IP Flow Information Export (IPFIX [RFC7011]) protocol.
This document requires that all ingress and egress nodes of the SFC
domain, for the flows to which these techniques are applied,
implement ECN. While congestion management will be the most
effective if all interior nodes of the SFC enabled domain transited
by those flows implement ECN, some benefit is obtained even if some
of those nodes do not implement ECN. Congestion at any interior
bottleneck where ECN marking is not implemented will be unmanaged.
The following subsections provide background information on NSH, ECN,
congestion feedback through IPFIX, and terminology used in this
document.
1.1. NSH Background
The Service Function Chaining (SFC [RFC7665]) architecture calls for
the encapsulation of traffic within a service function chaining
domain with a Network Service Header (NSH [RFC8300]) added by a
"Classifier" (ingress node) on entry to the domain with the NSH being
removed on exit from the domain at the egress node. The NSH is used
to control the path of a packet in the SFC domain.
Eastlake, et al. Expires 25 April 2024 [Page 3]
Internet-Draft NSH ECN & Congestion Feedback October 2023
|
v
+----------+
. .|Classifier|. . . . . . . . . . . . . .
. +----------+ .
. | +----+ .
. | --+ SF | Service .
. | / +----+ Function .
. v --- Chaining .
. +-----+/ +----+ domain .
. | SFF |--------+ SF | .
. +-----+\ +----+ .
. | --- .
. | \ +----+ .
. | --+ SF | .
. v +----+ .
. +-----+ +----+ .
. | SFF |-----------------+ SF | .
. +-----+ +----+ .
. | +----+ .
. | --+ SF | .
. | / +----+ .
. v --- .
. +-----+/ +----+ .
. | SFF |--------+ SF | .
. +-----+\ +----+ .
. | --- .
. | \ +----+ .
. | --+ SF | .
. v +----+ .
. +------+ .
. . .|Egress|. . . . . . . . . . . . . . .
+------+
|
v
Figure 1: Example SFC Forwarding Nodes Path
Figure 1 shows an SFC enabled domain for the purpose of illustrating
the use of the NSH. Traffic passes through a sequence of Service
Function Forwarders (SFFs) each of which sends the traffic to one or
more Service Functions (SFs). Each SF performs some operation on the
traffic, for example firewalling or Network Address Translation (NAT)
or load balancing, and then returns the traffic to the SFF from which
it was received.
Eastlake, et al. Expires 25 April 2024 [Page 4]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Logically, during the transit of each SFF, the outer transport header
that got the packet to the SFF is stripped (see Figure 3), the SFF
decides on the next forwarding step, either adding a new outer
transport header or, if the SFF is the exit/egress/end, removing the
NSH header. The outer transport headers added may be different in
different regions of the SFC enabled domain. For example, IP could
be used for some SFF-to-SFF communication and MPLS used for other
SFF- to-SFF communication.
1.2. ECN Background
Explicit Congestion Notification (ECN [RFC3168]) allows a forwarding
element (such as a router or a Service Function Forwarder (SFF) or
Service Function (SF)) to notify downstream nodes of the onset of
congestion without having to drop packets. This can be used as an
element in active queue management (AQM) [RFC7567] to improve network
efficiency through better traffic control without packet drops. The
forwarding element can explicitly mark some packets in an ECN field
instead of dropping the packet. For example, a two-bit field is
available for ECN marking in IP headers [RFC3168].
1.3. Tunnel Congestion Feedback Background
Tunnels are widely deployed in various networks including data center
networks, enterprise networks, and the public Internet. A tunnel
consists of ingress, egress, and a set of intermediate nodes
including routers. Tunnel Congestion Feedback (Section 4) is a
building block for congestion mitigation methods. It supports
feedback of congestion information from an egress node to an ingress
node. This document treats paths in the SFC enabled domain as
tunnels with the initial Classifier node being the ingress; however,
the tunnel congestion feedback facilities specified in this document
MAY be used in contexts other than SFC.
Any action by a tunnel ingress to reduce congestion needs to allow
sufficient time for the end-to-end congestion control loop to respond
first, for instance by the ingress taking a smoothed average of the
level of congestion signaled by feedback from the tunnel egress or
delaying any action for at least the worst case end-to-end round-trip
time (for example, 200 milliseconds). Otherwise, the system could
become unstable.
Examples of actions that can be taken by an ingress node when it has
knowledge of downstream congestion include those listed below.
Details of implementing these traffic control methods, beyond those
given here, are outside the scope of this document.
(1) Traffic throttling (policing), where the downstream traffic
Eastlake, et al. Expires 25 April 2024 [Page 5]
Internet-Draft NSH ECN & Congestion Feedback October 2023
flowing out of the ingress node is limited to reduce or eliminate
congestion.
(2) Upstream congestion feedback, where the ingress node sends
messages indicating congestion upstream to or towards the ultimate
traffic source, a function that can throttle traffic generation/
transmission.
(3) Traffic re-direction, where the ingress node configures the NSH
of some future traffic so that it avoids congested paths. Great
care must be taken with this option to avoid (a) significant re-
ordering of traffic in flows that it is desirable to keep in order
due to end-to-end requirements or due to a stateful SF and (b)
oscillation/instability in traffic paths due to alternate
congestion of previously idle paths and the idling of previously
congested paths. For example, it is preferable to classify
traffic into flows of a sufficiently coarse granularity that the
flows are long lived and to use a stable path per flow, sending
only newly appearing flows on apparently uncongested paths rather
than changing the path for any already existing flow.
Figure 2 shows an example path from an original sender to a final
receiver passing through a chain of service functions between the
ingress and egress of an SFC enabled domain. The path is likely to
pass through other network nodes outside the SFC enabled domain (not
shown) before entering that domain and after leaving that domain.
Figure 2 shows typical congestion feedback that would be expected
from the final receiver to the origin sender, which controls the load
the origin sender directs to elements on the path. The figure also
shows the congestion feedback from the egress to the ingress of the
SFC enabled domain that is described in this document, to control or
balance load within that domain.
Eastlake, et al. Expires 25 April 2024 [Page 6]
Internet-Draft NSH ECN & Congestion Feedback October 2023
.:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = :.
_||_ End-to-End Congestion Feedback ||
\ / ||
\/ ||
__ Inner Transport Header and Payload __
| | ->- - - - - - - - - - - - - - ->- - - - - -- - - - - - ->- | |
| | | |
| | .:= = = = = = = = = = = = = = = = = = = = = =:. | |
| | _||_ Tunnel Congestion Feedback || | |
| | \ / || | |
| | \/ || | |
| | __ NSH __ | |
| | | |-------------------------->--------------| | | |
| |. . . | | ___ ___ ___ | |. . .| |
| | | | OT1 | | OT4 | | . . . | | OTn | | | |
| | | |-->--|SFF|--->---|SFF| |SFF|-->--| | | |
|__| |__| |___| |___| |___| |__| |__|
origin SFC | ^ | ^ SFC final
sender domain OT2| |OT3 OT6| |OT7 domain rcvr
ingress v | v | egress
+---+ +---+ SFF
|SF | |SF |
+---+ +---+
Figure 2: Congestion Feedback across an SFC enabled Domain
SFC enabled Domain congestion feedback in Figure 2 is shown within
the context of an end-to-end congestion feedback loop. Also shown is
the encapsulated layering of NSH headers within a series of outer
transport headers (OT1, OT2, ... OTn).
Figure 2 is simplified as there might be multiple egress nodes and
some of them may be final receivers for particular packets. (See
Section 3.4.)
1.4. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Acronyms:
AQM - Active Queue Management [RFC7567]
CE - Congestion Experienced [RFC3168]
Eastlake, et al. Expires 25 April 2024 [Page 7]
Internet-Draft NSH ECN & Congestion Feedback October 2023
DDoS - Distributed Denial of Service
downstream - The direction from ingress to egress
ECN - Explicit Congestion Notification [RFC3168]
ECT - ECN Capable Transport [RFC3168]
IPFIX - IP Flow Information Export [RFC7011]
Not-ECT - Not ECN-Capable Transport [RFC3168]
NSH - Network Service Header [RFC8300]
SF - Service Function [RFC7665]
SFC - Service Function Chaining [RFC7665]
SFF - Service Function Forwarder [RFC7665] - A type of node that
forwards based on the NSH.
SPI - Service Path Identifier
TLV - Type Length Value
upstream - The direction from egress to ingress
2. The NSH ECN Field
The NSH is used to encapsulate traffic and control its subsequent
path (see Section 2 of [RFC8300]). The NSH also provides for
optional metadata inclusion, as shown in Figure 3.
+-----------------------------------+
| Outer Transport Header |
+-----------------------------------+
| Network Service Header (NSH) |
| +------------------------------+ |
| | Base Header | |
| +------------------------------+ |
| | Service Path Header | |
| +------------------------------+ |
| | Metadata (Context Header(s)) | |
| +------------------------------+ |
+-----------------------------------+
| Original Packet / Frame / Payload |
+-----------------------------------+
Eastlake, et al. Expires 25 April 2024 [Page 8]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Figure 3: Data Encapsulation with the NSH
This document assigns two currently unused bits (indicated by "U") in
the NSH Base Header (Section 2.2 of [RFC8300]) for the purpose of ECN
indication as shown in Figure 4.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
^ ^
| |
+-------+
|NSH ECN|
| field |
+-------+
Figure 4: Updated NSH Base Header
RFC Editor NOTE: The above figure should be adjusted based on the
bits actually assigned by IANA (see Section 6) and this note deleted.
Table 1 shows the meaning of the code points in the NSH ECN field.
These have the same meaning as the ECN field code points in the IPv4
or IPv6 header as defined in Section 23.1 of [RFC3168].
+========+=========+===========================+
| Binary | Name | Meaning |
+========+=========+===========================+
| 00 | Not-ECT | Not ECN-Capable Transport |
+--------+---------+---------------------------+
| 01 | ECT(1) | ECN-Capable Transport |
+--------+---------+---------------------------+
| 10 | ECT(0) | ECN-Capable Transport |
+--------+---------+---------------------------+
| 11 | CE | Congestion Experienced |
+--------+---------+---------------------------+
Table 1: ECN Field Code Points
3. ECN Support in the NSH
This section describes the required behavior to support ECN using the
NSH. There are two aspects to ECN support:
1. ECN propagation during ingress or egress;
Eastlake, et al. Expires 25 April 2024 [Page 9]
Internet-Draft NSH ECN & Congestion Feedback October 2023
2. ECN marking during congestion at bottlenecks.
While this section covers all combinations of ECN-aware and ECN-
unaware, it is expected that in most cases the NSH domain will be
uniform so that, if this document is applicable, all SFFs will
support ECN; however, some SFs might not support ECN.
ECN Propagation:
The specification of ECN tunneling [RFC6040] explains that an
ingress must not propagate ECN support into an encapsulating
header unless the egress supports correct onward propagation of
the ECN field during decapsulation. We define Compliant ECN
Decapsulation here as decapsulation compliant with either
[RFC6040] or an earlier compatible equivalent ([RFC4301], or the
full functionality mode of [RFC3168]).
The procedures in Section 3.2.1 ensure that each ingress of the
transport links within the SFC enabled domain does not propagate
ECN support into the encapsulating outer transport header unless
the corresponding egress of that link supports Compliant ECN
Decapsulation.
Section 3.3 requires that all the egress nodes of the SFC enabled
domain that continue to propagate a packet support Compliant ECN
Decapsulation in conjunction with tunnel congestion feedback;
otherwise the scheme in this document will not work. (An SFC
domain may have nodes that terminate packets and thus are
logically "egress" nodes but for which further propagation of ECN
is meaningless.)
ECN Marking:
At transit nodes the marking behavior specified in Section 3.2.1
is recommended and if not implemented at such transit nodes, there
may be unmanaged congestion.
Detection of congestion will be most effective if ECN marking is
supported by all potential bottlenecks inside the domain in which
NSH is being used to route traffic as well as at the ingress and
egress. Nodes that do not support ECN marking, or that support
AQM but not ECN, will naturally use drop to relieve congestion.
The gap in the end-to-end packet sequence will be detected as
congestion by the final receiving endpoint, but not by the NSH
egress (see Figure 2).
Eastlake, et al. Expires 25 April 2024 [Page 10]
Internet-Draft NSH ECN & Congestion Feedback October 2023
3.1. At The Ingress
When the ingress/Classifier encapsulates an incoming packet with an
NSH, it MUST set the NSH ECN field using the "Normal mode" specified
in [RFC6040] (e.g., copied from the incoming IP header).
Then, if the resulting NSH ECN field is Not-ECT, the ingress SHOULD
set it to ECT(0). This indicates that, even though the end-to-end
transport is not ECN-capable, the egress and ingress of the SFC
enabled domain are acting as an ECN-capable transport. This approach
supports all known variants of ECN, including the experimental L4S
capability [RFC8311] [ecnL4S].
Packets arriving at the ingress might not use IP. If the protocol of
arriving packets supports an ECN field similar to IP, for example
MPLS [RFC5129], the procedures for IP packets can be used. If
arriving packets do not support an ECN field similar to IP, they MUST
be treated as if they are Not-ECT IP packets.
Then, as the NSH encapsulated packet is further encapsulated with a
transport header, if ECN marking is available for that transport (as
it is for IP [RFC3168] and MPLS [RFC5129]), the ECN field of the
transport header MUST be set using the "Normal mode" specified in
[RFC6040] (i.e., copied from the NSH ECN field).
A summary of these normative steps is given in Table 2.
+=============================+===================+
| Incoming Header (also equal | Departing NSH and |
| to departing Inner Header | Outer Headers |
+=============================+===================+
| Not-ECT | ECT(0) |
+-----------------------------+-------------------+
| ECT(0) | ECT(0) |
+-----------------------------+-------------------+
| ECT(1) | ECT(1) |
+-----------------------------+-------------------+
| CE | CE |
+-----------------------------+-------------------+
Table 2: Setting of ECN fields by an Ingress/
Classifier
The requirements in this section apply to all ingress nodes for the
domain in which an NSH is being used to steer traffic.
Eastlake, et al. Expires 25 April 2024 [Page 11]
Internet-Draft NSH ECN & Congestion Feedback October 2023
3.2. At Transit Nodes
This section describes the behavior at nodes that forward based on
the NSH such as SFF and other forwarding nodes such as IP routers.
Figure 5 shows a packet on the wire between forwarding nodes.
+-----------------+
| Outer Header |
+-----------------+
| NSH |
+-----------------+
| Inner Header |
+-----------------+
| Payload |
+-----------------+
Figure 5: Packet in Transit
There can be nodes implementing firewall, DDoS, or similar functions
that conditionally discard packets. When they do discard a packet,
they are an egress node (see Section 3.3), not a transit node.
3.2.1. At NSH Transit Nodes
When a packet is received at an NSH based forwarding node such as an
SFF, say N1, the outer transport encapsulation is removed and its ECN
marking SHOULD be combined into the NSH ECN marking as specified in
[RFC6040]. If this is not done, any congestion encountered at non-
NSH transit nodes between N1 and the previous upstream NSH based
forwarding node will be lost and not transmitted downstream.
The NSH forwarding node SHOULD use a recognized AQM algorithm
[RFC7567] to detect congestion. If the NSH ECN field indicates ECT,
it will probabilistically set the NSH ECN field to the Congestion
Experienced (CE) value or, in cases of extreme congestion, drop the
packet.
When the NSH encapsulated packet is further encapsulated for
transmission to the next SFF or SF, ECN marking behavior depends on
whether or not the node that will decapsulate the outer header
supports Compliant ECN Decapsulation (see Section 3). If it does,
then the encapsulating node propagates the NSH ECN field to this
outer encapsulation using the "Normal Mode" of ECN encapsulation
[RFC6040] (the ECN field is copied). If it does not, then the
encapsulating node MUST clear ECN in the outer encapsulation to non-
ECT (the "Compatibility Mode" of [RFC6040]).
Eastlake, et al. Expires 25 April 2024 [Page 12]
Internet-Draft NSH ECN & Congestion Feedback October 2023
3.2.2. At an SF/Proxy
If the SF is NSH and ECN-aware, the processing is essentially the
same at the SF as at an SFF as discussed in Section 3.2.1 (except in
the case where the SF terminates the packets path).
If the SF is NSH-aware but ECN-unaware, then the SFF transmitting the
packet to the SF will use Compatibility Mode. Congestion encountered
in the SFF to SF and SF to SFF paths or internal to the SF will be
unmanaged.
If the SF is not NSH-aware, then an NSH proxy will be between the SFF
and the SF to avoid exposure of the NSH-ignorant SF to NSHs as shown
in Figure 6. This is described in Section 4.6 of [RFC7665]. The SF
and proxy together look to the SFF like an NSH-aware SF. The
behavior at the proxy and SF in this case is as below:
If such a proxy is not ECN-aware, then congestion in the entire
path from SFF to proxy to SF back to proxy to SFF will be
unmanaged.
|
v
+----------+ +---------+
| | +-------+ | NSH |
| SFF +---->| NSH +---->|un-aware |
|(Service | | aware | | SF |
| Function |<----+ proxy |<----+(Service |
|Forwarder)| +-------+ |Function)|
+----------+ +---------+
|
v
Figure 6: Proxy for NSH Un-aware SFF
If the proxy is ECN-aware, the proxy uses an AQM to indicate
congestion within the proxy in the NSH that it returns to the SFF.
The outer header used for the proxy-to-SF path uses Normal Mode.
The outer header used for the proxy-to-SFF path uses Normal Mode
based copying of the NSH ECN field to the outer header. Thus
congestion in the proxy will be managed.
Congestion in the SF will be managed only if the SF is ECN-aware
and implements an AQM.
Eastlake, et al. Expires 25 April 2024 [Page 13]
Internet-Draft NSH ECN & Congestion Feedback October 2023
3.2.3. At Other Forwarding Nodes
Other forwarding nodes, that is non-NSH forwarding nodes between NSH
forwarding nodes, such as IP or label switched routers, bridges, or
other devices, might also contain potential bottlenecks. If so, they
SHOULD implement an AQM algorithm to update the ECN marking in the
outer transport header as specified in [RFC3168].
3.3. At Exit/Egress/End
At an SFC enabled domain egress node, first any actions are taken
based on Congestion Experienced or other values of ECN marking, such
as accumulating statistics to send back to the ingress (see
Section 4) or for other uses.
There can be nodes implementing firewall, DDoS, or similar functions
that then discard the packet. If the packet is so discarded, no
further actions are needed.
If the packet is to be propagated and is carried inside the NSH as
encapsulated IP, then when the NSH is removed the NSH ECN field MUST
be combined with the IP ECN field as specified in Table 3 that was
extracted from Section 3.2 of [RFC6040]. This requirement applies to
all egress nodes for the domain in which an NSH is being used to
route traffic.
+=======================+======================================+
| Arriving Inner Header | Arriving Outer Header |
| +=========+=========+=========+========+
| | Not-ECT | ECT(0) | ECT(1) | CE |
+=======================+=========+=========+=========+========+
| Not-ECT | Not-ECT | Not-ECT | Not-ECT | <drop> |
+-----------------------+---------+---------+---------+--------+
| ECT(0) | ECT(0) | ECT(0) | ECT(0) | CE |
+-----------------------+---------+---------+---------+--------+
| ECT(0) | ECT(0) | ECT(0) | ECT(0) | CE |
+-----------------------+---------+---------+---------+--------+
| CE | CE | CE | CE | CE |
+-----------------------+---------+---------+---------+--------+
Table 3: Exit ECN Fields Merger (Source [RFC6040])
All the egress nodes of the SFC enabled domain that can propagate NSH
encapsulated packets MUST support Compliant ECN Decapsulation as
specified in this section. If this is not the case, the scheme
described in this document will not work.
Eastlake, et al. Expires 25 April 2024 [Page 14]
Internet-Draft NSH ECN & Congestion Feedback October 2023
3.4. Congestion Statistics and More Complex Cases
The SFC specification permits an SF to absorb packets and to generate
new packets as well as simply processing and returning the packets it
receives to an SFF. Such actions might appear to be packet loss due
to congestion or might mask the loss of packets by generating
additional packets.
The closer a particular application of SFC is to a simple tunnel with
a single ingress and egress, the simpler it is to accurately use the
techniques in this document. Where there is a single ingress but
multiple egress nodes (where a node that discards a packet counts as
an egress) these techniques can still work well if all egress nodes
feedback congestion information to that ingress. Multiple ingress
nodes are a substantial complication, but similar techniques may
still work in some cases if multiple physical ingress nodes can
coordinate to act as one logical ingress node; methods for such
coordination are beyond the scope of this document. Use of the
techniques in this document for a flow with multiple egress and
uncoordinated ingress nodes is NOT RECOMMENDED, although there might
be some cases where these techniques could be elements in some sort
of beneficial scheme; such schemes are beyond the scope of this
document.
The tunnel congestion feedback approach (Section 4) can detect
congestions in several ways. One way detects traffic loss by
counting payload packets and bytes in at the ingress and counting
them out at the egress. This does not work unless nodes conserve the
number of payload packets and/or bytes. Therefore, it will not be
possible to accurately detect packet loss using this technique if
traffic volume, as measured by the metric in use (packets or bytes),
is not conserved by the service function chain processing that
traffic.
Nonetheless, if a bottleneck supports ECN marking, it will be
possible to detect the high level of CE markings that are associated
with congestion at that bottleneck by looking at the ratio of CE-
marked to non-CE-marked packets. However, it will not be possible to
detect any congestion based on ECN marking, whether slight or severe,
if it occurs at a bottleneck that does not support ECN marking.
Eastlake, et al. Expires 25 April 2024 [Page 15]
Internet-Draft NSH ECN & Congestion Feedback October 2023
4. Tunnel Congestion Feedback Support
The collection and storage of congestion information at an egress can
be useful for later analysis and MAY be used without the feedback
mechanisms specified in this Section. However, if congestion
information is not fed back to a point which can act to reduce
congestion, it will not be useful in real time. Such congestion
feedback to the ingress enables the ingress to take actions such as
those listed in Section 1.3.
IP Flow Information Export (IPFIX [RFC7011]) provides a standard for
communicating traffic flow statistics. As extended by this document,
IPFIX messages from the egress to the ingress are used to communicate
the extent of congestion between an ingress and egress based on ECN
marking in the NSH and traffic statistics. Each egress MUST be able
to identify the relevant ingress for a packet based on information in
the packed such as the SPI or the Ingress Network Node Information
Context Header [RFC9263].
4.1. Congestion Level Measurements
The congestion level measurements are based on ECN marking in the NSH
and packet drop. In particular, congestion information includes at
least one of the following:
* cumulative byte counts of packets with each type of outer/inner
header ECN marking combination,
* the ratio of CE-marked packets to all packets, and
* the ratio of dropped packets to all packets.
All IPFIX messages are time stamped [RFC7011]. So, for example, it
is possible to compute rates of packets or packets with various ECN
labeling from two IPFIX messages that have cumulative counts and time
stamps. An earlier count and time can be deducted from a later count
and time to give the time interval and count during that interval.
If the congestion level is low enough, the packets are marked as CE
instead of being dropped, and then the congestion level can be
calculated according to the ratio of CE-marked packets. If the
congestion level is so high that ECT packets will be dropped, then
the packet loss ratio can be calculated by comparing total packets
entering ingress and total packets arriving at egress over the same
span of packets. Note that a node that discards packets for
firewall, DDoS, or similar reasons counts as an egress. If packet
loss, other than such deliberate discard, is detected, then it can be
assumed that severe congestion has occurred.
Eastlake, et al. Expires 25 April 2024 [Page 16]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Faked ECN-Capable Transport (ECT) is used at the ingress to defer
packet loss to the egress. The basic idea of faked ECT is that, when
encapsulating packets, the ingress first marks the tunnel outer
header according to [RFC6040], and then remarks the outer header of
Not-ECT packets as ECT. (ECT(0) and ECT(1) are treated as the same.)
In this case, the NSH is treated as the tunnel outer header because
it will be present for the entire SFC enabled domain transit while
transport headers may change. Thus, as transmitted by the ingress
node, there will be one of three combinations of outer header ECN
field and inner header ECN field as follows: CE|CE, ECT|N-ECT, and
ECT|ECT (in the format of outer-ECN|inner-ECN); when decapsulating
packets at the egress, [RFC6040] defined decapsulation behavior is
used, and according to [RFC6040], the packets marked as CE|N-ECT will
be dropped. Faked-ECT is used to shift some drops to the egress in
order to allow the egress to calculate the CE-marked packet counts
and ratio more precisely.
The ingress encapsulates packets and marks their outer header
according to faked ECT as described above. The ingress cumulatively
counts packet bytes for three types of ECN combination (CE|CE, ECT|N-
ECT, and ECT|ECT) and then the ingress regularly sends cumulative
byte counts message of each type of ECN combination to the egress.
When each message arrives at the egress, the following two steps
occur: (1) the egress calculates the ratio of CE-marked packets; (2)
the egress cumulatively counts packet bytes coming from the ingress
and adds its own bytes counts of each type of ECN combination (CE|CE,
ECT|N-ECT, CE|N-ECT, CE|ECT, and ECT|ECT) to the message for the
ingress to calculate packet loss. The egress feeds back the CE-
marked packet ratio, packet loss ratio, byte counts information, and
the like to the ingress as requested for evaluating congestion level
in the tunnel.
The egress calculates the CE-marked packet ratio by counting packets
with different ECN markings. The CE-marked packet ratio can be used
as an indication of tunnel load level. For example, the
tunnelEcnCEMarkedRatio field (specified below) indicates the fraction
of traffic that has been marked in the ECN field of the NSH as
Congestion Experienced (CE). It is assumed that nodes between the
ingress and egress will not drop packets biased towards certain ECN
codepoints, so calculating of CE-marked packet ratio is not affected
by packet drop.
The calculation of the fraction of packets dropped is by comparing
the traffic volumes between ingress and egress.
Eastlake, et al. Expires 25 April 2024 [Page 17]
Internet-Draft NSH ECN & Congestion Feedback October 2023
In the case of multiple egresses, the ingress can combine their
reports. Statistics of number of packets or bytes can simply be
added. Statistics of percentage or ratio of particular ECN marking
can be averaged with reports from different egresses weighted by the
number of packets processed by that egress.
The statistics can be at the granularity of all traffic from the
ingress to the egress to learn about the overall congestion status of
the path between the ingress and the egress or at the granularity of
individual customer's traffic or a specific set of flows to learn
about their congestion contribution.
4.2. Congestion Information Delivery
As described above, the tunnel ingress sends a message containing
cumulative byte counts of packets of each type of ECN marking to the
tunnel egress, and the tunnel egress feeds back messages to the
ingress with at least one of the following: cumulative byte counts of
packets of each type of ECN combination, the ratio of CE-marked
packets to all packets, and/or the ratio of dropped packets to all
packets. It is possible for these messages to contribute to
congestion. This section specifies how the messages are conveyed.
IPFIX recommends, but does not require, use of SCTP [RFC9260] in
partial reliability mode [RFC3758] for the transport of its messages.
This mode allows loss of some packets, which is tolerable because
IPFIX communicates cumulative statistics. IPFIX over SCTP over IP
SHOULD be used directly where there is IP connectivity between the
ingress and egress; however, there might be different transport
protocols or address spaces used in different regions of an SFC
enabled domain that block such direct IP connectivity. The NSH
provides the general method of routing traffic within an SFC enabled
domain so the encapsulation of the required IPFIX traffic in NSH MUST
be implemented and, when IP connectivity is not available, IPFIX over
NSH, as specified in Section 4.4, SHOULD be used along with
configuration of appropriate SFC paths for the IPFIX over NSH
traffic. Other methods MAY be used in particular SFC domains which
support them, such as IPFIX over MPLS.
IPFIX messages could travel along the same path as network data
traffic. In any case, an IPFIX message packet may get lost in case
of network congestion. Even though the missing information could be
recovered because of the use of cumulative counts, IPFIX messages
SHOULD be transmitted at a higher priority than users' traffic flows
to improve the promptness of congestion information feedback.
Eastlake, et al. Expires 25 April 2024 [Page 18]
Internet-Draft NSH ECN & Congestion Feedback October 2023
The ingress node can do congestion management at different
granularity which means both the overall aggregate congestion level
and congestion level contributed by certain traffic flows could be
measured for different congestion management purposes. For example,
if the ingress only wants to limit congestion volume caused by
certain traffic flows, such as UDP-based traffic, then congestion
volume for that traffic can be fed back; or if the ingress is doing
overall congestion management, the aggregated congestion volume can
be fed back.
When sending IPFIX messages from ingress to egress, the ingress acts
as IPFIX exporter and the egress acts as IPFIX collector. When
feeding back congestion level information from egress to ingress, the
egress acts as IPFIX exporter and ingress acts as IPFIX collector.
The combination of congestion level measurement and congestion
information delivery procedures are as following:
* The ingress node determines the IPFIX template record to be used.
The template record can be pre-configured or determined at
runtime, the content of the template record will be determined
according to the granularity of congestion management; if the
ingress wants to limit congestion volume contributed by specific
traffic flows then the elements such as source IP address,
destination IP address, flow ID, and CE-marked packet volume of
the flows, etc., will be included in the template record.
* Metering at the ingress measures traffic volume according to the
template record chosen and then the measurement records are sent
to the egress.
* Metering on the egress measures congestion level information
according to template record which, in simple cases, SHOULD be the
same as the template record sent by the ingress (see Section 3.4).
* The egress sends its measurement records together with the
measurement records of the ingress back to the ingress.
4.3. IPFIX Extensions
This section specifies the new IPFIX Information Elements needed. It
conforms to [RFC7013].
Eastlake, et al. Expires 25 April 2024 [Page 19]
Internet-Draft NSH ECN & Congestion Feedback October 2023
4.3.1. nshServicePathID
In order to identify SFC flows, so that congestion can be measured
and reported at that granularity, it is necessary for IPFIX to be
able to classify traffic based on the Service Path Identifier (SPI)
field of the NSH [RFC8300]. Thus, an NSH Service Path Identifier
(nshServicePathID) IPFIX Information Element [RFC7012] is specified.
Name: nshServicePathID
Description: Network Service Header [RFC8300] Service Path
Identifier. This is a 24-bit value which is left justified in the
Information Element. The low order byte MUST be sent as zero and
ignored on receipt.
Abstract Data Type: unsigned32
Data Type Semantics: identifier
ElementId: TBD0
Status: current
4.3.2. tunnelEcnCeCeByteTotalCount
Description: The total number of bytes of incoming packets with
the CE|CE ECN marking combination at the Observation Point since
the Metering Process (re-)initialization for this Observation
Point.
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
ElementId: TBD1
Statues: current
Units: bytes
4.3.3. tunnelEcnEctNectBytetTotalCount
Description: The total number of bytes of incoming packets with
the ECT|N-ECT ECN marking combination (ECT(0) and ECT(1) are
treated the same as each other) at the Observation Point since the
Metering Process (re-)initialization for this Observation Point.
Abstract Data Type: unsigned64
Eastlake, et al. Expires 25 April 2024 [Page 20]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Data Type Semantics: totalCounter
ElementId: TBD2
Statues: current
Units: bytes
4.3.4. tunnelEcnCeNectByteTotalCount
Description: The total number of bytes of incoming packets with
the CE|N-ECT ECN marking combination at the Observation Point
since the Metering Process (re-)initialization for this
Observation Point.
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
ElementId: TBD3
Statues: current
Units: bytes
4.3.5. tunnelEcnCeEctByteTotalCount
Description: The total number of bytes of incoming packets with
the CE|ECT ECN marking combination (ECT(0) and ECT(1) are treated
the same as each other) at the Observation Point since the
Metering Process (re-)initialization for this Observation Point.
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
ElementId: TBD4
Statues: current
Units: bytes
4.3.6. tunnelEcnEctEctByteTotalCount
Description: The total number of bytes of incoming packets with
the ECT|ECT ECN marking combination (ECT(0) and ECT(1) are treated
the same as each other) at the Observation Point since the
Metering Process (re-)initialization for this Observation Point.
Eastlake, et al. Expires 25 April 2024 [Page 21]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Abstract Data Type: unsigned64
Data Type Semantics: totalCounter
ElementId: TBD5
Statues: current
Units: bytes
4.3.7. tunnelEcnCEMarkedRatio
Description: The ratio of packets that are CE-marked to packets
that are not CE-marked at the Observation Point.
Abstract Data Type: float32
ElementId: TBD6
Statues: current
4.4. IPFIX over NSH
Encapsulating IPFIX messages with an NSH can be an effective method
for transporting such messages within an SFC enabled domain. This is
particularly the case if different outer transport protocols are used
in different parts of such a domain, for example IP in one part and
MPLS in another part.
This is accomplished by setting the Next Protocol field in the NSH
Base Header [RFC8300] to the value TBD7 and placing the IPFIX message
immediately after the NSH (including after any NSH Metadata). See
Figure 7.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver|O|U| TTL | Length |ECN|U|U|MD Type|Next Proto=TBD7|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Service Path Identifier (SPI) | Service Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ Optional MD (Metadata) /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPFIX Message |
Figure 7: IPFIX over NSH
Eastlake, et al. Expires 25 April 2024 [Page 22]
Internet-Draft NSH ECN & Congestion Feedback October 2023
5. Example of Use
This section provides an example of the solution described in this
document.
First, IPFIX template records are exchanged between ingress and
egress to negotiate the format of the data records to be exchanged.
The example here is to measure the congestion level for the overall
tunnel caused by all the traffic. After the negotiation is finished,
the ingress sends in-band messages to the egress containing the
number of each kind of ECN-marked packets (i.e., CE|CE, ECT|N-ECT and
ECT|ECT) received before it sent the IPFIX message.
After the egress receives the IPFIX message, the egress calculates
the CE-marked packet ratio and counts the number of different kinds
of ECN-marking packets received before it received that message.
Then the egress sends a feedback IPFIX message containing the counts
together with the information in the ingress's message back to the
ingress.
Figure 8 to Figure 11 below illustrate the procedure between ingress
and egress.
+---------------------------------+----------------------+
|Set ID=2 Length=40 |
|---------------------------------|----------------------|
|Template ID=256 Field Count=8 |
|---------------------------------|----------------------|
|tunnelEcnCeCeByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnEctNectByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnEctEctByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnCeNectByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnCeEctByteTotalCount Field Length=8 |
+---------------------------------|----------------------+
|tunnelEcnCEMarkedRatio Field Length=4 |
+---------------------------------+----------------------+
Figure 8: Template Record Sent from Egress to Ingress
Eastlake, et al. Expires 25 April 2024 [Page 23]
Internet-Draft NSH ECN & Congestion Feedback October 2023
+---------------------------------+----------------------+
|Set ID=2 Length=28 |
|---------------------------------|----------------------|
|Template ID=257 Field Count=3 |
|---------------------------------|----------------------|
|tunnelEcnCeCeByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnEctNectByteTotalCount Field Length=8 |
|---------------------------------|----------------------|
|tunnelEcnEctEctByteTotalCount Field Length=8 |
|---------------------------------+----------------------|
Figure 9: Template Record Sent from Ingress to Egress
+-------+ +-------+
| | +-+ +-+ +-+ +-+ +-+ +-+ +-+ | |
| | |P| |P| |M| |P| |P| |P| |M| | |
| | +-+ +-+ +-+ +-+ +-+ +-+ +-+ | |
| |--------------------------------------->| |
| | | |
|ingress| |egress |
| | +-+ +-+ | |
| | |M| |M| | |
| | +-+ +-+ | |
| |<---------------------------------------| |
| | | |
+-------+ +-------+
+-+
|M| : IPFIX Message Packet
+-+
+-+
|P| : User Data Packet
+-+
Figure 10: Traffic Flow Between Ingress and Egress
Eastlake, et al. Expires 25 April 2024 [Page 24]
Internet-Draft NSH ECN & Congestion Feedback October 2023
SetID=257, Length=28
+-------+ A1 +-------+
| | B1 | |
| | C1 | |
| | -----------------------------> | |
| | | |
| | | |
| | SetID=256, Length=72 | |
| | A1 | |
| | B1 | |
|ingress| C1 |egress |
| | A2 | |
| | B2 | |
| | C2 | |
| | D | |
| | E | |
| | R | |
| | <---------------------------- | |
| | | |
+-------+ +-------+
Figure 11: Traffic Flow Between Ingress and Egress
The following provides an example of how the tunnel congestion level
can be calculated (see Figure 11):
The congestion Level could be divided into two categories: (1)
slight congestion (no packets dropped); (2) serious congestion
(packets are being dropped).
For slight congestion, the congestion level is indicated by the
ratio of CE-marked packets:
R = ce_marked_ratio = ce-marked / total_egress ;
For serious congestion, the congestion level is indicated as the
volume of traffic loss:
total_ingress = (A1 + B1 + C1)
total_egress = (A2 + B2 + C2 + D + E)
volume_loss = (total_ingress - total_egress)
6. IANA Considerations
The following subsections provide IANA assignment considerations.
Eastlake, et al. Expires 25 April 2024 [Page 25]
Internet-Draft NSH ECN & Congestion Feedback October 2023
6.1. SFC NSH Header ECN Bits
IANA is requested to assign two contiguous bits in the NSH Base
Header Bits registry for ECN (bits 16 and 17 suggested) and note this
assignment as follows:
+============+=============+=================+
| Bit | Description | Reference |
+============+=============+=================+
| tbd(16-17) | NSH ECN | [this document] |
+------------+-------------+-----------------+
Table 4
6.2. SFC NSH Next Protocol Value
IANA is requested to assign a next protocol value in the NSH Next
Protocol Registry, as follows:
+===============+=============+=================+
| Next Protocol | Description | Reference |
+===============+=============+=================+
| TBD7 | IPFIX | [this document] |
+---------------+-------------+-----------------+
Table 5
6.3. IPFIX Information Element IDs
IANA is requested to assign seven IPFIX Information Element IDs as
follows:
ElementID: TBD0
Name: nshServicePathID
Data Type: unsigned32
Data Type Semantics: identifier
Status: current
Description: The Network Service Header [RFC8300] Service Path
Identifier.
ElementID: TBD1
Name: tunnelEcnCeCePacketTotalCount
Data Type: unsigned64
Data Type Semantics: totalCounter
Status: current
Description: The total number of bytes of incoming packets with the
CE|CE ECN marking combination at the Observation Point since the
Metering Process (re-)initialization for this Observation Point.
Eastlake, et al. Expires 25 April 2024 [Page 26]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Units: octets
ElementID: TBD2
Name: tunnelEcnEctNectPacketTotalCount
Data Type: unsigned64
Data Type Semantics: totalCounter
Status: current
Description: The total number of bytes of incoming packets with the
ECT|N-ECT ECN marking combination at the Observation Point since
the Metering Process (re-)initialization for this Observation
Point.
Units: octets
ElementID: TBD3
Name: tunnelEcnCeNectPacketTotalCount
Data Type: unsigned64
Data Type Semantics: totalCounter
Status: current
Description: The total number of bytes of incoming packets with the
CE|N-ECT ECN marking combination at the Observation Point since
the Metering Process (re-)initialization for this Observation
Point.
Units: octets
ElementID: TBD4
Name: tunnelEcnCeEctPacketTotalCount
Data Type: unsigned64
Data Type Semantics: totalCounter
Status: current
Description: The total number of bytes of incoming packets with the
CE|ECT ECN marking combination at the Observation Point since the
Metering Process (re-)initialization for this Observation Point.
Units: octets
ElementID: TBD5
Name: tunnelEcnEctEctPacketTotalCount
Data Type: unsigned64
Data Type Semantics: totalCounter
Status: current
Description: The total number of bytes of incoming packets with the
CE|ECT(0) ECN marking combination at the Observation Point since
the Metering Process (re-)initialization for this Observation
Point.
Units: octets
ElementID: TBD6
Name: tunnelEcnCEMarkedRatio
Data Type: float32
Eastlake, et al. Expires 25 April 2024 [Page 27]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Status: current
Description: The ratio of CE-marked Packet at the Observation Point.
6.4. Security Considerations
For general NSH security considerations, see [RFC8300].
For security considerations concerning ECN signaling tampering, see
[RFC3168]. For security considerations concerning ECN and
encapsulation, see [RFC6040].
For general IPFIX security considerations, see [RFC7011]. If
deployed in an untrusted environment, the signaling traffic between
ingress and egress can be protected utilizing the security mechanisms
provided by IPFIX (see Section 11 in [RFC7011]). The tunnel
endpoints (the ingress and egress for an SFC enabled domain) are
assumed to be in the same administrative domain, so they will trust
each other.
The solution in this document does not introduce any greater
potential to invade privacy than would have been available without
the solution.
7. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3168] Ramakrishnan, K., Floyd, S., and D. Black, "The Addition
of Explicit Congestion Notification (ECN) to IP",
RFC 3168, DOI 10.17487/RFC3168, September 2001,
<https://www.rfc-editor.org/info/rfc3168>.
[RFC3758] Stewart, R., Ramalho, M., Xie, Q., Tuexen, M., and P.
Conrad, "Stream Control Transmission Protocol (SCTP)
Partial Reliability Extension", RFC 3758,
DOI 10.17487/RFC3758, May 2004,
<https://www.rfc-editor.org/info/rfc3758>.
[RFC5129] Davie, B., Briscoe, B., and J. Tay, "Explicit Congestion
Marking in MPLS", RFC 5129, DOI 10.17487/RFC5129, January
2008, <https://www.rfc-editor.org/info/rfc5129>.
[RFC6040] Briscoe, B., "Tunnelling of Explicit Congestion
Notification", RFC 6040, DOI 10.17487/RFC6040, November
2010, <https://www.rfc-editor.org/info/rfc6040>.
Eastlake, et al. Expires 25 April 2024 [Page 28]
Internet-Draft NSH ECN & Congestion Feedback October 2023
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7013] Trammell, B. and B. Claise, "Guidelines for Authors and
Reviewers of IP Flow Information Export (IPFIX)
Information Elements", BCP 184, RFC 7013,
DOI 10.17487/RFC7013, September 2013,
<https://www.rfc-editor.org/info/rfc7013>.
[RFC7567] Baker, F., Ed. and G. Fairhurst, Ed., "IETF
Recommendations Regarding Active Queue Management",
BCP 197, RFC 7567, DOI 10.17487/RFC7567, July 2015,
<https://www.rfc-editor.org/info/rfc7567>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/info/rfc8300>.
8. Informative References
[ecnL4S] De Schepper, K. and B. Briscoe, "Identifying Modified
Explicit Congestion Notification (ECN) Semantics for
Ultra-Low Queuing Delay (L4S)", work in Progress, <draft-
ietf-tsvwg-ecn-l4s-id>.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, DOI 10.17487/RFC4301,
December 2005, <https://www.rfc-editor.org/info/rfc4301>.
[RFC7012] Claise, B., Ed. and B. Trammell, Ed., "Information Model
for IP Flow Information Export (IPFIX)", RFC 7012,
DOI 10.17487/RFC7012, September 2013,
<https://www.rfc-editor.org/info/rfc7012>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015,
<https://www.rfc-editor.org/info/rfc7665>.
Eastlake, et al. Expires 25 April 2024 [Page 29]
Internet-Draft NSH ECN & Congestion Feedback October 2023
[RFC8311] Black, D., "Relaxing Restrictions on Explicit Congestion
Notification (ECN) Experimentation", RFC 8311,
DOI 10.17487/RFC8311, January 2018,
<https://www.rfc-editor.org/info/rfc8311>.
[RFC9260] Stewart, R., Tüxen, M., and K. Nielsen, "Stream Control
Transmission Protocol", RFC 9260, DOI 10.17487/RFC9260,
June 2022, <https://www.rfc-editor.org/info/rfc9260>.
[RFC9263] Wei, Y., Ed., Elzur, U., Majee, S., Pignataro, C., and D.
Eastlake 3rd, "Network Service Header (NSH) Metadata Type
2 Variable-Length Context Headers", RFC 9263,
DOI 10.17487/RFC9263, August 2022,
<https://www.rfc-editor.org/info/rfc9263>.
Acknowledgements
Most of the material on Tunnel Congestion Feedback was originally in
draft-ietf-tsvwg-tunnel-congestion-feedback. After discussion with
the authors of that draft, the authors of this draft, and the Chairs
of the TSVWG and SFC Working Groups, the Tunnel Congestion Feedback
draft was merged into this draft.
The authors wish to thank the following for their comments,
suggestions, and reviews:
David Black, Mohamed Boucadair, Sami Boutros, Anthony Chan, Lingli
Deng, Liang Geng, Joel Halpern, Jake Holland, John Kaippallimalil,
Tal Mizrahi, Vincent Roca, Lei Zhu.
Authors' Addresses
Donald E. Eastlake, 3rd
Futurewei Technologies
2386 Panoramic Circle
Apopka, Florida 32703
United States of America
Phone: +1-508-333-2270
Email: d3e3e3@gmail.com
Bob Briscoe
Independent
United Kingdom
Email: ietf@bobbriscoe.net
URI: http://bobbriscoe.net/
Eastlake, et al. Expires 25 April 2024 [Page 30]
Internet-Draft NSH ECN & Congestion Feedback October 2023
Yizhou Li
Huawei Technologies
101 Software Avenue
Nanjing
Jiangsu, 210012
China
Phone: +86-25-56624584
Email: zhuangshunwan@huawei.com
Andrew G. Malis
Malis Consulting
United States of America
Email: agmalis@gmail.com
Xinpeng Wei
Huawei Technologies
Beiqing Rd. Z-park No.156, Haidian District
Beijing
100095
China
Email: weixinpeng@huawei.com
Eastlake, et al. Expires 25 April 2024 [Page 31]