Active OAM for Service Function Chaining ZTE Corp.gregimirsky@gmail.comZTE CorporationNo.50 Software Avenue, Yuhuatai DistrictNanjingChinameng.wei2@zte.com.cnIndividual contributorvumip1@gmail.comIndividual contributorlindawangjoy@gmail.com
Routing
SFC WGRequest for CommentsRFCInternet DraftI-D
A set of requirements for active Operation, Administration,
and Maintenance (OAM) of Service Function Chains (SFCs) in a network is presented in this document.
Based on these requirements, an encapsulation of active OAM messages in SFC and
a mechanism to detect and localize defects are described.
This document updates
RFC 8300 in the definition of O (OAM) bit in the Network Service Header (NSH) and defines how
an active OAM message is identified in the NSH.
defines components necessary to implement
a Service Function Chain (SFC). These include:
a classifier that performs the classification of incoming packets
Service Function Forwarders (SFFs)
that are responsible for forwarding traffic to one or more connected Service Functions (SFs) according to
the information carried in the SFC service encapsulation and handling traffic coming back from
the SF and forwarding it to the next SFF.
SFs that are responsible for the executing specific service treatment
on received packets.
There are different views from different levels of the SFC.
One is the SFC, an entirely abstract view, which defines an ordered set of SFs that must
be applied to packets selected based on classification rules.
But service function chain doesn't specify the exact mapping between SFFs and SFs. Thus, another
logical construct used in SFC is a Service Function Path (SFP). According to , SFP is
the instantiation of the SFC in the network and provides a level of indirection
between the entirely abstract SFCs and a fully specified ordered
list of SFFs and SFs identities that the packet will visit when
it traverses the SFC. The latter entity is referred to as Rendered Service Path (RSP).
The main difference between SFP and RSP is that the former is the logical construct,
while the latter is the realization of the SFP via the sequence of specific SFC elements.
This document defines how active Operation, Administration
and Maintenance (OAM), per definition of active OAM, is
identified in Network Service Header (NSH) SFC.
Following the analysis of SFC OAM in , this document lists requirements
to improve troubleshooting efficiency and defect localization in SFP.
For that purpose, SFC Echo Request and Echo Reply are specified in the document.
This mechanism enables on-demand
Continuity Check, Connectivity Verification among other operations over SFC in networks, thus providing
one of the most common SFC OAM functions identified in .
Also, this document updates Section 2.2 of
in part of the definition of O bit in the (NSH).
The terminology defined in is used extensively throughout this document.
A reader is expected to be familiar with it.
In this document, SFC OAM refers to an active OAM, as defined in . in an SFC architecture.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
E2E: End-to-EndFM: Fault ManagementNSH: Network Service HeaderOAM: Operations, Administration, and MaintenancePRNG: Pseudorandom number generatorRDI: Remote Defect IndicationRSP: Rendered Service PathSMI Structure of Management InformationSF: Service FunctionSFC: Service Function ChainSFF: Service Function ForwarderSFP: Service Function PathMAC: Message Authentication Code
As discussed in , SFC-specific means are needed
to perform the OAM task of fault management (FM) in an SFC architecture, including failure detection, defect
characterization, and localization. This document defines the set of requirements
for active FM OAM mechanisms to be used in an SFC architecture.
Regarding the reference model depicted in , consider a service function chain that includes three distinct service functions.
In this example, the SFP traverses SFF1, SFF2, and SFF3, each SFF being connected to two
instances of the same service function.
End-to-end (e2e) SFC OAM, in this example, has the Classifier as the ingress of the SFC OAM domain,
and SFF3 - as its egress. Segment SFC OAM is always within the E2E SFC OAM domain between two elements that are part of the same SFP.
Following are the requirements for an FM SFC OAM, whether with the E2E or segment scope:
REQ#1: Packets of active SFC OAM in SFC SHOULD be fate sharing with the monitored SFC data,
in the forward direction from ingress toward egress endpoint(s) of the OAM test.
The fate sharing, in the SFC environment, is achieved when a test packet traverses the same path
and receives the same treatment in the transport layer as an SFC NSH packet.
REQ#2: SFC OAM MUST support pro-active monitoring of the continuity of the SFP between any of its elements.
A network failure might be declared when several consecutive test packets are not received within a pre-determined time.
For example, in the E2E SFC OAM FM case, the egress, SFF3, in the example in ,
could be the entity that detects the SFP's failure by monitoring a flow
of periodic test packets. The ingress may be capable of recovering
from the failure, e.g., using redundant SFC elements. Thus, it is beneficial for the egress
to signal the new defect state to the ingress, which in this example is the Classifier.
Hence the following requirement:
REQ#3: SFC OAM MUST support Remote Defect Indication (RDI) notification by the egress to the ingress.
REQ#4: SFC OAM MUST support connectivity verification of the SFP.
Definition of the misconnection defect, entry and exit criteria are outside the scope of this document.
Once the SFF1 detects the defect, the objective of the SFC OAM changes from the detection of a defect
to defect characterization and localization.
REQ#5: SFC OAM MUST support fault localization of the Loss of Continuity Check within an SFP.
REQ#6: SFC OAM MUST support an SFP tracing to discover the RSP.
In the example presented in , two distinct instances of the same service function share the same SFF.
In this example, the SFP can be realized over several RSPs, for instance, RSP1(SF1--SF3--SF5) and RSP2(SF2--SF4--SF6).
Available RSPs can be discovered using the trace function discussed in Section 4.3 .
REQ#7: SFC OAM MUST have the ability to discover and exercise all available RSPs in the network.
The SFC OAM layer model described in
offers an efficient approach for a defect localization within a service function chain.
As the first step, the SFP's continuity for SFFs that are part of the same SFP could be verified.
After the reachability of SFFs has already been verified, SFFs that serve an SF may be used as a test packet source.
In such a case, SFF can act as a proxy for another element within the service function chain.
REQ#8: SFC OAM MUST be able to trigger on-demand FM with
responses being directed towards the initiator of such proxy
request.
The O bit in the NSH header is defined in as follows:
O bit: Setting this bit indicates an OAM packet.
This document updates that definition as follows:
O bit: Setting this bit indicates an OAM command and/or data in the NSH Context Header or packet payload.
Active SFC OAM is defined as a combination of OAM commands and/or data included in a message that immediately follows the NSH.
To identify the active OAM message, the Next Protocol field's value MUST be set to Active SFC OAM (TBA1)
().
The rules for interpreting the values of O bit and the Next Protocol field are as follows:
O bit set and the Next Protocol value is not one of identifying active or hybrid OAM protocol (per definitions),
e.g., defined in this specification Active SFC OAM:
- a Fixed-Length Context Header or Variable-Length Context Header(s) contain an OAM command or data.- the type of payload is determined by the Next Protocol field.
O bit set and the Next Protocol value is one of identifying active or hybrid OAM protocol:
- the payload that immediately follows SFC NSH MUST contain an OAM command or data.
O bit is clear:
- no OAM in a Fixed-Length Context Header or Variable-Length Context Header(s).- the payload determined by the Next Protocol field's value MUST be present.
O bit is clear and the Next Protocol field's value identifies active or hybrid OAM protocol
MUST be identified and reported as the erroneous combination. An implementation MAY have
control to enable processing of the OAM payload.
One conclusion from the above-listed rules of processing O bit and the Next Protocol field's value is to avoid the
combination of OAM in an NSH Context Header (Fixed-Length or Variable-Length)
and the payload immediately following the SFC NSH because there is
no unambiguous way to identify such combination using the O bit and the Next Protocol field.
As demonstrated in Section 4 and of this document,
SFC OAM is required to perform multiple tasks. Several active OAM protocols could be used to address all the requirements.
When IP/UDP encapsulation of an SFC OAM control message is used,
protocols can be demultiplexed using the Destination UDP port number. But extra IP/UDP headers, especially
in an IPv6 network, add noticeable overhead. This document defines Active OAM Header ()
to demultiplex active OAM protocols on an SFC.
V - two-bit-long field indicates the current version of the SFC active OAM header. The current value is 0.Msg Type - six bits long field identifies OAM protocol, e.g., Echo Request/Reply or Bidirectional Forwarding Detection.Flags - eight bits long field carries bit flags that define optional capability and thus processing of the
SFC active OAM control packet, e.g., optional timestamping.Length - two octets long field that is the length of the SFC active OAM control packet in octets.
Echo Request/Reply is a well-known active OAM mechanism that is
extensively used to verify a path's continuity, detect inconsistencies between a state in control
and the data planes, and localize defects in the data plane. ICMP ( for IPv4
and for IPv6 networks respectively) and are examples
of broadly used active OAM protocols based on Echo Request/Reply principle.
The SFC NSH Echo Request/Reply control message format is presented in .
The interpretation of the fields is as follows:
Version (V) is a two-bit field that indicates the current version of the SFC Echo Request/Reply. The current value is 0.
The version number is to
be incremented whenever a change is made that affects the ability of
an implementation to parse or process control packet correctly.
Reserved - fourteen-bit field. It MUST be zeroed on transmission and ignored on receipt.The Global Flags is a two-octet bit vector field.The Message Type is a one-octet field that reflects the packet type. Value TBA3 identifies Echo Request and TBA4 - Echo Reply.The Reply Mode is a one-octet field. It defines the type of the return path requested by the sender of the Echo Request. Return Codes and Subcodes are one-octet fields each. These can be used
to inform the sender about the result of processing its request. Initial Return Code values are according to .
For all Return Code values defined in this document, the value of the Return Subcode field MUST be set to zero.The Sender's Handle is a four-octet field. It is filled in by the sender of the Echo Request
and returned unchanged by the Echo Reply sender. The sender of the Echo Request MAY use
a pseudo-random number generator (PRNG) to set the value of the Sender's Handle field.
The Sequence Number is a four-octet field. It is assigned by the sender and can be (for example) used to detect missed replies.
The value of the Sequence Number field SHOULD be monotonically increasing in the course of the test session.
TLV is a variable-length field. Multiple TLVs MAY be placed
in an SFC Echo Request/Reply packet. Additional TLVs may be enclosed within a given TLV, subject to the semantics of the (outer) TLV in question.
If more than one TLV is to be included, the value of the Type field of the outmost outer TLV MUST be set to Multiple TLVs Used (TBA12),
as assigned by IANA according to .
presents the format of an SFC Echo Request/Reply TLV, where fields are defined as the following:
Type - a one-octet-long field that characterizes the interpretation of the Value field.
Type values allocated according to .
Reserved - one-octet-long field. The value of the Type field determines its interpretation and encoding.
Length - two-octet-long field equal to the Value field's length in octets.
Value - a variable-length field. The value of the Type field determines its interpretation and encoding.
The value of the Return Code field is set to zero by the sender of an Echo Request. The
receiver of said Echo Request can set it to one of the values listed in
in the corresponding Echo Reply that it generates.
ValueDescription0No Return Code1Malformed Echo Request received2One or more of the TLVs was not understood3Authentication failed
Authentication can be used to protect the integrity of the information in SFC Echo Request and/or Echo Reply.
In the a variable-length Context Header has been defined to protect the integrity
of the NSH and the payload. The header can also be used for the optional encryption of the sensitive metadata.
MAC#1 Context Header is more suitable for the integrity protection of active SFC OAM, particularly of the defined
in this document SFC Echo Request and Echo Reply. On the other hand, using MAC#2 Context Header allows the detection
of mishandling of the O-bit by a transient SFC element.
SFC Echo Request control packet MUST use the appropriate encapsulation of the monitored
SFP. If the NSH is used, Echo Request MUST set O bit, as defined in .
SFC NSH MUST
be immediately followed by the SFC Active OAM Header defined in . The Message Type field's value
in the SFC Active OAM Header MUST be set to SFC Echo Request/Echo Reply value (TBA2) per .
Value of the Reply Mode field MAY be set to:
Do Not Reply (TBA5) if one-way monitoring is desired. If the Echo Request is used to measure synthetic packet loss;
the receiver may report loss measurement results to a remote node.
Reply via an IPv4/IPv6 UDP Packet (TBA6) value likely will be the most used.
Reply via Application Level Control Channel (TBA7) value if the SFP
may have bi-directional paths.
Reply via Specified Path (TBA8) value to enforce the use of the particular
return path specified in the included TLV to verify bi-directional continuity and
also increase the robustness of the monitoring by selecting a more stable path.
Sending an SFC Echo Request to the control plane is triggered by one
of the following packet processing exceptions:
NSH TTL expiration, NSH Service Index (SI) expiration or the receiver is the terminal SFF for an SFP.
Firstly, if the SFC Echo Request is authenticated, the receiving SFF MUST verify the authentication.
If the verification fails, the receiver SFF MUST send an SFC Echo Reply with the Return Code set to
"Authentication failed" and the Subcode set to zero. Then, the SFF that has received an SFC Echo Request
verifies the received packet's general sanity. If the packet is not well-formed,
the receiver SFF SHOULD send an SFC Echo Reply with the Return Code
set to "Malformed Echo Request received" and the Subcode set to zero. If there are any TLVs that SFF does not
understand, the SFF MUST send an SFC Echo Reply
with the Return Code set to 2 ("One or more TLVs was not understood") and set the Subcode to zero.
In the latter case, the SFF MAY include an Errored TLVs TLV () that
as sub-TLVs contains only the misunderstood TLVs. The header field's Sender's
Handle, Sequence Number are not examined but are included in the SFC Echo Reply message.
If the Return Code for the Echo Reply is determined as 2 ("One or more TLVs was not understood"),
then the Errored TLVs TLV MAY be included in an Echo Reply. The use of this TLV
allows informing the sender of an Echo Request of mandatory TLVs either not
supported by an implementation or parsed and found to be in error.
where
The Errored TLVs Type MUST be set to TBA14 .
Reserved - one-octet-long field.
Length - two-octet-long field equal to the length of the Value field in octets.
The Value field contains the TLVs, encoded as sub-TLVs,
that were not understood or failed to be parsed correctly.
The Reply Mode field directs whether and how the Echo Reply message should be sent.
The sender of the Echo Request MAY use TLVs to request that the corresponding Echo Reply
is transmitted over the specified path. Value TBA3 is referred to as the "Do not reply" mode and
suppresses the Echo Reply packet transmission. The default value (TBA6) for the Reply mode field requests
the responder to send the Echo Reply packet out-of-band as IPv4 or IPv6 UDP packet.
Responder to the SFC Echo Request sends the Echo Reply over IP network if the Reply mode is
Reply via an IPv4/IPv6 UDP Packet.
Because SFC NSH does not identify the ingress of the SFP,
the Echo Request, the source ID MUST be included in the message and
used as the IP destination address for IP/UDP encapsulation of the SFC Echo Reply.
The sender of the SFC Echo Request MUST include SFC Source TLV .
where
Source ID Type is a one-octet-long field and has the value of TBA13 .
Reserved - one-octet-long field.
Length is a two-octets-long field, and the value equals the length of the Value field in octets.
Value field contains the IP address of the sender of the SFC OAM control message, IPv4 or IPv6.
The UDP destination port for SFC Echo Reply
TBA15 will be allocated by IANA .
An SFF SHOULD NOT accept SFC Echo Reply unless the received passes the following checks:
the received SFC Echo Reply is well-formed;it has an outstanding SFC Echo Request sent from the UDP port that
matches destination UDP port number of the received packet;if the matching to the Echo Request found, the value of the Sender's Handle
n the Echo Request sent is equal to the value of Sender's Handle in the
Echo Reply received;if all checks passed, the SFF checks if the Sequence Number in the
Echo Request sent matches to the Sequence Number in the Echo Reply received.
When the integrity protection for SFC active OAM, and SFC Echo Request/Reply in particular, is required,
it is RECOMMENDED to use
one of Context Headers defined in . MAC#1
(Message Authentication Code) Context Header
could be more suitable for active SFC OAM because it does not require re-calculation of the
MAC when the value of the NSH Base Header's TTL field is changed.
The integrity protection for SFC active OAM can also be achieved
using mechanisms in the underlay data plane.
For example, if the underlay is an IPv6 network, IP Authentication Header
or IP Encapsulating Security Payload Header can be used to provide integrity protection.
Confidentiality for the SFC Echo Request/Reply exchanges can be achieved using the IP Encapsulating Security
Payload Header .
Also, the security needs for SFC Echo Request/Reply are similar to those of ICMP ping ,
and MPLS LSP ping .
There are at least three approaches to attacking a node in the overlay network using the
mechanisms defined in the document. One is a Denial-of-Service attack,
sending an SFC Echo Request to overload an element of the SFC.
The second may use spoofing, hijacking, replying, or otherwise
tampering with SFC Echo Requests and/or replies to
misrepresent, alter the operator's view of the state of the SFC.
The third is an unauthorized source using an SFC
Echo Request/Reply to obtain information about the
SFC and/or its elements, e.g., SFF or SF.
It is RECOMMENDED that
implementations throttle the SFC ping traffic going to the control plane
to mitigate potential Denial-of-Service attacks.
Reply and spoofing attacks involving faking or
replying to SFC Echo Reply messages would have to
match the Sender's Handle and Sequence Number of
an outstanding SFC Echo Request message, which is highly unlikely.
Thus the non-matching reply would be discarded.
To protect against unauthorized sources trying to obtain information about the overlay and/or underlay,
an implementation MAY check that the source of the Echo Request is indeed part of the SFP.
Authors greatly appreciate thorough review and the most helpful comments from Dan Wing, Dirk von Hugo,
and Mohamed Boucadair.
IANA is requested to assign a new type from the SFC Next Protocol registry as follows:
ValueDescriptionReferenceTBA1SFC Active OAMThis document
IANA is requested to create a new registry called "SFC Active OAM Message Type".
All code points in the range 1 through 32767 in this registry shall be allocated
according to the "IETF Review" procedure specified in .
The remaining code points to be allocated according to :
ValueDescriptionReference0Reserved1 - 32767ReservedIETF Consensus32768 - 65530ReservedFirst Come First Served65531 - 65534ReservedPrivate Use65535Reserved
IANA is requested to assign a new type from the SFC Active OAM Message Type registry as follows:
ValueDescriptionReferenceTBA2SFC Echo Request/Echo ReplyThis document
IANA is requested to create a new SFC Echo Request/Echo Reply Parameters registry.
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters registry the new sub-registry Message Types.
All code points in the range 1 through 175 in this registry shall be allocated
according to the "IETF Review" procedure specified in .
Code points in the range
176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure
specified in .
The remaining code points are allocated according to :
as specified in .
ValueDescriptionReference0ReservedThis document1- 175UnassignedThis document176 - 239UnassignedThis document240 - 251ExperimentalThis document252 - 254Private UseThis document255ReservedThis documentIANA is requested to assign values as listed in .ValueDescriptionReferenceTBA3SFC Echo RequestThis documentTBA4SFC Echo ReplyThis document
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters registry the new sub-registry Reply Mode.
All code points in the range 1 through 175 in this registry shall be allocated
according to the "IETF Review" procedure specified in .
Code points in the range
176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure
specified in .
The remaining code points are allocated according to :
as specified in .
ValueDescriptionReference0ReservedThis document1- 175UnassignedThis document176 - 239UnassignedThis document240 - 251ExperimentalThis document252 - 254Private UseThis document255ReservedThis document
All code points in the range 1 through 191 in this registry shall be allocated
according to the "IETF Review" procedure specified in
and assign values as listed in .
ValueDescriptionReference0ReservedTBA5Do Not ReplyThis documentTBA6Reply via an IPv4/IPv6 UDP PacketThis documentTBA7Reply via Application Level Control ChannelThis documentTBA8Reply via Specified PathThis documentTBA9Reply via an IPv4/IPv6 UDP Packet with the data integrity protectionThis documentTBA10Reply via Application Level Control Channel with the data integrity protectionThis documentTBA11Reply via Specified Path with the data integrity protectionThis document
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters registry the new sub-registry Return Codes as described in .
ValueDescriptionReference0-191UnassignedIETF Review192-251UnassignedFirst Come First Served252-254UnassignedPrivate Use255Reserved
Values defined for the Return Codes sub-registry are listed in .
ValueDescriptionReference0No Return CodeThis document1Malformed Echo Request receivedThis document2One or more of the TLVs was not understoodThis document3Authentication failedThis document
IANA is requested to create the SFC OAM TLV Type registry.
All code points in the range 1 through 175 in this registry shall be allocated
according to the "IETF Review" procedure specified in .
Code points in the range
176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure
specified in .
The remaining code points are allocated according to :
ValueDescriptionReference0ReservedThis document1- 175UnassignedThis document176 - 239UnassignedThis document240 - 251ExperimentalThis document252 - 254Private UseThis document255ReservedThis documentThis document defines the following new values in SFC OAM TLV Type registry:ValueDescriptionReferenceTBA12Multiple TLVs UsedThis documentTBA13Source ID TLVThis documentTBA14Errored TLVsThis document
IANA is requested to allocate UDP port number according to
Service Name Port Number Transport Protocol Description Semantics Definition Reference SFC OAMTBA15UDPSFC OAM Echo ReplyThis document