MPLS Working Group Y. Liu Internet-Draft G. Mirsky Intended status: Standards Track ZTE Corporation Expires: January 13, 2021 July 12, 2020 MPLS-based Service Function Path(SFP) Consistency Verification draft-lm-mpls-sfc-path-verification-00 Abstract This document proposes a method to verify the correlation between Service Function Chaining control and/or management plane view of the specified Service Function Path and the state of its data. It works for both SR service programming and MPLS-based NSH SFC. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 13, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Liu & Mirsky Expires January 13, 2021 [Page 1] Internet-Draft LSP Ping for SFC July 2020 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions used in this document . . . . . . . . . . . . . . 2 2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 2 3. MPLS-based SFP Consistency Verification . . . . . . . . . . . 3 3.1. MPLS-based SFP Consistency Verification . . . . . . . . . 4 3.2. SFC Info Sub-TLV . . . . . . . . . . . . . . . . . . . . 4 3.3. SFC Basic Unit FEC Sub-TLV . . . . . . . . . . . . . . . 6 3.4. Theory of Operation . . . . . . . . . . . . . . . . . . . 6 3.4.1. MPLS-based service programming . . . . . . . . . . . 7 3.4.2. RFC 8595 path consistency . . . . . . . . . . . . . . 7 3.5. Discussion . . . . . . . . . . . . . . . . . . . . . . . 8 4. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Normative References . . . . . . . . . . . . . . . . . . 8 4.2. Informative References . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Service Function Chain (SFC) defines an ordered set of service functions (SFs) to be applied to packets and/or frames, and/or flows selected as a result of classification. SFC can be achieved through a variety of encapsulation methods, such as NSH [RFC8300], SR service programming [I-D.ietf-spring-sr-service-programming] and MPLS-based NSH SFC [RFC8595]. This document describes extensions to MPLS LSP ping [RFC8029] mechanisms to support verification between the control/management plane and the data plane state for both SR-MPLS service programming and MPLS-based NSH SFC. 2. Conventions used in this document 2.1. Acronyms SFC: Service Function Chain SFF: Service Function Forwarder SF: Service Function SFP: Service Function Path RSP: Rendered Service Path Liu & Mirsky Expires January 13, 2021 [Page 2] Internet-Draft LSP Ping for SFC July 2020 3. MPLS-based SFP Consistency Verification MPLS echo request and reply messages [RFC8029] can be extended to support the verification of the consistency of an MPLS-based Service Function Path (SFP). SR-MPLS/MPLS can be used to realize an SFP. Two methods have been defined: o [I-D.ietf-spring-sr-service-programming] describes how to achieve service function chaining in SR-enabled MPLS and IPv6 networks. In an SR-MPLS network, each SF is associated with an MPLS label. As a result, an SFP can be encoded as a stack of MPLS labels and pushed on top of the packet. o [RFC8595] provides another method to realize SFC in an MPLS network by means of using a logical representation of the Network Service Header (NSH) in an MPLS label stack. When an MPLS label stack is used to carry a logical NSH, a basic unit of representation is used, which can be present one or more times in the label stack. This unit comprises two MPLS labels, one carries a label to provide a context within the SFC scope (the SFC Context Label), and the other carries a label to show which SF is to be enacted (the SF Label). This two-label unit is shown in Figure 1. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SFC Context Label | TC |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Label | TC |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: The Basic Unit of MPLS Label Stack for SFC In MPLS Label Switched Paths (LSPs), MPLS LSP ping [RFC8029] is used to check the correctness of the data plane functioning and to verify the data plane against the control plane. The proposed extension of MPLS LSP ping allows verification of the correlation between the control/management (if data model-based central controller used) plane and the data plane state in SR-MPLS/ MPLS-based SFC. Generally, except for the designed specific functions, the packet processing functions supported by SFs are limited. SFs may not support MPLS OAM protocols like LSP ping, so SFFs are responsible for MPLS echo request processing. Liu & Mirsky Expires January 13, 2021 [Page 3] Internet-Draft LSP Ping for SFC July 2020 3.1. MPLS-based SFP Consistency Verification An MPLS SFC validation request/reply is an MPLS echo request/reply that includes an SFC validation TLV. Nodes examine and process the TLV only if configured to do so; other nodes MUST ignore the TLV and process the packet as a standard MPLS echo packet. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TLV Type=TBA1 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SFC Information Sub-TLV(s) | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: SFC Validation TLV SFC Information Sub-TLV: The Sub-TLV, as defined in Figure 3, MUST NOT be included in an MPLS SFC validation request. 3.2. SFC Info Sub-TLV Upon receiving the SFC validation request, the SFF MUST respond with an echo reply, which includes the SFC detailed information. The SFC detailed information is recorded in SFC info sub-TLV. Two types of sub-TLVs are defined in this section, and those are used in MPLS-based service programming [I-D.ietf-spring-sr-service-programming] and MPLS-based NSH [RFC8595] respectively. Liu & Mirsky Expires January 13, 2021 [Page 4] Internet-Draft LSP Ping for SFC July 2020 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | sub-TLV Type=TBA1 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SFF Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Type | SR Proxy Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: SFC Info Sub-TLV for SR-MPLS-based Service Programming Type TBA1 sub-TLV: used in SR-MPLS-based service programming SFF Label: represents the SID of the SFF SF Label: represents the service SID of the SF or SR proxy SF Type: indicates the type of SF, such as DPI, firewall, etc. SR Proxy Type: It is defined in [I-D.ietf-spring-sr-service-programming] and indicates the type of SR proxy if it exists. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | sub-TLV Type=TBA2 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SFC-FWD Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SFC context Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 4: SFC Info Sub-TLV for MPLS-based NSH Type TBA2 sub-TLV: used in MPLS-based NS SFC-FWD Type: indicates the forwarding type of the data plane, and has the following values: 0x10: MPLS-based NSH [RFC8595] label swapping Liu & Mirsky Expires January 13, 2021 [Page 5] Internet-Draft LSP Ping for SFC July 2020 0x11: MPLS-based NSH [RFC8595] label stacking SFC context Label: The meaning of the SFC context label depends on the SFC Type. If SFC-FWD Type is 0x10, the SFC context Label represents SPI. If SFC-FWD Type is 0x11, the SFC context Label represents the context label [RFC8595]. SF Label: The meaning of the SF label depends on the SFC-FWD Type. If SFC Type is 0x10, the SF Label represents SI. If SFC Type is 0x11, the SF Label represents the SFI index [RFC8595]. SF Type: It is defined in [I-D.ietf-bess-nsh-bgp-control-plane] and indicates the type of SF, such as DPI, firewall, etc. 3.3. SFC Basic Unit FEC Sub-TLV Unlike standard MPLS forwarding, which is based on a single label, in [RFC8595], packet forwarding is based on the basic unit of MPLS label stack for SFC(SFC Context Label+SF Label). A new FEC sub-TLV is defined in this document, which can be used to carry the corresponding FEC of the basic unit. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Route Distinguisher (RD) | | (8 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SF Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 5: SFC Basic Unit sub-TLV Route Distinguisher (RD): 8 octets field in SFIR Route Type specific NLRI [I-D.ietf-bess-nsh-bgp-control-plane] . SF Type: 2 octets. It is defined in [I-D.ietf-bess-nsh-bgp-control- plane] and indicates the type of SF, such as DPI, firewall, etc. A node that receives an LSP ping with the new FEC will check if it is its Route Distinguisher and whether it advertised that Service Function Type. 3.4. Theory of Operation An MPLS SFC validation request is an MPLS echo request with an SFC validation TLV, and the echo request is sent with a label stack corresponding to the SFP being tested. Liu & Mirsky Expires January 13, 2021 [Page 6] Internet-Draft LSP Ping for SFC July 2020 Sending an SFC echo request to the control plane is triggered by one of the following packet processing exceptions: IP TTL expiration, MPLS TTL expiration, or the receiver is the terminal SFF for an SFP. After general packet sanity verifying[RFC8029], section 3.4.1 and section 3.4.2 in this document separately describe the following processing procedures in service programming and MPLS-based NSH. After all SFFs on the SFP send back MPLS echo reply, the sender collects information about all traversed SFFs and SFs on the rendered service path (RSP). 3.4.1. MPLS-based service programming [I-D.ietf-spring-sr-service-programming] describes how a service can be associated with a SID to achieve service function chaining. In an SR-MPLS network, the SFP is encoded as a stack of MPLS labels. That stack is pushed on top of the packet. If an SFC validation TLV is present in the received echo request, an SFF MUST parse through the label stack until the next label is not a local service SID to get all the SFs attached to the SFF on the SFP and record the corresponding Label-stack-depth. The SFF then sends an MPLS echo reply with all the SF information recorded in SFC Information Sub-TLV, including the service SID and the SF type. 3.4.2. RFC 8595 path consistency [RFC8595] describes how Service Function Chaining (SFC) can be achieved in an MPLS network using a logical representation of the Network Service Header (NSH) in an MPLS label stack. SFC forwarding can be achieved by label swapping, label stacking, or the mix of both. When an SFF receives a packet containing an MPLS label stack, it examines the top basic unit of MPLS label stack for SFC, {SPI, SI} or {context label, SFI index}, to determine where to send the packet next. Upon receiving the SFC validation request, an SFF checks the MPLS label stack to get all the locally attached basic units for SFC. Then, the SFF sends back a reply message, including SFC info sub- TLVs, for each basic unit local to the SFF. Liu & Mirsky Expires January 13, 2021 [Page 7] Internet-Draft LSP Ping for SFC July 2020 3.5. Discussion In [RFC8595], it says, "when an SFF receives a packet from any component of the SFC system (classifier, SFI, or another SFF), it MUST discard any packets with TTL set to zero". To trace SFC, it should be changed to allow punting the packet to the control plane though under throttling control. 4. References 4.1. Normative References [I-D.ietf-bess-nsh-bgp-control-plane] Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L. Jalil, "BGP Control Plane for the Network Service Header in Service Function Chaining", draft-ietf-bess-nsh-bgp- control-plane-15 (work in progress), June 2020. [I-D.ietf-spring-sr-service-programming] Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca, d., Li, C., Decraene, B., Ma, S., Yadlapalli, C., Henderickx, W., and S. Salsano, "Service Programming with Segment Routing", draft-ietf-spring-sr-service- programming-02 (work in progress), March 2020. [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., Aldrin, S., and M. Chen, "Detecting Multiprotocol Label Switched (MPLS) Data-Plane Failures", RFC 8029, DOI 10.17487/RFC8029, March 2017, . [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., "Network Service Header (NSH)", RFC 8300, DOI 10.17487/RFC8300, January 2018, . [RFC8595] Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based Forwarding Plane for Service Function Chaining", RFC 8595, DOI 10.17487/RFC8595, June 2019, . 4.2. Informative References [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015, . Liu & Mirsky Expires January 13, 2021 [Page 8] Internet-Draft LSP Ping for SFC July 2020 Authors' Addresses Liu Yao ZTE Corporation No. 50 Software Ave, Yuhuatai Distinct Nanjing China Email: liu.yao71@zte.com.cn Greg Mirsky ZTE Corporation Email: gregimirsky@gmail.com Liu & Mirsky Expires January 13, 2021 [Page 9]