Network Service Header (NSH) Metadata Type 2 Variable-Length Context Headers ZTE Corporation
No.50, Software Avenue Nanjing 210012 China wei.yuehua@zte.com.cn
Intel
uri.elzur@intel.com
Individual Contributor
Sum.majee@gmail.com
Cisco
cpignata@cisco.com
Futurewei Technologies
2386 Panoramic Circle Apopka FL 32703 United States of America +1-508-333-2270 d3e3e3@gmail.com
RTG SFC SFC metadata Service Function Chaining (SFC) uses the Network Service Header (NSH) (RFC 8300) to steer and provide context metadata (MD) with each packet. Such metadata can be of various types, including MD Type 2, consisting of Variable-Length Context Headers. This document specifies several such Context Headers that can be used within a Service Function Path (SFP).
Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .
Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.
Table of Contents
  • .  Introduction
  • .  Conventions Used in This Document
    • .  Terminology
    • .  Requirements Language
  • .  NSH MD Type 2 Format
  • .  NSH MD Type 2 Context Headers
    • .  Forwarding Context
    • .  Tenant ID
    • .  Ingress Network Node Information
    • .  Ingress Network Source Interface
    • .  Flow ID
    • .  Source and/or Destination Groups
    • .  Policy ID
  • .  Security Considerations
    • .  Forwarding Context
    • .  Tenant ID
    • .  Ingress Network Node Information
    • .  Ingress Node Source Interface
    • .  Flow ID
    • .  Source and/or Destination Groups
    • .  Policy ID
  • .  IANA Considerations
    • .  MD Type 2 Context Types
    • .  Forwarding Context Types
    • .  Flow ID Context Types
  • .  References
    • .  Normative References
    • .  Informative References
  • Acknowledgments
  • Authors' Addresses
Introduction The Network Service Header (NSH) is the Service Function Chaining (SFC) encapsulation that supports the SFC architecture . As such, the NSH provides the following key elements:
  1. Service Function Path (SFP) identification
  2. indication of location within an SFP
  3. optional, per-packet metadata (fixed-length or variable-length)
further defines two metadata formats (MD Types): 1 and 2. MD Type 1 defines the fixed-length, 16-octet metadata, whereas MD Type 2 defines a variable-length context format for metadata. This document defines several common metadata Context Headers for use within NSH MD Type 2. These supplement the Subscriber Identifier and Performance Policy MD Type 2 metadata Context Headers specified in . This document does not address metadata usage, updating/chaining of metadata, or other SFP functions. Those topics are described in .
Conventions Used in This Document
Terminology This document uses the terminology defined in the SFC architecture and the NSH .
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
NSH MD Type 2 Format An NSH is composed of a 4-octet Base Header, a 4-octet Service Path Header, and optional Context Headers. The Base Header identifies the MD Type in use:
NSH Base Header 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|MD Type| Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Please refer to the NSH for a detailed header description. When the Base Header specifies MD Type = 0x2, zero or more Variable-Length Context Headers MAY be added, immediately following the Service Path Header. below depicts the format of the Context Header as defined in .
NSH Variable-Length Context Headers 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable-Length Metadata | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
NSH MD Type 2 Context Headers specifies Metadata Class 0x0000 as IETF Base NSH MD Class. In this document, metadata types are defined for the IETF Base NSH MD Class. The Context Headers specified in the subsections below are as follows:
  1. Forwarding Context
  2. Tenant ID
  3. Ingress Network Node Information
  4. Ingress Node Source Interface
  5. Flow ID
  6. Source and/or Destination Groups
  7. Policy ID
Forwarding Context This metadata context carries a network forwarding context, used for segregation and forwarding scope. Forwarding context can take several forms depending on the network environment, for example, Virtual eXtensible Local Area Network (VXLAN) / Generic Protocol Extension for VXLAN (VXLAN-GPE) Virtual Network Identifier (VNID), VPN Routing and Forwarding (VRF) identification, or VLAN.
VLAN Forwarding Context 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x04 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x0 | Reserved | VLAN ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
QinQ Forwarding Context 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x04 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x1 |Resv | Service VLAN ID | Customer VLAN ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
MPLS VPN Forwarding Context 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x04 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x2 | Reserved | MPLS VPN Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
VNI Forwarding Context 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x04 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x3 | Resv | Virtual Network Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Session ID Forwarding Context 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x04 |U| Length = 8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x4 | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Context Type (CT):
This 4-bit field that defines the interpretation of the Forwarding Context field. Please see the IANA considerations in . This document defines these CT values:
0x0:
12-bit VLAN identifier . See .
0x1:
24-bit double tagging identifiers. A service VLAN tag followed by a customer VLAN tag . The two VLAN IDs are concatenated and appear in the same order that they appeared in the payload. See .
0x2:
20-bit MPLS VPN label . See .
0x3:
24-bit virtual network identifier (VNI) . See .
0x4:
32-bit Session ID . This is called Key in GRE . See .
Reserved (Resv):
These bits in the context fields MUST be sent as zero and ignored on receipt.
Tenant ID Tenant identification is often used for segregation within a multi-tenant environment. Orchestration system-generated Tenant IDs are an example of such data. This Context Header carries the value of the Tenant ID. Virtual Tenant Network (VTN) is an application that provides multi-tenant virtual networks on a Software-Defined Networking (SDN) controller.
Tenant ID List 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x05 |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Tenant ID ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Length:
Indicates the length of the Tenant ID in octets (see ).
Tenant ID:
Represents an opaque value pointing to orchestration system-generated Tenant ID. The structure and semantics of this field are specific to the operator's deployment across its operational domain and are specified and assigned by an orchestration function. The specifics of that orchestration-based assignment are outside the scope of this document.
Ingress Network Node Information This Context Header carries a Node ID of the network node at which the packet entered the SFC-enabled domain. This node will necessarily be a classifier . In cases where the Service Path Identifier (SPI) identifies the ingress node, this Context Header is superfluous.
Ingress Network Node ID 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x06 |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Node ID ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Length:
Indicates the length of the Node ID in octets (see ).
Node ID:
Represents an opaque value of the ingress network Node ID. The structure and semantics of this field are deployment specific. For example, Node ID may be a 4-octet IPv4 address Node ID, a 16-octet IPv6 address Node ID, a 6-octet MAC address, an 8-octet MAC address (64-bit Extended Unique Identifier (EUI-64)), etc.
Ingress Network Source Interface This context identifies the ingress interface of the ingress network node. The l2vlan (135), l3ipvlan (136), ipForward (142), and mpls (166) in are examples of source interfaces.
Ingress Network Source Interface 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x07 |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Source Interface ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Length:
Indicates the length of the Source Interface in octets (see ).
Source Interface:
Represents an opaque value of the identifier of the ingress interface of the ingress network node.
Flow ID Flow ID provides a field in NSH MD Type 2 to label packets belonging to the same flow. For example, defines IPv6 Flow Label as Flow ID. Another example of Flow ID is how defines an entropy label that is generated based on flow information in the MPLS network. Absence of this field or a value of zero denotes that packets have not been labeled with a Flow ID.
IPv6 Flow ID 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x08 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x0 | Reserved | IPv6 Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
MPLS Entropy Label 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x08 |U| Length = 4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |CT=0x1 | Reserved | MPLS entropy label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Length:
Indicates the length of the Flow ID in octets (see ). For example, the IPv6 Flow Label in is 20 bits long. An entropy label in the MPLS network in is also 20 bits long.
Context Type (CT):
This 4-bit field that defines the interpretation of the Flow ID field. Please see the IANA considerations in . This document defines these CT values:
0x0:
20-bit IPv6 Flow Label in . See .
0x1:
20-bit entropy label in the MPLS network in . See .
Reserved:
These bits in the context fields MUST be sent as zero and ignored on receipt.
Source and/or Destination Groups Intent-based systems can use this data to express the logical grouping of source and/or destination objects. and provide examples of such a system. Each is expressed as a 32-bit opaque object.
Source/Destination Groups 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x09 |U| Length=8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Group | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Group | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
If there is no group information specified for the Source Group or Destination Group field, the field MUST be sent as zero and ignored on receipt.
Policy ID Traffic handling policies are often referred to by a system-generated identifier, which is then used by the devices to look up the policy's content locally. For example, this identifier could be an index to an array, a lookup key, or a database ID. The identifier allows enforcement agents or services to look up the content of their part of the policy.
Policy ID 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class = 0x0000 | Type = 0x0A |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Policy ID ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The fields are described as follows:
Length:
Indicates the length of the Policy ID in octets (see ).
Policy ID:
Represents an opaque value of the Policy ID.
This Policy ID is a general Policy ID, essentially a key to allow Service Functions (SFs) to know which policies to apply to packets. Those policies generally will not have much to do with performance but rather with what specific treatment to apply. It may, for example, select a URL filter data set for a URL filter or select a video transcoding policy in a transcoding SF. The Performance Policy ID in is described there as having very specific use and, for example, says that fully controlled SFPs would not use it. The Policy ID in this document is for cases not covered by .
Security Considerations A misbehaving node from within the SFC-enabled domain may alter the content of the Context Headers, which may lead to service disruption. Such an attack is not unique to the Context Headers defined in this document. Measures discussed in describes the general security considerations for protecting the NSH. specifies methods of protecting the integrity of the NSH metadata. If the NSH includes the Message Authentication Code (MAC) and Encrypted Metadata Context Header , the authentication of the packet MUST be verified before using any data. If the verification fails, the receiver MUST stop processing the Variable-Length Context Headers and notify an operator. The security and privacy considerations for the 7 types of Context Headers specified above are discussed below. Since NSH-ignorant SFs will never see the NSH, then even if they are malign, they cannot compromise security or privacy based on the NSH or any of these Context Headers; however, they could cause compromise based on the rest of the packet. To the extent that any of these headers are included when they would be unneeded or have no effect, they provide a covert channel for the entity adding the Context Header to communicate a limited amount of arbitrary information to downstream entities within the SFC-enabled domain.
Forwarding Context All of the Forwarding Context variants specified in this document (those with CT values between 0 and 4) merely repeat a field that is available in the packet encapsulated by the NSH. These variants repeat that field in the NSH for convenience. Thus, there are no special security or privacy considerations in these cases. Any future new values of CT for the Forwarding Context must specify the security and privacy considerations for those extensions.
Tenant ID The Tenant ID indicates the tenant to which traffic belongs and might be used to tie together and correlate packets for a tenant that some monitoring function could not otherwise group, especially if other possible identifiers were being randomized. As such, it may reduce security by facilitating traffic analysis but only within the SFC-enabled domain where this Context Header is present in packets.
Ingress Network Node Information The SFC-enabled domain manager normally operates the initial ingress/classifier node and is thus potentially aware of the information provided by this Context Header. Furthermore, in many cases, the SPI that will be present in the NSH identifies or closely constrains the ingress node. Also, in most cases, it is anticipated that many entities will be sending packets into an SFC-enabled domain through the same ingress node. Thus, under most circumstances, this Context Header is expected to weaken security and privacy to only a minor extent and only within the SFC-enabled domain.
Ingress Node Source Interface This Context Header is likely to be meaningless unless the Ingress Network Node Information Context Header is also present. When that node information header is present, this source interface header provides a more fine-grained view of the source by identifying not just the initial ingress/classifier node but also the port of that node on which the data arrived. Thus, it is more likely to identify a specific source entity or at least to more tightly constrain the set of possible source entities than just the node information header. As a result, inclusion of this Context Header with the node information Context Header is potentially a greater threat to security and privacy than the node information header alone, but this threat is still constrained to the SFC-enabled domain.
Flow ID The variations of this Context Header specified in this document simply repeat fields already available in the packet and thus have no special security or privacy considerations. Any future new values of CT for the Flow ID must specify the security and privacy considerations for those extensions.
Source and/or Destination Groups This Context Header provides additional information that might help identify the source and/or destination of packets. Depending on the granularity of the groups, it could either (1) distinguish packets as part of flows from and/or to objects where those flows could not otherwise be easily distinguished but appear to be part of one or fewer flows or (2) group packet flows that are from and/or to an object where those flows could not otherwise be easily grouped for analysis or another purpose. Thus, the presence of this Context Header with non-zero source and/or destination groups can, within the SFC-enabled domain, erode security and privacy to an extent that depends on the details of the grouping.
Policy ID This Context Header carries an identifier that nodes in the SFC-enabled domain can use to look up policy to potentially influence their actions with regard to the packet carrying this header. If there are no such decisions regarding their actions, then the header should not be included. If there are such decisions, the information on which they are to be based needs to be included somewhere in the packet. There is no reason for inclusion in this Context Header to have any security or privacy considerations that would not apply to any other plaintext way of including such information. It may provide additional information to help identify a flow of data for analysis.
IANA Considerations
MD Type 2 Context Types IANA has assigned the following types () from the "NSH IETF-Assigned Optional Variable-Length Metadata Types" registry available at . Type Values
Value Description Reference
0x04 Forwarding Context RFC 9263
0x05 Tenant ID RFC 9263
0x06 Ingress Network Node ID RFC 9263
0x07 Ingress Network Interface RFC 9263
0x08 Flow ID RFC 9263
0x09 Source and/or Destination Groups RFC 9263
0x0A Policy ID RFC 9263
Forwarding Context Types IANA has created a new subregistry for "Forwarding Context Types" at as follows. The registration policy is IETF Review. Forwarding Context Types
Value Description Reference
0x0 12-bit VLAN identifier RFC 9263
0x1 24-bit double tagging identifiers RFC 9263
0x2 20-bit MPLS VPN label RFC 9263
0x3 24-bit virtual network identifier (VNI) RFC 9263
0x4 32-bit Session ID RFC 9263
0x5-0xE Unassigned
0xF Reserved RFC 9263
Flow ID Context Types IANA has created a new subregistry for "Flow ID Context Types" at as follows. The registration policy is IETF Review. Flow ID Context Types
Value Description Reference
0x0 20-bit IPv6 Flow Label RFC 9263
0x1 20-bit entropy label in the MPLS network RFC 9263
0x2-0xE Unassigned
0xF Reserved RFC 9263
References Normative References Network Service Header (NSH) Parameters IANA IEEE Standard for Local and Metropolitan Area Network -- Bridges and Bridged Networks IEEE Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Layer Two Tunneling Protocol - Version 3 (L2TPv3) This document describes "version 3" of the Layer Two Tunneling Protocol (L2TPv3). L2TPv3 defines the base control protocol and encapsulation for tunneling multiple Layer 2 connections between two IP nodes. Additional documents detail the specifics for each data link type being emulated. [STANDARDS-TRACK] Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Network Service Header (NSH) This document describes a Network Service Header (NSH) imposed on packets or frames to realize Service Function Paths (SFPs). The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the Service Function Chaining (SFC) encapsulation required to support the SFC architecture (defined in RFC 7665). Integrity Protection for the Network Service Header (NSH) and Encryption of Sensitive Context Headers This specification presents an optional method to add integrity protection directly to the Network Service Header (NSH) used for Service Function Chaining (SFC). Also, this specification allows for the encryption of sensitive metadata (MD) that is carried in the NSH. Informative References IANAifType-MIB DEFINITIONS IANA Group Based Policy User Guide OpenDaylight OpenDaylight VTN OpenDaylight GroupBasedPolicy OpenStack Key and Sequence Number Extensions to GRE This document describes extensions by which two fields, Key and Sequence Number, can be optionally carried in the GRE Header. [STANDARDS-TRACK] MPLS Label Stack Encoding This document specifies the encoding to be used by an LSR in order to transmit labeled packets on Point-to-Point Protocol (PPP) data links, on LAN data links, and possibly on other data links as well. This document also specifies rules and procedures for processing the various fields of the label stack encoding. [STANDARDS-TRACK] BGP/MPLS IP Virtual Private Networks (VPNs) This document describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customers. This method uses a "peer model", in which the customers' edge routers (CE routers) send their routes to the Service Provider's edge routers (PE routers); there is no "overlay" visible to the customer's routing algorithm, and CE routers at different sites do not peer with each other. Data packets are tunneled through the backbone, so that the core routers do not need to know the VPN routes. [STANDARDS-TRACK] The Use of Entropy Labels in MPLS Forwarding Load balancing is a powerful tool for engineering traffic across a network. This memo suggests ways of improving load balancing across MPLS networks using the concept of "entropy labels". It defines the concept, describes why entropy labels are useful, enumerates properties of entropy labels that allow maximal benefit, and shows how they can be signaled and used for various applications. This document updates RFCs 3031, 3107, 3209, and 5036. [STANDARDS-TRACK] Service Function Chaining (SFC) Architecture This document describes an architecture for the specification, creation, and ongoing maintenance of Service Function Chains (SFCs) in a network. It includes architectural concepts, principles, and components used in the construction of composite services through deployment of SFCs, with a focus on those to be standardized in the IETF. This document does not propose solutions, protocols, or extensions to existing protocols. Internet Protocol, Version 6 (IPv6) Specification This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460. Geneve: Generic Network Virtualization Encapsulation Network virtualization involves the cooperation of devices with a wide variety of capabilities such as software and hardware tunnel endpoints, transit fabrics, and centralized control clusters. As a result of their role in tying together different elements of the system, the requirements on tunnels are influenced by all of these components. Therefore, flexibility is the most important aspect of a tunneling protocol if it is to keep pace with the evolution of technology. This document describes Geneve, an encapsulation protocol designed to recognize and accommodate these changing capabilities and needs. Subscriber and Performance Policy Identifier Context Headers in the Network Service Header (NSH) This document defines the Subscriber and Performance Policy Identifier Context Headers. These Variable-Length Context Headers can be carried in the Network Service Header (NSH) and are used to inform Service Functions (SFs) of subscriber- and performance-related information for the sake of policy enforcement and appropriate Service Function Chaining (SFC) operations. The structure of each Context Header and their use and processing by NSH-aware nodes are described.
Acknowledgments The authors would like to thank , , , , , and for providing invaluable concepts and content for this document.
Authors' Addresses ZTE Corporation
No.50, Software Avenue Nanjing 210012 China wei.yuehua@zte.com.cn
Intel
uri.elzur@intel.com
Individual Contributor
Sum.majee@gmail.com
Cisco
cpignata@cisco.com
Futurewei Technologies
2386 Panoramic Circle Apopka FL 32703 United States of America +1-508-333-2270 d3e3e3@gmail.com