Operations, Administration, and Maintenance (OAM) Packet and Behavior in the Network Service Header (NSH) Orange
Rennes 35000 France mohamed.boucadair@orange.com
rtg sfc Diagnostic Troubelshooting Service Function Chaining Automation SDN Programmable Networks Service Differentiation This document clarifies an ambiguity in the Network Service Header (NSH) specification related to the handling of O bit. In particular, this document clarifies the meaning of "OAM packet". This document updates RFC 8300.
Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .
Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.
Table of Contents
  • .  Introduction
  • .  Terminology
  • .  An Update to RFC 8300
  • .  IANA Considerations
  • .  Security Considerations
  • .  References
    • .  Normative References
    • .  Informative References
  • Acknowledgments
  • Author's Address
Introduction This document clarifies an ambiguity related to the definition of the Operations, Administration, and Maintenance (OAM) packet discussed in . Processing of the O bit in the Network Service Header (NSH) must follow the updated behavior specified in .
Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. This document makes use of the terms defined in and . The document defines the following terms:
Service Function Chaining (SFC) data plane element:
refers to the SFC-aware Service Function (SF), Service Function Forwarder (SFF), SFC Proxy, or Classifier as defined in the SFC data plane architecture and further refined in .
OAM control element:
an NSH-aware element that is capable of generating NSH OAM packets. An SFC data plane element may behave as an OAM control element.
SFC OAM data:
refers to an OAM request (e.g., Connectivity Verification and Continuity Checks ), any data that influences how to execute a companion OAM request (e.g., identity of a terminating SF), the output data of an OAM request, and any combination thereof.
User data:
refers to user packets cited in .
An Update to RFC 8300 This document updates as follows: OLD:
O bit:
Setting this bit indicates an OAM packet (see ). The actual format and processing of SFC OAM packets is outside the scope of this specification (for example, see [SFC-OAM-FRAMEWORK] for one approach). The O bit MUST be set for OAM packets and MUST NOT be set for non-OAM packets. The O bit MUST NOT be modified along the SFP. SF/SFF/SFC Proxy/Classifier implementations that do not support SFC OAM procedures SHOULD discard packets with O bit set, but MAY support a configurable parameter to enable forwarding received SFC OAM packets unmodified to the next element in the chain. Forwarding OAM packets unmodified by SFC elements that do not support SFC OAM procedures may be acceptable for a subset of OAM functions, but it can result in unexpected outcomes for others; thus, it is recommended to analyze the impact of forwarding an OAM packet for all OAM functions prior to enabling this behavior. The configurable parameter MUST be disabled by default.
NEW:
O bit:
Setting this bit indicates an NSH OAM packet. Such a packet is any NSH-encapsulated packet that exclusively includes SFC OAM data. SFC OAM data can be included in the Fixed-Length Context Header, optional Context Headers, and/or the inner packet. The O bit is typically set by an OAM controller or a final destination of an NSH OAM packet that triggers a response (e.g., a specific SFC-aware SF or the last SFF of an SFP). The O bit MUST be set for NSH OAM packets and MUST NOT be set for non-OAM packets. The O bit MUST NOT be modified along the SFP. NSH-encapsulated packets that include user data are not considered NSH OAM packets even if some SFC OAM data (e.g., record route) is also supplied in the packet. When SFC OAM data is included in the inner packet, the Next Protocol field is set to reflect the structure of that inner OAM packet. The setting and processing of the O bit neither assumes nor expects detailed analysis of the content of any inner IP packet carried by the NSH. In order to prevent non-deterministic behaviors, SFC data plane elements MAY support a configuration parameter to filter valid Next Protocol values in NSH OAM packets. Absent explicit configuration, SFFs, SFC-aware SFs, and SFC Proxies SHOULD discard any NSH packets with the O bit set and Next Protocol set to something that is not itself an OAM protocol. This includes discarding the packet when the O bit is set and the Next Protocol is set to 0x01 (IPv4), 0x02 (IPv6), 0x03 (MPLS), or 0x05 (Ethernet). An NSH OAM packet MAY include optional Context Headers (e.g., a subscriber identifier or a flow identifier ) that are used to influence the processing of the packet by SFC data plane elements. An NSH OAM packet MAY include SFC OAM data in both Context Headers and the inner packet. The processing of the SFC OAM data (including the order) SHOULD be specified in the relevant OAM or Context Header specification. SFC-aware implementations of SF, SFF, SFC Proxy, and Classifier that do not support SFC OAM procedures SHOULD discard packets with the O bit set but MAY support a configurable parameter to enable forwarding received NSH OAM packets unmodified to the next element in the chain. Forwarding NSH OAM packets unmodified by SFC data plane elements that do not support SFC OAM procedures may be acceptable for a subset of OAM functions, but it can result in unexpected outcomes for others. Thus, it is recommended to analyze the impact of forwarding an NSH OAM packet for all OAM functions prior to enabling this behavior. The configurable parameter MUST be disabled by default. The actual format and additional processing of NSH OAM packets is outside the scope of this specification.
IANA Considerations This document has no IANA actions.
Security Considerations Data plane SFC-related security considerations, including privacy, are discussed in and . Additional security considerations related to SFC OAM are discussed in . Any data included in an NSH OAM packet SHOULD be integrity protected .
References Normative References Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Network Service Header (NSH) This document describes a Network Service Header (NSH) imposed on packets or frames to realize Service Function Paths (SFPs). The NSH also provides a mechanism for metadata exchange along the instantiated service paths. The NSH is the Service Function Chaining (SFC) encapsulation required to support the SFC architecture (defined in RFC 7665). Integrity Protection for the Network Service Header (NSH) and Encryption of Sensitive Context Headers This specification presents an optional method to add integrity protection directly to the Network Service Header (NSH) used for Service Function Chaining (SFC). Also, this specification allows for the encryption of sensitive metadata (MD) that is carried in the NSH. Informative References Guidelines for the Use of the "OAM" Acronym in the IETF At first glance, the acronym "OAM" seems to be well-known and well-understood. Looking at the acronym a bit more closely reveals a set of recurring problems that are revisited time and again. This document provides a definition of the acronym "OAM" (Operations, Administration, and Maintenance) for use in all future IETF documents that refer to OAM. There are other definitions and acronyms that will be discussed while exploring the definition of the constituent parts of the "OAM" term. This memo documents an Internet Best Current Practice. An Overview of Operations, Administration, and Maintenance (OAM) Tools Operations, Administration, and Maintenance (OAM) is a general term that refers to a toolset for fault detection and isolation, and for performance measurement. Over the years, various OAM tools have been defined for various layers in the protocol stack. This document summarizes some of the OAM tools defined in the IETF in the context of IP unicast, MPLS, MPLS Transport Profile (MPLS-TP), pseudowires, and Transparent Interconnection of Lots of Links (TRILL). This document focuses on tools for detecting and isolating failures in networks and for performance monitoring. Control and management aspects of OAM are outside the scope of this document. Network repair functions such as Fast Reroute (FRR) and protection switching, which are often triggered by OAM protocols, are also out of the scope of this document. The target audience of this document includes network equipment vendors, network operators, and standards development organizations. This document can be used as an index to some of the main OAM tools defined in the IETF. At the end of the document, a list of the OAM toolsets and a list of the OAM functions are presented as a summary. Service Function Chaining (SFC) Architecture This document describes an architecture for the specification, creation, and ongoing maintenance of Service Function Chains (SFCs) in a network. It includes architectural concepts, principles, and components used in the construction of composite services through deployment of SFCs, with a focus on those to be standardized in the IETF. This document does not propose solutions, protocols, or extensions to existing protocols. Service Function Chaining (SFC) Operations, Administration, and Maintenance (OAM) Framework This document provides a reference framework for Operations, Administration, and Maintenance (OAM) for Service Function Chaining (SFC). Subscriber and Performance Policy Identifier Context Headers in the Network Service Header (NSH) This document defines the Subscriber and Performance Policy Identifier Context Headers. These Variable-Length Context Headers can be carried in the Network Service Header (NSH) and are used to inform Service Functions (SFs) of subscriber- and performance-related information for the sake of policy enforcement and appropriate Service Function Chaining (SFC) operations. The structure of each Context Header and their use and processing by NSH-aware nodes are described. Network Service Header (NSH) Metadata Type 2 Variable-Length Context Headers Service Function Chaining (SFC) uses the Network Service Header (NSH) (RFC 8300) to steer and provide context metadata (MD) with each packet. Such metadata can be of various types, including MD Type 2, consisting of Variable-Length Context Headers. This document specifies several such Context Headers that can be used within a Service Function Path (SFP).
Acknowledgments Thanks to , , , , , , and for the comments. Thanks to for the art directorate review and for the security directorate review. Thanks to and for their IESG reviews.
Author's Address Orange
Rennes 35000 France mohamed.boucadair@orange.com