MPLS Working Group Y. Liu
Internet-Draft G. Mirsky
Intended status: Standards Track ZTE Corporation
Expires: January 13, 2021 July 12, 2020
MPLS-based Service Function Path(SFP) Consistency Verification
draft-lm-mpls-sfc-path-verification-00
Abstract
This document proposes a method to verify the correlation between
Service Function Chaining control and/or management plane view of the
specified Service Function Path and the state of its data. It works
for both SR service programming and MPLS-based NSH SFC.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 13, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Liu & Mirsky Expires January 13, 2021 [Page 1]
Internet-Draft LSP Ping for SFC July 2020
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions used in this document . . . . . . . . . . . . . . 2
2.1. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 2
3. MPLS-based SFP Consistency Verification . . . . . . . . . . . 3
3.1. MPLS-based SFP Consistency Verification . . . . . . . . . 4
3.2. SFC Info Sub-TLV . . . . . . . . . . . . . . . . . . . . 4
3.3. SFC Basic Unit FEC Sub-TLV . . . . . . . . . . . . . . . 6
3.4. Theory of Operation . . . . . . . . . . . . . . . . . . . 6
3.4.1. MPLS-based service programming . . . . . . . . . . . 7
3.4.2. RFC 8595 path consistency . . . . . . . . . . . . . . 7
3.5. Discussion . . . . . . . . . . . . . . . . . . . . . . . 8
4. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.1. Normative References . . . . . . . . . . . . . . . . . . 8
4.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
Service Function Chain (SFC) defines an ordered set of service
functions (SFs) to be applied to packets and/or frames, and/or flows
selected as a result of classification.
SFC can be achieved through a variety of encapsulation methods, such
as NSH [RFC8300], SR service programming
[I-D.ietf-spring-sr-service-programming] and MPLS-based NSH SFC
[RFC8595].
This document describes extensions to MPLS LSP ping [RFC8029]
mechanisms to support verification between the control/management
plane and the data plane state for both SR-MPLS service programming
and MPLS-based NSH SFC.
2. Conventions used in this document
2.1. Acronyms
SFC: Service Function Chain
SFF: Service Function Forwarder
SF: Service Function
SFP: Service Function Path
RSP: Rendered Service Path
Liu & Mirsky Expires January 13, 2021 [Page 2]
Internet-Draft LSP Ping for SFC July 2020
3. MPLS-based SFP Consistency Verification
MPLS echo request and reply messages [RFC8029] can be extended to
support the verification of the consistency of an MPLS-based Service
Function Path (SFP).
SR-MPLS/MPLS can be used to realize an SFP. Two methods have been
defined:
o [I-D.ietf-spring-sr-service-programming] describes how to achieve
service function chaining in SR-enabled MPLS and IPv6 networks.
In an SR-MPLS network, each SF is associated with an MPLS label.
As a result, an SFP can be encoded as a stack of MPLS labels and
pushed on top of the packet.
o [RFC8595] provides another method to realize SFC in an MPLS
network by means of using a logical representation of the Network
Service Header (NSH) in an MPLS label stack. When an MPLS label
stack is used to carry a logical NSH, a basic unit of
representation is used, which can be present one or more times in
the label stack. This unit comprises two MPLS labels, one carries
a label to provide a context within the SFC scope (the SFC Context
Label), and the other carries a label to show which SF is to be
enacted (the SF Label). This two-label unit is shown in Figure 1.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SFC Context Label | TC |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Label | TC |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: The Basic Unit of MPLS Label Stack for SFC
In MPLS Label Switched Paths (LSPs), MPLS LSP ping [RFC8029] is used
to check the correctness of the data plane functioning and to verify
the data plane against the control plane.
The proposed extension of MPLS LSP ping allows verification of the
correlation between the control/management (if data model-based
central controller used) plane and the data plane state in SR-MPLS/
MPLS-based SFC.
Generally, except for the designed specific functions, the packet
processing functions supported by SFs are limited. SFs may not
support MPLS OAM protocols like LSP ping, so SFFs are responsible for
MPLS echo request processing.
Liu & Mirsky Expires January 13, 2021 [Page 3]
Internet-Draft LSP Ping for SFC July 2020
3.1. MPLS-based SFP Consistency Verification
An MPLS SFC validation request/reply is an MPLS echo request/reply
that includes an SFC validation TLV.
Nodes examine and process the TLV only if configured to do so; other
nodes MUST ignore the TLV and process the packet as a standard MPLS
echo packet.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLV Type=TBA1 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| SFC Information Sub-TLV(s) |
~ ~
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: SFC Validation TLV
SFC Information Sub-TLV: The Sub-TLV, as defined in Figure 3, MUST
NOT be included in an MPLS SFC validation request.
3.2. SFC Info Sub-TLV
Upon receiving the SFC validation request, the SFF MUST respond with
an echo reply, which includes the SFC detailed information.
The SFC detailed information is recorded in SFC info sub-TLV.
Two types of sub-TLVs are defined in this section, and those are used
in MPLS-based service programming
[I-D.ietf-spring-sr-service-programming] and MPLS-based NSH [RFC8595]
respectively.
Liu & Mirsky Expires January 13, 2021 [Page 4]
Internet-Draft LSP Ping for SFC July 2020
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-TLV Type=TBA1 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SFF Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Type | SR Proxy Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: SFC Info Sub-TLV for SR-MPLS-based Service Programming
Type TBA1 sub-TLV: used in SR-MPLS-based service programming
SFF Label: represents the SID of the SFF
SF Label: represents the service SID of the SF or SR proxy
SF Type: indicates the type of SF, such as DPI, firewall, etc.
SR Proxy Type: It is defined in
[I-D.ietf-spring-sr-service-programming] and indicates the type of SR
proxy if it exists.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| sub-TLV Type=TBA2 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SFC-FWD Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SFC context Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: SFC Info Sub-TLV for MPLS-based NSH
Type TBA2 sub-TLV: used in MPLS-based NS
SFC-FWD Type: indicates the forwarding type of the data plane, and
has the following values:
0x10: MPLS-based NSH [RFC8595] label swapping
Liu & Mirsky Expires January 13, 2021 [Page 5]
Internet-Draft LSP Ping for SFC July 2020
0x11: MPLS-based NSH [RFC8595] label stacking
SFC context Label: The meaning of the SFC context label depends on
the SFC Type. If SFC-FWD Type is 0x10, the SFC context Label
represents SPI. If SFC-FWD Type is 0x11, the SFC context Label
represents the context label [RFC8595].
SF Label: The meaning of the SF label depends on the SFC-FWD Type.
If SFC Type is 0x10, the SF Label represents SI. If SFC Type is
0x11, the SF Label represents the SFI index [RFC8595].
SF Type: It is defined in [I-D.ietf-bess-nsh-bgp-control-plane] and
indicates the type of SF, such as DPI, firewall, etc.
3.3. SFC Basic Unit FEC Sub-TLV
Unlike standard MPLS forwarding, which is based on a single label, in
[RFC8595], packet forwarding is based on the basic unit of MPLS label
stack for SFC(SFC Context Label+SF Label). A new FEC sub-TLV is
defined in this document, which can be used to carry the
corresponding FEC of the basic unit.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Route Distinguisher (RD) |
| (8 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: SFC Basic Unit sub-TLV
Route Distinguisher (RD): 8 octets field in SFIR Route Type specific
NLRI [I-D.ietf-bess-nsh-bgp-control-plane] .
SF Type: 2 octets. It is defined in [I-D.ietf-bess-nsh-bgp-control-
plane] and indicates the type of SF, such as DPI, firewall, etc.
A node that receives an LSP ping with the new FEC will check if it is
its Route Distinguisher and whether it advertised that Service
Function Type.
3.4. Theory of Operation
An MPLS SFC validation request is an MPLS echo request with an SFC
validation TLV, and the echo request is sent with a label stack
corresponding to the SFP being tested.
Liu & Mirsky Expires January 13, 2021 [Page 6]
Internet-Draft LSP Ping for SFC July 2020
Sending an SFC echo request to the control plane is triggered by one
of the following packet processing exceptions: IP TTL expiration,
MPLS TTL expiration, or the receiver is the terminal SFF for an SFP.
After general packet sanity verifying[RFC8029], section 3.4.1 and
section 3.4.2 in this document separately describe the following
processing procedures in service programming and MPLS-based NSH.
After all SFFs on the SFP send back MPLS echo reply, the sender
collects information about all traversed SFFs and SFs on the rendered
service path (RSP).
3.4.1. MPLS-based service programming
[I-D.ietf-spring-sr-service-programming] describes how a service can
be associated with a SID to achieve service function chaining. In an
SR-MPLS network, the SFP is encoded as a stack of MPLS labels. That
stack is pushed on top of the packet.
If an SFC validation TLV is present in the received echo request, an
SFF MUST parse through the label stack until the next label is not a
local service SID to get all the SFs attached to the SFF on the SFP
and record the corresponding Label-stack-depth.
The SFF then sends an MPLS echo reply with all the SF information
recorded in SFC Information Sub-TLV, including the service SID and
the SF type.
3.4.2. RFC 8595 path consistency
[RFC8595] describes how Service Function Chaining (SFC) can be
achieved in an MPLS network using a logical representation of the
Network Service Header (NSH) in an MPLS label stack.
SFC forwarding can be achieved by label swapping, label stacking, or
the mix of both. When an SFF receives a packet containing an MPLS
label stack, it examines the top basic unit of MPLS label stack for
SFC, {SPI, SI} or {context label, SFI index}, to determine where to
send the packet next.
Upon receiving the SFC validation request, an SFF checks the MPLS
label stack to get all the locally attached basic units for SFC.
Then, the SFF sends back a reply message, including SFC info sub-
TLVs, for each basic unit local to the SFF.
Liu & Mirsky Expires January 13, 2021 [Page 7]
Internet-Draft LSP Ping for SFC July 2020
3.5. Discussion
In [RFC8595], it says, "when an SFF receives a packet from any
component of the SFC system (classifier, SFI, or another SFF), it
MUST discard any packets with TTL set to zero". To trace SFC, it
should be changed to allow punting the packet to the control plane
though under throttling control.
4. References
4.1. Normative References
[I-D.ietf-bess-nsh-bgp-control-plane]
Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L.
Jalil, "BGP Control Plane for the Network Service Header
in Service Function Chaining", draft-ietf-bess-nsh-bgp-
control-plane-15 (work in progress), June 2020.
[I-D.ietf-spring-sr-service-programming]
Clad, F., Xu, X., Filsfils, C., daniel.bernier@bell.ca,
d., Li, C., Decraene, B., Ma, S., Yadlapalli, C.,
Henderickx, W., and S. Salsano, "Service Programming with
Segment Routing", draft-ietf-spring-sr-service-
programming-02 (work in progress), March 2020.
[RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N.,
Aldrin, S., and M. Chen, "Detecting Multiprotocol Label
Switched (MPLS) Data-Plane Failures", RFC 8029,
DOI 10.17487/RFC8029, March 2017,
<https://www.rfc-editor.org/info/rfc8029>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/info/rfc8300>.
[RFC8595] Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based
Forwarding Plane for Service Function Chaining", RFC 8595,
DOI 10.17487/RFC8595, June 2019,
<https://www.rfc-editor.org/info/rfc8595>.
4.2. Informative References
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015,
<https://www.rfc-editor.org/info/rfc7665>.
Liu & Mirsky Expires January 13, 2021 [Page 8]
Internet-Draft LSP Ping for SFC July 2020
Authors' Addresses
Liu Yao
ZTE Corporation
No. 50 Software Ave, Yuhuatai Distinct
Nanjing
China
Email: liu.yao71@zte.com.cn
Greg Mirsky
ZTE Corporation
Email: gregimirsky@gmail.com
Liu & Mirsky Expires January 13, 2021 [Page 9]