Routing Area Working Group G. Mirsky
Internet-Draft
Intended status: Standards Track E. Nordmark
Expires: April 27, 2017 Arista Networks
N. Kumar
D. Kumar
Cisco Systems, Inc.
M. Chen
Y. Li
Huawei Technologies
D. Mozes
Mellanox Technologies Ltd.
D. Dolson
Sandvine
I. Bagdonas
October 24, 2016
On-demand Continuity Check (CC) and Connectivity Verification(CV) for
Overlay Networks
draft-ooamdt-rtgwg-demand-cc-cv-01
Abstract
This document defines Overlay Echo Request and Echo Reply that enable
on-demand Continuity Check, Connectivity Verification among other
operations in overlay networks.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 27, 2017.
Mirsky, et al. Expires April 27, 2017 [Page 1]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions used in this document . . . . . . . . . . . . 3
1.1.1. Terminology . . . . . . . . . . . . . . . . . . . . . 3
1.1.2. Requirements Language . . . . . . . . . . . . . . . . 3
2. On-demand Continuity Check and Connectivity Verification . . 3
2.1. Overlay Echo Request Transmission . . . . . . . . . . . . 5
2.2. Overlay Echo Request Reception . . . . . . . . . . . . . 5
2.3. Overlay Echo Reply Transmission . . . . . . . . . . . . . 5
2.4. Overlay Echo Reply Reception . . . . . . . . . . . . . . 6
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
3.1. Overlay Echo Request/Echo Reply Type . . . . . . . . . . 6
3.2. Overlay Ping Parameters . . . . . . . . . . . . . . . . . 6
3.3. Overlay Echo Request/Echo Reply Message Types . . . . . . 6
3.4. Overlay Echo Reply Modes . . . . . . . . . . . . . . . . 7
4. Security Considerations . . . . . . . . . . . . . . . . . . . 7
5. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
6.1. Normative References . . . . . . . . . . . . . . . . . . 8
6.2. Informative References . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
Operations, Administration, and Maintenance (OAM) toolset provides
methods for fault management and performance monitoring in each layer
of the network, in order to improve their ability to support services
with guaranteed and strict Service Level Agreements (SLAs) while
reducing operational costs.
Mirsky, et al. Expires April 27, 2017 [Page 2]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
1.1. Conventions used in this document
1.1.1. Terminology
Term "Overlay OAM" used in this document interchangeably with longer
version "set of OAM protocols, methods and tools for Overlay
networks". And "Overlay ping" is used intercheangeably with longer
version Ovelay Echo Request/Reply.
CC Continuity Check
CV Connectivity Verification
FM Fault Management
Geneve Generic Network Virtualization Encapsulation
GUE Generic UDP Encapsulation
MPLS Multiprotocol Label Switching
NVO3 Network Virtualization Overlays
OAM Operations, Administration, and Maintenance
SFC Service Function Chaining
SFP Service Function Path
VXLAN Virtual eXtensible Local Area Network
VXLAN-GPE Generic Protocol Extension for VXLAN
1.1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
2. On-demand Continuity Check and Connectivity Verification
The format of the Echo Request/Echo Reply control packet is to
support ping and traceroute functionality in overlay networks
Figure 1 resembles the format of MPLS LSP Ping [RFC4379] with some
exceptions.
Mirsky, et al. Expires April 27, 2017 [Page 3]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version Number | Global Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Type | Reply mode | Return Code | Return S.code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender's Handle |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ TLVs ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: Overlay OAM Ping format
The interpretation of the fields is as following:
The Version reflects the current version. The version number is
to be incremented whenever a change is made that affects the
ability of an implementation to correctly parse or process control
packet.
The Global Flags is a bit vector field
The Message Type filed reflects the type of the packet. Value
TBA2 identifies Echo Request and TBA3 - Echo Reply
The Reply Mode defines the type of the return path requested by
the sender of the Echo Request.
Return Codes and Subcodes can be used to inform the sender about
result of processing its request.
The Sender's Handle is filled in by the sender, and returned
unchanged by the receiver in the Echo Reply.
The Sequence Number is assigned by the sender and can be (for
example) used to detect missed replies.
TLVs (Type-Length-Value tuples) have the two octets long Type
field, two octets long Length field that is length of the Value
field in octets.
Mirsky, et al. Expires April 27, 2017 [Page 4]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
2.1. Overlay Echo Request Transmission
Overlay Echo Request control packet MUST use the appropriate
encapsulation of the monitored overlay network. Overlay network
encpsulation MUST identify Echo Request as OAM packet. Overlay
encapsulation uses different methods to identify OAM payload
[I-D.ietf-nvo3-vxlan-gpe], [I-D.ietf-nvo3-gue],
[I-D.ietf-nvo3-geneve],
[I-D.ietf-sfc-nsh],[I-D.ietf-bier-mpls-encapsulation]. Overlay
network's header MUST be immediately followed by the Overlay OAM
Header [I-D.ooamdt-rtgwg-ooam-header]. Message Type field in the
Overlay OAM Header MUST be set to Overlay Echo Request value (TBA2).
Value of the Reply Mode field MAY be set to:
o Do Not Reply (TBA4) if one-way monitoring is desired. If Echo
Request is used to measure synthetic packet loss, the receiver MAY
report loss measurement results to a remote node.
o Reply via an IPv4/IPv6 UDP Packet (TBA5) value likely will be the
most used.
o Reply via Application Level Control Channel (TBA6) value if the
overlay network MAY have bi-directional paths.
o Reply via Specified Path (TBA7) value in order to enforce use of
the particular return path specified in the included TLV to verify
bi-directional continuity and also increase robustness of the
monitoring by selecting more stable path.
2.2. Overlay Echo Request Reception
2.3. Overlay Echo Reply Transmission
The Reply Mode field directs whether and how the Echo Reply message
should be sent. The sender of the Echo Request MAY use TLVs to
request that corresponding Echo Reply be sent using the specified
path. Value TBA3 is referred as "Do not reply" mode and suppresses
transmission of Echo Reply packet. Default value (TBA5) for the
Reply mode field requests the responder to send the Echo Reply packet
out-of-band as IPv4 or IPv6 UDP packet. [Selection of destination
and source IP addresses and UDP port numbers to be provided in the
next update.]
Mirsky, et al. Expires April 27, 2017 [Page 5]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
2.4. Overlay Echo Reply Reception
3. IANA Considerations
3.1. Overlay Echo Request/Echo Reply Type
IANA is requested to assign new type from the Overlay OAM Protocol
Types registry as follows:
+-------+---------------------------------+---------------+
| Value | Description | Reference |
+-------+---------------------------------+---------------+
| TBA1 | Overlay Echo Request/Echo Reply | This document |
+-------+---------------------------------+---------------+
Table 1: Overlay Echo Request/Echo Reply Type
3.2. Overlay Ping Parameters
IANA is requested to create new Overlay Echo Request/Echo Reply
Parameters registry.
3.3. Overlay Echo Request/Echo Reply Message Types
IANA is requested to create in the Overlay Echo Request/Echo Reply
Parameters registry the new sub-registry Message Types. All code
points in the range 1 through 191 in this registry shall be allocated
according to the "IETF Review" procedure as specified in [RFC5226]
and assign values as follows:
+------------+----------------------+-------------------------+
| Value | Description | Reference |
+------------+----------------------+-------------------------+
| 0 | Reserved | |
| TBA2 | Overlay Echo Request | This document |
| TBA3 | Overlay Echo Reply | This document |
| TBA3+1-191 | Unassigned | IETF Review |
| 192-251 | Unassigned | First Come First Served |
| 252-254 | Unassigned | Private Use |
| 255 | Reserved | |
+------------+----------------------+-------------------------+
Table 2: Overlay Echo Request/Echo Reply Message Types
Mirsky, et al. Expires April 27, 2017 [Page 6]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
3.4. Overlay Echo Reply Modes
IANA is requested to create in the Overlay Echo Request/Echo Reply
Parameters registry the new sub-registry Reply Modes All code points
in the range 1 through 191 in this registry shall be allocated
according to the "IETF Review" procedure as specified in [RFC5226]
and assign values as follows:
+------------+---------------------------------+--------------------+
| Value | Description | Reference |
+------------+---------------------------------+--------------------+
| 0 | Reserved | |
| TBA4 | Do Not Reply | This document |
| TBA5 | Reply via an IPv4/IPv6 UDP | This document |
| | Packet | |
| TBA6 | Reply via Application Level | This document |
| | Control Channel | |
| TBA7 | Reply via Specified Path | This document |
| TBA7+1-191 | Unassigned | IETF Review |
| 192-251 | Unassigned | First Come First |
| | | Served |
| 252-254 | Unassigned | Private Use |
| 255 | Reserved | |
+------------+---------------------------------+--------------------+
Table 3: Overlay Echo Reply Modes
4. Security Considerations
Overlay EchoRequest/Replay operates withing the domain of the overlay
network and thus inherits any security considerations that apply to
the use of that overlay technology and, consequently, underlay data
plane. Also, the security needs for Overlay Echo Request/Reply are
similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping
[I-D.ietf-mpls-rfc4379bis].
There are at least three approaches of attacking a node in the
overlay network using the mechanisms defined in the document. One is
a Denial-of-Service attack, by sending Overlay ping to overload a
node in the overlay network. The second may use spoofing, hijacking,
replaying, or otherwise tampering with Overlay Echo Requests and/or
Replies to misrepresent, alter operator's view of the state of the
overlay network. The third is an unauthorized source using an
Overlay Echo Request/Reply to obtain information about the overlay
and/or underlay network.
Mirsky, et al. Expires April 27, 2017 [Page 7]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
To mitigate potential Denial-of-Service attacks, it is RECOMMENDED
that implementations throttle the Overlay ping traffic going to the
control plane.
Replay and spoofing attacks involving faking or replaying Overlay
Echo Reply messages would have to match the Sender's Handle and
Sequence Number of an outstanding Overlay Echo Request message which
is highl unlikely. Thus the non-matching replay would be discarded.
But since "even a broken clock is right twice a day" implementions
MAY use Timestamp control block [I-D.ooamdt-rtgwg-ooam-header] to
validate the TimeStamp Sent by requiring an exact match on this
field.
To protect against unauthorized sources trying to obtain information
about the overlay and/or underlay an implementation MAY check that
the source of the Echo Request is indeed part of the overlay domain.
5. Acknowledgement
TBD
6. References
6.1. Normative References
[I-D.ietf-bier-mpls-encapsulation]
Wijnands, I., Rosen, E., Dolganow, A., Tantsura, J.,
Aldrin, S., and I. Meilik, "Encapsulation for Bit Index
Explicit Replication in MPLS Networks", draft-ietf-bier-
mpls-encapsulation-05 (work in progress), July 2016.
[I-D.ietf-nvo3-geneve]
Gross, J., Ganga, I., and T. Sridhar, "Geneve: Generic
Network Virtualization Encapsulation", draft-ietf-
nvo3-geneve-03 (work in progress), September 2016.
[I-D.ietf-nvo3-gue]
Herbert, T., Yong, L., and O. Zia, "Generic UDP
Encapsulation", draft-ietf-nvo3-gue-04 (work in progress),
July 2016.
[I-D.ietf-nvo3-vxlan-gpe]
Kreeger, L. and U. Elzur, "Generic Protocol Extension for
VXLAN", draft-ietf-nvo3-vxlan-gpe-02 (work in progress),
April 2016.
Mirsky, et al. Expires April 27, 2017 [Page 8]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
[I-D.ietf-sfc-nsh]
Quinn, P. and U. Elzur, "Network Service Header", draft-
ietf-sfc-nsh-10 (work in progress), September 2016.
[]
Mirsky, G., Nordmark, E., Kumar, N., Kumar, D., Chen, M.,
Yizhou, L., Mozes, D., Dolson, D., and I. Bagdonas, "OAM
Header for use in Overlay Networks", draft-ooamdt-rtgwg-
ooam-header-01 (work in progress), October 2016.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
6.2. Informative References
[I-D.ietf-mpls-rfc4379bis]
Kompella, K., Pignataro, C., Kumar, N., Aldrin, S., and M.
Chen, "Detecting Multi-Protocol Label Switched (MPLS) Data
Plane Failures", draft-ietf-mpls-rfc4379bis-07 (work in
progress), September 2016.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<http://www.rfc-editor.org/info/rfc792>.
[RFC4379] Kompella, K. and G. Swallow, "Detecting Multi-Protocol
Label Switched (MPLS) Data Plane Failures", RFC 4379,
DOI 10.17487/RFC4379, February 2006,
<http://www.rfc-editor.org/info/rfc4379>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", RFC 4443,
DOI 10.17487/RFC4443, March 2006,
<http://www.rfc-editor.org/info/rfc4443>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
Authors' Addresses
Greg Mirsky
Email: gregimirsky@gmail.com
Mirsky, et al. Expires April 27, 2017 [Page 9]
Internet-Draft On-demand CC/CV for Overlay Networks October 2016
Erik Nordmark
Arista Networks
Email: nordmark@acm.org
Nagendra Kumar
Cisco Systems, Inc.
Email: naikumar@cisco.com
Deepak Kumar
Cisco Systems, Inc.
Email: dekumar@cisco.com
Mach Chen
Huawei Technologies
Email: mach.chen@huawei.com
Yizhou Li
Huawei Technologies
Email: liyizhou@huawei.com
David Mozes
Mellanox Technologies Ltd.
Email: davidm@mellanox.com
David Dolson
Sandvine
Email: ddolson@sandvine.com
Ignas Bagdonas
Email: ibagdona@gmail.com
Mirsky, et al. Expires April 27, 2017 [Page 10]