Internet-Draft | Active OAM for SFC | July 2023 |
Mirsky, et al. | Expires 8 January 2024 | [Page] |
A set of requirements for active Operation, Administration, and Maintenance (OAM) of Service Function Chains (SFCs) in a network is presented in this document. Based on these requirements, an encapsulation of active OAM messages in SFC and a mechanism to detect and localize defects are described.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 January 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
[RFC7665] defines data plane elements necessary to implement a Service Function Chaining (SFC). These include:¶
There are different views from different levels of the SFC. One is the service function chain, an entirely abstract view, which defines an ordered set of SFs that must be applied to packets selected based on classification rules. But service function chain doesn't specify the exact mapping between SFFs and SFs. Thus, another logical construct used in SFC is a Service Function Path (SFP). According to [RFC7665], SFP is the instantiation of the SFC in the network and provides a level of indirection between the entirely abstract SFCs and a fully specified ordered list of SFFs and SFs identities that the packet will visit when it traverses the SFC. The latter entity is referred to as Rendered Service Path (RSP). The main difference between SFP and RSP is that the former is the logical construct, while the latter is the realization of the SFP via the sequence of specific SFC data plane elements.¶
This document defines how active Operation, Administration and Maintenance (OAM), per [RFC7799] definition of active OAM, is implemented when Network Service Header (NSH) [RFC8300] is used as the SFC encapsulation. Following the analysis of SFC OAM in [RFC8924], this document applies and, when necessary, extends requirements listed in Section 4 of [RFC8924] for the use of active OAM in an SFP supporting fault management and performance monitoring. Active OAM tools, conformant to this specification, improve OAM's ability for Fault Management (FM) by, for example, using the query mechanism to troubleshoot and localize defects, which conforms to the stateless character of transactions in SFC NSH [RFC8300]. Note that Performance Monitoring OAM, as mentioned in [RFC8924], as a requirement, is not satisfied by this document and is out of scope. For the purpose of FM OAM in SFC, SFC Echo Request and Echo Reply are specified in Section 6. These mechanisms enable on-demand Continuity Check and Connectivity Verification, among other operations, over SFC in networks and addresses functionalities discussed in Sections 4.1, 4.2, and 4.3 of [RFC8924]. SFC Echo Request and Echo Reply can be used with encapsulations other than NSH, for example, using MPLS encapsulation, as described in [RFC8595]. The applicability of the SFC Echo Request/Reply mechanism in SFC encapsulations other than NSH is outside the scope of this document.¶
The intended scope of active SFC OAM is for use within a single provider operational domain. Active SFC OAM deployment scope is deliberately constrained, as explained in [RFC7665] and [RFC8300], and limited to a single network administrative domain.¶
The terminology defined in [RFC7665] is used extensively throughout this document, and the reader is expected to be familiar with it.¶
In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC architecture. In this document, "Echo Request/Reply" and "SFC Echo Request/Reply" are used interchangeably.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
E2E: End-to-End¶
FM: Fault Management¶
NSH: Network Service Header¶
OAM: Operations, Administration, and Maintenance¶
RSP: Rendered Service Path¶
SF: Service Function¶
SFC: Service Function Chain¶
SFF: Service Function Forwarder¶
SFI: Service Function Instance¶
SFP: Service Function Path¶
MAC: Message Authentication Code¶
As discussed in [RFC8924], SFC-specific means are needed to perform the FM OAM task in an SFC architecture, including failure detection, defect characterization, and localization. This document defines the set of requirements for active FM OAM mechanisms to be used in an SFC architecture.¶
The architecture example depicted in Figure 1 considers a service function chain that includes three distinct service functions. In this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is connected to two service function instances (SFIs) of the same service function. End-to-end (E2E) SFC OAM has the Classifier as the ingress and SFF3 as its egress. The scope of Segment SFC OAM is between two elements that are part of the same SFP. Following are the requirements for an FM SFC OAM, whether with the E2E or segment scope:¶
The fate sharing, in the SFC environment, is achieved when a test packet traverses the same path and receives the same treatment in the underlay network layer as an SFC-encapsulated packet.¶
An SFC failure might be declared when several consecutive test packets are not received within a pre-determined time. For example, in the E2E FM SFC OAM case, the egress, SFF3 (Figure 1) could be the entity that detects the SFP's failure by monitoring a flow of periodic test packets. The ingress may be capable of recovering from the failure, e.g., using redundant SFC elements. Thus, it is beneficial for the egress to signal the new defect state to the ingress, which in this example is the Classifier. Hence the following requirement:¶
Once an SFF detects the defect, the objective of the SFC OAM changes from the detection of a defect to defect characterization and localization.¶
In the example presented in Figure 1, two distinct instances of the same service function share the same SFF. In this example, the SFP can be realized over several RSPs that use different instances of SF of the same type. For instance, RSP1(SFI11--SFI21--SFI31) and RSP2(SFI12--SFI22--SFI32). Available RSPs can be discovered using the trace function discussed in Section 4.3 of [RFC8924] or the procedure defined in Section 6.5.4.¶
The SFC OAM layer model described in [RFC8924] offers an approach for defect localization within a service function chain. As the first step, the SFP's continuity for SFFs that are part of the same SFP could be verified. After the reachability of SFFs has already been verified, SFFs that serve an SF may be used as a test packet source. In such a case, SFF can act as a proxy for another element within the service function chain.¶
The conformance of the SFC Echo Request/Reply mechanism to these requirements reflected below:¶
Active SFC OAM combines OAM commands and/or data included in a message that immediately follows the NSH. To identify the active SFC OAM message, the "Next Protocol" field MUST be set to Active SFC OAM (TBA1) (Section 10.1). The O bit in the NSH MUST be set, according to [I-D.ietf-sfc-oam-packet]. A case when the O bit is clear and the "Next Protocol" field value is set to Active SFC OAM (TBA1) is considered an erroneous combination. An implementation MUST report it. Although the notification mechanism is outside the scope of this specification, note that it MUST include rate-limiting control. The packet SHOULD be dropped. An implementation MAY have control to enable the processing of the OAM payload.¶
SFC OAM is required to perform multiple tasks. Several active OAM protocols could be used to address all the requirements. When IP/UDP encapsulation of an SFC OAM control message is used, protocols can be demultiplexed using the destination UDP port number. But an extra IP/UDP header, especially in an IPv6 network, adds overhead compared to the length of an active OAM control packet (e.g., BFD Control packet [RFC5880]). In some environments, for example, when measuring performance metrics, it is beneficial to transmit OAM packets in a broad range of lengths to emulate application traffic closer. This document defines an Active OAM Header (Figure 2) to demultiplex active OAM protocols on an SFC.¶
Echo Request/Reply is a well-known active OAM mechanism extensively used to verify a path's continuity, detect inconsistencies between a state in control and the data planes, and localize defects in the data plane. ICMP ([RFC0792] for IPv4 and [RFC4443] for IPv6 networks) and [RFC8029] are examples of broadly used active OAM protocols based on the Echo Request/Reply principle. The SFC Echo Request/Reply control message (format is presented in Figure 3) is an instance of the SFC Active OAM Control Packet that is a part of the SFC Active OAM Header (Figure 2).¶
The interpretation of the fields is as follows:¶
TLV is a variable-length construct whose length is multiple of four-octet words. Multiple TLVs MAY be placed in an SFC Echo Request/Reply packet. None, one or more sub-TLVs may be enclosed in the value part of a TLV, subject to the semantics of the (outer) TLV. If no TLVs are included in an SFC Echo Request/Reply, the value of the Length field in the SFC Active OAM Header MUST be 16 octets. Figure 4 presents the format of an SFC Echo Request/Reply TLV, where fields are defined as follows:¶
The value of the Return Code field MUST be set to zero by the sender of an Echo Request. The receiver of said Echo Request MUST set it to one of the values in IANA's SFC Echo Return Codes sub-registry (Section 10.3.4) in the corresponding Echo Reply that it generates.¶
Authentication can be used to protect the integrity of the information in SFC Echo Request and/or Echo Reply. In the [RFC9145] a variable-length Context Header has been defined to protect the integrity of the NSH and the payload. The header can also be used for the optional encryption of sensitive metadata. MAC#1 (Message Authentication Code) Context Header is more suitable for the integrity protection of active SFC OAM, particularly of the SFC Echo Request and Echo Reply, defined in this document. On the other hand, using MAC#2 Context Header allows the detection of mishandling of the O-bit by a transient SFC element.¶
SFC Echo Request control packet MUST use the appropriate underlay network encapsulation of the monitored SFP. Echo Request MUST set O bit in the NSH, as defined in [I-D.ietf-sfc-oam-packet]. NSH MUST be immediately followed by the SFC Active OAM Header defined in Section 4. The Echo Type field's value in the SFC Active OAM Header MUST be set to SFC Echo Request/Echo Reply value (1) per Section 10.2.1.¶
Value of the Reply Mode field MUST be set to one of the following:¶
The responder to the SFC Echo Request encapsulates the SFC Echo Reply message in IP/UDP packet if the Reply mode is "Reply via an IPv4/IPv6 UDP Packet" or "Reply via an IPv4/IPv6 UDP Packet with the data integrity protection". Because the NSH does not identify the ingress node that generated the Echo Request, information that sufficiently identifies the source MUST be included in the message so that the IP destination address and destination UDP port number for IP/UDP encapsulation of the SFC Echo Reply could be derived. The sender of the SFC Echo Request MUST include the Source ID TLV (Figure 5).¶
where¶
A single Source ID TLV for each address family, i.e., IPv4 and IPv6, MAY be present in an SFC Echo Request message. If the Source ID TLVs for both address families are present in an SFC Echo Request message, the SFF MUST NOT replicate an SFC Echo Reply but choose the destination IP address for the one SFC Echo Reply it sends based on the local policy. The source IP address used in the IP/UDP encapsulation of SFC Echo Reply is one of the IP addresses associated with the responder. The value of the Port Number field MUST be used as the destination UDP port number in the IP/UDP encapsulation of the SFC Echo Reply message. The responder selects the source UDP port number from the dynamic range of port numbers. If more than one Source ID TLV per the address family is present, the receiver MUST use the first TLV and ignore the rest. The Echo Reply message, including relevant TLVs, follows the IP/UDP headers immediately.¶
Punting a received SFC Echo Request to the control plane for validation and processing is triggered by one of the following packet processing exceptions: NSH TTL expiration, NSH Service Index (SI) expiration, or the receiver is the terminal SFF for an SFP.¶
An SFF that received the SFC Echo Request MUST validate the packet as follows:¶
If the Return Code for the Echo Reply is determined as 2 ("One or more TLVs was not understood"), the Errored TLVs TLV might be included in an Echo Reply. The use of this TLV is meant to inform the sender of an Echo Request of TLVs either not supported by an implementation or parsed and found to be in error.¶
where¶
where¶
The "Reply Mode" field directs whether and how the Echo Reply message should be sent. The Echo Request sender MAY use TLVs to request that the corresponding Echo Reply be transmitted over the specified path. For example, a TLV that specifies the return path of the Echo Reply if the Return Mode in the Echo Request is set to Reply via Specified Path (4) is described in Section 6.5.1. Value 1 is the "Do not reply" mode and suppresses the Echo Reply packet transmission. The value 2 of the Reply mode field requests sending the Echo Reply packet out-of-band as an IPv4 or IPv6 UDP packet.¶
While SFC Echo Request always traverses the SFP it is directed to by using NSH, the corresponding Echo Reply usually is sent without NSH. In some cases, an operator might choose to direct the responder to send the Echo Reply with NSH over a particular SFP. This section defines a new Type-Length-Value (TLV), Reply Service Function Path TLV, for Reply via Specified Path mode of SFC Echo Reply.¶
The Reply Service Function Path TLV can provide an efficient mechanism to test SFCs, such as bidirectional and hybrid SFC, as defined in Section 2.2 of [RFC7665]. For example, it allows an operator to test both directions of the bidirectional or hybrid SFP with a single SFC Echo Request/Echo Reply operation.¶
The Reply Service Function Path TLV carries the information that sufficiently identifies the return SFP that the SFC Echo Reply message is expected to follow. The format of Reply Service Function Path TLV is shown in Figure 8.¶
where:¶
[RFC7110] defined mechanism to control return path for MPLS LSP Echo Reply. In SFC's case, the return path is an SFP along which the SFC Echo Reply message MUST be transmitted. Hence, the Reply Service Function Path TLV included in the SFC Echo Request message MUST sufficiently identify the SFP that the sender of the Echo Request message expects the receiver to use for the corresponding SFC Echo Reply.¶
When sending an Echo Request, the sender MUST set the value of Reply Mode field to "Reply via Specified Path", defined in Section 6.3, and if the specified path is an SFC path, the Request MUST include Reply Service Function Path TLV. The Reply Service Function Path TLV consists of the identifier of the reverse SFP and an appropriate Service Index.¶
If the NSH of the received SFC Echo Request includes the MAC Context Header, the packet's authentication MUST be verified before using any data as defined in Section 6.4.¶
The destination SFF of the SFP being tested or the SFF at which NSH TTL expired (as per [RFC8300]) are referred to as responding SFF. The processing described below equally applies to both cases.¶
If the Echo Request message with Reply Service Function Path TLV, received by the responding SFF, has Reply Mode value of "Reply via Specified Path" but no Reply Service Function Path TLV is present, then the responding SFF MUST send Echo Reply with Return Code set to 6 ("Reply Service Function Path TLV is missing"). If the responding SFF cannot find the requested SFP it MUST send Echo Reply with Return Code set to 7 ("Reply SFP was not found") and include the Reply Service Function Path TLV from the Echo Request message.¶
Suppose the SFC Echo Request receiver cannot determine whether the specified return path SFP has the route to the initiator. In that case, it SHOULD set the value of the Return Codes field to 8 ("Unverifiable Reply Service Function Path"). The receiver MAY drop the Echo Request when it cannot determine whether SFP's return path has the route to the initiator. When sending Echo Request, the sender SHOULD choose a proper source address according to the specified return path SFP to help the receiver find the viable return path.¶
The ability to specify the return path for an Echo Reply might be used in the case of bi-directional SFC. The egress SFF of the forward SFP might not be co-located with a classifier of the reverse SFP, and thus the egress SFF has no information about the reverse path of an SFC. Because of that, even for bi-directional SFC, a reverse SFP needs to be indicated in a Reply Service Function Path TLV in the Echo Request message.¶
An SFF SHOULD NOT accept SFC Echo Reply unless the received message passes the following checks:¶
SFC Echo Request/Reply can be used to isolate a defect detected in the SFP and trace an RSP. As with ICMP echo request/reply [RFC0792] and MPLS echo request/reply [RFC8029], this mode is referred to as "traceroute". In the traceroute mode, the sender transmits a sequence of SFC Echo Request messages starting with the NSH TTL value set to 1 and is incremented by 1 in each next Echo Request packet. The sender stops transmitting SFC Echo Request packets when the Return Code in the received Echo Reply equals 5 ("End of the SFP").¶
Suppose a specialized information element (e.g., IPv6 Flow Label [RFC6437] or Flow ID [RFC9263]) is used for distributing the load across Equal Cost Multi-Path or Link Aggregation Group paths. In that case, such an element SHOULD also be used for the SFC OAM traffic. Doing so is meant to induce the SFC Echo Request to follow the same RSP as the monitored flow.¶
The consistency of an SFP can be verified by comparing the view of the SFP from the control or management plane with information collected from traversing by an SFC Echo Request/Reply message (Figure 3). The sender of an SFP Consistency Verification Request (CVReq) message MUST set the value of the SFC Echo Request/Reply Echo Type field to SFP Consistency Verification Request (3). The sender of an SFP Consistency Verification Reply (CVRep) message MUST set the value of the SFC Echo Request/Reply Echo Type field to SFP Consistency Verification Reply (4). All processing steps of SFC Echo Request and Echo Reply messages described in Section 6.3 through Section 6.5 apply to the processing of CVReq and CVRep respectively.¶
Every SFF that receives a CVReq message MUST perform the following actions:¶
As a result, the ingress SFF collects information about all traversed SFFs and SFs, information on the actual path the CVReq packet has traveled. That information can be used to verify the SFC's path consistency. The mechanism for the SFP consistency verification is outside the scope of this document.¶
For the received CVReq, an SFF, that supports this specification, MUST include in the CVRep message the information about SFs that are available from that SFF instance for the specified SFP. The SFF MUST include SFF Information Record TLV (Figure 9) in CVRep message. Every SFF sends back a single CVRep message, including information on all the SFs attached to that SFF on the SFP, as requested in the received CVReq message using the SF Information sub-TLV (Section 6.6.2).¶
The SFF Information Record TLV is a variable-length TLV that includes the information of all SFs available from the particular SFF instance for the specified SFP. Figure 9 presents the format of an SFF Information Record TLV, where fields are defined as the following:¶
If the NSH of the received SFC Echo Reply includes the MAC Context Header [RFC9145], the authentication of the packet MUST be verified before using any data. If the verification fails, the receiver MUST stop processing the SFF Information Record TLV and notify an operator. The notification mechanism SHOULD include control of rate-limited messages. Specification of the notification mechanism is outside the scope of this document.¶
Every SFF receiving a CVReq packet MUST include the SF characteristic data into the CVRep packet. The format of an SF Information sub-TLV, included in a CVRep packet, is shown in Figure 10.¶
After the CVReq message traverses the SFP, all the information about the SFs on the SFP is available from the TLVs included in CVRep messages.¶
Each SFF in the SFP MUST send one and only one CVRep corresponding to the CVReq. If only one SF is attached to the SFF in such SFP, only one SF information sub-TLV is included in the CVRep. If several SFs attached to the SFF in the SFP, SF Information sub-TLV MUST be constructed as described below in either Section 6.6.3.1 and Section 6.6.3.2.¶
Multiple SFs attached to the same SFF can be the hops of the SFP. The service indexes of these SFs on that SFP will be different. Service function types of these SFs could be different or be the same. Information about all SFs MAY be included in the CVRep message. Information about each SF MUST be listed as separate SF Information sub-TLVs in the CVRep message. The same SF can even appear more than once in an SFP with a different service index.¶
An example of the SFP consistency verification procedure for this case is shown in Figure 11. The Service Function Path (SPI=x) is SF1->SF2->SF4->SF3. The SF1, SF2, and SF3 are attached to SFF1, and SF4 is attached to SFF2. The CVReq message is sent to the SFFs in the sequence of the SFP(SFF1->SFF2->SFF1). Every SFF(SFF1, SFF2) replies with the information of SFs belonging to the SFP. The SF information Sub-TLV in Figure 10 contains information for each SF (SF1, SF2, SF3, and SF4).¶
Multiple SFs may be attached to the same SFF to spread the load; in other words, that means that the particular traffic flow will traverse only one of these SFs. These SFs have the same Service Function Type and Service Index. For this case, the SF ID Type, which must be the same for all of these SFs, appears once but all of their SF Identifiers will appear concatenated in the SF Identifier area of the Sub-TLV (see Figure 10). The number of these SFs can be calculated from the SF ID Type and the value of the Length field of the sub-TLV.¶
An example of the SFP consistency verification procedure for this case is shown in Figure 12. The Service Function Path (SPI=x) is SF1a/SF1b->SF2a/SF2b. The Service Functions SF1a and SF1b are attached to SFF1, which balances the load among them. The Service Functions SF2a and SF2b are attached to SFF2, which, in turn, balances its load between them. The CVReq message is sent to the SFFs in the sequence of the SFP (i.e. SFF1->SFF2). Every SFF (SFF1, SFF2) replies with the information of SFs belonging to the SFP. The SF information Sub-TLV in Figure 10 contains information for all SFs at that hop.¶
As an element of SFC OAM and, specifically, NSH-based, the Echo Request/Reply mechanism described in this document inherits Security Considerations discussed in [RFC7665] and [RFC8300].¶
When the integrity protection for SFC active OAM, and SFC Echo Request/Reply in particular, is required, using one of the Context Headers defined in [RFC9145] is RECOMMENDED. MAC#1 Context Header could be more suitable for active SFC OAM because it does not require re-calculation of the MAC when the value of the NSH Base Header's TTL field is changed. Integrity protection for SFC active OAM can also be achieved using mechanisms in the underlay data plane. For example, if the underlay is an IPv6 network, IP Authentication Header [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can be used to provide integrity protection. Confidentiality for the SFC Echo Request/Reply exchanges can be achieved using the IP Encapsulating Security Payload Header [RFC4303]. Also, the security needs for SFC Echo Request/Reply are similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping [RFC8029].¶
There are at least three approaches to attacking a node in the overlay network using the mechanisms defined in the document. One is a Denial-of-Service attack, sending SFC Echo Requests to overload an element of the SFC. The second may use spoofing, hijacking, replying, or otherwise tampering with SFC Echo Requests and/or replies to misrepresent, alter the operator's view of the state of the SFC. The third is an unauthorized source using an SFC Echo Request/Reply to obtain information about the SFC and/or its elements, e.g., SFFs and/or SFs.¶
It is RECOMMENDED that implementations throttle the number of SFC Echo Request/Echo Reply messages going to the control plane to mitigate potential Denial-of-Service attacks.¶
Reply and spoofing attacks involving faking or replying to SFC Echo Reply messages would have to match the Sender's Handle and Sequence Number of an outstanding SFC Echo Request message, which is highly unlikely for off-path attackers. A non-matching reply would be discarded.¶
To protect against unauthorized sources trying to obtain information about the overlay and/or underlay, an implementation MUST have means to check that the source of the Echo Request is part of the SFP.¶
Also, since the Service Function Information sub-TLV discloses information about the SFP, the spoofed CVReq packet may be used to obtain network information. Thus, implementations MUST provide a means of checking the source addresses of CVReq messages, specified in Source ID TLV (Section 6.3.1), against an access list before accepting the message.¶
This section provides information about operational aspects of the SFC NSH Echo Request/Reply according to recommendations in [RFC5706].¶
SFC NSH Echo Request/Reply provides essential OAM functions for network operators. SFC NSH Echo Request/Reply is intended to detect and localize defects in an SFC. For example, by comparing results of the trace function in operational and failed states, an operator can locate the defect, e.g., the connection between SFF1 and SFF2 (Figure 1). After narrowing down a failure to an overlay link, a more specific failure location can be determined using OAM tools in the underlay network. The mechanism defined in this document can be used on-demand or for periodic validation of an SFP or RSP. Because the protocol makes use of the control plane which may have limited capacity, an operator must be able to rate limit Echo Request and Echo Reply messages. A reasonably selected default interval between Echo Request control packets can provide additional benefit for an operator. If the protocol is incrementally deployed in the NSH domain, SFC elements, e.g., Classifier or SFF, that don't support Active SFC OAM will discard protocol's packets. If an SFC uses a re-classification along the SFP or when the principle of load balancing is unknown, the fate-sharing between data and active OAM packets cannot be guaranteed. As a result, the OAM outcome might not reflect the state of the entire SFC properly but only its segment. In general, it is an operational task to consider the cases where active OAM may not share fate with monitored SFP. SFC NSH Echo Request/Reply also can be used in combination with the existing mechanisms discussed in [RFC8924], filling the gaps and extending their functionalities.¶
Management of the SFC NSH Echo Request/Reply protocol can be provided by a proprietary tool, e.g., command line interface, or based on a data model, structured or standardized.¶
The authors greatly appreciate the thorough review and the most helpful comments from Dan Wing, Dirk von Hugo, Mohamed Boucadair, Donald Eastlake, Carlos Pignataro, and Frank Brockners. The authors are thankful to John Drake for his review and the reference to the work on BGP Control Plane for NSH SFC. The authors express their appreciation to Joel M. Halpern for his suggestion about the load-balancing scenario. The authors greatly appreciate the thoroughness of comments and thoughtful suggestions by Darren Dukes that significantly improved the document.¶
The terms used in the IANA Considerations below are intended to be consistent with [RFC8126].¶
IANA is requested to assign a new type from the sub-registry NSH Next Protocol of the Network Service Header (NSH) Parameters registry as follows:¶
Value | Description | Reference |
---|---|---|
TBA1 | SFC Active OAM | This document |
IANA is requested to create an SFC Active OAM registry containing the sub-registries listed below.¶
IANA is requested to create in the SFC Active OAM registry a sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | SFC Echo Request/Echo Reply | This document |
2 - 31 | Unassigned | This document |
32-62 | Unassigned | This document |
63 | Reserved | This document |
IANA is requested to create in the SFC Active OAM Registry the sub-registry SFC Echo Request/Echo Reply Parameters.¶
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters the SFC Echo Request Flags sub-registry.¶
This sub-registry tracks the assignment of 16 flags in the SFC Echo Request Flags field of the SFC Echo Request message. The flags are numbered from 0 (most significant bit, transmitted first) to 15.¶
New entries are assigned by Standards Action.¶
Bit Number | Description | Reference |
---|---|---|
15-0 | Unassigned | This document |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters the SFC Echo Types sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | SFC Echo Request | This document |
2 | SFC Echo Reply | This document |
3 | SFP Consistency Verification Request | This document |
4 | SFP Consistency Verification Reply | This document |
5 - 175 | Unassigned | This document |
176 - 239 | Unassigned | This document |
240 - 251 | Experimental | This document |
252 - 254 | Private Use | This document |
255 | Reserved | This document |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | Do Not Reply | This document |
2 | Reply via an IPv4/IPv6 UDP Packet | This document |
3 | Unassigned | This document |
4 | Reply via Specified Path | This document |
5 | Reply via an IPv4/IPv6 UDP Packet with the data integrity protection | This document |
6 | Unassigned | This document |
7 | Reply via Specified Path with the data integrity protection | This document |
8 - 175 | Unassigned | This document |
176 - 239 | Unassigned | This document |
240 - 251 | Experiemntal | This document |
252 - 254 | Private Use | This document |
255 | Reserved | This document |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | No Error | This document |
1 | Malformed Echo Request received | This document |
2 | One or more of the TLVs was not understood | This document |
3 | Authentication failed | This document |
4 | SFC TTL Exceeded | This document |
5 | End of the SFP | This document |
6 | Reply Service Function Path TLV is missing | This document |
7 | Reply SFP was not found | This document |
8 | Unverifiable Reply Service Function Path | This document |
9 -191 | Unassigned | This document |
192-251 | Unassigned | This document |
252-254 | Private Use | This document |
255 | Reserved | This document |
IANA is requested to create in the in the SFC Active OAM Registry the sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | Source ID TLV | This document |
2 | Errored TLVs | This document |
3 | Reply Service Function Path Type | This document |
4 | SFF Information Record Type | This document |
5 | SF Information | This document |
6 - 175 | Unassigned | This document |
176 - 239 | Unassigned | This document |
240 - 251 | Experimental | This document |
252 - 254 | Private Use | This document |
255 | Reserved | This document |
IANA is requested to create in the SF Types registry [RFC9263] the sub-registry as follows:¶
Value | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | IPv4 | This document |
2 | IPv6 | This document |
3 | MAC | This document |
4 -191 | Unassigned | This document |
192-251 | Unassigned | This document |
252-254 | Private Use | This document |
255 | Reserved | This document |