From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc9516.txt | 1630 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1630 insertions(+) create mode 100644 doc/rfc/rfc9516.txt (limited to 'doc/rfc/rfc9516.txt') diff --git a/doc/rfc/rfc9516.txt b/doc/rfc/rfc9516.txt new file mode 100644 index 0000000..d6b04c9 --- /dev/null +++ b/doc/rfc/rfc9516.txt @@ -0,0 +1,1630 @@ + + + + +Internet Engineering Task Force (IETF) G. Mirsky +Request for Comments: 9516 Ericsson +Category: Standards Track W. Meng +ISSN: 2070-1721 ZTE Corporation + T. Ao + China Mobile + B. Khasnabish + K. Leung + Individual Contributor + G. Mishra + Verizon Inc. + November 2023 + + + Active Operations, Administration, and Maintenance (OAM) for Service + Function Chaining (SFC) + +Abstract + + A set of requirements for active Operations, Administration, and + Maintenance (OAM) for Service Function Chaining (SFC) in a network is + presented in this document. Based on these requirements, an + encapsulation of active OAM messages in SFC and a mechanism to detect + and localize defects are described. + +Status of This Memo + + This is an Internet Standards Track document. + + This document is a product of the Internet Engineering Task Force + (IETF). It represents the consensus of the IETF community. It has + received public review and has been approved for publication by the + Internet Engineering Steering Group (IESG). Further information on + Internet Standards is available in Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc9516. + +Copyright Notice + + Copyright (c) 2023 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Revised BSD License text as described in Section 4.e of the + Trust Legal Provisions and are provided without warranty as described + in the Revised BSD License. + +Table of Contents + + 1. Introduction + 2. Terminology and Conventions + 2.1. Requirements Language + 2.2. Acronyms + 3. Requirements for Active OAM in SFC + 4. Active OAM Identification in the NSH + 5. SFC Active OAM Header + 6. Echo Request/Reply for SFC + 6.1. Return Codes + 6.2. Authentication in Echo Request/Reply + 6.3. SFC Echo Request Transmission + 6.3.1. Source ID TLV + 6.4. Processing a Received SFC Echo Request + 6.4.1. Errored TLVs TLV + 6.5. SFC Echo Reply Transmission + 6.5.1. Reply Service Function Path TLV + 6.5.2. Theory of Operation + 6.5.3. SFC Echo Reply Reception + 6.5.4. Tracing an SFP + 6.6. The Use of the Consistency Verification Request Message + 6.6.1. SFF Information Record TLV + 6.6.2. SF Information Sub-TLV + 6.6.3. SF Information Sub-TLV Construction + 7. Security Considerations + 8. Operational Considerations + 9. IANA Considerations + 9.1. SFC Active OAM Protocol + 9.2. SFC Active OAM + 9.2.1. SFC Active OAM Message Types + 9.2.2. SFC Echo Request Flags + 9.2.3. SFC Echo Types + 9.2.4. SFC Echo Reply Modes + 9.2.5. SFC Echo Return Codes + 9.2.6. SFC Active OAM TLV Types + 9.2.7. SF Identifier Types + 10. References + 10.1. Normative References + 10.2. Informative References + Acknowledgments + Contributors + Authors' Addresses + +1. Introduction + + [RFC7665] defines data plane elements necessary to implement Service + Function Chaining (SFC). These include the following: + + 1. Classifiers that perform the classification of incoming packets. + Such classification may result in associating a received packet + to a service function chain. + + 2. Service Function Forwarders (SFFs) that are responsible for + forwarding traffic to one or more connected Service Functions + (SFs) according to the information carried in the SFC + encapsulation and handling traffic coming back from the SFs and + forwarding it to the next SFF. + + 3. SFs that are responsible for executing specific service treatment + on received packets. + + There are different views from different levels of SFC. One is the + service function chain, an entirely abstract view, which defines an + ordered set of SFs that must be applied to packets selected based on + classification rules. But the service function chain doesn't specify + the exact mapping between SFFs and SFs. Thus, another logical + construct used in SFC is a Service Function Path (SFP). According to + [RFC7665], an SFP is the instantiation of SFC in the network and + provides a level of indirection between the entirely abstract SFCs + and a fully specified, ordered list of SFF and SF identities that the + packet will visit when it traverses SFC. The latter entity is + referred to as Rendered Service Path (RSP). The main difference + between an SFP and RSP is that the former is the logical construct, + while the latter is the realization of the SFP via the sequence of + specific SFC data plane elements. + + This document defines how active Operations, Administration, and + Maintenance (OAM), per the definition of active OAM in [RFC7799], is + implemented when the Network Service Header (NSH) [RFC8300] is used + as the SFC encapsulation. Following the analysis of SFC OAM in + [RFC8924], this document applies and, when necessary, extends + requirements listed in Section 4 of [RFC8924] for the use of active + OAM in an SFP supporting fault management and performance monitoring. + Active OAM tools that are conformant to this specification improve + OAM's ability for Fault Management (FM) by, for example, using the + query mechanism to troubleshoot and localize defects, which conforms + to the stateless character of transactions in SFC NSH [RFC8300]. + Note that Performance Monitoring OAM, as required by [RFC8924], is + not satisfied by this document and is out of scope. For the purpose + of FM OAM in SFC, the SFC Echo Request and Echo Reply are specified + in Section 6. These mechanisms enable on-demand continuity check and + connectivity verification, among other operations, over SFC in + networks and address functionalities discussed in Sections 4.1, 4.2, + and 4.3 of [RFC8924]. The SFC Echo Request and Echo Reply can be + used with encapsulations other than the NSH, for example, using MPLS + encapsulation, as described in [RFC8595]. The applicability of the + SFC Echo Request/Reply mechanism in SFC encapsulations other than the + NSH is outside the scope of this document. + + The intended scope of SFC active OAM is for use within a single + provider's operational domain. The SFC active OAM deployment scope + is deliberately constrained, as explained in [RFC7665] and [RFC8300], + and limited to a single network administrative domain. + +2. Terminology and Conventions + + The terminology defined in [RFC7665] is used extensively throughout + this document, and the reader is expected to be familiar with it. + + In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC + architecture. Additionally, "Echo Request/Reply" and "SFC Echo + Request/Reply" are used interchangeably. + +2.1. Requirements Language + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and + "OPTIONAL" in this document are to be interpreted as described in + BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all + capitals, as shown here. + +2.2. Acronyms + + E2E: End-to-End + + FM: Fault Management + + MAC: Message Authentication Code + + NSH: Network Service Header + + OAM: Operations, Administration, and Maintenance + + RSP: Rendered Service Path + + SF: Service Function + + SFC: Service Function Chaining + + SFF: Service Function Forwarder + + SFI: Service Function Instance + + SFP: Service Function Path + +3. Requirements for Active OAM in SFC + + As discussed in [RFC8924], SFC-specific means are needed to perform + the FM OAM task in an SFC architecture, including failure detection, + defect characterization, and localization. This document defines the + set of requirements for active FM OAM mechanisms to be used in an SFC + architecture. + + +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ + |SFI11| |SFI12| |SFI21| |SFI22| |SFI31| |SFI32| + +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ + \ / \ / \ / + +----------+ +----+ +----+ +----+ + |Classifier|---|SFF1|---------|SFF2|----------|SFF3| + +----------+ +----+ +----+ +----+ + + Figure 1: An Example of SFC Data Plane Architecture + + The architecture example depicted in Figure 1 considers a service + function chain that includes three distinct service functions. In + this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is + connected to two Service Function Instances (SFIs) of the same SF. + End-to-End (E2E) SFC OAM has the Classifier as the ingress and SFF3 + as its egress. The scope of Segment SFC OAM is between two elements + that are part of the same SFP. The following are the requirements + for an FM SFC OAM, whether with the E2E or segment scope: + + REQ1: Packets of SFC active OAM SHOULD be fate sharing with the + monitored SFC data in the forward direction from ingress + toward egress endpoint(s) of the OAM test. + + The fate sharing, in the SFC environment, is achieved when a test + packet traverses the same path and receives the same treatment in the + underlay network layer as an SFC-encapsulated packet. + + REQ2: SFC OAM MUST support monitoring of the continuity of the SFP + between any of its elements. + + An SFC failure might be declared when several consecutive test + packets are not received within a predetermined time. For example, + in the E2E FM SFC OAM case, i.e., the egress, SFF3 (Figure 1) could + be the entity that detects the SFP's failure by monitoring a flow of + periodic test packets. The ingress may be capable of recovering from + the failure, e.g., using redundant SFC elements. Thus, it is + beneficial for the egress to signal the new defect state to the + ingress, which in this example, is the Classifier, hence, the + following requirement: + + REQ3: SFC OAM MUST support Remote Defect Indication notification by + the egress to the ingress. + + REQ4: SFC OAM MUST support connectivity verification of the SFP. + The definitions of the misconnection defect, entry, and exit + criteria are outside the scope of this document. + + Once an SFF detects the defect, the objective of the SFC OAM changes + from the detection of a defect to defect characterization and + localization. + + REQ5: SFC OAM MUST support fault localization of the loss of + continuity check within an SFP. + + REQ6: SFC OAM MUST support an SFP tracing to discover the RSP. + + In the example presented in Figure 1, two distinct instances of the + same SF share the same SFF. In this example, the SFP can be realized + over several RSPs that use different instances of the SF of the same + type, for instance, RSP1(SFI11--SFI21--SFI31) and RSP2(SFI12--SFI22-- + SFI32). Available RSPs can be discovered using the trace function + discussed in Section 4.3 of [RFC8924] or the procedure defined in + Section 6.5.4. + + REQ7: SFC OAM MUST have the ability to discover and exercise all + available RSPs in the network. + + The SFC OAM layer model described in [RFC8924] offers an approach for + defect localization within a service function chain. As the first + step, the SFP's continuity for SFFs that are part of the same SFP + could be verified. After the reachability of SFFs has already been + verified, SFFs that serve an SF may be used as a test packet source. + In such a case, an SFF can act as a proxy for another element within + the service function chain. + + REQ8: SFC OAM MUST be able to trigger on-demand FM remotely with + responses being directed toward the initiator of the remote + request. + + The conformance of the SFC Echo Request/Reply mechanism to these + requirements is reflected below: + + REQ1: Fate sharing via the SFC Echo Request/Reply defined in + Section 6. + + REQ2: Continuity monitoring via the SFP tracing defined in + Section 6.5.4. + + REQ3: Remote defect detection via the SFC Echo Request/Reply defined + in Section 6. + + REQ4: Connectivity verification via the SFP tracing defined in + Section 6.5.4. + + REQ5: Fault localization via verification of the SFP consistency + defined in Section 6.6. + + REQ6: SFP tracing as described in Section 6.5.4 and verification of + SFP consistency as defined in Section 6.6. + + REQ7: Discover and exercise available RSPs via trace defined in + Section 6.5.4. + + REQ8: Can be addressed by adding the proxying capability to the SFC + Echo Request/Reply described in this document. [RFC7555] + describes an example of a proxy function for an Echo Request. + Specification of a proxy function for SFC Echo Request is + outside the scope of this document. + +4. Active OAM Identification in the NSH + + SFC active OAM combines OAM commands and/or data included in a + message that immediately follows the NSH. To identify the SFC active + OAM message, the Next Protocol field MUST be set to SFC Active OAM + (0x07) (Section 9.1). The O bit in the NSH MUST be set, according to + [RFC9451]. A case when the O bit is clear and the Next Protocol + field value is set to SFC Active OAM (0x07) is considered an + erroneous combination. An implementation MUST report it. Although + the notification mechanism is outside the scope of this + specification, note that it MUST include rate-limiting control. The + packet SHOULD be dropped. An implementation MAY have control to + enable the processing of the OAM payload. + +5. SFC Active OAM Header + + SFC OAM is required to perform multiple tasks. Several active OAM + protocols could be used to address all the requirements. When IP/UDP + encapsulation of an SFC OAM control message is used, protocols can be + demultiplexed using the destination UDP port number. But an extra + IP/UDP header, especially in an IPv6 network, adds overhead compared + to the length of an Active OAM Control Packet (e.g., BFD Control + packet [RFC5880]). In some environments, for example, when measuring + performance metrics, it is beneficial to transmit OAM packets in a + broad range of lengths to emulate application traffic closer. This + document defines an Active OAM Header (Figure 2) to demultiplex + active OAM protocols on SFC. + + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | V | Msg Type | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ SFC Active OAM Control Packet ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 2: SFC Active OAM Header + + V - a four-bit field that indicates the current version of the SFC + Active OAM Header. The current value is 0. The version number is + to be incremented whenever a change is made that affects the + ability of an implementation to parse or process the SFC Active + OAM Header correctly, for example, if syntactic or semantic + changes are made to any of the fixed fields. + + Msg Type - a six-bit field that identifies the OAM protocol, e.g., + the Echo Request/Reply. + + Reserved - a six-bit field. It MUST be zeroed on transmission and + ignored on receipt. + + Length - a two-octet field that is the length of the SFC Active OAM + Control Packet in octets. + +6. Echo Request/Reply for SFC + + The Echo Request/Reply is a well-known active OAM mechanism + extensively used to verify a path's continuity, detect + inconsistencies between a state in control and the data planes, and + localize defects in the data plane. ICMP ([RFC0792] for IPv4 and + [RFC4443] for IPv6 networks) and MPLS [RFC8029] are examples of + broadly used active OAM protocols based on the Echo Request/Reply + principle. The SFC Echo Request/Reply control message (format is + presented in Figure 3) is an instance of the SFC Active OAM Control + Packet that is a part of the SFC Active OAM Header (Figure 2). + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Echo Request Flags | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Echo Type | Reply Mode | Return Code |Return Subcode | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sender's Handle | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sequence Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ TLVs ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 3: SFC Echo Request/Reply Format + + The interpretation of the fields is as follows: + + Echo Request Flags - a two-octet bit vector field. Section 9.2.2 + requests IANA to create a new registry for flags. This + specification defines all flags for future use. Flags MUST be + zeroed on transmission and ignored on receipt. + + Reserved - a two-octet field. It MUST be zeroed on transmission and + ignored on receipt. + + Echo Type - a one-octet field that reflects the packet type. SFC + Echo Request/Reply Echo Types, defined in this document, are + listed in Section 9.2.3. + + Reply Mode - a one-octet field. It defines the type of the return + path requested by the sender of the Echo Request. + + Return Code and Return Subcode - one-octet fields each. These can + be used to inform the sender about the result of processing its + request. For all Return Code values defined in this document + (Section 9.2.5), the value of the Return Subcode field MUST be set + to zero. + + Sender's Handle - a four-octet field. It MUST be filled in by the + sender of the Echo Request and returned unchanged by the Echo + Reply sender (if a reply is being sent). The sender of the Echo + Request SHOULD use a pseudorandom number generator [RFC4086] to + set the value of the Sender's Handle field. In some use cases, an + implementation MAY use the Sender's Handle for proprietary + signaling as long as the system that receives the SFC Echo Request + doesn't alter the value of the Sender's Handle field but copies it + into the SFC Echo Reply. + + Sequence Number - a four-octet field. It is assigned by the sender + and can be, for example, used to detect missed replies. The + initial Sequence Number contains an unsigned integer that wraps + around. It MUST be pseudorandomly generated [RFC4086] and then + SHOULD be monotonically increasing in the course of the test + session. If a reply is sent, the sender of the SFC Echo Reply + message MUST copy the value from the received SFC Echo Request. + + TLV is a variable-length construct whose length is multiple four- + octet words. Multiple TLVs MAY be placed in an SFC Echo Request/ + Reply packet. None, one, or more sub-TLVs may be enclosed in the + value part of a TLV, subject to the semantics of the (outer) TLV. If + no TLVs are included in an SFC Echo Request/Reply, the value of the + Length field in the SFC Active OAM Header MUST be 16 octets. + Figure 4 presents the format of an SFC Echo Request/Reply TLV, where + the fields are defined as follows: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Type | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Value ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 4: SFC Echo Request/Reply TLV Format + + Type - a one-octet field that characterizes the interpretation of + the Value field. Type values are allocated according to + Section 9.2.6. + + Reserved - a one-octet field. The field MUST be zeroed on + transmission and ignored on receipt. + + Length - a two-octet field equal to the Value field's length in + octets as an unsigned integer. + + Value - a variable-length field. The value of the Type field + determines its interpretation and encoding. + +6.1. Return Codes + + The value of the Return Code field MUST be set to zero by the sender + of an Echo Request. The receiver of said Echo Request MUST set it to + one of the values in IANA's "SFC Echo Return Codes" registry + (Section 9.2.5) in the corresponding Echo Reply that it generates. + +6.2. Authentication in Echo Request/Reply + + Authentication can be used to protect the integrity of the + information in the SFC Echo Request and/or Echo Reply. In [RFC9145], + a variable-length Context Header has been defined to protect the + integrity of the NSH and the payload. The header can also be used + for the optional encryption of sensitive metadata. The MAC#1 Context + Header is more suitable for the integrity protection of SFC active + OAM, particularly of the SFC Echo Request and Echo Reply, as defined + in this document. On the other hand, using the MAC#2 Context Header + allows the detection of mishandling of the O bit by a transient SFC + element. + +6.3. SFC Echo Request Transmission + + The SFC Echo Request control packet MUST use the appropriate underlay + network encapsulation of the monitored SFP. The Echo Request MUST + set the O bit in the NSH, as defined in [RFC9451]. The NSH MUST be + immediately followed by the SFC Active OAM Header defined in + Section 4. The Echo Type field's value in the SFC Active OAM Header + MUST be set to the SFC Echo Request/Reply value (1), per + Section 9.2.1. + + The value of the Reply Mode field MUST be set to one of the + following: + + Do Not Reply (1) - This is the value if one-way monitoring is + desired. If the Echo Request is used to measure synthetic packet + loss, the receiver may report loss measurement results to a remote + node. Ways of learning the identity of that node are outside the + scope of this specification. + + Reply via an IPv4/IPv6 UDP Packet (2) - If an SFC Echo Request is + not encapsulated in IP/UDP, then this value requests the use of + the Source ID TLV Section 6.3.1). + + Reply via Specified Path (4) - This value requests the use of the + particular return path specified in the included TLV to verify + bidirectional continuity and may also increase the robustness of + the monitoring by selecting a more stable path. Section 6.5.1 + provides an example of communicating an explicit path for the Echo + Reply. + + Reply via an IPv4/IPv6 UDP Packet with the data integrity + protection (5) - This value requests the use of the MAC Context + Header [RFC9145]. + + Reply via Specified Path with the data integrity protection (7) - + This value requests the use of the MAC Context Header [RFC9145]. + +6.3.1. Source ID TLV + + The responder to the SFC Echo Request encapsulates the SFC Echo Reply + message in the IP/UDP packet if the Reply Mode is "Reply via an IPv4/ + IPv6 UDP Packet" or "Reply via an IPv4/IPv6 UDP Packet with the data + integrity protection". Because the NSH does not identify the ingress + node that generated the Echo Request, information that sufficiently + identifies the source MUST be included in the message so that the IP + destination address and destination UDP port number for IP/UDP + encapsulation of the SFC Echo Reply could be derived. The sender of + the SFC Echo Request MUST include the Source ID TLV (Figure 5). + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Source ID | Reserved1 | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Port Number | Reserved2 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ IP Address ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 5: SFC Source ID TLV + + The fields are defined as follows: + + Source ID - the value MUST be set to 1 (Section 9.2.6). + + Reserved1 - a one-octet field. The field MUST be zeroed on + transmission and ignored on receipt. + + Length - the value equals the length of the data following the + Length field counted in octets. The value of the Length field can + be 8 or 20. If the value of the field is neither, the Source ID + TLV is considered to be malformed. + + Port Number - a two-octet field. It contains the UDP port number of + the sender of the SFC OAM control message. The value of the field + MUST be used as the destination UDP port number in the IP/UDP + encapsulation of the SFC Echo Reply message. + + Reserved2 - a two-octet field. The field MUST be zeroed on transmit + and ignored on receipt. + + IP Address - a field that contains the IP address of the sender of + the SFC OAM control message, i.e., IPv4 or IPv6. The value of the + field MUST be used as the destination IP address in the IP/UDP + encapsulation of the SFC Echo Reply message. + + A single Source ID TLV for each address family, i.e., IPv4 and IPv6, + MAY be present in an SFC Echo Request message. If the Source ID TLVs + for both address families are present in an SFC Echo Request message, + the SFF MUST NOT replicate an SFC Echo Reply but choose the + destination IP address for the one SFC Echo Reply it sends based on + the local policy. The source IP address used in the IP/UDP + encapsulation of the SFC Echo Reply is one of the IP addresses + associated with the responder. The value of the Port Number field + MUST be used as the destination UDP port number in the IP/UDP + encapsulation of the SFC Echo Reply message. The responder selects + the source UDP port number from the dynamic range of port numbers. + If more than one Source ID TLV per the address family is present, the + receiver MUST use the first TLV and ignore the rest. The Echo Reply + message, including relevant TLVs, follows the IP/UDP headers + immediately. + +6.4. Processing a Received SFC Echo Request + + Punting a received SFC Echo Request to the control plane for + validation and processing is triggered by one of the following packet + processing exceptions: NSH TTL expiration, NSH Service Index + expiration, or the receiver is the terminal SFF for an SFP. + + An SFF that received the SFC Echo Request MUST validate the packet as + follows: + + 1. If the SFC Echo Request is integrity protected, the receiving SFF + first MUST verify the authentication. + + 1.1. Suppose the authentication validation has failed and the + Source ID TLV is considered properly formatted. In that + case, the SFF MUST send an SFC Echo Reply with the Return + Code set to 3 ("Authentication failed") and the Subcode set + to zero to the system identified in the Source ID TLV (see + Section 6.5), according to a rate-limit control mechanism. + + 1.2. If the authentication is validated successfully, the SFF + that has received an SFC Echo Request verifies the rest of + the packet's general consistency. + + 2. Validate the Source ID TLV, as defined in Section 6.3.1. + + 2.1. If the Source ID TLV is determined to be malformed, the + received SFC Echo Request processing is stopped, the + message is dropped, and the event SHOULD be logged, + according to a rate-limiting control for logging. + + 3. The Sender's Handle and Sequence Number fields are not examined + but are copied in the SFC Echo Reply message. + + 4. If the packet is not well formed, i.e., not formed according to + this specification, the receiving SFF SHOULD send an SFC Echo + Reply with the Return Code set to 1 ("Malformed Echo Request + received") and the Subcode set to zero under the control of the + rate-limiting mechanism to the system identified in the Source ID + TLV (see Section 6.5). + + 5. If there are any TLVs that the SFF does not understand, the SFF + MUST send an SFC Echo Reply with the Return Code set to 2 ("One + or more of the TLVs was not understood") and set the Subcode to + zero. Also, the SFF MAY include an Errored TLVs TLV + (Section 6.4.1) that, as sub-TLVs, contains only the + misunderstood TLVs. + + 6. If the consistency check of the received Echo Request succeeded, + i.e., the Echo Request is deemed properly formed, then the SFF at + the end of the SFP MUST send an SFC Echo Reply with the Return + Code set to 5 ("End of the SFP") and the Subcode set to zero. + + 7. If the SFF is not at the end of the SFP and the NSH TTL value is + 1, the SFF MUST send an SFC Echo Reply with the Return Code set + to 4 ("SFC TTL Exceeded") and the Subcode set to zero. + + 8. In all other cases, for the validated Echo Request message, a + transit, i.e., not at the end of the SFP, SFF MUST send an SFC + Echo Reply with the Return Code set to 0 ("No Error") and the + Subcode set to zero. + +6.4.1. Errored TLVs TLV + + If the Return Code for the Echo Reply is determined as 2 ("One or + more of the TLVs was not understood"), the Errored TLVs TLV might be + included in an Echo Reply. The use of this TLV is meant to inform + the sender of an Echo Request of TLVs either not supported by an + implementation or parsed and found to be in error. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Errored TLVs | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Value | + . . + . . + . . + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 6: Errored TLVs TLV + + The fields are defined as follows: + + Errored TLVs - the field MUST be set to 2 (Section 9.2.6). + + Reserved - the field MUST be zeroed on transmission and ignored on + receipt. + + Length - the value equals to length of the Value field in octets. + + Value - the field contains the TLVs, encoded as sub-TLVs (as shown + in Figure 7), that were not understood or failed to be parsed + correctly. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sub-TLV Type | Reserved | Sub-TLV Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Sub-TLV Value ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 7: Not Understood or Failed TLV as a Sub-TLV + + The fields are defined as follows: + + Sub-TLV Type - a copy of the first octet of the TLV that is not + understood or failed to be parsed. + + Reserved - MUST be zeroed on transmission and ignored on receipt. + + Sub-TLV Length - the value equals the value of the Length field of + the errored TLV. + + Sub-TLV Value - the field contains data that follows the Length + field in the errored TLV. + +6.5. SFC Echo Reply Transmission + + The Reply Mode field directs whether and how the Echo Reply message + should be sent. The Echo Request sender MAY use TLVs to request that + the corresponding Echo Reply be transmitted over the specified path. + For example, a TLV that specifies the return path of the Echo Reply + if the Return Mode in the Echo Request is set to Reply via Specified + Path (4) is described in Section 6.5.1. Value 1 is the "Do Not + Reply" mode and suppresses the Echo Reply packet transmission. The + value 2 of the Reply Mode field requests sending the Echo Reply + packet out-of-band as an IPv4/IPv6 UDP packet. + +6.5.1. Reply Service Function Path TLV + + While the SFC Echo Request always traverses the SFP it is directed to + by using the NSH, the corresponding Echo Reply usually is sent + without the NSH. In some cases, an operator might choose to direct + the responder to send and Echo Reply with the NSH over a particular + SFP. This section defines a new TLV, i.e., Reply Service Function + Path TLV, for Reply via Specified Path mode of the SFC Echo Reply. + + The Reply Service Function Path TLV can provide an efficient + mechanism to test SFCs, such as bidirectional and hybrid SFC, as + defined in Section 2.2 of [RFC7665]. For example, it allows an + operator to test both directions of the bidirectional or hybrid SFP + with a single SFC Echo Request/Reply operation. + + The Reply Service Function Path TLV carries the information that + sufficiently identifies the return SFP that the SFC Echo Reply + message is expected to follow. The format of Reply Service Function + Path TLV is shown in Figure 8. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reply SFP | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Reply Service Function Path Identifier | Service Index | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 8: SFC Reply TLV Format + + The fields are defined as follows: + + Reply SFP (3) - identifies the TLV that contains information about + the SFC Reply path. + + Reserved - MUST be zeroed on transmission and ignored on receipt. + + Length - the value MUST be equal to 4. + + Reply Service Function Path Identifier - a three-octet field that + contains the SFP identifier for the path that the SFC Echo Reply + message is requested to be sent over. + + Service Index - a one-octet field. The value is set to the value of + the Service Index field in the NSH of the SFC Echo Reply message. + +6.5.2. Theory of Operation + + [RFC7110] defines a mechanism to control the return path for the MPLS + Label Switched Path (LSP) Echo Reply. In the SFC's case, the return + path is an SFP along which the SFC Echo Reply message MUST be + transmitted. Hence, the Reply Service Function Path TLV included in + the SFC Echo Request message MUST sufficiently identify the SFP that + the sender of the Echo Request message expects the receiver to use + for the corresponding SFC Echo Reply. + + When sending an Echo Request, the sender MUST set the value of the + Reply Mode field to "Reply via Specified Path", defined in + Section 6.3, and if the specified path is an SFC path, the Request + MUST include the Reply Service Function Path TLV. The Reply Service + Function Path TLV consists of the identifier of the reverse SFP and + an appropriate Service Index. + + If the NSH of the received SFC Echo Request includes the MAC Context + Header, the packet's authentication MUST be verified before using any + data, as defined in Section 6.4. + + The destination SFF of the SFP being tested and the SFF at which the + NSH TTL expired (as per [RFC8300]) are referred to as responding + SFFs. The processing described below equally applies to both cases. + + If the Echo Request message with the Reply Service Function Path TLV + received by the responding SFF has the Reply Mode value of "Reply via + Specified Path" but no Reply Service Function Path TLV is present, + then the responding SFF MUST send an Echo Reply with the Return Code + set to 6 ("Reply Service Function Path TLV is missing"). If the + responding SFF cannot find the requested SFP, it MUST send an Echo + Reply with the Return Code set to 7 ("Reply SFP was not found") and + include the Reply Service Function Path TLV from the Echo Request + message. + + Suppose the SFC Echo Request receiver cannot determine whether the + specified return path SFP has the route to the initiator. In that + case, it SHOULD set the value of the Return Code field to 8 + ("Unverifiable Reply Service Function Path"). The receiver MAY drop + the Echo Request when it cannot determine whether the SFP's return + path has the route to the initiator. When sending the Echo Request, + the sender SHOULD choose a proper source address according to the + specified return path SFP to help the receiver find the viable return + path. + +6.5.2.1. Bidirectional SFC Case + + The ability to specify the return path for an Echo Reply might be + used in the case of bidirectional SFC. The egress SFF of the forward + SFP might not be co-located with a classifier of the reverse SFP, and + thus, the egress SFF has no information about the reverse path of + SFC. Because of that, even for bidirectional SFC, a reverse SFP + needs to be indicated in a Reply Service Function Path TLV in the + Echo Request message. + +6.5.3. SFC Echo Reply Reception + + An SFF SHOULD NOT accept the SFC Echo Reply unless the received + message passes the following checks: + + * the received SFC Echo Reply is well formed; + + * the matching SFC Echo Request is found, that is, the value of the + Sender's Handle in the Echo Request sent is equal to the value of + Sender's Handle in the Echo Reply received; + + * the Sequence Number in the Echo Reply received matches the + Sequence Number of one of the outstanding transmitted Echo + Requests; and + + * all other checks passed. + +6.5.4. Tracing an SFP + + The SFC Echo Request/Reply can be used to isolate a defect detected + in the SFP and trace an RSP. As with the ICMP Echo Request/Reply + [RFC0792] and the MPLS Echo Request/Reply [RFC8029], this mode is + referred to as "traceroute". In the traceroute mode, the sender + transmits a sequence of SFC Echo Request messages starting with the + NSH TTL value set to 1 and is incremented by 1 in each next Echo + Request packet. The sender stops transmitting SFC Echo Request + packets when the Return Code in the received Echo Reply equals 5 + ("End of the SFP"). + + Suppose a specialized information element (e.g., IPv6 Flow Label + [RFC6437] or Flow ID [RFC9263]) is used for distributing the load + across Equal Cost Multipath or Link Aggregation Group paths. In that + case, such an element SHOULD also be used for the SFC OAM traffic. + Doing so is meant to induce the SFC Echo Request to follow the same + RSP as the monitored flow. + +6.6. The Use of the Consistency Verification Request Message + + The consistency of an SFP can be verified by comparing the view of + the SFP from the control or management plane with information + collected from traversing by an SFC Echo Request/Reply message + (Figure 3). The sender of an SFP Consistency Verification Request + (CVReq) message MUST set the value of the SFC Echo Request/Reply Echo + Type field to 3 ("SFP Consistency Verification Request"). The sender + of an SFP Consistency Verification Reply (CVRep) message MUST set the + value of the SFC Echo Request/Reply Echo Type field to 4 ("SFP + Consistency Verification Reply"). All processing steps of SFC Echo + Request and Echo Reply messages described in Sections 6.3 through 6.5 + apply to the processing of CVReq and CVRep, respectively. + + Every SFF that receives a CVReq message MUST perform the following + actions: + + * Collect information about the SFs traversed by the CVReq packet + and send it to the ingress SFF as a CVRep packet over an IP + network. + + * Forward the CVReq to the next downstream SFF if the one exists. + + As a result, the ingress SFF collects information about all traversed + SFFs and SFs, i.e., information on the actual path the CVReq packet + has traveled. That information can be used to verify the SFC's path + consistency. The mechanism for the SFP consistency verification is + outside the scope of this document. + +6.6.1. SFF Information Record TLV + + For the received CVReq, an SFF that supports this specification MUST + include in the CVRep message the information about SFs that are + available from that SFF instance for the specified SFP. The SFF MUST + include the SFF Information Record TLV (Figure 9) in the CVRep + message. Every SFF sends back a single CVRep message, including + information on all the SFs attached to that SFF on the SFP, as + requested in the received CVReq message using the SF Information Sub- + TLV (Section 6.6.2). + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |SFF Record TLV | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Service Path Identifier (SPI) | Reserved | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | SF Information Sub-TLV | + ~ ~ + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 9: SFF Information Record TLV + + + The SFF Information Record TLV is a variable-length TLV that includes + the information of all SFs available from the particular SFF instance + for the specified SFP. Figure 9 presents the format of an SFF + Information Record TLV, where the fields are defined as follows: + + SFF Record TLV - the value is (4) (Section 9.2.6). + + Reserved - MUST be zeroed on transmission and ignored on receipt. + + Length - the value equals the sum of lengths of the Service Path + Identifier, reserved, and SF Information Sub-TLV fields in octets. + + Service Path Identifier (SPI) - the identifier of SFP to which all + the SFs in this TLV belong. + + SF Information Sub-TLV - the sub-TLV is as defined in Section 6.6.2. + + If the NSH of the received SFC Echo Reply includes the MAC Context + Header [RFC9145], the authentication of the packet MUST be verified + before using any data. If the verification fails, the receiver MUST + stop processing the SFF Information Record TLV and notify an + operator. The notification mechanism SHOULD include control of rate- + limited messages. Specification of the notification mechanism is + outside the scope of this document. + +6.6.2. SF Information Sub-TLV + + Every SFF receiving a CVReq packet MUST include the SF characteristic + data into the CVRep packet. The format of an SF Information Sub-TLV, + included in a CVRep packet, is shown in Figure 10. + + After the CVReq message traverses the SFP, all the information about + the SFs on the SFP is available from the TLVs included in CVRep + messages. + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | SF Sub-TLV | Reserved | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |Service Index | SF Type | SF ID Type | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | SF Identifier | + ~ ~ + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Figure 10: Service Function Information Sub-TLV + + + SF Sub-TLV - one-octet field. The value is (5) (Section 9.2.6). + + Reserved - one-octet field. The field MUST be zeroed on + transmission and ignored on receipt. + + Length - two-octet field. The value of this field is the length of + the data following the Length field counted in octets. + + Service Index - indicates the SF's position on the SFP. + + SF Type - two-octet field. It is defined in [RFC9015] and indicates + the type of SF, e.g., firewall, Deep Packet Inspection, WAN + optimization controller, etc. + + SF ID Type - one-octet field with values defined as in + Section 9.2.7. + + SF Identifier - an identifier of the SF. The length of the SF + Identifier depends on the type of the SF ID Type. For example, if + the SF Identifier is its IPv4 address, the SF Identifier should be + 32 bits. + +6.6.3. SF Information Sub-TLV Construction + + Each SFF in the SFP MUST send one and only one CVRep corresponding to + the CVReq. If only one SF is attached to the SFF in the SFP, only + one SF Information Sub-TLV is included in the CVRep. If several SFs + are attached to the SFF in the SFP, the SF Information Sub-TLV MUST + be constructed as described below in either Section 6.6.3.1 or + 6.6.3.2. + +6.6.3.1. Multiple SFs as Hops of an SFP + + Multiple SFs attached to the same SFF can be the hops of the SFP. + The service indexes of these SFs on that SFP will be different. + Service Function Types of these SFs could be different or be the + same. Information about all SFs MAY be included in the CVRep + message. Information about each SF MUST be listed as separate SF + Information Sub-TLVs in the CVRep message. The same SF can even + appear more than once in an SFP with a different service index. + + An example of the SFP consistency verification procedure for this + case is shown in Figure 11. The Service Function Path (SPI=x) is + SF1->SF2->SF4->SF3. SF1, SF2, and SF3 are attached to SFF1, and SF4 + is attached to SFF2. The CVReq message is sent to the SFFs in the + sequence of the SFP(SFF1->SFF2->SFF1). Every SFF(SFF1, SFF2) replies + with the information of SFs belonging to the SFP. The SF Information + Sub-TLV in Figure 10 contains information for each SF (SF1, SF2, SF3, + and SF4). + + SF1 SF2 SF4 SF3 + +------+------+ | | + CVReq ......> SFF1 ......> SFF2 ......> SFF1 + (SPI=x) . . . + <............ <.......... <........... + CVRep1(SF1,SF2) CVRep2(SF4) CVRep3(SF3) + + Figure 11: Example 1 for CVRep with Multiple SFs + + +6.6.3.2. Multiple SFs for Load Balance + + Multiple SFs may be attached to the same SFF to spread the load; in + other words, that means that the particular traffic flow will + traverse only one of these SFs. These SFs have the same Service + Function Type and Service Index. For this case, the SF ID Type, + which must be the same for all of these SFs, appears once, but all + the respective SF Identifiers will be listed sequentially in the SF + Identifier field of the Service Function Information Sub-TLV (see + Figure 10). The number of these SFs can be calculated from the SF ID + Type and the value of the Length field of the sub-TLV. + + An example of the SFP consistency verification procedure for this + case is shown in Figure 12. The Service Function Path (SPI=x) is + SF1a/SF1b->SF2a/SF2b. The Service Functions SF1a and SF1b are + attached to SFF1, which balances the load among them. The Service + Functions SF2a and SF2b are attached to SFF2, which in turn, balances + its load between them. The CVReq message is sent to the SFFs in the + sequence of the SFP (i.e., SFF1->SFF2). Every SFF (SFF1, SFF2) + replies with the information of SFs belonging to the SFP. The SF + Information Sub-TLV in Figure 10 contains information for all SFs at + that hop. + + /SF1a /SF2a + \SF1b \SF2b + | | + SFF1 SFF2 + CVReq .........> . .........> . + (SPI=x) . . + <............ <............... + CVRep1(SF1a,SF1b) CVRep2(SF2a,SF2b) + + Figure 12: Example 2 for CVRep with Multiple SFs + + +7. Security Considerations + + As an element of SFC OAM and, specifically, based on the NSH, the + Echo Request/Reply mechanism described in this document inherits + security considerations discussed in [RFC7665] and [RFC8300]. + + When the integrity protection for SFC active OAM, particularly the + SFC Echo Request/Reply, is required, using one of the Context Headers + defined in [RFC9145] is RECOMMENDED. The MAC#1 Context Header could + be more suitable for SFC active OAM because it does not require + recalculation of the MAC when the value of the NSH Base Header's TTL + field is changed. Integrity protection for SFC active OAM can also + be achieved using mechanisms in the underlay data plane. For + example, if the underlay is an IPv6 network, i.e., an IP + Authentication Header [RFC4302] or IP Encapsulating Security Payload + Header [RFC4303], it can be used to provide integrity protection. + Confidentiality for the SFC Echo Request/Reply exchanges can be + achieved using the IP Encapsulating Security Payload Header + [RFC4303]. Also, the security needs for the SFC Echo Request/Reply + are similar to those of ICMP ping [RFC0792] [RFC4443] and MPLS LSP + ping [RFC8029]. + + There are at least three approaches to attacking a node in the + overlay network using the mechanisms defined in the document. One is + a Denial-of-Service attack, i.e., sending SFC Echo Requests to + overload an element of SFC. The second may use spoofing, hijacking, + replying, or otherwise tampering with SFC Echo Requests and/or + Replies to misrepresent and alter the operator's view of the state of + the SFC. The third is an unauthorized source using an SFC Echo + Request/Reply to obtain information about the SFC and/or its + elements, e.g., SFFs and/or SFs. + + It is RECOMMENDED that implementations throttle the number of SFC + Echo Request/Reply messages going to the control plane to mitigate + potential Denial-of-Service attacks. + + Reply and spoofing attacks involving faking or replying to SFC Echo + Reply messages would have to match the Sender's Handle and Sequence + Number of an outstanding SFC Echo Request message, which is highly + unlikely for off-path attackers. A non-matching reply would be + discarded. + + To protect against unauthorized sources trying to obtain information + about the overlay and/or underlay, an implementation MUST have means + to check that the source of the Echo Request is part of the SFP. + + Also, since the SF Information Sub-TLV discloses information about + the SFP, the spoofed CVReq packet may be used to obtain network + information. Thus, implementations MUST provide a means of checking + the source addresses of CVReq messages, as specified in Section 6.3.1 + ("Source ID TLV"), against an access list before accepting the + message. + +8. Operational Considerations + + This section provides information about operational aspects of the + SFC NSH Echo Request/Reply according to recommendations in [RFC5706]. + + The SFC NSH Echo Request/Reply provides essential OAM functions for + network operators. The SFC NSH Echo Request/Reply is intended to + detect and localize defects in SFC. For example, by comparing + results of the trace function in operational and failed states, an + operator can locate the defect, e.g., the connection between SFF1 and + SFF2 (Figure 1). After narrowing down a failure to an overlay link, + a more specific failure location can be determined using OAM tools in + the underlay network. The mechanism defined in this document can be + used on demand or for periodic validation of an SFP or RSP. Because + the protocol makes use of the control plane, which may have limited + capacity, an operator must be able to rate limit Echo Request and + Echo Reply messages. A reasonably selected default interval between + Echo Request control packets can provide additional benefit for an + operator. If the protocol is incrementally deployed in the NSH + domain, SFC elements, e.g., Classifier or SFF, that don't support SFC + active OAM will discard the protocol's packets. If SFC uses a + reclassification along the SFP or when the principle of load + balancing is unknown, the fate sharing between data and active OAM + packets cannot be guaranteed. As a result, the OAM outcome might not + reflect the state of the entire SFC properly but only its segment. + In general, it is an operational task to consider the cases where + active OAM may not share fate with the monitored SFP. The SFC NSH + Echo Request/Reply also can be used in combination with the existing + mechanisms discussed in [RFC8924], filling the gaps and extending + their functionalities. + + Management of the SFC NSH Echo Request/Reply protocol can be provided + by a proprietary tool, e.g., command line interface, or based on a + data model that is structured or standardized. + +9. IANA Considerations + + The terms used in the IANA considerations below are intended to be + consistent with [RFC8126]. + +9.1. SFC Active OAM Protocol + + IANA has assigned the following new type in the "NSH Next Protocol" + registry within the "Network Service Header (NSH) Parameters" group + of registries: + + +===============+================+===========+ + | Next Protocol | Description | Reference | + +===============+================+===========+ + | 0x07 | SFC Active OAM | RFC 9516 | + +---------------+----------------+-----------+ + + Table 1: SFC Active OAM Protocol + +9.2. SFC Active OAM + + IANA has created the "Service Function Chaining (SFC) Active + Operations, Administration, and Maintenance (OAM)" group of + registries, which contains the registries described in the following + subsections. + +9.2.1. SFC Active OAM Message Types + + IANA has created the "SFC Active OAM Message Types" registry as + follows: + + Registry Name: SFC Active OAM Message Types + + Assignment Policy: + 0 - 31 IETF Review + 32 - 62 First Come First Served + + Reference: RFC 9516 + + +========+========================+===========+ + | Value | Description | Reference | + +========+========================+===========+ + | 0 | Reserved | RFC 9516 | + +--------+------------------------+-----------+ + | 1 | SFC Echo Request/Reply | RFC 9516 | + +--------+------------------------+-----------+ + | 2 - 62 | Unassigned | | + +--------+------------------------+-----------+ + | 63 | Reserved | RFC 9516 | + +--------+------------------------+-----------+ + + Table 2: SFC Active OAM Message Types + +9.2.2. SFC Echo Request Flags + + IANA has created the "SFC Echo Request Flags" registry to track the + assignment of the 16 flags in the SFC Echo Request Flags field of the + SFC Echo Request message. The flags are numbered from 0 (the most + significant bit is transmitted first) to 15. + + IANA has created the "SFC Echo Request Flags" registry as follows: + + Registry Name: SFC Echo Request Flags + + Assignment Policy: + 0 - 15 Standards Action + + Reference: + RFC 9516 + + +============+=============+===========+ + | Bit Number | Description | Reference | + +============+=============+===========+ + | 0 - 15 | Unassigned | | + +------------+-------------+-----------+ + + Table 3: SFC Echo Request Flags + +9.2.3. SFC Echo Types + + IANA has created the "SFC Echo Types" registry as follows: + + Registry Name: SFC Echo Types + + Assignment Policy: + 0 - 175 IETF Review + 176 - 239 First Come First Served + 240 - 251 Experimental Use + 252 - 254 Private Use + + Reference: RFC 9516 + + +===========+======================================+===========+ + | Value | Description | Reference | + +===========+======================================+===========+ + | 0 | Reserved | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 1 | SFC Echo Request | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 2 | SFC Echo Reply | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 3 | SFP Consistency Verification Request | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 4 | SFP Consistency Verification Reply | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 5 - 239 | Unassigned | | + +-----------+--------------------------------------+-----------+ + | 240 - 251 | Reserved for Experimental Use | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 252 - 254 | Reserved for Private Use | RFC 9516 | + +-----------+--------------------------------------+-----------+ + | 255 | Reserved | RFC 9516 | + +-----------+--------------------------------------+-----------+ + + Table 4: SFC Echo Types + +9.2.4. SFC Echo Reply Modes + + IANA has created the "SFC Echo Reply Modes" registry as follows: + + Registry Name: SFC Echo Reply Modes + + Assignment Policy: + 0 - 175 IETF Review + 176 - 239 First Come First Served + 240 - 251 Experimental Use + 252 - 254 Private Use + + Reference: RFC 9516 + + +=======+====================================+===========+ + | Value | Description | Reference | + +=======+====================================+===========+ + | 0 | Reserved | RFC 9516 | + +-------+------------------------------------+-----------+ + | 1 | Do Not Reply | RFC 9516 | + +-------+------------------------------------+-----------+ + | 2 | Reply via an IPv4/IPv6 UDP Packet | RFC 9516 | + +-------+------------------------------------+-----------+ + | 3 | Unassigned | | + +-------+------------------------------------+-----------+ + | 4 | Reply via Specified Path | RFC 9516 | + +-------+------------------------------------+-----------+ + | 5 | Reply via an IPv4/IPv6 UDP Packet | RFC 9516 | + | | with the data integrity protection | | + +-------+------------------------------------+-----------+ + | 6 | Unassigned | | + +-------+------------------------------------+-----------+ + | 7 | Reply via Specified Path with the | RFC 9516 | + | | data integrity protection | | + +-------+------------------------------------+-----------+ + | 8 - | Unassigned | | + | 239 | | | + +-------+------------------------------------+-----------+ + | 240 - | Reserved for Experimental Use | RFC 9516 | + | 251 | | | + +-------+------------------------------------+-----------+ + | 252 - | Reserved for Private Use | RFC 9516 | + | 254 | | | + +-------+------------------------------------+-----------+ + | 255 | Reserved | RFC 9516 | + +-------+------------------------------------+-----------+ + + Table 5: SFC Echo Reply Modes + +9.2.5. SFC Echo Return Codes + + IANA has created the "SFC Echo Return Codes" registry as follows: + + Registry Name: SFC Echo Return Codes + + Assignment Policy: + 0 - 191 IETF Review + 192 - 251 First Come First Served + 252 - 254 Private Use + + Reference: RFC 9516 + + +=========+============================================+===========+ + | Value | Description | Reference | + +=========+============================================+===========+ + | 0 | No Error | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 1 | Malformed Echo Request received | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 2 | One or more of the TLVs was not understood | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 3 | Authentication failed | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 4 | SFC TTL Exceeded | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 5 | End of the SFP | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 6 | Reply Service Function Path TLV is missing | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 7 | Reply SFP was not found | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 8 | Unverifiable Reply Service Function Path | RFC 9516 | + +---------+--------------------------------------------+-----------+ + | 9 - 251 | Unassigned | | + +---------+--------------------------------------------+-----------+ + | 252 - | Reserved for Private Use | RFC 9516 | + | 254 | | | + +---------+--------------------------------------------+-----------+ + | 255 | Reserved | RFC 9516 | + +---------+--------------------------------------------+-----------+ + + Table 6: SFC Echo Return Codes + +9.2.6. SFC Active OAM TLV Types + + IANA has created the "SFC Active OAM TLV Types" registry as follows: + + Registry Name: SFC Active OAM TLV Types + + Assignment Policy: + 0 - 175 IETF Review + 176 - 239 First Come First Served + 240 - 251 Experimental Use + 252 - 254 Private Use + + Reference: RFC 9516 + + +===========+==================================+===========+ + | Value | Description | Reference | + +===========+==================================+===========+ + | 0 | Reserved | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 1 | Source ID TLV | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 2 | Errored TLVs | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 3 | Reply Service Function Path Type | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 4 | SFF Information Record Type | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 5 | SF Information | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 6 - 239 | Unassigned | | + +-----------+----------------------------------+-----------+ + | 240 - 251 | Reserved for Experimental Use | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 252 - 254 | Reserved for Private Use | RFC 9516 | + +-----------+----------------------------------+-----------+ + | 255 | Reserved | RFC 9516 | + +-----------+----------------------------------+-----------+ + + Table 7: SFC Active OAM TLV Types + +9.2.7. SF Identifier Types + + IANA has created the "SF Identifier Types" as follows: + + Registry Name: SF Identifier Types + + Assignment Policy: + 0 - 191 IETF Review + 192 - 251 First Come First Served + 252 - 254 Private Use + + Reference: RFC 9516 + + +===========+==========================+===========+ + | Value | Description | Reference | + +===========+==========================+===========+ + | 0 | Reserved | RFC 9516 | + +-----------+--------------------------+-----------+ + | 1 | IPv4 | RFC 9516 | + +-----------+--------------------------+-----------+ + | 2 | IPv6 | RFC 9516 | + +-----------+--------------------------+-----------+ + | 3 | MAC | RFC 9516 | + +-----------+--------------------------+-----------+ + | 4 - 251 | Unassigned | | + +-----------+--------------------------+-----------+ + | 252 - 254 | Reserved for Private Use | RFC 9516 | + +-----------+--------------------------+-----------+ + | 255 | Reserved | RFC 9516 | + +-----------+--------------------------+-----------+ + + Table 8: SF Identifier Types + +10. References + +10.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, + DOI 10.17487/RFC2119, March 1997, + . + + [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function + Chaining (SFC) Architecture", RFC 7665, + DOI 10.17487/RFC7665, October 2015, + . + + [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC + 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, + May 2017, . + + [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., + "Network Service Header (NSH)", RFC 8300, + DOI 10.17487/RFC8300, January 2018, + . + + [RFC9015] Farrel, A., Drake, J., Rosen, E., Uttaro, J., and L. + Jalil, "BGP Control Plane for the Network Service Header + in Service Function Chaining", RFC 9015, + DOI 10.17487/RFC9015, June 2021, + . + + [RFC9145] Boucadair, M., Reddy.K, T., and D. Wing, "Integrity + Protection for the Network Service Header (NSH) and + Encryption of Sensitive Context Headers", RFC 9145, + DOI 10.17487/RFC9145, December 2021, + . + + [RFC9451] Boucadair, M., "Operations, Administration, and + Maintenance (OAM) Packet and Behavior in the Network + Service Header (NSH)", RFC 9451, DOI 10.17487/RFC9451, + August 2023, . + +10.2. Informative References + + [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, + RFC 792, DOI 10.17487/RFC0792, September 1981, + . + + [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, + "Randomness Requirements for Security", BCP 106, RFC 4086, + DOI 10.17487/RFC4086, June 2005, + . + + [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, + DOI 10.17487/RFC4302, December 2005, + . + + [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", + RFC 4303, DOI 10.17487/RFC4303, December 2005, + . + + [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet + Control Message Protocol (ICMPv6) for the Internet + Protocol Version 6 (IPv6) Specification", STD 89, + RFC 4443, DOI 10.17487/RFC4443, March 2006, + . + + [RFC5706] Harrington, D., "Guidelines for Considering Operations and + Management of New Protocols and Protocol Extensions", + RFC 5706, DOI 10.17487/RFC5706, November 2009, + . + + [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection + (BFD)", RFC 5880, DOI 10.17487/RFC5880, June 2010, + . + + [RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme, + "IPv6 Flow Label Specification", RFC 6437, + DOI 10.17487/RFC6437, November 2011, + . + + [RFC7110] Chen, M., Cao, W., Ning, S., Jounay, F., and S. Delord, + "Return Path Specified Label Switched Path (LSP) Ping", + RFC 7110, DOI 10.17487/RFC7110, January 2014, + . + + [RFC7555] Swallow, G., Lim, V., and S. Aldrin, "Proxy MPLS Echo + Request", RFC 7555, DOI 10.17487/RFC7555, June 2015, + . + + [RFC7799] Morton, A., "Active and Passive Metrics and Methods (with + Hybrid Types In-Between)", RFC 7799, DOI 10.17487/RFC7799, + May 2016, . + + [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., + Aldrin, S., and M. Chen, "Detecting Multiprotocol Label + Switched (MPLS) Data-Plane Failures", RFC 8029, + DOI 10.17487/RFC8029, March 2017, + . + + [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for + Writing an IANA Considerations Section in RFCs", BCP 26, + RFC 8126, DOI 10.17487/RFC8126, June 2017, + . + + [RFC8595] Farrel, A., Bryant, S., and J. Drake, "An MPLS-Based + Forwarding Plane for Service Function Chaining", RFC 8595, + DOI 10.17487/RFC8595, June 2019, + . + + [RFC8924] Aldrin, S., Pignataro, C., Ed., Kumar, N., Ed., Krishnan, + R., and A. Ghanwani, "Service Function Chaining (SFC) + Operations, Administration, and Maintenance (OAM) + Framework", RFC 8924, DOI 10.17487/RFC8924, October 2020, + . + + [RFC9263] Wei, Y., Ed., Elzur, U., Majee, S., Pignataro, C., and D. + Eastlake 3rd, "Network Service Header (NSH) Metadata Type + 2 Variable-Length Context Headers", RFC 9263, + DOI 10.17487/RFC9263, August 2022, + . + +Acknowledgments + + The authors greatly appreciate the thorough review and the most + helpful comments from Dan Wing, Dirk von Hugo, Mohamed Boucadair, + Donald Eastlake 3rd, Carlos Pignataro, and Frank Brockners. The + authors are thankful to John Drake for his review and the reference + to the work on BGP control plane for NSH SFC. The authors express + their appreciation to Joel M. Halpern for his suggestion about the + load-balancing scenario. The authors greatly appreciate the + thoroughness of comments and thoughtful suggestions by Darren Dukes + that significantly improved the document. + +Contributors + + Cui Wang + Individual contributor + Email: lindawangjoy@gmail.com + + + Zhonghua Chen + China Telecom + No.1835, South PuDong Road + Shanghai + 201203 + China + Phone: +86 18918588897 + Email: chenzhongh@chinatelecom.cn + + +Authors' Addresses + + Greg Mirsky + Ericsson + Email: gregimirsky@gmail.com + + + Wei Meng + ZTE Corporation + Yuhuatai District + No.50 Software Avenue + Nanjing, + China + Email: meng.wei2@zte.com.cn + + + Ting Ao + China Mobile + No.889, BiBo Road + Shanghai + 201203 + China + Phone: +86 17721209283 + Email: 18555817@qq.com + + + Bhumip Khasnabish + Individual Contributor + Email: vumip1@gmail.com + + + Kent Leung + Individual Contributor + 530 Showers Drive Ste 7 + Mountain View, CA 94040 + United States of America + Email: mail4kentl@gmail.com + + + Gyan Mishra + Verizon Inc. + Email: gyan.s.mishra@verizon.com -- cgit v1.2.3