Internet-Draft | Path Tracing | March 2022 |
Filsfils, et al. | Expires 5 September 2022 | [Page] |
Path Tracing provides a record of the packet path as a sequence of interface ids. In addition, it provides a record of end-to-end delay, per-hop delay, and load on each egress interface along the packet delivery path.¶
Path Tracing allows to trace 14 hops with only a 40-bytes IPv6 Hop-by-Hop extension header.¶
Path Tracing supports fine grained timestamp. It has been designed for linerate hardware implementation in the base pipeline.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 September 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Path Tracing provides a record of the packet path as a sequence of interface ids. In addition, it provides a record of end-to-end delay, per-hop delay, and load on each egress interface along the packet delivery path.¶
Path Tracing allows to trace 14 hops with only a 40 bytes IPv6 Hop-by-Hop header. The overhead is lower than [INT], [I-D.ietf-ippm-ioam-data], [I-D.song-opsawg-ifit-framework], and [I-D.kumar-ippm-ifa].¶
Path Tracing supports fine-grained timestamps. It has been designed for linerate hardware implementation in the base pipeline.¶
Path Tracing is applicable to both SR-MPLS [RFC8660], as well as SRv6 [RFC8986]. This document defines the Path Tracing specification for the SRv6 dataplane. The SR-MPLS dataplane will be detailed in a separate document.¶
The specification proposed in this document has been demonstrated successfully in different interoperable hardware platforms at linerate (Section 10).¶
The following terms used within this document are defined in [RFC8402], [RFC8754] and [RFC8986]: Segment Routing (SR), SR Domain, Segment ID (SID), SRv6, SRv6 SID, SR Policy, Segment Routing Header (SRH), SR source node, transit node, SR Endpoint, SA, DA.¶
The following terms are used in this document as defined below:¶
PT: Path Tracing¶
MCD: Midpoint Compressed Data (MCD). Information that every transit router adds to the packet for PT purposes. Defined in Section 3 of this document.¶
HbH-PT: IPv6 Hop-by-Hop [RFC8200] Path Tracing Option used for PT. It contains a stack of MCDs. It is defined in Section 8.1 of this document¶
SRH PT-TLV: SRH TLV defined in Section 8.2 of this document.¶
PT Source: A Source node that starts a PT Probing Instance (defined in Section 4) and generates PT probes.¶
PT Midpoint: A transit node that performs plain IPv6 forwarding (or SR Endpoint processing) and in addition records PT information in the HbH-PT.¶
PT Sink: A node that receives PT probes sent from the SRC containing the information recorded by every PT Midpoint along the path, and forwards them to a regional collector after recording its PT information.¶
RC: Regional collector that receives PT probes, parses, and stores them in TimeSeries Database. It uses the information in the HBH-PT and the SRH PT-TLV to construct the packet delivery path as well as the timestamp at each node.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Every PT Midpoint along the packet delivery path -from Source to Sink- records its PT information into the HbH-PT header. This information is known as Midpoint Compressed Data (MCD). It contains the following information:¶
MCD.OIF (Outgoing Interface ID): An 8-bit or 12-bit interface ID associated with the egress physical port of the router¶
MCD.OIL (Outgoing Interface Load): A 4-bit representation of the egress interface load (i.e., current throughout relative to the port bandwidth).¶
MCD.TTS (Truncated Timestamp): An 8-bit timestamp encoding the time at which the packet egress the router.¶
The controller configures a PT Probing Instance at the source node. A PT Probing Instance is configured with the following parameters:¶
IPv6 Flow-Label sweeping range:¶
MTU sweeping range:¶
For each configured PT Probing Instance, according to the probe-rate, the PT SRC generates a PT probe packet as follows:¶
S01. Generate a new IPv6 packet S02. Set the IPv6 SA as per PT Probing Instance configuration S03. Set the IPv6 DA to the first SID from the SRv6 SID List S04. Set the IPv6 Next Header field to 43 (SRH) S05. Set the DSCP and Flow Label values as per PT Probing Instance configuration S06. Append an IPv6 Hop-by-Hop header with the Hop-by-Hop Path Tracing option (HbH-PT) S07. Set all bits of the HbH-PT MCD Stack to zero S08. Append an SRH S09. Set the SRH Next Header field to 59 (IPv6 No Next Header) S10. Write the SID list in the SRH S11. Append the SRH PT-TLV S12. Add padding bytes after the SRH to reach the desired packet size as per the MTU sweeping range configuration S13. Set the session ID field of the SRH PT-TLV as per PT Probing Instance configuration S14. Set the Sequence Number field of SRH PT-TLV and increase local counter S15. Perform an IPv6 FIB lookup to determine the Outgoing Interface (IFACE-OUT) on which packet will be forwarded S16. Record Transmit 64-bit timestamp (SRC.T64) in the T64 field of the SRH PT-TLV S17. Record IFACE-OUT ID (SRC.OIF) in the IF_ID field of the SRH PT-TLV S18. Record IFACE-OUT Load (SRC.OIL) in the IF_LD field of the SRH PT-TLV S19. Forward the packet via IFACE-OUT¶
Notes:¶
When a midpoint node receives an IPv6 packet that contains an IPv6 HbH-PT option, the node processes the HbH-PT as follows:¶
S01. When processing HbH-PT option { S02. Compute the MCD information as per Section 3 S03. HbH-PT.MCD_Stack[MCD_Size:HbH-PT.OPT_Data_Len-1] = HbH-PT.MCD_Stack[0:HbH-PT.OPT_Data_Len-(MCD_Size+1)] //Shift HbH-PT MCD Stack to the right by MCD_Size bytes S04. HbH-PT.MCD_Stack[0:MCD_Size-1] = MCD[0:MCD_Size-1] //Push the MCD at the beginning of the Stack S05. }¶
Notes:¶
We define a new SRv6 Endpoint Behavior called "Endpoint Behavior bound to an SRv6 Policy with Timestamp, Encapsulation and Forward" ("End.B6.TEF" for short).¶
It is a Binding SID instantiated, at Sink nodes, that encapsulates the packet with a new IPv6 header, an SRH that contains the SID list associated to End.B6.TEF SID and an SRH PT-TLV that is used to carry Path Tracing information of Sink node.¶
When N receives a packet whose IPv6 DA is S and S is a local End.B6.TEF SID, N does the following:¶
S01. Record Rx 64-bit timestamp (SNK.T64) S02. Record incoming interface ID (SNK.IIF) S03. Record incoming interface Load (SNK.IIL) S04. Push a new IPv6 header S05. Set the IPv6 SA to the Sink node loopback S06. Set the IPv6 DA to the first SID in the SRv6 SID List S07. Set the IPv6 Next Header field to 43 (SRH) S08. Append an SRH S09. Set the SRH Next Header field to 41 (IPv6) S10. Write the SID list in the SRH S11. Append the SRH PT-TLV S12. Set the session ID field of the SRH PT-TLV to zero S13. Set the Sequence Number field of the SRH PT-TLV to zero S14. Write SNK.T64 in the T64 field of the SRH PT-TLV S15. Write SNK.IIF in the IF_ID field of the SRH PT-TLV S16. Write SNK.IIL in the IF_LD field of the SRH PT-TLV S17. Submit the packet to the egress IPv6 FIB lookup for transmission to the new destination¶
Notes:¶
This document defines a new IPv6 Path Tracing option to be carried in the IPv6 Hop-by-Hop Header. The option has the following format:¶
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Opt Data Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ~ MCD Stack ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: IPv6 Hop-by-Hop Path Tracing Option Format¶
Where:¶
Option Type: TBA1-1¶
Note: The IPv6 Path Tracing Option has a variable length. It is RECOMMENDED that implementations support a 38-octet HbH-PT Option. The operator, upon configuring the Source node behavior, MUST select an option length that is supported by all the routers in the network.¶
We define a new SRH TLV, called "Path Tracing TLV" ("SRH PT-TLV" for short). It has the following format:¶
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | IF_ID | IF_LD | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + T64 + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: SRH Path Tracing TLV Format¶
Where:¶
Note: The SRH PT-TLV is generated by both the PT SRC and the PT SNK. When used at the PT SNK node, the Session ID, and Sequence Number fields MUST be set to zero.¶
Low overhead:¶
Linerate and HW friendliness:¶
Scalable Fine-grained Timestamp:¶
Editorial note: Please remove this section prior publication.¶
The following routing platforms have participated in an interop testing:¶
The following open-source software networking stacks have also participated in the interop:¶
The following opensource applications also have extensions to support Path Tracing:¶
The security considerations for Segment Routing are discussed in [RFC8402]. Section 5 of [RFC8754] describes the SR Deployment Model and the requirements for securing the SR Domain. The security considerations of [RFC8754] also cover topics such as attack vectors and their mitigation mechanisms that also apply to the behaviors introduced in this document. Together, they describe the required security mechanisms that allow establishment of an SR domain of trust. Having such a well-defined trust boundary is necessary in order to operate SRv6-based services for internal traffic while preventing any external traffic from accessing or exploiting the SRv6-based services.¶
This document defines the Path Tracing architecture, which is deployed on a secured SRv6-domain. As such, all the security considerations defined in [RFC8754], [RFC8402], and [RFC8986] are applicable.¶
In addition, any border router in an SR Domain network where Path Tracing is enabled, MUST support the configuration of the following ACLs:¶
These ACLs SHOULD be enabled by default. An operator MAY disable them individually based on local configuration.¶
The processing of IPv6 Hop-by-Hop headers could sometimes be used as an attack vector to overload the CPU of the router. As defined in Section 6 of this document, the HBH-PT option MUST be processed at linerate. Therefore there is no impact on the router's CPU.¶
This document has two actions for IANA:¶
This I-D requests IANA to allocate a new entry in the "Destination Options and Hop-by-Hop Options" sub-registry under the top-level registry "Internet Protocol Version 6 (IPv6) Parameters":¶
Value Description Reference ---------------------------------------------- TBA1-1 Path Tracing [This.ID]¶
Note: The 3 high-order bits must be 001.¶
This I-D requests IANA to allocate a new entry in the "Segment Routing Header TLVs" sub-registry under the top-level registry "Internet Protocol Version 6 (IPv6) Parameters":¶
Value Description Reference ---------------------------------------------- TBA2-1 Path Tracing TLV [This.ID]¶
The authors of this document would like to thank the team that has collaborated on the design and implementation of the Path Tracing framework at Cisco, Broadcom, Marvel, Swisscom, Alibaba, Softbank, University of Rome "Tor Vergata", and ETH Zurich. In particular: Eyal Dagan, Guy Caspary, Elad Naor, Aviran Kadosh, Eli Stein, Oren Yabo, Aviad Behar, Anand Sridharan, Anju Dey, John Bettink, Kamran Raza, Asif Islam, Yue Gao, Jakub Horn, Sam Kheirallah, Shelly Cadora, Kris Michielsen, Francois Clad, Stefano Salsano, Andrea Mayer, Paolo Lungaroni, Giulio Sidoretti, Leonardo Rodoni, Marco Tollini.¶
Jisu Bhattacharya, Cisco Systems; jisu@cisco.com¶
Rakesh Gandhi, Cisco Systems; rgandhi@cisco.com¶
Serguei Bezverkhi, Cisco Systems; sbezverk@cisco.com¶
Sonia Ben Ayed, Cisco Systems; sbenayed@cisco.com¶
Israel Meilik, Broadcom; israel.meilik@broadcom.com¶
Shay Zadok, Broadcom; shay.zadok@broadcom.com¶
Weiqiang Cheng, China Mobile; chengweiqiang@chinamobile.com¶