Internet-Draft | Simple TWAMP Extensions for SR Networks | June 2023 |
Gandhi, et al. | Expires 21 December 2023 | [Page] |
Segment Routing (SR) leverages the source routing paradigm. SR is applicable to both Multiprotocol Label Switching (SR-MPLS) and IPv6 (SRv6) forwarding planes. This document specifies RFC 8762 (Simple Two-Way Active Measurement Protocol (STAMP)) extensions for SR networks, for both SR-MPLS and SRv6 forwarding planes by augmenting the optional extensions defined in RFC 8972.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 21 December 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Segment Routing (SR) leverages the source routing paradigm for Software Defined Networks (SDNs). SR is applicable to both Multiprotocol Label Switching (SR-MPLS) and IPv6 (SRv6) forwarding planes [RFC8402]. SR Policies as defined in [RFC9256] are used to steer traffic through a specific, user-defined paths using a stack of Segments. A comprehensive SR Performance Measurement (PM) toolset is one of the essential requirements to measure network performance to provide Service Level Agreements (SLAs).¶
The Simple Two-Way Active Measurement Protocol (STAMP) provides capabilities for the measurement of various performance metrics in IP networks [RFC8762] without the use of a control channel to pre-signal session parameters. [RFC8972] defines optional extensions, in the form of TLVs, for STAMP. Note that the YANG data model defined in [I-D.ietf-ippm-stamp-yang] can be used to provision the STAMP Session-Sender and STAMP Session-Reflector.¶
The STAMP test packets are transmitted along an IP path between a Session-Sender and a Session-Reflector to measure performance delay and packet loss along that IP path. It may be desired in SR networks that the same path (same set of links and nodes) between the Session-Sender and Session-Reflector is used for the STAMP test packets in both directions. This is achieved by using the STAMP [RFC8762] extensions for SR-MPLS and SRv6 networks specified in this document by augmenting the optional extensions defined in [RFC8972].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
MPLS: Multiprotocol Label Switching.¶
PM: Performance Measurement.¶
SID: Segment Identifier.¶
SR: Segment Routing.¶
SR-MPLS: Segment Routing with MPLS forwarding plane.¶
SRH: Segment Routing Header.¶
SRv6: Segment Routing with IPv6 forwarding plane.¶
SSID: STAMP Session Identifier.¶
STAMP: Simple Two-Way Active Measurement Protocol.¶
In the reference topology shown below, the STAMP Session-Sender S1 initiates a STAMP test packet and the STAMP Session-Reflector R1 transmits a reply STAMP test packet. The reply test packet may be transmitted to the Session-Sender S1 on the same path (same set of links and nodes) or a different path in the reverse direction from the path taken towards the Session-Reflector R1. The T1 is a transmit timestamp and T4 is a receive timestamp added by node S1 in the STAMP test packet. The T2 is a receive timestamp and T3 is a transmit timestamp added by node R1 in the STAMP test packet.¶
The nodes S1 and R1 may be connected via a link or an SR path [RFC8402]. The link may be a physical interface, virtual link, or Link Aggregation Group (LAG) [IEEE802.1AX], or LAG member. The SR path may be an SR Policy [RFC9256] on node S1 (called head-end) with destination to node R1 (called tail-end).¶
T1 T2 / \ +-------+ Test Packet +-------+ | | - - - - - - - - - ->| | | S1 |=====================| R1 | | |<- - - - - - - - - - | | +-------+ Reply Test Packet +-------+ \ / T4 T3 STAMP Session-Sender STAMP Session-Reflector Reference Topology¶
The Session-Sender may need to transmit test packets to the Session-Reflector with a different destination address that is not matching an address of the Session-Reflector e.g. when the STAMP test packet is encapsulated by a tunneling protocol e.g., encapsulated with an SR-MPLS Segment List and IPv4 header containing destination IPv4 address from 127/8 range or encapsulated with outer IPv6 header and Segment Routing Header (SRH) with inner IPv6 header containing IPv6 destination IPv6 address ::1/128.¶
In an ECMP environment, the hashing function in forwarding may decide the outgoing path using the source address, destination address, UDP ports, IPv6 flow-label, etc. from the packet. Hence for IPv4, for example, different values of IPv4 destination address from 127/8 range may be used in the IPv4 header to measure different ECMP paths. For IPv6, for example, different values of flow-label may be used in the IPv6 header to measure different ECMP paths. In those cases, the STAMP test packet may reach the node that is not the Session-Reflector for this STAMP session in an error condition, and an un-intended node may transmit reply test packet that can result in reporting of invalid measurement metrics.¶
[RFC8972] defines STAMP Session-Sender and Session-Reflector test packets that can include one or more optional TLVs. In this document, the TLV type (value 9 for IPv4 and IPv6) is defined for the Destination Node Address TLV for the STAMP test packet [RFC8972]. The formats of the Destination Node Address TLVs are shown in Figure 1:¶
TLV fields are defined as follows:¶
STAMP TLV Flags : The STAMP TLV Flags follow the procedures described in [RFC8972] and this document.¶
Type : Type (value 9) for IPv4 Destination Node Address TLV or IPv6 Destination Node Address TLV.¶
Length : A two-octet field equal to the length of the Address field in octets. The length is 4 octet for IPv4 address and 16 octet for IPv6 address.¶
The Destination Node Address TLV is optional. The Destination Node Address TLV indicates the address of the intended Session-Reflector node of the test packet. The Destination Node Address is also used to uniquely identify the STAMP session on the Session-Reflector when the optional SSID is not sent. For security reasons (e.g., to avoid node discovery), the Session-Reflector SHOULD use the received Destination Node Address as the Source Address in the IP header of the reply test packet only if the Destination Node Address is one of the addresses on the node, instead of using its Node Address. The Session-Reflector MUST add the received Destination Node Address TLV in the reply test packet to ensure the symmetric reply test packet size and to transmit the STAMP TLV Flags to the Session-Sender.¶
A Session-Reflector that recognizes this TLV, MUST set the U flag [RFC8972] in the reply test packet to 1 if the Session-Reflector determined that it is not the intended Destination as identified in the Destination Node Address TLV. In this case, the Session-Reflector does not use the received Destination Node Address as the Source Address in the IP header of the reply test packet. Otherwise, the Session-Reflector MUST set the U flag in the Destination Node Address TLV in the reply test packet to 0.¶
For end-to-end SR paths, the Session-Reflector may need to transmit the reply test packet on a specific return path. The Session-Sender can request this in the test packet to the Session-Reflector using a Return Path TLV. With this TLV carried in the Session-Sender test packet, signaling and maintaining dynamic SR network state for the STAMP sessions on the Session-Reflector are avoided.¶
There are two modes defined for the behaviors on the Session-Reflector in Section 4 of [RFC8762]. A Stateful Session-Reflector that requires configuration that must match all Session-Sender parameters, including Source Address, Destination Address, Source UDP Port, Destination UDP Port, and possibly SSID (assuming the SSID is configurable and not auto-generated). In this case, a local policy can be used to direct the test packet by creating additional states for the STAMP sessions on the Session-Reflector. In the case of promiscuous operation, the Stateless Session-Reflector will require an indication of how to return the test packet on a specific path, for example, measurement in an ECMP environment.¶
For links, the Session-Reflector may need to transmit the reply test packet on the same incoming link in the reverse direction. The Session-Sender can request this in the test packet to the Session-Reflector using a Return Path TLV.¶
[RFC8972] defines STAMP test packets that can include one or more optional TLVs. In this document, the TLV Type (value 10) is defined for the Return Path TLV that carries the return path for the Session-Sender test packet. The format of the Return Path TLV is shown in Figure 2:¶
TLV fields are defined as follows:¶
STAMP TLV Flags : The STAMP TLV Flags follow the procedures described in [RFC8972] and this document.¶
Type : Type (value 10) for Return Path TLV.¶
Length : A two-octet field equal to the length of the Return Path Sub-TLVs field in octets.¶
Return Path Sub-TLVs : As defined in Section 5.1.¶
The Return Path TLV is optional. The Session-Sender MUST only insert one Return Path TLV in the STAMP test packet. The Session-Reflector that supports this TLV, MUST only process the first Return Path TLV in the test packet and ignore other Return Path TLVs if present, and it MUST add the received Return Path TLV (including all Sub-TLVs) in the reply test packet to ensure the symmetric reply test packet size and to transmit the STAMP TLV Flags to the Session-Sender. The Session-Reflector that supports this TLV MUST reply using the Return Path received in the Session-Sender test packet. In the case where the Session-Reflector does not support this TLV, the procedure defined in [RFC8762] is followed by the Session-Reflector.¶
A Session-Reflector that recognizes this TLV, MUST set the U flag [RFC8972] in the reply test packet to 1 if the Session-Reflector determined that it cannot use the return path in the test packet to transmit the reply test packet. Otherwise, the Session-Reflector MUST set the U flag in the reply test packet to 0.¶
The Return Path TLV contains one or more Sub-TLVs to carry the information for the requested return path. A Return Path Sub-TLV can carry Return Path Control Code, Return Path IP Address or Return Path Segment List.¶
The STAMP Sub-TLV Flags are set using the procedures described in [RFC8972].¶
When the Return Path Sub-TLV is present in the Session-Sender test packet, the Session-Reflector that supports this TLV, MUST transmit the reply test packet using the return path information specified in the Return Path Sub-TLV.¶
A Return Path TLV MUST NOT contain more than one Control Code Sub-TLV or more than one Return Address Sub-TLV or more than one Segment List Sub-TLV in Session-Sender test packet.¶
A Return Path TLV MUST NOT contain both Control Code Sub-TLV as well as Return Address or Return Segment List Sub-TLV in Session-Sender test packet.¶
A Return Path TLV MAY contain both Return Address as well as Return Segment List Sub-TLV in Session-Sender test packet.¶
Any extra Return Path Sub-TLV not procesed by the Session-Reflector is returned to the Session-Sender in reply test packet with U flag set to 1.¶
The format of the Return Path Control Code Sub-TLV is shown in Figure 3. The Type of the Return Path Control Code Sub-TLV is defined as following:¶
TLV fields are defined as follows:¶
STAMP TLV Flags : The STAMP TLV Flags follow the procedures described in [RFC8972] and this document.¶
Length : A two-octet field equal to the length of the Control Code flags which is 4 octets.¶
Control Code Flags (32-bit): Reply Request Flag at bit 31 (least significant bit) is defined as follows.¶
All other bits are reserved and must be transmitted as 0 and ignored by the receiver.¶
When Control Code flag for Reply Request is set to 0x0 in the Session-Sender test packet, the Session-Reflector does not transmit reply test packet to the Session-Sender and terminates the STAMP test packet. Only the one-way measurement is applicable in this case. Optionally, the Session-Reflector may locally stream performance metrics via telemetry using the information from the received test packet. All other Return Path Sub-TLVs MUST be ignored in this case.¶
When Control Code flag for Reply Request is set to 0x1 in the Session-Sender test packet, the Session-Reflector transmits the reply test packet over the same incoming link where the test packet is received in the reverse direction towards the Session-Sender. The link may be a physical interface, virtual link, or Link Aggregation Group (LAG) [IEEE802.1AX], or LAG member. All other Return Path Sub-TLVs MUST be ignored in this case. When using LAG member links, STAMP extension for Micro-Session ID TLV defined in [I-D.ietf-ippm-stamp-on-lag] can be used to identify the link.¶
The STAMP reply test packet may be transmitted to the Session-Sender to a different destination address on the Session-Sender using Return Path TLV. This address is different than the Source Address in the Session-Sender test packet where normally the reply test packet is sent by the Session Reflector. For this, the Session-Sender can specify in the test packet, the receiving destination node address for the Session-Reflector reply test packet. When transmitting the STAMP test packet to a different destination address, the Session-Sender MUST follow the procedure defined in Section 4.3 of [RFC8762].¶
The formats of the IPv4 and IPv6 Return Address Sub-TLVs are shown in Figure 4.¶
The TLV fields are defined as follows:¶
The Return Address is the Destination Address of the Session-Reflector reply test packet and is different than the Source Address in the Session-Sender test packet.¶
STAMP TLV Flags : The STAMP TLV Flags follow the procedures described in [RFC8972] and this document.¶
Length : A two-octet field equal to the length of the Return Address field in octets. The length is 4 octet for IPv4 address and 16 octet for IPv6 address.¶
The format of the Segment List Sub-TLVs in the Return Path TLV is shown in Figures 5 and 6. The Segments carried in Segment List Sub-TLVs are described in [RFC8402]. The segment entries MUST be in network order.¶
The Session-Sender MUST only insert one Segment List Return Path Sub-TLV in the test packet and Segment List MUST contain at least one Segment. The Session-Reflector MUST only process the first Segment List Return Path Sub-TLV in the test packet and ignore other Segment List Return Path Sub-TLVs if present.¶
TLV fields are defined as follows:¶
The Segment List Sub-TLV can be one of the following Types:¶
STAMP TLV Flags : The STAMP TLV Flags follow the procedures described in [RFC8972] and this document.¶
Length : A two-octet field equal to the length of the Segment List field in octets. Length MUST NOT be 0.¶
The SR-MPLS Label Stack contains a list of 32-bit Label Stack Entry (LSE) that includes a 20-bit label value, 8-bit Time-To-Live (TTL) value, 3-bit Traffic Class (TC) value and 1-bit End-Of-Stack (S) field.¶
An SR-MPLS Label Stack Sub-TLV may carry only the Binding SID Label [I-D.ietf-pce-binding-label-sid] of the Return SR-MPLS Policy. The Binding SID Label of the Return SR-MPLS Policy is known at the Session-Reflector. The mechanism to signal the Binding SID Label to the Session-Sender is outside the scope of this document.¶
An SR-MPLS Label Stack Sub-TLV may also include the Path Segment Identifier Label of the Return SR-MPLS Policy in the Segment List of the SR-MPLS Policy.¶
The SRv6 Segment List contains a list of 128-bit IPv6 addresses representing the SRv6 SIDs.¶
An SRv6 Segment List Sub-TLV may carry only the SRv6 Binding SID [I-D.ietf-pce-binding-label-sid] of the Return SRv6 Policy. The SRv6 Binding SID of the Return SRv6 Policy is known at the Session-Reflector. The mechanism to signal the SRv6 Binding SID to the Session-Sender is outside the scope of this document.¶
An SRv6 Segment List Sub-TLV may also include the SRv6 Path Segment Identifier of the Return SRv6 Policy in the Segment List of the SRv6 Policy.¶
This document does not introduce any additional considerations for interoperability with TWAMP Light than those described in Section 4.6 of [RFC8762].¶
As desctibed in [RFC8762], there are two possible combinations for such a interoperability use case:¶
- STAMP Session-Sender with TWAMP Light Session-Reflector¶
- TWAMP Light Session-Sender with STAMP Session-Reflector¶
If any of STAMP extensions defined in this document are used by STAMP Session-Sender, the TWAMP Light Session-Reflector will view them as the Packet Padding field.¶
The usage of STAMP protocol is intended for deployment in limited domains [RFC8799]. As such, it assumes that a node involved in STAMP protocol operation has previously verified the integrity of the path and the identity of the far-end Session-Reflector.¶
If desired, attacks can be mitigated by performing basic validation and sanity checks, at the Session-Sender, of the timestamp fields in received reply test packets. The minimal state associated with these protocols also limits the extent of measurement disruption that can be caused by a corrupt or invalid test packet to a single test cycle.¶
The security considerations specified in [RFC8762] and [RFC8972] also apply to the extensions defined in this document. Specifically, the authenticated mode and the message integrity protection using HMAC, as defined in [RFC8762] Section 4.4, also apply to the procedure described in this document.¶
STAMP uses the well-known UDP port number that could become a target of denial of service (DoS) or could be used to aid man-in-the-middle (MITM) attacks. Thus, the security considerations and measures to mitigate the risk of the attack documented in Section 6 of [RFC8545] equally apply to the STAMP extensions in this document.¶
The STAMP extensions defined in this document may be used for potential "proxying" attacks. For example, a Session-Sender may specify a return path that has a destination different from that of the Session-Sender. But normally, such attacks will not happen in an SR domain where the Session-Senders and Session-Reflectors belong to the same domain. In order to prevent using the extension defined in this document for proxying any possible attacks, the return path has destination to the same node where the forward path is from. The Session-Reflector may drop the Session-Sender test packet when it cannot determine whether the Return Path has the destination to the Session-Sender. That means, the Session-Sender should choose a proper source address according to the specified Return Path to help the Session-Reflector to make that decision.¶
IANA has created the "STAMP TLV Types" registry for [RFC8972]. IANA has early allocated a value for the Destination Address TLV Type and a value for the Return Path TLV Type from the IETF Review TLV range of the same registry.¶
Value | Description | Reference |
---|---|---|
9 (Early Allocation) | Destination Node IPv4 or IPv6 Address | This document |
10 (Early Allocation) | Return Path | This document |
IANA is requested to create a sub-registry for "Return Path Sub-TLV Type". All code points in the range 1 through 175 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126]. Code points in the range 176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure as specified in [RFC8126]. Remaining code points are allocated according to Table 2:¶
Value | Description | Reference |
---|---|---|
1 - 175 | IETF Review | This document |
176 - 239 | First Come First Served | This document |
240 - 251 | Experimental Use | This document |
252 - 254 | Private Use | This document |
IANA is requested to allocate the values for the following Sub-TLV Types from this registry.¶
Type | Description | Reference |
---|---|---|
0 | Reserved | This document |
1 | Return Path Control Code | This document |
2 | Return IPv4 or IPv6 Address | This document |
3 | SR-MPLS Label Stack of the Return Path | This document |
4 | SRv6 Segment List of the Return Path | This document |
255 | Reserved | This document |
IANA is requested to create a sub-registry for "Return Path Control Code Flags" for the Return Path Control Code Sub-TLV. All code points in the bit position 31 (counting from bit 31 as the least significant bit) through 12 in this registry shall be allocated according to the "IETF Review" procedure as specified in [RFC8126]. Code points in the bit position 11 through 8 in this registry shall be allocated according to the "First Come First Served" procedure as specified in [RFC8126]. Remaining code points are allocated according to Table 4:¶
Bit | Description | Reference |
---|---|---|
31 - 12 | IETF Review | This document |
11 - 8 | First Come First Served | This document |
7 - 4 | Experimental Use | This document |
3 - 0 | Private Use | This document |
IANA is requested to allocate the value for the following Return Path Control Code Flag from this registry.¶
Bit | Description | Reference |
---|---|---|
31 | Reply Request | This document |
The authors would like to thank Thierry Couture for the discussions on the use-cases for Performance Measurement in Segment Routing. The authors would also like to thank Greg Mirsky, Mike Koldychev, Gyan Mishra, Tianran Zhou, Al Mortons, Reshad Rahman, Zhenqiang Li, Frank Brockners, Henrik Nydell, and Cheng Li for providing comments and suggestions. Thank you Joel Halpern for Gen-ART review, Martin Duke for AD review, and Kathleen Moriarty for Security review. The authors would like to thank Robert Wilton, Éric Vyncke, Paul Wouters, and Jim Guichard for IESG review.¶