| Internet-Draft | Active OAM for SFC | May 2021 |
| Mirsky, et al. | Expires 26 November 2021 | [Page] |
A set of requirements for active Operation, Administration, and Maintenance (OAM) of Service Function Chains (SFCs) in a network is presented in this document. Based on these requirements, an encapsulation of active OAM messages in SFC and a mechanism to detect and localize defects are described.¶
This document updates RFC 8300. Particularly, it updates the definition of O (OAM) bit in the Network Service Header (NSH) and defines how an active OAM message is identified in the NSH.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 26 November 2021.¶
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.¶
[RFC7665] defines data plane elements necessary to implement a Service Function Chaining (SFC). These include:¶
There are different views from different levels of the SFC. One is the service function chain, an entirely abstract view, which defines an ordered set of SFs that must be applied to packets selected based on classification rules. But service function chain doesn't specify the exact mapping between SFFs and SFs. Thus, another logical construct used in SFC is a Service Function Path (SFP). According to [RFC7665], SFP is the instantiation of the SFC in the network and provides a level of indirection between the entirely abstract SFCs and a fully specified ordered list of SFFs and SFs identities that the packet will visit when it traverses the SFC. The latter entity is referred to as Rendered Service Path (RSP). The main difference between SFP and RSP is that the former is the logical construct, while the latter is the realization of the SFP via the sequence of specific SFC data plane elements.¶
This document defines how active Operation, Administration and Maintenance (OAM), per [RFC7799] definition of active OAM, is identified when Network Service Header (NSH) is used as the SFC encapsulation. Following the analysis of SFC OAM in [RFC8924], this document applies and, when necessary, extends requirements listed in Section 4 of [RFC8924] for the use of active OAM in an SFP supporting fault management and performance monitoring. Active OAM tools, conformant to the requirements listed in Section 3, improve, for example, troubleshooting efficiency and defect localization in SFP because they specifically address architectural principles of NSH. For that purpose, SFC Echo Request and Echo Reply are specified in the document. This mechanism enables on-demand Continuity Check, Connectivity Verification among other operations over SFC in networks, addresses functionalities discussed in Sections 4.1, 4.2, and 4.3 of [RFC8924]. Also, this document updates Section 2.2 of [RFC8300] in part of the definition of O bit in the (NSH).¶
The terminology defined in [RFC7665] is used extensively throughout this document. The reader is expected to be familiar with it.¶
In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC architecture.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
E2E: End-to-End¶
FM: Fault Management¶
NSH: Network Service Header¶
OAM: Operations, Administration, and Maintenance¶
PRNG: Pseudorandom number generator¶
RDI: Remote Defect Indication¶
RSP: Rendered Service Path¶
SF: Service Function¶
SFC: Service Function Chain¶
SFF: Service Function Forwarder¶
SFP: Service Function Path¶
MAC: Message Authentication Code¶
As discussed in [RFC8924], SFC-specific means are needed to perform the OAM task of fault management (FM) in an SFC architecture, including failure detection, defect characterization, and localization. This document defines the set of requirements for active FM OAM mechanisms to be used in an SFC architecture.¶
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
|SFI11| |SFI12| |SFI21| |SFI22| |SFI31| |SFI32|
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
\ / \ / \ /
+----------+ +----+ +----+ +----+
|Classifier|---|SFF1|---------|SFF2|----------|SFF3|
+----------+ +----+ +----+ +----+
Regarding the reference model depicted in Figure 1, consider a service function chain that includes three distinct service functions. In this example, the SFP traverses SFF1, SFF2, and SFF3, each SFF being connected to two instances of the same service function. End-to-end (E2E) SFC OAM has the Classifier as the ingress, and SFF3 - as its egress. Segment SFC OAM is between two elements that are part of the same SFP. Following are the requirements for an FM SFC OAM, whether with the E2E or segment scope:¶
The fate sharing, in the SFC environment, is achieved when a test packet traverses the same path and receives the same treatment in the transport layer as an SFC NSH packet.¶
A network failure might be declared when several consecutive test packets are not received within a pre-determined time. For example, in the E2E SFC OAM FM case, the egress, SFF3, in the example in Figure 1, could be the entity that detects the SFP's failure by monitoring a flow of periodic test packets. The ingress may be capable of recovering from the failure, e.g., using redundant SFC elements. Thus, it is beneficial for the egress to signal the new defect state to the ingress, which in this example is the Classifier. Hence the following requirement:¶
Once the SFF1 detects the defect, the objective of the SFC OAM changes from the detection of a defect to defect characterization and localization.¶
In the example presented in Figure 1, two distinct instances of the same service function share the same SFF. In this example, the SFP can be realized over several RSPs that use different instances of SF of the same type. For example, RSP1(SFI11--SFI21--SFI31) and RSP2(SFI12--SFI22--SFI32). Available RSPs can be discovered using the trace function discussed in Section 4.3 [RFC8924].¶
The SFC OAM layer model described in [RFC8924] offers an approach for a defect localization within a service function chain. As the first step, the SFP's continuity for SFFs that are part of the same SFP could be verified. After the reachability of SFFs has already been verified, SFFs that serve an SF may be used as a test packet source. In such a case, SFF can act as a proxy for another element within the service function chain.¶
The O bit in the NSH is defined in [RFC8300] as follows:¶
This document updates that definition as follows:¶
Active SFC OAM is defined as a combination of OAM commands and/or data included in a message that immediately follows the NSH. To identify the active OAM message, the Next Protocol field's value MUST be set to Active SFC OAM (TBA1) (Section 8.1). The rules for interpreting the values of the O bit and the Next Protocol field are as follows:¶
O bit set and the Next Protocol value is not one of identifying active or hybrid OAM protocol (per [RFC7799] definitions), e.g., defined in this specification Active SFC OAM:¶
O bit set and the Next Protocol value is one of identifying active or hybrid OAM protocol:¶
O bit is clear:¶
One conclusion from the above-listed rules of processing the O bit and the Next Protocol field's value is to avoid the combination of OAM in an NSH Context Header (Fixed-Length or Variable-Length) and the payload immediately following the NSH because there is no unambiguous way to identify such combination using the O bit and the Next Protocol field.¶
As demonstrated in Section 4 [RFC8924] and Section 3 of this document, SFC OAM is required to perform multiple tasks. Several active OAM protocols could be used to address all the requirements. When IP/UDP encapsulation of an SFC OAM control message is used, protocols can be demultiplexed using the Destination UDP port number. But extra IP/UDP headers, especially in an IPv6 network, add noticeable overhead. This document defines Active OAM Header (Figure 2) to demultiplex active OAM protocols on an SFC.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | V | Msg Type | Flags | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ SFC Active OAM Control Packet ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Echo Request/Reply is a well-known active OAM mechanism that is extensively used to verify a path's continuity, detect inconsistencies between a state in control and the data planes, and localize defects in the data plane. ICMP ([RFC0792] for IPv4 and [RFC4443] for IPv6 networks respectively) and [RFC8029] are examples of broadly used active OAM protocols based on Echo Request/Reply principle. The SFC NSH Echo Request/Reply control message format is presented in Figure 3.¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V | Reserved | Global Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message Type | Reply mode | Return Code |Return Subcode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender's Handle |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ TLVs ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The interpretation of the fields is as follows:¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Value ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TLV is a variable-length field. Multiple TLVs MAY be placed in an SFC Echo Request/Reply packet. Additional TLVs may be enclosed within a given TLV, subject to the semantics of the (outer) TLV in question. If more than one TLV is to be included, the value of the Type field of the outmost outer TLV MUST be set to Multiple TLVs Used (TBA12), as assigned by IANA according to Section 8.7. Figure 4 presents the format of an SFC Echo Request/Reply TLV, where fields are defined as the following:¶
The value of the Return Code field is set to zero by the sender of an Echo Request. The receiver of said Echo Request can set it to one of the values listed in Table 1 in the corresponding Echo Reply that it generates.¶
| Value | Description |
|---|---|
| 0 | No Return Code |
| 1 | Malformed Echo Request received |
| 2 | One or more of the TLVs was not understood |
| 3 | Authentication failed |
Authentication can be used to protect the integrity of the information in SFC Echo Request and/or Echo Reply. In the [I-D.ietf-sfc-nsh-integrity] a variable-length Context Header has been defined to protect the integrity of the NSH and the payload. The header can also be used for the optional encryption of the sensitive metadata. MAC#1 Context Header is more suitable for the integrity protection of active SFC OAM, particularly of the defined in this document SFC Echo Request and Echo Reply. On the other hand, using MAC#2 Context Header allows the detection of mishandling of the O-bit by a transient SFC element.¶
SFC Echo Request control packet MUST use the appropriate transport encapsulation of the monitored SFP. If the NSH is used, Echo Request MUST set O bit, as defined in [RFC8300]. NSH MUST be immediately followed by the SFC Active OAM Header defined in Section 4. The Message Type field's value in the SFC Active OAM Header MUST be set to SFC Echo Request/Echo Reply value (TBA2) per Section 8.2.¶
Value of the Reply Mode field MAY be set to:¶
Sending an SFC Echo Request to the control plane is triggered by one of the following packet processing exceptions: NSH TTL expiration, NSH Service Index (SI) expiration, or the receiver is the terminal SFF for an SFP.¶
Firstly, if the SFC Echo Request is authenticated, the receiving SFF MUST verify the authentication. If the verification fails, the receiver SFF MUST send an SFC Echo Reply with the Return Code set to "Authentication failed" and the Subcode set to zero. Then, the SFF that has received an SFC Echo Request verifies the received packet's general sanity. If the packet is not well-formed, the receiver SFF SHOULD send an SFC Echo Reply with the Return Code set to "Malformed Echo Request received" and the Subcode set to zero. If there are any TLVs that SFF does not understand, the SFF MUST send an SFC Echo Reply with the Return Code set to 2 ("One or more TLVs was not understood") and set the Subcode to zero. In the latter case, the SFF MAY include an Errored TLVs TLV (Section 5.4.1) that, as sub-TLVs, contains only the misunderstood TLVs. The header field's Sender's Handle, Sequence Number are not examined but are included in the SFC Echo Reply message. If the sanity check of the received Echo Request succeeded, then the SFF at the end of the SFP MUST set the Return Code value to 5 ("End of the SFP") and the Subcode set to zero. If the SFF is not at theend of the SFP and the TTL value is 1, the value of the Return Code MUST be set to 4 ("TTL Exceeded") and the Subcode set to zero.¶
If the Return Code for the Echo Reply is determined as 2 ("One or more TLVs was not understood"), then the Errored TLVs TLV MAY be included in an Echo Reply. The use of this TLV allows informing the sender of an Echo Request of mandatory TLVs either not supported by an implementation or parsed and found to be in error.¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Errored TLVs | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value |
. .
. .
. .
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where¶
The Reply Mode field directs whether and how the Echo Reply message should be sent. The sender of the Echo Request MAY use TLVs to request that the corresponding Echo Reply is transmitted over the specified path. Value TBA3 is referred to as the "Do not reply" mode and suppresses the Echo Reply packet transmission. The default value (TBA6) for the Reply mode field requests the responder to send the Echo Reply packet out-of-band as IPv4 or IPv6 UDP packet.¶
Responder to the SFC Echo Request sends the Echo Reply over IP network if the Reply mode is Reply via an IPv4/IPv6 UDP Packet. Because the NSH does not identify the ingress node that generated the Echo Request, the source ID MUST be included in the message and used as the IP destination address for IP/UDP encapsulation of the SFC Echo Reply. The sender of the SFC Echo Request MUST include SFC Source TLV Figure 6.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source ID | Reserved | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
where¶
The UDP destination port for SFC Echo Reply TBA15 will be allocated by IANA Section 8.8.¶
An SFF SHOULD NOT accept SFC Echo Reply unless the received passes the following checks:¶
SFP Echo Request/Reply can be used to isolate a defect detected in the SFP and trace an RSP. As for ICMP echo request/reply [RFC0792] and MPLS echo request/reply [RFC8029], this mode is referred to as "traceroute". In the traceroute mode, the sender transmits a sequence of SFP Echo Request messages starting with the NSH TTL value set to 1 and is incremented by 1 in each next Echo Request packet. The sender stops transmitting SFP Echo Request packets when the Return Code in the received Echo Reply equals 5 ("End of the SFP").¶
To trace a particular RSP, the sender may use NSH MD Type 2 Flow ID TLV [I-D.ietf-sfc-nsh-tlv]. The value of the Flow ID field of the SFP Echo Request packet MUST be set to the same value as of the monitored flow.¶
When the integrity protection for SFC active OAM, and SFC Echo Request/Reply in particular, is required, it is RECOMMENDED to use one of Context Headers defined in [I-D.ietf-sfc-nsh-integrity]. MAC#1 (Message Authentication Code) Context Header could be more suitable for active SFC OAM because it does not require re-calculation of the MAC when the value of the NSH Base Header's TTL field is changed. The integrity protection for SFC active OAM can also be achieved using mechanisms in the underlay data plane. For example, if the underlay is an IPv6 network, IP Authentication Header [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can be used to provide integrity protection. Confidentiality for the SFC Echo Request/Reply exchanges can be achieved using the IP Encapsulating Security Payload Header [RFC4303]. Also, the security needs for SFC Echo Request/Reply are similar to those of ICMP ping [RFC0792], [RFC4443] and MPLS LSP ping [RFC8029].¶
There are at least three approaches to attacking a node in the overlay network using the mechanisms defined in the document. One is a Denial-of-Service attack, sending an SFC Echo Request to overload an element of the SFC. The second may use spoofing, hijacking, replying, or otherwise tampering with SFC Echo Requests and/or replies to misrepresent, alter the operator's view of the state of the SFC. The third is an unauthorized source using an SFC Echo Request/Reply to obtain information about the SFC and/or its elements, e.g., SFF or SF.¶
It is RECOMMENDED that implementations throttle the SFC ping traffic going to the control plane to mitigate potential Denial-of-Service attacks.¶
Reply and spoofing attacks involving faking or replying to SFC Echo Reply messages would have to match the Sender's Handle and Sequence Number of an outstanding SFC Echo Request message, which is highly unlikely. Thus the non-matching reply would be discarded.¶
To protect against unauthorized sources trying to obtain information about the overlay and/or underlay, an implementation MAY check that the source of the Echo Request is indeed part of the SFP.¶
Authors greatly appreciate thorough review and the most helpful comments from Dan Wing, Dirk von Hugo, and Mohamed Boucadair.¶
IANA is requested to assign a new type from the SFC Next Protocol registry as follows:¶
| Value | Description | Reference |
|---|---|---|
| TBA1 | SFC Active OAM | This document |
IANA is requested to create a new registry called "SFC Active OAM Message Type". All code points in the range 1 through 32767 in this registry shall be allocated according to the "IETF Review" procedure specified in [RFC8126]. The remaining code points to be allocated according to Table 3:¶
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | |
| 1 - 32767 | Reserved | IETF Consensus |
| 32768 - 65530 | Reserved | First Come First Served |
| 65531 - 65534 | Reserved | Private Use |
| 65535 | Reserved |
IANA is requested to assign a new type from the SFC Active OAM Message Type registry as follows:¶
| Value | Description | Reference |
|---|---|---|
| TBA2 | SFC Echo Request/Echo Reply | This document |
IANA is requested to create a new SFC Echo Request/Echo Reply Parameters registry.¶
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Message Types. All code points in the range 1 through 175 in this registry shall be allocated according to the "IETF Review" procedure specified in [RFC8126]. Code points in the range 176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure specified in [RFC8126]. The remaining code points are allocated according to Table 5: as specified in Table 5.¶
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | This document |
| 1- 175 | Unassigned | This document |
| 176 - 239 | Unassigned | This document |
| 240 - 251 | Experimental | This document |
| 252 - 254 | Private Use | This document |
| 255 | Reserved | This document |
IANA is requested to assign values as listed in Table 6.¶
| Value | Description | Reference |
|---|---|---|
| TBA3 | SFC Echo Request | This document |
| TBA4 | SFC Echo Reply | This document |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Reply Mode. All code points in the range 1 through 175 in this registry shall be allocated according to the "IETF Review" procedure specified in [RFC8126]. Code points in the range 176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure specified in [RFC8126]. The remaining code points are allocated according to Table 7: as specified in Table 7.¶
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | This document |
| 1- 175 | Unassigned | This document |
| 176 - 239 | Unassigned | This document |
| 240 - 251 | Experimental | This document |
| 252 - 254 | Private Use | This document |
| 255 | Reserved | This document |
All code points in the range 1 through 191 in this registry shall be allocated according to the "IETF Review" procedure specified in [RFC8126] and assign values as listed in Table 8.¶
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | |
| TBA5 | Do Not Reply | This document |
| TBA6 | Reply via an IPv4/IPv6 UDP Packet | This document |
| TBA7 | Reply via Application Level Control Channel | This document |
| TBA8 | Reply via Specified Path | This document |
| TBA9 | Reply via an IPv4/IPv6 UDP Packet with the data integrity protection | This document |
| TBA10 | Reply via Application Level Control Channel with the data integrity protection | This document |
| TBA11 | Reply via Specified Path with the data integrity protection | This document |
IANA is requested to create in the SFC Echo Request/Echo Reply Parameters registry the new sub-registry Return Codes as described in Table 9.¶
| Value | Description | Reference |
|---|---|---|
| 0-191 | Unassigned | IETF Review |
| 192-251 | Unassigned | First Come First Served |
| 252-254 | Unassigned | Private Use |
| 255 | Reserved |
Values defined for the Return Codes sub-registry are listed in Table 10.¶
| Value | Description | Reference |
|---|---|---|
| 0 | No Return Code | This document |
| 1 | Malformed Echo Request received | This document |
| 2 | One or more of the TLVs was not understood | This document |
| 3 | Authentication failed | This document |
| 4 | TTL Exceeded | This document |
| 5 | End of the SFP | This document |
IANA is requested to create the SFC OAM TLV Type registry. All code points in the range 1 through 175 in this registry shall be allocated according to the "IETF Review" procedure specified in [RFC8126]. Code points in the range 176 through 239 in this registry shall be allocated according to the "First Come First Served" procedure specified in [RFC8126]. The remaining code points are allocated according to Table 11:¶
| Value | Description | Reference |
|---|---|---|
| 0 | Reserved | This document |
| 1- 175 | Unassigned | This document |
| 176 - 239 | Unassigned | This document |
| 240 - 251 | Experimental | This document |
| 252 - 254 | Private Use | This document |
| 255 | Reserved | This document |
This document defines the following new values in SFC OAM TLV Type registry:¶
| Value | Description | Reference |
|---|---|---|
| TBA12 | Multiple TLVs Used | This document |
| TBA13 | Source ID TLV | This document |
| TBA14 | Errored TLVs | This document |
IANA is requested to allocate UDP port number according to¶
| Service Name | Port Number | Transport Protocol | Description | Semantics Definition | Reference |
|---|---|---|---|---|---|
| SFC OAM | TBA15 | UDP | SFC OAM Echo Reply | Section 5.5 | This document |