Internet-Draft | ICMPv6 Ping Enabled IOAM Capabilities | April 2022 |
Min & Mirsky | Expires 27 October 2022 | [Page] |
This document describes the ICMPv6 IOAM Echo functionality, which uses the ICMPv6 IOAM Echo Request/Reply messages, allowing the IOAM encapsulating node to discover the enabled IOAM capabilities of each IOAM transit and decapsulating node.¶
This document updates RFC 4884.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 27 October 2022.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
IPv6 encapsulation for In-situ OAM (IOAM) data is defined in [I-D.ietf-ippm-ioam-ipv6-options], which uses IPv6 hop-by-hop options and destination option to carry IOAM data.¶
As specified in [I-D.ietf-ippm-ioam-conf-state], echo request/reply can be used for the IOAM encapsulating node to discover the enabled IOAM capabilities at IOAM transit and decapsulating nodes.¶
As specified in [RFC4443], the Internet Control Message Protocol for IPv6 (ICMPv6) is an integral part of IPv6, and the base protocol MUST be fully implemented by every IPv6 node. ICMPv6 messages include error messages and informational messages, and the latter are referred to as ICMPv6 Echo Request/Reply messages. [RFC4884] defines ICMPv6 Extension Structure by which multi-part ICMPv6 error messages are supported. [RFC8335] defines ICMPv6 Extended Echo Request/Reply messages, and the ICMPv6 Extended Echo Request contains an ICMPv6 Extension Structure customized for this message. Both [RFC4884] and [RFC8335] provide sound principles and examples on how to extend ICMPv6 error messages and echo request/reply messages.¶
This document describes the ICMPv6 IOAM Echo functionality, which uses the ICMPv6 IOAM Echo Request/Reply messages, allowing the IOAM encapsulating node to discover the enabled IOAM capabilities of each IOAM transit and decapsulating node.¶
The IOAM encapsulating node sends an ICMPv6 IOAM Echo Request message to each IOAM transit and decapsulating node, then each receiving node executes access control procedures, and if access is granted, each receiving node returns an ICMPv6 IOAM Echo Reply message which indicates the enabled IOAM capabilities of the receiving node. The ICMPv6 IOAM Echo Reply message contains an ICMPv6 Extension Structure exactly customized to this message, and the ICMPv6 Extension Structure contains one or more IOAM Capabilities Objects.¶
Note that before the IOAM encapsulating node sends the ICMPv6 IOAM Echo Request messages, it needs to know the IPv6 address of each node along the transport path of a data packet to which IOAM data would be added. That can be achieved by executing ICMPv6 traceroute or provisioning explicit path at the IOAM encapsulating node.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The ICMPv6 IOAM Echo Request message is encapsulated in an IPv6 header [RFC8200], like any ICMPv6 message.¶
The ICMPv6 IOAM Echo Request message has the following format:¶
IPv6 Header fields:¶
ICMPv6 fields:¶
The ICMPv6 IOAM Echo Reply message is encapsulated in an IPv6 header [RFC8200], like any ICMPv6 message.¶
The ICMPv6 IOAM Echo Reply message has the following format:¶
IPv6 Header fields:¶
ICMPv6 fields:¶
All ICMPv6 IOAM Capabilities Objects are encapsulated in an ICMPv6 IOAM Echo Reply message.¶
Each ICMPv6 IOAM Capabilities Object has the following format:¶
Object fields:¶
Value Object Name ----- ----------- TBD3 IOAM Tracing Capabilities Object TBD4 IOAM Proof-of-Transit Capabilities Object TBD5 IOAM Edge-to-Edge Capabilities Object TBD6 IOAM DEX Capabilities Object TBD7 IOAM End-of-Domain Object¶
Class-Num C-Type C-Type Name --------- ------ ----------- TBD3 0 Reserved 1 Pre-allocated Tracing 2 Incremental Tracing TBD4 0 Reserved TBD5 0 Reserved TBD6 0 Reserved TBD7 0 Reserved¶
The format of ICMPv6 IOAM Echo Reply can vary from deployment to deployment.¶
In a deployment where only the default Namespace-ID is used, the IOAM Pre-allocated Tracing Capabilities and IOAM Proof-of-Transit Capabilities are enabled at the IOAM transit node that received ICMPv6 IOAM Echo Request message, the ICMPv6 IOAM Echo Reply message is depicted as the following:¶
In a deployment where two Namespace-IDs (Namespace-ID1 and Namespace-ID2) are used, for both Namespace-ID1 and Namespace-ID2 the IOAM Pre-allocated Tracing Capabilities and IOAM Proof-of-Transit Capabilities are enabled at the IOAM transit node that received ICMPv6 IOAM Echo Request message, the ICMPv6 IOAM Echo Reply message is depicted as the following:¶
In a deployment where only the default Namespace-ID is used, the IOAM Pre-allocated Tracing Capabilities, IOAM Proof-of-Transit Capabilities and IOAM Edge-to-Edge Capabilities are enabled at the IOAM decapsulating node that received ICMPv6 IOAM Echo Request message, the ICMPv6 IOAM Echo Reply message is depicted as the following:¶
Note that when an ICMPv6 IOAM Echo Request message or IOAM Echo Reply message is received, the Payload Length field of IPv6 Header [RFC8200] indicates the message length.¶
When a node receives an ICMPv6 IOAM Echo Request and any of the following conditions apply, the node MUST silently discard the incoming message:¶
Otherwise, when a node receives an ICMPv6 IOAM Echo Request, it MUST format an ICMPv6 IOAM Echo Reply as follows:¶
The Code field MUST be set to (1) Malformed Query if any of the following conditions apply:¶
The Code field MUST be set to (2) No Matched Namespace-ID if none of the contained list of Namespace-IDs is recognized.¶
The Code field MUST be set to (3) Exceed the minimum IPv6 MTU if the formatted ICMPv6 IOAM Echo Reply exceeds the minimum IPv6 MTU (i.e., 1280 octets). In this case, all objects MUST be stripped before forwarding the ICMPv6 Echo Reply to its destination.¶
Otherwise, the Code field MUST be set to (0) No Error.¶
Section 4.6 of [RFC4884] provides a list of extensible ICMP messages (i.e., messages that can carry the ICMP Extension Structure). This document adds the ICMPv6 IOAM Echo Request message and the ICMPv6 IOAM Echo Reply message to that list.¶
This document requests the following IANA actions:¶
Add the following to the "ICMPv6 'type' Numbers" registry:¶
Add the following to the "ICMPv6 'type' Numbers" registry:¶
Add the following to the "Type TBD2 - IOAM Echo Reply" sub-registry:¶
Add the following to the "ICMP Extension Object Classes and Class Sub-types" registry:¶
Add the following C-types to the "Sub-types - Class TBD3 - IOAM Tracing Capabilities Object" sub-registry:¶
Add the following to the "ICMP Extension Object Classes and Class Sub-types" registry:¶
Add the following C-types to the "Sub-types - Class TBD4 - IOAM Proof-of-Transit Capabilities Object" sub-registry:¶
Add the following to the "ICMP Extension Object Classes and Class Sub-types" registry:¶
Add the following C-types to the "Sub-types - Class TBD5 - IOAM Edge-to-Edge Capabilities Object" sub-registry:¶
Add the following to the "ICMP Extension Object Classes and Class Sub-types" registry:¶
Add the following C-types to the "Sub-types - Class TBD6 - IOAM DEX Capabilities Object" sub-registry:¶
Add the following to the "ICMP Extension Object Classes and Class Sub-types" registry:¶
Add the following C-types to the "Sub-types - Class TBD7 - IOAM End-of-Domain Object" sub-registry:¶
All codes mentioned above are assigned on an FCFS basis with a range of 0-255.¶
Securiy issues discussed in [I-D.ietf-ippm-ioam-conf-state] apply to this document.¶
This document recommends using IP Authentication Header [RFC4302] or IP Encapsulating Security Payload Header [RFC4303] to provide integrity protection for IOAM Capabilities information.¶
This document recommends using IP Encapsulating Security Payload Header [RFC4303] to provide privacy protection for IOAM Capabilities information.¶
This document recommends that the network operators establish policies that restrict access to ICMPv6 IOAM Echo functionality. In order to enforce these policies, nodes that support ICMPv6 IOAM Echo functionality MUST support the following configuration options:¶
When a node receives an ICMPv6 IOAM Echo Request message that it is not configured to support, it MUST silently discard the message. See Section 5 for details.¶
In order to protect local resources, implementations SHOULD rate-limit incoming ICMPv6 IOAM Echo Request messages.¶
TBA.¶