<?xml version="1.0"encoding="US-ASCII"?>encoding="UTF-8"?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfccategory="std"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-6man-spring-srv6-oam-13"ipr="trust200902">number="9259" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <!-- [rfced] FYI: We updated "Mach Chen" to "Mach(Guoyi) Chen" in the Authors' Addresses section as this preference has been communicated to us in the past. --> <!-- xml2rfc v2v3 conversion 3.12.2 --> <front> <title abbrev="SRv6 OAM">Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 DataplanePlane (SRv6)</title> <seriesInfo name="RFC" value="9259"/> <author fullname="Zafar Ali" initials="Z" surname="Ali"> <organization>Cisco Systems</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>zali@cisco.com</email> </address> </author> <author fullname="Clarence Filsfils" initials="C." surname="Filsfils"> <organization>Cisco Systems</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>cfilsfil@cisco.com</email> </address> </author> <author fullname="Satoru Matsushima" initials="S" surname="Matsushima"> <organization>Softbank</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>satoru.matsushima@g.softbank.co.jp</email> </address> </author> <author fullname="Daniel Voyer" initials="D" surname="Voyer"> <organization>Bell Canada</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>daniel.voyer@bell.ca</email> </address> </author> <authorfullname="Machfullname="Mach(Guoyi) Chen" initials="M" surname="Chen"> <organization>Huawei</organization> <address> <postal> <street/> <city/> <code/> <country/> </postal> <email>mach.chen@huawei.com</email> </address> </author> <dateyear="2022"/> <area>Routing</area>year="2022" month="May" /> <area>int</area> <workgroup>6man</workgroup> <keyword>SRv6</keyword> <keyword>Segment Routing</keyword> <keyword>OAM</keyword> <abstract> <t>This document describes how the existing IPv6 mechanisms for ping and traceroute can be used in an SRv6 network. The document also specifies the OAM flag (O-flag) in the Segment Routing Header (SRH) for performing controllable and predictable flow sampling from segment endpoints. In addition, the document describes how a centralized monitoring system performs a path continuity check between any nodes within an SRv6 domain. </t> </abstract> </front> <middle> <sectiontitle="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t> As Segment Routing with IPv6 data plane (SRv6) <xreftarget="RFC8402"/>target="RFC8402" format="default"/> simply adds a new type of Routing Extension Header, existing IPv6 OAM mechanisms can be used in an SRv6 network. This document describes how the existing IPv6 mechanisms for ping and traceroute can be used in an SRv6 network. This includes illustrations of pinging an SRv6SIDSegment Identifier (SID) to verify that the SID is reachable and is locally programmed at the target node. This also includes illustrations for tracerouting to an SRv6 SID for hop-by-hop fault localization as well as path tracing to a SID. </t> <t> <!-- [rfced] For readability, we suggest the following update: Original: The document also introduces enhancements for the OAM mechanism for SRv6 networks for performing controllable and predictable flow sampling from segment endpoints using, e.g., IP Flow Information Export (IPFIX) protocol [RFC7011]. Perhaps: This document also introduces enhancements for the OAM mechanism for SRv6 networks that allow controllable and predictable flow sampling from segment endpoints using, e.g., the IP Flow Information Export (IPFIX) protocol [RFC7011]. --> This document also introduces enhancements for the OAM mechanism for SRv6 networks for performing controllable and predictable flow sampling from segment endpoints using, e.g., the IP Flow Information Export (IPFIX) protocol <xreftarget="RFC7011"/>.target="RFC7011" format="default"/>. Specifically, the document specifies theO-flagOAM flag (O-flag) in the SRH as amarking-bitmarking bit in the user packets to triggerthetelemetry data collection and export at the segment endpoints. </t> <t>TheThis document also outlines how the centralized OAM technique in <xreftarget="RFC8403"/>target="RFC8403" format="default"/> can be extended for SRv6 to perform a path continuity check between any nodes within an SRv6 domain. Specifically, the document illustrates how a centralized monitoring system can monitor arbitrary SRv6 paths by creatingtheloopback probes that originate and terminate at the centralized monitoring system. </t> <sectiontitle="Requirements Language"> <t>Thenumbered="true" toc="default"> <name>Requirements Language</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xreftarget="RFC2119" />target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectiontitle="Abbreviations">numbered="true" toc="default"> <name>Abbreviations</name> <t> The following abbreviations are used in this document:<list style="hanging"> <t> SID: Segment ID.</t><t> SL: Segments Left. </t> <t> SR: Segment Routing. </t> <t> SRH: Segment<dl newline="false" spacing="normal"> <dt>SID:</dt> <dd>Segment Identifier </dd> <dt>SL:</dt> <dd>Segments Left </dd> <dt>SR:</dt> <dd>Segment Routing </dd> <dt>SRH:</dt> <dd>Segment Routing Header <xreftarget="RFC8754"/>. </t> <t> SRv6: Segmenttarget="RFC8754" format="default"/> </dd> <dt>SRv6:</dt> <dd>Segment Routing with IPv6Data plane. </t> <t> PSP: Penultimatedata plane </dd> <dt>PSP:</dt> <dd>Penultimate Segment Popof the SRH<xreftarget="RFC8986"/>. </t> <t> USP: Ultimatetarget="RFC8986" format="default"/> </dd> <dt>USP:</dt> <dd>Ultimate Segment Popof the SRH<xreftarget="RFC8986"/>. </t> <t> ICMPv6: ICMPv6 Specificationtarget="RFC8986" format="default"/> </dd> <dt>ICMPv6:</dt> <dd>Internet Control Message Protocol for the Internet Protocol version 6 <xreftarget="RFC4443"/>. </t> <t> IS-IS: Intermediatetarget="RFC4443" format="default"/> </dd> <dt>IS-IS:</dt> <dd>Intermediate System to Intermediate System</t> <t> OSPF: Open</dd> <dt>OSPF:</dt> <dd>Open Shortest Path Firstprotocol<xreftarget="RFC2328"/> </t> <t> IGP: Interiortarget="RFC2328" format="default"/> </dd> <dt>IGP:</dt> <dd>Interior GatewayProtocolsProtocol (e.g.,OSPF, IS-IS). </t> <t> BGP-LS: BorderOSPF and IS-IS) </dd> <dt>BGP-LS:</dt> <dd>Border Gateway Protocol - Link StateExtensions<xreftarget="RFC8571"/> </t> </list></t>target="RFC8571" format="default"/> </dd> </dl> </section> <sectiontitle="Terminologynumbered="true" toc="default"> <name>Terminology and ReferenceTopology"> <t> Throughout the document, the followingTopology</name> <t>The terminology and simple topologyisin this section are used forillustration.illustration throughout the document. </t><figure> <artwork><![CDATA[<figure anchor="ref-top"> <name>Reference Topology</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +--------------------------| N100 |---------------------------------+ | | | ====== link1====== link3------ link5====== link9------ ====== | ||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7|| || ||------|| ||------| |------|| ||------| |---|| || ====== link2====== link4------ link6======link10------ ====== | | | | ---+-- | ------ | --+---|CE 1||CE1 | +-------| N6 |---------+|CE 2||CE2 | ------ link7 | | link8 ------ ------ ]]></artwork> </figure> <!-- [rfced] The text below Figure 1Reference Topology ]]> </artwork> </figure>mentions "node j" and "node i", but we do not see these in the reference topology in Figure 1. Are any updates needed? --> <t> In the reference topology:<list style="empty"> <t></t> <ul spacing="normal"> <li> Node j hasaan IPv6 loopback address 2001:db8:L:j::/128.</t> <t></li> <li> Nodes N1, N2,N4N4, and N7 are SRv6-capable nodes.</t> <t></li> <li> Nodes N3,N5N5, and N6 are IPv6 nodes that are notSRv6-capable.SRv6-capable nodes. Such nodes are referred to asnon-SRv6 capable nodes. </t> <t>"non-SRv6-capable nodes". </li> <li> CE1 and CE2 are Customer Edge devices of any data plane capability (e.g., IPv4, IPv6,L2, etc.). </t> <t>and L2). </li> <li> A SID at node j with locator block 2001:db8:K::/48 and function U is represented by 2001:db8:K:j:U::.</t> <t></li> <li> Node N100 is a controller.</t> <t></li> <!-- [rfced] Is "at N3" and "at node N3" needed in these sentences? We ask because both sentences also include a parenthetic specifiying the location: "(the 2nd link between N3 and N4)" and "(the 1st link between N3 and N4)". Original: The IPv6 address of the nth Link between node i and j at the i side is represented as 2001:db8:i:j:in::, e.g., the IPv6 address of link6 (the 2nd link between N3 and N4) at N3 in Figure 1 is 2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the 1st link between N3 and N4) at node N3 is 2001:db8:3:4:31::.</t> <t>Perhaps: * The IPv6 address of the nth link between node i and j at the i side is represented as 2001:db8:i:j:in::. For example, in Figure 1, the IPv6 address of link6 (the second link between N3 and N4) is 2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the first link between N3 and N4) is 2001:db8:3:4:31::. --> <li> The IPv6 address of the nth link between node i and j at the i side is represented as 2001:db8:i:j:in::. For example, in <xref target="ref-top"/>, the IPv6 address of link6 (the second link between N3 and N4) at N3 is 2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the first link between N3 and N4) at node N3 is 2001:db8:3:4:31::. </li> <li> 2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID at node j towards neighbor node i via the nthLinklink between node i and node j.e.g.,For example, 2001:db8:K:2:X31:: represents End.X at N2 towards N3 via link3 (the1stfirst link between N2 and N3). Similarly, 2001:db8:K:4:X52:: represents the End.X at N4 towards N5 via link10 (the2ndsecond link between N4 and N5). Please refer to <xreftarget="RFC8986"/>target="RFC8986" format="default"/> for a description of End.X SID.</t> <t></li> <li> A SID list is represented as <S1, S2,S3>S3>, where S1 is the first SID to visit, S2 is the second SID tovisitvisit, and S3 is the last SID to visit along the SR path.</t></li> <li> <t> (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with:<list style="symbols"> <t></t> <!-- [rfced] Is "destination addresses" (plural) correct here? Or should this be "destination address" (singular)? Original: * IPv6 header with source address SA, destination addresses DA and SRH as next-header</t> <t>--> <!-- [rfced] FYI: We removed the bullet from the text starting with "Note the..." so that this paragraph appears as the second paragraph of the preceding bullet. This corresponds with the structure of a similar list in Section 2 of RFC 8986. Please let us know any objections. Original: (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with: * IPv6 header with source address SA, destination addresses DA and SRH as next-header * SRH with SID list <S1, S2, S3> with SegmentsLeft = SL * Note the difference between the < > and () symbols: <S1, S2, S3> represents a SID list where S1 is the first SID and S3 is the last SID to traverse. (S3, S2, S1; SL) represents the same SID list but encoded in the SRH format where the rightmost SID in the SRH is the first SID and the leftmost SID in the SRH is the last SID. When referring to an SR policy in a high-level use-case, it is simpler to use the <S1, S2, S3> notation. When referring to an illustration of the detailed packet behavior, the (S3, S2, S1; SL) notation is more convenient. * (payload) represents the payload of the packet. --> <ul spacing="normal"> <li> IPv6 header with source address SA, destination addresses DA, and SRH as the next header </li> <li><t>SRH with SID list <S1, S2, S3> with SegmentsLeft =SL </t>SL</t> <t> Note the difference between the < > and () symbols: <S1, S2, S3> represents a SID list where S1 is the first SID and S3 is the last SID to traverse. (S3, S2, S1; SL) represents the same SID list but encoded in the SRH format where the rightmost SID in the SRH is the first SID and the leftmost SID in the SRH is the last SID. When referring to an SR policy in a high-leveluse-case,use case, it is simpler to use the <S1, S2, S3> notation. When referring to an illustration of the detailed packet behavior, the (S3, S2, S1; SL) notation is moreconvenient. </t> <t>convenient.</t> </li> <li> (payload) represents thethepayload of the packet.</t> </list></t> </list></t></li> </ul> </li> </ul> </section> </section> <!--end: Introduction --> <sectiontitle="OAM Mechanisms">numbered="true" toc="default"> <name>OAM Mechanisms</name> <t>This section defines OAMenhancementenhancements fortheSRv6 networks. </t> <sectiontitle="O-flagnumbered="true" toc="default"> <name>OAM Flag in the Segment RoutingHeader">Header</name> <t><xreftarget="RFC8754"/>target="RFC8754" format="default"/> describes the Segment Routing Header (SRH) and howSR capableSR-capable nodes use it. The SRH contains an 8-bit"Flags"Flags field. </t> <t> This document defines the following bit in the SRH Flags field to carry the O-flag: </t><figure> <artwork><![CDATA[<artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | |O| | +-+-+-+-+-+-+-+-+]]> </artwork> </figure>]]></artwork> <t> Where:<list style="hanging"> <t> O-flag: OAM</t> <dl newline="false" spacing="normal"> <dt>O-flag:</dt> <dd>OAM flag in the SRH Flags field defined in <xreftarget="RFC8754"/>. </t> </list> </t>target="RFC8754" format="default"/>. </dd> </dl> <sectiontitle="O-flag Processing">anchor="oflag-proc" numbered="true" toc="default"> <name>OAM Flag Processing</name> <t> The O-flag in the SRH is used as amarking-bitmarking bit intheuser packets to triggerthetelemetry data collection and export at the segment endpoints. </t> <t> An SR domain ingress edge node encapsulates packets traversing the SR domain as defined in <xreftarget="RFC8754"/>.target="RFC8754" format="default"/>. The SR domain ingress edge nodeMAY<bcp14>MAY</bcp14> use the O-flag in the SRH for marking the packet to trigger the telemetry data collection and export at the segment endpoints. Based onalocal configuration, the SR domain ingress edge node may implement a classification and sampling mechanism to mark a packet with the O-flag in the SRH. Specification of the classification and sampling method is outside the scope of this document. </t> <!-- [rfced] Please confirm that RFC 7012 is the correct citation here. We believe that it is but would like confirmation as we see "template" in RFC 7012 but not "data set". Original: Similarly, without the loss of generality, this document assumes requested information elements are configured by the management plane through data set templates (e.g., as in IPFIX [RFC7012]). ... Based on the requested information elements configured by the management plane through data set templates [RFC7012], the OAM process exports the requested information elements. --> <t> This document does not specify the data elements that need to be exported and the associated configurations. Similarly, this document does not define any formats for exporting the data elements. Nonetheless, without the loss of generality, this document assumes that the IP Flow Information Export (IPFIX) protocol <xreftarget="RFC7011"/>target="RFC7011" format="default"/> is used for exporting the traffic flow information from the network devices to a controller for monitoring and analytics. Similarly, without the loss of generality, this document assumes that requested information elements are configured by the management plane through data set templates (e.g., as in IPFIX <xreftarget="RFC7012"/>).target="RFC7012" format="default"/>). </t> <t>Implementation of the O-flag isOPTIONAL.<bcp14>OPTIONAL</bcp14>. If a node does not support the O-flag, thenupon receptionit simply ignoresit.it upon reception. If a node supports the O-flag, it can optionally advertise its potential via control plane protocol(s). </t><t><!-- [rfced] May we update this sentence as follows for readability? Original: When N receives a packet destined to S and S is a local SID, the line S01 of the pseudo-code associated with the SID S, as defined in section 4.3.1.1 of<xref target="RFC8754"/>,[RFC8754], is appended to as follows for the O-flag processing. Perhaps: For O-flag processing, the following is appended to line S01 of the pseudocode associated with the SID S (as defined in Section 4.3.1.1 of [RFC8754]) when N receives a packet destined to S and S is a local SID. --> <t> When N receives a packet destined to S and S is a local SID, line S01 of the pseudocode associated with the SID S (as defined in <xref target="RFC8754" sectionFormat="of" section="4.3.1.1" format="default"/>) is appended to as follows for O-flag processing. </t><figure> <artwork><![CDATA[<sourcecode type="pseudocode"><![CDATA[ S01.1. IF the O-flag is set and local configuration permits O-flag processing { a. Make a copy of the packet. b. Send the copied packet, along with atimestamptimestamp, to the OAM process for telemetry data collection and export. ;; Ref1 } Ref1: To provide an accurate timestamp, an implementation should copy and record the timestamp as soon as possible during packet processing. Timestamp and any other metadataisare not carried in the packet forwarded to the next hop.]]> </artwork> </figure>]]></sourcecode> <t> Please note that the O-flag processing happens before execution of regular processing of the local SID S. Specifically,theline S01.1 of thepseudo-codepseudocode specified in this document is inserted betweenlinelines S01 and S02 of thepseudo-codepseudocode defined insection 4.3.1.1 of<xreftarget="RFC8754"/>.target="RFC8754" sectionFormat="of" section="4.3.1.1" format="default"/>. </t> <t> Based on the requested information elements configured by the management plane through data set templates <xreftarget="RFC7012"/>,target="RFC7012" format="default"/>, the OAM process exports the requested information elements. The information elements include parts of the packet header and/or parts of the packet payload for flow identification. The OAM process uses information elements defined in IPFIX <xreftarget="RFC7011"/>target="RFC7011" format="default"/> andPSAMPPacket Sampling (PSAMP) <xreftarget="RFC5476"/>target="RFC5476" format="default"/> for exporting the requested sections of the mirrored packets. </t> <t> If the penultimate segment of asegment-listsegment list is aPenultimate Segment Pop (PSP)PSP SID, telemetry data from the ultimate segment cannot be requested. This is because, when the penultimate segment is a PSP SID, the SRH is removed at the penultimatesegmentsegment, and the O-flag is not processed at the ultimate segment. </t> <t> The processing nodeMUST<bcp14>MUST</bcp14> rate-limit the number of packets punted to the OAM process to a configurable rate. This is to avoid hitting any performance impact on the OAM andthetelemetry collection processes. Failurein implementingto implement the rate limit can lead to a denial-of-service attack, as detailed insection 4.<xref target="Security" format="default"/>. </t> <t> The OAM processMUST NOT<bcp14>MUST NOT</bcp14> process the copy of the packet or respond to any upper-layer header (like ICMP, UDP, etc.) payload to prevent multiple evaluations of the datagram. </t> <t> The OAM process is expected to be located on the routing node processing the packet. Although the specification of the OAM process or the external controller operations are beyond the scope of this document, the OAM processSHOULD NOT<bcp14>SHOULD NOT</bcp14> be topologically distant from the routing node, as this is likely to create significant security and congestion issues. How to correlate the data collected from different nodes at an external controller is also outside the scope ofthethis document.Appendix A<xref target="app-illustrations" /> illustrates use of the O-flag for implementing a hybrid OAM mechanism, where the "hybrid" classification is based onRFC7799<xreftarget="RFC7799"/>.target="RFC7799" format="default"/>. </t> </section> <!--end: O-flag Processing --> </section> <!--end: O-flag --> <sectiontitle="OAM Operations">numbered="true" toc="default"> <name>OAM Operations</name> <t> IPv6 OAM operations can be performed for any SRv6 SID whose behavior allowsUpper LayerUpper-Layer Header processing for an applicable OAM payload (e.g., ICMP, UDP). </t> <!-- [rfced] How may we clarify "other IPv6 OAM probing to an SRv6 SID" here? Perhaps "other mechanisms that use OAM probing of SRv6 SIDs" or something similar? Original: Although this document only illustrates ICMPv6 ping and UDP based traceroute to an SRv6 SID, the procedures are equally applicable to other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe message processing [I-D.gandhi-spring-stamp-srpm], etc.). --> <t> Ping to an SRv6 SID is used to verify that the SID is reachable and is locally programmed at the target node. Traceroute to a SID is used for hop-by-hop fault localization as well as path tracing to a SID.Appendix A<xref target="app-illustrations" /> illustrates theICMPv6 basedICMPv6-based ping andthe UDP basedUDP-based traceroute mechanisms for ping and traceroute to an SRv6 SID. Although this document only illustratesICMPv6ICMPv6-based ping andUDP basedUDP-based traceroute to an SRv6 SID, the procedures are equally applicable to other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding Detection (BFD) <xreftarget="RFC5880"/>,target="RFC5880" format="default"/>, Seamless BFD(SBFD)(S-BFD) <xreftarget="RFC7880"/>, STAMPtarget="RFC7880" format="default"/>, and Simple Two-way Active Measurement Protocol (STAMP) probe message processing[I-D.gandhi-spring-stamp-srpm], etc.).<xref target="I-D.ietf-spring-stamp-srpm" format="default"/>). Specifically, as long as local configuration allows the Upper-layer Header processing of the applicable OAM payload for SRv6 SIDs, the existing IPv6 OAM techniques can be used to target a probe to a (remote) SID. </t> <t> IPv6 OAM operations can be performed with the target SID in the IPv6 destination address without an SRH or with an SRH where the target SID is the last segment. In general, OAM operations to a target SID may not exercise all of its processing depending on its behavior definition. For example, ping to an End.X SID <xreftarget="RFC8986"/>target="RFC8986" format="default"/> only validates the SID is locally programmed at the target node and does not validate switching to the correct outgoing interface. To exercise the behavior of a target SID, the OAM operation should construct the probe in a manner similar to a data packet that exercises the SID behavior, i.e. to include that SID as a transit SID in either an SRH or IPv6 DA of an outer IPv6 header or as appropriate based on the definition of the SID behavior. </t> </section> <!--end: Ping and Traceroute --> </section> <!--end: OAM Mechanisms --> <sectionanchor="Status" title="Implementation Status"> <t> This section is to be removed prior to publishing as an RFC. </t> <t> See [I-D.matsushima-spring-srv6-deployment-status] for updated deployment and interoperability reports. </t> </section> <!--end: Implementation Status--> <sectionanchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t> <xreftarget="RFC8754"/>target="RFC8754" format="default"/> defines the notion of an SR domain and use of the SRH within the SR domain. The use of OAM procedures described in this document is restricted to an SR domain. For example, similar totheSID manipulation, O-flag manipulation is not consideredasa threat within the SR domain. Procedures for securing an SR domain are definedthe section 5.1in Sections <xref target="RFC8754" format="default" section="5.1" sectionFormat="bare"/> andsection 7<xref target="RFC8754" format="default" section="7" sectionFormat="bare"/> of <xreftarget="RFC8754"/>.target="RFC8754" format="default"/>. </t> <t> As noted insection 7.1 of<xreftarget="RFC8754"/>,target="RFC8754" format="default" sectionFormat="of" section="7.1"/>, compromised nodes within the SR domain may mount attacks. The O-flag may be set by an attacking node attempting a denial-of-service attack on the OAM process at the segment endpoint node. An implementation correctly implementing the rate limiting described insection 2.1.1<xref target="oflag-proc" /> is not susceptible to that denial-of-service attack. Additionally, SRHFlagsflags are protected by theHMACHashed Message Authentication Code (HMAC) TLV, as described insection 2.1.2.1 of<xreftarget="RFC8754"/>.target="RFC8754" format="default" sectionFormat="of" section="2.1.2.1"/>. <!-- [rfced] Does "with the O-flag set" need to be repeated here? Original: Once an HMAC is generated for a segment list with the O-flag set, it can be used for an arbitrary amount of traffic using that segment list with the O-flag set. Perhaps: Once an HMAC is generated for a segment list with the O-flag set, it can be used for an arbitrary amount of traffic using that segment list. --> Once an HMAC is generated for a segment list with the O-flag set, it can be used for an arbitrary amount of traffic using that segment list with the O-flag set. </t> <t> The security properties of the channel used to send exported packets marked by the O-flag will depend on the specific OAM processes used. An on-path attacker able to observe this OAM channel could conduct traffic analysis, or potentially eavesdropping (depending on the OAM configuration), of this telemetry for the entire SR domain from such a vantage point. </t> <t> This document does not impose any additional security challenges to be considered beyond the security threats described in <xreftarget="RFC4884"/>,target="RFC4884" format="default"/>, <xreftarget="RFC4443"/>,target="RFC4443" format="default"/>, <xreftarget="RFC0792"/>,target="RFC0792" format="default"/>, <xreftarget="RFC8754"/>target="RFC8754" format="default"/>, and <xreftarget="RFC8986"/>.target="RFC8986" format="default"/>. </t> </section> <!--end: Security Considerations--> <section anchor="PRIVACY"title="Privacy Considerations">numbered="true" toc="default"> <name>Privacy Considerations</name> <t> The per-packet marking capabilities of the O-flagprovidesprovide a granular mechanism to collect telemetry. When this collection is deployed by an operator with the knowledge and consent of the users, it will enable a variety of diagnostics and monitoring to support the OAM and security operations use cases needed for resilient network operations. However, this collection mechanism will also provide an explicit protocol mechanism to operators for surveillance and pervasive monitoring use cases done contrary to the user's consent. </t> </section> <!--end: asd --> <section anchor="IANA"title="IANA Considerations"> <t> This document requests that IANA allocatenumbered="true" toc="default"> <name>IANA Considerations</name> <t>IANA has registered the followingregistrationin the "Segment Routing Header Flags"sub-registry forsubregistry in the "Internet Protocol Version 6 (IPv6) Parameters"registry maintained by IANA: <figure> <artwork><![CDATA[ +-------+------------------------------+---------------+ | Bit | Description | Reference | +=======+==============================+===============+ | 2 | O-flag | This document | +-------+------------------------------+---------------+ ]]> </artwork> </figure>registry: </t> <table anchor="iana-table"> <name></name> <thead> <tr> <th>Bit</th> <th>Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>2</td> <td>O-flag</td> <td>RFC 9259</td> </tr> </tbody> </table> </section> <!--end: IANA Considerations--> </middle> <back><references title="Normative References"> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8754.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8986.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"?><displayreference target="I-D.ietf-spring-stamp-srpm" to="STAMP-SR"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8754.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8986.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.0792.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4443.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4884.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5837.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8403.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8402.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7011.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5476.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7012.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7799.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5880.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7880.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2328.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8571.xml"/> <!-- [rfced] FYI: draft-gandhi-spring-stamp-srpm was replaced by draft-ietf-spring-stamp-srpm (see https://datatracker.ietf.org/doc/draft-gandhi-spring-stamp-srpm/). We updated this reference entry accordingly. Original: [I-D.gandhi-spring-stamp-srpm] Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens, B., and R. Foote, "Performance Measurement Using Simple TWAMP (STAMP) for Segment Routing Networks", draft-gandhi- spring-stamp-srpm-07 (work in progress), July 2021. Updated: [STAMP-SR] Gandhi, R., Ed., Filsfils, C., Voyer, D., Chen, M., Janssens, B., and R. Foote, "Performance Measurement Using Simple TWAMP (STAMP) for Segment Routing Networks", Work in Progress, Internet-Draft, draft-ietf-spring-stamp-srpm- 03, 1 February 2022, <https://datatracker.ietf.org/doc/html/draft-ietf-spring- stamp-srpm-03>. --> <!-- [I-D.gandhi-spring-stamp-srpm] Replaced by [I-D.ietf-spring-stamp-srpm] IESG state I-D Exists --> <reference anchor="I-D.ietf-spring-stamp-srpm"> <front> <title>Performance Measurement Using Simple TWAMP (STAMP) for Segment Routing Networks</title> <author fullname="Rakesh Gandhi" role="editor"> <organization>Cisco Systems, Inc.</organization> </author> <author fullname="Clarence Filsfils"> <organization>Cisco Systems, Inc.</organization> </author> <author fullname="Daniel Voyer"> <organization>Bell Canada</organization> </author> <author fullname="Mach(Guoyi) Chen"> <organization>Huawei</organization> </author> <author fullname="Bart Janssens"> <organization>Colt</organization> </author> <author fullname="Richard Foote"> <organization>Nokia</organization> </author> <date month="February" day="1" year="2022" /> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-spring-stamp-srpm-03" /> <format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-spring-stamp-srpm-03.txt" /> </reference> <!-- <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.9197"/> --> <reference anchor='RFC9197' target="https://www.rfc-editor.org/info/rfc9197"> <front> <title>Data Fields for In Situ Operations, Administration, and Maintenance (IOAM)</title> <author initials='F' surname='Brockners' fullname='Frank Brockners' role="editor"> <organization /> </author> <author initials='S' surname='Bhandari' fullname='Shwetha Bhandari' role="editor"> <organization /> </author> <author initials='T' surname='Mizrahi' fullname='Tal Mizrahi' role="editor"> <organization /> </author> <date year='2022' month='May' /> </front> <seriesInfo name="RFC" value="9197"/> <seriesInfo name="DOI" value="10.17487/RFC9197"/> </reference> </references><references title="Informative References"> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.0792.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4443.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.4884.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5837.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8403.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8402.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.7011.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5476.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.7012.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.7799.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.5880.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.7880.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2328.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.8571.xml"?> <?rfc include="https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.matsushima-spring-srv6-deployment-status.xml"?> <?rfc include="http://xml.resource.org/public/rfc/bibxml3/reference.I-D.gandhi-spring-stamp-srpm.xml"?> <?rfc include="https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.draft-ietf-ippm-ioam-data-11.xml"?></references> <sectiontitle="Illustrations">anchor="app-illustrations" numbered="true" toc="default"> <name>Illustrations</name> <!-- [rfced] Please review the titles of A.1 and A.2. Should these have a similar structure? Original: A.1. Ping in SRv6 Networks A.2. Traceroute Perhaps: A.1. Ping in SRv6 Networks A.2. Traceroute in SRv6 Networks Or: A.1. Ping A.2. Traceroute --> <!-- [rfced] Please review the use of "packet P1" followed by the packet notation in the following sentences. In some cases, the colon is used, but in others, it is not. Will readers find these sentences easy to read because the sentence continues after the packet notation? Would something like the format used in Section 6.3 of RFC 8754 be an improvement? See suggestion below. Let us know if another layout or form of punctuation would be helpful here. Original: o A packet P1:(IPv4 header)(payload) is sent from CE1 to Node N1. ... As part of setting the O-flag, node N1 also sends a timestamped copy of the packet P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; NH=IPv4)(IPv4 header)(payload) to a local OAM process. ... Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986] and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards Node N3. ... o When node N4 receives the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload), it processes the O-flag. ... Specifically, it executes the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 10 towards Node N5. ... o When node N7 receives the packet P1 (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload), it processes the O-flag. ... Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT999:: SID and based on lookup in table 100 forwards the packet P1 (IPv4 header)(payload) towards CE 2. Perhaps: o A packet P1 is sent from CE1 to Node N1. The packet is: P1: (IPv4 header)(payload) ... As part of setting the O-flag, node N1 also sends a timestamped copy of the packet P1 to a local OAM process. The packet is: P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; NH=IPv4)(IPv4 header)(payload) ... Specifically, it executes the End.X behavior [RFC8986] indicated by the 2001:db8:K:2:X31:: SID and forwards the packet P1 over link 3 towards Node N3. The packet is: P1: (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) ... o When node N4 receives the packet P1, it processes the O-flag. The packet is: P1: (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) ... Specifically, it executes the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forwards the packet P1 over link 10 towards Node N5. The packet is: P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) ... o When node N7 receives the packet P1, it processes the O-flag. The packet is: P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) ... Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT999:: SID and based on lookup in table 100 forwards the packet P1 towards CE 2. The packet is: P1: (IPv4 header)(payload) --> <t> This appendix shows how some of the existing IPv6 OAM mechanisms can be used in an SRv6 network. It also illustrates an OAM mechanism for performing controllable and predictable flow sampling from segment endpoints. How the centralized OAM technique in <xreftarget="RFC8403"/>target="RFC8403" format="default"/> can be extended for SRv6 is also described in this appendix. </t> <sectiontitle="Pingnumbered="true" toc="default"> <name>Ping in SRv6Networks">Networks</name> <t> The existing mechanism to perform the reachability checks, along the shortest path, continues to work without any modification. Any IPv6 node(SRv6 capable(SRv6-capable ora non-SRv6 capable)non-SRv6-capable) can initiate, transit, and egress a ping packet. </t> <t> The following subsections outline some additional use cases oftheICMPv6 ping intheSRv6 networks. </t> <sectiontitle="Pingingnumbered="true" toc="default"> <name>Pinging an IPv6 Address via aSegment-list">Segment List</name> <t> If an SRv6-capable ingress node wants to ping an IPv6 address via an arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6 ping with an SR header containing the SID list <S1, S2, S3>. This is illustrated using the topology inFigure 1. User<xref target="ref-top"/>. The user issues a ping from node N1 to a loopback of nodeN5,N5 via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in the example isEnd.X SID,End.X, as described in <xreftarget="RFC8986"/>,target="RFC8986" format="default"/>, but the procedure is equally applicable to any other (transit) SID type. </t><t> Figure 2<t><xref target="sample-ping"/> contains sample output for a ping request initiated at node N1 to a loopback address of node N5 viaasegment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. </t><figure> <artwork><![CDATA[<figure anchor="sample-ping"> <name>Sample Ping Output at an SRv6-Capable Node</name> <artwork name="" type="" align="left" alt=""><![CDATA[ > ping 2001:db8:L:5:: viasegment-listsegment list 2001:db8:K:2:X31::, 2001:db8:K:4:X52:: Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625 /0.749/0.931 msFigure 2 A sample ping output at an SRv6-capable node ]]> </artwork>]]></artwork> </figure> <t> All transit nodes process the echo request message like any other data packet carrying an SR header and hence do not require any change. Similarly, the egress node does not require any change to process the ICMPv6 echo request. For example, in thepingexampleof Figure 2: <list style="symbols"> <t>Nodein <xref target="sample-ping"/>: </t> <ul spacing="normal"> <li>Node N1 initiates an ICMPv6 ping packet with the SRH asfollowsfollows: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, NH = ICMPv6)(ICMPv6 Echo Request).</t> <t>Node</li> <li>Node N2, which is an SRv6-capable node, performs the standard SRH processing. Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on link3 toN3.</t> <t>N3.</li> <li> Node N3, which is anon-SRv6 capablenon-SRv6-capable node, performs the standard IPv6 processing. Specifically, it forwards the echo request based ontheDA 2001:db8:K:4:X52:: in the IPv6 header.</t> <t></li> <li> Node N4, which is an SRv6-capable node, performs the standard SRH processing. Specifically, it observes the End.X behavior (2001:db8:K:4:X52::) and forwards the packet on link10 towards N5. If 2001:db8:K:4:X52:: is a PSP SID, the penultimate node(Node(node N4) does not, shouldnotnot, and cannot differentiate between the data packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a PSP SID, node N4 executes the SID like any other data packet with DA = 2001:db8:K:4:X52:: and removes the SRH.</t> <t></li> <li> The echo request packet at N5 arrives as an IPv6 packet with or without an SRH. If N5 receives the packet with an SRH, it skips SRH processing (SL=0). In either case,Nodenode N5 performs the standard ICMPv6 processing on the echo request and responds with the echo reply message to N1. The echo reply message is IP routed.</t> </list> </t></li> </ul> </section> <!--end: Pinging an IPv6 address via a sid-list --> <sectiontitle="Pinging a SID"> <t>numbered="true" toc="default"> <name>Pinging a SID</name> <!-- [rfced] Will "applies equally" here be clear to readers? Original: The ping mechanism described above applies equally to perform SID reachability check and to validate the SID is locally programmed at the target node.This is... The mechanism to traceroute an IPv6 Address via a Segment-list described in the previous section applies equally to traceroute a remote SID behavior, as explained using an example in the following. Perhaps: The ping mechanism described above can also be used to perform SID reachability checks and to validate that the SID is locally programmed at the target node. ... The mechanism to traceroute an IPv6 Address via a segment list described in the previous section can also be used to traceroute a remote SID behavior, as explained in the following example. --> <t> The ping mechanism described above applies equally to perform SID reachability check and to validate the SID is locally programmed at the target node. This is explained in the following example. The example uses ping to anENDEnd SID, as described in <xreftarget="RFC8986"/>,target="RFC8986" format="default"/>, but the procedure is equally applicable to ping any other SID behaviors. </t> <t> Consider the example where the user wants to ping a remote SID 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6 echo request is processed at the individual nodes along the path as follows:<list style="symbols"> <t>Node</t> <ul spacing="normal"> <li>Node N1 initiates an ICMPv6 ping packet with the SRH asfollowsfollows: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1; NH=ICMPv6)(ICMPv6 Echo Request).</t> <t>Node</li> <li>Node N2, which is an SRv6-capable node, performs the standard SRH processing. Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID on the echo request packet. If 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the SID like any other data packet with DA = 2001:db8:K:2:X31:: and removes the SRH.</t> <t></li> <li> Node N3, which is anon-SRv6 capablenon-SRv6-capable node, performs the standard IPv6 processing. Specifically, it forwards the echo request based on DA = 2001:db8:K:4:: in the IPv6header.</t> <t>Whenheader.</li> <li>When node N4 receives the packet, it processes the target SID (2001:db8:K:4::).</t> <t></li> <li> If the target SID (2001:db8:K:4::) is not locally instantiated and does not represent a local interface, the packet is discarded</t> <t></li> <li> If the target SID (2001:db8:K:4::) is locally instantiated or represents a local interface, the node processes theupper layerupper-layer header. <!-- [rfced] We have updated this sentence as follows. Please review. Original: As part of the upper layer header processing node N4 respond to the ICMPv6 echo request message and responds with the echo reply message. Perhaps: As part of the upper-layer header processing, node N4 responds to the ICMPv6 echo request message with an echo reply message. --> As part of the upper-layer header processing, node N4 responds to the ICMPv6 echo request message with an echo reply message. The echo reply message is IP routed.</t> </list> </t></li> </ul> </section> <!--end: SID Ping --> </section> <!--end: Ping--> <sectiontitle="Traceroute">numbered="true" toc="default"> <name>Traceroute</name> <t> The existing traceroute mechanisms, along the shortest path,continuescontinue to work without any modification. Any IPv6 node(SRv6 capable(SRv6-capable or anon-SRv6 capable)non-SRv6-capable) can initiate, transit, and egress a traceroute probe. </t> <t> The following subsections outline some additional use cases ofthetraceroute intheSRv6 networks. </t> <sectiontitle="Traceroutenumbered="true" toc="default"> <name>Traceroute to an IPv6 Address via aSegment-list">Segment List</name> <t> If an SRv6-capable ingress node wants to traceroute to an IPv6 address via an arbitrary segment list <S1, S2, S3>, it needs to initiate a traceroute probe with an SR header containing the SID list <S1, S2, S3>.UserThe user issues a traceroute from node N1 to a loopback of nodeN5,N5 via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in the example isEnd.X SID,End.X, as described in <xreftarget="RFC8986"/>,target="RFC8986" format="default"/>, but the procedure is equally applicable to any other (transit) SID type.Figure 3<xref target="sample-traceroute"/> contains sample output for the traceroute request. </t><figure> <artwork><![CDATA[<figure anchor="sample-traceroute"> <name>Sample Traceroute Output at an SRv6-Capable Node</name> <artwork name="" type="" align="left" alt=""><![CDATA[ > traceroute 2001:db8:L:5:: viasegment-listsegment list 2001:db8:K:2:X31::, 2001:db8:K:4:X52:: Tracing the route to 2001:db8:L:5:: 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec DA: 2001:db8:K:2:X31::, SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2) 2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec DA: 2001:db8:K:4:X52::, SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) 3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec DA: 2001:db8:K:4:X52::, SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) 4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec DA: 2001:db8:L:5::Figure 3 A sample traceroute output at an SRv6-capable node ]]> </artwork>]]></artwork> </figure> <t> In the sample traceroute output, the information displayed at each hop is obtained using the contents of the "Time Exceeded" or "Destination Unreachable" ICMPv6 responses. These ICMPv6 responses are IP routed. </t> <t> In the sample traceroute output, the information for link3 is returned by N3, which is anon-SRv6 capablenon-SRv6-capable node. Nonetheless, the ingress node is able to display SR header contents as the packet travels through thenon-SRv6 capablenon-SRv6-capable node. This is because the "TimeExceeded Message"Exceeded" ICMPv6 message can contain as much of the invoking packet as possible without the ICMPv6 packet exceeding the minimum IPv6 MTU <xreftarget="RFC4443"/>.target="RFC4443" format="default"/>. The SR header is included in these ICMPv6 messages initiated by thenon-SRv6 capablenon-SRv6-capable transit nodes that are not running SRv6 software. Specifically, a node generating an ICMPv6 message containing a copy of the invoking packet does not need to understand the extension header(s) in the invoking packet. </t> <t> The segment list information returned for the first hop is returned by N2, which is an SRv6-capable node. Just like for the second hop, the ingress node is able to display SR header contents for the first hop. </t> <!-- [rfced] We updated "a datagram" to "the datagram" in two instances in the later part of this sentence to match usage earlier in the sentence. Please review and let us know any objections. Original: ICMPv6 extensions defined in [RFC5837] can be used to display information about the IP interface through which the datagram would have been forwarded had it been forwardable, and the IP next hop to which the datagram would have been forwarded, the IP interface upon which a datagram arrived, the sub-IP component of an IP interface upon which a datagram arrived. --> <t> There is no difference in processing of the traceroute probe at an SRv6-capable and anon-SRv6 capablenon-SRv6-capable node. Similarly, both SRv6-capable andnon-SRv6 capablenon-SRv6-capable nodes may use the address of the interface on which probe was received as the source address in the ICMPv6 response. ICMPv6 extensions defined in <xreftarget="RFC5837"/>target="RFC5837" format="default"/> can be used to display information about the IP interface through which the datagram would have been forwarded had it been forwardable,andthe IP next hop to which the datagram would have been forwarded, the IP interface upon whichathe datagram arrived, and the sub-IP component of an IP interface upon whichathe datagram arrived. </t> <!-- [rfced] We are having trouble understanding the text starting with "bound..." Should "at" follow "End.X behavior"? Please clarify. Original: This matches with the expected interface bound to End.X behavior 2001:db8:K:2:X31:: (link3). ... This matches with the expected interface bound to the End.X behavior 2001:db8:K:4:X52:: (link10). --> <t> The IP address of the interface on which the traceroute probe was received is useful. This information can also be used to verify if SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly by N2 and N4, respectively. Specifically, the information displayed for the second hop contains the incoming interface address 2001:db8:2:3:31:: at N3. This matcheswiththe expected interface bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the information displayed for the fourth hop contains the incoming interface address 2001:db8:4:5::52:: at N5. This matcheswiththe expected interface bound to the End.X behavior 2001:db8:K:4:X52:: (link10). </t> </section> <!--end: Tracerouting an IPv6 Address via aSegment-listSegment list --> <sectiontitle="Traceroutenumbered="true" toc="default"> <name>Traceroute to aSID">SID</name> <t> The mechanism to traceroute an IPv6Addressaddress via aSegment-listsegment list described in the previous section applies equally to traceroute a remote SID behavior, as explainedusing an examplein thefollowing.following example. The example uses traceroute to anENDEnd SID, as described in <xreftarget="RFC8986"/>,target="RFC8986" format="default"/>, but the procedure is equally applicable to tracerouting any other SID behaviors. </t> <t> Please note that traceroute to a SID is exemplified using UDP probes. However, the procedure is equally applicable to other implementations of traceroute mechanism. The UDP encoded message to traceroute a SID would use the UDP ports assigned by IANA for "traceroute use". </t> <t> Consider the example where the user wants to traceroute a remote SID 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute probe is processed at the individual nodes along the path as follows:<list style="symbols"> <t>Node</t> <ul spacing="normal"> <li>Node N1 initiates a traceroute probe packet as follows (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). The first traceroute probe is sent with the hop-count value set to 1. The hop-count value is incremented by 1 for eachfollowingsubsequent tracerouteprobes. </t> <t>Whenprobe. </li> <li>When node N2 receives the packet with hop-count = 1, it processes the hop-count expiry. Specifically,thenode N2 responds with the ICMPv6 message (Type: "Time Exceeded", Code:"Hop"hop limit exceeded in transit"). The ICMPv6 response is IP routed.</t> <t>When Node</li> <li>When node N2 receives the packet with hop-count>> 1, it performs the standard SRH processing. Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID on the traceroute probe. If 2001:db8:K:2:X31:: is a PSP SID, node N2 executes the SID like any other data packet with DA = 2001:db8:K:2:X31:: and removes the SRH.</t> <t>When</li> <li>When node N3, which is anon-SRv6 capablenon-SRv6-capable node, receives the packet with hop-count = 1, it processes the hop-count expiry. Specifically,thenode N3 responds with the ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded inTransit").transit"). The ICMPv6 response is IP routed.</t> <t>When</li> <li>When node N3, which is anon-SRv6 capablenon-SRv6-capable node, receives the packet with hop-count>> 1, it performs the standard IPv6 processing. Specifically, it forwards the traceroute probe based on DA 2001:db8:K:4:: in the IPv6 header.</t> <t>When</li> <li>When node N4 receives the packet with DA set to the local SID 2001:db8:K:4::, it processes theENDEnd SID.</t> <t></li> <li> If the target SID (2001:db8:K:4::) is not locally instantiated and does not represent a local interface, the packet is discarded.</t> <t></li> <li> If the target SID (2001:db8:K:4::) is locally instantiated or represents a local interface, the node processes theupper layerupper-layer header. <!-- [rfced] Would updating these sentences as suggested below improve readability? Original: Specifically, the node N2 responds with the ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded in transit"). ... Specifically, the node N3 responds with the ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded in Transit"). ... As part of the upper layer header processing node N4 responds with the ICMPv6 message (Type: Destination unreachable, Code: Port Unreachable). Perhaps: Specifically, node N2 responds with an ICMPv6 message with type "Time Exceeded" and code "Hop limit exceeded in transit"). ... Specifically, node N3 responds with an ICMPv6 message with type "Time Exceeded" and code "Hop limit exceeded in transit". ... As part of the upper-layer header processing, node N4 responds with an ICMPv6 message with type "Destination Unreachable" and code "Port Unreachable". --> As part of the upper-layer header processing, node N4 responds with the ICMPv6 message (Type: "Destination Unreachable", Code: "Port Unreachable"). The ICMPv6 response is IP routed.</t> </list> </t> <t> Figure 4</li> </ul> <t><xref target="sample-output"/> displays a sample traceroute output for this example.<figure> <artwork><![CDATA[</t> <figure anchor="sample-output"> <name>Sample Output for Hop-by-Hop Traceroute to a SID</name> <artwork name="" type="" align="left" alt=""><![CDATA[ > traceroute 2001:db8:K:4:X52:: viasegment-listsegment list 2001:db8:K:2:X31:: Tracing the route to SID 2001:db8:K:4:X52:: 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec DA: 2001:db8:K:2:X31::, SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) 2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec DA: 2001:db8:K:4:X52::, SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) 3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec DA: 2001:db8:K:4:X52::, SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)Figure 4 A sample output for hop-by-hop traceroute to a SID ]]> </artwork>]]></artwork> </figure></t></section> <!--end: Traceroute to a SID behavior--> </section> <!--end: Traceroute --> <sectiontitle="A Hybridnumbered="true" toc="default"> <name>Hybrid OAM UsingO-flag">the OAM Flag</name> <t> This section illustrates a hybrid OAM mechanism using thetheO-flag. Without loss of the generality, the illustration assumes N100 is a centralized controller. </t> <t>TheThis illustration is differentthanfrom theIn-situ OAM"in situ OAM" defined in[I.D-draft-ietf-ippm-ioam-data].<xref target="RFC9197" format="default"/>. This is becauseIn-situin situ OAM records operational and telemetry information in the packet as the packet traverses a path between two points in the network[I.D-draft-ietf- ippm-ioam-data].<xref target="RFC9197" format="default"/>. The illustration in this subsection does not require the recording of OAM data in the packet. </t> <t> The illustration does not assume any formats for exporting the data elements or the data elements that need to be exported. The illustration assumes system clocks among all nodes in the SR domain are synchronized. </t> <t> Consider the example where the user wants to monitor sampled IPv4 VPN 999 traffic going from CE1 to CE2 via alow latencylow-latency SR policy P installed atNodenode N1. To exercise alow latencylow-latency path, the SR Policy P forces the packet via segments 2001:db8:K:2:X31:: and 2001:db8:K:4:X52::. The VPN SID at N7 associated with VPN 999 is 2001:db8:K:7:DT999::. 2001:db8:K:7:DT999:: is a USP SID. N1, N4, and N7 are capable of processingO-flagthe O-flag, but N2 is not capable of processing the O-flag. N100 is the centralized controller capable of processing and correlating the copy of the packets sent from nodes N1, N4, and N7. N100 is aware of O-flag processing capabilities. ControllerN100N100, withthehelp from nodes N1, N4,N7and N7, implements a hybrid OAM mechanism using the O-flag as follows:<list style="symbols"> <t></t> <ul spacing="normal"> <li> A packet P1:(IPv4 header)(payload) is sent from CE1 toNodenode N1.</t> <t></li> <li> Node N1 steersthepacket P1 through the Policy P. Based onalocal configuration,Nodenode N1 also implements logic to sample traffic steered through policy P for hybrid OAM purposes. Specification for the sampling logic is beyond the scope of this document. Consider the case where packet P1 is classified as a packet to be monitored via the hybrid OAM. Node N1 sets the O-flag during the encapsulation required by policy P. As part of setting the O-flag, node N1 also sends a timestamped copy ofthepacket P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; NH=IPv4)(IPv4 header)(payload) to a local OAM process. The local OAM process sends a full or partial copy ofthepacket P1 to the controller N100. The OAM process includes the recorded timestamp, additional OAM informationlike(like incoming and outgoinginterface, etc. along withinterface), and any applicable metadata. Node N1 forwards the original packet towards the next segment 2001:db8:K:2:X31::.</t> <t></li> <li> When node N2 receives the packet with the O-flag set, it ignores the O-flag. This is because node N2 is not capable of processing the O-flag. Node N2 performs the standard SRv6 SID and SRH processing. <!-- [rfced] We added the citation "[RFC8986]" immediately after "End.X behavior" and removed "as described in [RFC8986]". We note that similar sentences do not include the citation. Please review and let us know if any further updates are needed. Original: Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID as described in<xref target="RFC8986"/>[RFC8986] and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards Node N3.</t> <t>WhenUpdated: Specifically, it executes the End.X behavior [RFC8986] indicated by the 2001:db8:K:2:X31:: SID and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards Node N3. --> Specifically, it executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID as described in <xref target="RFC8986" format="default"/> and forwards packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link3 towards node N3. </li> <li>When node N3, which is anon-SRv6 capablenon-SRv6-capable node, receivesthepacketP1 ,P1, it performs the standard IPv6 processing. Specifically, it forwardsthepacket P1 based on DA 2001:db8:K:4:X52:: in the IPv6 header.</t> <t>When</li> <li>When node N4 receivesthepacket P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload), it processes the O-flag. As part of processing the O-flag, it sends a timestamped copy of the packet to a local OAM process. Based onalocal configuration, the local OAM process sends a full or partial copy ofthepacket P1 to the controller N100. The OAM process includes the recorded timestamp, additional OAM informationlike(like incoming and outgoing interface,etc. along withetc.), and any applicable metadata. Node N4 performs the standard SRv6 SID and SRH processing on the original packet P1. Specifically, it executes the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forwardsthepacket P1 (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload) overlink 10link10 towardsNodenode N5.</t> <t>When</li> <li>When node N5, which is anon-SRv6 capablenon-SRv6-capable node, receivesthepacket P1, it performs the standard IPv6 processing. Specifically, it forwards the packet based on DA 2001:db8:K:7:DT999:: in the IPv6 header.</t> <t>When</li> <li>When node N7 receivesthepacket P1 (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload), it processes the O-flag. As part of processing the O-flag, it sends a timestamped copy of the packet to a local OAM process. The local OAM process sends a full or partial copy ofthepacket P1 to the controller N100. The OAM process includes the recorded timestamp, additional OAM informationlike(like incoming and outgoing interface,etc. along withetc.), and any applicable metadata. Node N7 performs the standard SRv6 SID and SRH processing on the original packet P1. Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT999:: SIDandand, based on lookup in table100100, forwardsthepacket P1 (IPv4 header)(payload) towardsCE 2. </t> <t>CE2. </li> <li> The controller N100 processes and correlates the copy of the packets sent from nodes N1,N4N4, and N7 to find segment-by-segment delays and provide other hybrid OAM information related to packet P1. <!-- [rfced] We updated "clock are synchronized time" to "clocks are synchronized" here. Please let us know if you prefer to revise this in a different way. Original: For segment-by-segment delay computation, it is assumed that clock are synchronized time across the SR domain.</t> <t>Updated: For segment-by-segment delay computation, it is assumed that clocks are synchronized across the SR domain. --> For segment-by-segment delay computation, it is assumed that clocks are synchronized time across the SR domain. </li> <li> The process continues for any other sampled packets.</t> </list> </t></li> </ul> </section> <!--end: O-flag --> <sectiontitle="Monitoringnumbered="true" toc="default"> <name>Monitoring of SRv6Paths">Paths</name> <!-- [rfced] In the first paragraph of Appendix A.4, we updated a couple instances of "the document" to "[RFC8403]" for clarity. We also combined the last two sentences in the paragraph. Please review to ensure that these updated accurately convey the intended meaning. --> <t> In the recent past, network operators demonstrated interest in performing network OAM functions in a centralized manner. <xreftarget='RFC8403'/>target="RFC8403" format="default"/> describes such a centralized OAM mechanism. Specifically,the document<xref target="RFC8403" format="default"/> describes a procedure that can be used to perform path continuitycheckchecks between any nodes within an SR domain from a centralized monitoring system. However,the documentwhile <xref target="RFC8403" format="default"/> focuses on SR networks with MPLS dataplane. Thisplane, this document describes how the concept can be used to perform path monitoring in an SRv6 network from a centralized controller. </t> <t> In the reference topology inFigure 1,<xref target="ref-top"/>, N100 uses an IGP protocol like OSPF or IS-IS to get a view of the topologyviewwithin the IGP domain. N100 can also use BGP-LS to get the complete view of an inter-domain topology. The controller leverages the visibility of the topology to monitor the paths between the various endpoints. </t> <t>The controller N100 advertises anENDEnd SID <xreftarget="RFC8986"/>target="RFC8986" format="default"/> 2001:db8:K:100:1::. To monitor any arbitrary SRv6 paths, the controller can create a loopback probe that originates and terminates onNodenode N100. To distinguish between a failure in the monitored path and loss of connectivity between the controller and the network,Nodenode N100 runs a suitable mechanism to monitor its connectivity to the monitored network. </t> <t> The following example illustrates loopback probesare exemplified using an example wherein which controller N100 needs to verify a segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>:<list style="symbols"> <t>N100</t> <ul spacing="normal"> <li>N100 generates an OAM packet (2001:db8:L:100::, 2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2)(OAM Payload). The controller routes the probe packet towards the first segment, which is 2001:db8:K:2:X31::.</t> <t>Node</li> <li>Node N2 executes the End.X behavior indicated by the 2001:db8:K:2:X31:: SID and forwards the packet (2001:db8:L:100::, 2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)(OAM Payload) on link3 to N3.</t> <t></li> <li> Node N3, which is anon-SRv6 capablenon-SRv6-capable node, performs the standard IPv6 processing. Specifically, it forwards the packet based ontheDA 2001:db8:K:4:X52:: in the IPv6 header.</t> <t>Node</li> <li>Node N4 executes the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forwards the packet (2001:db8:L:100::, 2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=0)(OAM Payload) on link10 to N5.</t> <t></li> <li> Node N5, which is anon-SRv6 capablenon-SRv6-capable node, performs the standard IPv6 processing. Specifically, it forwards the packet based ontheDA 2001:db8:K:100:1:: in the IPv6 header.</t> <t>Node</li> <li>Node N100 executes the standard SRv6 END behavior. It decapsulates the header andconsumeconsumes the probe for OAM processing. The information in the OAM payload is used to detectanymissing probes,round tripround-trip delay, etc.</t> </list> </t></li> </ul> <t> The OAM payload type or the information carried in the OAM probe is a local implementation decision at the controller and is outside the scope of this document. </t> </section> <!--end: Monitoring of SRv6 Paths --> </section> <!--end: Illustrations--> <section anchor="Acknowledgements"title="Acknowledgements">numbered="false" toc="default"> <name>Acknowledgements</name> <t> The authors would like to thankJoel<contact fullname="Joel M.Halpern, Greg Mirsky, Bob Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu SongHalpern"/>, <contact fullname="Greg Mirsky"/>, <contact fullname="Bob Hinden"/>, <contact fullname="Loa Andersson"/>, <contact fullname="Gaurav Naik"/>, <contact fullname="Ketan Talaulikar"/>, and <contact fullname="Haoyu Song"/> for their review comments. </t> </section> <section anchor="Contributors"title="Contributors">numbered="false" toc="default"> <name>Contributors</name> <t>The following peoplehavecontributed to this document:<figure> <artwork><![CDATA[ Robert Raszuk Bloomberg LP Email: robert@raszuk.net ]]> </artwork> </figure> <figure> <artwork><![CDATA[ John Leddy Individual Email: john@leddy.net ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Gaurav Dawra LinkedIn Email: gdawra.ietf@gmail.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Bart Peirens Proximus Email: bart.peirens@proximus.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Nagendra Kumar Cisco</t> <contact fullname="Robert Raszuk" > <organization>Bloomberg LP</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>robert@raszuk.net</email> </address> </contact> <contact fullname="John Leddy" > <organization>Individual</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>john@leddy.net</email> </address> </contact> <contact fullname="Gaurav Dawra" > <organization>LinkedIn</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>gdawra.ietf@gmail.com</email> </address> </contact> <contact fullname="Bart Peirens" > <organization>Proximus</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>bart.peirens@proximus.com</email> </address> </contact> <contact fullname="Nagendra Kumar" > <organization>Cisco Systems,Inc. Email: naikumar@cisco.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Carlos Pignataro CiscoInc.</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>naikumar@cisco.com</email> </address> </contact> <contact fullname="Carlos Pignataro" > <organization>Cisco Systems,Inc. Email: cpignata@cisco.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Rakesh Gandhi CiscoInc.</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>cpignata@cisco.com</email> </address> </contact> <contact fullname="Rakesh Gandhi" > <organization>Cisco Systems,Inc. Canada Email: rgandhi@cisco.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Frank Brockners CiscoInc.</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>rgandhi@cisco.com</email> </address> </contact> <contact fullname="Frank Brockners" > <organization>Cisco Systems,Inc. Germany Email: fbrockne@cisco.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Darren Dukes CiscoInc.</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>fbrockne@cisco.com</email> </address> </contact> <contact fullname="Darren Dukes" > <organization>Cisco Systems,Inc. Email: ddukes@cisco.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Cheng Li Huawei Email: chengli13@huawei.com ]]> </artwork> </figure> <figure> <artwork><![CDATA[ Faisal Iqbal Individual Email: faisal.ietf@gmail.com ]]> </artwork> </figure> </t>Inc.</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>ddukes@cisco.com</email> </address> </contact> <contact fullname="Cheng Li" > <organization>Huawei</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>chengli13@huawei.com</email> </address> </contact> <contact fullname="Faisal Iqbal" > <organization>Individual</organization> <address> <postal> <street></street> <city></city> <region></region><code></code> <country></country> </postal> <email>faisal.ietf@gmail.com</email> </address> </contact> </section> <!-- [rfced] XML Formatting a) In Section 2.1.1, updated <artwork> to <sourcecode type="pseudocode">. Please review and let us know any objections. b) Please review each <artwork> element in the xml file. Specifically, should any <artwork> element be tagged as <sourcecode> or another element? c) The <artwork> in Section 2.1.1 was too wide for the txt output, so we wrapped lines in the "Ref1" portion. Please review and let us know any objections. d) The <artwork> in Sections A.2.1 and A.2.2 were also too wide. Both had three extra spaces in the left margin in the XML, which we reduced as follows so that the figures fit. * Figure 3 - reduced left indent by 3 (no spaced in left indent) * Figure 4 - reduced left indent by 1 (still 2 spaces in left indent) --> <!-- [rfced] Abbreviations a) This document expands the acronym SRv6 as "Segment Routing with IPv6 data plane". However, we see that most published RFCs use the expansion "Segment Routing over IPv6 (SRv6)". See RFCs 8986, 8754, 8402, and 8354. May we update the expansion in this document accordingly? Note that this update would affect the document title. Also note that we will add this expansion in the abstract (as our policy is to expand the first instance of an acronym in the text) and update the expansion in Sections 1 and 1.2. Current title: Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 Data Plane (SRv6) Perhaps: Operations, Administration, and Maintenance (OAM) in Segment Routing over IPv6 (SRv6) b) Would it be helpful to add a citation to RFC 8402 for this entry in Section 1.2 ("Abbreviations")? We ask because we see RFC 8402 cited for SRv6 in the Introduction. Original: SRv6: Segment Routing with IPv6 Data plane. Perhaps: SRv6: Segment Routing with IPv6 Data plane [RFC8402] c) FYI: We updated these entries in Section 1.2 ("Abbreviations") as follows: Original: ICMPv6: ICMPv6 Specification [RFC4443]. PSP: Penultimate Segment Pop of the SRH [RFC8986]. USP: Ultimate Segment Pop of the SRH [RFC8986]. BGP-LS: Border Gateway Protocol - Link State Extensions [RFC8571] Updated: ICMPv6: Internet Control Message Protocol for the Internet Protocol version 6 [RFC4443] PSP: Penultimate Segment Pop [RFC8986] USP: Ultimate Segment Pop [RFC8986] BGP-LS: Border Gateway Protocol - Link State [RFC8571] --> <!-- [rfced] Terminology a) We see an instance esch of "link 3" and "link 10" (with space after "link"); we updated these to "link3" and "link10" (no space), respectively, to match the usage in Figure 1 and elsewhere in the document. However, please confirm that you prefer no space in these. b) We see instances of "node Nx" as well as simply "Nx" (e.g., "node N1" and "N1"). See example below. Are any changes needed for consistency, or is this okay as is? Example of "node Nx": This is because node N2 is not capable of processing the O-flag. Node N2 performs the standard SRv6 SID and SRH processing. Example of "Nx" (no "node" before): N1, N4, and N7 are capable of processing O-flag but N2 is not capable of processing O-flag. c) We note inconsistencies in the terms below throughout the text. Should these be uniform? If so, please let us know which form is preferred. SR policy vs. SR Policy Note: RFCs 8754 and 8986 use "SR Policy". policy P vs. Policy P upper-layer header vs. Upper-Layer Header Note: We hyphenated a few instances of "upper layer header". d) We also note inconsistencies in the terms listed below. We chose the form on the right. Please let us know any objections. "Flags" field vs. Flags field segment-list vs. segment list Note: We do not see the hyphenated form used in past RFCs. Node N5 vs. node N5 (and other nodes as well) Note: The lowercase "node" is more common in this document. IPv6 Address vs. IPv6 address e) FYI: We updated "END SID" to "End SID" per RFC 8986. f) FYI: We updated "marking-bit" to "marking bit" (no hyphen). --> <!-- [rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. --> </back> </rfc>