rfc9259xml2.original.xml   rfc9259.xml 
<?xml version="1.0" encoding="US-ASCII"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd"> <!DOCTYPE rfc [
<?rfc toc="yes"?> <!ENTITY nbsp "&#160;">
<?rfc tocompact="yes"?> <!ENTITY zwsp "&#8203;">
<?rfc tocdepth="3"?> <!ENTITY nbhy "&#8209;">
<?rfc tocindent="yes"?> <!ENTITY wj "&#8288;">
<?rfc symrefs="yes"?> ]>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-6man-spring-
<?rfc inline="yes"?> srv6-oam-13" number="9259" ipr="trust200902" obsoletes="" updates="" submissionT
<?rfc compact="yes"?> ype="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDe
<?rfc subcompact="no"?> pth="3" symRefs="true" sortRefs="true" version="3">
<rfc category="std" docName="draft-ietf-6man-spring-srv6-oam-13"
ipr="trust200902"> <!-- [rfced] FYI: We updated "Mach Chen" to "Mach(Guoyi) Chen" in the Authors'
Addresses section as this preference has been communicated to us in the
past.
-->
<!-- xml2rfc v2v3 conversion 3.12.2 -->
<front> <front>
<title abbrev="SRv6 OAM">Operations, Administration, and Maintenance (OAM) i n Segment <title abbrev="SRv6 OAM">Operations, Administration, and Maintenance (OAM) i n Segment
Routing Networks with IPv6 Data plane (SRv6)</title> Routing Networks with IPv6 Data Plane (SRv6)</title>
<seriesInfo name="RFC" value="9259"/>
<author fullname="Zafar Ali" initials="Z" surname="Ali"> <author fullname="Zafar Ali" initials="Z" surname="Ali">
<organization>Cisco Systems</organization> <organization>Cisco Systems</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city/> <city/>
<code/> <code/>
<country/> <country/>
</postal> </postal>
<email>zali@cisco.com</email> <email>zali@cisco.com</email>
</address> </address>
</author> </author>
<author fullname="Clarence Filsfils" initials="C." surname="Filsfils"> <author fullname="Clarence Filsfils" initials="C." surname="Filsfils">
<organization>Cisco Systems</organization> <organization>Cisco Systems</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city/> <city/>
<code/> <code/>
<country/> <country/>
</postal> </postal>
<email>cfilsfil@cisco.com</email> <email>cfilsfil@cisco.com</email>
</address> </address>
</author> </author>
<author fullname="Satoru Matsushima" initials="S" surname="Matsushima"> <author fullname="Satoru Matsushima" initials="S" surname="Matsushima">
<organization>Softbank</organization> <organization>Softbank</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city/> <city/>
<code/> <code/>
<country/> <country/>
</postal> </postal>
<email>satoru.matsushima@g.softbank.co.jp</email> <email>satoru.matsushima@g.softbank.co.jp</email>
</address> </address>
</author> </author>
<author fullname="Daniel Voyer" initials="D" surname="Voyer"> <author fullname="Daniel Voyer" initials="D" surname="Voyer">
<organization>Bell Canada</organization> <organization>Bell Canada</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city/> <city/>
<code/> <code/>
<country/> <country/>
</postal> </postal>
<email>daniel.voyer@bell.ca</email> <email>daniel.voyer@bell.ca</email>
</address> </address>
</author> </author>
<author fullname="Mach(Guoyi) Chen" initials="M" surname="Chen">
<author fullname="Mach Chen" initials="M" surname="Chen">
<organization>Huawei</organization> <organization>Huawei</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city/> <city/>
<code/> <code/>
<country/> <country/>
</postal> </postal>
<email>mach.chen@huawei.com</email> <email>mach.chen@huawei.com</email>
</address> </address>
</author> </author>
<date year="2022" month="May" />
<date year="2022"/> <area>int</area>
<area>Routing</area>
<workgroup>6man</workgroup> <workgroup>6man</workgroup>
<keyword>SRv6</keyword> <keyword>SRv6</keyword>
<keyword>Segment Routing</keyword> <keyword>Segment Routing</keyword>
<keyword>OAM</keyword> <keyword>OAM</keyword>
<abstract> <abstract>
<t>This document describes how the existing IPv6 mechanisms for ping <t>This document describes how the existing IPv6 mechanisms for ping
and traceroute can be used in an SRv6 network. and traceroute can be used in an SRv6 network.
The document also specifies the OAM flag in the Segment Routing Header (SR H) The document also specifies the OAM flag (O-flag) in the Segment Routing H eader (SRH)
for performing controllable and predictable flow sampling from segment end points. for performing controllable and predictable flow sampling from segment end points.
In addition, the document describes how a centralized monitoring system pe rforms a In addition, the document describes how a centralized monitoring system pe rforms a
path continuity check between any nodes within an SRv6 domain. path continuity check between any nodes within an SRv6 domain.
</t> </t>
</abstract> </abstract>
</front> </front>
<middle>
<middle> <section numbered="true" toc="default">
<name>Introduction</name>
<section title="Introduction"> <t>
As Segment Routing with IPv6 data plane (SRv6) <xref target="RFC8402" format=
<t> "default"/>
As Segment Routing with IPv6 data plane (SRv6) <xref target="RFC8402"/>
simply adds a new type simply adds a new type
of Routing Extension Header, existing IPv6 OAM mechanisms can be used of Routing Extension Header, existing IPv6 OAM mechanisms can be used
in an SRv6 network. This document describes how the existing in an SRv6 network. This document describes how the existing
IPv6 mechanisms for ping and traceroute can be used in an SRv6 network. IPv6 mechanisms for ping and traceroute can be used in an SRv6 network.
This includes illustrations of pinging an SRv6 SID to This includes illustrations of pinging an SRv6 Segment Identifier (SID) to
verify that the SID is reachable and is locally programmed at the target node . verify that the SID is reachable and is locally programmed at the target node .
This also includes illustrations for This also includes illustrations for
tracerouting to an SRv6 SID for hop-by-hop tracerouting to an SRv6 SID for hop-by-hop
fault localization as well as path tracing to a SID. fault localization as well as path tracing to a SID.
</t> </t>
<t>
<!-- [rfced] For readability, we suggest the following update:
<t> Original:
The document also introduces enhancements for the OAM The document also introduces enhancements for the OAM mechanism for
SRv6 networks for performing controllable and predictable flow
sampling from segment endpoints using, e.g., IP Flow Information
Export (IPFIX) protocol [RFC7011].
Perhaps:
This document also introduces enhancements for the OAM mechanism for
SRv6 networks that allow controllable and predictable flow
sampling from segment endpoints using, e.g., the IP Flow Information
Export (IPFIX) protocol [RFC7011].
-->
This document also introduces enhancements for the OAM
mechanism for SRv6 networks for mechanism for SRv6 networks for
performing controllable and predictable flow sampling from segment performing controllable and predictable flow sampling from segment
endpoints using, e.g., IP Flow Information Export (IPFIX) protocol endpoints using, e.g., the IP Flow Information Export (IPFIX) protocol
<xref target="RFC7011"/>. Specifically, the document specifies the <xref target="RFC7011" format="default"/>. Specifically, the document specifi
O-flag in SRH as a marking-bit in the user packets to es the
trigger the telemetry data collection and export at the segment OAM flag (O-flag) in the SRH as a marking bit in the user packets to
trigger telemetry data collection and export at the segment
endpoints. endpoints.
</t> </t>
<t>
<t> This document also outlines how the centralized OAM technique in
The document also outlines how the centralized OAM technique in <xref target="RFC8403" format="default"/> can be extended for SRv6 to perform
<xref target="RFC8403"/> can be extended for SRv6 to perform a path continuit a path continuity check between
y check between
any nodes within an SRv6 domain. any nodes within an SRv6 domain.
Specifically, the document illustrates how a centralized monitoring system ca n Specifically, the document illustrates how a centralized monitoring system ca n
monitor arbitrary SRv6 paths by monitor arbitrary SRv6 paths by
creating the loopback probes that creating loopback probes that
originate and terminate at the centralized monitoring system. originate and terminate at the centralized monitoring system.
</t> </t>
<section numbered="true" toc="default">
<section title="Requirements Language"> <name>Requirements Language</name>
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", <t>
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTION The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
AL" IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
in this document are to be interpreted as described in NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
BCP 14 <xref target="RFC2119" /> <xref target="RFC8174"/> when, RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
and only when, they appear in all capitals, as shown here.</t> "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
</section> be interpreted as
described in BCP&nbsp;14 <xref target="RFC2119"/> <xref target="RFC8174"/>
<section title="Abbreviations"> when, and only when, they appear in all capitals, as shown here.
</t>
<t> The following abbreviations are used in this document:
<list style="hanging">
<t> SID: Segment ID.
</t>
<t> SL: Segments Left.
</t>
<t> SR: Segment Routing.
</t>
<t> SRH: Segment Routing Header <xref target="RFC8754"/>.
</t>
<t> SRv6: Segment Routing with IPv6 Data plane.
</t>
<t> PSP: Penultimate Segment Pop of the SRH <xref target="RFC8986"/>
.
</t>
<t> USP: Ultimate Segment Pop of the SRH <xref target="RFC8986"/>.
</t>
<t> ICMPv6: ICMPv6 Specification <xref target="RFC4443"/>.
</t>
<t> IS-IS: Intermediate System to Intermediate System
</t>
<t> OSPF: Open Shortest Path First protocol <xref target="RFC2328"/>
</t>
<t> IGP: Interior Gateway Protocols (e.g., OSPF, IS-IS).
</t>
<t> BGP-LS: Border Gateway Protocol - Link State Extensions <xref tar
get="RFC8571"/>
</t>
</list></t>
</section>
<section title="Terminology and Reference Topology">
<t> Throughout the document, the following terminology and
simple topology is used for illustration. </t>
<figure> <artwork><![CDATA[
+--------------------------| N100 |---------------------------------+
| |
| ====== link1====== link3------ link5====== link9------ ====== |
||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7||
|| ||------|| ||------| |------|| ||------| |---|| ||
====== link2====== link4------ link6======link10------ ======
| | | |
---+-- | ------ | --+---
|CE 1| +-------| N6 |---------+ |CE 2|
------ link7 | | link8 ------
------
Figure 1 Reference Topology
]]>
</artwork> </figure>
<t> In the reference topology:
<list style="empty">
<t> Node j has a IPv6 loopback address 2001:db8:L:j::/128.
</t>
<t> Nodes N1, N2, N4 and N7 are SRv6-capable nodes.
</t>
<t> Nodes N3, N5 and N6 are IPv6 nodes that are not SRv6-capable.
Such nodes are referred as non-SRv6 capable nodes.
</t>
<t> CE1 and CE2 are Customer Edge devices of any data pla
ne
capability (e.g., IPv4, IPv6, L2, etc.).
</t>
<t> A SID at node j with locator block 2001:db8:K::/48 and function </section>
U is represented <section numbered="true" toc="default">
<name>Abbreviations</name>
<t> The following abbreviations are used in this document:
</t>
<dl newline="false" spacing="normal">
<dt>SID:</dt>
<dd>Segment Identifier
</dd>
<dt>SL:</dt>
<dd>Segments Left
</dd>
<dt>SR:</dt>
<dd>Segment Routing
</dd>
<dt>SRH:</dt>
<dd>Segment Routing Header <xref target="RFC8754" format="default"/>
</dd>
<dt>SRv6:</dt>
<dd>Segment Routing with IPv6 data plane
</dd>
<dt>PSP:</dt>
<dd>Penultimate Segment Pop <xref target="RFC8986" format="default"/>
</dd>
<dt>USP:</dt>
<dd>Ultimate Segment Pop <xref target="RFC8986" format="default"/>
</dd>
<dt>ICMPv6:</dt>
<dd>Internet Control Message Protocol for the Internet Protocol versio
n 6 <xref target="RFC4443" format="default"/>
</dd>
<dt>IS-IS:</dt>
<dd>Intermediate System to Intermediate System
</dd>
<dt>OSPF:</dt>
<dd>Open Shortest Path First <xref target="RFC2328" format="default"/>
</dd>
<dt>IGP:</dt>
<dd>Interior Gateway Protocol (e.g., OSPF and IS-IS)
</dd>
<dt>BGP-LS:</dt>
<dd>Border Gateway Protocol - Link State <xref target="RFC8571" format
="default"/>
</dd>
</dl>
</section>
<section numbered="true" toc="default">
<name>Terminology and Reference Topology</name>
<t>The terminology and
simple topology in this section are used for illustration throughout the do
cument. </t>
<figure anchor="ref-top">
<name>Reference Topology</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
+--------------------------| N100 |---------------------------------+
| |
| ====== link1====== link3------ link5====== link9------ ====== |
||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7||
|| ||------|| ||------| |------|| ||------| |---|| ||
====== link2====== link4------ link6======link10------ ======
| | | |
---+-- | ------ | --+---
|CE1 | +-------| N6 |---------+ |CE2 |
------ link7 | | link8 ------
------
]]></artwork>
</figure>
<!-- [rfced] The text below Figure 1 mentions "node j" and "node i", but we do
not see these in the reference topology in Figure 1. Are any updates
needed?
-->
<t> In the reference topology:
</t>
<ul spacing="normal">
<li> Node j has an IPv6 loopback address 2001:db8:L:j::/128.
</li>
<li> Nodes N1, N2, N4, and N7 are SRv6-capable nodes.
</li>
<li> Nodes N3, N5, and N6 are IPv6 nodes that are not SRv6-capable nod
es.
Such nodes are referred to as "non-SRv6-capable nodes".
</li>
<li> CE1 and CE2 are Customer Edge devices of any data plane
capability (e.g., IPv4, IPv6, and L2).
</li>
<li> A SID at node j with locator block 2001:db8:K::/48 and function U
is represented
by 2001:db8:K:j:U::. by 2001:db8:K:j:U::.
</t> </li>
<li> Node N100 is a controller.
</li>
<!-- [rfced] Is "at N3" and "at node N3" needed in these sentences? We ask
because both sentences also include a parenthetic specifiying the
location: "(the 2nd link between N3 and N4)" and "(the 1st link between
N3 and N4)".
<t> Node N100 is a controller. Original:
</t> The IPv6 address of the nth Link between node i and j at the i
side is represented as 2001:db8:i:j:in::, e.g., the IPv6 address
of link6 (the 2nd link between N3 and N4) at N3 in Figure 1 is
2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the 1st
link between N3 and N4) at node N3 is 2001:db8:3:4:31::.
<t> The IPv6 address of the nth Link between node i and j at the i si Perhaps:
de * The IPv6 address of the nth link between node i and j at the i
is represented as 2001:db8:i:j:in::, e.g., the IPv6 address of link6 side is represented as 2001:db8:i:j:in::. For example, in Figure 1, the
(the 2nd link between N3 and N4) at N3 in Figure 1 is IPv6 address of link6 (the second link between N3 and N4) is
2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the 1st 2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the first
link between N3 and N4) is 2001:db8:3:4:31::.
-->
<li> The IPv6 address of the nth link between node i and j at the i s
ide
is represented as 2001:db8:i:j:in::. For example, in <xref target="ref-top"
/>, the IPv6 address of link6
(the second link between N3 and N4) at N3 is
2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the first
link between N3 and N4) at node N3 is 2001:db8:3:4:31::. link between N3 and N4) at node N3 is 2001:db8:3:4:31::.
</t> </li>
<li> 2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID
<t> 2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID
at node j at node j
towards neighbor node i via nth Link between node i and node j. towards neighbor node i via the nth link between node i and node j.
e.g., 2001:db8:K:2:X31:: represents End.X at N2 towards N3 via link3 (the 1 For example, 2001:db8:K:2:X31:: represents End.X at N2 towards N3 via link3
st (the first
link between N2 and N3). Similarly, 2001:db8:K:4:X52:: represents the End.X at link between N2 and N3). Similarly, 2001:db8:K:4:X52:: represents the End.X at
N4 towards N5 via link10 (the 2nd N4 towards N5 via link10 (the second
link between N4 and N5). Please refer to <xref target="RFC8986"/> for link between N4 and N5). Please refer to <xref target="RFC8986" format="def
description of End.X SID. ault"/> for
</t> a description of End.X SID.
</li>
<t> A SID list is represented as &lt;S1, S2, S3&gt; where <li> A SID list is represented as &lt;S1, S2, S3&gt;, where
S1 is the first SID S1 is the first SID
to visit, S2 is the second SID to visit and S3 is the last SID to to visit, S2 is the second SID to visit, and S3 is the last SID to
visit along the SR path. visit along the SR path.
</t> </li>
<li>
<t> (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with
:
<t> (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with: </t>
<!-- [rfced] Is "destination addresses" (plural) correct here? Or should this
be "destination address" (singular)?
<list style="symbols"> Original:
* IPv6 header with source address SA, destination addresses DA
and SRH as next-header
-->
<!-- [rfced] FYI: We removed the bullet from the text starting with "Note
the..." so that this paragraph appears as the second paragraph of the
preceding bullet. This corresponds with the structure of a similar list
in Section 2 of RFC 8986. Please let us know any objections.
<t> IPv6 header with source address SA, destination addresses DA and Original:
SRH as next-header (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with:
</t>
<t> SRH with SID list &lt;S1, S2, S3&gt; with SegmentsLeft = SL * IPv6 header with source address SA, destination addresses DA
</t> and SRH as next-header
<t> Note the difference between the &lt; &gt; and () symbols: * SRH with SID list <S1, S2, S3> with SegmentsLeft = SL
* Note the difference between the < > and () symbols: <S1, S2,
S3> represents a SID list where S1 is the first SID and S3 is
the last SID to traverse. (S3, S2, S1; SL) represents the same
SID list but encoded in the SRH format where the rightmost SID
in the SRH is the first SID and the leftmost SID in the SRH is
the last SID. When referring to an SR policy in a high-level
use-case, it is simpler to use the <S1, S2, S3> notation. When
referring to an illustration of the detailed packet behavior,
the (S3, S2, S1; SL) notation is more convenient.
* (payload) represents the payload of the packet.
-->
<ul spacing="normal">
<li> IPv6 header with source address SA, destination addresses DA,
and
SRH as the next header
</li>
<li><t>SRH with SID list &lt;S1, S2, S3&gt; with SegmentsLeft = SL
</t>
<t> Note the difference between the &lt; &gt; and () symbols:
&lt;S1, S2, S3&gt; &lt;S1, S2, S3&gt;
represents a SID list where S1 is the first SID and S3 is the last represents a SID list where S1 is the first SID and S3 is the last
SID to traverse. (S3, S2, S1; SL) represents the same SID list but SID to traverse. (S3, S2, S1; SL) represents the same SID list but
encoded in the SRH format where the rightmost SID in the SRH is the encoded in the SRH format where the rightmost SID in the SRH is the
first SID and the leftmost SID in the SRH is the last SID. When first SID and the leftmost SID in the SRH is the last SID. When
referring to an SR policy in a high-level use-case, it is simpler referring to an SR policy in a high-level use case, it is simpler
to use the &lt;S1, S2, S3&gt; notation. When referring to an to use the &lt;S1, S2, S3&gt; notation. When referring to an
illustration of the detailed packet behavior, the (S3, S2, S1; SL) illustration of the detailed packet behavior, the (S3, S2, S1; SL)
notation is more convenient. notation is more convenient.</t>
</t> </li>
<li> (payload) represents the payload of the packet.
<t> (payload) represents the the payload of the packet. </li>
</t> </ul>
</li>
</list></t> </ul>
</section>
</list></t>
</section> </section>
<!--end: Introduction -->
</section> <!--end: Introduction --> <section numbered="true" toc="default">
<name>OAM Mechanisms</name>
<section title="OAM Mechanisms"> <t>This section defines OAM enhancements for SRv6 networks.
<t>This section defines OAM enhancement for the SRv6 networks.
</t> </t>
<section numbered="true" toc="default">
<section title="O-flag in Segment Routing Header"> <name>OAM Flag in the Segment Routing Header</name>
<t><xref target="RFC8754" format="default"/> describes the Segment
<t><xref target="RFC8754"/> describes the Segment Routing Header (SRH) and how SR-capable nodes use it. The SRH
Routing Header (SRH) and how SR capable nodes use it. The SRH contains an 8-bit Flags field. </t>
contains an 8-bit "Flags" field. </t> <t> This document defines the following bit in the
<t> This document defines the following bit in the
SRH Flags field to carry the O-flag: </t> SRH Flags field to carry the O-flag: </t>
<artwork name="" type="" align="left" alt=""><![CDATA[
<figure> <artwork><![CDATA[
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| |O| | | |O| |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
]]> ]]></artwork>
</artwork> </figure> <t> Where:
<t> Where:
<list style="hanging">
<t> O-flag: OAM flag in the SRH Flags field defined in <xref target=
"RFC8754"/>.
</t>
</list> </t>
<dl newline="false" spacing="normal">
<dt>O-flag:</dt>
<dd>OAM flag in the SRH Flags field defined in <xref target="RFC8754"
format="default"/>.
</dd>
</dl>
<section anchor="oflag-proc" numbered="true" toc="default">
<name>OAM Flag Processing</name>
<t> The O-flag in the SRH is used as a marking bit in user packets to
trigger
telemetry data collection and export at the segment endpoints.
</t> </t>
<t> An SR domain ingress edge node encapsulates packets traversing the
<section title="O-flag Processing"> SR
domain as defined in <xref target="RFC8754" format="default"/>. The SR domai
<t> The O-flag in SRH is used as a marking-bit in the user packets to tri n ingress edge node
gger <bcp14>MAY</bcp14> use the O-flag in the SRH for marking the packet to trigg
the telemetry data collection and export at the segment endpoints. er
</t>
<t> An SR domain ingress edge node encapsulates packets traversing the SR
domain as defined in <xref target="RFC8754"/>. The SR domain ingress edge no
de
MAY use the O-flag in SRH for marking the packet to trigger
the telemetry data collection and export at the segment endpoints. the telemetry data collection and export at the segment endpoints.
Based on a local configuration, the SR domain ingress edge node Based on local configuration, the SR domain ingress edge node
may implement a classification and sampling mechanism to mark a packet wi may implement a classification and sampling mechanism to mark a packet wi
th the O-flag in SRH. th the O-flag in the SRH.
Specification of the classification and sampling method is outside the sc ope of this Specification of the classification and sampling method is outside the sc ope of this
document. document.
</t> </t>
<!-- [rfced] Please confirm that RFC 7012 is the correct citation here. We
believe that it is but would like confirmation as we see "template" in
RFC 7012 but not "data set".
<t> Original:
Similarly, without the loss
of generality, this document assumes requested information elements
are configured by the management plane through data set templates
(e.g., as in IPFIX [RFC7012]).
...
Based on the requested information elements configured by the
management plane through data set templates [RFC7012], the OAM
process exports the requested information elements.
-->
<t>
This document does not specify the data elements that need to be exported This document does not specify the data elements that need to be exported
and the associated configurations. and the associated configurations.
Similarly, this document does not define any formats for exporting the da ta Similarly, this document does not define any formats for exporting the da ta
elements. elements.
Nonetheless, without the loss of generality, this document assumes Nonetheless, without the loss of generality, this document assumes that t
IP Flow Information Export (IPFIX) protocol <xref target="RFC7011"/> is u he
sed for exporting IP Flow Information Export (IPFIX) protocol <xref target="RFC7011" format
="default"/> is used for exporting
the traffic flow information from the network devices to a controller for the traffic flow information from the network devices to a controller for
monitoring and analytics. monitoring and analytics.
Similarly, without the loss of generality, this document assumes requeste d information Similarly, without the loss of generality, this document assumes that req uested information
elements are configured elements are configured
by the management plane through data set templates (e.g., as in IPFIX by the management plane through data set templates (e.g., as in IPFIX
<xref target="RFC7012"/>). <xref target="RFC7012" format="default"/>).
</t> </t>
<t>Implementation of the O-flag is <bcp14>OPTIONAL</bcp14>. If a node
<t>Implementation of the O-flag is OPTIONAL. If a node does not support th does not support the
e O-flag, then it simply ignores it upon reception. If a node supports
O-flag, then upon reception it simply ignores it. If a node supports
the O-flag, it can optionally advertise its potential via the O-flag, it can optionally advertise its potential via
control plane protocol(s). control plane protocol(s).
</t> </t>
<t> When N receives a packet destined to S and S is a local SID, <!-- [rfced] May we update this sentence as follows for readability?
the line S01 of the pseudo-code associated with the SID S, as defined
in section 4.3.1.1 of <xref target="RFC8754"/>,
is appended to as follows for the O-flag processing.
</t>
<figure> <artwork><![CDATA[ Original:
S01.1. IF O-flag is set and local configuration permits When N receives a packet destined to S and S is a local SID, the line
S01 of the pseudo-code associated with the SID S, as defined in
section 4.3.1.1 of [RFC8754], is appended to as follows for the
O-flag processing.
Perhaps:
For O-flag processing, the following is appended to line S01 of the
pseudocode associated with the SID S (as defined in Section 4.3.1.1 of
[RFC8754]) when N receives a packet destined to S and S is a local SID.
-->
<t> When N receives a packet destined to S and S is a local SID,
line S01 of the pseudocode associated with the SID S (as defined
in <xref target="RFC8754" sectionFormat="of" section="4.3.1.1" format="default"/
>)
is appended to as follows for O-flag processing.
</t>
<sourcecode type="pseudocode"><![CDATA[
S01.1. IF the O-flag is set and local configuration permits
O-flag processing { O-flag processing {
a. Make a copy of the packet. a. Make a copy of the packet.
b. Send the copied packet, along with a timestamp b. Send the copied packet, along with a timestamp,
to the OAM process for telemetry data collection to the OAM process for telemetry data collection
and export. ;; Ref1 and export. ;; Ref1
} }
Ref1: To provide an accurate timestamp, an implementation should copy Ref1: To provide an accurate timestamp, an implementation should
and record the timestamp as soon as possible during packet processing. copy and record the timestamp as soon as possible during packet
Timestamp and any other metadata is not carried in the packet forwarded to th processing. Timestamp and any other metadata are not carried in
e next hop. the packet forwarded to the next hop.
]]> ]]></sourcecode>
</artwork> </figure> <t> Please note that the O-flag processing happens before execution of
regular
<t> Please note that the O-flag processing happens before execution of re processing of the local SID S. Specifically, line S01.1 of the pseudocode
gular specified in this document is inserted between lines S01
processing of the local SID S. Specifically, the line S01.1 of the pseudo and S02 of the pseudocode defined in <xref target="RFC8754" sectionFormat="o
-code f" section="4.3.1.1" format="default"/>.
specified in this document is inserted between line S01 </t>
and S02 of the pseudo-code defined in section 4.3.1.1 of <xref target="RFC87 <t>
54"/>.
</t>
<t>
Based on the Based on the
requested information elements configured requested information elements configured
by the management plane through data set templates <xref target="RFC7012"/ >, by the management plane through data set templates <xref target="RFC7012" format="default"/>,
the OAM process exports the requested information elements. the OAM process exports the requested information elements.
The information elements include parts of the packet header and/or parts of The information elements include parts of the packet header and/or parts of
the packet payload for flow identification. the packet payload for flow identification.
The OAM process uses information elements defined in The OAM process uses information elements defined in
IPFIX <xref target="RFC7011"/> and PSAMP <xref target="RFC5476"/> for exporti ng the requested sections IPFIX <xref target="RFC7011" format="default"/> and Packet Sampling (PSAMP) < xref target="RFC5476" format="default"/> for exporting the requested sections
of the mirrored packets. of the mirrored packets.
</t> </t>
<t>
<t>
If the penultimate segment of a segment-list is a Penultimate Segment Pop (P SP) SID, If the penultimate segment of a segment list is a PSP SID,
telemetry data from the ultimate segment cannot be requested. This is becaus e, telemetry data from the ultimate segment cannot be requested. This is becaus e,
when the penultimate segment is a PSP SID, when the penultimate segment is a PSP SID,
the SRH is removed at the penultimate segment and the O-flag is the SRH is removed at the penultimate segment, and the O-flag is
not processed at the ultimate segment. not processed at the ultimate segment.
</t> </t>
<t>
<t> The processing node <bcp14>MUST</bcp14>
The processing node MUST
rate-limit the number of packets punted to the OAM process rate-limit the number of packets punted to the OAM process
to a configurable rate. to a configurable rate.
This is to avoid hitting any performance impact on the OAM and This is to avoid hitting any performance impact on the OAM and
the telemetry collection processes. Failure in implementing the rate telemetry collection processes. Failure to implement the rate
limit can lead to a denial-of-service attack, as detailed in section 4. limit can lead to a denial-of-service attack, as detailed in <xref target=
"Security" format="default"/>.
</t>
<t> </t>
The OAM process MUST NOT process the copy of the packet or respond <t>
The OAM process <bcp14>MUST NOT</bcp14> process the copy of the packet or r
espond
to any upper-layer header to any upper-layer header
(like ICMP, UDP, (like ICMP, UDP,
etc.) payload to prevent multiple evaluations of the datagram. etc.) payload to prevent multiple evaluations of the datagram.
</t> </t>
<t>
<t>
The OAM process is expected to be located on the routing node processing t he packet. The OAM process is expected to be located on the routing node processing t he packet.
Although the specification of the OAM process or the external controller Although the specification of the OAM process or the external controller
operations are beyond the scope of this document, the OAM process SHOULD N OT be operations are beyond the scope of this document, the OAM process <bcp14>S HOULD NOT</bcp14> be
topologically distant from the routing node, as this is likely to create s ignificant security topologically distant from the routing node, as this is likely to create s ignificant security
and congestion issues. and congestion issues.
How to correlate the data collected from different nodes at an How to correlate the data collected from different nodes at an
external controller is also outside the scope of the document. external controller is also outside the scope of this document.
Appendix A illustrates use of the O-flag for implementing <xref target="app-illustrations" /> illustrates use of the O-flag for impl
ementing
a hybrid OAM mechanism, where the "hybrid" classification a hybrid OAM mechanism, where the "hybrid" classification
is based on RFC7799 <xref target="RFC7799"/>. is based on <xref target="RFC7799" format="default"/>.
</t>
</section> <!--end: O-flag Processing -->
</section> <!--end: O-flag -->
<section title="OAM Operations"> </t>
</section>
<!--end: O-flag Processing -->
</section>
<!--end: O-flag -->
<t> IPv6 OAM operations can be performed for any SRv6 SID whose behavior <section numbered="true" toc="default">
allows Upper Layer Header processing for an applicable OAM payload <name>OAM Operations</name>
<t> IPv6 OAM operations can be performed for any SRv6 SID whose behavior
allows Upper-Layer Header processing for an applicable OAM payload
(e.g., ICMP, UDP). (e.g., ICMP, UDP).
</t> </t>
<!-- [rfced] How may we clarify "other IPv6 OAM probing to an SRv6 SID" here?
Perhaps "other mechanisms that use OAM probing of SRv6 SIDs" or something
similar?
Original:
Although this document only illustrates ICMPv6 ping and UDP based
traceroute to an SRv6 SID, the procedures are equally applicable to
other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding
Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe
message processing [I-D.gandhi-spring-stamp-srpm], etc.).
-->
<t> Ping to an SRv6 SID is used to verify <t> Ping to an SRv6 SID is used to verify
that the SID is reachable and is locally programmed at the target node. that the SID is reachable and is locally programmed at the target node.
Traceroute to a SID is used for hop-by-hop Traceroute to a SID is used for hop-by-hop
fault localization as well as path tracing to a SID. Appendix A fault localization as well as path tracing to a SID. <xref target="app-illus
illustrates the ICMPv6 based ping and the UDP based traceroute mechanisms trations" />
illustrates the ICMPv6-based ping and UDP-based traceroute mechanisms
for ping and traceroute to an SRv6 SID. Although this document only for ping and traceroute to an SRv6 SID. Although this document only
illustrates ICMPv6 ping and UDP based traceroute to an SRv6 SID, the procedur es are illustrates ICMPv6-based ping and UDP-based traceroute to an SRv6 SID, the pr ocedures are
equally applicable to other IPv6 OAM probing to an SRv6 SID equally applicable to other IPv6 OAM probing to an SRv6 SID
(e.g., Bidirectional Forwarding Detection (BFD) <xref target="RFC5880"/>, (e.g., Bidirectional Forwarding Detection (BFD) <xref target="RFC5880" format
Seamless BFD (SBFD) <xref target="RFC7880"/>, STAMP probe message processing ="default"/>,
[I-D.gandhi-spring-stamp-srpm], etc.). Seamless BFD (S-BFD) <xref target="RFC7880" format="default"/>, and Simple Two-w
ay Active Measurement Protocol (STAMP) probe message processing
<xref target="I-D.ietf-spring-stamp-srpm" format="default"/>).
Specifically, as Specifically, as
long as local configuration allows the Upper-layer Header processing of long as local configuration allows the Upper-layer Header processing of
the applicable OAM payload for SRv6 SIDs, the existing IPv6 OAM the applicable OAM payload for SRv6 SIDs, the existing IPv6 OAM
techniques can be used to target a probe to a (remote) SID. techniques can be used to target a probe to a (remote) SID.
</t> </t>
<t> IPv6 OAM operations can be performed with the target SID in the IPv6
<t> IPv6 OAM operations can be performed with the target SID in the IPv6 destination address without an SRH or with an SRH where the target SID is the la
destination address without SRH or with SRH where the target SID is the last seg st segment.
ment.
In general, OAM operations to a target SID may not exercise all of its In general, OAM operations to a target SID may not exercise all of its
processing depending on its behavior definition. processing depending on its behavior definition.
For example, ping to an End.X SID <xref target="RFC8986"/> For example, ping to an End.X SID <xref target="RFC8986" format="default"/>
only validates the SID is locally programmed at the target node only validates the SID is locally programmed at the target node
and does not validate switching to the and does not validate switching to the
correct outgoing interface. correct outgoing interface.
To exercise the behavior To exercise the behavior
of a target SID, the OAM operation should construct the probe in a manner of a target SID, the OAM operation should construct the probe in a manner
similar to a data packet that exercises the SID behavior, i.e. to include similar to a data packet that exercises the SID behavior, i.e. to include
that SID as a transit SID in either an SRH or IPv6 DA of an outer IPv6 header that SID as a transit SID in either an SRH or IPv6 DA of an outer IPv6 header
or as appropriate or as appropriate
based on the definition of the SID behavior. based on the definition of the SID behavior.
</t> </t>
</section>
<!--end: Ping and Traceroute -->
</section> <!--end: Ping and Traceroute --> </section>
<!--end: OAM Mechanisms -->
</section> <!--end: OAM Mechanisms -->
<section anchor="Status" title="Implementation Status">
<t> This section is to be removed prior to publishing as an RFC.
</t>
<t> See [I-D.matsushima-spring-srv6-deployment-status] for updated
deployment and interoperability reports.
</t>
</section> <!--end: Implementation Status-->
<section anchor="Security" title="Security Considerations">
<t> <xref target="RFC8754"/> defines the notion of an SR domain and <section anchor="Security" numbered="true" toc="default">
use of SRH within the SR domain. <name>Security Considerations</name>
<t> <xref target="RFC8754" format="default"/> defines the notion of an SR
domain and
use of the SRH within the SR domain.
The use of OAM procedures described in this document is restricted to an SR domain. The use of OAM procedures described in this document is restricted to an SR domain.
For example, similar to the SID manipulation, O-flag manipulation is not co For example, similar to SID manipulation, O-flag manipulation is not consid
nsidered ered
as a threat within the SR domain. a threat within the SR domain.
Procedures for securing an SR domain are defined the section 5.1 and sectio Procedures for securing an SR domain are defined in Sections <xref target="
n 7 of RFC8754" format="default" section="5.1" sectionFormat="bare"/> and <xref target=
<xref target="RFC8754"/>. "RFC8754" format="default" section="7" sectionFormat="bare"/> of
</t> <xref target="RFC8754" format="default"/>.
</t>
<t> <t>
As noted in section 7.1 of <xref target="RFC8754"/>, As noted in <xref target="RFC8754" format="default" sectionFormat="of" sect
ion="7.1"/>,
compromised nodes within the SR domain may mount attacks. The O-flag compromised nodes within the SR domain may mount attacks. The O-flag
may be set by an attacking node attempting a denial-of-service attack on th e may be set by an attacking node attempting a denial-of-service attack on th e
OAM process at the segment endpoint node. OAM process at the segment endpoint node.
An implementation correctly implementing An implementation correctly implementing
the rate limiting in section 2.1.1 is not susceptible to that the rate limiting described in <xref target="oflag-proc" /> is not suscepti ble to that
denial-of-service attack. denial-of-service attack.
Additionally, SRH Flags are protected by the HMAC TLV, as Additionally, SRH flags are protected by the Hashed Message Authentication
described in section 2.1.2.1 of <xref target="RFC8754"/>. Code (HMAC) TLV, as
described in <xref target="RFC8754" format="default" sectionFormat="of" sec
tion="2.1.2.1"/>.
<!-- [rfced] Does "with the O-flag set" need to be repeated here?
Original:
Once an HMAC is
generated for a segment list with the O-flag set, it can be used for
an arbitrary amount of traffic using that segment list with the
O-flag set.
Perhaps:
Once an HMAC is
generated for a segment list with the O-flag set, it can be used for
an arbitrary amount of traffic using that segment list.
-->
Once an HMAC is generated for a segment list with the O-flag set, Once an HMAC is generated for a segment list with the O-flag set,
it can be used for an arbitrary amount of traffic using that it can be used for an arbitrary amount of traffic using that
segment list with O-flag set. segment list with the O-flag set.
</t>
<t> </t>
<t>
The security properties of the channel used to send exported packets marked The security properties of the channel used to send exported packets marked
by the O-flag will depend on the specific OAM processes used. by the O-flag will depend on the specific OAM processes used.
An on-path attacker able to observe this OAM channel could conduct An on-path attacker able to observe this OAM channel could conduct
traffic analysis, or potentially eavesdropping (depending on the OAM config uration), traffic analysis, or potentially eavesdropping (depending on the OAM config uration),
of this telemetry for the entire SR domain from such a vantage point. of this telemetry for the entire SR domain from such a vantage point.
</t> </t>
<t>
<t>
This document does not This document does not
impose any additional security challenges to be considered beyond impose any additional security challenges to be considered beyond the
security threats described in <xref target="RFC4884"/>, <xref target="RFC44 security threats described in <xref target="RFC4884" format="default"/>, <x
43"/>, ref target="RFC4443" format="default"/>,
<xref target="RFC0792"/>, <xref target="RFC0792" format="default"/>,
<xref target="RFC8754"/> and <xref target="RFC8986"/>. <xref target="RFC8754" format="default"/>, and <xref target="RFC8986" format
</t> ="default"/>.
</t>
</section> <!--end: Security Considerations--> </section>
<!--end: Security Considerations-->
<section anchor="PRIVACY" title="Privacy Considerations">
<t> The per-packet marking capabilities of the O-flag provides a granular <section anchor="PRIVACY" numbered="true" toc="default">
<name>Privacy Considerations</name>
<t> The per-packet marking capabilities of the O-flag provide a granular
mechanism to collect telemetry. When this collection is deployed by an ope rator mechanism to collect telemetry. When this collection is deployed by an ope rator
with knowledge and consent of the users, it will enable a variety of diagno stics with the knowledge and consent of the users, it will enable a variety of di agnostics
and monitoring to support the OAM and security operations use cases needed for and monitoring to support the OAM and security operations use cases needed for
resilient network operations. However, this collection mechanism will also resilient network operations. However, this collection mechanism will also
provide an explicit protocol mechanism to operators for surveillance and provide an explicit protocol mechanism to operators for surveillance and
pervasive monitoring use cases done contrary to the user's consent. pervasive monitoring use cases done contrary to the user's consent.
</t> </t>
</section>
<!--end: asd -->
</section> <!--end: asd --> <section anchor="IANA" numbered="true" toc="default">
<name>IANA Considerations</name>
<t>IANA has registered the following in the "Segment
Routing Header Flags" subregistry in the "Internet Protocol Version
6 (IPv6) Parameters" registry:
</t>
<section anchor="IANA" title="IANA Considerations"> <table anchor="iana-table">
<name></name>
<thead>
<tr>
<th>Bit</th>
<th>Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>2</td>
<td>O-flag</td>
<td>RFC 9259</td>
</tr>
</tbody>
</table>
<t> This document requests that IANA allocate the following </section>
registration in the "Segment <!--end: IANA Considerations-->
Routing Header Flags" sub-registry for the "Internet Protocol Version
6 (IPv6) Parameters" registry maintained by IANA:
<figure> <artwork><![CDATA[
+-------+------------------------------+---------------+ </middle>
| Bit | Description | Reference | <back>
+=======+==============================+===============+
| 2 | O-flag | This document |
+-------+------------------------------+---------------+
]]> <displayreference target="I-D.ietf-spring-stamp-srpm" to="STAMP-SR"/>
</artwork> </figure>
</t>
</section> <!--end: IANA Considerations--> <references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8754.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8986.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8174.xml"/>
</references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.0792.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4443.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4884.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5837.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8403.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8402.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7011.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5476.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7012.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7799.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5880.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.7880.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.2328.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8571.xml"/>
</middle> <!-- [rfced] FYI: draft-gandhi-spring-stamp-srpm was replaced by
draft-ietf-spring-stamp-srpm (see
https://datatracker.ietf.org/doc/draft-gandhi-spring-stamp-srpm/). We
updated this reference entry accordingly.
<back> Original:
<references title="Normative References"> [I-D.gandhi-spring-stamp-srpm]
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.211 Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens,
9.xml"?> B., and R. Foote, "Performance Measurement Using Simple
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.875 TWAMP (STAMP) for Segment Routing Networks", draft-gandhi-
4.xml"?> spring-stamp-srpm-07 (work in progress), July 2021.
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.898
6.xml"?> Updated:
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.817 [STAMP-SR] Gandhi, R., Ed., Filsfils, C., Voyer, D., Chen, M.,
4.xml"?> Janssens, B., and R. Foote, "Performance Measurement Using
Simple TWAMP (STAMP) for Segment Routing Networks", Work
in Progress, Internet-Draft, draft-ietf-spring-stamp-srpm-
03, 1 February 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-
stamp-srpm-03>.
-->
<!-- [I-D.gandhi-spring-stamp-srpm] Replaced by [I-D.ietf-spring-stamp-srpm] IES
G state I-D Exists -->
<reference anchor="I-D.ietf-spring-stamp-srpm">
<front>
<title>Performance Measurement Using Simple TWAMP (STAMP) for Segment Rout
ing Networks</title>
<author fullname="Rakesh Gandhi" role="editor">
<organization>Cisco Systems, Inc.</organization>
</author>
<author fullname="Clarence Filsfils">
<organization>Cisco Systems, Inc.</organization>
</author>
<author fullname="Daniel Voyer">
<organization>Bell Canada</organization>
</author>
<author fullname="Mach(Guoyi) Chen">
<organization>Huawei</organization>
</author>
<author fullname="Bart Janssens">
<organization>Colt</organization>
</author>
<author fullname="Richard Foote">
<organization>Nokia</organization>
</author>
<date month="February" day="1" year="2022" />
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-spring-stamp-srpm-03" />
<format type="TXT" target="https://www.ietf.org/archive/id/draft-ietf-spring-
stamp-srpm-03.txt" />
</reference>
<!-- <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.
9197"/> -->
<reference anchor='RFC9197' target="https://www.rfc-editor.org/info/rfc9197">
<front>
<title>Data Fields for In Situ Operations, Administration, and Maintenance (IOAM
)</title>
<author initials='F' surname='Brockners' fullname='Frank Brockners' role="editor
">
<organization />
</author>
<author initials='S' surname='Bhandari' fullname='Shwetha Bhandari' role="editor
">
<organization />
</author>
<author initials='T' surname='Mizrahi' fullname='Tal Mizrahi' role="editor">
<organization />
</author>
<date year='2022' month='May' />
</front>
<seriesInfo name="RFC" value="9197"/>
<seriesInfo name="DOI" value="10.17487/RFC9197"/>
</reference>
</references>
</references> </references>
<section anchor="app-illustrations" numbered="true" toc="default">
<name>Illustrations</name>
<!-- [rfced] Please review the titles of A.1 and A.2. Should these have a
similar structure?
<references title="Informative References"> Original:
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.079 A.1. Ping in SRv6 Networks
2.xml"?> A.2. Traceroute
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.444 Perhaps:
3.xml"?> A.1. Ping in SRv6 Networks
A.2. Traceroute in SRv6 Networks
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.488 Or:
4.xml"?> A.1. Ping
A.2. Traceroute
-->
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.583 <!-- [rfced] Please review the use of "packet P1" followed by the packet
7.xml"?> notation in the following sentences. In some cases, the colon is used,
but in others, it is not. Will readers find these sentences easy to read
because the sentence continues after the packet notation? Would something
like the format used in Section 6.3 of RFC 8754 be an improvement? See
suggestion below. Let us know if another layout or form of punctuation
would be helpful here.
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.840 Original:
3.xml"?> o A packet P1:(IPv4 header)(payload) is sent from CE1 to Node N1.
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.840 ...
2.xml"?> As part of setting
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.701 the O-flag, node N1 also sends a timestamped copy of the packet
1.xml"?> P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::,
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.547 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1;
6.xml"?> NH=IPv4)(IPv4 header)(payload) to a local OAM process.
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.701 ...
2.xml"?> Specifically, it executes the End.X behavior
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.779 indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986]
9.xml"?> and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::)
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.588 (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::;
0.xml"?> SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.788 Node N3.
0.xml"?> ...
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.232 o When node N4 receives the packet P1 (2001:db8:L:1::,
8.xml"?> 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::,
<?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.857 2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4
1.xml"?> header)(payload), it processes the O-flag.
...
Specifically, it executes the End.X behavior indicated by the
2001:db8:K:4:X52:: SID and forwards the packet P1 (2001:db8:L:1::,
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload)
over link 10 towards Node N5.
...
o When node N7 receives the packet P1 (2001:db8:L:1::,
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4
header)(payload), it processes the O-flag.
...
Specifically, it executes the VPN SID
indicated by the 2001:db8:K:7:DT999:: SID and based on lookup in
table 100 forwards the packet P1 (IPv4 header)(payload) towards CE
2.
<?rfc include="https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference Perhaps:
.I-D.matsushima-spring-srv6-deployment-status.xml"?> o A packet P1 is sent from CE1 to Node N1. The packet is:
<?rfc include="http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ga
ndhi-spring-stamp-srpm.xml"?>
<?rfc include="https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference
.I-D.draft-ietf-ippm-ioam-data-11.xml"?>
</references> P1: (IPv4 header)(payload)
...
As part of setting
the O-flag, node N1 also sends a timestamped copy of the packet
P1 to a local OAM process. The packet is:
<section title="Illustrations"> P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1;
NH=IPv4)(IPv4 header)(payload)
...
Specifically, it executes the End.X behavior [RFC8986]
indicated by the 2001:db8:K:2:X31:: SID
and forwards the packet P1 over link 3 towards
Node N3. The packet is:
<t> This appendix shows how some of the P1: (2001:db8:L:1::, 2001:db8:K:4:X52::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::;
SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload)
...
o When node N4 receives the packet P1, it processes the O-flag. The packet i
s:
P1: (2001:db8:L:1::,
2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4
header)(payload)
...
Specifically, it executes the End.X behavior indicated by the
2001:db8:K:4:X52:: SID and forwards the packet P1
over link 10 towards Node N5. The packet is:
P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4
header)(payload)
...
o When node N7 receives the packet P1, it processes the O-flag. The packet i
s:
P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4
header)(payload)
...
Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT999::
SID and based on lookup in table 100 forwards the packet P1 towards CE
2. The packet is:
P1: (IPv4 header)(payload)
-->
<t> This appendix shows how some of the
existing IPv6 OAM mechanisms can be used in an SRv6 network. It also existing IPv6 OAM mechanisms can be used in an SRv6 network. It also
illustrates an OAM mechanism for illustrates an OAM mechanism for
performing controllable and predictable flow sampling from segment performing controllable and predictable flow sampling from segment
endpoints. How centralized OAM technique in endpoints. How the centralized OAM technique in
<xref target="RFC8403"/> can be extended for SRv6 is also described in this a <xref target="RFC8403" format="default"/> can be extended for SRv6 is also de
ppendix. scribed in this appendix.
</t> </t>
<section numbered="true" toc="default">
<section title="Ping in SRv6 Networks"> <name>Ping in SRv6 Networks</name>
<t> The existing mechanism to perform the reachability checks,
<t> The existing mechanism to perform the reachability checks,
along the shortest path, continues to work without any modification. along the shortest path, continues to work without any modification.
Any IPv6 node (SRv6 capable or a non-SRv6 capable) can initiate, transit, Any IPv6 node (SRv6-capable or non-SRv6-capable) can initiate, transit,
and egress a ping packet. and egress a ping packet.
</t> </t>
<t> The following subsections outline some additional use cases of the ICM <t> The following subsections outline some additional use cases of ICMPv
Pv6 ping in 6 ping in
the SRv6 networks. SRv6 networks.
</t> </t>
<section numbered="true" toc="default">
<section title="Pinging an IPv6 Address via a Segment-list"> <name>Pinging an IPv6 Address via a Segment List</name>
<t> If an SRv6-capable ingress node wants to ping an IPv6 address via
<t> If an SRv6-capable ingress node wants to ping an IPv6 address via an an
arbitrary segment list &lt;S1, S2, S3&gt;, it needs to initiate an ICMPv6 arbitrary segment list &lt;S1, S2, S3&gt;, it needs to initiate an ICMPv6
ping with an SR header containing the SID list &lt;S1, S2, S3&gt;. This is ping with an SR header containing the SID list &lt;S1, S2, S3&gt;. This is
illustrated using the topology in Figure 1. User issues a ping from node N1 illustrated using the topology in <xref target="ref-top"/>. The user issues
to a a ping from node N1 to a
loopback of node N5, via segment list &lt;2001:db8:K:2:X31::, 2001:db8:K:4: loopback of node N5 via segment list &lt;2001:db8:K:2:X31::, 2001:db8:K:4:X
X52::&gt;. 52::&gt;.
The SID behavior used in the example is End.X SID, The SID behavior used in the example is End.X,
as described in <xref target="RFC8986"/>, but the procedure is as described in <xref target="RFC8986" format="default"/>, but the procedur
e is
equally applicable to any other (transit) SID type. equally applicable to any other (transit) SID type.
</t> </t>
<t><xref target="sample-ping"/> contains sample output for a ping requ
<t> Figure 2 contains sample output for a ping request initiated at node est initiated at node
N1 to a loopback address of node N5 via a segment list &lt;2001:db8:K:2:X31 N1 to a loopback address of node N5 via segment list &lt;2001:db8:K:2:X31::
::, ,
2001:db8:K:4:X52::&gt;. 2001:db8:K:4:X52::&gt;.
</t> </t>
<figure anchor="sample-ping">
<figure> <artwork><![CDATA[ <name>Sample Ping Output at an SRv6-Capable Node</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
> ping 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, > ping 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::,
2001:db8:K:4:X52:: 2001:db8:K:4:X52::
Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625
/0.749/0.931 ms
Figure 2 A sample ping output at an SRv6-capable node
]]>
</artwork> </figure>
<t> All transit nodes process the echo request message like any other Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds:
data packet carrying SR header and hence do not require any change. !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625
/0.749/0.931 ms
]]></artwork>
</figure>
<t> All transit nodes process the echo request message like any other
data packet carrying an SR header and hence do not require any change.
Similarly, the egress node does not Similarly, the egress node does not
require any change to process the ICMPv6 echo request. For example, require any change to process the ICMPv6 echo request. For example,
in the ping example of Figure 2: in the example in <xref target="sample-ping"/>:
<list style="symbols"> </t>
<t>Node N1 initiates an ICMPv6 ping packet with SRH as follows <ul spacing="normal">
<li>Node N1 initiates an ICMPv6 ping packet with the SRH as follows:
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:1::, 2001:db8:K:2:X31::)
(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, (2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2,
NH = ICMPv6)(ICMPv6 Echo Request). NH = ICMPv6)(ICMPv6 Echo Request).
</t> </li>
<li>Node N2, which is an SRv6-capable node, performs the standard
<t>Node N2, which is an SRv6-capable node, performs the standard
SRH processing. Specifically, it executes the End.X behavior SRH processing. Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on lin indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on lin
k3 to N3.</t> k3 to N3.</li>
<li> Node N3, which is a non-SRv6-capable node, performs the standar
<t> Node N3, which is a non-SRv6 capable node, performs the standard d
IPv6 processing. Specifically, it forwards the echo request IPv6 processing. Specifically, it forwards the echo request
based on the DA 2001:db8:K:4:X52:: in the IPv6 header. </t> based on DA 2001:db8:K:4:X52:: in the IPv6 header. </li>
<li> Node N4, which is an SRv6-capable node, performs the standard
<t> Node N4, which is an SRv6-capable node, performs the standard
SRH processing. Specifically, it observes the End.X behavior SRH processing. Specifically, it observes the End.X behavior
(2001:db8:K:4:X52::) and forwards the packet on link10 towards N5. (2001:db8:K:4:X52::) and forwards the packet on link10 towards N5.
If 2001:db8:K:4:X52:: is a PSP SID, If 2001:db8:K:4:X52:: is a PSP SID,
the penultimate node (Node N4) does not, should not and cannot differe ntiate the penultimate node (node N4) does not, should not, and cannot differ entiate
between the data packets and OAM probes. between the data packets and OAM probes.
Specifically, if 2001:db8:K:4:X52:: is a PSP SID, Specifically, if 2001:db8:K:4:X52:: is a PSP SID,
node N4 executes the SID like any other data packet with DA = 2001:db8 :K:4:X52:: node N4 executes the SID like any other data packet with DA = 2001:db8 :K:4:X52::
and removes the SRH. and removes the SRH.
</t> </li>
<li> The echo request packet at N5 arrives as an IPv6 packet with or
<t> The echo request packet at N5 arrives as an IPv6 packet with or without an SRH. If N5 receives the packet with an SRH, it skips SRH pr
without an SRH. If N5 receives the packet with SRH, it skips SRH proce ocessing (SL=0).
ssing (SL=0). In either case, node N5 performs the
In either case, Node N5 performs the
standard ICMPv6 processing on the echo request and responds with the standard ICMPv6 processing on the echo request and responds with the
echo reply message to N1. The echo reply message is IP routed. echo reply message to N1. The echo reply message is IP routed.
</t> </li>
</ul>
</list> </t> </section>
<!--end: Pinging an IPv6 address via a sid-list -->
</section> <!--end: Pinging an IPv6 address via a sid-list --> <section numbered="true" toc="default">
<name>Pinging a SID</name>
<!-- [rfced] Will "applies equally" here be clear to readers?
<section title="Pinging a SID"> Original:
The ping mechanism described above applies equally to perform SID
reachability check and to validate the SID is locally programmed at
the target node.
...
The mechanism to traceroute an IPv6 Address via a Segment-list
described in the previous section applies equally to traceroute a
remote SID behavior, as explained using an example in the following.
<t> Perhaps:
The ping mechanism described above can also be used to perform SID
reachability checks and to validate that the SID is locally programmed at
the target node.
...
The mechanism to traceroute an IPv6 Address via a segment list
described in the previous section can also be used to traceroute a
remote SID behavior, as explained in the following example.
-->
<t>
The ping mechanism described above applies equally to perform SID The ping mechanism described above applies equally to perform SID
reachability check and to validate the SID is locally programmed at the target n ode. reachability check and to validate the SID is locally programmed at the target n ode.
This is explained using an example in the This is explained in the
following. The example uses ping to an END SID, as described in <xref target= following example. The example uses ping to an End SID, as described in <xref
"RFC8986"/>, target="RFC8986" format="default"/>,
but the procedure is but the procedure is
equally applicable to ping any other SID behaviors. equally applicable to ping any other SID behaviors.
</t> </t>
<t> Consider the example where the user wants to ping a remote
<t> Consider the example where the user wants to ping a remote
SID 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. SID 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1.
The ICMPv6 echo request is processed at the individual nodes The ICMPv6 echo request is processed at the individual nodes
along the path as follows: along the path as follows:
<list style="symbols"> </t>
<t>Node N1 initiates an ICMPv6 ping packet with SRH as follows <ul spacing="normal">
<li>Node N1 initiates an ICMPv6 ping packet with the SRH as follows:
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:1::, 2001:db8:K:2:X31::)
(2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1; (2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1;
NH=ICMPv6)(ICMPv6 Echo Request). </t> NH=ICMPv6)(ICMPv6 Echo Request). </li>
<li>Node N2, which is an SRv6-capable node, performs the standard
<t>Node N2, which is an SRv6-capable node, performs the standard
SRH processing. Specifically, it executes the End.X behavior SRH processing. Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID on the echo request packet. If indicated by the 2001:db8:K:2:X31:: SID on the echo request packet. If
2001:db8:K:2:X31:: is a PSP SID, node N4 executes the SID like any 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the SID like any
other data packet with DA = 2001:db8:K:2:X31:: and removes the other data packet with DA = 2001:db8:K:2:X31:: and removes the
SRH. SRH.
</t> </li>
<t> Node N3, which is a non-SRv6 capable node, performs <li> Node N3, which is a non-SRv6-capable node, performs
the standard IPv6 processing. Specifically, it forwards the the standard IPv6 processing. Specifically, it forwards the
echo request based on DA = 2001:db8:K:4:: in the IPv6 header.</t> echo request based on DA = 2001:db8:K:4:: in the IPv6 header.</li>
<li>When node N4 receives the packet, it
<t>When node N4 receives the packet, it processes the target SID (2001:db8:K:4::). </li>
processes the target SID (2001:db8:K:4::). </t> <li> If the target SID (2001:db8:K:4::) is not locally instantiated
<t> If the target SID (2001:db8:K:4::) is not locally instantiated
and does not represent a local interface, and does not represent a local interface,
the packet is discarded </t> the packet is discarded </li>
<li>
<t>
If the target SID (2001:db8:K:4::) is locally instantiated or If the target SID (2001:db8:K:4::) is locally instantiated or
represents a local interface, the node processes represents a local interface, the node processes
the upper layer header. the upper-layer header.
As part of the upper layer header processing node N4 respond <!-- [rfced] We have updated this sentence as follows. Please review.
to the ICMPv6 echo request message and responds with the
echo reply message. The echo reply message is IP routed.
</t>
</list>
</t> Original:
As part of the upper layer header processing node N4
respond to the ICMPv6 echo request message and responds with the
echo reply message.
</section> <!--end: SID Ping --> Perhaps:
As part of the upper-layer header processing, node N4
responds to the ICMPv6 echo request message with an
echo reply message.
-->
As part of the upper-layer header processing, node N4 responds
to the ICMPv6 echo request message with an
echo reply message. The echo reply message is IP routed.
</section> <!--end: Ping--> </li>
</ul>
</section>
<!--end: SID Ping -->
<section title="Traceroute"> </section>
<!--end: Ping-->
<t> The existing traceroute <section numbered="true" toc="default">
mechanisms, along the shortest path, continues to work without any modifica <name>Traceroute</name>
tion. <t> The existing traceroute
Any IPv6 node (SRv6 capable or a non-SRv6 capable) can initiate, transit, mechanisms, along the shortest path, continue to work without any modificat
ion.
Any IPv6 node (SRv6-capable or a non-SRv6-capable) can initiate, transit,
and egress a traceroute probe. and egress a traceroute probe.
</t> </t>
<t> <t>
The following subsections outline some additional use cases of the tracerou The following subsections outline some additional use cases of traceroute
te in SRv6 networks.
in the SRv6 networks. </t>
</t> <section numbered="true" toc="default">
<name>Traceroute to an IPv6 Address via a Segment List</name>
<section title="Traceroute to an IPv6 Address via a Segment-list"> <t> If an SRv6-capable ingress node wants to traceroute to an IPv6 ad
dress
<t> If an SRv6-capable ingress node wants to traceroute to IPv6 address
via an arbitrary segment list &lt;S1, S2, S3&gt;, it needs to initiate via an arbitrary segment list &lt;S1, S2, S3&gt;, it needs to initiate
a traceroute probe with an SR header containing the SID list a traceroute probe with an SR header containing the SID list
&lt;S1, S2, S3&gt;. User issues a traceroute &lt;S1, S2, S3&gt;. The user issues a traceroute
from node N1 to a loopback of node N5, via segment list from node N1 to a loopback of node N5 via segment list
&lt;2001:db8:K:2:X31::, 2001:db8:K:4:X52::&gt;. &lt;2001:db8:K:2:X31::, 2001:db8:K:4:X52::&gt;.
The SID behavior used in the example is End.X SID, as described in The SID behavior used in the example is End.X, as described in
<xref target="RFC8986"/>, <xref target="RFC8986" format="default"/>,
but the procedure is equally applicable to any other (transit) SID but the procedure is equally applicable to any other (transit) SID
type. type.
Figure 3 contains sample output for the traceroute <xref target="sample-traceroute"/> contains sample output for the tracerout e
request. request.
</t> </t>
<figure anchor="sample-traceroute">
<figure> <artwork><![CDATA[ <name>Sample Traceroute Output at an SRv6-Capable Node</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
> traceroute 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, > traceroute 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::,
2001:db8:K:4:X52:: 2001:db8:K:4:X52::
Tracing the route to 2001:db8:L:5::
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec
DA: 2001:db8:K:2:X31::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2)
2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec
DA: 2001:db8:L:5::
Figure 3 A sample traceroute output at an SRv6-capable node
]]>
</artwork> </figure>
<t> In the sample traceroute output, the information displayed at each h Tracing the route to 2001:db8:L:5::
op 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec
DA: 2001:db8:K:2:X31::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2)
2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec
DA: 2001:db8:L:5::
]]></artwork>
</figure>
<t> In the sample traceroute output, the information displayed at eac
h hop
is obtained using the contents of the "Time Exceeded" or is obtained using the contents of the "Time Exceeded" or
"Destination Unreachable" ICMPv6 responses. These ICMPv6 responses "Destination Unreachable" ICMPv6 responses. These ICMPv6 responses
are IP routed. are IP routed.
</t> </t>
<t> In the sample traceroute output, the information for link3 is
<t> In the sample traceroute output, the information for link3 is
returned by N3, which is a returned by N3, which is a
non-SRv6 capable node. Nonetheless, the ingress node is able to display non-SRv6-capable node. Nonetheless, the ingress node is able to display
SR header contents as the packet travels through the non-SRv6 capable node. SR header contents as the packet travels through the non-SRv6-capable node.
This is because the "Time Exceeded Message" ICMPv6 message can This is because the "Time Exceeded" ICMPv6 message can
contain as much of the invoking packet as possible without the contain as much of the invoking packet as possible without the
ICMPv6 packet exceeding the minimum IPv6 MTU <xref target="RFC4443"/>. The SR ICMPv6 packet exceeding the minimum IPv6 MTU <xref target="RFC4443" format= "default"/>. The SR
header is included in these ICMPv6 messages initiated by the header is included in these ICMPv6 messages initiated by the
non-SRv6 capable transit nodes that are not running SRv6 software. non-SRv6-capable transit nodes that are not running SRv6 software.
Specifically, a node generating ICMPv6 message containing a copy of Specifically, a node generating an ICMPv6 message containing a copy of
the invoking packet does not need to understand the extension the invoking packet does not need to understand the extension
header(s) in the invoking packet. header(s) in the invoking packet.
</t> </t>
<t> The segment list information returned for the first hop is return
<t> The segment list information returned for the first hop is returned by ed by N2,
N2,
which is an SRv6-capable node. Just like for the second hop, the ingress no de which is an SRv6-capable node. Just like for the second hop, the ingress no de
is able to display SR header contents for the first hop. is able to display SR header contents for the first hop.
</t> </t>
<!-- [rfced] We updated "a datagram" to "the datagram" in two instances in the
later part of this sentence to match usage earlier in the sentence. Please
review and let us know any objections.
<t> There is no difference in processing of the traceroute probe at an Original:
SRv6-capable and a non-SRv6 capable node. Similarly, both SRv6-capable and ICMPv6 extensions defined in [RFC5837] can be used
non-SRv6 capable nodes may use the address of the interface on to display information about the IP interface through which the
datagram would have been forwarded had it been forwardable, and the
IP next hop to which the datagram would have been forwarded, the IP
interface upon which a datagram arrived, the sub-IP component of an
IP interface upon which a datagram arrived.
-->
<t> There is no difference in processing of the traceroute probe at a
n
SRv6-capable and a non-SRv6-capable node. Similarly, both SRv6-capable and
non-SRv6-capable nodes may use the address of the interface on
which probe was received as the source address in the ICMPv6 which probe was received as the source address in the ICMPv6
response. ICMPv6 extensions defined in <xref target="RFC5837"/> can be used to response. ICMPv6 extensions defined in <xref target="RFC5837" format="defau lt"/> can be used to
display information about the IP interface through which the display information about the IP interface through which the
datagram would have been forwarded had it been forwardable, and the datagram would have been forwarded had it been forwardable, the
IP next hop to which the datagram would have been forwarded, the IP IP next hop to which the datagram would have been forwarded, the IP
interface upon which a datagram arrived, the sub-IP component of an interface upon which the datagram arrived, and the sub-IP component of an
IP interface upon which a datagram arrived. IP interface upon which the datagram arrived.
</t> </t>
<t> The IP address of the interface on which the traceroute probe was rece <!-- [rfced] We are having trouble understanding the text starting with
ived "bound..." Should "at" follow "End.X behavior"? Please clarify.
Original:
This matches with the expected interface
bound to End.X behavior 2001:db8:K:2:X31:: (link3).
...
This matches with the
expected interface bound to the End.X behavior 2001:db8:K:4:X52::
(link10).
-->
<t> The IP address of the interface on which the traceroute probe was
received
is useful. This information can also be used to verify if SIDs is useful. This information can also be used to verify if SIDs
2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly by N2 and N4, 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly by N2 and N4,
respectively. Specifically, the information displayed for the second hop respectively. Specifically, the information displayed for the second hop
contains the incoming interface address 2001:db8:2:3:31:: at N3. contains the incoming interface address 2001:db8:2:3:31:: at N3.
This matches with the expected interface bound to End.X behavior This matches the expected interface bound to End.X behavior
2001:db8:K:2:X31:: (link3). Similarly, the information displayed for the fo urth hop 2001:db8:K:2:X31:: (link3). Similarly, the information displayed for the fo urth hop
contains the incoming interface address 2001:db8:4:5::52:: at N5. contains the incoming interface address 2001:db8:4:5::52:: at N5.
This matches with the expected interface bound to the End.X behavior This matches the expected interface bound to the End.X behavior
2001:db8:K:4:X52:: (link10). 2001:db8:K:4:X52:: (link10).
</t> </t>
</section>
</section> <!--end: Tracerouting an IPv6 Address via a Segment-list --> <!--end: Tracerouting an IPv6 Address via a Segment list -->
<section title="Traceroute to a SID"> <section numbered="true" toc="default">
<name>Traceroute to a SID</name>
<t> The mechanism to traceroute an IPv6 Address via a Segment-list <t> The mechanism to traceroute an IPv6 address via a segment list
described in the previous section applies described in the previous section applies
equally to traceroute a remote SID behavior, as explained using an equally to traceroute a remote SID behavior, as explained in the following
example in the following. example.
The example uses traceroute to an END SID, as described in <xref target="RF The example uses traceroute to an End SID, as described in <xref target="RF
C8986"/>, C8986" format="default"/>,
but the procedure is but the procedure is
equally applicable to tracerouting any other SID behaviors. equally applicable to tracerouting any other SID behaviors.
</t> </t>
<t> Please note that traceroute to a SID is
<t> Please note that traceroute to a SID is
exemplified using UDP probes. However, the procedure is equally exemplified using UDP probes. However, the procedure is equally
applicable to other implementations of traceroute mechanism. applicable to other implementations of traceroute mechanism.
The UDP encoded message to traceroute a SID would use the UDP ports The UDP encoded message to traceroute a SID would use the UDP ports
assigned by IANA for "traceroute use". assigned by IANA for "traceroute use".
</t> </t>
<t> Consider the example where the user wants to traceroute a remote S
<t> Consider the example where the user wants to traceroute a remote SID ID
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The
traceroute probe is processed at the individual nodes along the path traceroute probe is processed at the individual nodes along the path
as follows: as follows:
<list style="symbols"> </t>
<t>Node N1 initiates a traceroute probe packet as follows <ul spacing="normal">
<li>Node N1 initiates a traceroute probe packet as follows
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:1::, 2001:db8:K:2:X31::)
(2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). (2001:db8:K:4::, 2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe).
The first traceroute probe is sent with hop-count value set to 1. The first traceroute probe is sent with the hop-count value set to 1.
The hop-count value is incremented by 1 for each following traceroute The hop-count value is incremented by 1 for each subsequent traceroute
probes. probe.
</t>
<t>When node N2 receives the packet with hop-count = 1, it </li>
processes the hop-count expiry. Specifically, the node N2 <li>When node N2 receives the packet with hop-count = 1, it
processes the hop-count expiry. Specifically, node N2
responds with the ICMPv6 message (Type: "Time Exceeded", Code: responds with the ICMPv6 message (Type: "Time Exceeded", Code:
"Hop limit exceeded in transit"). The ICMPv6 response "hop limit exceeded in transit"). The ICMPv6 response
is IP routed. is IP routed.
</t> </li>
<t>When Node N2 receives the packet with hop-count > 1, it <li>When node N2 receives the packet with hop-count &gt; 1, it
performs the standard SRH processing. Specifically, it executes performs the standard SRH processing. Specifically, it executes
the End.X behavior indicated by the the End.X behavior indicated by the
2001:db8:K:2:X31:: SID on the traceroute probe. 2001:db8:K:2:X31:: SID on the traceroute probe.
If 2001:db8:K:2:X31:: is a PSP SID, If 2001:db8:K:2:X31:: is a PSP SID,
node N2 executes the SID like any other data packet with DA = 2001:db8:K:2 :X31:: node N2 executes the SID like any other data packet with DA = 2001:db8:K:2 :X31::
and removes the SRH. and removes the SRH.
</t> </li>
<t>When node N3, which is a non-SRv6 capable node, receives the packet <li>When node N3, which is a non-SRv6-capable node, receives the pac
ket
with hop-count = 1, it processes the with hop-count = 1, it processes the
hop-count expiry. Specifically, the node N3 responds with the hop-count expiry. Specifically, node N3 responds with the
ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit
exceeded in Transit"). The ICMPv6 response is IP routed. exceeded in transit"). The ICMPv6 response is IP routed.
</t> </li>
<t>When node N3, which is a non-SRv6 capable node, receives the packet <li>When node N3, which is a non-SRv6-capable node, receives the pac
with hop-count > 1, it performs the standard IPv6 processing. ket
with hop-count &gt; 1, it performs the standard IPv6 processing.
Specifically, it forwards the traceroute probe based on DA Specifically, it forwards the traceroute probe based on DA
2001:db8:K:4:: in the IPv6 header. </t> 2001:db8:K:4:: in the IPv6 header. </li>
<t>When node N4 receives the packet with DA set to the local SID 2001: <li>When node N4 receives the packet with DA set to the local SID 20
db8:K:4::, it 01:db8:K:4::, it
processes the END SID. </t> processes the End SID. </li>
<li> If the target SID (2001:db8:K:4::) is not locally instantiated
<t> If the target SID (2001:db8:K:4::) is not locally instantiated and and
does not represent a local interface, the packet is discarded. does not represent a local interface, the packet is discarded.
</t> </li>
<li>
<t>
If the target SID (2001:db8:K:4::) is locally instantiated or represen ts a If the target SID (2001:db8:K:4::) is locally instantiated or represen ts a
local interface, the node processes local interface, the node processes
the upper layer header. the upper-layer header.
As part of the upper layer header processing node N4 responds
with the ICMPv6 message (Type: Destination unreachable, Code:
Port Unreachable). The ICMPv6 response
is IP routed.
</t>
</list>
</t>
<t> Figure 4 displays a sample traceroute output for this example.
<figure> <artwork><![CDATA[
> traceroute 2001:db8:K:4:X52:: via segment-list 2001:db8:K:2:X31:: <!-- [rfced] Would updating these sentences as suggested below improve
readability?
Tracing the route to SID 2001:db8:K:4:X52:: Original:
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec Specifically, the node N2 responds with the
DA: 2001:db8:K:2:X31::, ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) in transit").
2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec ...
DA: 2001:db8:K:4:X52::, Specifically, the node N3 responds with the ICMPv6 message (Type:
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) "Time Exceeded", Code: "Hop limit exceeded in Transit").
3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec ...
DA: 2001:db8:K:4:X52::, As part of the upper layer header processing node N4
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) responds with the ICMPv6 message (Type: Destination unreachable,
Code: Port Unreachable).
Figure 4 A sample output for hop-by-hop traceroute to a SID Perhaps:
Specifically, node N2 responds with an
ICMPv6 message with type "Time Exceeded" and code "Hop limit exceeded
in transit").
...
Specifically, node N3 responds with an ICMPv6 message with type
"Time Exceeded" and code "Hop limit exceeded in transit".
...
As part of the upper-layer header processing, node N4
responds with an ICMPv6 message with type "Destination Unreachable" and
code "Port Unreachable".
-->
As part of the upper-layer header processing, node N4 responds
with the ICMPv6 message (Type: "Destination Unreachable", Code:
"Port Unreachable"). The ICMPv6 response
is IP routed.
]]> </li>
</artwork> </figure> </ul>
</t> <t><xref target="sample-output"/> displays a sample traceroute output
for this example.
</section> <!--end: Traceroute to a SID behavior--> </t>
<figure anchor="sample-output">
<name>Sample Output for Hop-by-Hop Traceroute to a SID</name>
<artwork name="" type="" align="left" alt=""><![CDATA[
> traceroute 2001:db8:K:4:X52:: via segment list 2001:db8:K:2:X31::
</section> <!--end: Traceroute --> Tracing the route to SID 2001:db8:K:4:X52::
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec
DA: 2001:db8:K:2:X31::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1)
2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
]]></artwork>
</figure>
</section>
<!--end: Traceroute to a SID behavior-->
<section title="A Hybrid OAM Using O-flag"> </section>
<!--end: Traceroute -->
<t> This section illustrates a hybrid OAM mechanism using <section numbered="true" toc="default">
the the O-flag. Without loss of the generality, the illustration <name>Hybrid OAM Using the OAM Flag</name>
<t> This section illustrates a hybrid OAM mechanism using
the O-flag. Without loss of the generality, the illustration
assumes N100 is a centralized controller. assumes N100 is a centralized controller.
</t> </t>
<t>
<t> This illustration is different from the "in situ OAM" defined in <xref
The illustration is different than the In-situ OAM defined in target="RFC9197" format="default"/>. This is because in situ OAM records
[I.D-draft-ietf-ippm-ioam-data]. This is because In-situ OAM records operational and telemetry information in the packet as the packet
operational and telemetry information in the packet as the packet traverses traverses a path between two points in the network <xref target="RFC9197"
a path between two points in the network [I.D-draft-ietf- format="default"/>. The illustration in this subsection does not require
ippm-ioam-data]. The illustration in this subsection does not require the re the recording of OAM data in the packet.
cording of OAM
data in the packet.
</t> </t>
<t>
<t>
The illustration does not assume any formats for exporting the data The illustration does not assume any formats for exporting the data
elements or the data elements that need to be exported. elements or the data elements that need to be exported.
The illustration assumes system clocks among all nodes in the SR domain a re synchronized. The illustration assumes system clocks among all nodes in the SR domain a re synchronized.
</t> </t>
<t> Consider the example where the user wants to monitor sampled IPv4
<t> Consider the example where the user wants to monitor sampled IPv4 VPN 999 traffic going from CE1 to CE2 via a low-latency SR policy P installe
VPN 999 traffic going from CE1 to CE2 via a low latency SR policy P installe d
d at node N1.
at Node N1. To exercise a low-latency path, the SR Policy P forces the packet via segmen
To exercise a low latency path, the SR Policy P forces the packet via segmen ts
ts
2001:db8:K:2:X31:: and 2001:db8:K:4:X52::. 2001:db8:K:2:X31:: and 2001:db8:K:4:X52::.
The VPN SID at N7 associated with VPN 999 is 2001:db8:K:7:DT999::. The VPN SID at N7 associated with VPN 999 is 2001:db8:K:7:DT999::.
2001:db8:K:7:DT999:: is a USP SID. 2001:db8:K:7:DT999:: is a USP SID.
N1, N4, and N7 are capable of processing O-flag but N1, N4, and N7 are capable of processing the O-flag, but
N2 is not capable of processing O-flag. N2 is not capable of processing the O-flag.
N100 is the centralized controller capable of processing and correlating N100 is the centralized controller capable of processing and correlating
the copy of the packets sent from nodes N1, N4, and N7. the copy of the packets sent from nodes N1, N4, and N7.
N100 is aware of O-flag processing capabilities. N100 is aware of O-flag processing capabilities.
Controller N100 with the help from nodes N1, N4, N7 and implements a hybrid Controller N100, with help from nodes N1, N4, and N7, implements a hybrid
OAM mechanism using the O-flag as follows: OAM mechanism using the O-flag as follows:
<list style="symbols"> </t>
<t> A packet P1:(IPv4 header)(payload) is sent from CE1 to Node N1. </ <ul spacing="normal">
t> <li> A packet P1:(IPv4 header)(payload) is sent from CE1 to node N1. <
<t> Node N1 steers the packet P1 through the Policy P. /li>
Based on a local configuration, Node N1 also implements logic to sampl <li> Node N1 steers packet P1 through the Policy P.
e Based on local configuration, node N1 also implements logic to sample
traffic steered through policy P for hybrid OAM purposes. traffic steered through policy P for hybrid OAM purposes.
Specification for the sampling logic is beyond the scope of this docum ent. Specification for the sampling logic is beyond the scope of this docum ent.
Consider the case where packet P1 is classified as a packet to be moni tored Consider the case where packet P1 is classified as a packet to be moni tored
via the hybrid OAM. via the hybrid OAM.
Node N1 sets O-flag during the encapsulation required by policy P. Node N1 sets the O-flag during the encapsulation required by policy P.
As part of setting the O-flag, node N1 also sends a timestamped copy As part of setting the O-flag, node N1 also sends a timestamped copy
of the packet P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) of packet P1: (2001:db8:L:1::, 2001:db8:K:2:X31::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O -flag=1; (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O -flag=1;
NH=IPv4)(IPv4 header)(payload) to a local NH=IPv4)(IPv4 header)(payload) to a local
OAM process. The local OAM process sends a full or partial copy of OAM process. The local OAM process sends a full or partial copy of
the packet P1 to the controller N100. packet P1 to the controller N100.
The OAM process includes the The OAM process includes the
recorded timestamp, additional recorded timestamp, additional
OAM information like incoming and outgoing interface, etc. along OAM information (like incoming and outgoing interface), and
with any applicable metadata. any applicable metadata.
Node N1 forwards the original packet towards the next Node N1 forwards the original packet towards the next
segment 2001:db8:K:2:X31::. </t> segment 2001:db8:K:2:X31::. </li>
<t> When node N2 receives the packet with O-flag set, it ignores <li> When node N2 receives the packet with the O-flag set, it ignores
the O-flag. This is because node N2 is not capable of processing the O-flag. This is because node N2 is not capable of processing
the O-flag. Node N2 the O-flag. Node N2
performs the standard SRv6 SID and SRH processing. Specifically, it ex performs the standard SRv6 SID and SRH processing.
ecutes <!-- [rfced] We added the citation "[RFC8986]" immediately after "End.X
behavior" and removed "as described in [RFC8986]". We note that similar
sentences do not include the citation. Please review and let us know if
any further updates are needed.
Original:
Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986]
and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::;
SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards
Node N3.
Updated:
Specifically, it executes the End.X behavior [RFC8986]
indicated by the 2001:db8:K:2:X31:: SID
and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::;
SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards
Node N3.
-->
Specifically, it executes
the End.X the End.X
behavior indicated by the behavior indicated by the
2001:db8:K:2:X31:: SID as described in <xref target="RFC8986"/> 2001:db8:K:2:X31:: SID as described in <xref target="RFC8986" format="d
and forwards the packet P1 efault"/>
and forwards packet P1
(2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:L:1::, 2001:db8:K:4:X52::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O -flag=1; (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O -flag=1;
NH=IPv4)(IPv4 header)(payload) over link 3 towards Node N3. NH=IPv4)(IPv4 header)(payload) over link3 towards node N3.
</t> </li>
<t>When node N3, which is a non-SRv6 capable node, receives the packet <li>When node N3, which is a non-SRv6-capable node, receives packet P1
P1 , it performs the standard IPv6 processing.
, it performs the standard IPv6 processing. Specifically, it forwards packet P1 based on DA
Specifically, it forwards the packet P1 based on DA
2001:db8:K:4:X52:: in the IPv6 header. 2001:db8:K:4:X52:: in the IPv6 header.
</t> </li>
<t>When node N4 receives the packet P1 <li>When node N4 receives packet P1
(2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:L:1::, 2001:db8:K:4:X52::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O -flag=1; (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O -flag=1;
NH=IPv4)(IPv4 header)(payload), it processes the O-flag. NH=IPv4)(IPv4 header)(payload), it processes the O-flag.
As part of processing the O-flag, it sends a timestamped copy of As part of processing the O-flag, it sends a timestamped copy of
the packet to a local OAM process. the packet to a local OAM process.
Based on a local configuration, the local OAM process sends a full or Based on local configuration, the local OAM process sends a full or pa
partial rtial
copy of the packet copy of packet
P1 to the controller N100. The OAM process includes the P1 to the controller N100. The OAM process includes the
recorded timestamp, additional recorded timestamp, additional
OAM information like incoming and outgoing interface, etc. along OAM information (like incoming and outgoing interface, etc.), and
with any applicable metadata. any applicable metadata.
Node N4 performs the standard SRv6 SID and SRH processing on the origi nal packet P1. Node N4 performs the standard SRv6 SID and SRH processing on the origi nal packet P1.
Specifically, it executes Specifically, it executes
the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forward s the packet P1 the End.X behavior indicated by the 2001:db8:K:4:X52:: SID and forward s packet P1
(2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:L:1::, 2001:db8:K:7:DT999::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O -flag=1; (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O -flag=1;
NH=IPv4)(IPv4 header)(payload) over link 10 towards Node N5. NH=IPv4)(IPv4 header)(payload) over link10 towards node N5.
</t> </li>
<t>When node N5, which is a non-SRv6 capable node, receives the packet <li>When node N5, which is a non-SRv6-capable node, receives packet P1
P1, ,
it performs the standard IPv6 processing. it performs the standard IPv6 processing.
Specifically, it forwards the packet based on DA Specifically, it forwards the packet based on DA
2001:db8:K:7:DT999:: in the IPv6 header. 2001:db8:K:7:DT999:: in the IPv6 header.
</t> </li>
<t>When node N7 receives the packet P1 <li>When node N7 receives packet P1
(2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:L:1::, 2001:db8:K:7:DT999::)
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O -flag=1; (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O -flag=1;
NH=IPv4)(IPv4 header)(payload), it processes the O-flag. NH=IPv4)(IPv4 header)(payload), it processes the O-flag.
As part of processing the O-flag, it sends a timestamped copy of As part of processing the O-flag, it sends a timestamped copy of
the packet to a local OAM process. the packet to a local OAM process.
The local OAM process sends a full or partial copy of the packet The local OAM process sends a full or partial copy of packet
P1 to the controller N100. The OAM process includes the P1 to the controller N100. The OAM process includes the
recorded timestamp, additional recorded timestamp, additional
OAM information like incoming and outgoing interface, etc. along OAM information (like incoming and outgoing interface, etc.), and
with any applicable metadata. any applicable metadata.
Node N7 performs the standard SRv6 SID and SRH processing on the origi nal packet P1. Node N7 performs the standard SRv6 SID and SRH processing on the origi nal packet P1.
Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT 999:: SID Specifically, it executes the VPN SID indicated by the 2001:db8:K:7:DT 999:: SID
and based on lookup in table 100 forwards the packet P1 and, based on lookup in table 100, forwards packet P1
(IPv4 header)(payload) towards CE 2. (IPv4 header)(payload) towards CE2.
</t> </li>
<li>
<t>
The controller N100 processes and correlates the copy of the packets The controller N100 processes and correlates the copy of the packets
sent from nodes N1, N4 and N7 to find segment-by-segment delays and sent from nodes N1, N4, and N7 to find segment-by-segment delays and
provide other hybrid OAM information related to packet P1. provide other hybrid OAM information related to packet P1.
For segment-by-segment delay computation, it is assumed that clock <!-- [rfced] We updated "clock are synchronized time" to "clocks are
are synchronized time across the SR domain. synchronized" here. Please let us know if you prefer to revise this in a
different way.
</t> Original:
<t> For segment-by-segment delay computation, it is assumed that
The process continues for any other sampled packets. </t> clock are synchronized time across the SR domain.
</list>
</t>
</section> <!--end: O-flag --> Updated:
For segment-by-segment delay computation, it is assumed that
clocks are synchronized across the SR domain.
-->
For segment-by-segment delay computation, it is assumed that clocks
are synchronized time across the SR domain.
<section title="Monitoring of SRv6 Paths"> </li>
<li>
The process continues for any other sampled packets. </li>
</ul>
</section>
<!--end: O-flag -->
<t> In the recent past, network operators demonstrated interest in perform <section numbered="true" toc="default">
ing <name>Monitoring of SRv6 Paths</name>
network OAM functions in a centralized manner. <xref target='RFC8403'/> <!-- [rfced] In the first paragraph of Appendix A.4, we updated a couple
describes such a centralized OAM mechanism. Specifically, the document instances of "the document" to "[RFC8403]" for clarity. We also combined
the last two sentences in the paragraph. Please review to ensure that
these updated accurately convey the intended meaning.
-->
<t> In the recent past, network operators demonstrated interest in perf
orming
network OAM functions in a centralized manner. <xref target="RFC8403" format
="default"/>
describes such a centralized OAM mechanism. Specifically, <xref target="RFC
8403" format="default"/>
describes a procedure that can be used to perform path continuity describes a procedure that can be used to perform path continuity
check between any nodes within an SR domain from a centralized checks between any nodes within an SR domain from a centralized
monitoring system. However, the document focuses on SR networks with MPLS d monitoring system. However, while <xref target="RFC8403" format="default"/>
ata focuses on SR networks with MPLS data
plane. This document describes how plane, this document describes how
the concept can be used to perform path monitoring in an SRv6 network the concept can be used to perform path monitoring in an SRv6 network
from a centralized controller. from a centralized controller.
</t> </t>
<t> In the reference topology in <xref target="ref-top"/>, N100 uses an
<t> In the reference topology in Figure 1, N100 uses an IGP protocol IGP protocol
like OSPF or IS-IS to get the topology view within the IGP domain. like OSPF or IS-IS to get a view of the topology within the IGP domain.
N100 can also use BGP-LS to get the complete view of an inter-domain N100 can also use BGP-LS to get the complete view of an inter-domain
topology. The controller leverages the visibility of topology. The controller leverages the visibility of
the topology to monitor the paths between the various endpoints. the topology to monitor the paths between the various endpoints.
</t> </t>
<t>The controller N100 advertises an End
<t>The controller N100 advertises an END SID <xref target="RFC8986" format="default"/> 2001:db8:K:100:1::. To monito
SID <xref target="RFC8986"/> 2001:db8:K:100:1::. To monitor any r any
arbitrary SRv6 paths, the controller can create a loopback probe that origi nates and arbitrary SRv6 paths, the controller can create a loopback probe that origi nates and
terminates on Node N100. To distinguish between a failure in the monitored path terminates on node N100. To distinguish between a failure in the monitored path
and loss of connectivity between the controller and the network, and loss of connectivity between the controller and the network,
Node N100 runs a suitable mechanism to monitor its connectivity to the moni node N100 runs a suitable mechanism to monitor its connectivity to the moni
tored network. tored network.
</t> </t>
<t>
<t> The following example illustrates loopback probes in which controller N100
The loopback probes are exemplified using an example where controller N100
needs to verify a needs to verify a
segment list &lt;2001:db8:K:2:X31::, 2001:db8:K:4:X52::&gt;: segment list &lt;2001:db8:K:2:X31::, 2001:db8:K:4:X52::&gt;:
<list style="symbols"> </t>
<t>N100 generates an OAM packet (2001:db8:L:100::, <ul spacing="normal">
<li>N100 generates an OAM packet (2001:db8:L:100::,
2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::, 2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::,
SL=2)(OAM Payload). The controller routes the probe packet towards the fi rst SL=2)(OAM Payload). The controller routes the probe packet towards the fi rst
segment, which is 2001:db8:K:2:X31::. segment, which is 2001:db8:K:2:X31::.
</t> </li>
<li>Node N2 executes the End.X behavior indicated by the 2001:db8:K:2:
<t>Node N2 executes the End.X behavior indicated by the 2001:db8:K:2:X31: X31:: SID and
: SID and
forwards the packet forwards the packet
(2001:db8:L:100::, (2001:db8:L:100::,
2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::, 2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::,
SL=1)(OAM Payload) on link3 to N3. SL=1)(OAM Payload) on link3 to N3.
</t> </li>
<li> Node N3, which is a non-SRv6-capable node, performs the standard
<t> Node N3, which is a non-SRv6 capable node, performs the standard
IPv6 processing. Specifically, it forwards the packet IPv6 processing. Specifically, it forwards the packet
based on the DA 2001:db8:K:4:X52:: in the IPv6 header. </t> based on DA 2001:db8:K:4:X52:: in the IPv6 header. </li>
<li>Node N4 executes the End.X behavior indicated by the 2001:db8:K:4:
<t>Node N4 executes the End.X behavior indicated by the 2001:db8:K:4:X52: X52:: SID and
: SID and
forwards the packet forwards the packet
(2001:db8:L:100::, (2001:db8:L:100::,
2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::, 2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2: X31::,
SL=0)(OAM Payload) on link10 to N5. SL=0)(OAM Payload) on link10 to N5.
</t> </li>
<li> Node N5, which is a non-SRv6-capable node, performs the standard
<t> Node N5, which is a non-SRv6 capable node, performs the standard
IPv6 processing. Specifically, it forwards the packet IPv6 processing. Specifically, it forwards the packet
based on the DA 2001:db8:K:100:1:: in the IPv6 header. </t> based on DA 2001:db8:K:100:1:: in the IPv6 header. </li>
<li>Node N100 executes the standard SRv6 END behavior. It
decapsulates the header and consumes the probe for OAM processing. The in
formation
in the OAM payload is used to detect missing probes, round-trip delay, et
c.
</li>
</ul>
<t> The OAM payload type or
the information carried in the OAM probe is a local implementation
decision at the controller and is outside the scope of this document.
</t>
</section>
<!--end: Monitoring of SRv6 Paths -->
<t>Node N100 executes the standard SRv6 END behavior. It </section>
decapsulates the header and consume the probe for OAM processing. The inf <!--end: Illustrations-->
ormation
in the OAM payload is used to detect any missing probes, round trip delay
, etc.
</t>
</list> <section anchor="Acknowledgements" numbered="false" toc="default">
</t> <name>Acknowledgements</name>
<t> The authors would like to thank <contact fullname="Joel M. Halpern"/>,
<contact fullname="Greg Mirsky"/>,
<contact fullname="Bob Hinden"/>, <contact fullname="Loa Andersson"/>, <co
ntact fullname="Gaurav Naik"/>, <contact fullname="Ketan Talaulikar"/>, and <con
tact fullname="Haoyu Song"/>
for their review comments. </t>
</section>
<section anchor="Contributors" numbered="false" toc="default">
<name>Contributors</name>
<t>The following people contributed to this document:
</t>
<contact fullname="Robert Raszuk" >
<organization>Bloomberg LP</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>robert@raszuk.net</email>
</address>
</contact>
<t> The OAM payload type or <contact fullname="John Leddy" >
the information carried in the OAM probe is a local implementation <organization>Individual</organization>
decision at the controller and is outside the scope of this document. <address>
</t> <postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>john@leddy.net</email>
</address>
</contact>
</section> <!--end: Monitoring of SRv6 Paths --> <contact fullname="Gaurav Dawra" >
<organization>LinkedIn</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>gdawra.ietf@gmail.com</email>
</address>
</contact>
</section> <!--end: Illustrations--> <contact fullname="Bart Peirens" >
<organization>Proximus</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>bart.peirens@proximus.com</email>
</address>
</contact>
<section anchor="Acknowledgements" title="Acknowledgements"> <contact fullname="Nagendra Kumar" >
<t> The authors would like to thank Joel M. Halpern, Greg Mirsky, <organization>Cisco Systems, Inc.</organization>
Bob Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu Song <address>
for their review comments. </t> <postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>naikumar@cisco.com</email>
</address>
</contact>
<contact fullname="Carlos Pignataro" >
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>cpignata@cisco.com</email>
</address>
</contact>
<contact fullname="Rakesh Gandhi" >
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>rgandhi@cisco.com</email>
</address>
</contact>
<contact fullname="Frank Brockners" >
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>fbrockne@cisco.com</email>
</address>
</contact>
<contact fullname="Darren Dukes" >
<organization>Cisco Systems, Inc.</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>ddukes@cisco.com</email>
</address>
</contact>
<contact fullname="Cheng Li" >
<organization>Huawei</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>chengli13@huawei.com</email>
</address>
</contact>
<contact fullname="Faisal Iqbal" >
<organization>Individual</organization>
<address>
<postal>
<street></street>
<city></city>
<region></region><code></code>
<country></country>
</postal>
<email>faisal.ietf@gmail.com</email>
</address>
</contact>
</section> </section>
<!-- [rfced] XML Formatting
<section anchor="Contributors" title="Contributors"> a) In Section 2.1.1, updated <artwork> to <sourcecode type="pseudocode">.
<t>The following people have contributed to this document: Please review and let us know any objections.
<figure>
<artwork><![CDATA[
Robert Raszuk
Bloomberg LP
Email: robert@raszuk.net
]]>
</artwork>
</figure>
<figure> b) Please review each <artwork> element in the xml file. Specifically, should
<artwork><![CDATA[ any <artwork> element be tagged as <sourcecode> or another element?
John Leddy
Individual
Email: john@leddy.net
]]>
</artwork>
</figure>
<figure> c) The <artwork> in Section 2.1.1 was too wide for the txt output, so we
<artwork><![CDATA[ wrapped lines in the "Ref1" portion. Please review and let us know any
Gaurav Dawra objections.
LinkedIn
Email: gdawra.ietf@gmail.com
]]>
</artwork>
</figure>
<figure> d) The <artwork> in Sections A.2.1 and A.2.2 were also too wide. Both had
<artwork><![CDATA[ three extra spaces in the left margin in the XML, which we reduced as follows
Bart Peirens so that the figures fit.
Proximus
Email: bart.peirens@proximus.com
]]>
</artwork>
</figure>
<figure> * Figure 3 - reduced left indent by 3 (no spaced in left indent)
<artwork><![CDATA[ * Figure 4 - reduced left indent by 1 (still 2 spaces in left indent)
Nagendra Kumar -->
Cisco Systems, Inc. <!-- [rfced] Abbreviations
Email: naikumar@cisco.com
]]>
</artwork>
</figure>
<figure> a) This document expands the acronym SRv6 as "Segment Routing with IPv6 data
<artwork><![CDATA[ plane". However, we see that most published RFCs use the expansion "Segment
Carlos Pignataro Routing over IPv6 (SRv6)". See RFCs 8986, 8754, 8402, and 8354. May we update
Cisco Systems, Inc. the expansion in this document accordingly? Note that this update would affect
Email: cpignata@cisco.com the document title. Also note that we will add this expansion in the abstract
]]> (as our policy is to expand the first instance of an acronym in the text) and
</artwork> update the expansion in Sections 1 and 1.2.
</figure>
<figure> Current title:
<artwork><![CDATA[ Operations, Administration, and Maintenance (OAM) in Segment Routing
Rakesh Gandhi Networks with IPv6 Data Plane (SRv6)
Cisco Systems, Inc.
Canada
Email: rgandhi@cisco.com
]]>
</artwork>
</figure>
<figure> Perhaps:
<artwork><![CDATA[ Operations, Administration, and Maintenance (OAM) in Segment Routing
Frank Brockners over IPv6 (SRv6)
Cisco Systems, Inc.
Germany
Email: fbrockne@cisco.com
]]>
</artwork>
</figure>
<figure> b) Would it be helpful to add a citation to RFC 8402 for this entry
<artwork><![CDATA[ in Section 1.2 ("Abbreviations")? We ask because we see RFC 8402 cited
Darren Dukes for SRv6 in the Introduction.
Cisco Systems, Inc.
Email: ddukes@cisco.com
]]>
</artwork>
</figure>
<figure> Original:
<artwork><![CDATA[ SRv6: Segment Routing with IPv6 Data plane.
Cheng Li
Huawei
Email: chengli13@huawei.com
]]>
</artwork>
</figure>
<figure> Perhaps:
<artwork><![CDATA[ SRv6: Segment Routing with IPv6 Data plane [RFC8402]
Faisal Iqbal
Individual
Email: faisal.ietf@gmail.com
]]>
</artwork>
</figure>
</t>
</section> c) FYI: We updated these entries in Section 1.2 ("Abbreviations")
as follows:
</back> Original:
ICMPv6: ICMPv6 Specification [RFC4443].
PSP: Penultimate Segment Pop of the SRH [RFC8986].
USP: Ultimate Segment Pop of the SRH [RFC8986].
BGP-LS: Border Gateway Protocol - Link State Extensions [RFC8571]
Updated:
ICMPv6: Internet Control Message Protocol for the Internet Protocol
version 6 [RFC4443]
PSP: Penultimate Segment Pop [RFC8986]
USP: Ultimate Segment Pop [RFC8986]
BGP-LS: Border Gateway Protocol - Link State [RFC8571]
-->
<!-- [rfced] Terminology
a) We see an instance esch of "link 3" and "link 10" (with space after "link");
we updated these to "link3" and "link10" (no space), respectively, to match
the usage in Figure 1 and elsewhere in the document. However, please confirm
that you prefer no space in these.
b) We see instances of "node Nx" as well as simply "Nx" (e.g., "node N1" and
"N1"). See example below. Are any changes needed for consistency, or is
this okay as is?
Example of "node Nx":
This is because node N2 is not capable of processing the
O-flag. Node N2 performs the standard SRv6 SID and SRH
processing.
Example of "Nx" (no "node" before):
N1, N4, and N7 are capable of processing O-flag but N2 is not
capable of processing O-flag.
c) We note inconsistencies in the terms below throughout the text. Should
these be uniform? If so, please let us know which form is preferred.
SR policy vs. SR Policy
Note: RFCs 8754 and 8986 use "SR Policy".
policy P vs. Policy P
upper-layer header vs. Upper-Layer Header
Note: We hyphenated a few instances of "upper layer header".
d) We also note inconsistencies in the terms listed below. We chose the form on
the right. Please let us know any objections.
"Flags" field vs. Flags field
segment-list vs. segment list
Note: We do not see the hyphenated form used in past RFCs.
Node N5 vs. node N5 (and other nodes as well)
Note: The lowercase "node" is more common in this document.
IPv6 Address vs. IPv6 address
e) FYI: We updated "END SID" to "End SID" per RFC 8986.
f) FYI: We updated "marking-bit" to "marking bit" (no hyphen).
-->
<!-- [rfced] Please review the "Inclusive Language" portion of the online
Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
and let us know if any changes are needed. -->
</back>
</rfc> </rfc>
 End of changes. 270 change blocks. 
944 lines changed or deleted 1446 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/

mirror server hosted at Truenetwork, Russian Federation.