rfc9516.original   rfc9516.txt 
SFC WG G. Mirsky Internet Engineering Task Force (IETF) G. Mirsky
Internet-Draft Ericsson Request for Comments: 9516 Ericsson
Intended status: Standards Track W. Meng Category: Standards Track W. Meng
Expires: 8 January 2024 ZTE Corporation ISSN: 2070-1721 ZTE Corporation
T. Ao T. Ao
China Mobile China Mobile
B. Khasnabish B. Khasnabish
K. Leung K. Leung
Individual contributor Individual contributor
G. Mishra G. Mishra
Verizon Inc. Verizon Inc.
7 July 2023 November 2023
Active OAM for Service Function Chaining (SFC) Active Operations, Administration, and Maintenance (OAM) for Service
draft-ietf-sfc-multi-layer-oam-28 Function Chaining (SFC)
Abstract Abstract
A set of requirements for active Operation, Administration, and A set of requirements for active Operations, Administration, and
Maintenance (OAM) of Service Function Chains (SFCs) in a network is Maintenance (OAM) for Service Function Chaining (SFC) in a network is
presented in this document. Based on these requirements, an presented in this document. Based on these requirements, an
encapsulation of active OAM messages in SFC and a mechanism to detect encapsulation of active OAM messages in SFC and a mechanism to detect
and localize defects are described. and localize defects are described.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 8 January 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9516.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction
2. Terminology and Conventions . . . . . . . . . . . . . . . . . 4 2. Terminology and Conventions
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2.1. Requirements Language
2.2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. Acronyms
3. Requirements for Active OAM in SFC . . . . . . . . . . . . . 5 3. Requirements for Active OAM in SFC
4. Active OAM Identification in the NSH . . . . . . . . . . . . 7 4. Active OAM Identification in the NSH
5. Active SFC OAM Header . . . . . . . . . . . . . . . . . . . . 8 5. SFC Active OAM Header
6. Echo Request/Echo Reply for SFC . . . . . . . . . . . . . . . 9 6. Echo Request/Reply for SFC
6.1. Return Codes . . . . . . . . . . . . . . . . . . . . . . 11 6.1. Return Codes
6.2. Authentication in Echo Request/Reply . . . . . . . . . . 11 6.2. Authentication in Echo Request/Reply
6.3. SFC Echo Request Transmission . . . . . . . . . . . . . . 11 6.3. SFC Echo Request Transmission
6.3.1. Source ID TLV . . . . . . . . . . . . . . . . . . . . 12 6.3.1. Source ID TLV
6.4. Processing Received SFC Echo Request . . . . . . . . . . 13 6.4. Processing a Received SFC Echo Request
6.4.1. Errored TLVs TLV . . . . . . . . . . . . . . . . . . 15 6.4.1. Errored TLVs TLV
6.5. SFC Echo Reply Transmission . . . . . . . . . . . . . . . 16 6.5. SFC Echo Reply Transmission
6.5.1. Reply Service Function Path TLV . . . . . . . . . . . 16 6.5.1. Reply Service Function Path TLV
6.5.2. Theory of Operation . . . . . . . . . . . . . . . . . 17 6.5.2. Theory of Operation
6.5.3. SFC Echo Reply Reception . . . . . . . . . . . . . . 18 6.5.3. SFC Echo Reply Reception
6.5.4. Tracing an SFP . . . . . . . . . . . . . . . . . . . 19 6.5.4. Tracing an SFP
6.6. The Use of Consistency Verification Request Message . . . 19 6.6. The Use of the Consistency Verification Request Message
6.6.1. SFF Information Record TLV . . . . . . . . . . . . . 20 6.6.1. SFF Information Record TLV
6.6.2. SF Information Sub-TLV . . . . . . . . . . . . . . . 21 6.6.2. SF Information Sub-TLV
6.6.3. SF Information Sub-TLV Construction . . . . . . . . . 22 6.6.3. SF Information Sub-TLV Construction
7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 7. Security Considerations
8. Operational Considerations . . . . . . . . . . . . . . . . . 24 8. Operational Considerations
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 25 9. IANA Considerations
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 9.1. SFC Active OAM Protocol
10.1. SFC Active OAM Protocol . . . . . . . . . . . . . . . . 26 9.2. SFC Active OAM
10.2. SFC Active OAM . . . . . . . . . . . . . . . . . . . . . 26 9.2.1. SFC Active OAM Message Types
10.2.1. SFC Active OAM Message Type . . . . . . . . . . . . 26 9.2.2. SFC Echo Request Flags
10.3. SFC Echo Request/Echo Reply Parameters . . . . . . . . . 27 9.2.3. SFC Echo Types
10.3.1. SFC Echo Request Flags . . . . . . . . . . . . . . . 27 9.2.4. SFC Echo Reply Modes
10.3.2. SFC Echo Types . . . . . . . . . . . . . . . . . . . 27 9.2.5. SFC Echo Return Codes
10.3.3. SFC Echo Reply Modes . . . . . . . . . . . . . . . . 28 9.2.6. SFC Active OAM TLV Types
10.3.4. SFC Echo Return Codes . . . . . . . . . . . . . . . 29 9.2.7. SF Identifier Types
10.4. SFC Active OAM TLV Type . . . . . . . . . . . . . . . . 30 10. References
10.5. SF Identifier Types . . . . . . . . . . . . . . . . . . 31 10.1. Normative References
10.2. Informative References
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 Acknowledgments
11.1. Normative References . . . . . . . . . . . . . . . . . . 32 Contributors
11.2. Informative References . . . . . . . . . . . . . . . . . 33 Authors' Addresses
Contributors' Addresses . . . . . . . . . . . . . . . . . . . . . 35
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35
1. Introduction 1. Introduction
[RFC7665] defines data plane elements necessary to implement a [RFC7665] defines data plane elements necessary to implement Service
Service Function Chaining (SFC). These include: Function Chaining (SFC). These include the following:
1. Classifiers that perform the classification of incoming packets. 1. Classifiers that perform the classification of incoming packets.
Such classification may result in associating a received packet Such classification may result in associating a received packet
to a service function chain. to a service function chain.
2. Service Function Forwarders (SFFs) that are responsible for 2. Service Function Forwarders (SFFs) that are responsible for
forwarding traffic to one or more connected Service Functions forwarding traffic to one or more connected Service Functions
(SFs) according to the information carried in the SFC (SFs) according to the information carried in the SFC
encapsulation and handling traffic coming back from the SFs and encapsulation and handling traffic coming back from the SFs and
forwarding it to the next SFF. forwarding it to the next SFF.
3. SFs that are responsible for executing specific service treatment 3. SFs that are responsible for executing specific service treatment
on received packets. on received packets.
There are different views from different levels of the SFC. One is There are different views from different levels of SFC. One is the
the service function chain, an entirely abstract view, which defines service function chain, an entirely abstract view, which defines an
an ordered set of SFs that must be applied to packets selected based ordered set of SFs that must be applied to packets selected based on
on classification rules. But service function chain doesn't specify classification rules. But the service function chain doesn't specify
the exact mapping between SFFs and SFs. Thus, another logical the exact mapping between SFFs and SFs. Thus, another logical
construct used in SFC is a Service Function Path (SFP). According to construct used in SFC is a Service Function Path (SFP). According to
[RFC7665], SFP is the instantiation of the SFC in the network and [RFC7665], an SFP is the instantiation of SFC in the network and
provides a level of indirection between the entirely abstract SFCs provides a level of indirection between the entirely abstract SFCs
and a fully specified ordered list of SFFs and SFs identities that and a fully specified, ordered list of SFF and SF identities that the
the packet will visit when it traverses the SFC. The latter entity packet will visit when it traverses SFC. The latter entity is
is referred to as Rendered Service Path (RSP). The main difference referred to as Rendered Service Path (RSP). The main difference
between SFP and RSP is that the former is the logical construct, between an SFP and RSP is that the former is the logical construct,
while the latter is the realization of the SFP via the sequence of while the latter is the realization of the SFP via the sequence of
specific SFC data plane elements. specific SFC data plane elements.
This document defines how active Operation, Administration and This document defines how active Operations, Administration, and
Maintenance (OAM), per [RFC7799] definition of active OAM, is Maintenance (OAM), per the definition of active OAM in [RFC7799], is
implemented when Network Service Header (NSH) [RFC8300] is used as implemented when the Network Service Header (NSH) [RFC8300] is used
the SFC encapsulation. Following the analysis of SFC OAM in as the SFC encapsulation. Following the analysis of SFC OAM in
[RFC8924], this document applies and, when necessary, extends [RFC8924], this document applies and, when necessary, extends
requirements listed in Section 4 of [RFC8924] for the use of active requirements listed in Section 4 of [RFC8924] for the use of active
OAM in an SFP supporting fault management and performance monitoring. OAM in an SFP supporting fault management and performance monitoring.
Active OAM tools, conformant to this specification, improve OAM's Active OAM tools that are conformant to this specification improve
ability for Fault Management (FM) by, for example, using the query OAM's ability for Fault Management (FM) by, for example, using the
mechanism to troubleshoot and localize defects, which conforms to the query mechanism to troubleshoot and localize defects, which conforms
stateless character of transactions in SFC NSH [RFC8300]. Note that to the stateless character of transactions in SFC NSH [RFC8300].
Performance Monitoring OAM, as mentioned in [RFC8924], as a Note that Performance Monitoring OAM, as required by [RFC8924], is
requirement, is not satisfied by this document and is out of scope. not satisfied by this document and is out of scope. For the purpose
For the purpose of FM OAM in SFC, SFC Echo Request and Echo Reply are of FM OAM in SFC, the SFC Echo Request and Echo Reply are specified
specified in Section 6. These mechanisms enable on-demand Continuity in Section 6. These mechanisms enable on-demand continuity check and
Check and Connectivity Verification, among other operations, over SFC connectivity verification, among other operations, over SFC in
in networks and addresses functionalities discussed in Sections 4.1, networks and address functionalities discussed in Sections 4.1, 4.2,
4.2, and 4.3 of [RFC8924]. SFC Echo Request and Echo Reply can be and 4.3 of [RFC8924]. The SFC Echo Request and Echo Reply can be
used with encapsulations other than NSH, for example, using MPLS used with encapsulations other than the NSH, for example, using MPLS
encapsulation, as described in [RFC8595]. The applicability of the encapsulation, as described in [RFC8595]. The applicability of the
SFC Echo Request/Reply mechanism in SFC encapsulations other than NSH SFC Echo Request/Reply mechanism in SFC encapsulations other than the
is outside the scope of this document. NSH is outside the scope of this document.
The intended scope of active SFC OAM is for use within a single The intended scope of SFC active OAM is for use within a single
provider operational domain. Active SFC OAM deployment scope is provider's operational domain. The SFC active OAM deployment scope
deliberately constrained, as explained in [RFC7665] and [RFC8300], is deliberately constrained, as explained in [RFC7665] and [RFC8300],
and limited to a single network administrative domain. and limited to a single network administrative domain.
2. Terminology and Conventions 2. Terminology and Conventions
The terminology defined in [RFC7665] is used extensively throughout The terminology defined in [RFC7665] is used extensively throughout
this document, and the reader is expected to be familiar with it. this document, and the reader is expected to be familiar with it.
In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC In this document, SFC OAM refers to an active OAM [RFC7799] in an SFC
architecture. In this document, "Echo Request/Reply" and "SFC Echo architecture. Additionally, "Echo Request/Reply" and "SFC Echo
Request/Reply" are used interchangeably. Request/Reply" are used interchangeably.
2.1. Requirements Language 2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2.2. Acronyms 2.2. Acronyms
E2E: End-to-End E2E: End-to-End
FM: Fault Management FM: Fault Management
NSH: Network Service Header MAC: Message Authentication Code
OAM: Operations, Administration, and Maintenance NSH: Network Service Header
RSP: Rendered Service Path OAM: Operations, Administration, and Maintenance
SF: Service Function
SFC: Service Function Chain RSP: Rendered Service Path
SFF: Service Function Forwarder SF: Service Function
SFI: Service Function Instance SFC: Service Function Chaining
SFP: Service Function Path SFF: Service Function Forwarder
MAC: Message Authentication Code SFI: Service Function Instance
SFP: Service Function Path
3. Requirements for Active OAM in SFC 3. Requirements for Active OAM in SFC
As discussed in [RFC8924], SFC-specific means are needed to perform As discussed in [RFC8924], SFC-specific means are needed to perform
the FM OAM task in an SFC architecture, including failure detection, the FM OAM task in an SFC architecture, including failure detection,
defect characterization, and localization. This document defines the defect characterization, and localization. This document defines the
set of requirements for active FM OAM mechanisms to be used in an SFC set of requirements for active FM OAM mechanisms to be used in an SFC
architecture. architecture.
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
skipping to change at page 5, line 37 skipping to change at line 222
\ / \ / \ / \ / \ / \ /
+----------+ +----+ +----+ +----+ +----------+ +----+ +----+ +----+
|Classifier|---|SFF1|---------|SFF2|----------|SFF3| |Classifier|---|SFF1|---------|SFF2|----------|SFF3|
+----------+ +----+ +----+ +----+ +----------+ +----+ +----+ +----+
Figure 1: An Example of SFC Data Plane Architecture Figure 1: An Example of SFC Data Plane Architecture
The architecture example depicted in Figure 1 considers a service The architecture example depicted in Figure 1 considers a service
function chain that includes three distinct service functions. In function chain that includes three distinct service functions. In
this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is this example, the SFP traverses SFF1, SFF2, and SFF3. Each SFF is
connected to two service function instances (SFIs) of the same connected to two Service Function Instances (SFIs) of the same SF.
service function. End-to-end (E2E) SFC OAM has the Classifier as the End-to-End (E2E) SFC OAM has the Classifier as the ingress and SFF3
ingress and SFF3 as its egress. The scope of Segment SFC OAM is as its egress. The scope of Segment SFC OAM is between two elements
between two elements that are part of the same SFP. Following are that are part of the same SFP. The following are the requirements
the requirements for an FM SFC OAM, whether with the E2E or segment for an FM SFC OAM, whether with the E2E or segment scope:
scope:
REQ#1: Packets of active SFC OAM SHOULD be fate sharing with the REQ1: Packets of SFC active OAM SHOULD be fate sharing with the
monitored SFC data in the forward direction from ingress toward monitored SFC data in the forward direction from ingress
egress endpoint(s) of the OAM test. toward egress endpoint(s) of the OAM test.
The fate sharing, in the SFC environment, is achieved when a test The fate sharing, in the SFC environment, is achieved when a test
packet traverses the same path and receives the same treatment in the packet traverses the same path and receives the same treatment in the
underlay network layer as an SFC-encapsulated packet. underlay network layer as an SFC-encapsulated packet.
REQ#2: SFC OAM MUST support monitoring of the continuity of the REQ2: SFC OAM MUST support monitoring of the continuity of the SFP
SFP between any of its elements. between any of its elements.
An SFC failure might be declared when several consecutive test An SFC failure might be declared when several consecutive test
packets are not received within a pre-determined time. For example, packets are not received within a predetermined time. For example,
in the E2E FM SFC OAM case, the egress, SFF3 (Figure 1) could be the in the E2E FM SFC OAM case, i.e., the egress, SFF3 (Figure 1) could
entity that detects the SFP's failure by monitoring a flow of be the entity that detects the SFP's failure by monitoring a flow of
periodic test packets. The ingress may be capable of recovering from periodic test packets. The ingress may be capable of recovering from
the failure, e.g., using redundant SFC elements. Thus, it is the failure, e.g., using redundant SFC elements. Thus, it is
beneficial for the egress to signal the new defect state to the beneficial for the egress to signal the new defect state to the
ingress, which in this example is the Classifier. Hence the ingress, which in this example, is the Classifier, hence, the
following requirement: following requirement:
REQ#3: SFC OAM MUST support Remote Defect Indication notification REQ3: SFC OAM MUST support Remote Defect Indication notification by
by the egress to the ingress. the egress to the ingress.
REQ#4: SFC OAM MUST support connectivity verification of the SFP. REQ4: SFC OAM MUST support connectivity verification of the SFP.
Definition of the misconnection defect, entry, and exit criteria The definitions of the misconnection defect, entry, and exit
are outside the scope of this document. criteria are outside the scope of this document.
Once an SFF detects the defect, the objective of the SFC OAM changes Once an SFF detects the defect, the objective of the SFC OAM changes
from the detection of a defect to defect characterization and from the detection of a defect to defect characterization and
localization. localization.
REQ#5: SFC OAM MUST support fault localization of the Loss of REQ5: SFC OAM MUST support fault localization of the loss of
Continuity Check within an SFP. continuity check within an SFP.
REQ#6: SFC OAM MUST support an SFP tracing to discover the RSP. REQ6: SFC OAM MUST support an SFP tracing to discover the RSP.
In the example presented in Figure 1, two distinct instances of the In the example presented in Figure 1, two distinct instances of the
same service function share the same SFF. In this example, the SFP same SF share the same SFF. In this example, the SFP can be realized
can be realized over several RSPs that use different instances of SF over several RSPs that use different instances of the SF of the same
of the same type. For instance, RSP1(SFI11--SFI21--SFI31) and type, for instance, RSP1(SFI11--SFI21--SFI31) and RSP2(SFI12--SFI22--
RSP2(SFI12--SFI22--SFI32). Available RSPs can be discovered using SFI32). Available RSPs can be discovered using the trace function
the trace function discussed in Section 4.3 of [RFC8924] or the discussed in Section 4.3 of [RFC8924] or the procedure defined in
procedure defined in Section 6.5.4. Section 6.5.4.
REQ#7: SFC OAM MUST have the ability to discover and exercise all REQ7: SFC OAM MUST have the ability to discover and exercise all
available RSPs in the network. available RSPs in the network.
The SFC OAM layer model described in [RFC8924] offers an approach for The SFC OAM layer model described in [RFC8924] offers an approach for
defect localization within a service function chain. As the first defect localization within a service function chain. As the first
step, the SFP's continuity for SFFs that are part of the same SFP step, the SFP's continuity for SFFs that are part of the same SFP
could be verified. After the reachability of SFFs has already been could be verified. After the reachability of SFFs has already been
verified, SFFs that serve an SF may be used as a test packet source. verified, SFFs that serve an SF may be used as a test packet source.
In such a case, SFF can act as a proxy for another element within the In such a case, an SFF can act as a proxy for another element within
service function chain. the service function chain.
REQ#8: SFC OAM MUST be able to trigger on-demand FM remotely with REQ8: SFC OAM MUST be able to trigger on-demand FM remotely with
responses being directed toward the initiator of the remote responses being directed toward the initiator of the remote
request. request.
The conformance of the SFC Echo Request/Reply mechanism to these The conformance of the SFC Echo Request/Reply mechanism to these
requirements reflected below: requirements is reflected below:
* REQ#1: Fate sharing via SFC Echo Request/Reply defined in REQ1: Fate sharing via the SFC Echo Request/Reply defined in
Section 6. Section 6.
* REQ#2: Continuity monitoring via SFF traceroute defined in Tracing REQ2: Continuity monitoring via the SFP tracing defined in
an SFP Section 6.5.4. Section 6.5.4.
* REQ#3: Remote defect detection via SFC Echo Request/Reply defined REQ3: Remote defect detection via the SFC Echo Request/Reply defined
in Section 6. in Section 6.
* REQ#4: Connectivity verification via SFF traceroute Section 6.5.4. REQ4: Connectivity verification via the SFP tracing defined in
Section 6.5.4.
* REQ#5: Fault localization via Verification of the SFP consistency REQ5: Fault localization via verification of the SFP consistency
Section 6.6. defined in Section 6.6.
* REQ#6: SFP tracing via Tracing an SFP in Section 6.5.4 and REQ6: SFP tracing as described in Section 6.5.4 and verification of
Verification of SFP consistency Section 6.6. SFP consistency as defined in Section 6.6.
* REQ#7: Discover and exercise available RSPs via Trace REQ7: Discover and exercise available RSPs via trace defined in
Section 6.5.4. Section 6.5.4.
* REQ#8: Can be addressed by adding the proxying capability to the REQ8: Can be addressed by adding the proxying capability to the SFC
SFC Echo Request/Reply described in this document. [RFC7555] Echo Request/Reply described in this document. [RFC7555]
describes an example of a proxy function for an Echo Request. describes an example of a proxy function for an Echo Request.
Specification of proxy function for SFC Echo Request is outside Specification of a proxy function for SFC Echo Request is
the scope of this document. outside the scope of this document.
4. Active OAM Identification in the NSH 4. Active OAM Identification in the NSH
Active SFC OAM combines OAM commands and/or data included in a SFC active OAM combines OAM commands and/or data included in a
message that immediately follows the NSH. To identify the active SFC message that immediately follows the NSH. To identify the SFC active
OAM message, the "Next Protocol" field MUST be set to Active SFC OAM OAM message, the Next Protocol field MUST be set to SFC Active OAM
(TBA1) (Section 10.1). The O bit in the NSH MUST be set, according (0x07) (Section 9.1). The O bit in the NSH MUST be set, according to
to [I-D.ietf-sfc-oam-packet]. A case when the O bit is clear and the [RFC9451]. A case when the O bit is clear and the Next Protocol
"Next Protocol" field value is set to Active SFC OAM (TBA1) is field value is set to SFC Active OAM (0x07) is considered an
considered an erroneous combination. An implementation MUST report erroneous combination. An implementation MUST report it. Although
it. Although the notification mechanism is outside the scope of this the notification mechanism is outside the scope of this
specification, note that it MUST include rate-limiting control. The specification, note that it MUST include rate-limiting control. The
packet SHOULD be dropped. An implementation MAY have control to packet SHOULD be dropped. An implementation MAY have control to
enable the processing of the OAM payload. enable the processing of the OAM payload.
5. Active SFC OAM Header 5. SFC Active OAM Header
SFC OAM is required to perform multiple tasks. Several active OAM SFC OAM is required to perform multiple tasks. Several active OAM
protocols could be used to address all the requirements. When IP/UDP protocols could be used to address all the requirements. When IP/UDP
encapsulation of an SFC OAM control message is used, protocols can be encapsulation of an SFC OAM control message is used, protocols can be
demultiplexed using the destination UDP port number. But an extra demultiplexed using the destination UDP port number. But an extra
IP/UDP header, especially in an IPv6 network, adds overhead compared IP/UDP header, especially in an IPv6 network, adds overhead compared
to the length of an active OAM control packet (e.g., BFD Control to the length of an Active OAM Control Packet (e.g., BFD Control
packet [RFC5880]). In some environments, for example, when measuring packet [RFC5880]). In some environments, for example, when measuring
performance metrics, it is beneficial to transmit OAM packets in a performance metrics, it is beneficial to transmit OAM packets in a
broad range of lengths to emulate application traffic closer. This broad range of lengths to emulate application traffic closer. This
document defines an Active OAM Header (Figure 2) to demultiplex document defines an Active OAM Header (Figure 2) to demultiplex
active OAM protocols on an SFC. active OAM protocols on SFC.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| V | Msg Type | Reserved | Length | | V | Msg Type | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ SFC Active OAM Control Packet ~ ~ SFC Active OAM Control Packet ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: SFC Active OAM Header Figure 2: SFC Active OAM Header
V - a four-bit field indicates the current version of the SFC V - a four-bit field that indicates the current version of the SFC
active OAM header. The current value is 0. The version number is Active OAM Header. The current value is 0. The version number is
to be incremented whenever a change is made that affects the to be incremented whenever a change is made that affects the
ability of an implementation to parse or process the SFC Active ability of an implementation to parse or process the SFC Active
OAM Header correctly. For example, if syntactic or semantic OAM Header correctly, for example, if syntactic or semantic
changes are made to any of the fixed fields. changes are made to any of the fixed fields.
Msg Type - a six-bit field identifies OAM protocol, e.g., Echo Msg Type - a six-bit field that identifies the OAM protocol, e.g.,
Request/Reply. the Echo Request/Reply.
Reserved - an six-bit field. It MUST be zeroed on transmission Reserved - a six-bit field. It MUST be zeroed on transmission and
and ignored on receipt. ignored on receipt.
Length - a two-octet field that is the length of the SFC active Length - a two-octet field that is the length of the SFC Active OAM
OAM control packet in octets. Control Packet in octets.
6. Echo Request/Echo Reply for SFC 6. Echo Request/Reply for SFC
Echo Request/Reply is a well-known active OAM mechanism extensively The Echo Request/Reply is a well-known active OAM mechanism
used to verify a path's continuity, detect inconsistencies between a extensively used to verify a path's continuity, detect
state in control and the data planes, and localize defects in the inconsistencies between a state in control and the data planes, and
data plane. ICMP ([RFC0792] for IPv4 and [RFC4443] for IPv6 localize defects in the data plane. ICMP ([RFC0792] for IPv4 and
networks) and [RFC8029] are examples of broadly used active OAM [RFC4443] for IPv6 networks) and MPLS [RFC8029] are examples of
protocols based on the Echo Request/Reply principle. The SFC Echo broadly used active OAM protocols based on the Echo Request/Reply
Request/Reply control message (format is presented in Figure 3) is an principle. The SFC Echo Request/Reply control message (format is
instance of the SFC Active OAM Control Packet that is a part of the presented in Figure 3) is an instance of the SFC Active OAM Control
SFC Active OAM Header (Figure 2). Packet that is a part of the SFC Active OAM Header (Figure 2).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Echo Request Flags | Reserved | | Echo Request Flags | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Echo Type | Reply mode | Return Code |Return Subcode | | Echo Type | Reply Mode | Return Code |Return Subcode |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender's Handle | | Sender's Handle |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ TLVs ~ ~ TLVs ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: SFC Echo Request/Reply Format Figure 3: SFC Echo Request/Reply Format
The interpretation of the fields is as follows: The interpretation of the fields is as follows:
The Echo Request Flags is a two-octet bit vector field. Echo Request Flags - a two-octet bit vector field. Section 9.2.2
Section 10.3.1 requests IANA to create a new registry for flags. requests IANA to create a new registry for flags. This
This specification defines all flags for future use. Flags MUST specification defines all flags for future use. Flags MUST be
be zeroed on transmission and ignored on receipt. zeroed on transmission and ignored on receipt.
Reserved is a two-octet field. It MUST be zeroed on transmission Reserved - a two-octet field. It MUST be zeroed on transmission and
and ignored on receipt. ignored on receipt.
The Echo Type is a one-octet field that reflects the packet type. Echo Type - a one-octet field that reflects the packet type. SFC
SFC Echo Request/Echo Reply Echo Types, defined in this document, Echo Request/Reply Echo Types, defined in this document, are
are listed in Section 10.3.2. listed in Section 9.2.3.
The Reply Mode is a one-octet field. It defines the type of the Reply Mode - a one-octet field. It defines the type of the return
return path requested by the sender of the Echo Request. path requested by the sender of the Echo Request.
Return Codes and Subcodes are one-octet fields each. These can be Return Code and Return Subcode - one-octet fields each. These can
used to inform the sender about the result of processing its be used to inform the sender about the result of processing its
request. For all Return Code values defined in this document request. For all Return Code values defined in this document
(Section 10.3.4), the value of the Return Subcode field MUST be (Section 9.2.5), the value of the Return Subcode field MUST be set
set to zero. to zero.
The Sender's Handle is a four-octet field. It MUST be filled in Sender's Handle - a four-octet field. It MUST be filled in by the
by the sender of the Echo Request and returned unchanged by the sender of the Echo Request and returned unchanged by the Echo
Echo Reply sender (if a reply is being sent). The sender of the Reply sender (if a reply is being sent). The sender of the Echo
Echo Request SHOULD use a pseudo-random number generator [RFC4086] Request SHOULD use a pseudorandom number generator [RFC4086] to
to set the value of the Sender's Handle field. In some use cases, set the value of the Sender's Handle field. In some use cases, an
an implementation MAY use the Sender's Handle for proprietary implementation MAY use the Sender's Handle for proprietary
signaling as long as the system that receives SFC Echo Request signaling as long as the system that receives the SFC Echo Request
doesn't alter the value of the Sender's Handle field but copies it doesn't alter the value of the Sender's Handle field but copies it
into SFC Echo Reply. into the SFC Echo Reply.
The Sequence Number is a four-octet field, and it is assigned by Sequence Number - a four-octet field. It is assigned by the sender
the sender and can be, for example, used to detect missed replies. and can be, for example, used to detect missed replies. The
The initial Sequence Number contains an unsigned integer that initial Sequence Number contains an unsigned integer that wraps
wraps around. It MUST be pseudo-randomly generated [RFC4086] and around. It MUST be pseudorandomly generated [RFC4086] and then
then SHOULD be monotonically increasing in the course of the test SHOULD be monotonically increasing in the course of the test
session. If a reply is sent, the sender of the SFC Echo Reply session. If a reply is sent, the sender of the SFC Echo Reply
message MUST copy the value from the received SFC Echo Request. message MUST copy the value from the received SFC Echo Request.
TLV is a variable-length construct whose length is multiple of four- TLV is a variable-length construct whose length is multiple four-
octet words. Multiple TLVs MAY be placed in an SFC Echo Request/ octet words. Multiple TLVs MAY be placed in an SFC Echo Request/
Reply packet. None, one or more sub-TLVs may be enclosed in the Reply packet. None, one, or more sub-TLVs may be enclosed in the
value part of a TLV, subject to the semantics of the (outer) TLV. If value part of a TLV, subject to the semantics of the (outer) TLV. If
no TLVs are included in an SFC Echo Request/Reply, the value of the no TLVs are included in an SFC Echo Request/Reply, the value of the
Length field in the SFC Active OAM Header MUST be 16 octets. Length field in the SFC Active OAM Header MUST be 16 octets.
Figure 4 presents the format of an SFC Echo Request/Reply TLV, where Figure 4 presents the format of an SFC Echo Request/Reply TLV, where
fields are defined as follows: the fields are defined as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Reserved | Length | | Type | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Value ~ ~ Value ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: SFC Echo Request/Reply TLV Format Figure 4: SFC Echo Request/Reply TLV Format
Type - a one-octet field that characterizes the interpretation of Type - a one-octet field that characterizes the interpretation of
the Value field. Type values are allocated according to the Value field. Type values are allocated according to
Section 10.4. Section 9.2.6.
Reserved - a one-octet field. The field MUST be zeroed on Reserved - a one-octet field. The field MUST be zeroed on
transmission and ignored on receipt. transmission and ignored on receipt.
Length - a two-octet field equal to the Value field's length in Length - a two-octet field equal to the Value field's length in
octets as an unsigned integer. octets as an unsigned integer.
Value - a variable-length field. The value of the Type field Value - a variable-length field. The value of the Type field
determines its interpretation and encoding. determines its interpretation and encoding.
6.1. Return Codes 6.1. Return Codes
The value of the Return Code field MUST be set to zero by the sender The value of the Return Code field MUST be set to zero by the sender
of an Echo Request. The receiver of said Echo Request MUST set it to of an Echo Request. The receiver of said Echo Request MUST set it to
one of the values in IANA's SFC Echo Return Codes sub-registry one of the values in IANA's "SFC Echo Return Codes" registry
(Section 10.3.4) in the corresponding Echo Reply that it generates. (Section 9.2.5) in the corresponding Echo Reply that it generates.
6.2. Authentication in Echo Request/Reply 6.2. Authentication in Echo Request/Reply
Authentication can be used to protect the integrity of the Authentication can be used to protect the integrity of the
information in SFC Echo Request and/or Echo Reply. In the [RFC9145] information in the SFC Echo Request and/or Echo Reply. In [RFC9145],
a variable-length Context Header has been defined to protect the a variable-length Context Header has been defined to protect the
integrity of the NSH and the payload. The header can also be used integrity of the NSH and the payload. The header can also be used
for the optional encryption of sensitive metadata. MAC#1 (Message for the optional encryption of sensitive metadata. The MAC#1 Context
Authentication Code) Context Header is more suitable for the Header is more suitable for the integrity protection of SFC active
integrity protection of active SFC OAM, particularly of the SFC Echo OAM, particularly of the SFC Echo Request and Echo Reply, as defined
Request and Echo Reply, defined in this document. On the other hand, in this document. On the other hand, using the MAC#2 Context Header
using MAC#2 Context Header allows the detection of mishandling of the allows the detection of mishandling of the O bit by a transient SFC
O-bit by a transient SFC element. element.
6.3. SFC Echo Request Transmission 6.3. SFC Echo Request Transmission
SFC Echo Request control packet MUST use the appropriate underlay The SFC Echo Request control packet MUST use the appropriate underlay
network encapsulation of the monitored SFP. Echo Request MUST set O network encapsulation of the monitored SFP. The Echo Request MUST
bit in the NSH, as defined in [I-D.ietf-sfc-oam-packet]. NSH MUST be set the O bit in the NSH, as defined in [RFC9451]. The NSH MUST be
immediately followed by the SFC Active OAM Header defined in immediately followed by the SFC Active OAM Header defined in
Section 4. The Echo Type field's value in the SFC Active OAM Header Section 4. The Echo Type field's value in the SFC Active OAM Header
MUST be set to SFC Echo Request/Echo Reply value (1) per MUST be set to the SFC Echo Request/Reply value (1), per
Section 10.2.1. Section 9.2.1.
Value of the Reply Mode field MUST be set to one of the following: The value of the Reply Mode field MUST be set to one of the
following:
* Do Not Reply (1) if one-way monitoring is desired. If the Echo Do Not Reply (1) - This is the value if one-way monitoring is
Request is used to measure synthetic packet loss, the receiver may desired. If the Echo Request is used to measure synthetic packet
report loss measurement results to a remote node. Ways of loss, the receiver may report loss measurement results to a remote
learning the identity of that node are outside the scope of this node. Ways of learning the identity of that node are outside the
specification. scope of this specification.
* Reply via an IPv4/IPv6 UDP Packet (2). If an SFC Echo Request is Reply via an IPv4/IPv6 UDP Packet (2) - If an SFC Echo Request is
not encapsulated in IP/UDP, then this value requests the use of not encapsulated in IP/UDP, then this value requests the use of
the Source ID TLV (Section 6.3.1). the Source ID TLV Section 6.3.1).
* Reply via Specified Path (4). This value requests the use of the Reply via Specified Path (4) - This value requests the use of the
particular return path specified in the included TLV to verify bi- particular return path specified in the included TLV to verify
directional continuity and may also increase the robustness of the bidirectional continuity and may also increase the robustness of
monitoring by selecting a more stable path. Section 6.5.1 the monitoring by selecting a more stable path. Section 6.5.1
provides an example of communicating an explicit path for the Echo provides an example of communicating an explicit path for the Echo
Reply. Reply.
* Reply via an IPv4/IPv6 UDP Packet with the data integrity Reply via an IPv4/IPv6 UDP Packet with the data integrity
protection (5). This value requests the use of the MAC Context protection (5) - This value requests the use of the MAC Context
Header [RFC9145]. Header [RFC9145].
* Reply via Specified Path with the the data integrity protection Reply via Specified Path with the data integrity protection (7) -
(7). This value requests the use of the MAC Context Header This value requests the use of the MAC Context Header [RFC9145].
[RFC9145].
6.3.1. Source ID TLV 6.3.1. Source ID TLV
The responder to the SFC Echo Request encapsulates the SFC Echo Reply The responder to the SFC Echo Request encapsulates the SFC Echo Reply
message in IP/UDP packet if the Reply mode is "Reply via an IPv4/IPv6 message in the IP/UDP packet if the Reply Mode is "Reply via an IPv4/
UDP Packet" or "Reply via an IPv4/IPv6 UDP Packet with the data IPv6 UDP Packet" or "Reply via an IPv4/IPv6 UDP Packet with the data
integrity protection". Because the NSH does not identify the ingress integrity protection". Because the NSH does not identify the ingress
node that generated the Echo Request, information that sufficiently node that generated the Echo Request, information that sufficiently
identifies the source MUST be included in the message so that the IP identifies the source MUST be included in the message so that the IP
destination address and destination UDP port number for IP/UDP destination address and destination UDP port number for IP/UDP
encapsulation of the SFC Echo Reply could be derived. The sender of encapsulation of the SFC Echo Reply could be derived. The sender of
the SFC Echo Request MUST include the Source ID TLV (Figure 5). the SFC Echo Request MUST include the Source ID TLV (Figure 5).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source ID | Reserved1 | Length | | Source ID | Reserved1 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Port Number | Reserved2 | | Port Number | Reserved2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ IP Address ~ ~ IP Address ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: SFC Source ID TLV Figure 5: SFC Source ID TLV
where The fields are defined as follows:
Source ID - the value MUST be set to 1 (Section 10.4). Source ID - the value MUST be set to 1 (Section 9.2.6).
Reserved1 - a one-octet field. The field MUST be zeroed on Reserved1 - a one-octet field. The field MUST be zeroed on
transmission and ignored on receipt. transmission and ignored on receipt.
Length - the value equals the length of the data following the Length - the value equals the length of the data following the
Length field counted in octets. The value of the Length field can Length field counted in octets. The value of the Length field can
be 8 or 20. If the value of the field is neither, the Source ID be 8 or 20. If the value of the field is neither, the Source ID
TLV is considered to be malformed. TLV is considered to be malformed.
Port Number is a two-octet field. It contains the UDP port number Port Number - a two-octet field. It contains the UDP port number of
of the sender of the SFC OAM control message. The value of the the sender of the SFC OAM control message. The value of the field
field MUST be used as the destination UDP port number in the IP/ MUST be used as the destination UDP port number in the IP/UDP
UDP encapsulation of the SFC Echo Reply message. encapsulation of the SFC Echo Reply message.
Reserved2 is a two-octet field. The field MUST be zeroed on Reserved2 - a two-octet field. The field MUST be zeroed on transmit
transmit and ignored on receipt. and ignored on receipt.
IP Address field contains the IP address of the sender of the SFC IP Address - a field that contains the IP address of the sender of
OAM control message, IPv4 or IPv6. The value of the field MUST be the SFC OAM control message, i.e., IPv4 or IPv6. The value of the
used as the destination IP address in the IP/UDP encapsulation of field MUST be used as the destination IP address in the IP/UDP
the SFC Echo Reply message. encapsulation of the SFC Echo Reply message.
A single Source ID TLV for each address family, i.e., IPv4 and IPv6, A single Source ID TLV for each address family, i.e., IPv4 and IPv6,
MAY be present in an SFC Echo Request message. If the Source ID TLVs MAY be present in an SFC Echo Request message. If the Source ID TLVs
for both address families are present in an SFC Echo Request message, for both address families are present in an SFC Echo Request message,
the SFF MUST NOT replicate an SFC Echo Reply but choose the the SFF MUST NOT replicate an SFC Echo Reply but choose the
destination IP address for the one SFC Echo Reply it sends based on destination IP address for the one SFC Echo Reply it sends based on
the local policy. The source IP address used in the IP/UDP the local policy. The source IP address used in the IP/UDP
encapsulation of SFC Echo Reply is one of the IP addresses associated encapsulation of the SFC Echo Reply is one of the IP addresses
with the responder. The value of the Port Number field MUST be used associated with the responder. The value of the Port Number field
as the destination UDP port number in the IP/UDP encapsulation of the MUST be used as the destination UDP port number in the IP/UDP
SFC Echo Reply message. The responder selects the source UDP port encapsulation of the SFC Echo Reply message. The responder selects
number from the dynamic range of port numbers. If more than one the source UDP port number from the dynamic range of port numbers.
Source ID TLV per the address family is present, the receiver MUST If more than one Source ID TLV per the address family is present, the
use the first TLV and ignore the rest. The Echo Reply message, receiver MUST use the first TLV and ignore the rest. The Echo Reply
including relevant TLVs, follows the IP/UDP headers immediately. message, including relevant TLVs, follows the IP/UDP headers
immediately.
6.4. Processing Received SFC Echo Request 6.4. Processing a Received SFC Echo Request
Punting a received SFC Echo Request to the control plane for Punting a received SFC Echo Request to the control plane for
validation and processing is triggered by one of the following packet validation and processing is triggered by one of the following packet
processing exceptions: NSH TTL expiration, NSH Service Index (SI) processing exceptions: NSH TTL expiration, NSH Service Index
expiration, or the receiver is the terminal SFF for an SFP. expiration, or the receiver is the terminal SFF for an SFP.
An SFF that received the SFC Echo Request MUST validate the packet as An SFF that received the SFC Echo Request MUST validate the packet as
follows: follows:
1. If the SFC Echo Request is integrity-protected, the receiving 1. If the SFC Echo Request is integrity protected, the receiving SFF
SFF first MUST verify the authentication. first MUST verify the authentication.
1.1 Suppose the authentication validation has failed and the 1.1. Suppose the authentication validation has failed and the
Source ID TLV is considered properly formatted. In that case, the Source ID TLV is considered properly formatted. In that case,
SFF MUST send to the system identified in the Source ID TLV (see the SFF MUST send an SFC Echo Reply with the Return Code set to 3
Section 6.5), according to a rate-limit control mechanism, an SFC ("Authentication failed") and the Subcode set to zero to the
Echo Reply with the Return Code set to "Authentication failed" and system identified in the Source ID TLV (see Section 6.5),
the Subcode set to zero. according to a rate-limit control mechanism.
1.2 If the authentication is validated successfully, the SFF that 1.2. If the authentication is validated successfully, the SFF
has received an SFC Echo Request verifies the rest of the packet's that has received an SFC Echo Request verifies the rest of the
general sanity. packet's general consistency.
2. Validate the Source ID TLV, as defined in Section 6.3.1. 2. Validate the Source ID TLV, as defined in Section 6.3.1.
2.1 If the Source ID TLV is determined malformed, the received SFC 2.1. If the Source ID TLV is determined to be malformed, the
Echo Request processing is stopped, the message is dropped, and received SFC Echo Request processing is stopped, the message is
the event SHOULD be logged, according to a rate-limiting control dropped, and the event SHOULD be logged, according to a rate-
for logging. limiting control for logging.
3. Sender's Handle and Sequence Number fields are not examined 3. The Sender's Handle and Sequence Number fields are not examined
but are copied in the SFC Echo Reply message. but are copied in the SFC Echo Reply message.
4. If the packet is not well-formed, i.e., not formed according 4. If the packet is not well formed, i.e., not formed according to
to this specification, the receiver SFF SHOULD send an SFC Echo this specification, the receiving SFF SHOULD send an SFC Echo
Reply with the Return Code set to "Malformed Echo Request Reply with the Return Code set to 1 ("Malformed Echo Request
received" and the Subcode set to zero under the control of the received") and the Subcode set to zero under the control of the
rate-limiting mechanism to the system identified in the Source ID rate-limiting mechanism to the system identified in the Source ID
TLV (see Section 6.5). TLV (see Section 6.5).
5. If there are any TLVs that the SFF does not understand, the 5. If there are any TLVs that the SFF does not understand, the SFF
SFF MUST send an SFC Echo Reply with the Return Code set to 2 MUST send an SFC Echo Reply with the Return Code set to 2 ("One
("One or more TLVs was not understood") and set the Subcode to or more of the TLVs was not understood") and set the Subcode to
zero. Also, the SFF MAY include an Errored TLVs TLV zero. Also, the SFF MAY include an Errored TLVs TLV
(Section 6.4.1) that, as sub-TLVs, contains only the misunderstood (Section 6.4.1) that, as sub-TLVs, contains only the
TLVs. misunderstood TLVs.
6. If the sanity check of the received Echo Request succeeded, 6. If the consistency check of the received Echo Request succeeded,
i.e., the Echo Request is deemed properly formed, then the SFF at i.e., the Echo Request is deemed properly formed, then the SFF at
the end of the SFP MUST send an SFC Echo Reply with the Return the end of the SFP MUST send an SFC Echo Reply with the Return
Code value to 5 ("End of the SFP") and the Subcode set to zero. Code set to 5 ("End of the SFP") and the Subcode set to zero.
7. If the SFF is not at the end of the SFP and the NSH TTL value 7. If the SFF is not at the end of the SFP and the NSH TTL value is
is 1, the SFF MUST send an SFC Echo Reply with the Return Code set 1, the SFF MUST send an SFC Echo Reply with the Return Code set
to 4 ("SFC TTL Exceeded") and the Subcode set to zero. to 4 ("SFC TTL Exceeded") and the Subcode set to zero.
8. In all other cases, for the validated Echo Request message, a 8. In all other cases, for the validated Echo Request message, a
transit, i.e., not at the end of the SFP, SFF MUST send an SFC transit, i.e., not at the end of the SFP, SFF MUST send an SFC
Echo Reply with the Return Code value to 0 ("No Error") and the Echo Reply with the Return Code set to 0 ("No Error") and the
Subcode set to zero. Subcode set to zero.
6.4.1. Errored TLVs TLV 6.4.1. Errored TLVs TLV
If the Return Code for the Echo Reply is determined as 2 ("One or If the Return Code for the Echo Reply is determined as 2 ("One or
more TLVs was not understood"), the Errored TLVs TLV might be more of the TLVs was not understood"), the Errored TLVs TLV might be
included in an Echo Reply. The use of this TLV is meant to inform included in an Echo Reply. The use of this TLV is meant to inform
the sender of an Echo Request of TLVs either not supported by an the sender of an Echo Request of TLVs either not supported by an
implementation or parsed and found to be in error. implementation or parsed and found to be in error.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Errored TLVs | Reserved | Length | | Errored TLVs | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value | | Value |
. . . .
. . . .
. . . .
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: Errored TLVs TLV Figure 6: Errored TLVs TLV
where The fields are defined as follows:
The Errored TLVs Type MUST be set to 2 (Section 10.4). Errored TLVs - the field MUST be set to 2 (Section 9.2.6).
Reserved - the field MUST be zeroed on transmission and ignored on Reserved - the field MUST be zeroed on transmission and ignored on
receipt. receipt.
Length - the value equals to the length of the Value field in Length - the value equals to length of the Value field in octets.
octets.
The Value field contains the TLVs, encoded as sub-TLVs (as shown Value - the field contains the TLVs, encoded as sub-TLVs (as shown
in Figure 7), that were not understood or failed to be parsed in Figure 7), that were not understood or failed to be parsed
correctly. correctly.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sub-TLV Type | Reserved | Sub-TLV Length | | Sub-TLV Type | Reserved | Sub-TLV Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Sub-TLV Value ~ ~ Sub-TLV Value ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: Not Understood or Failed TLV as Sub-TLV Figure 7: Not Understood or Failed TLV as a Sub-TLV
where The fields are defined as follows:
The Sub-TLV's Type - a copy of the first octet of the not Sub-TLV Type - a copy of the first octet of the TLV that is not
understood or failed to be parsed TLV. understood or failed to be parsed.
Reserved - MUST be zeroed on transmission and ignored on receipt. Reserved - MUST be zeroed on transmission and ignored on receipt.
Sub-TLV Length - the value equals to the value of the Length field Sub-TLV Length - the value equals the value of the Length field of
of the errored TLV. the errored TLV.
The Sub-TLV Value field contains data that follow the Length field Sub-TLV Value - the field contains data that follows the Length
in the errored TLV. field in the errored TLV.
6.5. SFC Echo Reply Transmission 6.5. SFC Echo Reply Transmission
The "Reply Mode" field directs whether and how the Echo Reply message The Reply Mode field directs whether and how the Echo Reply message
should be sent. The Echo Request sender MAY use TLVs to request that should be sent. The Echo Request sender MAY use TLVs to request that
the corresponding Echo Reply be transmitted over the specified path. the corresponding Echo Reply be transmitted over the specified path.
For example, a TLV that specifies the return path of the Echo Reply For example, a TLV that specifies the return path of the Echo Reply
if the Return Mode in the Echo Request is set to Reply via Specified if the Return Mode in the Echo Request is set to Reply via Specified
Path (4) is described in Section 6.5.1. Value 1 is the "Do not Path (4) is described in Section 6.5.1. Value 1 is the "Do Not
reply" mode and suppresses the Echo Reply packet transmission. The Reply" mode and suppresses the Echo Reply packet transmission. The
value 2 of the Reply mode field requests sending the Echo Reply value 2 of the Reply Mode field requests sending the Echo Reply
packet out-of-band as an IPv4 or IPv6 UDP packet. packet out-of-band as an IPv4/IPv6 UDP packet.
6.5.1. Reply Service Function Path TLV 6.5.1. Reply Service Function Path TLV
While SFC Echo Request always traverses the SFP it is directed to by While the SFC Echo Request always traverses the SFP it is directed to
using NSH, the corresponding Echo Reply usually is sent without NSH. by using the NSH, the corresponding Echo Reply usually is sent
In some cases, an operator might choose to direct the responder to without the NSH. In some cases, an operator might choose to direct
send the Echo Reply with NSH over a particular SFP. This section the responder to send and Echo Reply with the NSH over a particular
defines a new Type-Length-Value (TLV), Reply Service Function Path SFP. This section defines a new TLV, i.e., Reply Service Function
TLV, for Reply via Specified Path mode of SFC Echo Reply. Path TLV, for Reply via Specified Path mode of the SFC Echo Reply.
The Reply Service Function Path TLV can provide an efficient The Reply Service Function Path TLV can provide an efficient
mechanism to test SFCs, such as bidirectional and hybrid SFC, as mechanism to test SFCs, such as bidirectional and hybrid SFC, as
defined in Section 2.2 of [RFC7665]. For example, it allows an defined in Section 2.2 of [RFC7665]. For example, it allows an
operator to test both directions of the bidirectional or hybrid SFP operator to test both directions of the bidirectional or hybrid SFP
with a single SFC Echo Request/Echo Reply operation. with a single SFC Echo Request/Reply operation.
The Reply Service Function Path TLV carries the information that The Reply Service Function Path TLV carries the information that
sufficiently identifies the return SFP that the SFC Echo Reply sufficiently identifies the return SFP that the SFC Echo Reply
message is expected to follow. The format of Reply Service Function message is expected to follow. The format of Reply Service Function
Path TLV is shown in Figure 8. Path TLV is shown in Figure 8.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reply SFP | Reserved | Length | | Reply SFP | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reply Service Function Path Identifier | Service Index | | Reply Service Function Path Identifier | Service Index |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: SFC Reply TLV Format Figure 8: SFC Reply TLV Format
where: The fields are defined as follows:
* Reply SFP (Service Function Path) (3) - identifies the TLV that Reply SFP (3) - identifies the TLV that contains information about
contains information about the SFC Reply path. the SFC Reply path.
* Reserved MUST be zeroed on transmission and ignored on receipt. Reserved - MUST be zeroed on transmission and ignored on receipt.
* Length - the value MUST be equal to 4 Length - the value MUST be equal to 4.
* Reply Service Function Path Identifier - a three-octet field that Reply Service Function Path Identifier - a three-octet field that
contains SFP identifier for the path that the SFC Echo Reply contains the SFP identifier for the path that the SFC Echo Reply
message is requested to be sent over. message is requested to be sent over.
* Service Index - a one-octet field. The value is set to the value Service Index - a one-octet field. The value is set to the value of
of the Service Index field in the NSH of the SFC Echo Reply the Service Index field in the NSH of the SFC Echo Reply message.
message.
6.5.2. Theory of Operation 6.5.2. Theory of Operation
[RFC7110] defined mechanism to control return path for MPLS LSP Echo [RFC7110] defines a mechanism to control the return path for the MPLS
Reply. In SFC's case, the return path is an SFP along which the SFC Label Switched Path (LSP) Echo Reply. In the SFC's case, the return
Echo Reply message MUST be transmitted. Hence, the Reply Service path is an SFP along which the SFC Echo Reply message MUST be
Function Path TLV included in the SFC Echo Request message MUST transmitted. Hence, the Reply Service Function Path TLV included in
sufficiently identify the SFP that the sender of the Echo Request the SFC Echo Request message MUST sufficiently identify the SFP that
message expects the receiver to use for the corresponding SFC Echo the sender of the Echo Request message expects the receiver to use
Reply. for the corresponding SFC Echo Reply.
When sending an Echo Request, the sender MUST set the value of Reply When sending an Echo Request, the sender MUST set the value of the
Mode field to "Reply via Specified Path", defined in Section 6.3, and Reply Mode field to "Reply via Specified Path", defined in
if the specified path is an SFC path, the Request MUST include Reply Section 6.3, and if the specified path is an SFC path, the Request
Service Function Path TLV. The Reply Service Function Path TLV MUST include the Reply Service Function Path TLV. The Reply Service
consists of the identifier of the reverse SFP and an appropriate Function Path TLV consists of the identifier of the reverse SFP and
Service Index. an appropriate Service Index.
If the NSH of the received SFC Echo Request includes the MAC Context If the NSH of the received SFC Echo Request includes the MAC Context
Header, the packet's authentication MUST be verified before using any Header, the packet's authentication MUST be verified before using any
data as defined in Section 6.4. data, as defined in Section 6.4.
The destination SFF of the SFP being tested or the SFF at which NSH The destination SFF of the SFP being tested and the SFF at which the
TTL expired (as per [RFC8300]) are referred to as responding SFF. NSH TTL expired (as per [RFC8300]) are referred to as responding
The processing described below equally applies to both cases. SFFs. The processing described below equally applies to both cases.
If the Echo Request message with Reply Service Function Path TLV, If the Echo Request message with the Reply Service Function Path TLV
received by the responding SFF, has Reply Mode value of "Reply via received by the responding SFF has the Reply Mode value of "Reply via
Specified Path" but no Reply Service Function Path TLV is present, Specified Path" but no Reply Service Function Path TLV is present,
then the responding SFF MUST send Echo Reply with Return Code set to then the responding SFF MUST send an Echo Reply with the Return Code
6 ("Reply Service Function Path TLV is missing"). If the responding set to 6 ("Reply Service Function Path TLV is missing"). If the
SFF cannot find the requested SFP it MUST send Echo Reply with Return responding SFF cannot find the requested SFP, it MUST send an Echo
Code set to 7 ("Reply SFP was not found") and include the Reply Reply with the Return Code set to 7 ("Reply SFP was not found") and
Service Function Path TLV from the Echo Request message. include the Reply Service Function Path TLV from the Echo Request
message.
Suppose the SFC Echo Request receiver cannot determine whether the Suppose the SFC Echo Request receiver cannot determine whether the
specified return path SFP has the route to the initiator. In that specified return path SFP has the route to the initiator. In that
case, it SHOULD set the value of the Return Codes field to 8 case, it SHOULD set the value of the Return Code field to 8
("Unverifiable Reply Service Function Path"). The receiver MAY drop ("Unverifiable Reply Service Function Path"). The receiver MAY drop
the Echo Request when it cannot determine whether SFP's return path the Echo Request when it cannot determine whether the SFP's return
has the route to the initiator. When sending Echo Request, the path has the route to the initiator. When sending the Echo Request,
sender SHOULD choose a proper source address according to the the sender SHOULD choose a proper source address according to the
specified return path SFP to help the receiver find the viable return specified return path SFP to help the receiver find the viable return
path. path.
6.5.2.1. Bi-directional SFC Case 6.5.2.1. Bidirectional SFC Case
The ability to specify the return path for an Echo Reply might be The ability to specify the return path for an Echo Reply might be
used in the case of bi-directional SFC. The egress SFF of the used in the case of bidirectional SFC. The egress SFF of the forward
forward SFP might not be co-located with a classifier of the reverse SFP might not be co-located with a classifier of the reverse SFP, and
SFP, and thus the egress SFF has no information about the reverse thus, the egress SFF has no information about the reverse path of
path of an SFC. Because of that, even for bi-directional SFC, a SFC. Because of that, even for bidirectional SFC, a reverse SFP
reverse SFP needs to be indicated in a Reply Service Function Path needs to be indicated in a Reply Service Function Path TLV in the
TLV in the Echo Request message. Echo Request message.
6.5.3. SFC Echo Reply Reception 6.5.3. SFC Echo Reply Reception
An SFF SHOULD NOT accept SFC Echo Reply unless the received message An SFF SHOULD NOT accept the SFC Echo Reply unless the received
passes the following checks: message passes the following checks:
* the received SFC Echo Reply is well-formed; * the received SFC Echo Reply is well formed;
* the matching SFC Echo Request is found, that is, the value of the * the matching SFC Echo Request is found, that is, the value of the
Sender's Handle in the Echo Request sent is equal to the value of Sender's Handle in the Echo Request sent is equal to the value of
Sender's Handle in the Echo Reply received; Sender's Handle in the Echo Reply received;
* all other checks passed, and the Sequence Number in the Echo Reply * the Sequence Number in the Echo Reply received matches the
received matches the Sequence Number of one of outstanding Sequence Number of one of the outstanding transmitted Echo
transmitted Echo Requests. Requests; and
* all other checks passed.
6.5.4. Tracing an SFP 6.5.4. Tracing an SFP
SFC Echo Request/Reply can be used to isolate a defect detected in The SFC Echo Request/Reply can be used to isolate a defect detected
the SFP and trace an RSP. As with ICMP echo request/reply [RFC0792] in the SFP and trace an RSP. As with the ICMP Echo Request/Reply
and MPLS echo request/reply [RFC8029], this mode is referred to as [RFC0792] and the MPLS Echo Request/Reply [RFC8029], this mode is
"traceroute". In the traceroute mode, the sender transmits a referred to as "traceroute". In the traceroute mode, the sender
sequence of SFC Echo Request messages starting with the NSH TTL value transmits a sequence of SFC Echo Request messages starting with the
set to 1 and is incremented by 1 in each next Echo Request packet. NSH TTL value set to 1 and is incremented by 1 in each next Echo
The sender stops transmitting SFC Echo Request packets when the Request packet. The sender stops transmitting SFC Echo Request
Return Code in the received Echo Reply equals 5 ("End of the SFP"). packets when the Return Code in the received Echo Reply equals 5
("End of the SFP").
Suppose a specialized information element (e.g., IPv6 Flow Label Suppose a specialized information element (e.g., IPv6 Flow Label
[RFC6437] or Flow ID [RFC9263]) is used for distributing the load [RFC6437] or Flow ID [RFC9263]) is used for distributing the load
across Equal Cost Multi-Path or Link Aggregation Group paths. In across Equal Cost Multipath or Link Aggregation Group paths. In that
that case, such an element SHOULD also be used for the SFC OAM case, such an element SHOULD also be used for the SFC OAM traffic.
traffic. Doing so is meant to induce the SFC Echo Request to follow Doing so is meant to induce the SFC Echo Request to follow the same
the same RSP as the monitored flow. RSP as the monitored flow.
6.6. The Use of Consistency Verification Request Message 6.6. The Use of the Consistency Verification Request Message
The consistency of an SFP can be verified by comparing the view of The consistency of an SFP can be verified by comparing the view of
the SFP from the control or management plane with information the SFP from the control or management plane with information
collected from traversing by an SFC Echo Request/Reply message collected from traversing by an SFC Echo Request/Reply message
(Figure 3). The sender of an SFP Consistency Verification Request (Figure 3). The sender of an SFP Consistency Verification Request
(CVReq) message MUST set the value of the SFC Echo Request/Reply Echo (CVReq) message MUST set the value of the SFC Echo Request/Reply Echo
Type field to SFP Consistency Verification Request (3). The sender Type field to 3 ("SFP Consistency Verification Request"). The sender
of an SFP Consistency Verification Reply (CVRep) message MUST set the of an SFP Consistency Verification Reply (CVRep) message MUST set the
value of the SFC Echo Request/Reply Echo Type field to SFP value of the SFC Echo Request/Reply Echo Type field to 4 ("SFP
Consistency Verification Reply (4). All processing steps of SFC Echo Consistency Verification Reply"). All processing steps of SFC Echo
Request and Echo Reply messages described in Section 6.3 through Request and Echo Reply messages described in Sections 6.3 through 6.5
Section 6.5 apply to the processing of CVReq and CVRep respectively. apply to the processing of CVReq and CVRep, respectively.
Every SFF that receives a CVReq message MUST perform the following Every SFF that receives a CVReq message MUST perform the following
actions: actions:
* Collect information about the SFs traversed by the CVReq packet * Collect information about the SFs traversed by the CVReq packet
and send it to the ingress SFF as CVRep packet over IP network; and send it to the ingress SFF as a CVRep packet over an IP
network.
* Forward the CVReq to the next downstream SFF if the one exists. * Forward the CVReq to the next downstream SFF if the one exists.
As a result, the ingress SFF collects information about all traversed As a result, the ingress SFF collects information about all traversed
SFFs and SFs, information on the actual path the CVReq packet has SFFs and SFs, i.e., information on the actual path the CVReq packet
traveled. That information can be used to verify the SFC's path has traveled. That information can be used to verify the SFC's path
consistency. The mechanism for the SFP consistency verification is consistency. The mechanism for the SFP consistency verification is
outside the scope of this document. outside the scope of this document.
6.6.1. SFF Information Record TLV 6.6.1. SFF Information Record TLV
For the received CVReq, an SFF, that supports this specification, For the received CVReq, an SFF that supports this specification MUST
MUST include in the CVRep message the information about SFs that are include in the CVRep message the information about SFs that are
available from that SFF instance for the specified SFP. The SFF MUST available from that SFF instance for the specified SFP. The SFF MUST
include SFF Information Record TLV (Figure 9) in CVRep message. include the SFF Information Record TLV (Figure 9) in the CVRep
Every SFF sends back a single CVRep message, including information on message. Every SFF sends back a single CVRep message, including
all the SFs attached to that SFF on the SFP, as requested in the information on all the SFs attached to that SFF on the SFP, as
received CVReq message using the SF Information sub-TLV requested in the received CVReq message using the SF Information Sub-
(Section 6.6.2). TLV (Section 6.6.2).
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|SFF Record TLV | Reserved | Length | |SFF Record TLV | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Service Path Identifier (SPI) | Reserved | | Service Path Identifier (SPI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| SF Information Sub-TLV | | SF Information Sub-TLV |
~ ~ ~ ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9: SFF Information Record TLV Figure 9: SFF Information Record TLV
The SFF Information Record TLV is a variable-length TLV that includes The SFF Information Record TLV is a variable-length TLV that includes
the information of all SFs available from the particular SFF instance the information of all SFs available from the particular SFF instance
for the specified SFP. Figure 9 presents the format of an SFF for the specified SFP. Figure 9 presents the format of an SFF
Information Record TLV, where fields are defined as the following: Information Record TLV, where the fields are defined as follows:
SFF Record TLV - The value is (4) (Section 10.4). SFF Record TLV - the value is (4) (Section 9.2.6).
Reserved - MUST be zeroed on transmission and ignored on receipt. Reserved - MUST be zeroed on transmission and ignored on receipt.
Service Path Identifier (SPI): The identifier of SFP to which all Length - the value equals the sum of lengths of the Service Path
Identifier, reserved, and SF Information Sub-TLV fields in octets.
Service Path Identifier (SPI) - the identifier of SFP to which all
the SFs in this TLV belong. the SFs in this TLV belong.
SF Information Sub-TLV: The sub-TLV is as defined in SF Information Sub-TLV - the sub-TLV is as defined in Section 6.6.2.
Section 6.6.2.
If the NSH of the received SFC Echo Reply includes the MAC Context If the NSH of the received SFC Echo Reply includes the MAC Context
Header [RFC9145], the authentication of the packet MUST be verified Header [RFC9145], the authentication of the packet MUST be verified
before using any data. If the verification fails, the receiver MUST before using any data. If the verification fails, the receiver MUST
stop processing the SFF Information Record TLV and notify an stop processing the SFF Information Record TLV and notify an
operator. The notification mechanism SHOULD include control of rate- operator. The notification mechanism SHOULD include control of rate-
limited messages. Specification of the notification mechanism is limited messages. Specification of the notification mechanism is
outside the scope of this document. outside the scope of this document.
6.6.2. SF Information Sub-TLV 6.6.2. SF Information Sub-TLV
Every SFF receiving a CVReq packet MUST include the SF characteristic Every SFF receiving a CVReq packet MUST include the SF characteristic
data into the CVRep packet. The format of an SF Information sub-TLV, data into the CVRep packet. The format of an SF Information Sub-TLV,
included in a CVRep packet, is shown in Figure 10. included in a CVRep packet, is shown in Figure 10.
After the CVReq message traverses the SFP, all the information about After the CVReq message traverses the SFP, all the information about
the SFs on the SFP is available from the TLVs included in CVRep the SFs on the SFP is available from the TLVs included in CVRep
messages. messages.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF sub-TLV | Reserved | Length | | SF Sub-TLV | Reserved | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Service Index | SF Type | SF ID Type | |Service Index | SF Type | SF ID Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SF Identifier | | SF Identifier |
~ ~ ~ ~
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10: Service Function Information Sub-TLV Figure 10: Service Function Information Sub-TLV
SF sub-TLV Type: one-octet long field. The value is (5) SF Sub-TLV - one-octet field. The value is (5) (Section 9.2.6).
(Section 10.4).
Reserved - one-octet field. The field MUST be zeroed on Reserved - one-octet field. The field MUST be zeroed on
transmission and ignored on receipt. transmission and ignored on receipt.
Length - two-octet long field. The value of this field is the Length - two-octet field. The value of this field is the length of
length of the data following the Length field counted in octets. the data following the Length field counted in octets.
Service Index - indicates the SF's position on the SFP. Service Index - indicates the SF's position on the SFP.
SF Type - two-octet field. It is defined in [RFC9015] and SF Type - two-octet field. It is defined in [RFC9015] and indicates
indicates the type of SF, e.g., Firewall, Deep Packet Inspection, the type of SF, e.g., firewall, Deep Packet Inspection, WAN
WAN optimization controller, etc. optimization controller, etc.
SF ID Type - one-octet field with values defined as Section 10.5. SF ID Type - one-octet field with values defined as in
Section 9.2.7.
SF Identifier - an identifier of the SF. The length of the SF SF Identifier - an identifier of the SF. The length of the SF
Identifier depends on the type of the SF ID Type. For example, if Identifier depends on the type of the SF ID Type. For example, if
the SF Identifier is its IPv4 address, the SF Identifier should be the SF Identifier is its IPv4 address, the SF Identifier should be
32 bits. 32 bits.
6.6.3. SF Information Sub-TLV Construction 6.6.3. SF Information Sub-TLV Construction
Each SFF in the SFP MUST send one and only one CVRep corresponding to Each SFF in the SFP MUST send one and only one CVRep corresponding to
the CVReq. If only one SF is attached to the SFF in such SFP, only the CVReq. If only one SF is attached to the SFF in the SFP, only
one SF information sub-TLV is included in the CVRep. If several SFs one SF Information Sub-TLV is included in the CVRep. If several SFs
attached to the SFF in the SFP, SF Information sub-TLV MUST be are attached to the SFF in the SFP, the SF Information Sub-TLV MUST
constructed as described below in either Section 6.6.3.1 and be constructed as described below in either Section 6.6.3.1 or
Section 6.6.3.2. 6.6.3.2.
6.6.3.1. Multiple SFs as Hops of an SFP 6.6.3.1. Multiple SFs as Hops of an SFP
Multiple SFs attached to the same SFF can be the hops of the SFP. Multiple SFs attached to the same SFF can be the hops of the SFP.
The service indexes of these SFs on that SFP will be different. The service indexes of these SFs on that SFP will be different.
Service function types of these SFs could be different or be the Service Function Types of these SFs could be different or be the
same. Information about all SFs MAY be included in the CVRep same. Information about all SFs MAY be included in the CVRep
message. Information about each SF MUST be listed as separate SF message. Information about each SF MUST be listed as separate SF
Information sub-TLVs in the CVRep message. The same SF can even Information Sub-TLVs in the CVRep message. The same SF can even
appear more than once in an SFP with a different service index. appear more than once in an SFP with a different service index.
An example of the SFP consistency verification procedure for this An example of the SFP consistency verification procedure for this
case is shown in Figure 11. The Service Function Path (SPI=x) is case is shown in Figure 11. The Service Function Path (SPI=x) is
SF1->SF2->SF4->SF3. The SF1, SF2, and SF3 are attached to SFF1, and SF1->SF2->SF4->SF3. SF1, SF2, and SF3 are attached to SFF1, and SF4
SF4 is attached to SFF2. The CVReq message is sent to the SFFs in is attached to SFF2. The CVReq message is sent to the SFFs in the
the sequence of the SFP(SFF1->SFF2->SFF1). Every SFF(SFF1, SFF2) sequence of the SFP(SFF1->SFF2->SFF1). Every SFF(SFF1, SFF2) replies
replies with the information of SFs belonging to the SFP. The SF with the information of SFs belonging to the SFP. The SF Information
information Sub-TLV in Figure 10 contains information for each SF Sub-TLV in Figure 10 contains information for each SF (SF1, SF2, SF3,
(SF1, SF2, SF3, and SF4). and SF4).
SF1 SF2 SF4 SF3 SF1 SF2 SF4 SF3
+------+------+ | | +------+------+ | |
CVReq ......> SFF1 ......> SFF2 ......> SFF1 CVReq ......> SFF1 ......> SFF2 ......> SFF1
(SPI=x) . . . (SPI=x) . . .
<............ <.......... <........... <............ <.......... <...........
CVRep1(SF1,SF2) CVRep2(SF4) CVRep3(SF3) CVRep1(SF1,SF2) CVRep2(SF4) CVRep3(SF3)
Figure 11: Example 1 for CVRep with multiple SFs Figure 11: Example 1 for CVRep with Multiple SFs
6.6.3.2. Multiple SFs for load balance 6.6.3.2. Multiple SFs for Load Balance
Multiple SFs may be attached to the same SFF to spread the load; in Multiple SFs may be attached to the same SFF to spread the load; in
other words, that means that the particular traffic flow will other words, that means that the particular traffic flow will
traverse only one of these SFs. These SFs have the same Service traverse only one of these SFs. These SFs have the same Service
Function Type and Service Index. For this case, the SF ID Type, Function Type and Service Index. For this case, the SF ID Type,
which must be the same for all of these SFs, appears once but all of which must be the same for all of these SFs, appears once, but all
their SF Identifiers will appear concatenated in the SF Identifier the respective SF Identifiers will be listed sequentially in the SF
area of the Sub-TLV (see Figure 10). The number of these SFs can be Identifier field of the Service Function Information Sub-TLV (see
calculated from the SF ID Type and the value of the Length field of Figure 10). The number of these SFs can be calculated from the SF ID
the sub-TLV. Type and the value of the Length field of the sub-TLV.
An example of the SFP consistency verification procedure for this An example of the SFP consistency verification procedure for this
case is shown in Figure 12. The Service Function Path (SPI=x) is case is shown in Figure 12. The Service Function Path (SPI=x) is
SF1a/SF1b->SF2a/SF2b. The Service Functions SF1a and SF1b are SF1a/SF1b->SF2a/SF2b. The Service Functions SF1a and SF1b are
attached to SFF1, which balances the load among them. The Service attached to SFF1, which balances the load among them. The Service
Functions SF2a and SF2b are attached to SFF2, which, in turn, Functions SF2a and SF2b are attached to SFF2, which in turn, balances
balances its load between them. The CVReq message is sent to the its load between them. The CVReq message is sent to the SFFs in the
SFFs in the sequence of the SFP (i.e. SFF1->SFF2). Every SFF (SFF1, sequence of the SFP (i.e., SFF1->SFF2). Every SFF (SFF1, SFF2)
SFF2) replies with the information of SFs belonging to the SFP. The replies with the information of SFs belonging to the SFP. The SF
SF information Sub-TLV in Figure 10 contains information for all SFs Information Sub-TLV in Figure 10 contains information for all SFs at
at that hop. that hop.
/SF1a /SF2a /SF1a /SF2a
\SF1b \SF2b \SF1b \SF2b
| | | |
SFF1 SFF2 SFF1 SFF2
CVReq .........> . .........> . CVReq .........> . .........> .
(SPI=x) . . (SPI=x) . .
<............ <............... <............ <...............
CVRep1(SF1a,SF1b) CVRep2(SF2a,SF2b) CVRep1(SF1a,SF1b) CVRep2(SF2a,SF2b)
Figure 12: Example 2 for CVRep with multiple SFs Figure 12: Example 2 for CVRep with Multiple SFs
7. Security Considerations 7. Security Considerations
As an element of SFC OAM and, specifically, NSH-based, the Echo As an element of SFC OAM and, specifically, based on the NSH, the
Request/Reply mechanism described in this document inherits Security Echo Request/Reply mechanism described in this document inherits
Considerations discussed in [RFC7665] and [RFC8300]. security considerations discussed in [RFC7665] and [RFC8300].
When the integrity protection for SFC active OAM, and SFC Echo When the integrity protection for SFC active OAM, particularly the
Request/Reply in particular, is required, using one of the Context SFC Echo Request/Reply, is required, using one of the Context Headers
Headers defined in [RFC9145] is RECOMMENDED. MAC#1 Context Header defined in [RFC9145] is RECOMMENDED. The MAC#1 Context Header could
could be more suitable for active SFC OAM because it does not require be more suitable for SFC active OAM because it does not require
re-calculation of the MAC when the value of the NSH Base Header's TTL recalculation of the MAC when the value of the NSH Base Header's TTL
field is changed. Integrity protection for SFC active OAM can also field is changed. Integrity protection for SFC active OAM can also
be achieved using mechanisms in the underlay data plane. For be achieved using mechanisms in the underlay data plane. For
example, if the underlay is an IPv6 network, IP Authentication Header example, if the underlay is an IPv6 network, i.e., an IP
[RFC4302] or IP Encapsulating Security Payload Header [RFC4303] can Authentication Header [RFC4302] or IP Encapsulating Security Payload
be used to provide integrity protection. Confidentiality for the SFC Header [RFC4303], it can be used to provide integrity protection.
Echo Request/Reply exchanges can be achieved using the IP Confidentiality for the SFC Echo Request/Reply exchanges can be
Encapsulating Security Payload Header [RFC4303]. Also, the security achieved using the IP Encapsulating Security Payload Header
needs for SFC Echo Request/Reply are similar to those of ICMP ping [RFC4303]. Also, the security needs for the SFC Echo Request/Reply
[RFC0792], [RFC4443] and MPLS LSP ping [RFC8029]. are similar to those of ICMP ping [RFC0792] [RFC4443] and MPLS LSP
ping [RFC8029].
There are at least three approaches to attacking a node in the There are at least three approaches to attacking a node in the
overlay network using the mechanisms defined in the document. One is overlay network using the mechanisms defined in the document. One is
a Denial-of-Service attack, sending SFC Echo Requests to overload an a Denial-of-Service attack, i.e., sending SFC Echo Requests to
element of the SFC. The second may use spoofing, hijacking, overload an element of SFC. The second may use spoofing, hijacking,
replying, or otherwise tampering with SFC Echo Requests and/or replying, or otherwise tampering with SFC Echo Requests and/or
replies to misrepresent, alter the operator's view of the state of Replies to misrepresent and alter the operator's view of the state of
the SFC. The third is an unauthorized source using an SFC Echo the SFC. The third is an unauthorized source using an SFC Echo
Request/Reply to obtain information about the SFC and/or its Request/Reply to obtain information about the SFC and/or its
elements, e.g., SFFs and/or SFs. elements, e.g., SFFs and/or SFs.
It is RECOMMENDED that implementations throttle the number of SFC It is RECOMMENDED that implementations throttle the number of SFC
Echo Request/Echo Reply messages going to the control plane to Echo Request/Reply messages going to the control plane to mitigate
mitigate potential Denial-of-Service attacks. potential Denial-of-Service attacks.
Reply and spoofing attacks involving faking or replying to SFC Echo Reply and spoofing attacks involving faking or replying to SFC Echo
Reply messages would have to match the Sender's Handle and Sequence Reply messages would have to match the Sender's Handle and Sequence
Number of an outstanding SFC Echo Request message, which is highly Number of an outstanding SFC Echo Request message, which is highly
unlikely for off-path attackers. A non-matching reply would be unlikely for off-path attackers. A non-matching reply would be
discarded. discarded.
To protect against unauthorized sources trying to obtain information To protect against unauthorized sources trying to obtain information
about the overlay and/or underlay, an implementation MUST have means about the overlay and/or underlay, an implementation MUST have means
to check that the source of the Echo Request is part of the SFP. to check that the source of the Echo Request is part of the SFP.
Also, since the Service Function Information sub-TLV discloses Also, since the SF Information Sub-TLV discloses information about
information about the SFP, the spoofed CVReq packet may be used to the SFP, the spoofed CVReq packet may be used to obtain network
obtain network information. Thus, implementations MUST provide a information. Thus, implementations MUST provide a means of checking
means of checking the source addresses of CVReq messages, specified the source addresses of CVReq messages, as specified in Section 6.3.1
in Source ID TLV (Section 6.3.1), against an access list before ("Source ID TLV"), against an access list before accepting the
accepting the message. message.
8. Operational Considerations 8. Operational Considerations
This section provides information about operational aspects of the This section provides information about operational aspects of the
SFC NSH Echo Request/Reply according to recommendations in [RFC5706]. SFC NSH Echo Request/Reply according to recommendations in [RFC5706].
SFC NSH Echo Request/Reply provides essential OAM functions for The SFC NSH Echo Request/Reply provides essential OAM functions for
network operators. SFC NSH Echo Request/Reply is intended to detect network operators. The SFC NSH Echo Request/Reply is intended to
and localize defects in an SFC. For example, by comparing results of detect and localize defects in SFC. For example, by comparing
the trace function in operational and failed states, an operator can results of the trace function in operational and failed states, an
locate the defect, e.g., the connection between SFF1 and SFF2 operator can locate the defect, e.g., the connection between SFF1 and
(Figure 1). After narrowing down a failure to an overlay link, a SFF2 (Figure 1). After narrowing down a failure to an overlay link,
more specific failure location can be determined using OAM tools in a more specific failure location can be determined using OAM tools in
the underlay network. The mechanism defined in this document can be the underlay network. The mechanism defined in this document can be
used on-demand or for periodic validation of an SFP or RSP. Because used on demand or for periodic validation of an SFP or RSP. Because
the protocol makes use of the control plane which may have limited the protocol makes use of the control plane, which may have limited
capacity, an operator must be able to rate limit Echo Request and capacity, an operator must be able to rate limit Echo Request and
Echo Reply messages. A reasonably selected default interval between Echo Reply messages. A reasonably selected default interval between
Echo Request control packets can provide additional benefit for an Echo Request control packets can provide additional benefit for an
operator. If the protocol is incrementally deployed in the NSH operator. If the protocol is incrementally deployed in the NSH
domain, SFC elements, e.g., Classifier or SFF, that don't support domain, SFC elements, e.g., Classifier or SFF, that don't support SFC
Active SFC OAM will discard protocol's packets. If an SFC uses a re- active OAM will discard the protocol's packets. If SFC uses a
classification along the SFP or when the principle of load balancing reclassification along the SFP or when the principle of load
is unknown, the fate-sharing between data and active OAM packets balancing is unknown, the fate sharing between data and active OAM
cannot be guaranteed. As a result, the OAM outcome might not reflect packets cannot be guaranteed. As a result, the OAM outcome might not
the state of the entire SFC properly but only its segment. In reflect the state of the entire SFC properly but only its segment.
general, it is an operational task to consider the cases where active In general, it is an operational task to consider the cases where
OAM may not share fate with monitored SFP. SFC NSH Echo Request/ active OAM may not share fate with the monitored SFP. The SFC NSH
Reply also can be used in combination with the existing mechanisms Echo Request/Reply also can be used in combination with the existing
discussed in [RFC8924], filling the gaps and extending their mechanisms discussed in [RFC8924], filling the gaps and extending
functionalities. their functionalities.
Management of the SFC NSH Echo Request/Reply protocol can be provided Management of the SFC NSH Echo Request/Reply protocol can be provided
by a proprietary tool, e.g., command line interface, or based on a by a proprietary tool, e.g., command line interface, or based on a
data model, structured or standardized. data model that is structured or standardized.
9. Acknowledgments
The authors greatly appreciate the thorough review and the most
helpful comments from Dan Wing, Dirk von Hugo, Mohamed Boucadair,
Donald Eastlake, Carlos Pignataro, and Frank Brockners. The authors
are thankful to John Drake for his review and the reference to the
work on BGP Control Plane for NSH SFC. The authors express their
appreciation to Joel M. Halpern for his suggestion about the load-
balancing scenario. The authors greatly appreciate the thoroughness
of comments and thoughtful suggestions by Darren Dukes that
significantly improved the document.
10. IANA Considerations 9. IANA Considerations
The terms used in the IANA Considerations below are intended to be The terms used in the IANA considerations below are intended to be
consistent with [RFC8126]. consistent with [RFC8126].
10.1. SFC Active OAM Protocol 9.1. SFC Active OAM Protocol
IANA is requested to assign a new type from the sub-registry NSH Next IANA has assigned the following new type in the "NSH Next Protocol"
Protocol of the Network Service Header (NSH) Parameters registry as registry within the "Network Service Header (NSH) Parameters" group
follows: of registries:
+=======+================+===============+ +===============+================+===========+
| Value | Description | Reference | | Next Protocol | Description | Reference |
+=======+================+===============+ +===============+================+===========+
| TBA1 | SFC Active OAM | This document | | 0x07 | SFC Active OAM | RFC 9516 |
+-------+----------------+---------------+ +---------------+----------------+-----------+
Table 1: SFC Active OAM Protocol Table 1: SFC Active OAM Protocol
10.2. SFC Active OAM 9.2. SFC Active OAM
IANA is requested to create an SFC Active OAM registry containing the
sub-registries listed below.
10.2.1. SFC Active OAM Message Type IANA has created the "Service Function Chaining (SFC) Active
Operations, Administration, and Maintenance (OAM)" group of
registries, which contains the registries described in the following
subsections.
IANA is requested to create in the SFC Active OAM registry a sub- 9.2.1. SFC Active OAM Message Types
registry as follows:
Sub-registry Name: SFC Active OAM Message Type. IANA has created the "SFC Active OAM Message Types" registry as
follows:
Assignment Policy: Registry Name: SFC Active OAM Message Types
2-31 IETF Review Assignment Policy:
0 - 31 IETF Review
32 - 62 First Come First Served
32-62 First Come First Served Reference: RFC 9516
Reference: [this document] +========+========================+===========+
+========+=============================+===============+ | Value | Description | Reference |
| Value | Description | Reference | +========+========================+===========+
+========+=============================+===============+ | 0 | Reserved | RFC 9516 |
| 0 | Reserved | This document | +--------+------------------------+-----------+
+--------+-----------------------------+---------------+ | 1 | SFC Echo Request/Reply | RFC 9516 |
| 1 | SFC Echo Request/Echo Reply | This document | +--------+------------------------+-----------+
+--------+-----------------------------+---------------+ | 2 - 62 | Unassigned | |
| 2 - 31 | Unassigned | This document | +--------+------------------------+-----------+
+--------+-----------------------------+---------------+ | 63 | Reserved | RFC 9516 |
| 32-62 | Unassigned | This document | +--------+------------------------+-----------+
+--------+-----------------------------+---------------+
| 63 | Reserved | This document |
+--------+-----------------------------+---------------+
Table 2: SFC Active OAM Message Type Table 2: SFC Active OAM Message Types
10.3. SFC Echo Request/Echo Reply Parameters 9.2.2. SFC Echo Request Flags
IANA is requested to create in the SFC Active OAM Registry the sub- IANA has created the "SFC Echo Request Flags" registry to track the
registry SFC Echo Request/Echo Reply Parameters. assignment of the 16 flags in the SFC Echo Request Flags field of the
SFC Echo Request message. The flags are numbered from 0 (the most
significant bit is transmitted first) to 15.
10.3.1. SFC Echo Request Flags IANA has created the "SFC Echo Request Flags" registry as follows:
IANA is requested to create in the SFC Echo Request/Echo Reply Registry Name: SFC Echo Request Flags
Parameters the SFC Echo Request Flags sub-registry.
This sub-registry tracks the assignment of 16 flags in the SFC Echo Assignment Policy:
Request Flags field of the SFC Echo Request message. The flags are 0 - 15 Standards Action
numbered from 0 (most significant bit, transmitted first) to 15.
New entries are assigned by Standards Action. Reference:
RFC 9516
+============+=============+===============+ +============+=============+===========+
| Bit Number | Description | Reference | | Bit Number | Description | Reference |
+============+=============+===============+ +============+=============+===========+
| 15-0 | Unassigned | This document | | 0 - 15 | Unassigned | |
+------------+-------------+---------------+ +------------+-------------+-----------+
Table 3: SFC Echo Request Flags Table 3: SFC Echo Request Flags
10.3.2. SFC Echo Types 9.2.3. SFC Echo Types
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters the SFC Echo Types sub-registry as follows:
Sub-registry Name: SFC Echo Types
Assignment Policy: IANA has created the "SFC Echo Types" registry as follows:
5 - 175 IETF Review Registry Name: SFC Echo Types
176 - 239 First Come First Served Assignment Policy:
0 - 175 IETF Review
176 - 239 First Come First Served
240 - 251 Experimental Use
252 - 254 Private Use
Reference: [this document] Reference: RFC 9516
+===========+======================================+===============+ +===========+======================================+===========+
| Value | Description | Reference | | Value | Description | Reference |
+===========+======================================+===============+ +===========+======================================+===========+
| 0 | Reserved | This document | | 0 | Reserved | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 1 | SFC Echo Request | This document | | 1 | SFC Echo Request | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 2 | SFC Echo Reply | This document | | 2 | SFC Echo Reply | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 3 | SFP Consistency Verification Request | This document | | 3 | SFP Consistency Verification Request | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 4 | SFP Consistency Verification Reply | This document | | 4 | SFP Consistency Verification Reply | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 5 - 175 | Unassigned | This document | | 5 - 239 | Unassigned | |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 176 - 239 | Unassigned | This document | | 240 - 251 | Reserved for Experimental Use | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 240 - 251 | Experimental | This document | | 252 - 254 | Reserved for Private Use | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 252 - 254 | Private Use | This document | | 255 | Reserved | RFC 9516 |
+-----------+--------------------------------------+---------------+ +-----------+--------------------------------------+-----------+
| 255 | Reserved | This document |
+-----------+--------------------------------------+---------------+
Table 4: SFC Echo Types Table 4: SFC Echo Types
10.3.3. SFC Echo Reply Modes 9.2.4. SFC Echo Reply Modes
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters registry the new sub-registry as follows:
Sub-registry Name: SFC Echo Reply Mode IANA has created the "SFC Echo Reply Modes" registry as follows:
Assignment Policy: Registry Name: SFC Echo Reply Modes
8 - 175 IETF Review Assignment Policy:
0 - 175 IETF Review
176 - 239 First Come First Served
240 - 251 Experimental Use
252 - 254 Private Use
176 - 239 First Come First Served Reference: RFC 9516
Reference: [this document] +=======+====================================+===========+
+=======+====================================+===============+ | Value | Description | Reference |
| Value | Description | Reference | +=======+====================================+===========+
+=======+====================================+===============+ | 0 | Reserved | RFC 9516 |
| 0 | Reserved | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 1 | Do Not Reply | RFC 9516 |
| 1 | Do Not Reply | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 2 | Reply via an IPv4/IPv6 UDP Packet | RFC 9516 |
| 2 | Reply via an IPv4/IPv6 UDP Packet | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 3 | Unassigned | |
| 3 | Unassigned | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 4 | Reply via Specified Path | RFC 9516 |
| 4 | Reply via Specified Path | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 5 | Reply via an IPv4/IPv6 UDP Packet | RFC 9516 |
| 5 | Reply via an IPv4/IPv6 UDP Packet | This document | | | with the data integrity protection | |
| | with the data integrity protection | | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 6 | Unassigned | |
| 6 | Unassigned | This document | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 7 | Reply via Specified Path with the | RFC 9516 |
| 7 | Reply via Specified Path with the | This document | | | data integrity protection | |
| | data integrity protection | | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 8 - | Unassigned | |
| 8 - | Unassigned | This document | | 239 | | |
| 175 | | | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 240 - | Reserved for Experimental Use | RFC 9516 |
| 176 - | Unassigned | This document | | 251 | | |
| 239 | | | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 252 - | Reserved for Private Use | RFC 9516 |
| 240 - | Experiemntal | This document | | 254 | | |
| 251 | | | +-------+------------------------------------+-----------+
+-------+------------------------------------+---------------+ | 255 | Reserved | RFC 9516 |
| 252 - | Private Use | This document | +-------+------------------------------------+-----------+
| 254 | | |
+-------+------------------------------------+---------------+
| 255 | Reserved | This document |
+-------+------------------------------------+---------------+
Table 5: SFC Echo Reply Modes Table 5: SFC Echo Reply Modes
10.3.4. SFC Echo Return Codes 9.2.5. SFC Echo Return Codes
IANA is requested to create in the SFC Echo Request/Echo Reply
Parameters registry the new sub-registry as follows:
Sub-registry Name: SFC Echo Return Codes
Assignment Policy:
9 - 191 IETF Review
192 - 251 First Come First Served
Reference: [this document]
+=========+=================================+===============+ IANA has created the "SFC Echo Return Codes" registry as follows:
| Value | Description | Reference |
+=========+=================================+===============+
| 0 | No Error | This document |
+---------+---------------------------------+---------------+
| 1 | Malformed Echo Request received | This document |
+---------+---------------------------------+---------------+
| 2 | One or more of the TLVs was not | This document |
| | understood | |
+---------+---------------------------------+---------------+
| 3 | Authentication failed | This document |
+---------+---------------------------------+---------------+
| 4 | SFC TTL Exceeded | This document |
+---------+---------------------------------+---------------+
| 5 | End of the SFP | This document |
+---------+---------------------------------+---------------+
| 6 | Reply Service Function Path TLV | This document |
| | is missing | |
+---------+---------------------------------+---------------+
| 7 | Reply SFP was not found | This document |
+---------+---------------------------------+---------------+
| 8 | Unverifiable Reply Service | This document |
| | Function Path | |
+---------+---------------------------------+---------------+
| 9 -191 | Unassigned | This document |
+---------+---------------------------------+---------------+
| 192-251 | Unassigned | This document |
+---------+---------------------------------+---------------+
| 252-254 | Private Use | This document |
+---------+---------------------------------+---------------+
| 255 | Reserved | This document |
+---------+---------------------------------+---------------+
Table 6: SFC Echo Return Codes Registry Name: SFC Echo Return Codes
10.4. SFC Active OAM TLV Type Assignment Policy:
0 - 191 IETF Review
192 - 251 First Come First Served
252 - 254 Private Use
IANA is requested to create in the in the SFC Active OAM Registry the Reference: RFC 9516
sub-registry as follows:
Registry Name: SFC Active OAM TLV Type +=========+============================================+===========+
| Value | Description | Reference |
+=========+============================================+===========+
| 0 | No Error | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 1 | Malformed Echo Request received | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 2 | One or more of the TLVs was not understood | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 3 | Authentication failed | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 4 | SFC TTL Exceeded | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 5 | End of the SFP | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 6 | Reply Service Function Path TLV is missing | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 7 | Reply SFP was not found | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 8 | Unverifiable Reply Service Function Path | RFC 9516 |
+---------+--------------------------------------------+-----------+
| 9 - 251 | Unassigned | |
+---------+--------------------------------------------+-----------+
| 252 - | Reserved for Private Use | RFC 9516 |
| 254 | | |
+---------+--------------------------------------------+-----------+
| 255 | Reserved | RFC 9516 |
+---------+--------------------------------------------+-----------+
Assignment Policy: Table 6: SFC Echo Return Codes
6 -175 IETF Review 9.2.6. SFC Active OAM TLV Types
176 - 239 First Come First Served IANA has created the "SFC Active OAM TLV Types" registry as follows:
Reference: [this document] Registry Name: SFC Active OAM TLV Types
+===========+===================================+===============+ Assignment Policy:
| Value | Description | Reference | 0 - 175 IETF Review
+===========+===================================+===============+ 176 - 239 First Come First Served
| 0 | Reserved | This document | 240 - 251 Experimental Use
+-----------+-----------------------------------+---------------+ 252 - 254 Private Use
| 1 | Source ID TLV | This document |
+-----------+-----------------------------------+---------------+
| 2 | Errored TLVs | This document |
+-----------+-----------------------------------+---------------+
| 3 | Reply Service Function Path Type | This document |
+-----------+-----------------------------------+---------------+
| 4 | SFF Information Record Type | This document |
+-----------+-----------------------------------+---------------+
| 5 | SF Information | This document |
+-----------+-----------------------------------+---------------+
| 6 - 175 | Unassigned | This document |
+-----------+-----------------------------------+---------------+
| 176 - 239 | Unassigned | This document |
+-----------+-----------------------------------+---------------+
| 240 - 251 | Experimental | This document |
+-----------+-----------------------------------+---------------+
| 252 - 254 | Private Use | This document |
+-----------+-----------------------------------+---------------+
| 255 | Reserved | This document |
+-----------+-----------------------------------+---------------+
Table 7: SFC Active OAM TLV Type Registry Reference: RFC 9516
10.5. SF Identifier Types +===========+==================================+===========+
| Value | Description | Reference |
+===========+==================================+===========+
| 0 | Reserved | RFC 9516 |
+-----------+----------------------------------+-----------+
| 1 | Source ID TLV | RFC 9516 |
+-----------+----------------------------------+-----------+
| 2 | Errored TLVs | RFC 9516 |
+-----------+----------------------------------+-----------+
| 3 | Reply Service Function Path Type | RFC 9516 |
+-----------+----------------------------------+-----------+
| 4 | SFF Information Record Type | RFC 9516 |
+-----------+----------------------------------+-----------+
| 5 | SF Information | RFC 9516 |
+-----------+----------------------------------+-----------+
| 6 - 239 | Unassigned | |
+-----------+----------------------------------+-----------+
| 240 - 251 | Reserved for Experimental Use | RFC 9516 |
+-----------+----------------------------------+-----------+
| 252 - 254 | Reserved for Private Use | RFC 9516 |
+-----------+----------------------------------+-----------+
| 255 | Reserved | RFC 9516 |
+-----------+----------------------------------+-----------+
IANA is requested to create in the SF Types registry [RFC9263] the Table 7: SFC Active OAM TLV Types
sub-registry as follows:
Registry Name: SF Identifier Types 9.2.7. SF Identifier Types
Assignment Policy: IANA has created the "SF Identifier Types" as follows:
4 -191 IETF Review Registry Name: SF Identifier Types
192 - 251 First Come First Served Assignment Policy:
0 - 191 IETF Review
192 - 251 First Come First Served
252 - 254 Private Use
Reference: [this document] Reference: RFC 9516
+=========+=============+===============+
| Value | Description | Reference |
+=========+=============+===============+
| 0 | Reserved | This document |
+---------+-------------+---------------+
| 1 | IPv4 | This document |
+---------+-------------+---------------+
| 2 | IPv6 | This document |
+---------+-------------+---------------+
| 3 | MAC | This document |
+---------+-------------+---------------+
| 4 -191 | Unassigned | This document |
+---------+-------------+---------------+
| 192-251 | Unassigned | This document |
+---------+-------------+---------------+
| 252-254 | Private Use | This document |
+---------+-------------+---------------+
| 255 | Reserved | This document |
+---------+-------------+---------------+
Table 8: SF Identifier Type +===========+==========================+===========+
| Value | Description | Reference |
+===========+==========================+===========+
| 0 | Reserved | RFC 9516 |
+-----------+--------------------------+-----------+
| 1 | IPv4 | RFC 9516 |
+-----------+--------------------------+-----------+
| 2 | IPv6 | RFC 9516 |
+-----------+--------------------------+-----------+
| 3 | MAC | RFC 9516 |
+-----------+--------------------------+-----------+
| 4 - 251 | Unassigned | |
+-----------+--------------------------+-----------+
| 252 - 254 | Reserved for Private Use | RFC 9516 |
+-----------+--------------------------+-----------+
| 255 | Reserved | RFC 9516 |
+-----------+--------------------------+-----------+
11. References Table 8: SF Identifier Types
11.1. Normative References 10. References
[I-D.ietf-sfc-oam-packet] 10.1. Normative References
Boucadair, M., "OAM Packet and Behavior in the Network
Service Header (NSH)", Work in Progress, Internet-Draft,
draft-ietf-sfc-oam-packet-03, 26 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-sfc-oam-
packet-03>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function [RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function
Chaining (SFC) Architecture", RFC 7665, Chaining (SFC) Architecture", RFC 7665,
DOI 10.17487/RFC7665, October 2015, DOI 10.17487/RFC7665, October 2015,
<https://www.rfc-editor.org/info/rfc7665>. <https://www.rfc-editor.org/info/rfc7665>.
skipping to change at page 33, line 22 skipping to change at line 1466
in Service Function Chaining", RFC 9015, in Service Function Chaining", RFC 9015,
DOI 10.17487/RFC9015, June 2021, DOI 10.17487/RFC9015, June 2021,
<https://www.rfc-editor.org/info/rfc9015>. <https://www.rfc-editor.org/info/rfc9015>.
[RFC9145] Boucadair, M., Reddy.K, T., and D. Wing, "Integrity [RFC9145] Boucadair, M., Reddy.K, T., and D. Wing, "Integrity
Protection for the Network Service Header (NSH) and Protection for the Network Service Header (NSH) and
Encryption of Sensitive Context Headers", RFC 9145, Encryption of Sensitive Context Headers", RFC 9145,
DOI 10.17487/RFC9145, December 2021, DOI 10.17487/RFC9145, December 2021,
<https://www.rfc-editor.org/info/rfc9145>. <https://www.rfc-editor.org/info/rfc9145>.
11.2. Informative References [RFC9451] Boucadair, M., "Operations, Administration, and
Maintenance (OAM) Packet and Behavior in the Network
Service Header (NSH)", RFC 9451, DOI 10.17487/RFC9451,
August 2023, <https://www.rfc-editor.org/info/rfc9451>.
10.2. Informative References
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>. <https://www.rfc-editor.org/info/rfc792>.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086, "Randomness Requirements for Security", BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005, DOI 10.17487/RFC4086, June 2005,
<https://www.rfc-editor.org/info/rfc4086>. <https://www.rfc-editor.org/info/rfc4086>.
skipping to change at page 35, line 11 skipping to change at line 1551
Operations, Administration, and Maintenance (OAM) Operations, Administration, and Maintenance (OAM)
Framework", RFC 8924, DOI 10.17487/RFC8924, October 2020, Framework", RFC 8924, DOI 10.17487/RFC8924, October 2020,
<https://www.rfc-editor.org/info/rfc8924>. <https://www.rfc-editor.org/info/rfc8924>.
[RFC9263] Wei, Y., Ed., Elzur, U., Majee, S., Pignataro, C., and D. [RFC9263] Wei, Y., Ed., Elzur, U., Majee, S., Pignataro, C., and D.
Eastlake 3rd, "Network Service Header (NSH) Metadata Type Eastlake 3rd, "Network Service Header (NSH) Metadata Type
2 Variable-Length Context Headers", RFC 9263, 2 Variable-Length Context Headers", RFC 9263,
DOI 10.17487/RFC9263, August 2022, DOI 10.17487/RFC9263, August 2022,
<https://www.rfc-editor.org/info/rfc9263>. <https://www.rfc-editor.org/info/rfc9263>.
Contributors' Addresses Acknowledgments
The authors greatly appreciate the thorough review and the most
helpful comments from Dan Wing, Dirk von Hugo, Mohamed Boucadair,
Donald Eastlake 3rd, Carlos Pignataro, and Frank Brockners. The
authors are thankful to John Drake for his review and the reference
to the work on BGP control plane for NSH SFC. The authors express
their appreciation to Joel M. Halpern for his suggestion about the
load-balancing scenario. The authors greatly appreciate the
thoroughness of comments and thoughtful suggestions by Darren Dukes
that significantly improved the document.
Contributors
Cui Wang Cui Wang
Individual contributor Individual contributor
Email: lindawangjoy@gmail.com Email: lindawangjoy@gmail.com
Zhonghua Chen Zhonghua Chen
China Telecom China Telecom
No.1835, South PuDong Road No.1835, South PuDong Road
Shanghai Shanghai
201203 201203
skipping to change at page 35, line 34 skipping to change at line 1586
Email: chenzhongh@chinatelecom.cn Email: chenzhongh@chinatelecom.cn
Authors' Addresses Authors' Addresses
Greg Mirsky Greg Mirsky
Ericsson Ericsson
Email: gregimirsky@gmail.com Email: gregimirsky@gmail.com
Wei Meng Wei Meng
ZTE Corporation ZTE Corporation
No.50 Software Avenue, Yuhuatai District Yuhuatai District
No.50 Software Avenue
Nanjing, Nanjing,
China China
Email: meng.wei2@zte.com.cn Email: meng.wei2@zte.com.cn
Ting Ao Ting Ao
China Mobile China Mobile
No.889, BiBo Road No.889, BiBo Road
Shanghai Shanghai
201203 201203
China China
skipping to change at page 36, line 4 skipping to change at line 1600
Email: meng.wei2@zte.com.cn Email: meng.wei2@zte.com.cn
Ting Ao Ting Ao
China Mobile China Mobile
No.889, BiBo Road No.889, BiBo Road
Shanghai Shanghai
201203 201203
China China
Phone: +86 17721209283 Phone: +86 17721209283
Email: 18555817@qq.com Email: 18555817@qq.com
Bhumip Khasnabish Bhumip Khasnabish
Individual contributor Individual contributor
Email: vumip1@gmail.com Email: vumip1@gmail.com
Kent Leung Kent Leung
Individual contributor Individual contributor
530 Showers Drive Ste 7 530 Showers Drive Ste 7
Mountain View, CA 94040, Mountain View, CA 94040
United States of America United States of America
Email: mail4kentl@gmail.com Email: mail4kentl@gmail.com
Gyan Mishra Gyan Mishra
Verizon Inc. Verizon Inc.
Email: gyan.s.mishra@verizon.com Email: gyan.s.mishra@verizon.com
 End of changes. 256 change blocks. 
809 lines changed or deleted 796 lines changed or added

This html diff was produced by rfcdiff 1.48.