| rfc9617v2.txt | rfc9617.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) T. Zhou, Ed. | Internet Engineering Task Force (IETF) T. Zhou, Ed. | |||
| Request for Comments: 9617 Huawei | Request for Comments: 9617 Huawei | |||
| Category: Standards Track J. Guichard | Category: Standards Track J. Guichard | |||
| ISSN: 2070-1721 Futurewei | ISSN: 2070-1721 Futurewei | |||
| F. Brockners | F. Brockners | |||
| S. Raghavan | S. Raghavan | |||
| Cisco Systems | Cisco Systems | |||
| July 2024 | August 2024 | |||
| A YANG Data Model for In Situ Operations, Administration, and | A YANG Data Model for In Situ Operations, Administration, and | |||
| Maintenance (IOAM) | Maintenance (IOAM) | |||
| Abstract | Abstract | |||
| In situ Operations, Administration, and Maintenance (IOAM) is an | In situ Operations, Administration, and Maintenance (IOAM) is an | |||
| example of an on-path hybrid measurement method. IOAM defines a | example of an on-path hybrid measurement method. IOAM defines a | |||
| method for producing operational and telemetry information that may | method for producing operational and telemetry information that may | |||
| be exported using the in-band or out-of-band method. RFCs 9197 and | be exported using the in-band or out-of-band method. RFCs 9197 and | |||
| skipping to change at line 92 ¶ | skipping to change at line 92 ¶ | |||
| be exported using the in-band or out-of-band method. The data types | be exported using the in-band or out-of-band method. The data types | |||
| and data formats for IOAM data records have been defined in [RFC9197] | and data formats for IOAM data records have been defined in [RFC9197] | |||
| and [RFC9326]. The IOAM data can be embedded in many protocol | and [RFC9326]. The IOAM data can be embedded in many protocol | |||
| encapsulations, such as the Network Service Header (NSH) [RFC9452] | encapsulations, such as the Network Service Header (NSH) [RFC9452] | |||
| and IPv6. | and IPv6. | |||
| This document defines a data model for the configuration of IOAM | This document defines a data model for the configuration of IOAM | |||
| capabilities using the YANG data modeling language [RFC7950]. This | capabilities using the YANG data modeling language [RFC7950]. This | |||
| YANG data model supports five IOAM options, which are as follows: | YANG data model supports five IOAM options, which are as follows: | |||
| * Incremental Tracing Option [RFC9197] | * Incremental Trace-Option [RFC9197] | |||
| * Pre-allocated Tracing Option [RFC9197] | * Pre-allocated Trace-Option [RFC9197] | |||
| * Direct Export Option [RFC9326] | * Direct Export Option [RFC9326] | |||
| * Proof of Transit (POT) Option [RFC9197] | * Proof of Transit (POT) Option [RFC9197] | |||
| * Edge-to-Edge Option [RFC9197] | * Edge-to-Edge Option [RFC9197] | |||
| 2. Conventions Used in This Document | 2. Conventions Used in This Document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| skipping to change at line 179 ¶ | skipping to change at line 179 ¶ | |||
| profile can apply. There may be multiple filter types. Access | profile can apply. There may be multiple filter types. Access | |||
| Control Lists (ACLs) [RFC8519] provide a common way to specify a | Control Lists (ACLs) [RFC8519] provide a common way to specify a | |||
| flow. Each IOAM profile can associate with an ACE (Access Control | flow. Each IOAM profile can associate with an ACE (Access Control | |||
| Entry). When the matched ACE "forwarding" action is "accept", IOAM | Entry). When the matched ACE "forwarding" action is "accept", IOAM | |||
| actions MUST be driven by the accepted packets. | actions MUST be driven by the accepted packets. | |||
| The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 | The IOAM data can be encapsulated into multiple protocols, e.g., IPv6 | |||
| [RFC9486] and the NSH [RFC9452]. The "protocol-type" parameter is | [RFC9486] and the NSH [RFC9452]. The "protocol-type" parameter is | |||
| used to indicate where IOAM is applied. For example, if "protocol- | used to indicate where IOAM is applied. For example, if "protocol- | |||
| type" is set to "ipv6", the IOAM ingress node will encapsulate the | type" is set to "ipv6", the IOAM ingress node will encapsulate the | |||
| associated flow with the "IOAM in IPv6" format, per [RFC9486]. | associated flow according to [RFC9486]. | |||
| In this document, IOAM data includes five encapsulation types, i.e., | In this document, IOAM data includes five encapsulation types, i.e., | |||
| incremental tracing data, pre-allocated tracing data, direct export | incremental tracing data, pre-allocated tracing data, direct export | |||
| data, proof of transit data, and end-to-end data. In practice, | data, proof of transit data, and end-to-end data. In practice, | |||
| multiple IOAM data types can be encapsulated into the same IOAM | multiple IOAM data types can be encapsulated into the same IOAM | |||
| header. The "profile" parameter contains a set of sub-profiles, each | header. The "profile" parameter contains a set of sub-profiles, each | |||
| of which relates to one encapsulation type. The configured object | of which relates to one encapsulation type. The configured object | |||
| may not support all the sub-profiles. The supported sub-profiles are | may not support all the sub-profiles. The supported sub-profiles are | |||
| indicated by five defined features, i.e., "incremental-trace", | indicated by five defined features, i.e., "incremental-trace", | |||
| "preallocated-trace", "direct-export", "proof-of-transit", and "edge- | "preallocated-trace", "direct-export", "proof-of-transit", and "edge- | |||
| skipping to change at line 203 ¶ | skipping to change at line 203 ¶ | |||
| [RFC8519], the "ietf-interfaces" YANG module [RFC8343], and the | [RFC8519], the "ietf-interfaces" YANG module [RFC8343], and the | |||
| "ietf-lime-time-types" YANG module [RFC8532]. | "ietf-lime-time-types" YANG module [RFC8532]. | |||
| The YANG data model in this document conforms to the Network | The YANG data model in this document conforms to the Network | |||
| Management Datastore Architecture (NMDA) defined in [RFC8342]. | Management Datastore Architecture (NMDA) defined in [RFC8342]. | |||
| 3.2. Pre-allocated Tracing Profile | 3.2. Pre-allocated Tracing Profile | |||
| To ensure visibility into the entire path that a packet takes within | To ensure visibility into the entire path that a packet takes within | |||
| an IOAM domain, the IOAM tracing data is expected to be collected at | an IOAM domain, the IOAM tracing data is expected to be collected at | |||
| every node that a packet traverses. The pre-allocated tracing option | every node that a packet traverses. The Pre-allocated Trace-Option | |||
| will create pre-allocated space for each node to populate its | will create pre-allocated space for each node to populate its | |||
| information. The "preallocated-tracing-profile" parameter contains | information. The "preallocated-tracing-profile" parameter contains | |||
| the detailed information for the pre-allocated tracing data. This | the detailed information for the pre-allocated tracing data. This | |||
| information includes: | information includes: | |||
| node-action: indicates the operation (e.g., encapsulate the IOAM | node-action: indicates the operation (e.g., encapsulate the IOAM | |||
| header, transit the IOAM data, or decapsulate the IOAM header) | header, transit the IOAM data, or decapsulate the IOAM header) | |||
| applied to the dedicated flow. | applied to the dedicated flow. | |||
| use-namespace: indicates the namespace used for the trace types. | use-namespace: indicates the namespace used for the trace types. | |||
| skipping to change at line 230 ¶ | skipping to change at line 230 ¶ | |||
| +--rw preallocated-tracing-profile {preallocated-trace}? | +--rw preallocated-tracing-profile {preallocated-trace}? | |||
| +--rw node-action? ioam-node-action | +--rw node-action? ioam-node-action | |||
| +--rw trace-types | +--rw trace-types | |||
| | +--rw use-namespace? ioam-namespace | | +--rw use-namespace? ioam-namespace | |||
| | +--rw trace-type* ioam-trace-type | | +--rw trace-type* ioam-trace-type | |||
| +--rw max-length? uint32 | +--rw max-length? uint32 | |||
| 3.3. Incremental Tracing Profile | 3.3. Incremental Tracing Profile | |||
| The incremental tracing option contains a variable-length list of | The Incremental Trace-Option contains a variable-length list of node | |||
| node data fields, where each node allocates and pushes its node data | data fields, where each node allocates and pushes its node data | |||
| immediately following the option header. The "incremental-tracing- | immediately following the option header. The "incremental-tracing- | |||
| profile" parameter contains the detailed information for the | profile" parameter contains the detailed information for the | |||
| incremental tracing data. This information is the same as that for | incremental tracing data. This information is the same as that for | |||
| the Pre-allocated Tracing Profile; see Section 3.2. | the Pre-allocated Tracing Profile; see Section 3.2. | |||
| +--rw incremental-tracing-profile {incremental-trace}? | +--rw incremental-tracing-profile {incremental-trace}? | |||
| +--rw node-action? ioam-node-action | +--rw node-action? ioam-node-action | |||
| +--rw trace-types | +--rw trace-types | |||
| | +--rw use-namespace? ioam-namespace | | +--rw use-namespace? ioam-namespace | |||
| | +--rw trace-type* ioam-trace-type | | +--rw trace-type* ioam-trace-type | |||
| +--rw max-length? uint32 | +--rw max-length? uint32 | |||
| 3.4. Direct Export Profile | 3.4. Direct Export Profile | |||
| The direct export option is used as a trigger for IOAM data to be | The Direct Export Option is used as a trigger for IOAM data to be | |||
| directly exported or locally aggregated without being pushed into in- | directly exported or locally aggregated without being pushed into in- | |||
| flight data packets. The "direct-export-profile" parameter contains | flight data packets. The "direct-export-profile" parameter contains | |||
| the detailed information for the direct export data. This | the detailed information for the direct export data. This | |||
| information is the same as that for the Pre-allocated Tracing Profile | information is the same as that for the Pre-allocated Tracing Profile | |||
| (Section 3.2), but with two more optional variables: | (Section 3.2), but with two more optional variables: | |||
| flow-id: used to correlate the exported data of the same flow from | flow-id: used to correlate the exported data of the same flow from | |||
| multiple nodes and from multiple packets. | multiple nodes and from multiple packets. | |||
| enable-sequence-number: indicates whether the sequence number is | enable-sequence-number: indicates whether the sequence number is | |||
| used in the direct export option. | used in the Direct Export Option. | |||
| +--rw direct-export-profile {direct-export}? | +--rw direct-export-profile {direct-export}? | |||
| +--rw node-action? ioam-node-action | +--rw node-action? ioam-node-action | |||
| +--rw trace-types | +--rw trace-types | |||
| | +--rw use-namespace? ioam-namespace | | +--rw use-namespace? ioam-namespace | |||
| | +--rw trace-type* ioam-trace-type | | +--rw trace-type* ioam-trace-type | |||
| +--rw flow-id? uint32 | +--rw flow-id? uint32 | |||
| +--rw enable-sequence-number? boolean | +--rw enable-sequence-number? boolean | |||
| 3.5. Proof of Transit Profile | 3.5. Proof of Transit Profile | |||
| skipping to change at line 286 ¶ | skipping to change at line 286 ¶ | |||
| data. To align with [RFC9197], this document only defines IOAM POT | data. To align with [RFC9197], this document only defines IOAM POT | |||
| type 0. Users need to augment this module for the configuration of a | type 0. Users need to augment this module for the configuration of a | |||
| specific POT type. | specific POT type. | |||
| +--rw pot-profile {proof-of-transit}? | +--rw pot-profile {proof-of-transit}? | |||
| +--rw use-namespace? ioam-namespace | +--rw use-namespace? ioam-namespace | |||
| +--rw pot-type? ioam-pot-type | +--rw pot-type? ioam-pot-type | |||
| 3.6. Edge-to-Edge Profile | 3.6. Edge-to-Edge Profile | |||
| The IOAM edge-to-edge option is used to carry data that is added by | The IOAM Edge-to-Edge Option is used to carry data that is added by | |||
| the IOAM encapsulating node and interpreted by the IOAM decapsulating | the IOAM encapsulating node and interpreted by the IOAM decapsulating | |||
| node. The "e2e-profile" parameter contains the detailed information | node. The "e2e-profile" parameter contains the detailed information | |||
| for the edge-to-edge data. This information includes: | for the edge-to-edge data. This information includes: | |||
| node-action: the same semantic as that provided in Section 3.2. | node-action: the same semantic as that provided in Section 3.2. | |||
| use-namespace: indicates the namespace used for the edge-to-edge | use-namespace: indicates the namespace used for the edge-to-edge | |||
| types. | types. | |||
| e2e-type: indicates data to be carried from the ingress IOAM node to | e2e-type: indicates data to be carried from the ingress IOAM node to | |||
| skipping to change at line 387 ¶ | skipping to change at line 387 ¶ | |||
| "RFC 9617: A YANG Data Model for In Situ Operations, | "RFC 9617: A YANG Data Model for In Situ Operations, | |||
| Administration, and Maintenance (IOAM)"; | Administration, and Maintenance (IOAM)"; | |||
| } | } | |||
| /* | /* | |||
| * FEATURES | * FEATURES | |||
| */ | */ | |||
| feature incremental-trace { | feature incremental-trace { | |||
| description | description | |||
| "This feature indicates that the incremental tracing option | "This feature indicates that the Incremental Trace-Option is | |||
| is supported."; | supported."; | |||
| reference | reference | |||
| "RFC 9197: Data Fields for In Situ Operations, | "RFC 9197: Data Fields for In Situ Operations, | |||
| Administration, and Maintenance (IOAM)"; | Administration, and Maintenance (IOAM)"; | |||
| } | } | |||
| feature preallocated-trace { | feature preallocated-trace { | |||
| description | description | |||
| "This feature indicates that the pre-allocated tracing | "This feature indicates that the Pre-allocated Trace-Option | |||
| option is supported."; | is supported."; | |||
| reference | reference | |||
| "RFC 9197: Data Fields for In Situ Operations, | "RFC 9197: Data Fields for In Situ Operations, | |||
| Administration, and Maintenance (IOAM)"; | Administration, and Maintenance (IOAM)"; | |||
| } | } | |||
| feature direct-export { | feature direct-export { | |||
| description | description | |||
| "This feature indicates that the direct export option is | "This feature indicates that the Direct Export Option is | |||
| supported."; | supported."; | |||
| reference | reference | |||
| "RFC 9326: In Situ Operations, Administration, and | "RFC 9326: In Situ Operations, Administration, and | |||
| Maintenance (IOAM) Direct Exporting"; | Maintenance (IOAM) Direct Exporting"; | |||
| } | } | |||
| feature proof-of-transit { | feature proof-of-transit { | |||
| description | description | |||
| "This feature indicates that the proof of transit option is | "This feature indicates that the Proof of Transit Option is | |||
| supported."; | supported."; | |||
| reference | reference | |||
| "RFC 9197: Data Fields for In Situ Operations, | "RFC 9197: Data Fields for In Situ Operations, | |||
| Administration, and Maintenance (IOAM)"; | Administration, and Maintenance (IOAM)"; | |||
| } | } | |||
| feature edge-to-edge { | feature edge-to-edge { | |||
| description | description | |||
| "This feature indicates that the edge-to-edge option is | "This feature indicates that the Edge-to-Edge Option is | |||
| supported."; | supported."; | |||
| reference | reference | |||
| "RFC 9197: Data Fields for In Situ Operations, | "RFC 9197: Data Fields for In Situ Operations, | |||
| Administration, and Maintenance (IOAM)"; | Administration, and Maintenance (IOAM)"; | |||
| } | } | |||
| /* | /* | |||
| * IDENTITIES | * IDENTITIES | |||
| */ | */ | |||
| skipping to change at line 853 ¶ | skipping to change at line 853 ¶ | |||
| of the same flow from multiple nodes and from multiple | of the same flow from multiple nodes and from multiple | |||
| packets."; | packets."; | |||
| } | } | |||
| leaf enable-sequence-number { | leaf enable-sequence-number { | |||
| when "derived-from-or-self(../node-action, | when "derived-from-or-self(../node-action, | |||
| 'ioam:action-encapsulate')"; | 'ioam:action-encapsulate')"; | |||
| type boolean; | type boolean; | |||
| default "false"; | default "false"; | |||
| description | description | |||
| "This boolean value indicates whether the sequence number | "This boolean value indicates whether the sequence number | |||
| is used in the direct export option's 32-bit flow | is used in the Direct Export Option's 32-bit flow | |||
| identifier. If this value is set to 'true', the sequence | identifier. If this value is set to 'true', the sequence | |||
| number is used. It is turned off by default."; | number is used. It is turned off by default."; | |||
| } | } | |||
| } | } | |||
| grouping ioam-e2e-profile { | grouping ioam-e2e-profile { | |||
| description | description | |||
| "A grouping for the Edge-to-Edge Profile."; | "A grouping for the Edge-to-Edge Profile."; | |||
| leaf node-action { | leaf node-action { | |||
| type ioam-node-action; | type ioam-node-action; | |||
| skipping to change at line 974 ¶ | skipping to change at line 974 ¶ | |||
| IOAM."; | IOAM."; | |||
| } | } | |||
| leaf protocol-type { | leaf protocol-type { | |||
| type ioam-protocol-type; | type ioam-protocol-type; | |||
| description | description | |||
| "This object is used to indicate the carrier protocol | "This object is used to indicate the carrier protocol | |||
| where IOAM is applied."; | where IOAM is applied."; | |||
| } | } | |||
| container incremental-tracing-profile { | container incremental-tracing-profile { | |||
| if-feature "incremental-trace"; | if-feature "incremental-trace"; | |||
| presence "Enables the incremental tracing option."; | presence "Enables the Incremental Trace-Option."; | |||
| description | description | |||
| "This container describes the profile for the | "This container describes the profile for the | |||
| incremental tracing option."; | Incremental Trace-Option."; | |||
| uses ioam-incremental-tracing-profile; | uses ioam-incremental-tracing-profile; | |||
| } | } | |||
| container preallocated-tracing-profile { | container preallocated-tracing-profile { | |||
| if-feature "preallocated-trace"; | if-feature "preallocated-trace"; | |||
| presence "Enables the pre-allocated tracing option."; | presence "Enables the Pre-allocated Trace-Option."; | |||
| description | description | |||
| "This container describes the profile for the | "This container describes the profile for the | |||
| pre-allocated tracing option."; | Pre-allocated Trace-Option."; | |||
| uses ioam-preallocated-tracing-profile; | uses ioam-preallocated-tracing-profile; | |||
| } | } | |||
| container direct-export-profile { | container direct-export-profile { | |||
| if-feature "direct-export"; | if-feature "direct-export"; | |||
| presence "Enables the direct export option."; | presence "Enables the Direct Export Option."; | |||
| description | description | |||
| "This container describes the profile for the | "This container describes the profile for the | |||
| direct export option."; | Direct Export Option."; | |||
| uses ioam-direct-export-profile; | uses ioam-direct-export-profile; | |||
| } | } | |||
| container pot-profile { | container pot-profile { | |||
| if-feature "proof-of-transit"; | if-feature "proof-of-transit"; | |||
| presence "Enables the proof of transit (POT) option."; | presence "Enables the Proof of Transit Option."; | |||
| description | description | |||
| "This container describes the profile for the | "This container describes the profile for the | |||
| POT option."; | Proof of Transit Option."; | |||
| leaf use-namespace { | leaf use-namespace { | |||
| type ioam-namespace; | type ioam-namespace; | |||
| default "default-namespace"; | default "default-namespace"; | |||
| description | description | |||
| "This object indicates the namespace used for the | "This object indicates the namespace used for the | |||
| POT types."; | POT types."; | |||
| } | } | |||
| leaf pot-type { | leaf pot-type { | |||
| type ioam-pot-type; | type ioam-pot-type; | |||
| description | description | |||
| "The type of a particular POT variant that specifies | "The type of a particular POT variant that specifies | |||
| the POT data that is included."; | the POT data that is included."; | |||
| } | } | |||
| } | } | |||
| container e2e-profile { | container e2e-profile { | |||
| if-feature "edge-to-edge"; | if-feature "edge-to-edge"; | |||
| presence "Enables the edge-to-edge option."; | presence "Enables the Edge-to-Edge Option."; | |||
| description | description | |||
| "This container describes the profile for the | "This container describes the profile for the | |||
| edge-to-edge option."; | Edge-to-Edge Option."; | |||
| uses ioam-e2e-profile; | uses ioam-e2e-profile; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| } | } | |||
| <CODE ENDS> | <CODE ENDS> | |||
| 5. Security Considerations | 5. Security Considerations | |||
| skipping to change at line 1286 ¶ | skipping to change at line 1286 ¶ | |||
| </profiles> | </profiles> | |||
| </ioam> | </ioam> | |||
| </config> | </config> | |||
| </edit-config> | </edit-config> | |||
| </rpc> | </rpc> | |||
| Appendix C. An Example of the Direct Export Profile | Appendix C. An Example of the Direct Export Profile | |||
| An example of the Direct Export Profile is depicted in the following | An example of the Direct Export Profile is depicted in the following | |||
| figure. This configuration is received by an IOAM egress node. This | figure. This configuration is received by an IOAM egress node. This | |||
| node detects the IOAM direct export option in the IPv6 extension | node detects the IOAM Direct Export Option in the IPv6 extension | |||
| header and removes the option to clean all the IOAM data. | header and removes the option to clean all the IOAM data. | |||
| <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" | <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" | |||
| message-id="101"> | message-id="101"> | |||
| <edit-config> | <edit-config> | |||
| <target> | <target> | |||
| <candidate/> | <candidate/> | |||
| </target> | </target> | |||
| <config> | <config> | |||
| <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> | <ioam xmlns="urn:ietf:params:xml:ns:yang:ietf-ioam"> | |||
| skipping to change at line 1349 ¶ | skipping to change at line 1349 ¶ | |||
| </profiles> | </profiles> | |||
| </ioam> | </ioam> | |||
| </config> | </config> | |||
| </edit-config> | </edit-config> | |||
| </rpc> | </rpc> | |||
| Appendix E. An Example of the Edge-to-Edge Profile | Appendix E. An Example of the Edge-to-Edge Profile | |||
| An example of the Edge-to-Edge Profile is depicted in the following | An example of the Edge-to-Edge Profile is depicted in the following | |||
| figure. This configuration is received by an IOAM egress node. This | figure. This configuration is received by an IOAM egress node. This | |||
| node detects the IOAM edge-to-edge option in the IPv6 extension | node detects the IOAM Edge-to-Edge Option in the IPv6 extension | |||
| header and removes the option to clean all the IOAM data. As the | header and removes the option to clean all the IOAM data. As the | |||
| IOAM egress node, it may collect the edge-to-edge data and deliver it | IOAM egress node, it may collect the edge-to-edge data and deliver it | |||
| to the data-exporting process. | to the data-exporting process. | |||
| <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" | <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" | |||
| message-id="101"> | message-id="101"> | |||
| <edit-config> | <edit-config> | |||
| <target> | <target> | |||
| <candidate/> | <candidate/> | |||
| </target> | </target> | |||
| End of changes. 27 change blocks. | ||||
| 30 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||