rfc9259.original   rfc9259.txt 
6man Z. Ali Internet Engineering Task Force (IETF) Z. Ali
Internet-Draft C. Filsfils Request for Comments: 9259 C. Filsfils
Intended status: Standards Track Cisco Systems Category: Standards Track Cisco Systems
Expires: July 27, 2022 S. Matsushima ISSN: 2070-1721 S. Matsushima
Softbank Softbank
D. Voyer D. Voyer
Bell Canada Bell Canada
M. Chen M. Chen
Huawei Huawei
January 23, 2022 June 2022
Operations, Administration, and Maintenance (OAM) in Segment Routing Operations, Administration, and Maintenance (OAM) in Segment Routing
Networks with IPv6 Data plane (SRv6) over IPv6 (SRv6)
draft-ietf-6man-spring-srv6-oam-13
Abstract Abstract
This document describes how the existing IPv6 mechanisms for ping and This document describes how the existing IPv6 mechanisms for ping and
traceroute can be used in an SRv6 network. The document also traceroute can be used in a Segment Routing over IPv6 (SRv6) network.
specifies the OAM flag in the Segment Routing Header (SRH) for The document also specifies the OAM flag (O-flag) in the Segment
performing controllable and predictable flow sampling from segment Routing Header (SRH) for performing controllable and predictable flow
endpoints. In addition, the document describes how a centralized sampling from segment endpoints. In addition, the document describes
monitoring system performs a path continuity check between any nodes how a centralized monitoring system performs a path continuity check
within an SRv6 domain. between any nodes within an SRv6 domain.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on July 27, 2022. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9259.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Revised BSD License text as described in Section 4.e of the
the Trust Legal Provisions and are provided without warranty as Trust Legal Provisions and are provided without warranty as described
described in the Simplified BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language
1.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Abbreviations
1.3. Terminology and Reference Topology . . . . . . . . . . . 4 1.3. Terminology and Reference Topology
2. OAM Mechanisms . . . . . . . . . . . . . . . . . . . . . . . 5 2. OAM Mechanisms
2.1. O-flag in Segment Routing Header . . . . . . . . . . . . 5 2.1. OAM Flag in the Segment Routing Header
2.1.1. O-flag Processing . . . . . . . . . . . . . . . . . . 6 2.1.1. OAM Flag Processing
2.2. OAM Operations . . . . . . . . . . . . . . . . . . . . . 8 2.2. OAM Operations
3. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 3. Security Considerations
4. Security Considerations . . . . . . . . . . . . . . . . . . . 9 4. Privacy Considerations
5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 5. IANA Considerations
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. References
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. Normative References
7.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.2. Informative References
7.2. Informative References . . . . . . . . . . . . . . . . . 10 Appendix A. Illustrations
Appendix A. Illustrations . . . . . . . . . . . . . . . . . . . 12 A.1. Ping in SRv6 Networks
A.1. Ping in SRv6 Networks . . . . . . . . . . . . . . . . . . 12 A.1.1. Pinging an IPv6 Address via a Segment List
A.1.1. Pinging an IPv6 Address via a Segment-list . . . . . 13 A.1.2. Pinging a SID
A.1.2. Pinging a SID . . . . . . . . . . . . . . . . . . . . 14 A.2. Traceroute in SRv6 Networks
A.2. Traceroute . . . . . . . . . . . . . . . . . . . . . . . 15 A.2.1. Traceroute to an IPv6 Address via a Segment List
A.2.1. Traceroute to an IPv6 Address via a Segment-list . . 15 A.2.2. Traceroute to a SID
A.2.2. Traceroute to a SID . . . . . . . . . . . . . . . . . 17 A.3. Hybrid OAM Using the OAM Flag
A.3. A Hybrid OAM Using O-flag . . . . . . . . . . . . . . . . 18 A.4. Monitoring of SRv6 Paths
A.4. Monitoring of SRv6 Paths . . . . . . . . . . . . . . . . 21 Acknowledgements
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 22 Contributors
Appendix C. Contributors . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
As Segment Routing with IPv6 data plane (SRv6) [RFC8402] simply adds As Segment Routing over IPv6 (SRv6) [RFC8402] simply adds a new type
a new type of Routing Extension Header, existing IPv6 OAM mechanisms of Routing Extension Header, existing IPv6 OAM mechanisms can be used
can be used in an SRv6 network. This document describes how the in an SRv6 network. This document describes how the existing IPv6
existing IPv6 mechanisms for ping and traceroute can be used in an mechanisms for ping and traceroute can be used in an SRv6 network.
SRv6 network. This includes illustrations of pinging an SRv6 SID to This includes illustrations of pinging an SRv6 Segment Identifier
verify that the SID is reachable and is locally programmed at the (SID) to verify that the SID is reachable and is locally programmed
target node. This also includes illustrations for tracerouting to an at the target node. This also includes illustrations for
SRv6 SID for hop-by-hop fault localization as well as path tracing to tracerouting to an SRv6 SID for hop-by-hop fault localization as well
a SID. as path tracing to a SID.
The document also introduces enhancements for the OAM mechanism for This document also introduces enhancements for the OAM mechanism for
SRv6 networks for performing controllable and predictable flow SRv6 networks that allow controllable and predictable flow sampling
sampling from segment endpoints using, e.g., IP Flow Information from segment endpoints using, e.g., the IP Flow Information Export
Export (IPFIX) protocol [RFC7011]. Specifically, the document (IPFIX) protocol [RFC7011]. Specifically, the document specifies the
specifies the O-flag in SRH as a marking-bit in the user packets to OAM flag (O-flag) in the SRH as a marking bit in the user packets to
trigger the telemetry data collection and export at the segment trigger telemetry data collection and export at the segment
endpoints. endpoints.
The document also outlines how the centralized OAM technique in This document also outlines how the centralized OAM technique in
[RFC8403] can be extended for SRv6 to perform a path continuity check [RFC8403] can be extended for SRv6 to perform a path continuity check
between any nodes within an SRv6 domain. Specifically, the document between any nodes within an SRv6 domain. Specifically, the document
illustrates how a centralized monitoring system can monitor arbitrary illustrates how a centralized monitoring system can monitor arbitrary
SRv6 paths by creating the loopback probes that originate and SRv6 paths by creating loopback probes that originate and terminate
terminate at the centralized monitoring system. at the centralized monitoring system.
1.1. Requirements Language 1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
1.2. Abbreviations 1.2. Abbreviations
The following abbreviations are used in this document: The following abbreviations are used in this document:
SID: Segment ID. SID: Segment Identifier
SL: Segments Left. SL: Segments Left
SR: Segment Routing. SR: Segment Routing
SRH: Segment Routing Header [RFC8754]. SRH: Segment Routing Header [RFC8754]
SRv6: Segment Routing with IPv6 Data plane. SRv6: Segment Routing over IPv6 [RFC8402]
PSP: Penultimate Segment Pop of the SRH [RFC8986]. PSP: Penultimate Segment Pop [RFC8986]
USP: Ultimate Segment Pop of the SRH [RFC8986]. USP: Ultimate Segment Pop [RFC8986]
ICMPv6: ICMPv6 Specification [RFC4443]. ICMPv6: Internet Control Message Protocol for the Internet Protocol
version 6 [RFC4443]
IS-IS: Intermediate System to Intermediate System IS-IS: Intermediate System to Intermediate System
OSPF: Open Shortest Path First protocol [RFC2328]
IGP: Interior Gateway Protocols (e.g., OSPF, IS-IS). OSPF: Open Shortest Path First [RFC2328]
BGP-LS: Border Gateway Protocol - Link State Extensions [RFC8571] IGP: Interior Gateway Protocol (e.g., OSPF and IS-IS)
BGP-LS: Border Gateway Protocol - Link State [RFC8571]
1.3. Terminology and Reference Topology 1.3. Terminology and Reference Topology
Throughout the document, the following terminology and simple The terminology and simple topology in this section are used for
topology is used for illustration. illustration throughout the document.
+--------------------------| N100 |---------------------------------+ +--------------------------| N100 |---------------------------------+
| | | |
| ====== link1====== link3------ link5====== link9------ ====== | | ====== link1====== link3------ link5====== link9------ ====== |
||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7|| ||N1||------||N2||------| N3 |------||N4||------| N5 |---||N7||
|| ||------|| ||------| |------|| ||------| |---|| || || ||------|| ||------| |------|| ||------| |---|| ||
====== link2====== link4------ link6======link10------ ====== ====== link2====== link4------ link6======link10------ ======
| | | | | | | |
---+-- | ------ | --+--- ---+-- | ------ | --+---
|CE 1| +-------| N6 |---------+ |CE 2| |CE1 | +-------| N6 |---------+ |CE2 |
------ link7 | | link8 ------ ------ link7 | | link8 ------
------ ------
Figure 1 Reference Topology Figure 1: Reference Topology
In the reference topology: In the reference topology:
Node j has a IPv6 loopback address 2001:db8:L:j::/128. * Node j has an IPv6 loopback address 2001:db8:L:j::/128.
Nodes N1, N2, N4 and N7 are SRv6-capable nodes. * Nodes N1, N2, N4, and N7 are SRv6-capable nodes.
Nodes N3, N5 and N6 are IPv6 nodes that are not SRv6-capable. * Nodes N3, N5, and N6 are IPv6 nodes that are not SRv6-capable
Such nodes are referred as non-SRv6 capable nodes. nodes. Such nodes are referred to as "non-SRv6-capable nodes".
CE1 and CE2 are Customer Edge devices of any data plane capability * CE1 and CE2 are Customer Edge devices of any data plane capability
(e.g., IPv4, IPv6, L2, etc.). (e.g., IPv4, IPv6, and L2).
A SID at node j with locator block 2001:db8:K::/48 and function U * A SID at node j with locator block 2001:db8:K::/48 and function U
is represented by 2001:db8:K:j:U::. is represented by 2001:db8:K:j:U::.
Node N100 is a controller. * Node N100 is a controller.
The IPv6 address of the nth Link between node i and j at the i * The IPv6 address of the nth link between nodes i and j at the i
side is represented as 2001:db8:i:j:in::, e.g., the IPv6 address side is represented as 2001:db8:i:j:in::. For example, in
of link6 (the 2nd link between N3 and N4) at N3 in Figure 1 is Figure 1, the IPv6 address of link6 (the second link between nodes
2001:db8:3:4:32::. Similarly, the IPv6 address of link5 (the 1st N3 and N4) at node N3 is 2001:db8:3:4:32::. Similarly, the IPv6
link between N3 and N4) at node N3 is 2001:db8:3:4:31::. address of link5 (the first link between nodes N3 and N4) at node
N3 is 2001:db8:3:4:31::.
2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID at * 2001:db8:K:j:Xin:: is explicitly allocated as the End.X SID at
node j towards neighbor node i via nth Link between node i and node j towards neighbor node i via the nth link between nodes i
node j. e.g., 2001:db8:K:2:X31:: represents End.X at N2 towards and j. For example, 2001:db8:K:2:X31:: represents End.X at node
N3 via link3 (the 1st link between N2 and N3). Similarly, N2 towards node N3 via link3 (the first link between nodes N2 and
2001:db8:K:4:X52:: represents the End.X at N4 towards N5 via N3). Similarly, 2001:db8:K:4:X52:: represents the End.X at node
link10 (the 2nd link between N4 and N5). Please refer to N4 towards node N5 via link10 (the second link between nodes N4
[RFC8986] for description of End.X SID. and N5). Please refer to [RFC8986] for a description of End.X
SID.
A SID list is represented as <S1, S2, S3> where S1 is the first * A SID list is represented as <S1, S2, S3>, where S1 is the first
SID to visit, S2 is the second SID to visit and S3 is the last SID SID to visit, S2 is the second SID to visit, and S3 is the last
to visit along the SR path. SID to visit along the SR path.
(SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with: * (SA,DA) (S3, S2, S1; SL)(payload) represents an IPv6 packet with:
* IPv6 header with source address SA, destination addresses DA - IPv6 header with source address SA, destination address DA, and
and SRH as next-header SRH as the next header
* SRH with SID list <S1, S2, S3> with SegmentsLeft = SL - SRH with SID list <S1, S2, S3> with SegmentsLeft = SL
* Note the difference between the < > and () symbols: <S1, S2, Note the difference between the < > and () symbols: <S1, S2,
S3> represents a SID list where S1 is the first SID and S3 is S3> represents a SID list where S1 is the first SID and S3 is
the last SID to traverse. (S3, S2, S1; SL) represents the same the last SID to traverse. (S3, S2, S1; SL) represents the same
SID list but encoded in the SRH format where the rightmost SID SID list but encoded in the SRH format where the rightmost SID
in the SRH is the first SID and the leftmost SID in the SRH is in the SRH is the first SID and the leftmost SID in the SRH is
the last SID. When referring to an SR policy in a high-level the last SID. When referring to an SR Policy in a high-level
use-case, it is simpler to use the <S1, S2, S3> notation. When use case, it is simpler to use the <S1, S2, S3> notation. When
referring to an illustration of the detailed packet behavior, referring to an illustration of the detailed packet behavior,
the (S3, S2, S1; SL) notation is more convenient. the (S3, S2, S1; SL) notation is more convenient.
* (payload) represents the the payload of the packet. - (payload) represents the payload of the packet.
2. OAM Mechanisms 2. OAM Mechanisms
This section defines OAM enhancement for the SRv6 networks. This section defines OAM enhancements for SRv6 networks.
2.1. O-flag in Segment Routing Header 2.1. OAM Flag in the Segment Routing Header
[RFC8754] describes the Segment Routing Header (SRH) and how SR [RFC8754] describes the Segment Routing Header (SRH) and how SR-
capable nodes use it. The SRH contains an 8-bit "Flags" field. capable nodes use it. The SRH contains an 8-bit Flags field.
This document defines the following bit in the SRH Flags field to This document defines the following bit in the SRH Flags field to
carry the O-flag: carry the O-flag:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| |O| | | |O| |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Where: Where:
O-flag: OAM flag in the SRH Flags field defined in [RFC8754]. O-flag: OAM flag in the SRH Flags field defined in [RFC8754].
2.1.1. O-flag Processing 2.1.1. OAM Flag Processing
The O-flag in SRH is used as a marking-bit in the user packets to The O-flag in the SRH is used as a marking bit in user packets to
trigger the telemetry data collection and export at the segment trigger telemetry data collection and export at the segment
endpoints. endpoints.
An SR domain ingress edge node encapsulates packets traversing the SR An SR domain ingress edge node encapsulates packets traversing the SR
domain as defined in [RFC8754]. The SR domain ingress edge node MAY domain as defined in [RFC8754]. The SR domain ingress edge node MAY
use the O-flag in SRH for marking the packet to trigger the telemetry use the O-flag in the SRH for marking the packet to trigger the
data collection and export at the segment endpoints. Based on a telemetry data collection and export at the segment endpoints. Based
local configuration, the SR domain ingress edge node may implement a on local configuration, the SR domain ingress edge node may implement
classification and sampling mechanism to mark a packet with the a classification and sampling mechanism to mark a packet with the
O-flag in SRH. Specification of the classification and sampling O-flag in the SRH. Specification of the classification and sampling
method is outside the scope of this document. method is outside the scope of this document.
This document does not specify the data elements that need to be This document does not specify the data elements that need to be
exported and the associated configurations. Similarly, this document exported and the associated configurations. Similarly, this document
does not define any formats for exporting the data elements. does not define any formats for exporting the data elements.
Nonetheless, without the loss of generality, this document assumes IP Nonetheless, without the loss of generality, this document assumes
Flow Information Export (IPFIX) protocol [RFC7011] is used for that the IP Flow Information Export (IPFIX) protocol [RFC7011] is
exporting the traffic flow information from the network devices to a used for exporting the traffic flow information from the network
controller for monitoring and analytics. Similarly, without the loss devices to a controller for monitoring and analytics. Similarly,
of generality, this document assumes requested information elements without the loss of generality, this document assumes that requested
are configured by the management plane through data set templates information elements are configured by the management plane through
(e.g., as in IPFIX [RFC7012]). data set templates (e.g., as in IPFIX [RFC7012]).
Implementation of the O-flag is OPTIONAL. If a node does not support Implementation of the O-flag is OPTIONAL. If a node does not support
the O-flag, then upon reception it simply ignores it. If a node the O-flag, then it simply ignores it upon reception. If a node
supports the O-flag, it can optionally advertise its potential via supports the O-flag, it can optionally advertise its potential via
control plane protocol(s). control plane protocol(s).
When N receives a packet destined to S and S is a local SID, the line The following is appended to line S01 of the pseudocode associated
S01 of the pseudo-code associated with the SID S, as defined in with the SID S (as defined in Section 4.3.1.1 of [RFC8754]) when N
section 4.3.1.1 of [RFC8754], is appended to as follows for the receives a packet destined to S, S is a local SID, and the O-flag is
O-flag processing. processed.
S01.1. IF O-flag is set and local configuration permits S01.1. IF the O-flag is set and local configuration permits
O-flag processing { O-flag processing {
a. Make a copy of the packet. a. Make a copy of the packet.
b. Send the copied packet, along with a timestamp b. Send the copied packet, along with a timestamp,
to the OAM process for telemetry data collection to the OAM process for telemetry data collection
and export. ;; Ref1 and export. ;; Ref1
} }
Ref1: To provide an accurate timestamp, an implementation should copy Ref1: To provide an accurate timestamp, an implementation should
and record the timestamp as soon as possible during packet processing. copy and record the timestamp as soon as possible during packet
Timestamp and any other metadata is not carried in the packet forwarded to the next hop. processing. Timestamp and any other metadata are not carried in
the packet forwarded to the next hop.
Please note that the O-flag processing happens before execution of Please note that the O-flag processing happens before execution of
regular processing of the local SID S. Specifically, the line S01.1 regular processing of the local SID S. Specifically, line S01.1 of
of the pseudo-code specified in this document is inserted between the pseudocode specified in this document is inserted between lines
line S01 and S02 of the pseudo-code defined in section 4.3.1.1 of S01 and S02 of the pseudocode defined in Section 4.3.1.1 of
[RFC8754]. [RFC8754].
Based on the requested information elements configured by the Based on the requested information elements configured by the
management plane through data set templates [RFC7012], the OAM management plane through data set templates [RFC7012], the OAM
process exports the requested information elements. The information process exports the requested information elements. The information
elements include parts of the packet header and/or parts of the elements include parts of the packet header and/or parts of the
packet payload for flow identification. The OAM process uses packet payload for flow identification. The OAM process uses
information elements defined in IPFIX [RFC7011] and PSAMP [RFC5476] information elements defined in IPFIX [RFC7011] and Packet Sampling
for exporting the requested sections of the mirrored packets. (PSAMP) [RFC5476] for exporting the requested sections of the
mirrored packets.
If the penultimate segment of a segment-list is a Penultimate Segment If the penultimate segment of a segment list is a PSP SID, telemetry
Pop (PSP) SID, telemetry data from the ultimate segment cannot be data from the ultimate segment cannot be requested. This is because,
requested. This is because, when the penultimate segment is a PSP when the penultimate segment is a PSP SID, the SRH is removed at the
SID, the SRH is removed at the penultimate segment and the O-flag is penultimate segment, and the O-flag is not processed at the ultimate
not processed at the ultimate segment. segment.
The processing node MUST rate-limit the number of packets punted to The processing node MUST rate-limit the number of packets punted to
the OAM process to a configurable rate. This is to avoid hitting any the OAM process to a configurable rate. This is to avoid impacting
performance impact on the OAM and the telemetry collection processes. the performance of the OAM and telemetry collection processes.
Failure in implementing the rate limit can lead to a denial-of- Failure to implement the rate limit can lead to a denial-of-service
service attack, as detailed in section 4. attack, as detailed in Section 3.
The OAM process MUST NOT process the copy of the packet or respond to The OAM process MUST NOT process the copy of the packet or respond to
any upper-layer header (like ICMP, UDP, etc.) payload to prevent any Upper-Layer header (like ICMP, UDP, etc.) payload to prevent
multiple evaluations of the datagram. multiple evaluations of the datagram.
The OAM process is expected to be located on the routing node The OAM process is expected to be located on the routing node
processing the packet. Although the specification of the OAM process processing the packet. Although the specification of the OAM process
or the external controller operations are beyond the scope of this or the external controller operations are beyond the scope of this
document, the OAM process SHOULD NOT be topologically distant from document, the OAM process SHOULD NOT be topologically distant from
the routing node, as this is likely to create significant security the routing node, as this is likely to create significant security
and congestion issues. How to correlate the data collected from and congestion issues. How to correlate the data collected from
different nodes at an external controller is also outside the scope different nodes at an external controller is also outside the scope
of the document. Appendix A illustrates use of the O-flag for of this document. Appendix A illustrates use of the O-flag for
implementing a hybrid OAM mechanism, where the "hybrid" implementing a hybrid OAM mechanism, where the "hybrid"
classification is based on RFC7799 [RFC7799]. classification is based on [RFC7799].
2.2. OAM Operations 2.2. OAM Operations
IPv6 OAM operations can be performed for any SRv6 SID whose behavior IPv6 OAM operations can be performed for any SRv6 SID whose behavior
allows Upper Layer Header processing for an applicable OAM payload allows Upper-Layer header processing for an applicable OAM payload
(e.g., ICMP, UDP). (e.g., ICMP, UDP).
Ping to an SRv6 SID is used to verify that the SID is reachable and Ping to an SRv6 SID is used to verify that the SID is reachable and
is locally programmed at the target node. Traceroute to a SID is is locally programmed at the target node. Traceroute to a SID is
used for hop-by-hop fault localization as well as path tracing to a used for hop-by-hop fault localization as well as path tracing to a
SID. Appendix A illustrates the ICMPv6 based ping and the UDP based SID. Appendix A illustrates the ICMPv6-based ping and UDP-based
traceroute mechanisms for ping and traceroute to an SRv6 SID. traceroute mechanisms for ping and traceroute to an SRv6 SID.
Although this document only illustrates ICMPv6 ping and UDP based Although this document only illustrates ICMPv6-based ping and UDP-
traceroute to an SRv6 SID, the procedures are equally applicable to based traceroute to an SRv6 SID, the procedures are equally
other IPv6 OAM probing to an SRv6 SID (e.g., Bidirectional Forwarding applicable to other OAM mechanisms that probe an SRv6 SID (e.g.,
Detection (BFD) [RFC5880], Seamless BFD (SBFD) [RFC7880], STAMP probe Bidirectional Forwarding Detection (BFD) [RFC5880], Seamless BFD
message processing [I-D.gandhi-spring-stamp-srpm], etc.). (S-BFD) [RFC7880], and Simple Two-way Active Measurement Protocol
Specifically, as long as local configuration allows the Upper-layer (STAMP) probe message processing [STAMP-SR]). Specifically, as long
Header processing of the applicable OAM payload for SRv6 SIDs, the as local configuration allows the Upper-Layer header processing of
existing IPv6 OAM techniques can be used to target a probe to a the applicable OAM payload for SRv6 SIDs, the existing IPv6 OAM
(remote) SID. techniques can be used to target a probe to a (remote) SID.
IPv6 OAM operations can be performed with the target SID in the IPv6 IPv6 OAM operations can be performed with the target SID in the IPv6
destination address without SRH or with SRH where the target SID is destination address without an SRH or with an SRH where the target
the last segment. In general, OAM operations to a target SID may not SID is the last segment. In general, OAM operations to a target SID
exercise all of its processing depending on its behavior definition. may not exercise all of its processing depending on its behavior
For example, ping to an End.X SID [RFC8986] only validates the SID is definition. For example, ping to an End.X SID [RFC8986] only
locally programmed at the target node and does not validate switching validates the SID is locally programmed at the target node and does
to the correct outgoing interface. To exercise the behavior of a not validate switching to the correct outgoing interface. To
target SID, the OAM operation should construct the probe in a manner exercise the behavior of a target SID, the OAM operation should
similar to a data packet that exercises the SID behavior, i.e. to construct the probe in a manner similar to a data packet that
include that SID as a transit SID in either an SRH or IPv6 DA of an exercises the SID behavior, i.e. to include that SID as a transit SID
outer IPv6 header or as appropriate based on the definition of the in either an SRH or IPv6 DA of an outer IPv6 header or as appropriate
SID behavior. based on the definition of the SID behavior.
3. Implementation Status
This section is to be removed prior to publishing as an RFC.
See [I-D.matsushima-spring-srv6-deployment-status] for updated
deployment and interoperability reports.
4. Security Considerations 3. Security Considerations
[RFC8754] defines the notion of an SR domain and use of SRH within [RFC8754] defines the notion of an SR domain and use of the SRH
the SR domain. The use of OAM procedures described in this document within the SR domain. The use of OAM procedures described in this
is restricted to an SR domain. For example, similar to the SID document is restricted to an SR domain. For example, similar to SID
manipulation, O-flag manipulation is not considered as a threat manipulation, O-flag manipulation is not considered a threat within
within the SR domain. Procedures for securing an SR domain are the SR domain. Procedures for securing an SR domain are defined in
defined the section 5.1 and section 7 of [RFC8754]. Sections 5.1 and 7 of [RFC8754].
As noted in section 7.1 of [RFC8754], compromised nodes within the SR As noted in Section 7.1 of [RFC8754], compromised nodes within the SR
domain may mount attacks. The O-flag may be set by an attacking node domain may mount attacks. The O-flag may be set by an attacking node
attempting a denial-of-service attack on the OAM process at the attempting a denial-of-service attack on the OAM process at the
segment endpoint node. An implementation correctly implementing the segment endpoint node. An implementation correctly implementing the
rate limiting in section 2.1.1 is not susceptible to that denial-of- rate limiting described in Section 2.1.1 is not susceptible to that
service attack. Additionally, SRH Flags are protected by the HMAC denial-of-service attack. Additionally, SRH flags are protected by
TLV, as described in section 2.1.2.1 of [RFC8754]. Once an HMAC is the Hashed Message Authentication Code (HMAC) TLV, as described in
generated for a segment list with the O-flag set, it can be used for Section 2.1.2.1 of [RFC8754]. Once an HMAC is generated for a
an arbitrary amount of traffic using that segment list with O-flag segment list with the O-flag set, it can be used for an arbitrary
set. amount of traffic using that segment list with the O-flag set.
The security properties of the channel used to send exported packets The security properties of the channel used to send exported packets
marked by the O-flag will depend on the specific OAM processes used. marked by the O-flag will depend on the specific OAM processes used.
An on-path attacker able to observe this OAM channel could conduct An on-path attacker able to observe this OAM channel could conduct
traffic analysis, or potentially eavesdropping (depending on the OAM traffic analysis, or potentially eavesdropping (depending on the OAM
configuration), of this telemetry for the entire SR domain from such configuration), of this telemetry for the entire SR domain from such
a vantage point. a vantage point.
This document does not impose any additional security challenges to This document does not impose any additional security challenges to
be considered beyond security threats described in [RFC4884], be considered beyond the security threats described in [RFC4884],
[RFC4443], [RFC0792], [RFC8754] and [RFC8986]. [RFC4443], [RFC0792], [RFC8754], and [RFC8986].
5. Privacy Considerations 4. Privacy Considerations
The per-packet marking capabilities of the O-flag provides a granular The per-packet marking capabilities of the O-flag provide a granular
mechanism to collect telemetry. When this collection is deployed by mechanism to collect telemetry. When this collection is deployed by
an operator with knowledge and consent of the users, it will enable a an operator with the knowledge and consent of the users, it will
variety of diagnostics and monitoring to support the OAM and security enable a variety of diagnostics and monitoring to support the OAM and
operations use cases needed for resilient network operations. security operations use cases needed for resilient network
However, this collection mechanism will also provide an explicit operations. However, this collection mechanism will also provide an
protocol mechanism to operators for surveillance and pervasive explicit protocol mechanism to operators for surveillance and
monitoring use cases done contrary to the user's consent. pervasive monitoring use cases done contrary to the user's consent.
6. IANA Considerations 5. IANA Considerations
This document requests that IANA allocate the following registration IANA has registered the following in the "Segment Routing Header
in the "Segment Routing Header Flags" sub-registry for the "Internet Flags" subregistry in the "Internet Protocol Version 6 (IPv6)
Protocol Version 6 (IPv6) Parameters" registry maintained by IANA: Parameters" registry:
+-------+------------------------------+---------------+ +=====+=============+===========+
| Bit | Description | Reference | | Bit | Description | Reference |
+=======+==============================+===============+ +=====+=============+===========+
| 2 | O-flag | This document | | 2 | O-flag | RFC 9259 |
+-------+------------------------------+---------------+ +-----+-------------+-----------+
7. References Table 1
7.1. Normative References 6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
skipping to change at page 10, line 35 skipping to change at line 448
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020, (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>. <https://www.rfc-editor.org/info/rfc8754>.
[RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
(SRv6) Network Programming", RFC 8986, (SRv6) Network Programming", RFC 8986,
DOI 10.17487/RFC8986, February 2021, DOI 10.17487/RFC8986, February 2021,
<https://www.rfc-editor.org/info/rfc8986>. <https://www.rfc-editor.org/info/rfc8986>.
7.2. Informative References 6.2. Informative References
[I-D.gandhi-spring-stamp-srpm]
Gandhi, R., Filsfils, C., Voyer, D., Chen, M., Janssens,
B., and R. Foote, "Performance Measurement Using Simple
TWAMP (STAMP) for Segment Routing Networks", draft-gandhi-
spring-stamp-srpm-07 (work in progress), July 2021.
[I-D.ietf-ippm-ioam-data]
Brockners, F., Bhandari, S., and T. Mizrahi, "Data Fields
for In-situ OAM", draft-ietf-ippm-ioam-data-11 (work in
progress), November 2020.
[I-D.matsushima-spring-srv6-deployment-status]
Matsushima, S., Filsfils, C., Ali, Z., Li, Z., and K.
Rajaraman, "SRv6 Implementation and Deployment Status",
draft-matsushima-spring-srv6-deployment-status-11 (work in
progress), February 2021.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>. <https://www.rfc-editor.org/info/rfc792>.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328,
DOI 10.17487/RFC2328, April 1998, DOI 10.17487/RFC2328, April 1998,
<https://www.rfc-editor.org/info/rfc2328>. <https://www.rfc-editor.org/info/rfc2328>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
skipping to change at page 12, line 35 skipping to change at line 519
Kumar, "A Scalable and Topology-Aware MPLS Data-Plane Kumar, "A Scalable and Topology-Aware MPLS Data-Plane
Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July Monitoring System", RFC 8403, DOI 10.17487/RFC8403, July
2018, <https://www.rfc-editor.org/info/rfc8403>. 2018, <https://www.rfc-editor.org/info/rfc8403>.
[RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and [RFC8571] Ginsberg, L., Ed., Previdi, S., Wu, Q., Tantsura, J., and
C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of C. Filsfils, "BGP - Link State (BGP-LS) Advertisement of
IGP Traffic Engineering Performance Metric Extensions", IGP Traffic Engineering Performance Metric Extensions",
RFC 8571, DOI 10.17487/RFC8571, March 2019, RFC 8571, DOI 10.17487/RFC8571, March 2019,
<https://www.rfc-editor.org/info/rfc8571>. <https://www.rfc-editor.org/info/rfc8571>.
[RFC9197] Brockners, F., Ed., Bhandari, S., Ed., and T. Mizrahi,
Ed., "Data Fields for In Situ Operations, Administration,
and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197,
May 2022, <https://www.rfc-editor.org/info/rfc9197>.
[STAMP-SR] Gandhi, R., Ed., Filsfils, C., Voyer, D., Chen, M.,
Janssens, B., and R. Foote, "Performance Measurement Using
Simple TWAMP (STAMP) for Segment Routing Networks", Work
in Progress, Internet-Draft, draft-ietf-spring-stamp-srpm-
03, 1 February 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-
stamp-srpm-03>.
Appendix A. Illustrations Appendix A. Illustrations
This appendix shows how some of the existing IPv6 OAM mechanisms can This appendix shows how some of the existing IPv6 OAM mechanisms can
be used in an SRv6 network. It also illustrates an OAM mechanism for be used in an SRv6 network. It also illustrates an OAM mechanism for
performing controllable and predictable flow sampling from segment performing controllable and predictable flow sampling from segment
endpoints. How centralized OAM technique in [RFC8403] can be endpoints. How the centralized OAM technique in [RFC8403] can be
extended for SRv6 is also described in this appendix. extended for SRv6 is also described in this appendix.
A.1. Ping in SRv6 Networks A.1. Ping in SRv6 Networks
The existing mechanism to perform the reachability checks, along the The existing mechanism to perform the reachability checks, along the
shortest path, continues to work without any modification. Any IPv6 shortest path, continues to work without any modification. Any IPv6
node (SRv6 capable or a non-SRv6 capable) can initiate, transit, and node (SRv6-capable or non-SRv6-capable) can initiate, transit, and
egress a ping packet. egress a ping packet.
The following subsections outline some additional use cases of the The following subsections outline some additional use cases of ICMPv6
ICMPv6 ping in the SRv6 networks. ping in SRv6 networks.
A.1.1. Pinging an IPv6 Address via a Segment-list A.1.1. Pinging an IPv6 Address via a Segment List
If an SRv6-capable ingress node wants to ping an IPv6 address via an If an SRv6-capable ingress node wants to ping an IPv6 address via an
arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6 arbitrary segment list <S1, S2, S3>, it needs to initiate an ICMPv6
ping with an SR header containing the SID list <S1, S2, S3>. This is ping with an SR header containing the SID list <S1, S2, S3>. This is
illustrated using the topology in Figure 1. User issues a ping from illustrated using the topology in Figure 1. The user issues a ping
node N1 to a loopback of node N5, via segment list from node N1 to a loopback of node N5 via segment list
<2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID behavior used in
the example is End.X SID, as described in [RFC8986], but the the example is End.X, as described in [RFC8986], but the procedure is
procedure is equally applicable to any other (transit) SID type. equally applicable to any other (transit) SID type.
Figure 2 contains sample output for a ping request initiated at node Figure 2 contains sample output for a ping request initiated at node
N1 to a loopback address of node N5 via a segment list N1 to a loopback address of node N5 via segment list
<2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>.
> ping 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, > ping 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::,
2001:db8:K:4:X52:: 2001:db8:K:4:X52::
Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds: Sending 5, 100-byte ICMPv6 Echos to B5::, timeout is 2 seconds:
!!!!! !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625 Success rate is 100 percent (5/5), round-trip min/avg/max = 0.625
/0.749/0.931 ms /0.749/0.931 ms
Figure 2 A sample ping output at an SRv6-capable node Figure 2: Sample Ping Output at an SRv6-Capable Node
All transit nodes process the echo request message like any other All transit nodes process the echo request message like any other
data packet carrying SR header and hence do not require any change. data packet carrying an SR header and hence do not require any
Similarly, the egress node does not require any change to process the change. Similarly, the egress node does not require any change to
ICMPv6 echo request. For example, in the ping example of Figure 2: process the ICMPv6 echo request. For example, in the example in
Figure 2:
o Node N1 initiates an ICMPv6 ping packet with SRH as follows * Node N1 initiates an ICMPv6 ping packet with the SRH as follows:
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:5::, (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:L:5::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, NH = ICMPv6)(ICMPv6 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2, NH = ICMPv6)(ICMPv6
Echo Request). Echo Request).
o Node N2, which is an SRv6-capable node, performs the standard SRH * Node N2, which is an SRv6-capable node, performs the standard SRH
processing. Specifically, it executes the End.X behavior processing. Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on indicated by the 2001:db8:K:2:X31:: SID and forwards the packet on
link3 to N3. link3 to node N3.
o Node N3, which is a non-SRv6 capable node, performs the standard * Node N3, which is a non-SRv6-capable node, performs the standard
IPv6 processing. Specifically, it forwards the echo request based IPv6 processing. Specifically, it forwards the echo request based
on the DA 2001:db8:K:4:X52:: in the IPv6 header. on DA 2001:db8:K:4:X52:: in the IPv6 header.
o Node N4, which is an SRv6-capable node, performs the standard SRH * Node N4, which is an SRv6-capable node, performs the standard SRH
processing. Specifically, it observes the End.X behavior processing. Specifically, it observes the End.X behavior
(2001:db8:K:4:X52::) and forwards the packet on link10 towards N5. (2001:db8:K:4:X52::) and forwards the packet on link10 towards
If 2001:db8:K:4:X52:: is a PSP SID, the penultimate node (Node N4) node N5. If 2001:db8:K:4:X52:: is a PSP SID, the penultimate node
does not, should not and cannot differentiate between the data (node N4) does not, should not, and cannot differentiate between
packets and OAM probes. Specifically, if 2001:db8:K:4:X52:: is a the data packets and OAM probes. Specifically, if
PSP SID, node N4 executes the SID like any other data packet with 2001:db8:K:4:X52:: is a PSP SID, node N4 executes the SID like any
DA = 2001:db8:K:4:X52:: and removes the SRH. other data packet with DA = 2001:db8:K:4:X52:: and removes the
SRH.
o The echo request packet at N5 arrives as an IPv6 packet with or * The echo request packet at node N5 arrives as an IPv6 packet with
without an SRH. If N5 receives the packet with SRH, it skips SRH or without an SRH. If node N5 receives the packet with an SRH, it
processing (SL=0). In either case, Node N5 performs the standard skips SRH processing (SL=0). In either case, node N5 performs the
ICMPv6 processing on the echo request and responds with the echo standard ICMPv6 processing on the echo request and responds with
reply message to N1. The echo reply message is IP routed. the echo reply message to node N1. The echo reply message is IP
routed.
A.1.2. Pinging a SID A.1.2. Pinging a SID
The ping mechanism described above applies equally to perform SID The ping mechanism described above can also be used to perform SID
reachability check and to validate the SID is locally programmed at reachability checks and to validate that the SID is locally
the target node. This is explained using an example in the programmed at the target node. This is explained in the following
following. The example uses ping to an END SID, as described in example. The example uses ping to an End SID, as described in
[RFC8986], but the procedure is equally applicable to ping any other [RFC8986], but the procedure is equally applicable to ping any other
SID behaviors. SID behaviors.
Consider the example where the user wants to ping a remote SID Consider the example where the user wants to ping a remote SID
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The ICMPv6
echo request is processed at the individual nodes along the path as echo request is processed at the individual nodes along the path as
follows: follows:
o Node N1 initiates an ICMPv6 ping packet with SRH as follows * Node N1 initiates an ICMPv6 ping packet with the SRH as follows:
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::,
2001:db8:K:2:X31::; SL=1; NH=ICMPv6)(ICMPv6 Echo Request). 2001:db8:K:2:X31::; SL=1; NH=ICMPv6)(ICMPv6 Echo Request).
o Node N2, which is an SRv6-capable node, performs the standard SRH * Node N2, which is an SRv6-capable node, performs the standard SRH
processing. Specifically, it executes the End.X behavior processing. Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID on the echo request indicated by the 2001:db8:K:2:X31:: SID on the echo request
packet. If 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the packet. If 2001:db8:K:2:X31:: is a PSP SID, node N4 executes the
SID like any other data packet with DA = 2001:db8:K:2:X31:: and SID like any other data packet with DA = 2001:db8:K:2:X31:: and
removes the SRH. removes the SRH.
o Node N3, which is a non-SRv6 capable node, performs the standard * Node N3, which is a non-SRv6-capable node, performs the standard
IPv6 processing. Specifically, it forwards the echo request based IPv6 processing. Specifically, it forwards the echo request based
on DA = 2001:db8:K:4:: in the IPv6 header. on DA = 2001:db8:K:4:: in the IPv6 header.
o When node N4 receives the packet, it processes the target SID * When node N4 receives the packet, it processes the target SID
(2001:db8:K:4::). (2001:db8:K:4::).
o If the target SID (2001:db8:K:4::) is not locally instantiated and * If the target SID (2001:db8:K:4::) is not locally instantiated and
does not represent a local interface, the packet is discarded does not represent a local interface, the packet is discarded
o If the target SID (2001:db8:K:4::) is locally instantiated or * If the target SID (2001:db8:K:4::) is locally instantiated or
represents a local interface, the node processes the upper layer represents a local interface, the node processes the Upper-Layer
header. As part of the upper layer header processing node N4 header. As part of the Upper-Layer header processing, node N4
respond to the ICMPv6 echo request message and responds with the responds to the ICMPv6 echo request message with an echo reply
echo reply message. The echo reply message is IP routed. message. The echo reply message is IP routed.
A.2. Traceroute A.2. Traceroute in SRv6 Networks
The existing traceroute mechanisms, along the shortest path, The existing traceroute mechanisms, along the shortest path, continue
continues to work without any modification. Any IPv6 node (SRv6 to work without any modification. Any IPv6 node (SRv6-capable or a
capable or a non-SRv6 capable) can initiate, transit, and egress a non-SRv6-capable) can initiate, transit, and egress a traceroute
traceroute probe. probe.
The following subsections outline some additional use cases of the The following subsections outline some additional use cases of
traceroute in the SRv6 networks. traceroute in SRv6 networks.
A.2.1. Traceroute to an IPv6 Address via a Segment-list A.2.1. Traceroute to an IPv6 Address via a Segment List
If an SRv6-capable ingress node wants to traceroute to IPv6 address If an SRv6-capable ingress node wants to traceroute to an IPv6
via an arbitrary segment list <S1, S2, S3>, it needs to initiate a address via an arbitrary segment list <S1, S2, S3>, it needs to
traceroute probe with an SR header containing the SID list <S1, S2, initiate a traceroute probe with an SR header containing the SID list
S3>. User issues a traceroute from node N1 to a loopback of node N5, <S1, S2, S3>. The user issues a traceroute from node N1 to a
via segment list <2001:db8:K:2:X31::, 2001:db8:K:4:X52::>. The SID loopback of node N5 via segment list <2001:db8:K:2:X31::,
behavior used in the example is End.X SID, as described in [RFC8986], 2001:db8:K:4:X52::>. The SID behavior used in the example is End.X,
but the procedure is equally applicable to any other (transit) SID as described in [RFC8986], but the procedure is equally applicable to
type. Figure 3 contains sample output for the traceroute request. any other (transit) SID type. Figure 3 contains sample output for
the traceroute request.
> traceroute 2001:db8:L:5:: via segment-list 2001:db8:K:2:X31::, > traceroute 2001:db8:L:5:: via segment list 2001:db8:K:2:X31::,
2001:db8:K:4:X52:: 2001:db8:K:4:X52::
Tracing the route to 2001:db8:L:5:: Tracing the route to 2001:db8:L:5::
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec
DA: 2001:db8:K:2:X31::, DA: 2001:db8:K:2:X31::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2) SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=2)
2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec 2 2001:db8:3:2:31:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec 3 2001:db8:4:3::41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1) SRH:(2001:db8:L:5::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::, SL=1)
4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec 4 2001:db8:5:4::52:: 0.879 msec 0.916 msec 1.024 msec
DA: 2001:db8:L:5:: DA: 2001:db8:L:5::
Figure 3 A sample traceroute output at an SRv6-capable node Figure 3: Sample Traceroute Output at an SRv6-Capable Node
In the sample traceroute output, the information displayed at each In the sample traceroute output, the information displayed at each
hop is obtained using the contents of the "Time Exceeded" or hop is obtained using the contents of the "Time Exceeded" or
"Destination Unreachable" ICMPv6 responses. These ICMPv6 responses "Destination Unreachable" ICMPv6 responses. These ICMPv6 responses
are IP routed. are IP routed.
In the sample traceroute output, the information for link3 is In the sample traceroute output, the information for link3 is
returned by N3, which is a non-SRv6 capable node. Nonetheless, the returned by node N3, which is a non-SRv6-capable node. Nonetheless,
ingress node is able to display SR header contents as the packet the ingress node is able to display SR header contents as the packet
travels through the non-SRv6 capable node. This is because the "Time travels through the non-SRv6-capable node. This is because the "Time
Exceeded Message" ICMPv6 message can contain as much of the invoking Exceeded" ICMPv6 message can contain as much of the invoking packet
packet as possible without the ICMPv6 packet exceeding the minimum as possible without the ICMPv6 packet exceeding the minimum IPv6 MTU
IPv6 MTU [RFC4443]. The SR header is included in these ICMPv6 [RFC4443]. The SR header is included in these ICMPv6 messages
messages initiated by the non-SRv6 capable transit nodes that are not initiated by the non-SRv6-capable transit nodes that are not running
running SRv6 software. Specifically, a node generating ICMPv6 SRv6 software. Specifically, a node generating an ICMPv6 message
message containing a copy of the invoking packet does not need to containing a copy of the invoking packet does not need to understand
understand the extension header(s) in the invoking packet. the extension header(s) in the invoking packet.
The segment list information returned for the first hop is returned The segment list information returned for the first hop is returned
by N2, which is an SRv6-capable node. Just like for the second hop, by node N2, which is an SRv6-capable node. Just like for the second
the ingress node is able to display SR header contents for the first hop, the ingress node is able to display SR header contents for the
hop. first hop.
There is no difference in processing of the traceroute probe at an There is no difference in processing of the traceroute probe at an
SRv6-capable and a non-SRv6 capable node. Similarly, both SRv6-capable and a non-SRv6-capable node. Similarly, both
SRv6-capable and non-SRv6 capable nodes may use the address of the SRv6-capable and non-SRv6-capable nodes may use the address of the
interface on which probe was received as the source address in the interface on which probe was received as the source address in the
ICMPv6 response. ICMPv6 extensions defined in [RFC5837] can be used ICMPv6 response. ICMPv6 extensions defined in [RFC5837] can be used
to display information about the IP interface through which the to display information about the IP interface through which the
datagram would have been forwarded had it been forwardable, and the datagram would have been forwarded had it been forwardable, the IP
IP next hop to which the datagram would have been forwarded, the IP next hop to which the datagram would have been forwarded, the IP
interface upon which a datagram arrived, the sub-IP component of an interface upon which the datagram arrived, and the sub-IP component
IP interface upon which a datagram arrived. of an IP interface upon which the datagram arrived.
The IP address of the interface on which the traceroute probe was The IP address of the interface on which the traceroute probe was
received is useful. This information can also be used to verify if received is useful. This information can also be used to verify if
SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly SIDs 2001:db8:K:2:X31:: and 2001:db8:K:4:X52:: are executed correctly
by N2 and N4, respectively. Specifically, the information displayed by nodes N2 and N4, respectively. Specifically, the information
for the second hop contains the incoming interface address displayed for the second hop contains the incoming interface address
2001:db8:2:3:31:: at N3. This matches with the expected interface 2001:db8:2:3:31:: at node N3. This matches the expected interface
bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the bound to End.X behavior 2001:db8:K:2:X31:: (link3). Similarly, the
information displayed for the fourth hop contains the incoming information displayed for the fourth hop contains the incoming
interface address 2001:db8:4:5::52:: at N5. This matches with the interface address 2001:db8:4:5::52:: at node N5. This matches the
expected interface bound to the End.X behavior 2001:db8:K:4:X52:: expected interface bound to the End.X behavior 2001:db8:K:4:X52::
(link10). (link10).
A.2.2. Traceroute to a SID A.2.2. Traceroute to a SID
The mechanism to traceroute an IPv6 Address via a Segment-list The mechanism to traceroute an IPv6 address via a segment list
described in the previous section applies equally to traceroute a described in the previous section can also be used to traceroute a
remote SID behavior, as explained using an example in the following. remote SID behavior, as explained in the following example. The
The example uses traceroute to an END SID, as described in [RFC8986], example uses traceroute to an End SID, as described in [RFC8986], but
but the procedure is equally applicable to tracerouting any other SID the procedure is equally applicable to tracerouting any other SID
behaviors. behaviors.
Please note that traceroute to a SID is exemplified using UDP probes. Please note that traceroute to a SID is exemplified using UDP probes.
However, the procedure is equally applicable to other implementations However, the procedure is equally applicable to other implementations
of traceroute mechanism. The UDP encoded message to traceroute a SID of traceroute mechanism. The UDP encoded message to traceroute a SID
would use the UDP ports assigned by IANA for "traceroute use". would use the UDP ports assigned by IANA for "traceroute use".
Consider the example where the user wants to traceroute a remote SID Consider the example where the user wants to traceroute a remote SID
2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute 2001:db8:K:4::, via 2001:db8:K:2:X31::, from node N1. The traceroute
probe is processed at the individual nodes along the path as follows: probe is processed at the individual nodes along the path as follows:
o Node N1 initiates a traceroute probe packet as follows * Node N1 initiates a traceroute probe packet as follows
(2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::, (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:4::,
2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). The first 2001:db8:K:2:X31::; SL=1; NH=UDP)(Traceroute probe). The first
traceroute probe is sent with hop-count value set to 1. The hop- traceroute probe is sent with the hop-count value set to 1. The
count value is incremented by 1 for each following traceroute hop-count value is incremented by 1 for each subsequent traceroute
probes. probe.
o When node N2 receives the packet with hop-count = 1, it processes * When node N2 receives the packet with hop-count = 1, it processes
the hop-count expiry. Specifically, the node N2 responds with the the hop-count expiry. Specifically, node N2 responds with the
ICMPv6 message (Type: "Time Exceeded", Code: "Hop limit exceeded ICMPv6 message with type "Time Exceeded" and code "hop limit
in transit"). The ICMPv6 response is IP routed. exceeded in transit". The ICMPv6 response is IP routed.
o When Node N2 receives the packet with hop-count > 1, it performs * When node N2 receives the packet with hop-count > 1, it performs
the standard SRH processing. Specifically, it executes the End.X the standard SRH processing. Specifically, it executes the End.X
behavior indicated by the 2001:db8:K:2:X31:: SID on the traceroute behavior indicated by the 2001:db8:K:2:X31:: SID on the traceroute
probe. If 2001:db8:K:2:X31:: is a PSP SID, node N2 executes the probe. If 2001:db8:K:2:X31:: is a PSP SID, node N2 executes the
SID like any other data packet with DA = 2001:db8:K:2:X31:: and SID like any other data packet with DA = 2001:db8:K:2:X31:: and
removes the SRH. removes the SRH.
o When node N3, which is a non-SRv6 capable node, receives the * When node N3, which is a non-SRv6-capable node, receives the
packet with hop-count = 1, it processes the hop-count expiry. packet with hop-count = 1, it processes the hop-count expiry.
Specifically, the node N3 responds with the ICMPv6 message (Type: Specifically, node N3 responds with the ICMPv6 message with type
"Time Exceeded", Code: "Hop limit exceeded in Transit"). The "Time Exceeded" and code "Hop limit exceeded in transit". The
ICMPv6 response is IP routed. ICMPv6 response is IP routed.
o When node N3, which is a non-SRv6 capable node, receives the * When node N3, which is a non-SRv6-capable node, receives the
packet with hop-count > 1, it performs the standard IPv6 packet with hop-count > 1, it performs the standard IPv6
processing. Specifically, it forwards the traceroute probe based processing. Specifically, it forwards the traceroute probe based
on DA 2001:db8:K:4:: in the IPv6 header. on DA 2001:db8:K:4:: in the IPv6 header.
o When node N4 receives the packet with DA set to the local SID * When node N4 receives the packet with DA set to the local SID
2001:db8:K:4::, it processes the END SID. 2001:db8:K:4::, it processes the End SID.
o If the target SID (2001:db8:K:4::) is not locally instantiated and * If the target SID (2001:db8:K:4::) is not locally instantiated and
does not represent a local interface, the packet is discarded. does not represent a local interface, the packet is discarded.
o If the target SID (2001:db8:K:4::) is locally instantiated or * If the target SID (2001:db8:K:4::) is locally instantiated or
represents a local interface, the node processes the upper layer represents a local interface, the node processes the Upper-Layer
header. As part of the upper layer header processing node N4 header. As part of the Upper-Layer header processing, node N4
responds with the ICMPv6 message (Type: Destination unreachable, responds with the ICMPv6 message with type "Destination
Code: Port Unreachable). The ICMPv6 response is IP routed. Unreachable" and code "Port Unreachable". The ICMPv6 response is
IP routed.
Figure 4 displays a sample traceroute output for this example. Figure 4 displays a sample traceroute output for this example.
> traceroute 2001:db8:K:4:X52:: via segment-list 2001:db8:K:2:X31:: > traceroute 2001:db8:K:4:X52:: via segment list 2001:db8:K:2:X31::
Tracing the route to SID 2001:db8:K:4:X52:: Tracing the route to SID 2001:db8:K:4:X52::
1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec 1 2001:db8:2:1:21:: 0.512 msec 0.425 msec 0.374 msec
DA: 2001:db8:K:2:X31::, DA: 2001:db8:K:2:X31::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1)
2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec 2 2001:db8:3:2:21:: 0.721 msec 0.810 msec 0.795 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec 3 2001:db8:4:3:41:: 0.921 msec 0.816 msec 0.759 msec
DA: 2001:db8:K:4:X52::, DA: 2001:db8:K:4:X52::,
SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0) SRH:(2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0)
Figure 4 A sample output for hop-by-hop traceroute to a SID Figure 4: Sample Output for Hop-by-Hop Traceroute to a SID
A.3. A Hybrid OAM Using O-flag A.3. Hybrid OAM Using the OAM Flag
This section illustrates a hybrid OAM mechanism using the the O-flag. This section illustrates a hybrid OAM mechanism using the O-flag.
Without loss of the generality, the illustration assumes N100 is a Without loss of the generality, the illustration assumes node N100 is
centralized controller. a centralized controller.
The illustration is different than the In-situ OAM defined in [I.D- This illustration is different from the "in situ OAM" defined in
draft-ietf-ippm-ioam-data]. This is because In-situ OAM records [RFC9197]. This is because in situ OAM records operational and
operational and telemetry information in the packet as the packet telemetry information in the packet as the packet traverses a path
traverses a path between two points in the network [I.D-draft-ietf- between two points in the network [RFC9197]. The illustration in
ippm-ioam-data]. The illustration in this subsection does not this subsection does not require the recording of OAM data in the
require the recording of OAM data in the packet. packet.
The illustration does not assume any formats for exporting the data The illustration does not assume any formats for exporting the data
elements or the data elements that need to be exported. The elements or the data elements that need to be exported. The
illustration assumes system clocks among all nodes in the SR domain illustration assumes system clocks among all nodes in the SR domain
are synchronized. are synchronized.
Consider the example where the user wants to monitor sampled IPv4 VPN Consider the example where the user wants to monitor sampled IPv4 VPN
999 traffic going from CE1 to CE2 via a low latency SR policy P 999 traffic going from CE1 to CE2 via a low-latency SR Policy P
installed at Node N1. To exercise a low latency path, the SR Policy installed at node N1. To exercise a low-latency path, the SR Policy
P forces the packet via segments 2001:db8:K:2:X31:: and P forces the packet via segments 2001:db8:K:2:X31:: and
2001:db8:K:4:X52::. The VPN SID at N7 associated with VPN 999 is 2001:db8:K:4:X52::. The VPN SID at node N7 associated with VPN 999
2001:db8:K:7:DT999::. 2001:db8:K:7:DT999:: is a USP SID. N1, N4, is 2001:db8:K:7:DT999::. 2001:db8:K:7:DT999:: is a USP SID. Nodes
and N7 are capable of processing O-flag but N2 is not capable of N1, N4, and N7 are capable of processing the O-flag, but node N2 is
processing O-flag. N100 is the centralized controller capable of not capable of processing the O-flag. Node N100 is the centralized
processing and correlating the copy of the packets sent from nodes controller capable of processing and correlating the copy of the
N1, N4, and N7. N100 is aware of O-flag processing capabilities. packets sent from nodes N1, N4, and N7. Node N100 is aware of O-flag
Controller N100 with the help from nodes N1, N4, N7 and implements a processing capabilities. Node N100, with help from nodes N1, N4, and
hybrid OAM mechanism using the O-flag as follows: N7, implements a hybrid OAM mechanism using the O-flag as follows:
o A packet P1:(IPv4 header)(payload) is sent from CE1 to Node N1. * A packet P1 is sent from CE1 to node N1. The packet is:
o Node N1 steers the packet P1 through the Policy P. Based on a P1: (IPv4 header)(payload)
local configuration, Node N1 also implements logic to sample
traffic steered through policy P for hybrid OAM purposes. * Node N1 steers packet P1 through the SR Policy P. Based on local
configuration, node N1 also implements logic to sample traffic
steered through SR Policy P for hybrid OAM purposes.
Specification for the sampling logic is beyond the scope of this Specification for the sampling logic is beyond the scope of this
document. Consider the case where packet P1 is classified as a document. Consider the case where packet P1 is classified as a
packet to be monitored via the hybrid OAM. Node N1 sets O-flag packet to be monitored via the hybrid OAM. Node N1 sets the
during the encapsulation required by policy P. As part of setting O-flag during the encapsulation required by SR Policy P. As part
the O-flag, node N1 also sends a timestamped copy of the packet of setting the O-flag, node N1 also sends a timestamped copy of
packet P1 to a local OAM process. The packet is:
P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::, P1: (2001:db8:L:1::, 2001:db8:K:2:X31::) (2001:db8:K:7:DT999::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1; 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=2; O-flag=1;
NH=IPv4)(IPv4 header)(payload) to a local OAM process. The local NH=IPv4)(IPv4 header)(payload)
OAM process sends a full or partial copy of the packet P1 to the
controller N100. The OAM process includes the recorded timestamp,
additional OAM information like incoming and outgoing interface,
etc. along with any applicable metadata. Node N1 forwards the
original packet towards the next segment 2001:db8:K:2:X31::.
o When node N2 receives the packet with O-flag set, it ignores the The local OAM process sends a full or partial copy of packet P1 to
O-flag. This is because node N2 is not capable of processing the node N100. The OAM process includes the recorded timestamp,
O-flag. Node N2 performs the standard SRv6 SID and SRH additional OAM information (like incoming and outgoing interface),
and any applicable metadata. Node N1 forwards the original packet
towards the next segment 2001:db8:K:2:X31::.
* When node N2 receives the packet with the O-flag set, it ignores
the O-flag. This is because node N2 is not capable of processing
the O-flag. Node N2 performs the standard SRv6 SID and SRH
processing. Specifically, it executes the End.X behavior processing. Specifically, it executes the End.X behavior
indicated by the 2001:db8:K:2:X31:: SID as described in [RFC8986] [RFC8986] indicated by the 2001:db8:K:2:X31:: SID and forwards
and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52::) packet P1 over link3 towards node N3. The packet is:
(2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::;
SL=1; O-flag=1; NH=IPv4)(IPv4 header)(payload) over link 3 towards
Node N3.
o When node N3, which is a non-SRv6 capable node, receives the P1: (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::,
packet P1 , it performs the standard IPv6 processing. 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1;
NH=IPv4)(IPv4 header)(payload)
Specifically, it forwards the packet P1 based on DA * When node N3, which is a non-SRv6-capable node, receives packet
2001:db8:K:4:X52:: in the IPv6 header. P1, it performs the standard IPv6 processing. Specifically, it
forwards packet P1 based on DA 2001:db8:K:4:X52:: in the IPv6
header.
o When node N4 receives the packet P1 (2001:db8:L:1::, * When node N4 receives packet P1, it processes the O-flag. The
2001:db8:K:4:X52::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, packet is:
2001:db8:K:2:X31::; SL=1; O-flag=1; NH=IPv4)(IPv4
header)(payload), it processes the O-flag. As part of processing P1: (2001:db8:L:1::, 2001:db8:K:4:X52::) (2001:db8:K:7:DT999::,
the O-flag, it sends a timestamped copy of the packet to a local 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=1; O-flag=1;
OAM process. Based on a local configuration, the local OAM NH=IPv4)(IPv4 header)(payload)
process sends a full or partial copy of the packet P1 to the
controller N100. The OAM process includes the recorded timestamp, As part of processing the O-flag, it sends a timestamped copy of
additional OAM information like incoming and outgoing interface, the packet to a local OAM process. Based on local configuration,
etc. along with any applicable metadata. Node N4 performs the the local OAM process sends a full or partial copy of packet P1 to
standard SRv6 SID and SRH processing on the original packet P1. node N100. The OAM process includes the recorded timestamp,
additional OAM information (like incoming and outgoing interface,
etc.), and any applicable metadata. Node N4 performs the standard
SRv6 SID and SRH processing on the original packet P1.
Specifically, it executes the End.X behavior indicated by the Specifically, it executes the End.X behavior indicated by the
2001:db8:K:4:X52:: SID and forwards the packet P1 (2001:db8:L:1::, 2001:db8:K:4:X52:: SID and forwards packet P1 over link10 towards
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, node N5. The packet is:
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 header)(payload)
over link 10 towards Node N5.
o When node N5, which is a non-SRv6 capable node, receives the P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::,
packet P1, it performs the standard IPv6 processing. 2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1;
Specifically, it forwards the packet based on DA NH=IPv4)(IPv4 header)(payload)
2001:db8:K:7:DT999:: in the IPv6 header.
o When node N7 receives the packet P1 (2001:db8:L:1::, * When node N5, which is a non-SRv6-capable node, receives packet
2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::, 2001:db8:K:4:X52::, P1, it performs the standard IPv6 processing. Specifically, it
2001:db8:K:2:X31::; SL=0; O-flag=1; NH=IPv4)(IPv4 forwards the packet based on DA 2001:db8:K:7:DT999:: in the IPv6
header)(payload), it processes the O-flag. As part of processing header.
the O-flag, it sends a timestamped copy of the packet to a local
OAM process. The local OAM process sends a full or partial copy
of the packet P1 to the controller N100. The OAM process includes
the recorded timestamp, additional OAM information like incoming
and outgoing interface, etc. along with any applicable metadata.
Node N7 performs the standard SRv6 SID and SRH processing on the
original packet P1. Specifically, it executes the VPN SID
indicated by the 2001:db8:K:7:DT999:: SID and based on lookup in
table 100 forwards the packet P1 (IPv4 header)(payload) towards CE
2.
o The controller N100 processes and correlates the copy of the * When node N7 receives packet P1, it processes the O-flag. The
packets sent from nodes N1, N4 and N7 to find segment-by-segment packet is:
delays and provide other hybrid OAM information related to packet
P1. For segment-by-segment delay computation, it is assumed that
clock are synchronized time across the SR domain.
o The process continues for any other sampled packets. P1: (2001:db8:L:1::, 2001:db8:K:7:DT999::) (2001:db8:K:7:DT999::,
2001:db8:K:4:X52::, 2001:db8:K:2:X31::; SL=0; O-flag=1;
NH=IPv4)(IPv4 header)(payload)
As part of processing the O-flag, it sends a timestamped copy of
the packet to a local OAM process. The local OAM process sends a
full or partial copy of packet P1 to node N100. The OAM process
includes the recorded timestamp, additional OAM information (like
incoming and outgoing interface, etc.), and any applicable
metadata. Node N7 performs the standard SRv6 SID and SRH
processing on the original packet P1. Specifically, it executes
the VPN SID indicated by the 2001:db8:K:7:DT999:: SID and, based
on lookup in table 100, forwards packet P1 towards CE2. The
packet is:
P1: (IPv4 header)(payload)
* Node N100 processes and correlates the copy of the packets sent
from nodes N1, N4, and N7 to find segment-by-segment delays and
provide other hybrid OAM information related to packet P1. For
segment-by-segment delay computation, it is assumed that clocks
are synchronized across the SR domain.
* The process continues for any other sampled packets.
A.4. Monitoring of SRv6 Paths A.4. Monitoring of SRv6 Paths
In the recent past, network operators demonstrated interest in In the recent past, network operators demonstrated interest in
performing network OAM functions in a centralized manner. [RFC8403] performing network OAM functions in a centralized manner. [RFC8403]
describes such a centralized OAM mechanism. Specifically, the describes such a centralized OAM mechanism. Specifically, [RFC8403]
document describes a procedure that can be used to perform path describes a procedure that can be used to perform path continuity
continuity check between any nodes within an SR domain from a checks between any nodes within an SR domain from a centralized
centralized monitoring system. However, the document focuses on SR monitoring system. However, while [RFC8403] focuses on SR networks
networks with MPLS data plane. This document describes how the with MPLS data plane, this document describes how the concept can be
concept can be used to perform path monitoring in an SRv6 network used to perform path monitoring in an SRv6 network from a centralized
from a centralized controller. controller.
In the reference topology in Figure 1, N100 uses an IGP protocol like In the reference topology in Figure 1, node N100 uses an IGP protocol
OSPF or IS-IS to get the topology view within the IGP domain. N100 like OSPF or IS-IS to get a view of the topology within the IGP
can also use BGP-LS to get the complete view of an inter-domain domain. Node N100 can also use BGP-LS to get the complete view of an
topology. The controller leverages the visibility of the topology to inter-domain topology. The controller leverages the visibility of
monitor the paths between the various endpoints. the topology to monitor the paths between the various endpoints.
The controller N100 advertises an END SID [RFC8986] Node N100 advertises an End SID [RFC8986] 2001:db8:K:100:1::. To
2001:db8:K:100:1::. To monitor any arbitrary SRv6 paths, the monitor any arbitrary SRv6 paths, the controller can create a
controller can create a loopback probe that originates and terminates loopback probe that originates and terminates on node N100. To
on Node N100. To distinguish between a failure in the monitored path distinguish between a failure in the monitored path and loss of
and loss of connectivity between the controller and the network, Node connectivity between the controller and the network, node N100 runs a
N100 runs a suitable mechanism to monitor its connectivity to the suitable mechanism to monitor its connectivity to the monitored
monitored network. network.
The loopback probes are exemplified using an example where controller The following example illustrates loopback probes in which node N100
N100 needs to verify a segment list <2001:db8:K:2:X31::, needs to verify a segment list <2001:db8:K:2:X31::,
2001:db8:K:4:X52::>: 2001:db8:K:4:X52::>:
o N100 generates an OAM packet (2001:db8:L:100::, * Node N100 generates an OAM packet (2001:db8:L:100::,
2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:2:X31::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::, SL=2)(OAM Payload). The controller routes the 2001:db8:K:2:X31::, SL=2)(OAM Payload). The controller routes the
probe packet towards the first segment, which is probe packet towards the first segment, which is
2001:db8:K:2:X31::. 2001:db8:K:2:X31::.
o Node N2 executes the End.X behavior indicated by the * Node N2 executes the End.X behavior indicated by the
2001:db8:K:2:X31:: SID and forwards the packet (2001:db8:L:100::, 2001:db8:K:2:X31:: SID and forwards the packet (2001:db8:L:100::,
2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:4:X52::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::, SL=1)(OAM Payload) on link3 to N3. 2001:db8:K:2:X31::, SL=1)(OAM Payload) on link3 to node N3.
o Node N3, which is a non-SRv6 capable node, performs the standard * Node N3, which is a non-SRv6-capable node, performs the standard
IPv6 processing. Specifically, it forwards the packet based on IPv6 processing. Specifically, it forwards the packet based on DA
the DA 2001:db8:K:4:X52:: in the IPv6 header. 2001:db8:K:4:X52:: in the IPv6 header.
o Node N4 executes the End.X behavior indicated by the * Node N4 executes the End.X behavior indicated by the
2001:db8:K:4:X52:: SID and forwards the packet (2001:db8:L:100::, 2001:db8:K:4:X52:: SID and forwards the packet (2001:db8:L:100::,
2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::, 2001:db8:K:100:1::)(2001:db8:K:100:1::, 2001:db8:K:4:X52::,
2001:db8:K:2:X31::, SL=0)(OAM Payload) on link10 to N5. 2001:db8:K:2:X31::, SL=0)(OAM Payload) on link10 to node N5.
o Node N5, which is a non-SRv6 capable node, performs the standard * Node N5, which is a non-SRv6-capable node, performs the standard
IPv6 processing. Specifically, it forwards the packet based on IPv6 processing. Specifically, it forwards the packet based on DA
the DA 2001:db8:K:100:1:: in the IPv6 header. 2001:db8:K:100:1:: in the IPv6 header.
o Node N100 executes the standard SRv6 END behavior. It * Node N100 executes the standard SRv6 END behavior. It
decapsulates the header and consume the probe for OAM processing. decapsulates the header and consumes the probe for OAM processing.
The information in the OAM payload is used to detect any missing The information in the OAM payload is used to detect missing
probes, round trip delay, etc. probes, round-trip delay, etc.
The OAM payload type or the information carried in the OAM probe is a The OAM payload type or the information carried in the OAM probe is a
local implementation decision at the controller and is outside the local implementation decision at the controller and is outside the
scope of this document. scope of this document.
Appendix B. Acknowledgements Acknowledgements
The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob The authors would like to thank Joel M. Halpern, Greg Mirsky, Bob
Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar and Haoyu Song Hinden, Loa Andersson, Gaurav Naik, Ketan Talaulikar, and Haoyu Song
for their review comments. for their review comments.
Appendix C. Contributors Contributors
The following people have contributed to this document: The following people contributed to this document:
Robert Raszuk Robert Raszuk
Bloomberg LP Bloomberg LP
Email: robert@raszuk.net Email: robert@raszuk.net
John Leddy John Leddy
Individual Individual
Email: john@leddy.net Email: john@leddy.net
Gaurav Dawra Gaurav Dawra
LinkedIn LinkedIn
Email: gdawra.ietf@gmail.com Email: gdawra.ietf@gmail.com
Bart Peirens Bart Peirens
Proximus Proximus
Email: bart.peirens@proximus.com Email: bart.peirens@proximus.com
Nagendra Kumar
Cisco Systems, Inc.
Email: naikumar@cisco.com
Carlos Pignataro Nagendra Kumar
Cisco Systems, Inc. Cisco Systems, Inc.
Email: cpignata@cisco.com Email: naikumar@cisco.com
Rakesh Gandhi Carlos Pignataro
Cisco Systems, Inc. Cisco Systems, Inc.
Canada Email: cpignata@cisco.com
Email: rgandhi@cisco.com
Frank Brockners Rakesh Gandhi
Cisco Systems, Inc. Cisco Systems, Inc.
Germany Email: rgandhi@cisco.com
Email: fbrockne@cisco.com
Darren Dukes Frank Brockners
Cisco Systems, Inc. Cisco Systems, Inc.
Email: ddukes@cisco.com Email: fbrockne@cisco.com
Cheng Li Darren Dukes
Huawei Cisco Systems, Inc.
Email: chengli13@huawei.com Email: ddukes@cisco.com
Faisal Iqbal Cheng Li
Individual Huawei
Email: faisal.ietf@gmail.com Email: chengli13@huawei.com
Faisal Iqbal
Individual
Email: faisal.ietf@gmail.com
Authors' Addresses Authors' Addresses
Zafar Ali Zafar Ali
Cisco Systems Cisco Systems
Email: zali@cisco.com Email: zali@cisco.com
Clarence Filsfils Clarence Filsfils
Cisco Systems Cisco Systems
Email: cfilsfil@cisco.com Email: cfilsfil@cisco.com
Satoru Matsushima Satoru Matsushima
Softbank Softbank
Email: satoru.matsushima@g.softbank.co.jp Email: satoru.matsushima@g.softbank.co.jp
Daniel Voyer Daniel Voyer
Bell Canada Bell Canada
Email: daniel.voyer@bell.ca Email: daniel.voyer@bell.ca
Mach Chen Mach(Guoyi) Chen
Huawei Huawei
Email: mach.chen@huawei.com Email: mach.chen@huawei.com
 End of changes. 183 change blocks. 
537 lines changed or deleted 544 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/