rfc9359.original   rfc9359.txt 
IPPM Working Group X. Min Internet Engineering Task Force (IETF) X. Min
Internet-Draft ZTE Corp. Request for Comments: 9359 ZTE Corp.
Intended status: Standards Track G. Mirsky Category: Standards Track G. Mirsky
Expires: 25 May 2023 Ericsson ISSN: 2070-1721 Ericsson
L. Bo L. Bo
China Telecom China Telecom
21 November 2022 April 2023
Echo Request/Reply for Enabled In-situ OAM Capabilities Echo Request/Reply for Enabled In Situ OAM (IOAM) Capabilities
draft-ietf-ippm-ioam-conf-state-10
Abstract Abstract
This document describes a generic format for use in echo request/ This document describes a generic format for use in echo request/
reply mechanisms, which can be used within an In situ Operations, reply mechanisms, which can be used within an IOAM-Domain, allowing
Administration, and Maintenance (IOAM) domain, allowing the IOAM the IOAM encapsulating node to discover the enabled IOAM capabilities
encapsulating node to discover the enabled IOAM capabilities of each of each IOAM transit and IOAM decapsulating node. The generic format
IOAM transit and IOAM decapsulating node. The generic format is is intended to be used with a variety of data planes such as IPv6,
intended to be used with a variety of data planes such as IPv6, MPLS, MPLS, Service Function Chain (SFC), and Bit Index Explicit
Service Function Chain (SFC) and Bit Index Explicit Replication Replication (BIER).
(BIER).
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 25 May 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9359.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Please review these documents carefully, as they describe your rights carefully, as they describe your rights and restrictions with respect
and restrictions with respect to this document. Code Components to this document. Code Components extracted from this document must
extracted from this document must include Revised BSD License text as include Revised BSD License text as described in Section 4.e of the
described in Section 4.e of the Trust Legal Provisions and are Trust Legal Provisions and are provided without warranty as described
provided without warranty as described in the Revised BSD License. in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Conventions
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 5 2.1. Requirements Language
2.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Abbreviations
3. IOAM Capabilities Formats . . . . . . . . . . . . . . . . . . 6 3. IOAM Capabilities Formats
3.1. IOAM Capabilities Query Container . . . . . . . . . . . . 6 3.1. IOAM Capabilities Query Container
3.2. IOAM Capabilities Response Container . . . . . . . . . . 7 3.2. IOAM Capabilities Response Container
3.2.1. IOAM Pre-allocated Tracing Capabilities Object . . . 8 3.2.1. IOAM Pre-allocated Tracing Capabilities Object
3.2.2. IOAM Incremental Tracing Capabilities Object . . . . 9 3.2.2. IOAM Incremental Tracing Capabilities Object
3.2.3. IOAM Proof-of-Transit Capabilities Object . . . . . . 10 3.2.3. IOAM Proof of Transit Capabilities Object
3.2.4. IOAM Edge-to-Edge Capabilities Object . . . . . . . . 11 3.2.4. IOAM Edge-to-Edge Capabilities Object
3.2.5. IOAM DEX Capabilities Object . . . . . . . . . . . . 12 3.2.5. IOAM DEX Capabilities Object
3.2.6. IOAM End-of-Domain Object . . . . . . . . . . . . . . 12 3.2.6. IOAM End-of-Domain Object
4. Operational Guide . . . . . . . . . . . . . . . . . . . . . . 13 4. Operational Guide
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 5. IANA Considerations
5.1. IOAM SoP Capability Registry . . . . . . . . . . . . . . 14 5.1. IOAM SoP Capability Registry
5.2. IOAM TSF Capability Registry . . . . . . . . . . . . . . 15 5.2. IOAM TSF Capability Registry
6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 6. Security Considerations
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 7. References
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 7.1. Normative References
8.1. Normative References . . . . . . . . . . . . . . . . . . 17 7.2. Informative References
8.2. Informative References . . . . . . . . . . . . . . . . . 17 Acknowledgements
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses
1. Introduction 1. Introduction
In situ Operations, Administration, and Maintenance (IOAM) ([RFC9197] In situ Operations, Administration, and Maintenance (IOAM) ([RFC9197]
[RFC9326]) defines data fields that record OAM information within the [RFC9326]) defines data fields that record OAM information within the
packet while the packet traverses a particular network domain, called packet while the packet traverses a particular network domain, called
an IOAM domain. IOAM can complement or replace other OAM mechanisms, an "IOAM-Domain". IOAM can complement or replace other OAM
such as ICMP or other types of probe packets. mechanisms, such as ICMP or other types of probe packets.
As specified in [RFC9197], within the IOAM domain, the IOAM data may As specified in [RFC9197], within the IOAM-Domain, the IOAM data may
be updated by network nodes that the packet traverses. The device be updated by network nodes that the packet traverses. The device
which adds an IOAM header to the packet is called an "IOAM that adds an IOAM header to the packet is called an "IOAM
encapsulating node". In contrast, the device which removes an IOAM encapsulating node". In contrast, the device that removes an IOAM
header is referred to as an "IOAM decapsulating node". Nodes within header is referred to as an "IOAM decapsulating node". Nodes within
the domain that are aware of IOAM data and read and/or write and/or the domain that are aware of IOAM data and that read, write, and/or
process IOAM data are called "IOAM transit nodes". IOAM process IOAM data are called "IOAM transit nodes". IOAM
encapsulating or decapsulating nodes can also serve as IOAM transit encapsulating or decapsulating nodes can also serve as IOAM transit
nodes at the same time. IOAM encapsulating or decapsulating nodes nodes at the same time. IOAM encapsulating or decapsulating nodes
are also referred to as IOAM domain edge devices, which can be hosts are also referred to as IOAM-Domain "edge devices", which can be
or network devices. [RFC9197] defines four IOAM option types, and hosts or network devices. [RFC9197] defines four IOAM option types,
[RFC9326] introduces a new IOAM option type called the Direct Export and [RFC9326] introduces a new IOAM option type called the "Direct
(DEX) Option-Type, which is different from the other four IOAM option Export (DEX) Option-Type", which is different from the other four
types defined in [RFC9197] on how to collect the operational and IOAM option types defined in [RFC9197] regarding how to collect the
telemetry information defined in [RFC9197]. operational and telemetry information defined in [RFC9197].
As specified in [RFC9197], IOAM is focused on "limited domains" as As specified in [RFC9197], IOAM is focused on "limited domains" as
defined in [RFC8799]. In a limited domain, a control entity that has defined in [RFC8799]. In a limited domain, a control entity that has
control over every IOAM device may be deployed. If that's the case, control over every IOAM device may be deployed. If that's the case,
the control entity can provision both the explicit transport path and the control entity can provision both the explicit transport path and
the IOAM header applied to data packet at every IOAM encapsulating the IOAM header applied to the data packet at every IOAM
node. encapsulating node.
In a case when a control entity that has control over every IOAM In a case when a control entity that has control over every IOAM
device is not deployed in the IOAM domain, the IOAM encapsulating device is not deployed in the IOAM-Domain, the IOAM encapsulating
node needs to discover the enabled IOAM capabilities at the IOAM node needs to discover the enabled IOAM capabilities at the IOAM
transit and decapsulating nodes. For example, what types of IOAM transit and decapsulating nodes: for example, what types of IOAM
tracing data can be added or exported by the transit nodes along the tracing data can be added or exported by the transit nodes along the
transport path of the data packet IOAM is applied to. The IOAM transport path of the data packet IOAM is applied to. The IOAM
encapsulating node can then add the correct IOAM header to the data encapsulating node can then add the correct IOAM header to the data
packet according to the discovered IOAM capabilities. Specifically, packet according to the discovered IOAM capabilities. Specifically,
the IOAM encapsulating node first identifies the types and lengths of the IOAM encapsulating node first identifies the types and lengths of
IOAM options included in the IOAM data fields according to the IOAM options included in the IOAM data fields according to the
discovered IOAM capabilities. Then the IOAM encapsulating node can discovered IOAM capabilities. Then the IOAM encapsulating node can
add the IOAM header to the data packet based on the identified types add the IOAM header to the data packet based on the identified types
and lengths of IOAM options included in the IOAM data fields. The and lengths of IOAM options included in the IOAM data fields. The
IOAM encapsulating node may use NETCONF/YANG or IGP to discover these IOAM encapsulating node may use NETCONF/YANG or IGP to discover these
IOAM capabilities. However, NETCONF/YANG or IGP has some IOAM capabilities. However, NETCONF/YANG or IGP has some
limitations: limitations:
* When NETCONF/YANG is used in this scenario, each IOAM * When NETCONF/YANG is used in this scenario, each IOAM
encapsulating node (including the host when it takes the role of encapsulating node (including the host when it takes the role of
an IOAM encapsulating node) needs to implement a NETCONF Client, an IOAM encapsulating node) needs to implement a NETCONF Client,
each IOAM transit and IOAM decapsulating node (including the host and each IOAM transit and IOAM decapsulating node (including the
when it takes the role of an IOAM decapsulating node) needs to host when it takes the role of an IOAM decapsulating node) needs
implement a NETCONF Server, the complexity can be an issue. to implement a NETCONF Server, so complexity can be an issue.
Furthermore, each IOAM encapsulating node needs to establish Furthermore, each IOAM encapsulating node needs to establish a
NETCONF Connection with each IOAM transit and IOAM decapsulating NETCONF Connection with each IOAM transit and IOAM decapsulating
node, the scalability can be an issue. node, so scalability can be an issue.
* When IGP is used in this scenario, the IGP and IOAM domains don't * When IGP is used in this scenario, the IGP and IOAM-Domains don't
always have the same coverage. For example, when the IOAM always have the same coverage. For example, when the IOAM
encapsulating node or the IOAM decapsulating node is a host, the encapsulating node or the IOAM decapsulating node is a host, the
availability can be an issue. Furthermore, it might be too availability can be an issue. Furthermore, it might be too
challenging to reflect enabled IOAM capabilities at the IOAM challenging to reflect enabled IOAM capabilities at the IOAM
transit and IOAM decapsulating node if these are controlled by a transit and IOAM decapsulating node if these are controlled by a
local policy depending on the identity of the IOAM encapsulating local policy depending on the identity of the IOAM encapsulating
node. node.
This document specifies formats and objects that can be used in the This document specifies formats and objects that can be used in the
extension of echo request/reply mechanisms used in IPv6 (including extension of echo request/reply mechanisms used in IPv6 (including
Segment Routing with IPv6 data plane (SRv6)), MPLS (including Segment Segment Routing over IPv6 (SRv6) data plane), MPLS (including Segment
Routing with MPLS data plane (SR-MPLS)), SFC and BIER environments, Routing over MPLS (SR-MPLS) data plane), Service Function Chain
which can be used within the IOAM domain, allowing the IOAM (SFC), and Bit Index Explicit Replication (BIER) environments, which
encapsulating node to discover the enabled IOAM capabilities of each can be used within the IOAM-Domain, allowing the IOAM encapsulating
IOAM transit and IOAM decapsulating node. node to discover the enabled IOAM capabilities of each IOAM transit
and IOAM decapsulating node.
The following documents contain references to the echo request/reply The following documents contain references to the echo request/reply
mechanisms used in IPv6 (including SRv6), MPLS (including SR-MPLS), mechanisms used in IPv6 (including SRv6), MPLS (including SR-MPLS),
SFC and BIER environments: SFC, and BIER environments:
* [RFC4443] ("Internet Control Message Protocol (ICMPv6) for the * "Internet Control Message Protocol (ICMPv6) for the Internet
Internet Protocol Version 6 (IPv6) Specification"), [RFC4620] Protocol Version 6 (IPv6) Specification" [RFC4443]
("IPv6 Node Information Queries"), [RFC4884] ("Extended ICMP to
Support Multi-Part Messages") and [RFC8335] ("PROBE: A Utility for
Probing Interfaces")
* [RFC8029] ("Detecting Multiprotocol Label Switched (MPLS) Data- * "IPv6 Node Information Queries" [RFC4620]
Plane Failures")
* [I-D.ietf-sfc-multi-layer-oam] ("Active OAM for Service Function * "Extended ICMP to Support Multi-Part Messages" [RFC4884]
Chaining (SFC)")
* [I-D.ietf-bier-ping] ("BIER Ping and Trace") * "PROBE: A Utility for Probing Interfaces" [RFC8335]
* "Detecting Multiprotocol Label Switched (MPLS) Data-Plane
Failures" [RFC8029]
* "Active OAM for Service Function Chaining (SFC)" [OAM-for-SFC]
* "BIER Ping and Trace" [BIER-PING]
It is expected that the specification of the instantiation of each of It is expected that the specification of the instantiation of each of
these extensions will be done in the form of an RFC jointly designed these extensions will be done in the form of an RFC jointly designed
by the working group that develops or maintains the echo request/ by the working group that develops or maintains the echo request/
reply protocol and the IETF IP Performance Measurement (IPPM) Working reply protocol and the IETF IP Performance Measurement (IPPM) Working
Group. Group.
Note that in this document the echo request/reply mechanism used in In this document, note that the echo request/reply mechanism used in
IPv6 does not mean ICMPv6 Echo Request/Reply [RFC4443], but means IPv6 does not mean ICMPv6 Echo Request/Reply [RFC4443] but does mean
IPv6 Node Information Query/Reply [RFC4620]. IPv6 Node Information Query/Reply [RFC4620].
Fate sharing is a common requirement for all kinds of active OAM Fate sharing is a common requirement for all kinds of active OAM
packets, echo request is among them, in this document that means echo packets, including echo requests. In this document, that means an
request is required to traverse a path of IOAM data packet. This echo request is required to traverse the path of an IOAM data packet.
requirement can be achieved by, e.g., applying same explicit path or This requirement can be achieved by, e.g., applying the same explicit
ECMP processing to both echo request and IOAM data packet. Specific path or ECMP processing to both echo request and IOAM data packets.
to apply same ECMP processing to both echo request and IOAM data Specifically, the same ECMP processing can be applied to both echo
packet, one possible way is to populate the same value(s) of ECMP request and IOAM data packets, by populating the same value or values
affecting field(s) in the echo request. in any ECMP affecting fields of the packets.
2. Conventions 2. Conventions
2.1. Requirements Language 2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
2.2. Abbreviations 2.2. Abbreviations
BIER: Bit Index Explicit Replication BIER: Bit Index Explicit Replication
BGP: Border Gateway Protocol BGP: Border Gateway Protocol
DEX: Direct Export DEX: Direct Export
ECMP: Equal-Cost Multipath ECMP: Equal-Cost Multipath
E2E: Edge to Edge E2E: Edge to Edge
ICMP: Internet Control Message Protocol ICMP: Internet Control Message Protocol
IGP: Interior Gateway Protocol IGP: Interior Gateway Protocol
IOAM: In situ Operations, Administration, and Maintenance IOAM: In situ Operations, Administration, and Maintenance
LSP: Label Switched Path LSP: Label Switched Path
MPLS: Multi-Protocol Label Switching MPLS: Multiprotocol Label Switching
MTU: Maximum Transmission Unit MTU: Maximum Transmission Unit
NTP: Network Time Protocol NETCONF: Network Configuration Protocol
OAM: Operations, Administration, and Maintenance NTP: Network Time Protocol
PCEP: Path Computation Element (PCE) Communication Protocol OAM: Operations, Administration, and Maintenance
POSIX: Portable Operating System Interface PCEP: Path Computation Element Communication Protocol
POT: Proof of Transit
PTP: Precision Time Protocol POSIX: Portable Operating System Interface
SR-MPLS: Segment Routing with MPLS data plane POT: Proof of Transit
SRv6: Segment Routing with IPv6 data plane PTP: Precision Time Protocol
SFC: Service Function Chain SoP: Size of POT
TTL: Time to Live, this is also the Hop Limit field in the IPv6 SR-MPLS: Segment Routing over MPLS
header
SRv6: Segment Routing over IPv6
SFC: Service Function Chain
TTL: Time to Live (this is also the Hop Limit field in the IPv6
header)
TSF: TimeStamp Format
3. IOAM Capabilities Formats 3. IOAM Capabilities Formats
3.1. IOAM Capabilities Query Container 3.1. IOAM Capabilities Query Container
For echo request, IOAM Capabilities Query uses a container which has For echo requests, the IOAM Capabilities Query uses a container that
the following format: has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Capabilities Query Container Header . . IOAM Capabilities Query Container Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. List of IOAM Namespace-IDs . . List of IOAM Namespace-IDs .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: IOAM Capabilities Query Container of Echo Request Figure 1: IOAM Capabilities Query Container of an Echo Request
When this container is present in the echo request sent by an IOAM When this container is present in the echo request sent by an IOAM
encapsulating node, that means the IOAM encapsulating node requests encapsulating node, the IOAM encapsulating node requests that the
the receiving node to reply with its enabled IOAM capabilities. If receiving node reply with its enabled IOAM capabilities. If there is
there is no IOAM capability to be reported by the receiving node, no IOAM capability to be reported by the receiving node, then this
then this container MUST be ignored by the receiving node, which container MUST be ignored by the receiving node. This means the
means the receiving node MUST send an echo reply without IOAM receiving node MUST send an echo reply without IOAM capabilities or
capabilities or no echo reply, in the light of whether the echo no echo reply, in the light of whether the echo request includes
request includes other containers than the IOAM Capabilities Query containers other than the IOAM Capabilities Query Container. A list
Container. A list of IOAM Namespace-IDs (one or more Namespace-IDs) of IOAM Namespace-IDs (one or more Namespace-IDs) MUST be included in
MUST be included in this container in the echo request, and if this container in the echo request; if present, the Default-
present, the Default-Namespace-ID 0x0000 MUST be placed at the Namespace-ID 0x0000 MUST be placed at the beginning of the list of
beginning of the list of IOAM Namespace-IDs. The IOAM encapsulating IOAM Namespace-IDs. The IOAM encapsulating node requests only the
node requests only the enabled IOAM capabilities that match one of enabled IOAM capabilities that match one of the Namespace-IDs.
the Namespace-IDs. Inclusion of the Default-Namespace-ID 0x0000 Inclusion of the Default-Namespace-ID 0x0000 elicits replies only for
elicits replies only for capabilities that are configured with the capabilities that are configured with the Default-Namespace-ID
Default-Namespace-ID 0x0000.The Namespace-ID has the same definition 0x0000. The Namespace-ID has the same definition as what's specified
as what's specified in Section 4.3 of [RFC9197]. in Section 4.3 of [RFC9197].
The IOAM Capabilities Query Container has a container header that is The IOAM Capabilities Query Container has a container header that is
used to identify the type and optionally length of the container used to identify the type and, optionally, the length of the
payload, and the container payload (List of IOAM Namespace-IDs) is container payload. The container payload (List of IOAM Namespace-
zero-padded to align to a 4-octet boundary. Since the Default- IDs) is zero-padded to align with a 4-octet boundary. Since the
Namespace-ID of 0x0000 is mandated to appear first in the list, any Default-Namespace-ID 0x0000 is mandated to appear first in the list,
other occurrences of 0x0000 MUST be disregarded. any other occurrences of 0x0000 MUST be disregarded.
The length, structure, and definition of the IOAM Capabilities Query The length, structure, and definition of the IOAM Capabilities Query
Container Header depends on the specific deployment environment. Container Header depend on the specific deployment environment.
3.2. IOAM Capabilities Response Container 3.2. IOAM Capabilities Response Container
For echo reply, IOAM Capabilities Response uses a container which has For echo replies, the IOAM Capabilities Response uses a container
the following format: that has the following format:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Capabilities Response Container Header . . IOAM Capabilities Response Container Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. List of IOAM Capabilities Objects . . List of IOAM Capabilities Objects .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: IOAM Capabilities Response Container of Echo Reply Figure 2: IOAM Capabilities Response Container for an Echo Reply
When this container is present in the echo reply sent by an IOAM When this container is present in the echo reply sent by an IOAM
transit node or IOAM decapsulating node, that means the IOAM function transit node or IOAM decapsulating node, the IOAM function is enabled
is enabled at this node, and this container contains the enabled IOAM at this node, and this container contains the enabled IOAM
capabilities of the sender. A list of IOAM capabilities objects (one capabilities of the sender. A list of IOAM capabilities objects (one
or more objects) which contains the enabled IOAM capabilities MUST be or more objects) that contains the enabled IOAM capabilities MUST be
included in this container of echo reply except the sender encounters included in this container of the echo reply unless the sender
an error (e.g., no matched Namespace-ID). encounters an error (e.g., no matched Namespace-ID).
The IOAM Capabilities Response Container has a container header that The IOAM Capabilities Response Container has a container header that
is used to identify the type and optionally length of the container is used to identify the type and, optionally, the length of the
payload. The container header MUST be defined such that it falls on container payload. The container header MUST be defined such that it
a four-octet boundary. falls on a 4-octet boundary.
The length, structure, and definition of the IOAM Capabilities The length, structure, and definition of the IOAM Capabilities
Response Container Header depends on the specific deployment Response Container Header depends on the specific deployment
environment. environment.
Based on the IOAM data fields defined in [RFC9197] and [RFC9326], six Based on the IOAM data fields defined in [RFC9197] and [RFC9326], six
types of objects are defined in this document. The same type of types of objects are defined in this document. The same type of
object MAY be present in the IOAM Capabilities Response Container object MAY be present in the IOAM Capabilities Response Container
more than once, only if with a different Namespace-ID. more than once, only if listed with a different Namespace-ID.
Similar to the container, each object has an object header that is Similar to the container, each object has an object header that is
used to identify the type and length of the object payload. The used to identify the type and length of the object payload. The
object payload MUST be defined such that it falls on a four-octet object payload MUST be defined such that it falls on a 4-octet
boundary. boundary.
The length, structure, and definition of Object Header depends on the The length, structure, and definition of the object header depends on
specific deployment environment. the specific deployment environment.
3.2.1. IOAM Pre-allocated Tracing Capabilities Object 3.2.1. IOAM Pre-allocated Tracing Capabilities Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Pre-allocated Tracing Capabilities Object Header . . IOAM Pre-allocated Tracing Capabilities Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IOAM-Trace-Type | Reserved |W| | IOAM-Trace-Type | Reserved |W|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | Ingress_MTU | | Namespace-ID | Ingress_MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress_if_id (short or wide format) ...... | | Ingress_if_id (short or wide format) ...... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: IOAM Pre-allocated Tracing Capabilities Object Figure 3: IOAM Pre-allocated Tracing Capabilities Object
When this Object is present in the IOAM Capabilities Response When the IOAM Pre-allocated Tracing Capabilities Object is present in
Container, that means the sending node is an IOAM transit node and the IOAM Capabilities Response Container, the sending node is an IOAM
the IOAM pre-allocated tracing function is enabled at this IOAM transit node, and the IOAM pre-allocated tracing function is enabled
transit node. at this IOAM transit node.
IOAM-Trace-Type field has the same definition as what's specified in The IOAM-Trace-Type field has the same definition as what's specified
Section 4.4 of [RFC9197]. in Section 4.4 of [RFC9197].
Reserved field is reserved for future use and MUST be set to zero, The Reserved field MUST be zeroed on transmission and ignored on
and MUST be ignored when non-zero. receipt.
W flag indicates whether Ingress_if_id is in short or wide format. The W flag indicates whether Ingress_if_id is in short or wide
The W-bit is set if the Ingress_if_id is in wide format. The W-bit format. The W-bit is set if the Ingress_if_id is in wide format.
is clear if the Ingress_if_id is in short format. The W-bit is clear if the Ingress_if_id is in short format.
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Object of the echo request. in the IOAM Capabilities Query Object of the echo request.
Ingress_MTU field has 16 bits and specifies the MTU (in octets) of The Ingress_MTU field has 16 bits and specifies the MTU (in octets)
the ingress interface from which the sending node received echo of the ingress interface from which the sending node received the
request. echo request.
Ingress_if_id field has 16 bits (in short format) or 32 bits (in wide The Ingress_if_id field has 16 bits (in short format) or 32 bits (in
format) and specifies the identifier of the ingress interface from wide format) and specifies the identifier of the ingress interface
which the sending node received echo request. If the W-bit is from which the sending node received the echo request. If the W-bit
cleared that indicates Ingress_if_id field has 16 bits, then the 16 is cleared, the Ingress_if_id field has 16 bits; then the 16 bits
bits following the Ingress_if_id field are reserved for future use following the Ingress_if_id field are reserved for future use, MUST
and MUST be set to zero, and MUST be ignored when non-zero. be set to zero, and MUST be ignored when non-zero.
3.2.2. IOAM Incremental Tracing Capabilities Object 3.2.2. IOAM Incremental Tracing Capabilities Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Incremental Tracing Capabilities Object Header . . IOAM Incremental Tracing Capabilities Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IOAM-Trace-Type | Reserved |W| | IOAM-Trace-Type | Reserved |W|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | Ingress_MTU | | Namespace-ID | Ingress_MTU |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Ingress_if_id (short or wide format) ...... | | Ingress_if_id (short or wide format) ...... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: IOAM Incremental Tracing Capabilities Object Figure 4: IOAM Incremental Tracing Capabilities Object
When this Object is present in the IOAM Capabilities Response When the IOAM Incremental Tracing Capabilities Object is present in
Container, that means the sending node is an IOAM transit node and the IOAM Capabilities Response Container, the sending node is an IOAM
the IOAM incremental tracing function is enabled at this IOAM transit transit node, and the IOAM incremental tracing function is enabled at
node. this IOAM transit node.
IOAM-Trace-Type field has the same definition as what's specified in The IOAM-Trace-Type field has the same definition as what's specified
Section 4.4 of [RFC9197]. in Section 4.4 of [RFC9197].
Reserved field is reserved for future use and MUST be set to zero, The Reserved field MUST be zeroed on transmission and ignored on
and MUST be ignored when non-zero. receipt.
W flag indicates whether Ingress_if_id is in short or wide format. The W flag indicates whether Ingress_if_id is in short or wide
The W-bit is set if the Ingress_if_id is in wide format. The W-bit format. The W-bit is set if the Ingress_if_id is in wide format.
is clear if the Ingress_if_id is in short format. The W-bit is clear if the Ingress_if_id is in short format.
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Object of the echo request. in the IOAM Capabilities Query Object of the echo request.
Ingress_MTU field has 16 bits and specifies the MTU (in octets) of The Ingress_MTU field has 16 bits and specifies the MTU (in octets)
the ingress interface from which the sending node received echo of the ingress interface from which the sending node received the
request. echo request.
Ingress_if_id field has 16 bits (in short format) or 32 bits (in wide The Ingress_if_id field has 16 bits (in short format) or 32 bits (in
format) and specifies the identifier of the ingress interface from wide format) and specifies the identifier of the ingress interface
which the sending node received echo request. If the W-bit is from which the sending node received the echo request. If the W-bit
cleared that indicates Ingress_if_id field has 16 bits, then the 16 is cleared, the Ingress_if_id field has 16 bits; then the 16 bits
bits following the Ingress_if_id field are reserved for future use following the Ingress_if_id field are reserved for future use, MUST
and MUST be set to zero, and MUST be ignored when non-zero. be set to zero, and MUST be ignored when non-zero.
3.2.3. IOAM Proof-of-Transit Capabilities Object 3.2.3. IOAM Proof of Transit Capabilities Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Proof-of-Transit Capabilities Object Header . . IOAM Proof of Transit Capabilities Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | IOAM-POT-Type |SoP| Reserved | | Namespace-ID | IOAM-POT-Type |SoP| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: IOAM Proof-of-Transit Capabilities Object Figure 5: IOAM Proof of Transit Capabilities Object
When this Object is present in the IOAM Capabilities Response When the IOAM Proof of Transit Capabilities Object is present in the
Container, that means the sending node is an IOAM transit node and IOAM Capabilities Response Container, the sending node is an IOAM
the IOAM Proof of Transit function is enabled at this IOAM transit transit node and the IOAM Proof of Transit function is enabled at
node. this IOAM transit node.
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Object of the echo request. in the IOAM Capabilities Query Object of the echo request.
IOAM-POT-Type field has the same definition as what's specified in The IOAM-POT-Type field has the same definition as what's specified
Section 4.5 of [RFC9197]. in Section 4.5 of [RFC9197].
SoP (Size of POT) field has two bits, which means the size of "PktID" The SoP (Size of POT) field has two bits that indicate the size of
and "Cumulative" data that are specified in Section 4.5 of [RFC9197]. "PktID" and "Cumulative" data, which are specified in Section 4.5 of
This document defines SoP as follows: [RFC9197]. This document defines SoP as follows:
0b00 means 64-bit "PktID" and 64-bit "Cumulative" data. 0b00: 64-bit "PktID" and 64-bit "Cumulative" data
0b01~0b11: Reserved for future standardization 0b01~0b11: reserved for future standardization
Reserved field is reserved for future use and MUST be set to zero, The Reserved field MUST be zeroed on transmission and ignored on
and MUST be ignored when non-zero. receipt.
3.2.4. IOAM Edge-to-Edge Capabilities Object 3.2.4. IOAM Edge-to-Edge Capabilities Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM Edge-to-Edge Capabilities Object Header . . IOAM Edge-to-Edge Capabilities Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | IOAM-E2E-Type | | Namespace-ID | IOAM-E2E-Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|TSF| Reserved | Reserved | |TSF| Reserved | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: IOAM Edge-to-Edge Capabilities Object Figure 6: IOAM Edge-to-Edge Capabilities Object
When this Object is present in the IOAM Capabilities Response When the IOAM Edge-to-Edge Capabilities Object is present in the IOAM
Container, that means the sending node is an IOAM decapsulating node Capabilities Response Container, the sending node is an IOAM
and IOAM edge-to-edge function is enabled at this IOAM decapsulating decapsulating node and IOAM edge-to-edge function is enabled at this
node. IOAM decapsulating node.
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Object of the echo request. in the IOAM Capabilities Query Object of the echo request.
IOAM-E2E-Type field has the same definition as what's specified in The IOAM-E2E-Type field has the same definition as what's specified
Section 4.6 of [RFC9197]. in Section 4.6 of [RFC9197].
TSF field specifies the timestamp format used by the sending node. The TSF field specifies the timestamp format used by the sending
Aligned with three possible timestamp formats specified in Section 5 node. Aligned with three possible timestamp formats specified in
of [RFC9197], this document defines TSF as follows: Section 5 of [RFC9197], this document defines TSF as follows:
0b00: PTP truncated timestamp format 0b00: PTP truncated timestamp format
0b01: NTP 64-bit timestamp format 0b01: NTP 64-bit timestamp format
0b10: POSIX-based timestamp format 0b10: POSIX-based timestamp format
0b11: Reserved for future standardization 0b11: Reserved for future standardization
Reserved field is reserved for future use and MUST be set to zero, The Reserved field MUST be zeroed on transmission and ignored on
and MUST be ignored when non-zero. receipt.
3.2.5. IOAM DEX Capabilities Object 3.2.5. IOAM DEX Capabilities Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM DEX Capabilities Object Header . . IOAM DEX Capabilities Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IOAM-Trace-Type | Reserved | | IOAM-Trace-Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | Reserved | | Namespace-ID | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: IOAM DEX Capabilities Object Figure 7: IOAM DEX Capabilities Object
When this Object is present in the IOAM Capabilities Response When the IOAM DEX Capabilities Object is present in the IOAM
Container, that means the sending node is an IOAM transit node and Capabilities Response Container, the sending node is an IOAM transit
the IOAM direct exporting function is enabled at this IOAM transit node and the IOAM direct exporting function is enabled at this IOAM
node. transit node.
IOAM-Trace-Type field has the same definition as what's specified in The IOAM-Trace-Type field has the same definition as what's specified
Section 3.2 of [RFC9326]. in Section 3.2 of [RFC9326].
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Object of the echo request. in the IOAM Capabilities Query Object of the echo request.
Reserved field is reserved for future use and MUST be set to zero, The Reserved field MUST be zeroed on transmission and ignored on
and MUST be ignored when non-zero. receipt.
3.2.6. IOAM End-of-Domain Object 3.2.6. IOAM End-of-Domain Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. IOAM End-of-Domain Object Header . . IOAM End-of-Domain Object Header .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Namespace-ID | Must Be Zero | | Namespace-ID | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: IOAM End-of-Domain Object Figure 8: IOAM End-of-Domain Object
When this Object is present in the IOAM Capabilities Response When the IOAM End-of-Domain Object is present in the IOAM
Container, that means the sending node is an IOAM decapsulating node. Capabilities Response Container, the sending node is an IOAM
Unless the IOAM Edge-to-Edge Capabilities Object is present, which decapsulating node. Unless the IOAM Edge-to-Edge Capabilities Object
also indicates that the sending node is an IOAM decapsulating node, is present, which also indicates that the sending node is an IOAM
the End-of-Domain Object MUST be present in the IOAM Capabilities decapsulating node, the IOAM End-of-Domain Object MUST be present in
Response Container sent by an IOAM decapsulating node. When the IOAM the IOAM Capabilities Response Container sent by an IOAM
edge-to-edge function is enabled at the IOAM decapsulating node, it's decapsulating node. When the IOAM edge-to-edge function is enabled
RECOMMENDED to include only the IOAM Edge-to-Edge Capabilities Object at the IOAM decapsulating node, including only the IOAM Edge-to-Edge
but not the IOAM End-of-Domain Object. Capabilities Object, not the IOAM End-of-Domain Object, is
RECOMMENDED.
Namespace-ID field has the same definition as what's specified in The Namespace-ID field has the same definition as what's specified in
Section 4.3 of [RFC9197], it MUST be one of the Namespace-IDs listed Section 4.3 of [RFC9197]. It MUST be one of the Namespace-IDs listed
in the IOAM Capabilities Query Container. in the IOAM Capabilities Query Container.
Reserved field MUST be zeroed on transmission and ignored on receipt.
4. Operational Guide 4. Operational Guide
Once the IOAM encapsulating node is triggered to discover the enabled Once the IOAM encapsulating node is triggered to discover the enabled
IOAM capabilities of each IOAM transit and IOAM decapsulating node, IOAM capabilities of each IOAM transit and IOAM decapsulating node,
the IOAM encapsulating node will send echo requests that include the the IOAM encapsulating node will send echo requests that include the
IOAM Capabilities Query Container. First, with TTL equal to 1 to IOAM Capabilities Query Container as follows:
reach the closest node, which may be an IOAM transit node or not.
Then with TTL equal to 2 to reach the second-nearest node, which also * First, with TTL equal to 1 to reach the closest node (which may or
may be an IOAM transit node or not. And further, increasing by 1 the may not be an IOAM transit node).
TTL every time the IOAM encapsulating node sends a new echo request,
until the IOAM encapsulating node receives an echo reply sent by the * Then, with TTL equal to 2 to reach the second-nearest node (which
IOAM decapsulating node, which contains the IOAM Capabilities also may or may not be an IOAM transit node).
Response Container including the IOAM Edge-to-Edge Capabilities
Object or the IOAM End-of-Domain Object. As a result, the echo * Then, further increasing by 1 the TTL every time the IOAM
requests sent by the IOAM encapsulating node will reach all nodes one encapsulating node sends a new echo request, until the IOAM
by one along the transport path of IOAM data packet. Alternatively, encapsulating node receives an echo reply sent by the IOAM
if the IOAM encapsulating node knows precisely all the IOAM transit decapsulating node (which contains the IOAM Capabilities Response
and IOAM decapsulating nodes beforehand, once the IOAM encapsulating Container including the IOAM Edge-to-Edge Capabilities Object or
node is triggered to discover the enabled IOAM capabilities, it can the IOAM End-of-Domain Object).
send an echo request to each IOAM transit and IOAM decapsulating node
directly, without TTL expiration. As a result, the echo requests sent by the IOAM encapsulating node
will reach all nodes one by one along the transport path of IOAM data
packet.
Alternatively, if the IOAM encapsulating node knows precisely all the
IOAM transit and IOAM decapsulating nodes beforehand, once the IOAM
encapsulating node is triggered to discover the enabled IOAM
capabilities, it can send an echo request to each IOAM transit and
IOAM decapsulating node directly, without TTL expiration.
The IOAM encapsulating node may be triggered by the device The IOAM encapsulating node may be triggered by the device
administrator, the network management system, the network controller, administrator, the network management system, the network controller,
or data traffic. The specific triggering mechanisms are outside the or data traffic. The specific triggering mechanisms are outside the
scope of this document. scope of this document.
Each IOAM transit and IOAM decapsulating node that receives an echo Each IOAM transit and IOAM decapsulating node that receives an echo
request containing the IOAM Capabilities Query Container will send an request containing the IOAM Capabilities Query Container will send an
echo reply to the IOAM encapsulating node. For the echo reply, there echo reply to the IOAM encapsulating node. For the echo reply, there
is an IOAM Capabilities Response Container containing one or more is an IOAM Capabilities Response Container containing one or more
Objects. The IOAM Capabilities Query Container of the echo request Objects. The IOAM Capabilities Query Container of the echo request
would be ignored by the receiving node unaware of IOAM. would be ignored by the receiving node unaware of IOAM.
Note that the mechanism defined in this document applies to all kinds Note that the mechanism defined in this document applies to all kinds
of IOAM option types, whether the four types of IOAM option defined of IOAM option types, whether the four types of IOAM options defined
in [RFC9197] or the DEX type of IOAM option defined in [RFC9326], in [RFC9197] or the DEX type of IOAM option defined in [RFC9326].
specifically, when applied to the IOAM DEX option, it allows the IOAM Specifically, when applied to the IOAM DEX option, the mechanism
encapsulating node to discover which nodes along the transport path allows the IOAM encapsulating node to discover which nodes along the
support IOAM direct exporting and which trace data types are transport path support IOAM direct exporting and which trace data
supported to be directly exported at these nodes. types are supported to be directly exported at these nodes.
5. IANA Considerations 5. IANA Considerations
This document requests the following IANA Actions. IANA has created a registry named "In Situ OAM (IOAM) Capabilities".
IANA is requested to create a registry group named "In-Situ OAM
(IOAM) Capabilities Parameters".
This group will include the following registries: This registry includes the following subregistries:
* IOAM SoP Capability * IOAM SoP Capability
* IOAM TSF Capability * IOAM TSF Capability
New registries in this group can be created via RFC Required process
as per [RFC8126].
The subsequent subsections detail the registries herein contained. The subsequent subsections detail the registries herein contained.
Considering the Containers/Objects defined in this document would be Considering the Containers/Objects defined in this document that
carried in different types of Echo Request/Reply messages, such as would be carried in different types of Echo Request/Reply messages,
ICMPv6 or LSP Ping, it is intended that the registries for Container/ such as ICMPv6 or LSP Ping, it is intended that the registries for
Object Type would be requested in subsequent documents. Container/Object Type would be requested in subsequent documents.
5.1. IOAM SoP Capability Registry 5.1. IOAM SoP Capability Registry
This registry defines 4 code points for the IOAM SoP Capability field This registry defines four codepoints for the IOAM SoP Capability
for identifying the size of "PktID" and "Cumulative" data as field for identifying the size of "PktID" and "Cumulative" data as
explained in Section 4.5 of [RFC9197]. explained in Section 4.5 of [RFC9197].
A new entry in this registry requires the following fields: A new entry in this registry requires the following fields:
* SoP: size of POT; a two-bit binary field as defined in * SoP (Size of POT): a 2-bit binary field as defined in
Section 3.2.3 Section 3.2.3.
* Description: a terse description of the meaning of this SoP value * Description: a terse description of the meaning of this SoP value.
The registry initially contains the following value: The registry initially contains the following value:
SoP Description +======+=============================================+
---- ----------- | SoP | Description |
0b00 64-bit "PktID" and 64-bit "Cumulative" data +======+=============================================+
| 0b00 | 64-bit "PktID" and 64-bit "Cumulative" data |
+------+---------------------------------------------+
0b01 - 0b11 are available for assignment via IETF Review process as Table 1: SoP and Description
per [RFC8126].
0b01 - 0b11 are available for assignment via the IETF Review process
as per [RFC8126].
5.2. IOAM TSF Capability Registry 5.2. IOAM TSF Capability Registry
This registry defines 4 code points for the IOAM TSF Capability field This registry defines four codepoints for the IOAM TSF Capability
for identifying the timestamp format as explained in Section 5 of field for identifying the timestamp format as explained in Section 5
[RFC9197]. of [RFC9197].
A new entry in this registry requires the following fields: A new entry in this registry requires the following fields:
* TSF: timestamp format; a two-bit binary field as defined in * TSF (TimeStamp Format): a 2-bit binary field as defined in
Section 3.2.4 Section 3.2.4.
* Description: a terse description of the meaning of this TSF value * Description: a terse description of the meaning of this TSF value.
The registry initially contains the following values: The registry initially contains the following values:
TSF Description +======+================================+
---- ----------- | TSF | Description |
0b00 PTP Truncated Timestamp Format +======+================================+
0b01 NTP 64-bit Timestamp Format | 0b00 | PTP Truncated Timestamp Format |
0b10 POSIX-based Timestamp Format +------+--------------------------------+
| 0b01 | NTP 64-bit Timestamp Format |
+------+--------------------------------+
| 0b10 | POSIX-based Timestamp Format |
+------+--------------------------------+
0b11 is available for assignment via IETF Review process as per Table 2: TSF and Description
0b11 is available for assignment via the IETF Review process as per
[RFC8126]. [RFC8126].
6. Security Considerations 6. Security Considerations
Overall, the security needs for IOAM capabilities query mechanisms Overall, the security needs for IOAM capabilities query mechanisms
used in different environments are similar. used in different environments are similar.
To avoid potential Denial-of-Service (DoS) attacks, it is RECOMMENDED To avoid potential Denial-of-Service (DoS) attacks, it is RECOMMENDED
that implementations apply rate-limiting to incoming echo requests that implementations apply rate-limiting to incoming echo requests
and replies. and replies.
To protect against unauthorized sources using echo request messages To protect against unauthorized sources using echo request messages
to obtain IOAM Capabilities information, implementations MUST provide to obtain IOAM Capabilities information, implementations MUST provide
a means of checking the source addresses of echo request messages a means of checking the source addresses of echo request messages
against an access list before accepting the message. against an access list before accepting the message.
A deployment MUST ensure that border filtering drops inbound echo A deployment MUST ensure that border-filtering drops inbound echo
requests with an IOAM Capabilities Container Header from outside of requests with an IOAM Capabilities Container Header from outside of
the domain, and drops outbound echo request/replies with IOAM the domain and that drops outbound echo requests or replies with IOAM
Capabilities Headers leaving the domain. Capabilities Headers leaving the domain.
A deployment MUST support the configuration option to enable/disable A deployment MUST support the configuration option to enable or
the IOAM Capabilities Discovery feature defined in this document. By disable the IOAM Capabilities Discovery feature defined in this
default, the IOAM Capabilities Discovery feature MUST be disabled. document. By default, the IOAM Capabilities Discovery feature MUST
be disabled.
The integrity protection on IOAM Capabilities information carried in The integrity protection on IOAM Capabilities information carried in
echo reply messages can be achieved by the underlying transport. For echo reply messages can be achieved by the underlying transport. For
example, if the environment is an IPv6 network, the IP Authentication example, if the environment is an IPv6 network, the IP Authentication
Header [RFC4302] or IP Encapsulating Security Payload Header Header [RFC4302] or IP Encapsulating Security Payload Header
[RFC4303] can be used. [RFC4303] can be used.
The collected IOAM Capabilities information by queries may be The collected IOAM Capabilities information by queries may be
considered confidential. An implementation can use secure underlying considered confidential. An implementation can use secure underlying
transport of echo request/reply to provide privacy protection. For transport of echo requests or replies to provide privacy protection.
example, if the environment is an IPv6 network, confidentiality can For example, if the environment is an IPv6 network, confidentiality
be achieved by using the IP Encapsulating Security Payload Header can be achieved by using the IP Encapsulating Security Payload Header
[RFC4303]. [RFC4303].
An implementation can also directly secure the data carried in echo An implementation can also directly secure the data carried in echo
requests and replies if needed, the specific mechanism on how to requests and replies if needed, the specific mechanism on how to
secure the data is beyond the scope of this document. secure the data is beyond the scope of this document.
An implementation can also check whether the fields in received echo An implementation can also check whether the fields in received echo
requests and replies strictly conform to the specifications, e.g., requests and replies strictly conform to the specifications, e.g.,
whether the list of IOAM Namespace-IDs includes duplicate entries, whether the list of IOAM Namespace-IDs includes duplicate entries and
whether the received Namespace-ID is an operator-assigned or IANA- whether the received Namespace-ID is an operator-assigned or IANA-
assigned one, once a check fails, an exception event indicating the assigned one, once a check fails, an exception event indicating the
checked field should be reported to the management. checked field should be reported to the management.
Except for what's described above, the security issues discussed in Except for what's described above, the security issues discussed in
[RFC9197] provide a good guidance on implementation of this [RFC9197] provide good guidance on implementation of this
specification. specification.
7. Acknowledgements 7. References
The authors would like to acknowledge Tianran Zhou, Dhruv Dhody,
Frank Brockners, Cheng Li, Gyan Mishra, Marcus Ihlar, Martin Duke,
Chris Lonvick, Eric Vyncke, Alvaro Retana, Paul Wouters, Roman
Danyliw, Lars Eggert, Warren Kumari, John Scudder, Robert Wilton,
Erik Kline, Zaheduzzaman Sarker and Murray Kucherawy for their
careful review and helpful comments.
The authors appreciate the f2f discussion with Frank Brockners on
this document.
The authors would like to acknowledge Tommy Pauly and Ian Swett for
their good suggestion and guidance.
8. References
8.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
skipping to change at page 17, line 37 skipping to change at line 793
Ed., "Data Fields for In Situ Operations, Administration, Ed., "Data Fields for In Situ Operations, Administration,
and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197, and Maintenance (IOAM)", RFC 9197, DOI 10.17487/RFC9197,
May 2022, <https://www.rfc-editor.org/info/rfc9197>. May 2022, <https://www.rfc-editor.org/info/rfc9197>.
[RFC9326] Song, H., Gafni, B., Brockners, F., Bhandari, S., and T. [RFC9326] Song, H., Gafni, B., Brockners, F., Bhandari, S., and T.
Mizrahi, "In Situ Operations, Administration, and Mizrahi, "In Situ Operations, Administration, and
Maintenance (IOAM) Direct Exporting", RFC 9326, Maintenance (IOAM) Direct Exporting", RFC 9326,
DOI 10.17487/RFC9326, November 2022, DOI 10.17487/RFC9326, November 2022,
<https://www.rfc-editor.org/info/rfc9326>. <https://www.rfc-editor.org/info/rfc9326>.
8.2. Informative References 7.2. Informative References
[I-D.ietf-bier-ping] [BIER-PING]
Kumar, N., Pignataro, C., Akiya, N., Zheng, L., Chen, M., Nainar, N. K., Pignataro, C., Akiya, N., Zheng, L., Chen,
and G. Mirsky, "BIER Ping and Trace", Work in Progress, M., and G. Mirsky, "BIER Ping and Trace", Work in
Internet-Draft, draft-ietf-bier-ping-07, 11 May 2020, Progress, Internet-Draft, draft-ietf-bier-ping-08, 6 March
<https://www.ietf.org/archive/id/draft-ietf-bier-ping- 2023, <https://datatracker.ietf.org/doc/html/draft-ietf-
07.txt>. bier-ping-08>.
[I-D.ietf-sfc-multi-layer-oam] [OAM-for-SFC]
Mirsky, G., Meng, W., Ao, T., Khasnabish, B., Leung, K., Mirsky, G., Meng, W., Ao, T., Khasnabish, B., Leung, K.,
and G. Mishra, "Active OAM for Service Function Chaining and G. Mishra, "Active OAM for Service Function Chaining
(SFC)", Work in Progress, Internet-Draft, draft-ietf-sfc- (SFC)", Work in Progress, Internet-Draft, draft-ietf-sfc-
multi-layer-oam-22, 25 July 2022, multi-layer-oam-23, 23 March 2023,
<https://www.ietf.org/archive/id/draft-ietf-sfc-multi- <https://datatracker.ietf.org/doc/html/draft-ietf-sfc-
layer-oam-22.txt>. multi-layer-oam-23>.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302, [RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
DOI 10.17487/RFC4302, December 2005, DOI 10.17487/RFC4302, December 2005,
<https://www.rfc-editor.org/info/rfc4302>. <https://www.rfc-editor.org/info/rfc4302>.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, DOI 10.17487/RFC4303, December 2005, RFC 4303, DOI 10.17487/RFC4303, December 2005,
<https://www.rfc-editor.org/info/rfc4303>. <https://www.rfc-editor.org/info/rfc4303>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
skipping to change at page 18, line 29 skipping to change at line 834
[RFC4620] Crawford, M. and B. Haberman, Ed., "IPv6 Node Information [RFC4620] Crawford, M. and B. Haberman, Ed., "IPv6 Node Information
Queries", RFC 4620, DOI 10.17487/RFC4620, August 2006, Queries", RFC 4620, DOI 10.17487/RFC4620, August 2006,
<https://www.rfc-editor.org/info/rfc4620>. <https://www.rfc-editor.org/info/rfc4620>.
[RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro, [RFC4884] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
"Extended ICMP to Support Multi-Part Messages", RFC 4884, "Extended ICMP to Support Multi-Part Messages", RFC 4884,
DOI 10.17487/RFC4884, April 2007, DOI 10.17487/RFC4884, April 2007,
<https://www.rfc-editor.org/info/rfc4884>. <https://www.rfc-editor.org/info/rfc4884>.
[RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N., [RFC8029] Kompella, K., Swallow, G., Pignataro, C., Ed., Kumar, N.,
Aldrin, S., Chen, M., and RFC Publisher, "Detecting Aldrin, S., and M. Chen, "Detecting Multiprotocol Label
Multiprotocol Label Switched (MPLS) Data-Plane Failures", Switched (MPLS) Data-Plane Failures", RFC 8029,
RFC 8029, DOI 10.17487/RFC8029, March 2017, DOI 10.17487/RFC8029, March 2017,
<https://www.rfc-editor.org/info/rfc8029>. <https://www.rfc-editor.org/info/rfc8029>.
[RFC8335] Bonica, R., Thomas, R., Linkova, J., Lenart, C., and M. [RFC8335] Bonica, R., Thomas, R., Linkova, J., Lenart, C., and M.
Boucadair, "PROBE: A Utility for Probing Interfaces", Boucadair, "PROBE: A Utility for Probing Interfaces",
RFC 8335, DOI 10.17487/RFC8335, February 2018, RFC 8335, DOI 10.17487/RFC8335, February 2018,
<https://www.rfc-editor.org/info/rfc8335>. <https://www.rfc-editor.org/info/rfc8335>.
[RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet [RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet
Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020, Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
<https://www.rfc-editor.org/info/rfc8799>. <https://www.rfc-editor.org/info/rfc8799>.
Acknowledgements
The authors would like to acknowledge Tianran Zhou, Dhruv Dhody,
Frank Brockners, Cheng Li, Gyan Mishra, Marcus Ihlar, Martin Duke,
Chris Lonvick, Éric Vyncke, Alvaro Retana, Paul Wouters, Roman
Danyliw, Lars Eggert, Warren Kumari, John Scudder, Robert Wilton,
Erik Kline, Zaheduzzaman Sarker, Murray Kucherawy, and Donald
Eastlake 3rd for their careful review and helpful comments.
The authors appreciate the f2f discussion with Frank Brockners on
this document.
The authors would like to acknowledge Tommy Pauly and Ian Swett for
their good suggestion and guidance.
Authors' Addresses Authors' Addresses
Xiao Min Xiao Min
ZTE Corp. ZTE Corp.
Nanjing Nanjing
China China
Phone: +86 25 88013062 Phone: +86 25 88013062
Email: xiao.min2@zte.com.cn Email: xiao.min2@zte.com.cn
Greg Mirsky Greg Mirsky
Ericsson Ericsson
United States of America United States of America
Email: gregimirsky@gmail.com Email: gregimirsky@gmail.com
Lei Bo Lei Bo
China Telecom China Telecom
Beijing Beijing
China China
Phone: +86 10 50902903 Phone: +86 10 50902903
 End of changes. 135 change blocks. 
367 lines changed or deleted 389 lines changed or added

This html diff was produced by rfcdiff 1.48.