Next-gen Network Telemetry is Within Your Packets: In-band OAM. Frank Brockners, Shwetha Bhandari PSOSDN-2901

Size: px

Start display at page:

Download "Next-gen Network Telemetry is Within Your Packets: In-band OAM. Frank Brockners, Shwetha Bhandari PSOSDN-2901"

Dina Todd
6 years ago
Views:

2 Next-gen Network Telemetry is Within Your Packets: In-band OAM Frank Brockners, Shwetha Bhandari PSOSDN-2901

3 Continous & Always-On On Demand Checking Health and Compliance

4 Continous & Always-On On Demand Checking Health and Compliance

5 Prologue: Does your traffic comply? Why In-Band OAM? Use-Case Examples In-Band OAM The Technology A Peek at the Implementation In-Band OAM Solution Ecosystem PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 5

6 Prolog Consider TE, Service Chaining, Policy Based Routing, etc...: How do you prove that traffic follows the suggested path?

7 Willis says the first issue is connecting VNFs to the infrastructure. OpenStack does this in a sequential manner, with the sequence serially numbered in the VNF, but the difficulty comes when trying to verify that the LAN has been connected to the correct LAN port, the WAN has been connected to the correct WAN port and so on. "If we get this wrong for a firewall function it could be the end of a CIO's career," says Willis. October 14, 2015 Light reading citing Peter Willis, Chief researcher for data networks, British Telecom PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Ensuring Path and/or Service Chain Integrity Approach Meta-data added to all user traffic Based on Share of a secret Provisioned by controller over secure channel Updated at every service hop

8 Ensuring Path and/or Service Chain Integrity Approach Meta-data added to all user traffic Based on Share of a secret Provisioned by controller over secure channel Updated at every service hop Controller Secret Verifier checks whether collected meta-data allows retrieval of secret Path verified A X B C Verifier PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 8

Initial Idea: Combine multiple secrets Compose the Onion Approach A service is described by a set of secrets, where each secret is associated with a service function.

9 Initial Idea: Combine multiple secrets Compose the Onion Approach A service is described by a set of secrets, where each secret is associated with a service function. Service functions encrypt portions of the meta-data as part of their packet processing. Only the verifying node has access to all secrets. The verifying nodes re-encrypts the meta-data to validate whether the packet correctly traversed the service chain. Notes To be used only when hardware assisted encryption is available. i.e. AES-NI instructions or equivalent. Otherwise this could be very costly operation to verify at line speed. S1 S2 Service-Secrets are nested like layers of an onion S3 PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 9

Solution Approach: Leveraging Shamir s Secret Sharing Polynomials 101 - Parabola: Min 3 points - Line: Min 2 points - Cubic function: Min 4 points Adi

10 Solution Approach: Leveraging Shamir s Secret Sharing Polynomials Parabola: Min 3 points - Line: Min 2 points - Cubic function: Min 4 points Adi Shamir General: It takes k+1 points to defines a polynomial of degree k. PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 10

11 Solution Approach: Leverage Shamir s Secret Sharing A polynomial as secret Each service is given a point on the curve When the packet travels through each service it collects these points A verifier can reconstruct the curve using the collected points Secret : 3x 2 + 3x + 10 (3,46) (2,28) (1,16) Operations done over a finite field (mod prime) to protect against differential analysis A B X C 3x 2 + 3x + 10 Verifier PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Operationalizing the Solution Leverage two polynomials: POLY-1 secret, constant: Each hop gets a point on POLY-1 Only the verifier knows POLY-1 POLY-2 public, random and per packet. Each hop generates a point on POLY-2 each time a packet crosses it. Each service function calculates (Point on POLY-1 + Point on POLY-2) to get (Point on POLY-3) and passes it to verifier by adding it to each packet. The verifier constructs POLY-3 from the points given by all the services and cross checks whether POLY-3 = POLY-1 + POLY-2 Computationally efficient: 3 additons, 1 multiplication, mod prime per hop POLY-1 Secret Constant + POLY-2 Public Per Packet = POLY-3 Secret Per Packet PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Meta Data for Service/Path Verification Verification secret is the independent coefficient of POLY-1 Computation/retrieval through a cumulative computation at every hop ( cumulative ) For POLY-2 the independent coefficient is carried within the packet (typically a combination of timestamp and random number) n bits can service a maximum of 2 n packets Verification secret and POLY-2 coefficient ( random ) are of the same size Secret size is bound by prime number Transfer Rate RND/ Secret Size 1 Gbps Gbps Gbps Gbps Gbps Gbps 40 Max # of packets (assuming 64 byte packets) Time that random lasts at maximum 1 Gbps seconds, 36 minutes 10 Gbps seconds, 3.5 minutes 100 GBps seconds PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 Meta-Data Provisioning Meta-Data for Service Chain Verification (SCV) provisioned through a controller (OpenDaylight App) Netconf/YANG based protocol Provisioned information from Controller to Service Function / Verifier Service-Chain-Identifier (to be mapped to service chaining technology specific identifier by network element) Service count (number of services in the chain) 2 x SCV-key-set (even and odd set) Secret (in case of communication to the verifier) Share of a secret, service index 2nd polynomial coefficients Prime number SCV-key-sets: Prime secret share poly-2 S1 Verification request for a particular service chain SCV-key-sets: Prime secret share poly-2 S2 Service Chain Verification App SCV-key-sets: Prime secret share poly-2 S3 SCV-key-sets: Secret Prime secret share poly-2 Verifier PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 14

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2nd Polynomial Interative computation of secret 16* Bytes of Meta-Data for SCV Random Unique random number (e.g.

15 Proof of Transit: Meta-Data Transport Options Random Random (contd) Cumulative Cumulative (contd) nd Polynomial Interative computation of secret 16* Bytes of Meta-Data for SCV Random Unique random number (e.g. Timestamp or combination of Timestamp and Sequence number) Cumulative (algorithm dependent) *Note: Smaller numbers are feasible, but require a more frequent renewal of the polynomials/secrets. Transport options for different protocols Segment Routing: New TLV in SRH header Network Service Header: Type-2 Meta-Data In-band OAM for IPv6: Proof-of-transit extension header VXLAN-GPE Proof-of-transit embedded-telemetry header... more to be added (incl. IPv4) PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 15

16 enter: In-Band OAM

packet OAM effected by data traffic Example: IPv4 route recording Out-of-band OAM OAM traffic is sent as dedicated traffic,

17 How to send OAM information in packet networks? On-Board Unit Speed control by police car In-band OAM OAM traffic embedded in the data traffic but not part of the payload of the packet OAM effected by data traffic Example: IPv4 route recording Out-of-band OAM OAM traffic is sent as dedicated traffic, independent from the data traffic ( probe traffic ) OAM not effected by data traffic Examples: Ethernet CFM (802.1ag), Ping, Traceroute PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 17

In-Band/Passive OAM - Motivation Multipath Forwarding debug ECMP networks Service/Path Verification prove that traffic follows a pre-defined path Service/Quality Assurance Prove traffic SLAs, as

20 In-Band/Passive OAM - Motivation Multipath Forwarding debug ECMP networks Service/Path Verification prove that traffic follows a pre-defined path Service/Quality Assurance Prove traffic SLAs, as opposed to probetraffic SLAs; Overlay/Underlay Derive Traffic Matrix Custom/Service Level Telemetry Most large ISP's prioritize Speedtest traffic and I would even go as far to say they probably route it faster as well to keep ping times low. Source: can_i_trust_my_speedtestnet_results_when_my_isp/ PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 What if you could collect operational meta-data within your traffic? Example use-cases... Path Tracing for ECMP networks Service/Path Verification Derive Traffic Matrix SLA proof: Delay, Jitter, Loss Custom data: Geo-Location,.. Meta-data required... Node-ID, ingress i/f, egress i/f Proof of Transit (random, cumulative) Node-ID Sequence numbers, Timestamps Custom meta-data PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 21

detect the one with issues PSOSDN-2901 2016 Cisco

22 Example: Flow Tracing in EMCP Networks Probe packet ( ping ) tests the wrong path Trace all paths and detect the one with issues PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 22

24 Further Examples Delay measurements and trend analysis Link 3 Loss/Re-ordering Detection Link 1 Link 2 Link 4 Add sequence number Delay Link1 Delay Link2 Delay Link3 Delay Link4 Check sequence number Multicast t = 1 1.2ms 14.8ms 3.8ms 24.8ms t = 2 1.2ms 14.8ms 3.8ms 24.8ms t = 3 1.2ms 14.7ms 3.8ms 24.7ms t = 4 1.2ms 14.8ms 3.8ms 24.8ms t = 5 1.2ms 14.8ms 3.8ms 24.8ms t = 6 1.2ms 17.8ms 3.8ms 24.7ms t = 7 1.2ms 17.9ms 3.8ms 24.7ms t = 8 1.2ms 18.1ms 3.8ms 24.8ms PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Example Generic customer meta-data: Geo-Location within your packets

26 Amending the OAM capabilities of IP Capability Existing Tools Additions Continuity Check Connectivity Verification Path Discovery and Verification Defect Indications Performance Monitoring BFD Ping / ICMP echo Traceroute IPPM (delay/packet loss) Light-weight continuity check (check without sending extra traffic) EMCP support Acknowledge different packet forwarding paths in routers EMCP support Acknowledge different packet forwarding paths in routers Prove correctness/integrity of forwarding path Indicate if a forwarding policy (service chain) has not been met Metrics for live data traffic (delay, packet loss) PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 26

27 In-Band OAM (ioam) Gather telemetry and OAM information along the path within the data packet, as part of an existing/additional header No extra probe-traffic (as with ping, trace, ipsla) Transport options IPv6: Native v6 HbyH extension header or double-encap VXLAN-GPE: Embedded telemetry protocol header SRv6: Policy-Element (proof-of-transit only) NSH: Type-2 Meta-Data (proof-of-transit only)... additional encapsulations being considered (incl. IPv4, MPLS) Deployment Domain-ingress, domain-egress, and select devices within a domaininsert/remove/update the extension header Information export via IPFIX/Flexible-Netflow/publish into Kafka Fast-path implementation Hdr ioam Payload ioam domain PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Update SCV meta-data Insert SCV meta-data 3 B 6 IPFIX SCV Verifier Hdr Payload SCV meta-data Path-tracing data A Hdr r=45/c=0 A 1 Payload 1 2 C Update SCV meta-data 4 Hdr r=45/c=17 C 4 A 1 Payload 5 Hdr r=45/c=39 B 6 C 4 A 1 Payload D Update SCV meta-data Hdr Payload PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 ioam: Information carried Per node scope Hop-by-Hop information processing Device_Hop_L Node_ID Ingress Interface ID Egress Interface ID Time-Stamp Application Meta Data Set of nodes scope Hop-by-Hop information processing Service Chain Validation (Random, Cumulative) Edge to Edge scope Edge-to-Edge information processing Sequence Number PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 29

30 Tracing Option Option Type Opt Data Len IOAM-trace-type Elements-left <-+ Node data List [0] D a Node data List [1] t a S p a Node data List [n-1] Hop_Lim c node_id e ingress_if_id egress_if_id Node data List [n] timestamp <-+ app_data PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 Proof-of-Transit Option Option Type Opt Data Len POT type = 0 reserved <-+ Random P Random(contd) O T Cumulative Cumulative (contd) <-+ PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 31

32 Edge-to-Edge Option Option Type Opt Data Len IOAM-E2E-Type reserved E2E Option data format determined by IOAM-E2E-Type Option Type: 000xxxxxx 8-bit identifier of the type of option. Opt Data Len: 8-bit unsigned integer. Length of the Option Data field of this option, in octets. ioam-e2e-type: 8-bit identifier of a particular ioam E2E variant. 0: E2E option data is 64-bit Per Packet Counter (PPC) used to identify packet loss and reordering. Reserved: 8-bit. (Reserved Octet) Reserved octet for future use.g PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Transport Options IPv6, VXLAN-GPE, SRv6, NSH... IPv6 Native v6 HbyH extension header Double-encapsulation: src=encap-node, dst=original VXLAN-GPE: Embedded telemetry protocol header; Combines with NSH etc. SRv6: ioam TLV in v6 SRheader SRH (proof-of-transit only) NSH: Type-2 Meta-Data (proof-of-transit only) PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Implementation Approach In-band OAM mechanisms for IP (route recording) have been proposed in the past, but were always received with skepticism Performance concerns Footprint for a new technology (incl. new packet header) vs. installed base: Is there a sufficiently large greenfield network to allow for the change? Deployment starting point for in-band OAM for IPv6 IoT networks, Data-Center Networks, greenfield network deployments Let s stop arguing and go try PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 34

ioam6 Test Drive Extended Ping ipv6 ioam path-record ipv6 ioam node-id <node id> R7 ::b:1:0:0:7 node-id 7 R5#ping Protocol [ip]: ipv6 Target IPv6 address: ::b:1:0:0:8 Repeat count [5]: 1 Datagram

35 ioam6 Test Drive Extended Ping ipv6 ioam path-record ipv6 ioam node-id <node id> R7 ::b:1:0:0:7 node-id 7 R5#ping Protocol [ip]: ipv6 Target IPv6 address: ::b:1:0:0:8 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands? [no]: y Source address or interface: UDP protocol? [no]: Verbose? [no]: Precedence [0]: DSCP [0]: Include hop by hop Path Record option? [no]: y Sweep range of sizes? [no]: % Using size of 296 to accomodate extension headers ingress i/f node-id egress i/f R5 ::b:1:0:0:5 node-id 5 R6 ::b:1:0:0:6 node-id 6 R8 ::b:1:0:0:8 node-id 8 Type escape sequence to abort. Sending 5, 296-byte ICMP Echos to ::B:1:0:0:8, timeout is 2 seconds: 5(5) (3)7(4) (3)8(5) (5)8(3) (4)6(3) (5)5! Success rate is 100 percent (1/1), round-trip min/avg/max = 4/6/10 ms PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Performance Test Results (native IPv6 encap) In-band OAM with no performance degradation IXIA (TX) Encap Transit Decap R1 ISR 3945 R2 ISR 3945 R3 ISR 3945 IXIA (RX) CPU Utilization in % at 600Mbps/no drops/imix traffic 100 flows Traffic Bi Dir Frame size in Bytes Traffic Load in % Loss in % RX Throughput in mbps Latency (ns) AVG Latency (ns) MIN Latency (ns) MAX CPU UTIL % ENCAP NODE (R1) CPU UTIL % Inter NODE (R2) CPU UTIL % DECAP NODE (R3) CEF IPv6 imix GRE+IPv6 imix ioam6 imix PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Introducing Vector Packet Processor - VPP VPP is a rapid packet processing development platform for highly performing network applications. It runs on commodity CPUs and leverages DPDK NC/Y REST.

37 Introducing Vector Packet Processor - VPP VPP is a rapid packet processing development platform for highly performing network applications. It runs on commodity CPUs and leverages DPDK NC/Y REST... Management Agent It creates a vector of packet indices and processes them using a directed graph of nodes resulting in a highly performant solution. Runs as a Linux user-space application Ships as part of both embedded & server products, in volume; Active development since 2002 Base ioam code already available in fd.io open repositories (more coming soon) Packet Processing: VPP See also: FD.IO (The Fast Data Project) Network IO Some initial ioam already in FD.IO: PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 ioam in VPP (native IPv6 encap) VPP Management Agent Packet Vector ` intoutput dpdkinput Tengigabitethernet Tengigabitethernet ethinput Ip6- input Tengigabitethernet Ip6- lookup Tengigabitethernet DPDK Ip6-hopby-hop Ip6-addhop-byhop Ip6-pophop-byhop Ip6- rewrite errordrop API ` ` Shared memory bus ioam data Collector PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 A glimpse at an in-band OAM Solution Ecosystem

40 Network Operations and SLA diagnostics In-Band OAM as part of a larger ecosystem Examples of enhanced use-cases Identifying the reason for path verification failure (triggered OAM) Identifying network and service chain bottlenecks (OAM analytics) Analyze route changes: Correlate route changes and path information PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 40

In-Band OAM Ecosystem: Needs, Principles, Tools Data Processing/Analytics/Visualization and corresponding Network Control

. Data Aggregation and Distribution: Make data available for further processing Aggregate; Decouple data production from

41 In-Band OAM Ecosystem: Needs, Principles, Tools Data Processing/Analytics/Visualization and corresponding Network Control Interpret, Analyze, Reason about Data Automatically implement conclusions in the network Tools: OpenDaylight, ELK stack,.. Data Aggregation and Distribution: Make data available for further processing Aggregate; Decouple data production from data consumption/processing Loosely coupled system: Interpret/transfor data on read, not on write: Message broker Tools: Apache Kafka, pmacctd,.. High-Speed Dataplane Implementation High-Speed data-plane implementation (IOS and VPP) Efficient export of all data required for analytics PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Visualization & Analytics ioam event control Elasticsearch Logstash Kafka Apache Kafka ioam visualization OpenDaylight ioam6/scv app pmacct Control Telemetry/ OAM data Host 1 ioam6: encap VPP Node A 1 2 ioam6: Transit VPP Node D VPP Node B 4 3 ioam6: Decap & Verify VPP Node C Verifier Path Verified Data Export IPFIX, kafka Host 2 Host 3 Hdr Payload Hdr r=45/c=0 A 1 Hdr r=45/c=17 D 3 A 1 Hdr Payload Payload Payload PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 42

43 Ecosystem at work: Example Configure Proof of Transit Service chain: Service A Service B Service C Service B Service A VPP Service C Verifier Host 2 Host 1 VPP Routing configured so that: Traffic from Host1 is forwarded to Service B as next hop Traffic from Host2 is forwarded to Node Z as next hop VPP Node Z ioam Domain VPP Host 3 PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Ecosystem components involved OSS (App or simulated by Postman) Restconf/YANG Service Chain Verification App Netflow Collector (pmacctd) Database (mysql) Netconf/YANG IPFIX Host 1 VPP Service A VPP Service B VPP VPP Service C Verifier Host 2 Node Z Host 3 ioam Domain PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 44

RESTconf call to OpenDaylight OSS simulated by Postman PSOSDN-2901

POT profiles configured on VPP PSOSDN-2901 2016 Cisco

Example Network: Operation ioam6 GUI (NeXT based) Database (mysql) Netflow Collector (pmacctd) POT passes: packet is in policy Host 1 VPP Service A VPP Service B

49 Example Network: Operation ioam6 GUI (NeXT based) Database (mysql) Netflow Collector (pmacctd) POT passes: packet is in policy Host 1 VPP Service A VPP Service B VPP VPP Service C Verifier Host 2 Node Z POT fails: packet is out of policy Host 3 PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 49

Verification Counters PSOSDN-2901 2016 Cisco and/or

succeeds, we know all Services were traversed correctly PSOSDN-2901

52 Example: Triggered OAM Identifying the reason for path verification failure Service A Service B Service C Host 2 Host 1 Host 3 When POT succeeds, we know all Services were traversed correctly PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 52

53 Example: Triggered OAM Identifying the reason for path verification failure Service A Service B Service C! fail Host 2 Host 1 Host 3 In case of failure, one only knows that something failed, not what or where things failed PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 53

54 Triggered OAM: Turn on path tracing on demand Achieve full visibility into the path of the failed flow Service A Service B Service C! fail Host 2 Host 1 Node Z Host 3 Path tracing lifts the cover and gives full insight into the forwarding topology: Forwarding path revealed as incorrect. PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 54

55 Path Verification Failure Triggers Tracing Enable path tracing for flows which fail verification App / Control Center Network Controller Message Broker Configure ioam tracing Path Verification Failure PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 55

56 Path Verification Failure Triggers Tracing App / Control Center OSS / Visualization Network Controller Message Broker Path Verification Failure Path details flow which failed path verification PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 56

57 Example: OAM Analytics / SLA check Identifying network & service chain bottlenecks Overlay Networks, Service chains / path have associated SLA For Overlay Networks and NFV service chaining SLA-check is still very nacent Typically no end-to-end service chain SLA measurement Common interpretation is service-chain: Health = VM health KPIs for overlay networks and service chains are end-to-end delay, jitter and packet drops Approach: Leverage end-to-end, per hop delay, packet drop rates Continously monitor SLA in terms of delay and packet drops Identify hot spots/bottlenecks Suggest/signal solution approaches to Orchestration/OSS (e.g. Scale-out a service function: launch another instance; Reconfigure service function: change buffer configuration) PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 57

58 Example: OAM Analytics / SLA check Identifying network & service chain bottlenecks Host 2 Host 1 Host 3 Observation: Suddenly connectivity issues between Host 1 and Host 2 PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 58

59 Example: OAM Analytics / SLA check Identifying network & service chain bottlenecks Reconfigure routing Schedule new VNF OSS Network Controller Message Broker Unusual delay/loss PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 59

60 Detailed path tracing to identify the reason Delay A-B Delay B-C Observation Original path was A-B-C and fast Host 1! large delay Delay A-Z t0 t0 Service A! loss Service B Node Z t0 Service C Delay Z-C t0 Host 2 Host 3 At time t0 a path change happened: Traffic rerouted to A-Z-C Either Link A-Z is a low bandwidth link causing packet drops and/or Node Z is overloaded PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 60

Per-link delay reveals root cause: Route change

Delay 1-4 Delay 4-3 PSOSDN-2901 2016 Cisco

Overlay Networks: Checking SLA Compliance on the real traffic

65 Summary

66 In-band OAM Status and more information Dataplane Implementation: FD.io/VPP (see fd.io) IOS (ISR-G2) PI31 (CCO: End of July/16) IOSv/VIRL Internet Drafts: In-band OAM requirements: In-band OAM data types: In-band OAM transport: Proof-of-transit: Videos: Google+ In-Band OAM group: Youtube In-Band OAM channel: Blogs: blogs.cisco.com/getyourbuildon/a-trip-recorder-for-all-your-traffic blogs.cisco.com/getyourbuildon/verify-my-service-chain Check out the demo on dcloud.cisco.com In-band OAM is found in the Service Provider category PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 66

67 In-Band OAM: Summary Enhanced visibility for all your traffic: New sources of data for SDN applications Network provided telemetry data gathered and added to live data Complement out-of-band OAM tools like ping and traceroute Path / Service chain verification Record the packet s trip as meta-data within the packet Record path and node (i/f, time, app-data) specific data hop-by-hop and end to end Export telemetry data via Netflow/IPFIX/Kafka to Controller/Apps In-band OAM can be implemented without forwarding performance degradation IOS and OpenSource (FD.io/VPP, OpenDaylight) Implementations PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 67

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

68 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 68

69 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions PSOSDN Cisco and/or its affiliates. All rights reserved. Cisco Public 69

Please join us for the Service Provider Innovation Talk featuring: Yvette Kanouff Senior Vice President and General Manager, SP Business Joe Cozzolino Senior Vice President, Cisco Services Thursday,

70 Please join us for the Service Provider Innovation Talk featuring: Yvette Kanouff Senior Vice President and General Manager, SP Business Joe Cozzolino Senior Vice President, Cisco Services Thursday, July 14 th, :30 am - 12:30pm, In the Oceanside A room What to expect from this innovation talk Insights on market trends and forecasts Preview of key technologies and capabilities Innovative demonstrations of the latest and greatest products Better understanding of how Cisco can help you succeed Register to attend the session live now or watch the broadcast on cisco.com

71 Thank you

How to send OAM information in packet networks?

How to send OAM information in packet networks? In-Band OAM Frank Brockners, Shwetha Bhandari, Sashank Dara, Carlos Pignataro (Cisco) Hannes Gedler (rtbrick) Steve Youell (JMPC) John Leddy (Comcast) draft-brockners-proof-of-transit-01.txt draft-brockners-inband-oam-requirements-01.txt