How to send OAM information in packet networks?

Similar documents
Next-gen Network Telemetry is Within Your Packets: In-band OAM. Frank Brockners, Shwetha Bhandari PSOSDN-2901

Next-gen Network Telemetry is Within Your Packets: In-band OAM

In-situ OAM. IPPM November 6 th, 2018

Always on visibility: In-band OAM for IPv6

How OAM Identified in Overlay Protocols

Resource Allocation Resource Usage Data Access Control. Network Intelligence, Guidance. Statistics, States, Objects and Events.

A Segment Routing (SR) Tutorial. R. Bonica NANOG70 June 6, 2017

Segment Routing for Service Chaining

UDP Path for In-band Performance Measurement for Segment Routing Networks

Routing Header Is back... Should We Panic?

EVPN OAM Requirements and Framework and BFD draft-salam-bess-evpn-oam-req-frmwk-01 draft-gmsm-evpn-bfd-01

IPv6 Packet Truncation

Preferred Path Routing (PPR) in IGPs

MPLS Segment Routing in IP Networks

MPLS LSP Ping/Traceroute for LDP/TE, and LSP Ping for VCCV

Emerging MPLS OAM mechanisms

MPLS EM MPLS LSP Multipath Tree Trace

MPLS LSP Ping Traceroute for LDP TE and LSP Ping for VCCV

I Commands. iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6. itraceroute vrf encap vxlan, page 12

draft-xu-mpls-unified-source-routing-instruction

SRv6: Network as a Computer and Deployment use-cases

This chapter provides information to configure Cflowd.

DetNet. Flow Definition and Identification, Features and Mapping to/from TSN. DetNet TSN joint workshop IETF / IEEE 802, Bangkok

SRv6 Network Programming

Internet Engineering Task Force (IETF) Request for Comments: 8300 ISSN: C. Pignataro, Ed. Cisco. January 2018

How to Secure Routing Header for Segment Routing? Eric Vyncke, Distinguished

Performing Diagnostics

Updates: 4448 (if approved) Intended status: Standards Track Expires: January 3, 2019 July 02, 2018

Introduction to MPLS APNIC

Network Telemetry Solutions for Data Center and Enterprise Networks

Introduction to MPLS. What is MPLS? 1/23/17. APNIC Technical Workshop January 23 to 25, NZNOG2017, Tauranga, New Zealand. [201609] Revision:

Internet Engineering Task Force (IETF) Category: Standards Track. S. Aldrin Google Inc. March 2018

Segment Routing MPLS OAM Support

Configuring IP SLAs ICMP Echo Operations

Internet Engineering Task Force (IETF) Obsoletes: 4379, 6424, 6829, 7537

SR for SD-WAN over hybrid networks

Classifying and Marking MPLS EXP

Data Plane Monitoring in Segment Routing Networks Faisal Iqbal Cisco Systems Clayton Hassen Bell Canada

Quality-of-Service Option for Proxy Mobile IPv6

Configuring IP SLAs ICMP Echo Operations

Internet Engineering Task Force (IETF) Request for Comments: ISSN: May 2018

Reaping the Benefits of IPv6 Segment Routing

Implementing Cisco IP Routing

Segment Routing MPLS OAM Support

Multi-Dimensional Service Aware Management for End-to-End Carrier Ethernet Services By Peter Chahal

Using Segment Routing OAM

Intended Status: Standard Track. Dan Wing Calvin Qian. VMware. Expires: January 1, 2018 June 30, 2017

CO/DC Network Transformation. Daniel Voyer Technical Fellow March 2017

Metro Ethernet Forum OAM. Matt Squire Hatteras Networks

In-band Network Telemetry (INT)

Internet Engineering Task Force (IETF) Updates: 5885 Category: Standards Track July 2016 ISSN:

IP Fabric Reference Architecture

Recent Advances in MPLS Traffic Engineering

Internet Engineering Task Force (IETF) A. Dolganow Nokia T. Przygienda. Juniper Networks, Inc. S. Aldrin Google, Inc.

Internet Engineering Task Force (IETF) Cisco Systems, Inc. April 2015

Configuring MPLS Transport Profile

From NetFlow to IPFIX the evolution of IP flow information export

Network Working Group Internet-Draft Intended status: Standards Track Expires: January 9, 2017 Huawei July 8, 2016

Configuring IP SLAs ICMP Path Jitter Operations

The Traceroute Command in MPLS

Information Elements for Data Link Layer Traffic Measurement (draft-kashima-ipfix-data-link-layer-monitoring-04)

Comcast IPv6 Trials NANOG50 John Jason Brzozowski

Zen and the Art of Network Timestamping

RTP Profile for TCP Friendly Rate Control draft-ietf-avt-tfrc-profile-03.txt

VXLAN Overview: Cisco Nexus 9000 Series Switches

Internet Engineering Task Force

OAM and SAA Commands. Generic Commands. shutdown. shutdown XRS OAM and Diagnostics Guide Page 383. OAM, SAA, and OAM-PM Command Reference

MPLS Ping and Traceroute for BGP and IGP Prefix-SID

Internet Engineering Task Force (IETF) ISSN: A. Malis Huawei Technologies S. Aldrin Google November 2016

Segment Routing for IPv6 Networks Stefano Previdi Distinguished Engineer BRKRST-3123

QoS in IPv6. Madrid Global IPv6 Summit 2002 March Alberto López Toledo.

ERSPAN in Linux. A short history and review. Presenters: William Tu and Greg Rose

Intended status: Standards Track

Next Generation MULTICAST In-band Signaling (VRF MLDP: Profile 6)

A packet based method for passive performance monitoring

Main Use Cases and Gap Analysis for Network Slicing

L2 VPNs. Javed Asghar Muhammad Waris Sagheer 2005, Cisco Systems, Inc. All rights reserved.

Operation Administration and Maintenance in MPLS based Ethernet Networks

IPv6, IPv4 and Coexistence Updates for IPPM's Active Metric Framework (Title updated formerly referred to as IPv6 update) draft-ietf-ippm-2330-ipv6-02

Internet Engineering Task Force (IETF) Request for Comments: 7881 Category: Standards Track. Big Switch Networks July 2016

Introduction to VoIP. Cisco Networking Academy Program Cisco Systems, Inc. All rights reserved. Cisco Public. IP Telephony

Master Course Computer Networks IN2097

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Network Working Group Internet-Draft Intended status: Standards Track Expires: August 27, Huawei R. Rahman S. Raghavan. Cisco.

MPLS OAM Technology White Paper

CS High Speed Networks. Dr.G.A.Sathish Kumar Professor EC

Configuring Ethernet OAM, CFM, and E-LMI

Internet Engineering Task Force (IETF) Request for Comments: 8431 Category: Standards Track ISSN:

Technology Overview. Overview CHAPTER

Large-Scale Deterministic Network (LDN)

MPLS Network Management MPLS Japan Ripin Checker, Product Manager, Cisco Systems

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

Using Diagnostic Tools

Implemen'ng IPv6 Segment Rou'ng in the Linux Kernel

Internet Engineering Task Force (IETF) Request for Comments: 8321

Configuring Cisco IOS IP SLAs Operations

SDN Workshop. Contact: WSDN01_v0.1

Cisco CPT Packet Transport Module 4x10GE

Stateless Multicast with Bit Indexed Explicit Replication

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.

Transcription:

In-Band OAM Frank Brockners, Shwetha Bhandari, Sashank Dara, Carlos Pignataro (Cisco) Hannes Gedler (rtbrick) Steve Youell (JMPC) John Leddy (Comcast) draft-brockners-proof-of-transit-01.txt draft-brockners-inband-oam-requirements-01.txt draft-brockners-inband-oam-data-01.txt draft-brockners-inband-oam-transport-01.txt IETF 96 OPSWG; July 19 th, 2016 1

How to send OAM information in packet networks? On-Board Unit Speed control by police car In-band OAM OAM traffic embedded in the data traffic but not part of the payload of the packet OAM effected by data traffic Example: IPv4 route recording Out-of-band OAM OAM traffic is sent as dedicated traffic, independent from the data traffic ( probe traffic ) OAM not effected by data traffic Examples: Ethernet CFM (802.1ag), Ping, Traceroute 2

In-Band/Passive OAM - Motivation Multipath Forwarding debug ECMP networks Service/Path Verification prove that traffic follows a pre-defined path Service/Quality Assurance Prove traffic SLAs, as opposed to probetraffic SLAs; Overlay/Underlay Derive Traffic Matrix Custom/Service Level Telemetry Most large ISP's prioritize Speedtest traffic and I would even go as far to say they probably route it faster as well to keep ping times low. Source: h*ps://www.reddit.com/r/asktechnology/comments/2i1nxc/ can_i_trust_my_speedtestnet_results_when_my_isp/ 3

What if you could collect operational meta-data within your traffic? Example use-cases... Path Tracing for ECMP networks Service/Path Verification Derive Traffic Matrix SLA proof: Delay, Jitter, Loss Custom data: Geo-Location,.. Meta-data required... Node-ID, ingress i/f, egress i/f Proof of Transit (random, cumulative) Node-ID Sequence numbers, Timestamps Custom meta-data 4

In-Band OAM Gather telemetry and OAM information along the path within the data packet, as part of an existing/additional header No extra probe-traffic (as with ping, trace, ipsla) Transport options IPv6: Native v6 HbyH extension header or double-encap VXLAN-GPE: Embedded telemetry protocol header SRv6: Policy-Element (proof-of-transit only) NSH: Type-2 Meta-Data (proof-of-transit only)... additional encapsulations being considered (incl. IPv4, MPLS) Deployment Domain-ingress, domain-egress, and select devices within a domaininsert/remove/update the extension header Information export via IPFIX/Flexible-Netflow/publish into Kafka Fast-path implementation Hdr OAM Payload ioam domain 5

Update POT meta-data Insert POT meta-data IPFIX POT Verifier Update POT meta-data Hdr Payload POT meta-data Path-tracing data Hdr r=45/c=0 A 1 Payload Update POT meta-data Hdr r=45/c=17 C 4 A 1 Payload Hdr r=45/c=39 B 6 C 4 A 1 Payload Hdr Payload 6

In-Band OAM: Information carried Per node scope Hop-by-Hop information processing Device_Hop_L Node_ID Ingress Interface ID Egress Interface ID Time-Stamp Application Meta Data Set of nodes scope Hop-by-Hop information processing Service Chain Validation (Random, Cumulative) Edge to Edge scope Edge-to-Edge information processing Sequence Number 7

Tracing Option 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type Opt Data Len IOAM-trace-type Elements-left +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ Node data List [0] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ D a Node data List [1] t a +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+... S +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 4 5 6 7 p 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ a Node data List [n-1] Hop_Lim c node_id +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ingress_if_id egress_if_id +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Node data List [n] timestamp +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ app_data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8

Proof-of-Transit Option 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type Opt Data Len POT type = 0 reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ Random +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P Random(contd) O +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T Cumulative +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Cumulative (contd) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<-+ 9

Edge-to-Edge Option 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type Opt Data Len IOAM-E2E-Type reserved +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ E2E Option data format determined by IOAM-E2E-Type +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Option Type: 000xxxxxx 8-bit identifier of the type of option. Opt Data Len: 8-bit unsigned integer. Length of the Option Data field of this option, in octets. ioam-e2e-type: 8-bit identifier of a particular ioam E2E variant. 0: E2E option data is 64-bit Per Packet Counter (PPC) used to identify packet loss and reordering. Reserved: 8-bit. (Reserved Octet) Reserved octet for future use.g 10

Transport Options IPv6, VXLAN-GPE, SRv6, NSH... IPv6: v6 HbyH extension header VXLAN-GPE: Embedded telemetry protocol header; Combines with NSH etc. SRv6: In-Band OAM TLV in v6 SR-header SRH (proof-of-transit only) NSH: Type-2 Meta-Data (proof-oftransit only)... more to come: MPLS, IPv4,... 11

Proof of Transit 12

Consider traffic engineering, policy based routing, service chaining: How do you prove that traffic follows the suggested path? 1 13

Ensuring Path and/or Service Chain Integrity Approach Meta-data added to all user traffic Based on Share of a secret Provisioned by controller over secure channel to segment hops where proof of transit is required Updated at every segment hop where proof of transit is required Controller Secret B Verifier checks whether collected meta-data allows retrieval of secret A X C Verifier Proof of Transit : Path verified 14

Solution Approach: Leverage Shamir s Secret Sharing A polynomial as secret Each service is given a point on the curve When the packet travels through each service it collects these points Secret : 3 x 2 +3x+10 (3,46) (2,28) A verifier can reconstruct the curve using the collected points (1,16) Operations done over a finite field (mod prime) to protect against differential analysis A B X C 3 x 2 +3x+1 Verifier 15

Running Code: Experimental OpenSource Implementation Open source experimental Implementation: FD.io/VPP (see fd.io) Demo Videos: Google+ In-Band OAM group: https://plus.google.com/u/0/b/112958873072003542518/112958873072003542518/videos?hl=en Youtube In-Band OAM channel: https://www.youtube.com/channel/uc0wjoakbtrftyosp590rrxw 16

Next Steps The authors appreciate thoughts, feedback, and text on the content of the documents from the WG The authors also value feedback on where to progress the work? 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback