draft-ietf-mpls-sfc-encapsulation-00.txt   draft-ietf-mpls-sfc-encapsulation-01.txt 
MPLS Working Group A. Malis MPLS Working Group A. Malis
Internet-Draft S. Bryant Internet-Draft S. Bryant
Intended status: Informational Huawei Technologies Intended status: Informational Huawei Technologies
Expires: May 9, 2019 J. Halpern Expires: June 7, 2019 J. Halpern
Ericsson Ericsson
W. Henderickx W. Henderickx
Nokia Nokia
November 05, 2018 December 04, 2018
MPLS Encapsulation for SFC NSH MPLS Encapsulation for SFC NSH
draft-ietf-mpls-sfc-encapsulation-00 draft-ietf-mpls-sfc-encapsulation-01
Abstract Abstract
This document describes how to use a Service Function Forwarder (SFF) This document describes how to use a Service Function Forwarder (SFF)
Label (similar to a pseudowire label or VPN label) to indicate the Label (similar to a pseudowire label or VPN label) to indicate the
presence of a Service Function Chaining (SFC) Network Service Header presence of a Service Function Chaining (SFC) Network Service Header
(NSH) between an MPLS label stack and the packet payload. This (NSH) between an MPLS label stack and the packet payload. This
allows SFC packets using the NSH to be forwarded between SFFs over an allows SFC packets using the NSH to be forwarded between SFFs over an
MPLS network, and the selection between multiple SFFs in the MPLS network, and the selection between multiple SFFs in the
destination MPLS node. destination MPLS node.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 9, 2019. This Internet-Draft will expire on June 7, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 19 skipping to change at page 2, line 19
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. MPLS Encapsulation Using an SFF Label . . . . . . . . . . . . 3 2. MPLS Encapsulation Using an SFF Label . . . . . . . . . . . . 3
2.1. MPLS Label Stack Construction at the Sending Node . . . . 3 2.1. MPLS Label Stack Construction at the Sending Node . . . . 3
2.2. SFF Label Processing at the Destination Node . . . . . . 4 2.2. SFF Label Processing at the Destination Node . . . . . . 4
3. Equal Cost Multipath (ECMP) Considerations . . . . . . . . . 4 3. Equal Cost Multipath (ECMP) Considerations . . . . . . . . . 4
4. Operations, Administration, and Maintenance (OAM) 4. Operations, Administration, and Maintenance (OAM)
Considerations . . . . . . . . . . . . . . . . . . . . . . . 5 Considerations . . . . . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . 5 8.1. Normative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . 6 8.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
As discussed in [RFC8300], a number of transport encapsulations for As discussed in [RFC8300], a number of transport encapsulations for
the Service Function Chaining (SFC) Network Service Header (NSH) the Service Function Chaining (SFC) Network Service Header (NSH)
already exist, such as Ethernet, GRE [RFC2784], and VXLAN-GPE already exist, such as Ethernet, UDP, GRE, and others.
[I-D.ietf-nvo3-vxlan-gpe].
This document describes an MPLS transport encapsulation for the NSH, This document describes an MPLS transport encapsulation for the NSH,
and also describes how to use a Service Function Forwarder (SFF) and also describes how to use a Service Function Forwarder (SFF)
[RFC7665] Label to indicate the presence of the NSH in the MPLS [RFC7665] Label to indicate the presence of the NSH in the MPLS
packet payload. This allows SFC packets using the NSH to be packet payload. This allows SFC packets using the NSH to be
forwarded between SFFs in an MPLS transport network, where MPLS is forwarded between SFFs in an MPLS transport network, where MPLS is
used to interconnect the network nodes that contain one or more SFFs. used to interconnect the network nodes that contain one or more SFFs.
The label is also used to select between multiple SFFs in the The label is also used to select between multiple SFFs in the
destination MPLS node. destination MPLS node.
skipping to change at page 5, line 23 skipping to change at page 5, line 16
This document does not request any actions from IANA. This document does not request any actions from IANA.
Editorial note to RFC Editor: This section may be removed at your Editorial note to RFC Editor: This section may be removed at your
discretion. discretion.
6. Security Considerations 6. Security Considerations
This document describes a method for transporting SFC packets using This document describes a method for transporting SFC packets using
the NSH over an MPLS transport network. It follows well-established the NSH over an MPLS transport network. It follows well-established
MPLS procedures and does not define any new protocol elements or MPLS procedures in widespread operational use and does not define any
allocate any new code points. It is therefore operationally new protocol elements or allocate any new code points, and is no more
equivalent to other existing SFC transport encapsulations as defined or less secure than carrying any other protocol over MPLS. To the
in [RFC8300]. As such, it should have no effect on SFC security as MPLS network, the NSH and its contents is simply an opaque payload.
already discussed in Section 8 of [RFC8300].
Discussion of the security properties of SFC networks can be found in
[RFC7665]. Further security discussion regarding the NSH is
contained in [RFC8300].
[RFC8300] references a number of transport encapsulations of the NSH,
including Ethernet, GRE, UDP, and others. This document simply
defines one additional transport encapsulation. The NSH was
specially constructed to be agnostic to its transport encapsulation.
As as result, in general this additional encapsulation is no more or
less secure than carrying the NSH in any other encapsulation.
However, it can be argued that carrying the NSH over MPLS is more
secure than using other encapsulations, as it is extremely difficult,
due to the MPLS architecture, for an attempted attacker to inject
unexpected MPLS packets into a network, as MPLS networks do not by
design accept MPLS packets from external interfaces, and an attacker
would need knowledge of the specific labels allocated by control and/
or management plane protocols. Thus, an attacker attempting to spoof
MPLS-encapsulated NSH packets would require insider knowledge of the
network's control and management planes and a way to inject packets
into internal interfaces. This is compared to, for example, NSH over
UDP over IP, which could be injected into any external interface in a
network that was not properly configured to filter out such packets
at the ingress.
7. Acknowledgements 7. Acknowledgements
The authors would like to thank Jim Guichard, Eric Rosen, Med The authors would like to thank Jim Guichard, Eric Rosen, Med
Boucadair, Sasha Vainshtein, and Jeff Tantsura for their reviews and Boucadair, Sasha Vainshtein, and Jeff Tantsura for their reviews and
comments. comments.
8. References 8. References
8.1. Normative References 8.1. Normative References
skipping to change at page 6, line 7 skipping to change at page 6, line 21
Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001,
<https://www.rfc-editor.org/info/rfc3032>. <https://www.rfc-editor.org/info/rfc3032>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., [RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed.,
"Network Service Header (NSH)", RFC 8300, "Network Service Header (NSH)", RFC 8300,
DOI 10.17487/RFC8300, January 2018, DOI 10.17487/RFC8300, January 2018,
<https://www.rfc-editor.org/info/rfc8300>. <https://www.rfc-editor.org/info/rfc8300>.
8.2. Informative References 8.2. Informative References
[I-D.ietf-nvo3-vxlan-gpe]
Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol
Extension for VXLAN", draft-ietf-nvo3-vxlan-gpe-06 (work
in progress), April 2018.
[RFC2784] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P.
Traina, "Generic Routing Encapsulation (GRE)", RFC 2784,
DOI 10.17487/RFC2784, March 2000,
<https://www.rfc-editor.org/info/rfc2784>.
[RFC4928] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal [RFC4928] Swallow, G., Bryant, S., and L. Andersson, "Avoiding Equal
Cost Multipath Treatment in MPLS Networks", BCP 128, Cost Multipath Treatment in MPLS Networks", BCP 128,
RFC 4928, DOI 10.17487/RFC4928, June 2007, RFC 4928, DOI 10.17487/RFC4928, June 2007,
<https://www.rfc-editor.org/info/rfc4928>. <https://www.rfc-editor.org/info/rfc4928>.
[RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed., [RFC5586] Bocci, M., Ed., Vigoureux, M., Ed., and S. Bryant, Ed.,
"MPLS Generic Associated Channel", RFC 5586, "MPLS Generic Associated Channel", RFC 5586,
DOI 10.17487/RFC5586, June 2009, DOI 10.17487/RFC5586, June 2009,
<https://www.rfc-editor.org/info/rfc5586>. <https://www.rfc-editor.org/info/rfc5586>.
 End of changes. 10 change blocks. 
25 lines changed or deleted 38 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/