Marking-based Direct Export for On-path Telemetry

To gain detailed data plane visibility to support effective network OAM, it is essential to be able to examine the trace of user packets along their forwarding paths. Such on-path flow data reflect the state and status of each user packet's real-time experience and provide valuable information for network monitoring, measurement, and diagnosis. The telemetry data include but not limited to the detailed forwarding path, the timestamp/latency at each network node, and, in case of packet drop, the drop location, and the reason. The emerging programmable data plane devices allow user-defined data collection or conditional data collection based on trigger events. Such on-path flow data are from and about the live user traffic, which complements the data acquired through other passive and active OAM mechanisms such as IPFIX and ICMP. On-path telemetry was developed to cater to the need of collecting on-path flow data. There are two basic modes for on-path telemetry: the passport mode (e.g., IOAM trace option) and the postcard mode (e.g., IOAM direct export option (DEX) ). This document describes a new variation of the postcard mode on-path telemetry, PBT-M. PBT-M does not require a telemetry instruction header but a trigger bit in some existing header fields. However, PBT-M has some unique issues that need to be considered. This document discusses the challenges and their solutions which are common to the high-level scheme of PBT-M.

As the name suggests, PBT-M only needs a marking-bit in the existing headers of user packets to trigger the telemetry data collection and export. The sketch of PBT-M is as follows. If on-path data need to be collected, the user packet is marked at the path head node. At each PBT-M-aware node, if the mark is detected, a postcard packet (i.e., the dedicated OAM packet triggered by a marked user packet) is generated and sent to a collector. The postcard contains the data requested by the management plane. The requested data are configured by the management plane. Once the collector receives all the postcards for a single user packet, it can infer the packet's forwarding path and analyze the data set. The path end node is configured to un-mark the packets to its original format if necessary. The overall architecture of PBT-M is depicted in Figure 1.

+------------+ +-----------+ | Network | | Telemetry | | Management |(-------| Data | | | | Collector | +-----:------+ +-----------+ : ^ :configurations |postcards : |(OAM pkts) ...............:.....................|........ : : : | : : +---------:---+-----------:---+--+-------:---+ : | : | : | : | V | V | V | V | +------+-+ +-----+--+ +------+-+ +------+-+ usr pkts | Head | | Path | | Path | | End | ====>| Node |====>| Node |====>| Node |====>| Node |===> | | | A | | B | | | +--------+ +--------+ +--------+ +--------+ mark usr pkts gen postcards gen postcards gen postcards gen postcards unmark usr pkts The advantages of PBT-M are summarized as follows. 1: PBT-M avoids augmenting user packets with new headers and the signaling for telemetry data collection remains in the data plane. 2: PBT-M is extensible for collecting arbitrary new data to support possible future use cases. The data set to be collected can be configured through the management plane or control plane. 3: PBT-M can avoid interfering with the normal forwarding. The collected data are free to be transported independently through in-band or out-of-band channels. The data collecting, processing, assembly, encapsulation, and transport are, therefore, decoupled from the forwarding of the corresponding user packets and can be performed in data-plane slow-path if necessary. 4: For PBT-M, the types of data collected from each node can vary depending on application requirements and node capability. 5: PBT-M makes it easy to secure the collected data without exposing it to unnecessary entities. For example, both the configuration and the telemetry data can be encrypted and/or authenticated before being transported, so passive eavesdropping and a man-in-the-middle attack can both be deterred. 6: Even if a user packet under inspection is dropped at some node in the network, the postcards collected from the preceding nodes are still valid and can be used to diagnose the packet drop location and reason. 7: Raw data can be processed or aggregated in data plane to reduce the exporting traffic load.

Although PBT-M has some unique features, it also introduces a few new challenges. Challenge 1 (Packet Marking Bit): A user packet needs to be marked to trigger the path-associated data collection. Since PBT-M aims to avoid the need to augment user packets with new headers, it needs to reserve or reuse a single bit from the existing header fields. This raises a similar issue as in the Alternate Marking Scheme Challenge 2 (Configuration): Since the packet header will not carry telemetry instructions anymore, the data plane devices need to be configured to know what data to collect. However, in general, the forwarding path of a flow packet (due to ECMP or dynamic routing) is unknown beforehand (note that there are some notable exceptions, such as segment routing). If the per-flow customized data collection is required, configuring the data set for each flow at all data plane devices might be expensive in terms of configuration load and data plane resources. Challenge 3 (Data Correlation): Due to the variable transport latency, the dedicated postcard packets for a single packet may arrive at the collector out of order or be dropped in networks for some reason. In order to infer the packet forwarding path, the collector needs some information from the postcard packets to identify the user packet affiliation and the order of path node traversal. Challenge 4 (Load Overhead): Since each postcard packet has its header, the overall network bandwidth overhead of PBT-M can be high. A large number of postcards could add processing pressure on data collecting servers. That can be used as an attack vector for DoS.

To address the above challenges, we propose several design details of PBT-M.

To trigger the path-associated data collection, usually, a single bit from some header field is sufficient. While no such bit is available, other packet-marking techniques are needed. We discuss several possible application scenarios. IPv4. Alternate Marking (AM) is an IP flow performance measurement framework that also requires a single bit for packet coloring. The difference is that AM conducts in-network measurements such as latency and packet loss rate based on the bit alternating patterns while PBT-M only collects and exports data at each network nodes when the trigger bit is set. AM suggests to use some reserved bit of the Flag field or some unused bit of the TOS field. PBT-M can share the same bit with AM, and rely on the management plane to configure the actual operation mode. SFC NSH. The OAM bit in the NSH header can be used to trigger the on-path data collection . PBT-M does not add any other metadata to NSH. MPLS. Instead of choosing a header bit, we take advantage of the synonymous flow label approach to mark the packets. A synonymous flow label indicates the on-path data should be collected and forwarded through a postcard. The ongoing MPLS Network Action (MNA) work may provide new in-stack headers for MNAs. A bit can be claimed for PBT-M. SRv6: A flag bit in SRH can be reserved to trigger the on-path data collection . SRv6 OAM has adopted the O-bit in SRH flags as the marking bit to trigger the telemetry.

In case the path that a flow traverses is unknown in advance, all PBT-M-aware nodes should be configured to react to the marked packets by exporting some basic data, such as node ID and TTL before a data set template for that flow is configured. This way, the management plane can learn the flow path dynamically. If the management plane wants to collect the on-path data for some flow, it configures the head node(s) with a probability or time interval for the flow packet marking. When the first marked packet is forwarded in the network, the PBT-M-aware nodes will export the basic data set to the collector. Hence, the flow path is identified. If other data types need to be collected, the management plane can further configure the data set's template to the target nodes on the flow's path. The PBT-M-aware nodes collect and export data accordingly if the packet is marked and a data set template is present. If the flow path is changed for any reason, the new path can be quickly learned by the collector. Consequently, the management plane controller can be directed to configure the nodes on the new path. The outdated configuration can be automatically timed out or explicitly revoked by the management plane controller.

The collector needs to correlate all the postcard packets for a single user packet. Once this is done, the TTL (or the timestamp, if the network time is synchronized) can be used to infer the flow forwarding path. The key issue here is to correlate all the postcards for the same user packet. The first possible approach includes the flow ID plus the user packet ID in the OAM packets. For example, the flow ID can be the 5-tuple IP header of the user traffic, and the user packet ID can be some unique information pertaining to a user packet (e.g., the sequence number of a TCP packet). If the packet marking interval is large enough, the flow ID is enough to identify a user packet. As a result, it can be assumed that all the exported postcard packets for the same flow during a short time interval belong to the same user packet. Alternatively, if the network is synchronized, then the flow ID plus the timestamp at each node can also infer the postcard affiliation. However, some errors may occur under some circumstances. For example, two consecutive user packets from the same flows are marked, but one exported postcard from a node is lost. It is difficult for the collector to decide to which user packet the remaining postcard is related. In many cases, such a rare error has no catastrophic consequence. Therefore it is tolerable.

PBT-M should not be applied to all the packets all the time. It is better to be used in an interactive environment where the network telemetry applications dynamically decide which subset of traffic is under scrutiny. The network devices can limit the packet marking rate through sampling and metering. The postcard packets can be distributed to different servers to balance the processing load. Because PBT-M sends telemetry data by dedicated postcard packets, it allows data aggregation and compression. Each node can process the generated raw data according to the configured local data-export policies. Such policies may specify how raw data is used to calculate performance metrics, e.g., max, min, mean, percentile, etc.

Access lists with an optional sampler, , should be configured and attached at the ingress of the PBT-M encapsulation node's to select the intended flows for PTB-M. Based on the PBT-M, the flow data should be exported at each transit node and at the end edge node with IPFIX .

The data decomposition can be achieved on the PBT-M-aware node exporting the data or on the IPFIX data collection. describes how data is being exported when decomposed at IPFIX data collection. When being decomposed on the PBT-M-aware node the data can be aggregated according to section 5 of . The following IPFIX entities are of interest to describe the relationship to the forwarding topology and the control-plane. node id and egressInterface(IE14) describes on which node which logical egress interfaces have been used to forward the packet. Node id and egressPhysicalInterface(253) describes on which node which physical egress interfaces have been used to forward the packet. Node id and ipNextHopIPv4Address(IE15) or ipNextHopIPv6Address(IE62), describes the forwarding path to which next-hop IP address. Node id and mplsTopLabelIPv4Address(IE47) or srhActiveSegmentIPv6 from describes the forwarding path to which MPLS top label IPv4 address or SRv6 active segment. BGP communities are often used for setting a path priority or service selection. bgpDestinationExtendedCommunityList(488) or bgpDestinationCommunityList(485) or bgpDestinationLargeCommunityList(491) describes which group of prefixes have been used to forward the packet. Node id and destinationIPv4Address(13), destinationTransportPort(11), protocolIdentifier (4) and sourceIPv4Address(IE8) describes the forwarding path on each node from each IPv4 source address to a specific application in the network. In order to distinguish wherever the packet has been export due to the packet marking or not, in case of SRv6, srhFlagsIPv6 as described in section 4.1 of can be added to the data export.

The MPLS Open Design Team has been investigating network action support on the MPLS data plane . The challenge has been to continue to support existing MPLS architecture, backwards compatibility as well as not excessively increase the depth of the MPLS label stack with a variety of functional SPL labels and NAI indicators similar in concept to the MPLS Entropy label ELI, EL added to the label stack, as well as the MPLS extension headers being in stack or post stack. Reference Augmented Forwarding (RAF) utilizes In Stack Data (ISD) with parity to Entropy Label stack {TL,RFI,RFV,AL} and control plane extension to distribute special network actions and forwarding behaviors. The MPLS Design Team may come up with other alternatives to carry network actions and PBT-M can be supported as a use case. With Segment Routing SR-MPLS and SRv6 as Maximum SID Depth(MSD) as well as PMTU in SR Policy are critical issues for SR path instantiation by a controller, PBT-M can become a critical solution to ensure that on-path telemetry can be viable for operators by eliminating telemetry data from being carried in-situ in the SR-TE policy path. This draft provides a critical optimization that fills the gaps with IOAM DEX related to packet marking triggers using existing mechanisms as well as flow path discovery mechanisms to avoid configuration of on path data plane node complexity and helps mitigate SR MSD and PMTU issues.

Several security issues need to be considered. Eavesdrop and tamper: the postcards can be encrypted and authenticated to avoid such security threats. DoS attack: PBT-M can be limited to a single administrative domain. The mark must be removed at the egress domain edge. The node can rate-limit the extra traffic incurred by postcards.

No requirement for IANA is identified.

TBD.

We thank Robert Raszuk, Alfred Morton who provided valuable suggestions and comments helping improve this draft.