Internet-Draft | MNA Framework | September 2023 |
Andersson, et al. | Expires 8 March 2024 | [Page] |
This document specifies an architectural framework for the MPLS Network Actions (MNA) technologies. MNA technologies are used to indicate actions for Label Switched Paths (LSPs) and/or MPLS packets and to transfer data needed for these actions.¶
The document describes a common set of network actions and information elements supporting additional operational models and capabilities of MPLS networks. Some of these actions are defined in existing MPLS specifications, while others require extensions to existing specifications to meet the requirements found in "Requirements for MPLS Network Action Indicators and Ancillary Data".¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 8 March 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document specifies an architectural framework for the MPLS Network Actions (MNA) technologies. MNA technologies are used to indicate actions for LSPs and/or MPLS packets and to transfer data needed for these actions.¶
The document describes a common set of network actions and information elements supporting additional operational models and capabilities of MPLS networks. Some of these actions are defined in existing MPLS specifications, while others require extensions to existing specifications to meet the requirements found in [I-D.ietf-mpls-miad-mna-requirements].¶
Forwarding actions are instructions to MPLS routers to apply additional actions when forwarding a packet. These might include load-balancing a packet given its entropy, whether or not to perform fast reroute on a failure, and whether or not a packet has metadata relevant to the forwarding decisions along the path.¶
This document generalizes the concept of "forwarding actions" into "network actions" to include any action that an MPLS router is requested to take on the packet. That includes any forwarding action, but may include other operations (such as security functions, OAM procedures, etc.) that are not directly related to forwarding of the packet.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document adopts the definitions of the following terms and abbreviations from [I-D.ietf-mpls-miad-mna-requirements] as normative: "Network Action", "Network Action Indication (NAI)", "Ancillary Data (AD)", and "Scope".¶
In addition, this document also defines the following terms:¶
Abbreviation | Meaning | Reference |
---|---|---|
AD | Ancillary Data | [I-D.ietf-mpls-miad-mna-requirements] |
bSPL | Base Special Purpose Label | [RFC9017] |
ECMP | Equal Cost Multipath | |
eSPL | Extended Special Purpose Label | [RFC9017] |
HBH | Hop by hop | In the MNA context, this document. |
I2E | Ingress to Egress | In the MNA context, this document. |
ISD | In stack data | [I-D.ietf-mpls-miad-mna-requirements] |
LSE | Label Stack Entry | [RFC3032] |
MNA | MPLS Network Actions | This documnent |
NAI | Network Action Indicator | [I-D.ietf-mpls-miad-mna-requirements] |
NAS | Network Action Sub-Stack | This document |
PSD | Post stack data | [I-D.ietf-mpls-miad-mna-requirements] and Section 3.6 |
RLD | Readable Label Depth | This document |
SPL | Special Purpose Label | [RFC9017] |
An MNA solution is envisioned as a set of network action sub-stacks, plus possible post-stack data. A solution must specify where in the label stack the network actions sub-stacks occur, if and how frequently they should be replicated, and how network action sub-stack and post-stack data are encoded.¶
A network action sub-stack contains:¶
Each network action present in the network action sub-stack may have zero or more LSEs of in-stack data. The ordering of the in-stack data LSEs corresponds to the ordering of the network action indicators. The encoding of the in-stack data, if any, for a network action must be specified in the document that defines the network action.¶
Certain network actions may also specify that data is carried after the label stack. This is called post-stack data. The encoding of the post-stack data, if any, for a network action must be specified in the document that defines the network action. If multiple network actions are present and have post-stack data, the ordering of their post-stack data corresponds to the ordering of the network action indicators.¶
A solution must specify the order that network actions are to be applied to the packet.¶
A network action may need to be processed by every node along the path, or some subset of the nodes along its path. Some of the scopes that an action may have are:¶
If a solution supports the select scope, it must describe how it specifies the set of nodes to perform the actions.¶
This framework does not place any constraints on the scope or on the ancillary data for a network action. Any network action may appear in any scope or combination of scopes, may have no ancillary data, may require in stack data, and/or post stack data. Some combinations may be sub-optimal, but this framework does not place any limitations on an MNA solution. A specific MNA solution may define such constraints.¶
As described in [RFC3031], legacy devices that do not recognize the MNA label will discard the packet if the top label is the MNA label.¶
Devices that do recognize the MNA label may not implement all of the present network actions. A solution must specify how unrecognized present network actions should be handled.¶
One alternative is that an implementation should stop processing network actions when it encounters an unrecognized network action. Subsequent present network actions would not be applied. The result is dependent on the solution's order of operations.¶
Another alternative is that an implementation should drop any packet that contains any unrecognized present network actions.¶
A third alternative is that an implementation should perform all recognized present network actions, but ignore all unrecognized present network actions.¶
Other alternatives may also be possible and should be specified by the solution.¶
A node that wishes to make use of MNA and apply network actions to a packet must understand the nodes that the packet will transit and whether or not the nodes support MNA and the network actions that are to be invoked. These capabilities are presumed to be signaled by protocols that are out-of-scope for this document and are presumed to have per-network action granularity. If a solution requires alternate signaling, it must specify so explicitly.¶
A node that pushes a NAS onto the label stack is responsible for ensuring that all nodes that are expected to process the NAS will have the entire NAS within their Readable Label Depth (RLD). A node SHOULD use signaling (e.g., [RFC9088], [RFC9089]) to determine this.¶
[RFC8662] introduced the concept of Entropy Readable Label Depth (ERLD). RLD is the same concept, but generalized and not specifically associated with the Entropy Label (EL) or MNA. Readable Label Depth (RLD) is defined as the number of LSEs, starting from the top of the stack, that a router can easily read in an incoming MPLS packet.¶
Per [RFC8662], a node that does not support EL will advertise a value of zero for its ERLD, so advertising ERLD alone does not suffice in all cases. A node MAY advertise both ERLD and RLD.¶
RLD is advertised by an IGP MSD-Type value of (TBA) and MAY be advertised as a Node MSD, Link MSD, or both.¶
An MNA node MUST use the RLD determined by the selecting the first advertised non-zero value from:¶
Several possibilities to carry NAI's have been discussed in MNA drafts and in the MPLS Open DT. In this section, we enumerate the possibilities and some considerations for the various alternatives.¶
All types of network actions are represented in the MPLS label stack by a set of LSEs termed a network action sub-stack (NAS). An NAS consists of a special label, optionally followed by LSEs that specify which network actions are to be performed on the packet, and the in-stack ancillary data for each indicated network action.¶
[I-D.ietf-mpls-miad-mna-requirements] requires that a solution not add unnecessary LSEs to the sub-stack (Section 3.1, requirement 6). Accordingly, solutions should also make efficient use of the bits within the sub-stack, as inefficient use of the bits will result in the addition of unnecessary LSEs.¶
The first LSE in a network action sub-stack contains a special label that indicates a network action sub-stack. A solution has several choices for this special label.¶
A solution may reuse an existing Base SPL (bSPL). If it elects to do so, it must explain how the usage is backwards compatible, including in the case where there is ISD.¶
If an existing inactive bSPL is selected and its usage would not be backward compatible, then it must first be retired in accordance with [RFC7274] and then reallocated.¶
A solution may select a new bSPL.¶
A solution may select a new eSPL. If it elects to do so, it must address the requirement for the minimal number of LSEs.¶
A solution may allow the network operator to define the label that indicates the network action sub-stack. This creates management overhead for the network operator to coordinate the use of this label across all nodes on the path using management or signaling protocols. If a solution elects to use a user-defined label, the solution should justify this overhead.¶
In the first LSE of the network action sub-stack, only the 20 bits of Label Value and the Bottom of Stack bit are significant, the TC field (3 bits) and the TTL (8 bits) are not used. This leaves 11 bits that could be used for other purposes.¶
If the solution elects to retain the TC and TTL field, then the first LSE of the network action sub-stack would appear as:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label | TC |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label: Label value, 20 bits TC: Traffic Class, 3 bits S: Bottom of Stack, 1 bit TTL: Time To Live¶
Further LSEs would be needed to encode NAIs. If a solution elects to retain these fields, it must address the requirement for the minimal number of LSEs.¶
If the solution elects to reuse the TC and TTL field, then the first LSE of the network action sub-stack would appear as:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label |x x x|S|x x x x x x x x| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label: Label value, 20 bits x: Bit available for solution definition S: Bottom of Stack, 1 bit¶
The solution may use more LSEs to contain NAIs.¶
A solution must have a mechanism to indicate the length of the NAS. This must be easily processed even by implementations that do not understand the full contents of the NAS. Two options are described below, other solutions may be possible.¶
A solution may use a bit per LSE to indicate whether the NAS continues into the next LSE or not. The bit may indicate continuation by being set or by being clear. The overhead of this approach is one bit per LSE and has the advantage that it can effectively encode an arbitrarily sized NAS. This approach is efficient if the NAS is small.¶
A solution may opt to have a fixed size length field at a fixed location within the NAS. The fixed size of the length field may not be large enough to support all possible NAS contents. This approach may be more efficient if the NAS is longer, but not longer than can be described by the length field.¶
Advice from hardware designers advocates a length field as this minimizes branching in the logic.¶
A solution may choose to explicitly encode the scope of the actions contained in a network action sub-stack. A solution may also choose to have the scope encoded implicitly, based on the actions present in the network action sub-stack. This choice may have performance implications as an implementation might have to parse the network actions that are present in a network action sub-stack only to discover that there are no actions for it to perform.¶
Solutions need to consider the order of scoped NAIs and their associated AD within individual sub-stacks and the order of per-scope sub-stacks in order that network actions and the AD can be most readily found and not need to processed by nodes that are not required to handle those actions.¶
Two options for encoding NAIs are described below, other solutions may be possible. Any solution should allow encoding of an arbitrary number of NAIs.¶
A solution may opt to encode the set of network actions as a list of bits, sometimes known as a catalog. The solution must provide a mechanism to determine how many LSEs are devoted to the catalog. A set bit in the catalog would indicate that the corresponding network action is present.¶
Catalogs are efficient if the number of present network actions is relatively high and if the size of the necessary catalog is small. For example, if the first 16 actions are all present, a catalog can encode this in 16 bits. However, if the number of possible actions is large, then a catalog can become inefficient. Selecting only one action that is the 256th action would require a catalog of 256 bits, which would require more than one LSE.¶
A solution may include a bit remapping mechanism so that a given domain may optimize for its commonly used actions.¶
A solution may opt to encode the set of present network actions as a list of operation codes (opcodes). Each opcode is a fixed number of bits. The size of the opcode bounds the number of network actions that the solution can support.¶
Opcodes are efficient if there are only one or two active network actions. For example, if an opcode is 8 bits, then two active network actions could be encoded in in 16 bits. However, if there are 16 actions required, then opcodes would consume 128 bits. Opcodes are efficient at encoding a large number of possible actions. If only the 256th action is to be selected, that still requires 8 bits.¶
A solution may optionally carry some data as PSD.¶
If there are multiple instances of post-stack data, they should occur in the same order as their relevant network action sub-stacks and then in the same order as their relevant network functions occur within the network action sub-stacks.¶
The first nibble after the label stack has been used to convey information in certain cases.¶
For example, in [RFC4928] this nibble is investigated to find out if it has the value "4" or "6", if it is not, it is assumed that the packet payload is not IPv4 or IPv6 and Equal Cost Multipath (ECMP) is not performed.¶
It should be noted that this is an inexact method, for example an Ethernet Pseudowire without a control word might have "4" or "6" in the first nibble and thus will be ECMP'ed.¶
Nevertheless, the method is implemented and deployed, it is used today and will be for the foreseeable future.¶
The use of the first nibble for BIER is specified in [RFC8296]. Bier sets the first nibble to 5. The same is true for BIER payload, as for any use of the first nibble, it is not possible from the first nibble itself being set to 5, conclude that the payload is BIER. However, it achieves the design goal of [RFC8296], to exclude that the payload is IPv4, IPv6 or a pseudowire.¶
There are possibly more examples, they will be added if we find that they further highlight the issue with using the first nibble.¶
[Ed. Outstanding comments from Adrian:¶
Shouldn't we include RFC4385 for 0b0000 for the PW control word and 0b0001 for the PW ACH?¶
This section is all very well, but it doesn't give any direction to the solution developer for what they should do with the first nibble in the post stack data.¶
Is it also relevant to note that there may be other post-stack information that comes before the payload (such as the PW control word, and that the solution must consider the location of the post- stack data in relaiton to that (e.g., immeidately after the LSE with the S bit set) etc.]¶
For MNA to be consistent across implementations and predictable in operational environments, its semantics need to be entirely predictable. An MNA solution MUST specify a deterministic order for processing each of the Network Actions in a packet. Each Network Action must specify how it interacts with all other previously defined Network Actions. Private network actions MUST be included in the ordering of Network Actions, but the interactions of private actions with other actions is outside of the scope of this document.¶
Network actions should be defined in a document and must contain:¶
A solution should create an IANA registry for network actions.¶
Network operators will need to be cognizant of which network actions are supported by which nodes and will need to ensure that this is signalled appropriately. Some solutions may require network-wide configuration to synchronize the use of the labels that indicate the start of an NAS. Solution documents must make clear what management considerations apply to the solutions they are describing. Solutions documents must describe mechanisms for performing network diagnostics in the presence of MNAs.¶
The forwarding plane is insecure. If an adversary can affect the forwarding plane, then they can inject data, remove data, corrupt data, or modify data. MNA additionally allows an adversary to make packets perform arbitrary network actions.¶
Link-level security mechanisms can help mitigate some on-link attacks, but does nothing to preclude hostile nodes.¶
End-to-end encryption of an LSP can help provide security, but would make it impossible to process post-stack data.¶
This document requests that IANA allocate a code point from the "IGP MSD-Types" registry in the "Interior Gateway Protocol (IGP) Parameters" namespace for "Readable Label Depth", referencing this document.¶
This document is the result of work started in MPLS Open Desgign Team, with participation by the MPLS, PALS and DETNET working groups.¶
The authors would like to thank Adrian Farrel for his contributions and to John Drake for his comments.¶