Independent Submission R. Browne Request for Comments: 8592 A. Chilikin Category: Informational Intel ISSN: 2070-1721 T. Mizrahi Huawei Network.IO Innovation Lab May 2019
Independent Submission R. Browne Request for Comments: 8592 A. Chilikin Category: Informational Intel ISSN: 2070-1721 T. Mizrahi Huawei Network.IO Innovation Lab May 2019
Key Performance Indicator (KPI) Stamping for the Network Service Header (NSH)
网络服务头(NSH)的关键性能指标(KPI)戳记
Abstract
摘要
This document describes methods of carrying Key Performance Indicators (KPIs) using the Network Service Header (NSH). These methods may be used, for example, to monitor latency and QoS marking to identify problems on some links or service functions.
本文档描述了使用网络服务头(NSH)承载关键性能指标(KPI)的方法。例如,这些方法可用于监控延迟和QoS标记,以识别某些链路或服务功能上的问题。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.
这是对RFC系列的贡献,独立于任何其他RFC流。RFC编辑器已选择自行发布此文档,并且未声明其对实现或部署的价值。RFC编辑批准发布的文件不适用于任何级别的互联网标准;见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8592.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8592.
Copyright Notice
版权公告
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
版权(c)2019 IETF信托基金和被确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。
Table of Contents
目录
1. Introduction ....................................................2 2. Terminology .....................................................3 2.1. Requirements Language ......................................3 2.2. Definition of Terms ........................................3 2.2.1. Terms Defined in This Document ......................4 2.3. Abbreviations ..............................................5 3. NSH KPI Stamping: An Overview ...................................6 3.1. Prerequisites ..............................................7 3.2. Operation ..................................................9 3.2.1. Flow Selection ......................................9 3.2.2. SCP Interface ......................................10 3.3. Performance Considerations ................................11 4. NSH KPI-Stamping Encapsulation .................................12 4.1. KPI-Stamping Extended Encapsulation .......................13 4.1.1. NSH Timestamping Encapsulation (Extended Mode) .....15 4.1.2. NSH QoS-Stamping Encapsulation (Extended Mode) .....17 4.2. KPI-Stamping Encapsulation (Detection Mode) ...............20 5. Hybrid Models ..................................................22 5.1. Targeted VNF Stamping .....................................23 6. Fragmentation Considerations ...................................23 7. Security Considerations ........................................24 8. IANA Considerations ............................................24 9. References .....................................................25 9.1. Normative References ......................................25 9.2. Informative References ....................................25 Acknowledgments ...................................................27 Contributors ......................................................27 Authors' Addresses ................................................27
1. Introduction ....................................................2 2. Terminology .....................................................3 2.1. Requirements Language ......................................3 2.2. Definition of Terms ........................................3 2.2.1. Terms Defined in This Document ......................4 2.3. Abbreviations ..............................................5 3. NSH KPI Stamping: An Overview ...................................6 3.1. Prerequisites ..............................................7 3.2. Operation ..................................................9 3.2.1. Flow Selection ......................................9 3.2.2. SCP Interface ......................................10 3.3. Performance Considerations ................................11 4. NSH KPI-Stamping Encapsulation .................................12 4.1. KPI-Stamping Extended Encapsulation .......................13 4.1.1. NSH Timestamping Encapsulation (Extended Mode) .....15 4.1.2. NSH QoS-Stamping Encapsulation (Extended Mode) .....17 4.2. KPI-Stamping Encapsulation (Detection Mode) ...............20 5. Hybrid Models ..................................................22 5.1. Targeted VNF Stamping .....................................23 6. Fragmentation Considerations ...................................23 7. Security Considerations ........................................24 8. IANA Considerations ............................................24 9. References .....................................................25 9.1. Normative References ......................................25 9.2. Informative References ....................................25 Acknowledgments ...................................................27 Contributors ......................................................27 Authors' Addresses ................................................27
The Network Service Header (NSH), as defined by [RFC8300], specifies a method for steering traffic among an ordered set of Service Functions (SFs) using an extensible service header. This allows for flexibility and programmability in the forwarding plane to invoke the appropriate SFs for specific flows.
[RFC8300]定义的网络服务报头(NSH)指定了使用可扩展服务报头在有序服务功能集(SF)之间控制流量的方法。这使得转发平面具有灵活性和可编程性,可以为特定流调用适当的SFs。
The NSH promises a compelling vista of operational flexibility. However, many service providers are concerned about service and configuration visibility. This concern increases when considering that many service providers wish to run their networks seamlessly in "hybrid mode", whereby they wish to mix physical and virtual SFs and run services seamlessly between the two domains.
NSH承诺了令人信服的运营灵活性前景。然而,许多服务提供商关心服务和配置的可见性。当考虑到许多服务提供商希望在“混合模式”中无缝运行其网络时,这种担忧会增加,因为他们希望混合物理和虚拟SF,并在两个域之间无缝运行服务。
This document describes generic methods to monitor and debug Service Function Chains (SFCs) in terms of latency and QoS marking of the flows within an SFC. These are referred to as "detection mode" and "extended mode" and are explained in Section 4.
本文档描述了监控和调试服务功能链(SFC)的通用方法,这些方法涉及SFC内流的延迟和QoS标记。这些被称为“检测模式”和“扩展模式”,并在第4节中解释。
The methods described in this document are compliant with hybrid architectures in which Virtual Network Functions (VNFs) and Physical Network Functions (PNFs) are freely mixed in the SFC. These methods also provide flexibility for monitoring the performance and configuration of an entire chain or parts thereof as desired. These methods are extensible to monitoring other Key Performance Indicators (KPIs). Please refer to [RFC7665] for an architectural context for this document.
本文档中描述的方法符合混合体系结构,其中虚拟网络功能(VNF)和物理网络功能(PNF)在SFC中自由混合。这些方法还提供了根据需要监控整个链或其部分的性能和配置的灵活性。这些方法可以扩展到监视其他关键性能指标(KPI)。有关本文档的体系结构上下文,请参阅[RFC7665]。
The methods described in this document are not Operations, Administration, and Maintenance (OAM) protocols such as [Y.1731]. As such, they do not define new OAM packet types or operations. Rather, they monitor the SFC's performance and configuration for subscriber payloads and indicate subscriber QoE rather than out-of-band infrastructure metrics. This document differs from [In-Situ-OAM] in the sense that it is specifically tied to NSH operations and is not generic in nature.
本文件中描述的方法不是[Y.1731]等操作、管理和维护(OAM)协议。因此,它们不定义新的OAM数据包类型或操作。相反,它们监控SFC的性能和用户有效负载配置,并指示用户QoE,而不是带外基础设施指标。本文件与[现场OAM]的不同之处在于,本文件与NSH运营有明确的联系,且在本质上不是通用的。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”在所有大写字母出现时(如图所示)应按照BCP 14[RFC2119][RFC8174]所述进行解释。
This section presents the main terms used in this document. This document also makes use of the terms defined in [RFC7665] and [RFC8300].
本节介绍了本文件中使用的主要术语。本文件还使用了[RFC7665]和[RFC8300]中定义的术语。
First Stamping Node (FSN): The first node along an SFC that stamps packets using KPI stamping. The FSN matches each packet with a Stamping Controller (SC) flow based on (but not limited to) a stamping classification criterion such as transport 5-tuple coordinates.
第一个戳记节点(FSN):沿SFC的第一个节点,使用KPI戳记对数据包进行戳记。FSN基于(但不限于)诸如传输5元组坐标的戳记分类标准,将每个分组与戳记控制器(SC)流相匹配。
Last Stamping Node (LSN): The last node along an SFC that stamps packets using KPI stamping. From a forwarding point of view, the LSN removes the NSH and forwards the raw IP packet to the next hop. From a control-plane point of view, the LSN reads all the metadata (MD) and exports it to a system performance statistics agent or repository. The LSN should use the NSH Service Index (SI) to indicate if an SF was at the end of the chain. The LSN may change the Service Path Identifier (SPI) to a preconfigured value so that the network underlay forwards the MD back directly to the KPI database (KPIDB) based on this value.
Last Stamping Node(LSN):沿SFC的最后一个节点,该节点使用KPI标记对数据包进行标记。从转发的角度来看,LSN移除NSH并将原始IP分组转发到下一跳。从控制平面的角度来看,LSN读取所有元数据(MD)并将其导出到系统性能统计代理或存储库。LSN应使用NSH服务指数(SI)来指示SF是否位于链的末端。LSN可以将服务路径标识符(SPI)更改为预配置的值,以便网络参考底图基于该值将MD直接转发回KPI数据库(KPIDB)。
Key Performance Indicator Database (KPIDB): Denotes the external storage of MD for reporting, trend analysis, etc.
关键绩效指标数据库(KPIDB):表示MD的外部存储,用于报告、趋势分析等。
KPI stamping: The insertion of latency-related and/or QoS-related information into a packet using NSH MD.
KPI标记:使用NSH MD将延迟相关和/或QoS相关信息插入数据包。
Flow ID: A unique 16-bit identifier written into the header by the classifier. This allows 65536 flows to be concurrently stamped on any given NSH service chain.
流ID:分类器写入报头的唯一16位标识符。这允许65536个流同时印在任何给定的NSH服务链上。
QoS stamping: The insertion of QoS-related information into a packet using NSH MD.
QoS标记:使用NSH MD将QoS相关信息插入数据包。
Stamping Controller (SC): The central logic that decides what packets to stamp and how to stamp them. The SC instructs the classifier on how to build the parts of the NSH that are specific to KPI stamping.
戳记控制器(SC):决定要戳记哪些数据包以及如何戳记它们的中心逻辑。SC指导分类器如何构建NSH中特定于KPI标记的部分。
Stamping Control Plane (SCP): The control plane between the FSN and the SC.
冲压控制平面(SCP):FSN和SC之间的控制平面。
DEI Drop Eligible Indicator
下降合格指示器
DSCP Differentiated Services Code Point
区分服务代码点
FSN First Stamping Node
第一冲压节点
KPI Key Performance Indicator
关键绩效指标
KPIDB Key Performance Indicator Database
关键绩效指标数据库
LSN Last Stamping Node
最后冲压节点
MD Metadata
MD元数据
NFV Network Function Virtualization
网络功能虚拟化
NSH Network Service Header
NSH网络服务报头
OAM Operations, Administration, and Maintenance
OAM操作、管理和维护
PCP Priority Code Point
优先码点
PNF Physical Network Function
物理网络功能
PNFN Physical Network Function Node
物理网络功能节点
QoE Quality of Experience
体验质量
QoS Quality of Service
服务质量
RSP Rendered Service Path
RSP呈现服务路径
SC Stamping Controller
SC冲压控制器
SCL Service Classifier
SCL服务分类器
SCP Stamping Control Plane
冲压控制平面
SF Service Function
SF服务功能
SFC Service Function Chain
服务功能链
SI Service Index
SI服务指数
SSI Stamp Service Index
SSI邮票服务索引
TS Timestamp
TS时间戳
VLAN Virtual Local Area Network
虚拟局域网
VNF Virtual Network Function
虚拟网络功能
A typical KPI-stamping architecture is presented in Figure 1.
图1显示了一个典型的KPI标记体系结构。
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( SFn ) \ FSN / \ / \ / \ LSN / `---' `---' `---' `---'
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( SFn ) \ FSN / \ / \ / \ LSN / `---' `---' `---' `---'
Figure 1: Logical Roles in NSH KPI Stamping
图1:NSH KPI中的逻辑角色
The SC will be part of the SFC control-plane architecture, but it is described separately in this document for clarity.
SC将是SFC控制平面体系结构的一部分,但为了清晰起见,本文件将对其进行单独描述。
The SC is responsible for initiating start/stop stamp requests to the SCL or FSN and also for distributing the NSH-stamping policy into the service chain via the SCP interface.
SC负责向SCL或FSN发起启动/停止戳记请求,并负责通过SCP接口将NSH戳记策略分发到服务链中。
The FSN will typically be part of the SCL but is called out as a separate logical entity for clarity.
FSN通常是SCL的一部分,但为了清晰起见,被称为单独的逻辑实体。
The FSN is responsible for marking NSH MD fields; this tells nodes in the service chain how to behave in terms of stamping at the SF ingress, the SF egress, or both, or ignoring the stamp NSH MD completely.
FSN负责标记NSH MD字段;这将告诉服务链中的节点如何在SF入口、SF出口或两者同时加盖印花,或完全忽略印花NSH MD。
The FSN also writes the Reference Time value, a (possibly inaccurate) estimate of the current time of day, into the header, allowing the "SPI:Flow ID" performance to be compared to previous samples for offline analysis.
FSN还将参考时间值(一天中当前时间的估计值(可能不准确))写入报头,以便将“SPI:Flow ID”性能与以前的样本进行比较,以便进行脱机分析。
The FSN should return an error to the SC if not synchronized to the current time of day and forward the packet along the service chain unchanged. The code and format of the error are specific to the protocol used between the FSN and SC; these considerations are out of scope.
如果没有同步到一天中的当前时间,FSN应该向SC返回一个错误,并沿着服务链转发数据包,保持不变。错误代码和格式特定于FSN和SC之间使用的协议;这些考虑超出了范围。
SF1 and SF2 stamp the packets as dictated by the FSN and process the payload as per normal.
SF1和SF2按照FSN的指示标记数据包,并按照正常方式处理有效负载。
Note 1: The exact location of the stamp creation may not be in the SF itself and may be applied by a hardware device -- for example, as discussed in Section 3.3.
注1:邮票创建的确切位置可能不在SF中,而可能由硬件设备应用——例如,如第3.3节所述。
Note 2: Special cases exist where some of the SFs are NSH unaware. This is covered in Section 5.
注2:存在某些SF不知道NSH的特殊情况。这将在第5节中介绍。
The LSN should strip the entire NSH and forward the raw packet to the IP next hop as per [RFC8300]. The LSN also exports NSH-stamping information to the KPIDB for offline analysis; the LSN may export the stamping information of either (1) all packets or (2) a subset based on packet sampling.
LSN应剥离整个NSH,并根据[RFC8300]将原始数据包转发至IP下一跳。LSN还将NSH戳记信息导出到KPIDB进行离线分析;LSN可以基于分组抽样导出(1)所有分组或(2)子集的戳记信息。
In fully virtualized environments, the LSN is likely to be co-located with the SF that decrements the NSH SI to zero. Corner cases exist where this is not the case; see Section 5.
在完全虚拟化的环境中,LSN可能与将NSH SI减至零的SF共存。如果情况并非如此,则存在角落案例;见第5节。
Timestamping has its own set of prerequisites; however, these prerequisites are not required for QoS stamping. In order to guarantee MD accuracy, all servers hosting VNFs should be synchronized from a centralized stable clock. As it is assumed that PNFs do not timestamp (as this would involve a software change and a probable impact on throughput performance), there is no need for them to synchronize. There are two possible levels of synchronization:
时间戳有它自己的一套先决条件;但是,QoS标记不需要这些先决条件。为了保证MD的准确性,所有托管VNF的服务器都应该从一个集中的稳定时钟同步。由于假定PNF没有时间戳(因为这将涉及软件更改和对吞吐量性能的可能影响),因此它们不需要同步。有两种可能的同步级别:
Level A: Low-accuracy time-of-day synchronization, based on NTP [RFC5905].
A级:基于NTP[RFC5905]的低精度时间同步。
Level B: High-accuracy synchronization (typically on the order of microseconds), based on [IEEE1588].
B级:基于[IEEE1588]的高精度同步(通常为微秒级)。
Each SF SHOULD have Level A synchronization and MAY have Level B synchronization.
每个SF应具有A级同步,也可以具有B级同步。
Level A requires each platform (including the SC) to synchronize its system real-time clock to an NTP server. This is used to mark the MD in the chain, using the Reference Time field in the NSH KPI stamp header (Section 4.1). This timestamp is inserted into the NSH by the first SF in the chain. NTP accuracy can vary by several milliseconds between locations. This is not an issue, as the Reference Time is merely being used as a time-of-day reference inserted into the KPIDB for performance monitoring and MD retrieval.
A级要求每个平台(包括SC)将其系统实时时钟同步到NTP服务器。这用于使用NSH KPI戳记标题中的参考时间字段标记链中的MD(第4.1节)。该时间戳由链中的第一个SF插入NSH。NTP精度在不同位置之间可能相差几毫秒。这不是一个问题,因为参考时间仅被用作插入KPIDB的时间参考,用于性能监控和MD检索。
Level B synchronization requires each platform to be synchronized to a Primary Reference Clock (PRC) using the Precision Time Protocol (PTP) [IEEE1588]. A platform MAY also use Synchronous Ethernet [G.8261] [G.8262] [G.8264], allowing more accurate frequency synchronization.
B级同步要求每个平台使用精确时间协议(PTP)[IEEE1588]与主参考时钟(PRC)同步。平台也可以使用同步以太网[G.8261][G.8262][G.8264],允许更精确的频率同步。
If an SF is not synchronized at the moment of timestamping, it should indicate its synchronization status in the NSH. This is described in more detail in Section 4.
如果SF在时间戳时刻未同步,则应在NSH中指示其同步状态。第4节对此进行了更详细的描述。
By synchronizing the network in this way, the timestamping operation is independent of the current RSP. Indeed, the timestamp MD can indicate where a chain has been moved due to a resource starvation event as indicated in Figure 2, between VNF3 and VNF4 at time B.
通过以这种方式同步网络,时间戳操作独立于当前RSP。实际上,时间戳MD可以指示由于图2中所示的资源不足事件,在时间B的VNF3和VNF4之间,链被移动到了什么位置。
Delay | v | v | x | x x = Reference Time A | xv v = Reference Time B | xv | xv |______|______|______|______|______|_____ VNF1 VNF2 VNF3 VNF4 VNF5
Delay | v | v | x | x x = Reference Time A | xv v = Reference Time B | xv | xv |______|______|______|______|______|_____ VNF1 VNF2 VNF3 VNF4 VNF5
Figure 2: Flow Performance in a Service Chain
图2:服务链中的流性能
For QoS stamping, it is desired that the SCL or FSN be synchronized in order to provide a Reference Time for offline analysis, but this is not a hard requirement (they may be in holdover or free-run state, for example). Other SFs in the service chain do not need to be synchronized for QoS-stamping operations, as described below.
对于QoS标记,需要同步SCL或FSN,以便为脱机分析提供参考时间,但这不是硬要求(例如,它们可能处于延迟或自由运行状态)。服务链中的其他SF不需要为QoS标记操作同步,如下所述。
QoS stamping can be used to check the consistency of configuration across the entire chain or parts thereof. By adding all potential Layer 2 and Layer 3 QoS fields into a QoS sum at the SF ingress or egress, this allows quick identification of QoS mismatches across multiple Layer 2 / Layer 3 fields, which otherwise is a manual, expert-led consuming process.
QoS标记可用于检查整个链或其部分的配置一致性。通过将所有潜在的第2层和第3层QoS字段添加到SF入口或出口的QoS总和中,这允许跨多个第2层/第3层字段快速识别QoS不匹配,否则这是一个手动、专家引导的消耗过程。
| | | xy | xy x = ingress QoS sum | xv v = egress QoS sum | xv y = egress QoS sum mismatch | xv |______|______|______|______|______|_____ SF1 SF2 SF3 SF4 SF5
| | | xy | xy x = ingress QoS sum | xv v = egress QoS sum | xv y = egress QoS sum mismatch | xv |______|______|______|______|______|_____ SF1 SF2 SF3 SF4 SF5
Figure 3: Flow QoS Consistency in a Service Chain
图3:服务链中的流QoS一致性
Referring to Figure 3, x, v, and y are notional sum values of the QoS marking configuration of the flow within a given chain. As the encapsulation of the flow can change from hop to hop in terms of VLAN header(s), MPLS labels, or DSCP(s), these values are used to compare the consistency of configuration from, for example, payload DSCP through overlay and underlay QoS settings in VLAN IEEE 802.1Q bits, MPLS bits, and infrastructure DSCPs.
参考图3,x、v和y是给定链中流的QoS标记配置的概念和值。由于流的封装可以根据VLAN头、MPLS标签或DSCP在一个跳到另一个跳之间改变,因此这些值用于比较配置的一致性,例如,从有效负载DSCP到VLAN IEEE 802.1Q位、MPLS位和基础设施DSCP中的覆盖和底层QoS设置。
Figure 3 indicates that, at SF4 in the chain, the egress QoS marking is inconsistent. That is, the ingress QoS settings do not match the egress. The method described here will indicate which QoS field(s) is inconsistent and whether this is ingress (where the underlay has incorrectly marked and queued the packet) or egress (where the SF has incorrectly marked and queued the packet.
图3表明,在链中的SF4处,出口QoS标记不一致。也就是说,入口QoS设置与出口不匹配。此处描述的方法将指示哪个QoS字段不一致,以及这是入口(参考底图错误地标记和排队分组)还是出口(SF错误地标记和排队分组)。
Note that the SC must be aware of cases when an SF re-marks QoS fields deliberately and thus does not flag an issue for desired behavior.
请注意,SC必须了解SF故意重新标记QoS字段,从而不为所需行为标记问题的情况。
KPI-stamping detection mode uses MD Type 2 as defined in [RFC8300]. This involves the SFC classifier stamping the flow at the chain ingress and no subsequent stamps being applied; rather, each upstream SF can compare its local condition with the ingress value and take appropriate action. Therefore, detection mode is very efficient in terms of header size that does not grow after the classification. This is further explained in Section 4.2.
KPI标记检测模式使用[RFC8300]中定义的MD类型2。这涉及到SFC分类器在链入口处压印流,并且不应用后续压印;相反,每个上游SF可以将其局部条件与入口值进行比较,并采取适当的措施。因此,就分类后不会增长的报头大小而言,检测模式非常有效。第4.2节对此作了进一步解释。
The SC should maintain a list of flows within each service chain to be monitored. This flow table should be in the format "SPI:Flow ID". The SC should map these pairs to unique values presented as Flow IDs per service chain within the NSH TLV specified in this document (see Section 4). The SC should instruct the FSN to initiate timestamping
SC应维护每个待监控服务链内的流程列表。此流量表的格式应为“SPI:flow ID”。SC应将这些对映射到本文件规定的NSH TLV内每个服务链的流ID表示的唯一值(见第4节)。SC应指示FSN启动时间戳
on flow table match. The SC may also tell the classifier the duration of the timestamping operation, by either the number of packets in the flow or a certain time duration.
流表匹配。SC还可以通过流中分组的数目或特定的持续时间来告诉分类器时间戳操作的持续时间。
In this way, the system can monitor the performance of all en-route traffic, an individual subscriber in a chain, or just a specific application or QoS class that is used in the network.
通过这种方式,系统可以监控所有路由流量、链中的单个订户或网络中使用的特定应用程序或QoS类的性能。
The SC should write the list of monitored flows into the KPIDB for correlation of performance and configuration data. Thus, when the KPIDB receives data from the LSN, it understands to which flow the data pertains.
SC应将监控流列表写入KPIDB,以关联性能和配置数据。因此,当KPIDB从LSN接收数据时,它了解数据属于哪个流。
The association of a source IP address with a subscriber identity is outside the scope of this document and will vary by network application. For example, the method of association of a source IP address with an International Mobile Subscriber Identity (IMSI) will be different from how a Customer Premises Equipment (CPE) entity with a Network Address Translation (NAT) function may be chained in an enterprise NFV application.
源IP地址与订户标识的关联不在本文档的范围内,并且会因网络应用而有所不同。例如,源IP地址与国际移动用户身份(IMSI)的关联方法将不同于具有网络地址转换(NAT)功能的客户场所设备(CPE)实体在企业NFV应用中的链接方式。
An SCP interface is required between the SC and the FSN or classifier. This interface is used to:
SC和FSN或分类器之间需要SCP接口。此接口用于:
o Query the SFC classifier for a list of active chains and flows.
o 查询SFC分类器以获取活动链和流的列表。
o Communicate which chains and flows to stamp. This can be a specific "SPI:Flow ID" combination or can include wildcards for monitoring subscribers across multiple chains or multiple flows within one chain.
o 传达要标记的链和流。这可以是特定的“SPI:Flow ID”组合,也可以包括用于跨多个链或一个链中的多个流监视订阅者的通配符。
o Instruct how the stamp should be applied (ingress, egress, both ingress and egress, or specific).
o 说明应如何使用印章(入口、出口、入口和出口,或特定)。
o Indicate when to stop stamping (after either a certain number of packets or a certain time duration).
o 指示何时停止加盖印花(在特定数量的数据包或特定持续时间之后)。
Typically, SCP timestamps flows for a certain duration for trend analysis but only stamps one packet of each QoS class in a chain periodically (perhaps once per day or after a network change). Therefore, timestamping is generally applied to a much larger set of packets than QoS stamping.
通常,SCP时间戳在趋势分析的特定持续时间内流动,但在链中仅周期性地(可能每天一次或在网络更改后)标记每个QoS类的一个数据包。因此,时间戳通常应用于比QoS戳更大的数据包集。
The exact specification of SCP is left for further study.
SCP的确切规格有待进一步研究。
This document does not mandate a specific stamping implementation method; thus, NSH KPI stamping can be performed by either hardware mechanisms or software.
本文件未规定具体的加盖印花实施方法;因此,NSH KPI标记可以通过硬件机制或软件执行。
If software-based stamping is used, applying and operating on the stamps themselves incur an additional small delay in the service chain. However, it can be assumed that these additional delays are all relative for the flow in question. This is only pertinent for timestamping mode, and not for QoS-stamping mode. Thus, whilst the absolute timestamps may not be fully accurate for normal non-timestamped traffic, they can be assumed to be relative.
如果使用基于软件的戳记,应用和操作戳记本身会在服务链中产生额外的小延迟。然而,可以假设这些额外的延迟都与所讨论的流有关。这仅适用于时间戳模式,而不适用于QoS戳模式。因此,虽然绝对时间戳对于正常的非时间戳业务可能不完全准确,但可以假定它们是相对的。
It is assumed that the methods described in this document would only operate on a small percentage of user flows.
假设本文档中描述的方法仅对一小部分用户流起作用。
The service provider may choose a flexible policy in the SC to timestamp a selection of a user plane every minute -- for example, to highlight any performance issues. Alternatively, the LSN may selectively export a subset of the KPI stamps it receives, based on a predefined sampling method. Of course, the SC can stress-test an individual flow or chain should a deeper analysis be required. We can expect that this type of deep analysis will have an impact on the performance of the chain itself whilst under investigation. This impact will be dependent on vendor implementations and is outside the scope of this document.
服务提供商可以在SC中选择灵活的策略,以每分钟为用户平面的选择加上时间戳——例如,突出显示任何性能问题。或者,LSN可以基于预定义的采样方法选择性地导出其接收的KPI戳的子集。当然,如果需要更深入的分析,SC可以对单个流或链进行压力测试。我们可以预期,在调查期间,此类深入分析将对链条本身的性能产生影响。这种影响将取决于供应商的实施情况,不在本文档的范围之内。
For QoS stamping, the methods described here are even less intrusive, as typically packets are only QoS stamped periodically (perhaps once per day) to check service chain configuration per QoS class.
对于QoS标记,这里描述的方法更不具侵入性,因为通常数据包仅定期(可能每天一次)进行QoS标记,以检查每个QoS类的服务链配置。
KPI stamping uses NSH MD Type 0x2 for detection of anomalies and extended mode for root-cause analysis of KPI violations. These are further explained in this section.
KPI标记使用NSH MD类型0x2检测异常,并使用扩展模式分析KPI违规的根本原因。本节将进一步解释这些问题。
The generic NSH MD Type 2 TLV for KPI stamping is shown below.
KPI戳记的通用NSH MD类型2 TLV如下所示。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Metadata header and TLV(s) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Metadata header and TLV(s) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Generic NSH KPI Encapsulation
图4:通用NSH KPI封装
Relevant fields in the header that the FSN must implement are as follows:
FSN必须实现的标题中的相关字段如下:
o The O bit must not be set.
o 不得设置O位。
o The MD type must be set to 0x2.
o MD类型必须设置为0x2。
o The Metadata Class must be set to a value from the experimental range 0xfff6 to 0xfffe according to an agreement by all parties to the experiment.
o 根据实验各方的协议,元数据类必须设置为实验范围0xfff6到0xfffe之间的值。
o Unassigned bits: All fields marked "U" are unassigned and available for future use [RFC8300].
o 未分配位:所有标记为“U”的字段均未分配,可供将来使用[RFC8300]。
o The Type field may have one of the following values; the content of the Variable Length KPI Metadata header and TLV(s) field depends on the Type value:
o 类型字段可以具有以下值之一:;可变长度KPI元数据标头和TLV字段的内容取决于类型值:
* Type = 0x01 (Det): Detection
* 类型=0x01(Det):检测
* Type = 0x02 (TS): Timestamp Extended
* 类型=0x02(TS):时间戳扩展
* Type = 0x03 (QoS): QoS stamp Extended
* 类型=0x03(QoS):QoS标记已扩展
The Type field determines the type of KPI-stamping format. The supported formats are presented in the following subsections.
类型字段确定KPI戳记格式的类型。以下小节介绍了支持的格式。
The generic NSH MD Type 2 KPI-stamping header (extended mode) is shown in Figure 5. This is the format for performance monitoring of service chain issues with respect to QoS configuration and latency.
图5显示了通用NSH MD类型2 KPI冲压头(扩展模式)。这是服务链问题的性能监控格式,涉及QoS配置和延迟。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Configuration Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Value (LSN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Value (FSN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Configuration Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Value (LSN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \ \ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length KPI Value (FSN) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: Generic KPI Encapsulation (Extended Mode)
图5:通用KPI封装(扩展模式)
As mentioned above, two types are defined under the experimental MD class to indicate the extended KPI MD: a timestamp type and a QoS-stamp type.
如上所述,在实验MD类下定义了两种类型以指示扩展的KPI MD:时间戳类型和QoS戳类型。
The KPI Encapsulation Configuration Header format is shown below.
KPI封装配置标头格式如下所示。
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |K|K|T|K|K|K|K|K| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reference Time | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |K|K|T|K|K|K|K|K| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reference Time | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: KPI Encapsulation Configuration Header
图6:KPI封装配置头
The bits marked "K" are reserved for specific KPI type use and are described in the subsections below.
标记为“K”的位保留用于特定KPI类型的使用,并在下面的小节中描述。
The T bit should be set if Reference Time follows the KPI Encapsulation Configuration Header.
如果参考时间在KPI封装配置头之后,则应设置T位。
The SSI (Stamping SI) contains the SI used for KPI stamping and is described in the subsections below.
SSI(冲压SI)包含用于KPI冲压的SI,在下面的小节中进行了描述。
The Flow ID is a unique 16-bit identifier written into the header by the classifier. This allows 65536 flows to be concurrently stamped on any given NSH service chain (SPI). Flow IDs are not written by subsequent SFs in the chain. The FSN may export monitored Flow IDs to the KPIDB for correlation.
流ID是由分类器写入报头的唯一16位标识符。这允许65536个流同时印在任何给定的NSH服务链(SPI)上。流ID不会由链中的后续SF写入。FSN可以将监控的流ID导出到KPIDB以进行关联。
Reference Time is the wall clock of the FSN and may be used for historical comparison of SC performance. If the FSN is not Level A synchronized (see Section 3.1), it should inform the SC over the SCP interface. The Reference Time is represented in 64-bit NTP format [RFC5905], as presented in Figure 7:
参考时间是FSN的挂钟,可用于SC性能的历史比较。如果FSN未进行A级同步(见第3.1节),则应通过SCP接口通知SC。参考时间以64位NTP格式[RFC5905]表示,如图7所示:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seconds | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fraction | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Seconds | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Fraction | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: NTP 64-Bit Timestamp Format (RFC 5905)
图7:NTP 64位时间戳格式(RFC 5905)
The NSH timestamping extended encapsulation is shown below.
NSH时间戳扩展封装如下所示。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|C|U|U|U|U|U|U| Length |U|U|U|U|Type=2 | NextProto | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path ID | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=TS(2) |U| Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|T|U|U|U|SSI| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Reference Time (T bit is set) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|U|U|U| SYN | Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Ingress Timestamp (I bit is set) (LSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress Timestamp (E bit is set) (LSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|U|U|U| SYN | Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Ingress Timestamp (I bit is set) (FSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress Timestamp (E bit is set) (FSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|C|U|U|U|U|U|U| Length |U|U|U|U|Type=2 | NextProto | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path ID | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=TS(2) |U| Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|T|U|U|U|SSI| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Reference Time (T bit is set) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|U|U|U| SYN | Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Ingress Timestamp (I bit is set) (LSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress Timestamp (E bit is set) (LSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |I|E|U|U|U| SYN | Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Ingress Timestamp (I bit is set) (FSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Egress Timestamp (E bit is set) (FSN) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: NSH Timestamp Encapsulation (Extended Mode)
图8:NSH时间戳封装(扩展模式)
The FSN KPI stamp MD starts with the Stamping Configuration Header. This header contains the I, E, and T bits, and the SSI.
FSN KPI stamp MD从Stamping配置头开始。此标头包含I、E和T位以及SSI。
The I bit should be set if the Ingress stamp is requested.
如果请求入口标记,则应设置I位。
The E bit should be set if the Egress stamp is requested.
如果请求出口戳,则应设置E位。
The SSI field must be set to one of the following values:
SSI字段必须设置为以下值之一:
o 0x0: KPI stamp mode. No SI is specified in the Stamping SI field.
o 0x0:KPI戳记模式。冲压SI字段中未指定SI。
o 0x1: KPI stamp hybrid mode is selected. The Stamping SI field contains the LSN SI. This is used when PNFs or NSH-unaware SFs are used at the tail of the chain. If SSI=0x1, then the value in the Type field informs the chain regarding which SF should act as the LSN.
o 0x1:已选择KPI戳记混合模式。冲压SI字段包含LSN SI。当在链的尾部使用PNF或NSH或SFs时,使用此选项。如果SSI=0x1,则类型字段中的值将通知链哪个SF应充当LSN。
o 0x2: KPI stamp Specific mode is selected. The Stamping SI field contains the targeted SI. In this case, the Stamping SI field indicates which SF is to be stamped. Both Ingress stamps and Egress stamps are performed when the SI=SSI in the chain. For timestamping mode, the FSN will also apply the Reference Time and Ingress Timestamp. This will indicate the delay along the entire service chain to the targeted SF. This method may also be used as a light implementation to monitor end-to-end service chain performance whereby the targeted SF is the LSN. This is not applicable to QoS-stamping mode.
o 0x2:已选择KPI戳记特定模式。冲压SI字段包含目标SI。在这种情况下,冲压SI字段指示要冲压的SF。当链中的SI=SSI时,执行入口标记和出口标记。对于时间戳模式,FSN还将应用参考时间和入口时间戳。这将指示整个服务链到目标SF的延迟。该方法还可以用作监控端到端服务链性能的轻型实现,其中目标SF是LSN。这不适用于QoS标记模式。
Each stamping node adds stamp MD that consists of the Stamping Reporting Header and timestamps.
每个stamping节点添加stampmd,它由stamping报告头和时间戳组成。
The E bit should be set if the Egress stamp is reported.
如果报告出口标记,则应设置E位。
The I bit should be set if the Ingress stamp is reported.
如果报告了入口标记,则应设置I位。
With respect to timestamping mode, the SYN bits are an indication of the synchronization status of the node performing the timestamp and must be set to one of the following values:
关于时间戳模式,SYN位是执行时间戳的节点的同步状态的指示,并且必须设置为以下值之一:
o In synch: 0x00
o 同步:0x00
o In holdover: 0x01
o 延期付款:0x01
o In free run: 0x02
o 在自由运行中:0x02
o Out of synch: 0x03
o 不同步:0x03
If the platform hosting the SF is out of synch or in free run, no timestamp is applied by the node, and the packet is processed normally.
如果承载SF的平台不同步或处于自由运行状态,则节点不会应用时间戳,并且数据包处理正常。
If the FSN is out of synch or in free run, the timestamp request is rejected and is not propagated through the chain. In such an event, the FSN should inform the SC over the SCP interface. Similarly, if the KPIDB receives timestamps that are out of order (i.e., a timestamp of an "N+1" SF is prior to the timestamp of an "N" SF), it should notify the SC of this condition over the SCP interface.
如果FSN不同步或处于自由运行状态,则时间戳请求将被拒绝,并且不会通过链传播。在这种情况下,FSN应通过SCP接口通知SC。类似地,如果KPIDB接收到顺序错误的时间戳(即,“N+1”SF的时间戳在“N”SF的时间戳之前),则其应通过SCP接口将此情况通知SC。
The outer SI value is copied into the stamp MD as the Stamping SI to help cater to hybrid chains that are a mix of VNFs and PNFs or through NSH-unaware SFs. Thus, if a flow transits through a PNF or an NSH-unaware node, the delta in the inner SI between timestamps will indicate this.
外部SI值作为冲压SI复制到stamp MD中,以帮助满足VNF和PNF混合或通过NSH和SF的混合链的需求。因此,如果流通过PNF或NSH节点传输,则时间戳之间的内部SI中的增量将指示这一点。
The Ingress Timestamp and Egress Timestamp are represented in 64-bit NTP format. The corresponding bits (I and E) are reported in the Stamping Reporting Header of the node's MD.
入口时间戳和出口时间戳以64位NTP格式表示。相应的位(I和E)在节点MD的戳记报告头中报告。
Packets have a variable QoS stack. For example, the same payload IP can have a very different stack in the access part of the network than the core. This is most apparent in mobile networks where, for example, in an access circuit we would have an infrastructure IP header (DSCP) composed of two layers -- one based on transport and the other based on IPsec -- in addition to multiple MPLS and VLAN tags. The same packet, as it leaves the Packet Data Network (PDN) Gateway Gi egress interface, may be very much simplified in terms of overhead and related QoS fields.
数据包具有可变的QoS堆栈。例如,同一有效负载IP在网络的接入部分可以具有与核心非常不同的堆栈。这一点在移动网络中最为明显,例如,在接入电路中,除了多个MPLS和VLAN标记外,还有一个由两层组成的基础设施IP报头(DSCP)——一层基于传输,另一层基于IPsec。当相同的分组离开分组数据网络(PDN)网关Gi出口接口时,可以在开销和相关QoS字段方面非常简化。
Because of this variability, we need to build extra meaning into the QoS headers. They are not, for example, all PTP timestamps of a fixed length, as in the case of timestamping; rather, they are of variable lengths and types. Also, they can be changed on the underlay at any time without the knowledge of the SFC system. Therefore, each SF must be able to ascertain and record its ingress and egress QoS configuration on the fly.
由于这种可变性,我们需要在QoS头中构建额外的含义。例如,它们不是固定长度的所有PTP时间戳,如时间戳的情况;相反,它们的长度和类型是可变的。此外,在不了解证监会系统的情况下,可以随时在参考底图上更改它们。因此,每个SF必须能够动态确定和记录其入口和出口QoS配置。
The suggested QoS Type (QT) and lengths are listed below.
下面列出了建议的QoS类型(QT)和长度。
QoS Type Value Length Comment ---------------------------------------------------------- IVLAN 0x01 4 Bits Ingress VLAN (PCP + DEI)
QoS Type Value Length Comment ---------------------------------------------------------- IVLAN 0x01 4 Bits Ingress VLAN (PCP + DEI)
EVLAN 0x02 4 Bits Egress VLAN
EVLAN 0x02 4位出口VLAN
IQINQ 0x03 8 Bits Ingress QinQ (2x (PCP + DEI))
IQINQ 0x03 8位入口QinQ(2x(PCP+DEI))
EQINQ 0x04 8 Bits Egress QinQ
EQINQ 0x04 8位出口QinQ
IMPLS 0x05 3 Bits Ingress Label
IMPLS 0x05 3位入口标签
EMPLS 0x06 3 Bits Egress Label
EMPS 0x06 3位出口标签
IMPLS 0x07 6 Bits Two Ingress Labels (2x EXP)
IMPLS 0x07 6位两个入口标签(2x EXP)
EMPLS 0x08 6 Bits Two Egress Labels
EMPS 0x08 6位两个出口标签
IDSCP 0x09 8 Bits Ingress DSCP
IDSCP 0x09 8位入口DSCP
EDSCP 0x0A 8 Bits Egress DSCP
EDSCP 0x0A 8位出口DSCP
For stacked headers such as MPLS and 802.1ad, we extract the relevant QoS data from the header and insert it into one QoS value in order to be more efficient in terms of packet size. Thus, for MPLS, we represent both experimental bits (EXP) fields in one QoS value, and both 802.1p priority and drop precedence in one QoS value, as indicated above.
对于MPLS和802.1ad等堆叠报头,我们从报头中提取相关的QoS数据,并将其插入一个QoS值,以便在数据包大小方面更有效。因此,对于MPLS,我们在一个QoS值中表示实验比特(EXP)字段,在一个QoS值中表示802.1p优先级和丢弃优先级,如上所述。
For stack types not listed here (for example, three or more MPLS tags), the SF would insert IMPLS/EMPLS several times, with each layer in the stack indicating EXP QoS for that layer.
对于此处未列出的堆栈类型(例如,三个或更多MPLS标记),SF将多次插入IMPL/EMPS,堆栈中的每一层都指示该层的EXP QoS。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|C|U|U|U|U|U|U| Length |U|U|U|U|Type=2 | NextProto=0x0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path ID | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=QoS(3) |U| Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|T|U|U|U|SSI| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Reference Time (T bit is set) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|U|U|U|U|U|U| Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | QT | QoS Value |U|U|U|E| QT | QoS Value |U|U|U|E| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|U|U|U|U|U|U| Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | QT | QoS Value |U|U|U|E| QT | QoS Value |U|U|U|E| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|C|U|U|U|U|U|U| Length |U|U|U|U|Type=2 | NextProto=0x0 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path ID | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=QoS(3) |U| Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|T|U|U|U|SSI| Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Reference Time (T bit is set) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|U|U|U|U|U|U| Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | QT | QoS Value |U|U|U|E| QT | QoS Value |U|U|U|E| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|U|U|U|U|U|U|U| Stamping SI | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | QT | QoS Value |U|U|U|E| QT | QoS Value |U|U|U|E| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9: NSH QoS Configuration Encapsulation (Extended Mode)
图9:NSH QoS配置封装(扩展模式)
The encapsulation in Figure 9 is very similar to the encapsulation detailed in Section 4.1.1, with the following exceptions:
图9中的封装与第4.1.1节中详述的封装非常相似,但以下情况除外:
o I and E bits are not required, as we wish to examine the full QoS stack at the ingress and egress at every SF.
o 不需要I和E位,因为我们希望在每个SF的入口和出口处检查完整的QoS堆栈。
o SYN status bits are not required.
o 不需要SYN状态位。
o The QT and QoS values are as outlined in the list above.
o QT和QoS值如上面列表所示。
o The E bit at the tail of each QoS context field indicates if this is the last egress QoS stamp for a given SF. This should coincide with SI=0 at the LSN, whereby the packet is truncated, the NSH MD is sent to the KPIDB, and the subscriber's raw IP packet is forwarded to the underlay next hop.
o 每个QoS上下文字段尾部的E位指示这是否是给定SF的最后一个出口QoS标记。这应该与LSN处的SI=0一致,由此数据包被截断,NSH MD被发送到KPIDB,并且订户的原始IP数据包被转发到下一跳参考底图。
Note: It is possible to compress the frame structure to better utilize the header, but this would come at the expense of crossing byte boundaries. For ease of implementation, and so that QoS stamping is applied on an extremely small subset of user-plane traffic, we believe that the above structure is a pragmatic compromise between header efficiency and ease of implementation.
注意:可以压缩帧结构以更好地利用报头,但这将以跨越字节边界为代价。为了易于实现,因此QoS标记应用于极小的用户平面流量子集,我们认为上述结构是报头效率和易于实现之间的务实折衷。
The format of the NSH MD Type 2 KPI-stamping TLV (detection mode) is shown in Figure 10.
NSH MD类型2 KPI标记TLV(检测模式)的格式如图10所示。
This TLV is used for KPI anomaly detection. Upon detecting a problem or an anomaly, it will be possible to enable the use of KPI-stamping extended encapsulations, which will provide more detailed analysis.
此TLV用于KPI异常检测。一旦检测到问题或异常,就可以使用扩展封装,这将提供更详细的分析。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=Det(1) |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | KPI Type | Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Threshold KPI Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ingress KPI stamp | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver|O|U| TTL | Length |U|U|U|U|Type=2 | Next Protocol | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Path Identifier | Service Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Metadata Class | Type=Det(1) |U| Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | KPI Type | Stamping SI | Flow ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Threshold KPI Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ingress KPI stamp | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10: Generic NSH KPI Encapsulation (Detection Mode)
图10:通用NSH KPI封装(检测模式)
The following fields are defined in the KPIDB MD:
KPIDB MD中定义了以下字段:
o KPI Type: This field determines the type of KPI stamp that is included in this MD. If a receiver along the path does not understand the KPI type, it will pass the packet on transparently and will not drop it. The supported values of KPI Type are:
o KPI类型:此字段确定此MD中包含的KPI戳记的类型。如果路径上的接收者不了解KPI类型,它将透明地传递数据包,而不会丢弃数据包。KPI类型支持的值包括:
* 0x0: Timestamp
* 0x0:时间戳
* 0x1: QoS stamp
* 0x1:QoS戳
o Threshold KPI Value: In the first header, the SFC classifier may program a KPI threshold value. This is a value that, when exceeded, requires the SF to insert the current SI value into the SI field. The KPI type is the type of KPI stamp inserted into the header as per Figure 10.
o KPI阈值:在第一个标头中,SFC分类器可以编程KPI阈值。如果超过该值,SF需要将当前SI值插入SI字段。KPI类型是插入到标头中的KPI戳的类型,如图10所示。
o Stamping SI: This is the Service Identifier of the SF when the above threshold value is exceeded.
o Stamping SI:当超过上述阈值时,这是SF的服务标识符。
o Flow ID: The Flow ID is inserted into the header by the SFC classifier in order to correlate flow data in the KPIDB for offline analysis.
o 流ID:SFC分类器将流ID插入标题中,以便关联KPIDB中的流数据以进行脱机分析。
o Ingress KPI stamp: The last 8 octets are reserved for the KPI stamp. This is the KPI value at the chain ingress at the SFC classifier. Depending on the KPI type, the KPI stamp includes either a timestamp or a QoS stamp. If the KPI type is Timestamp, then the Ingress KPI stamp field contains a timestamp in 64-bit NTP timestamp format. If the KPI type is QoS stamp, then the format of the 64-bit Ingress KPI stamp is as follows.
o 入口KPI戳记:最后8个八位字节保留用于KPI戳记。这是SFC分类器链入口处的KPI值。根据KPI类型,KPI戳包括时间戳或QoS戳。如果KPI类型为时间戳,则入口KPI戳字段包含64位NTP时间戳格式的时间戳。如果KPI类型为QoS戳记,则64位入口KPI戳记的格式如下所示。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | QT | QoS Value | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+ + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | QT | QoS Value | Unassigned | +-+-+-+-+-+-+-+-+-+-+-+-+ + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11: QoS-Stamp Format (Detection Mode)
图11:QoS标记格式(检测模式)
As an example operation, let's say we are using KPI type 0x01 (Timestamp). When an SF (say SFn) receives the packet, it can compare the current local timestamp (it first checks that it is synchronized to the network's PRC) with the chain Ingress Timestamp to calculate the latency in the chain. If this value exceeds the timestamp threshold, it then inserts its SI and returns the NSH to the KPIDB. This effectively tells the system that at SFn the packet violated the KPI threshold. Please refer to Figure 8 for the timestamp format.
作为一个示例操作,假设我们使用的是KPI类型0x01(时间戳)。当SF(比如SFn)接收到数据包时,它可以将当前本地时间戳(它首先检查它是否与网络的PRC同步)与链入口时间戳进行比较,以计算链中的延迟。如果该值超过时间戳阈值,则插入其SI并将NSH返回给KPIDB。这有效地告诉系统,在SFn时,数据包违反了KPI阈值。时间戳格式请参考图8。
When this occurs, the SFC control-plane system would then invoke the KPI extended mode, which uses a more sophisticated (and intrusive) method to isolate the root cause of the KPI violation, as described below.
发生这种情况时,SFC控制平面系统将调用KPI扩展模式,该模式使用更复杂(且更具侵入性)的方法来隔离KPI违规的根本原因,如下所述。
Note: Whilst detection mode is a valuable tool for latency actions, the authors feel that building the logic into the KPI system for QoS configuration is not justified. As QoS stamping is done infrequently and on a tiny percentage of the user plane, it is more practical to use extended mode only for service chain QoS verification.
注意:虽然检测模式是延迟操作的一个有价值的工具,但作者认为将逻辑构建到KPI系统中以进行QoS配置是不合理的。由于很少在用户平面上进行QoS标记,因此仅在服务链QoS验证中使用扩展模式更为实际。
A hybrid chain may be defined as a chain whereby there is a mix of NSH-aware and NSH-unaware SFs.
混合链可定义为NSH感知和NSH不感知SF混合的链。
Figure 12 shows an example of a hybrid chain with a PNF in the middle.
图12显示了一个混合链的例子,中间有一个PNF。
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( SFn ) \ FSN / \ / \ PNF1/ \ LSN / `---' `---' `---' `---'
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( SFn ) \ FSN / \ / \ PNF1/ \ LSN / `---' `---' `---' `---'
Figure 12: Hybrid Chain with PNF in Middle
图12:中间带PNF的混合链
In this example, the FSN begins its operation and sets the SI to 3. SF1 decrements the SI to 2 and passes the packet to an SFC proxy (not shown).
在此示例中,FSN开始其操作并将SI设置为3。SF1将SI递减为2,并将数据包传递给SFC代理(未显示)。
The SFC proxy strips the NSH and passes the packet to the PNF. On receipt back from the PNF, the proxy decrements the SI and passes the packet to the LSN with SI=1.
SFC代理剥离NSH并将数据包传递给PNF。从PNF接收回来后,代理递减SI,并将数据包传递给SI=1的LSN。
After the LSN processes the traffic, it knows from the SI value that it is the last node in the chain, and it exports the entire NSH and all MD to the KPIDB. The payload is forwarded to the next hop on the underlay minus the NSH. The stamping information packet may be given a new SPI to act as a homing tag to transport the stamp data back to the KPIDB.
LSN处理流量后,它从SI值知道它是链中的最后一个节点,并将整个NSH和所有MD导出到KPIDB。有效载荷被转发到参考底图上减去NSH的下一跳。可以向戳记信息分组提供新的SPI以用作归位标签,以将戳记数据传输回KPIDB。
Figure 13 shows an example of a hybrid chain with a PNF at the end.
图13显示了末端带有PNF的混合链示例。
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( PNFN ) \ FSN / \ / \ LSN / \ / `---' `---' `---' `---'
Stamping Controller | KPIDB | SCP Interface | ,---. ,---. ,---. ,---. / \ / \ / \ / \ ( SCL )-------->( SF1 )--------->( SF2 )--------->( PNFN ) \ FSN / \ / \ LSN / \ / `---' `---' `---' `---'
Figure 13: Hybrid Chain with PNF at End
图13:端部带有PNF的混合链
In this example, the FSN begins its operation and sets the SI to 3. The SSI field is set to 0x1, and the type is set to 1. Thus, when SF2 receives the packet with SI=1, it understands that it is expected to take on the role of the LSN, as it is the last NSH-aware node in the chain.
在此示例中,FSN开始其操作并将SI设置为3。SSI字段设置为0x1,类型设置为1。因此,当SF2接收到SI=1的分组时,它理解它将承担LSN的角色,因为它是链中最后一个感知NSH的节点。
For the majority of flows within the service chain, stamps (Ingress stamps, Egress stamps, or both) will be carried out at each hop until the SI decrements to zero and the NSH and stamp MD are exported to the KPIDB. However, the need to just test a particular VNF may exist (perhaps after a scale-out operation, software upgrade, or underlay change, for example). In this case, the FSN should mark the NSH as follows:
对于服务链中的大多数流,将在每个跃点执行戳记(入口戳记、出口戳记或两者),直到SI递减为零,NSH和戳记MD导出到KPIDB。但是,可能存在只测试特定VNF的需要(例如,可能在扩展操作、软件升级或基线更改之后)。在这种情况下,FSN应标记NSH,如下所示:
o The SSI field is set to 0x2.
o SSI字段设置为0x2。
o Type is set to the expected SI at the SF in question.
o 类型设置为相关SF处的预期SI。
o When the outer SI is equal to the SSI, stamps are applied at the SF ingress and egress, and the NSH and MD are exported to the KPIDB.
o 当外部SI等于SSI时,将在SF入口和出口处应用戳记,并将NSH和MD导出到KPIDB。
The methods described in this document do not support fragmentation. The SC should return an error should a stamping request from an external system exceed MTU limits and require fragmentation.
本文档中描述的方法不支持分段。如果来自外部系统的加盖印花请求超过MTU限制并需要分段,SC应返回错误。
Depending on the length of the payload and the type of KPI stamp and chain length, this will vary for each packet.
根据有效负载的长度、KPI标记的类型和链长度,每个数据包的长度都会有所不同。
In most service provider architectures, we would expect SI << 10, which may include some PNFs in the chain that do not add overhead. Thus, for typical Internet Mix (IMIX) packet sizes [RFC6985], we expect to be able to perform timestamping on the vast majority of flows without fragmentation. Thus, the classifier can apply a simple rule that only allows KPI stamping on packet sizes less than 1200 bytes, for example.
在大多数服务提供商体系结构中,我们期望SI<<10,这可能会在链中包含一些不会增加开销的PNF。因此,对于典型的互联网混合(IMIX)数据包大小[RFC6985],我们希望能够在绝大多数流上执行时间戳而不会出现碎片。因此,分类器可以应用一个简单的规则,例如,仅允许对小于1200字节的数据包大小进行KPI标记。
The security considerations for the NSH in general are discussed in [RFC8300].
NSH的一般安全注意事项在[RFC8300]中讨论。
In-band timestamping, as defined in this document, can be used as a means for network reconnaissance. By passively eavesdropping on timestamped traffic, an attacker can gather information about network delays and performance bottlenecks.
本文件中定义的带内时间戳可作为网络侦察的一种手段。通过被动窃听时间戳流量,攻击者可以收集有关网络延迟和性能瓶颈的信息。
The NSH timestamp is intended to be used by various applications to monitor network performance and to detect anomalies. Thus, a man-in-the-middle attacker can maliciously modify timestamps in order to attack applications that use the timestamp values. For example, an attacker could manipulate the SFC classifier operation, such that it forwards traffic through "better-behaved" chains. Furthermore, if timestamping is performed on a fraction of the traffic, an attacker can selectively induce synthetic delay only to timestamped packets and can systematically trigger measurement errors.
NSH时间戳旨在由各种应用程序用于监控网络性能和检测异常。因此,中间人攻击者可以恶意修改时间戳,以攻击使用时间戳值的应用程序。例如,攻击者可以操纵SFC分类器操作,使其通过“性能更好”的链转发流量。此外,如果对流量的一小部分执行时间戳,攻击者可以选择性地仅对时间戳数据包诱导合成延迟,并且可以系统地触发测量错误。
Similarly, if an attacker can modify QoS stamps, erroneous values may be imported into the KPIDB, resulting in further misconfiguration and subscriber QoE impairment.
类似地,如果攻击者可以修改QoS标记,则可能会将错误值导入KPIDB,从而导致进一步的错误配置和订户QoE损害。
An attacker that gains access to the SCP can enable timestamping and QoS stamping for all subscriber flows, thereby causing performance bottlenecks, fragmentation, or outages.
获得SCP访问权限的攻击者可以为所有订户流启用时间戳和QoS戳,从而导致性能瓶颈、碎片或中断。
As discussed in previous sections, NSH timestamping relies on an underlying time synchronization protocol. Thus, by attacking the time protocol, an attacker can potentially compromise the integrity of the NSH timestamp. A detailed discussion about the threats against time protocols and how to mitigate them is presented in [RFC7384].
如前几节所述,NSH时间戳依赖于底层时间同步协议。因此,通过攻击时间协议,攻击者可能会破坏NSH时间戳的完整性。[RFC7384]中详细讨论了针对时间协议的威胁以及如何缓解这些威胁。
This document has no IANA actions.
本文档没有IANA操作。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC7665] Halpern, J., Ed. and C. Pignataro, Ed., "Service Function Chaining (SFC) Architecture", RFC 7665, DOI 10.17487/RFC7665, October 2015, <https://www.rfc-editor.org/info/rfc7665>.
[RFC7665]Halpern,J.,Ed.和C.Pignataro,Ed.,“服务功能链(SFC)架构”,RFC 7665,DOI 10.17487/RFC7665,2015年10月<https://www.rfc-editor.org/info/rfc7665>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174]Leiba,B.,“RFC 2119关键词中大写与小写的歧义”,BCP 14,RFC 8174,DOI 10.17487/RFC8174,2017年5月<https://www.rfc-editor.org/info/rfc8174>.
[RFC8300] Quinn, P., Ed., Elzur, U., Ed., and C. Pignataro, Ed., "Network Service Header (NSH)", RFC 8300, DOI 10.17487/RFC8300, January 2018, <https://www.rfc-editor.org/info/rfc8300>.
[RFC8300]Quinn,P.,Ed.,Elzur,U.,Ed.,和C.Pignataro,Ed.,“网络服务头(NSH)”,RFC 8300,DOI 10.17487/RFC8300,2018年1月<https://www.rfc-editor.org/info/rfc8300>.
[IEEE1588] IEEE, "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems", IEEE Standard 1588, <https://standards.ieee.org/standard/1588-2008.html>.
[IEEE1588]IEEE,“网络测量和控制系统精密时钟同步协议的IEEE标准”,IEEE标准1588<https://standards.ieee.org/standard/1588-2008.html>.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, <https://www.rfc-editor.org/info/rfc5905>.
[RFC5905]Mills,D.,Martin,J.,Ed.,Burbank,J.,和W.Kasch,“网络时间协议版本4:协议和算法规范”,RFC 5905,DOI 10.17487/RFC59052010年6月<https://www.rfc-editor.org/info/rfc5905>.
[RFC7384] Mizrahi, T., "Security Requirements of Time Protocols in Packet Switched Networks", RFC 7384, DOI 10.17487/RFC7384, October 2014, <https://www.rfc-editor.org/info/rfc7384>.
[RFC7384]Mizrahi,T.,“分组交换网络中时间协议的安全要求”,RFC 7384,DOI 10.17487/RFC7384,2014年10月<https://www.rfc-editor.org/info/rfc7384>.
[RFC6985] Morton, A., "IMIX Genome: Specification of Variable Packet Sizes for Additional Testing", RFC 6985, DOI 10.17487/RFC6985, July 2013, <https://www.rfc-editor.org/info/rfc6985>.
[RFC6985]Morton,A.,“IMIX基因组:用于附加测试的可变数据包大小规范”,RFC 6985,DOI 10.17487/RFC6985,2013年7月<https://www.rfc-editor.org/info/rfc6985>.
[Y.1731] ITU-T Recommendation G.8013/Y.1731, "Operations, administration and maintenance (OAM) functions and mechanisms for Ethernet-based networks", August 2015, <https://www.itu.int/rec/T-REC-G.8013/en>.
[Y.1731]ITU-T建议G.8013/Y.1731,“基于以太网的网络的操作、管理和维护(OAM)功能和机制”,2015年8月<https://www.itu.int/rec/T-REC-G.8013/en>.
[G.8261] ITU-T Recommendation G.8261/Y.1361, "Timing and synchronization aspects in packet networks", August 2013, <https://www.itu.int/rec/T-REC-G.8261>.
[G.8261]ITU-T建议G.8261/Y.1361,“分组网络中的定时和同步方面”,2013年8月<https://www.itu.int/rec/T-REC-G.8261>.
[G.8262] ITU-T Recommendation G.8262/Y.1362, "Timing characteristics of a synchronous Ethernet equipment slave clock", November 2018, <https://www.itu.int/rec/T-REC-G.8262>.
[G.8262]ITU-T建议G.8262/Y.1362,“同步以太网设备从时钟的定时特性”,2018年11月<https://www.itu.int/rec/T-REC-G.8262>.
[G.8264] ITU-T Recommendation G.8264/Y.1364, "Distribution of timing information through packet networks", August 2017, <https://www.itu.int/rec/T-REC-G.8264>.
[G.8264]ITU-T建议G.8264/Y.1364,“通过分组网络分发定时信息”,2017年8月<https://www.itu.int/rec/T-REC-G.8264>.
[In-Situ-OAM] Brockners, F., Bhandari, S., Pignataro, C., Gredler, H., Leddy, J., Youell, S., Mizrahi, T., Mozes, D., Lapukhov, P., Chang, R., Bernier, D., and J. Lemon, "Data Fields for In-situ OAM", Work in Progress, draft-ietf-ippm-ioam-data-05, March 2019.
[现场OAM]布罗克内尔斯,F.,班达里,S.,皮格纳塔罗,C.,格雷德勒,H.,莱迪,J.,尤尔,S.,米兹拉希,T.,莫泽斯,D.,拉普霍夫,P.,张,R.,伯尼尔,D.,和J.莱蒙,“现场OAM的数据字段”,正在进行中,草案-ietf-ippm-ioam-Data-052019年3月。
Acknowledgments
致谢
The authors gratefully acknowledge Mohamed Boucadair, Martin Vigoureux, and Adrian Farrel for their thorough reviews and helpful comments.
作者感谢Mohamed Boucadair、Martin Vigoureux和Adrian Farrel的全面评论和有益评论。
Contributors
贡献者
This document originated as draft-browne-sfc-nsh-timestamp-00; the following people were coauthors of that draft. We would like to thank them and recognize them for their contributions.
本文件原名为draft-browne-sfc-nsh-timestamp-00;以下人员是该草案的合著者。我们要感谢他们并感谢他们的贡献。
Yoram Moses Technion Email: moses@ee.technion.ac.il
约拉姆·摩西电子邮件:moses@ee.technion.ac.il
Brendan Ryan Intel Corporation Email: brendan.ryan@intel.com
Brendan Ryan英特尔公司电子邮件:Brendan。ryan@intel.com
Authors' Addresses
作者地址
Rory Browne Intel Dromore House Shannon Co. Clare Ireland
Rory Browne Intel Dromore House香农公司克莱尔爱尔兰
Email: rorybrowne@yahoo.com
Email: rorybrowne@yahoo.com
Andrey Chilikin Intel Dromore House Shannon Co. Clare Ireland
安德烈·奇利金英特尔德罗莫尔之家香农公司克莱尔爱尔兰
Email: andrey.chilikin@intel.com
Email: andrey.chilikin@intel.com
Tal Mizrahi Huawei Network.IO Innovation Lab Israel
Tal Mizrahi华为网络创新实验室以色列
Email: tal.mizrahi.phd@gmail.com
Email: tal.mizrahi.phd@gmail.com