-
Notifications
You must be signed in to change notification settings - Fork 3
/
draft-ietf-detnet-ip.xml
1057 lines (999 loc) · 50.4 KB
/
draft-ietf-detnet-ip.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no"?>
<?rfc strict="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc category="std"
docName="draft-ietf-detnet-ip-02"
ipr="trust200902"
submissionType="IETF">
<front>
<title abbrev="DetNet IP">
DetNet Data Plane: IP</title>
<author role="editor" fullname="Balázs Varga" initials="B." surname="Varga">
<organization>Ericsson</organization>
<address>
<postal>
<street>Magyar Tudosok krt. 11.</street>
<city>Budapest</city>
<country>Hungary</country>
<code>1117</code>
</postal>
<email>balazs.a.varga@ericsson.com</email>
</address>
</author>
<author fullname="János Farkas" initials="J." surname="Farkas">
<organization>Ericsson</organization>
<address>
<postal>
<street>Magyar Tudosok krt. 11.</street>
<city>Budapest</city>
<country>Hungary</country>
<code>1117</code>
</postal>
<email>janos.farkas@ericsson.com</email>
</address>
</author>
<author fullname="Lou Berger" initials="L." surname="Berger">
<organization>LabN Consulting, L.L.C.</organization>
<address>
<email>lberger@labn.net</email>
</address>
</author>
<author fullname="Don Fedyk" initials="D." surname="Fedyk">
<organization>LabN Consulting, L.L.C.</organization>
<address>
<email>dfedyk@labn.net</email>
</address>
</author>
<author fullname="Andrew G. Malis" initials="A.G." surname="Malis">
<organization>Independent</organization>
<address>
<email>agmalis@gmail.com</email>
</address>
</author>
<author fullname="Stewart Bryant" initials="S." surname="Bryant">
<organization>Futurewei Technologies</organization>
<address>
<email>stewart.bryant@gmail.com</email>
</address>
</author>
<author fullname="Jouni Korhonen" initials="J." surname="Korhonen">
<!--organization abbrev="Nordic">Nordic Semiconductor</organization-->
<address>
<email>jouni.nospam@gmail.com</email>
</address>
</author>
<!--author fullname="Donald Fauntleroy Duck" initials="D. F." surname="Duck">
<organization abbrev="Royal Bros.">Royal Bros.</organization>
<address>
<postal>
<street>13 Paradise Road</street>
<city>Duckburg</city>
<region>Calisota</region>
<country>USA</country>
</postal>
</address>
</author-->
<date />
<workgroup>DetNet</workgroup>
<abstract>
<t>
This document specifies the Deterministic Networking data plane
when operating in an IP packet switched network.
</t>
</abstract>
</front>
<middle>
<section title="Introduction" anchor="sec_intro">
<t>
Deterministic Networking (DetNet) is a service that can be offered by a network to DetNet flows.
DetNet provides these flows extremely low packet loss rates and assured maximum end-to-end
delivery latency. General background and concepts of DetNet can
be found in the DetNet Architecture <xref target="I-D.ietf-detnet-architecture"/>.
</t>
<t>
This document specifies the DetNet data plane operation for IP hosts
and routers that provide DetNet service to IP encapsulated data. No
DetNet specific encapsulation is defined to support IP flows, instead
the existing IP and higher layer protocol header information is used to
support flow identification and DetNet service delivery. Common data plane
procedures and control information for all DetNet data planes
can be found in the <xref target="I-D.ietf-detnet-data-plane-framework"/>.
</t>
<t>
The DetNet Architecture models the DetNet related data plane functions
decomposed into two sub-layers: functions into two sub-layers: a
service sub-layer and a forwarding sub-layer. The service sub-layer is
used to provide DetNet service protection and reordering. The
forwarding sub-layer is used to provides congestion protection (low
loss, assured latency, and limited out-of-order delivery). Since no DetNet
specific headers are added to support DetNet IP flows, only the
forwarding sub-layer functions are supported using the DetNet IP
defined by this document. Service protection can be provided on a per
sub-net basis using technologies such as MPLS <xref
target="I-D.ietf-detnet-dp-sol-mpls"/> and Ethernet as
specified in the IEEE 802.1 TSN task group(referred to in this document
simply as IEEE802.1 TSN).
</t>
<t>
This document provides an overview of the DetNet IP data plane in <xref
target="sec_dt_dp"/>, considerations that apply to providing
DetNet services via the DetNet IP data plane in <xref
target="dn-gen-encap-solution"/>. <xref target="ip-procs"/>
provides the procedures for hosts and routers that support IP-based
DetNet services. <xref target="ip-flow-id-info"/> summarizes the set of
information that is needed to identify an individual DetNet flow.
</t>
</section>
<section title="Terminology">
<section title="Terms Used In This Document">
<t>
This document uses the terminology and concepts established in
the DetNet architecture <xref
target="I-D.ietf-detnet-architecture"/>, and the reader is assumed
to be familiar with that document and its terminology.
</t>
</section>
<section title="Abbreviations">
<t>
The following abbreviations used in this document:
<!-- [JiK] Update later -->
<list style="hanging" hangIndent="14">
<t hangText="CoS">Class of Service.</t>
<t hangText="DetNet">Deterministic Networking.</t>
<t hangText="DN">DetNet.</t>
<t hangText="DiffServ">Differentiated Services</t>
<t hangText="DSCP">Differentiated Services Code Point</t>
<t hangText="ECN">Explicit Congestion Notification.</t>
<t hangText="L2">Layer-2.</t>
<t hangText="L3">Layer-3.</t>
<t hangText="LSP">Label-switched path.</t>
<t hangText="MPLS">Multiprotocol Label Switching.</t>
<t hangText="PREOF">Packet Replication, Ordering and Elimination Function.</t>
<t hangText="QoS">Quality of Service.</t>
<t hangText="TSN">Time-Sensitive Networking, TSN is a Task Group of the IEEE
802.1 Working Group.</t>
</list>
</t>
</section>
<section title="Requirements Language">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref
target="RFC8174"/> when, and only when, they appear in all
capitals, as shown here.
</t>
</section>
</section>
<section title="DetNet IP Data Plane Overview" anchor="sec_dt_dp">
<!-- LB: this section should provide the overview related to:
<section title="Simplified IP-Related DetNet Data Plane Solution" anchor="simple-ip-solution">
<t>
This section is the placeholder for the conclusion discussed during IETF 101 and 102.
</t>
<t>
[Editor's note: describe the 6 tuple way of identifying DetNet service flows. Also stress
that PREOF is per network segment as described in <xref target="nwsegments"/>
<list style="symbols">
<t>DetNet flows are recognized based on 6 tuple.</t>
<t>No end to end DN Sequence Number present in the packet.</t>
<t>Links / sub nets may use their technology specific methods to achieve DN service.</t>
<t>TE information does not travel with the packet (e.g., nailed down path ensured via Policy-Based-Routing).</t>
<t>etc.</t>
</list>
]
</t>
<t>
<xref target="simplifiedip"/> illustrated the case for DetNet simplified IP data plane solution.
</t>
</section>
-->
<t>
This document describes how IP is used by DetNet nodes, i.e., hosts and
routers, identify DetNet flows and provide a DetNet service using an IP
data plane. From a data plane perspective, an end-to-end IP model is
followed. As mentioned above, existing IP and higher layer protocol
header information is used to support flow identification and DetNet
service delivery. Common data plane procedures and control information
for all DetNet data planes can be found in the <xref
target="I-D.ietf-detnet-data-plane-framework"/>.
</t>
<t>
The DetNet IP data plane primarily uses "6-tuple" based flow identification, where
6-tuple refers to information carried in IP and higher layer protocol
headers. The 6-tuple referred to in this document is the same as
that defined in <xref target="RFC3290"/>. Specifically 6-tuple is
(destination address, source address, IP protocol, source port,
destination port, and differentiated services (DiffServ) code point
(DSCP). General background on the use of IP headers, and 5-tuples,
to identify flows and support Quality of Service (QoS) can be found in
<xref target="RFC3670"/>. <xref target="RFC7657"/> also provides
useful background on the delivery of DiffServ and "tuple" based flow
identification.
</t>
<t>
The DetNet IP data plane also allows for optional matching on two
additional data fields. The optional fields are the ECN Field,
as in <xref target="RFC3168"/>, and the IPv6 flow label field,
as defined in <xref target="RFC8200"/>.
</t>
<t>
Generally the fields used in flow identification are forward
unmodified but modification is allowed, for example to a DSCP
value, when required by the DetNet service.
</t>
<t>
DetNet flow aggregation may be enabled via the use of
wildcards, masks, lists, prefixes and ranges. IP tunnels may also be
used to support flow aggregation. In these cases, it is
expected that DetNet aware intermediate nodes will provide
DetNet service assurance on the aggregate through resource
allocation and congestion control mechanisms.
</t>
<figure align="center" anchor="fig_ip_detnet_simple"
title="A Simple DetNet (DN) Enabled IP Network">
<artwork><![CDATA[
DetNet IP Relay Relay DetNet IP
End System Node Node End System
+----------+ +----------+
| Appl. |<------------ End to End Service ----------->| Appl. |
+----------+ ............ ........... +----------+
| Service |<-: Service :-- DetNet flow --: Service :->| Service |
+----------+ +----------+ +----------+ +----------+
|Forwarding| |Forwarding| |Forwarding| |Forwarding|
+--------.-+ +-.------.-+ +-.---.----+ +-------.--+
: Link : \ ,-----. / \ ,-----. /
+......+ +----[ Sub ]----+ +-[ Sub ]-+
[Network] [Network]
`-----' `-----'
|<--------------------- DetNet IP --------------------->|
]]></artwork>
</figure>
<t>
<xref target="fig_ip_detnet_simple"/> illustrates a DetNet enabled IP
network. The DetNet enabled end systems originate IP encapsulated
traffic that is identified as DetNet flows, relay nodes understand the
forwarding requirements of the DetNet flow and ensure that node,
interface and sub-network resources are allocated to ensure DetNet
service requirements. The dotted line around the Service component of
the Relay Nodes indicates that the transit routers are DetNet service
aware but do not perform any DetNet service sub-layer function, e.g., PREOF.
IEEE 802.1 TSN is an example sub-network type which can provide support
for DetNet flows and service.
</t>
<t>
Note: The sub-network can represent a TSN, MPLS or IP network
segment.
</t>
<figure align="center" anchor="fig_non_detnet_ip"
title="Non-DetNet aware IP end systems with DetNet IP Domain">
<artwork><![CDATA[
IP Edge Edge IP
End System Node Node End System
+----------+ +.........+ +.........+ +----------+
| Appl. |<--:Svc Proxy:-- E2E Service---:Svc Proxy:-->| Appl. |
+----------+ +.........+ +.........+ +----------+
| IP |<--:IP : :Svc:---- IP flow ----:Svc: :IP :-->| IP |
+----------+ +---+ +---+ +---+ +---+ +----------+
|Forwarding| |Fwd| |Fwd| |Fwd| |Fwd| |Forwarding|
+--------.-+ +-.-+ +-.-+ +-.-+ +-.-+ +---.------+
: Link : \ ,-----. / / ,-----. \
+.......+ +----[ Sub ]----+ +--[ Sub ]--+
[Network] [Network]
`-----' `-----'
|<--- IP --->| |<------ DetNet IP ------>| |<--- IP --->|
]]></artwork>
</figure>
<t>
<xref target="fig_non_detnet_ip"/> illustrates a variant of <xref
target="fig_ip_detnet_simple"/> where the end systems are not DetNet
aware. In this case, edge nodes sit at the boundary of the DetNet
domain and provide DetNet service proxies for the end applications by
initiating and terminating DetNet service for the application's IP
flows. The existing header information or an approach such as described
in <xref target="aggregation"/> can be used to support DetNet flow
identification.
</t>
<t>
Note, that <xref target="fig_ip_detnet_simple"/> and
<xref target="fig_non_detnet_ip"/> can be combined, so IP DetNet
End Systems can communicate over DetNet IP network with IP End System.
</t>
<t>
Non-DetNet and DetNet IP packets are identical on the wire. From
data plane perspective, the only difference is that there is
flow-associated DetNet information on each DetNet node that
defines the flow related characteristics and required forwarding
behavior. As shown above, edge nodes provide a Service Proxy
function that "associates" one or more IP flows with the
appropriate DetNet flow-specific information and ensures that
the receives the proper traffic treatment within the domain.
</t>
<t>
Note: The operation of IEEE802.1 TSN end systems over DetNet
enabled IP networks is not described in this document. TSN
over MPLS is discribed in <xref target="I-D.ietf-detnet-tsn-vpn-over-mpls"/>.
</t>
</section>
<!-- ================================================================= -->
<!-- =================== General Encap considerations ================ -->
<!-- ================================================================= -->
<section title="DetNet IP Data Plane Considerations" anchor="dn-gen-encap-solution">
<t>
This section provides informative considerations related to
providing DetNet service to flows which are identified
based on their header information.
</t>
<section title="End-System Specific Considerations">
<t>
Data-flows requiring DetNet service are generated and terminated on
end systems. This document deals only with IP end systems. The
protocols used by an IP end system are specific to an application
and end systems peer with end systems using the same application
encapsulation format. This said, DetNet's use of 6-tuple IP flow
identification means that DetNet must be aware of not only the
format of the IP header, but also of the next protocol carried
within an IP packet.
</t>
<t>
When IP end systems are DetNet aware, no application-level or
service-level proxy functions are needed inside the DetNet domain.
For DetNet unaware IP end systems service-level proxy functions are
needed inside the DetNet domain.
</t>
<t>
End systems need to ensure that DetNet service requirements are met
when processing packets associated with a DetNet flow. When
forwarding packets, this means that packets are
appropriately shaped on transmission and received appropriate traffic
treatment on the connected sub-network, see <xref target="QoS"/> and
<xref target="dn_dom_spec_cons"/> for more details. When receiving packets,
this means that there are appropriate local node resources,
e.g., buffers, to receive and process a DetNet flow packets.
</t>
</section>
<section title="DetNet Domain-Specific Considerations" anchor="dn_dom_spec_cons">
<t>
As a general rule, DetNet IP domains need to be able to forward any
DetNet flow identified by the IP 6-tuple. Doing otherwise would limit
end system encapsulation format. From a practical standpoint this
means that all nodes along the end-to-end path of DetNet flows need
to agree on what fields are used for flow identification, and the
transport protocols (e.g., TCP/UDP/IPsec) which can be used to
identify 6-tuple protocol ports.
</t>
<t>
From a connection type perspective two scenarios are identified:
<list style="numbers">
<t>
DN attached: end system is directly connected to an edge node or
end system is behind a sub-network. (See ES1 and ES2 in figure
below)
</t>
<t>
DN integrated: end system is part of the DetNet domain. (See ES3
in figure below)
</t>
</list>
</t>
<t>
L3 (IP) end systems may use any of these connection types. A DetNet
domain allows communication between any end-systems using the
same encapsulation format, independent of their connection type and
DetNet capability. DN attached end systems have no knowledge about
the DetNet domain and its encapsulation format. See <xref
target="fig_es_con_types"/> for L3 end system connection examples.
</t>
<figure title="Connection types of L3 end systems" anchor="fig_es_con_types">
<artwork align="center"><![CDATA[
____+----+
+----+ _____ / | ES3|
| ES1|____ / \__/ +----+___
+----+ \ / \
+ |
____ \ _/
+----+ __/ \ +__ DetNet IP domain /
| ES2|____/ L2/L3 |___/ \ __ __/
+----+ \_______/ \_______/ \___/
]]>
</artwork></figure>
<t>
Within a DetNet domain, the DetNet enabled IP Routers are interconnected by
links and sub-networks to support end-to-end delivery of DetNet
flows. From a DetNet architecture perspective, these routers are
DetNet relays, as they must be DetNet service aware. Such routers
identify DetNet flows based on the IP 6-tuple, and ensure that the
DetNet service required traffic treatment is provided both on the
node and on any attached sub-network.
</t>
<t>
This solution provides DetNet functions end to end, but does so on
a per link and sub-network basis. Congestion protection and
latency control and the resource allocation (queuing, policing,
shaping) are supported using the underlying link / sub net
specific mechanisms. However, service protections (packet
replication and packet elimination functions) are not provided at
the DetNet layer end to end. Instead service protection can be
provided on a per underlying L2 link and sub-network basis.
</t>
<!-- =================================================================
<figure title="Encapsulation of DetNet Routing in simplified IP service L3 end-systems"
anchor="fig_simple_iprouting">
<artwork align="center"><![CDATA[
+- - - - - -+ +- - - - - -+
| X | | X |
+======+ +- - - - - -+
End-system | IP | | IP |
- - - - -+- - - - - -+- - - - - - -+======+- - - - -+======+- -
DetNet |L2/SbN| |L2/SbN|
+- - - - - -+ +- - - - - -+
]]>
</artwork></figure>
-->
<t>
The DetNet Service Flow is mapped to the link / sub-network
specific resources using an underlying system specific
means. This implies each DetNet aware node on path looks
into the forwarded DetNet Service Flow packet and utilize
e.g., a 6-tuple to find out the required mapping within
a node.
</t>
<t>
As noted earlier, the Service Protection is done within each
link / sub-network independently using the domain specific
mechanisms (due the lack of a unified end to end sequencing
information that would be available for intermediate nodes).
Therefore, service protection (if enabled) cannot be provided
end-to-end, only within sub-networks. This is shown for a three
sub-network scenario in <xref target="fig_pref_in_subnets"/>,
where each sub-network can provide service protection between
its borders. "R" and "E" denotes replication and elimination
points within the sub-network.
</t>
<figure title="Replication and elimination in sub-networks for DetNet IP networks" anchor="fig_pref_in_subnets">
<artwork align="center">
<![CDATA[
<-------------------- DenNet IP ------------------------>
______
____ / \__
____ / \__/ \___ ______
+----+ __/ +====+ +==+ \ +----+
|src |__/ SubN1 ) | | \ SubN3 \____| dst|
+----+ \_______/ \ Sub-Network2 | \______/ +----+
\_ _/
\ __ __/
\_______/ \___/
+---+ +---------E--------+ +-----+
+----+ | | | | | | | +----+
|src |----R E--------R +---+ E------R E------+ dst|
+----+ | | | | | | | +----+
+---+ +-----R------------+ +-----+
]]>
</artwork></figure>
<t>
If end to end service protection is desired, it can be
implemented, for example, by the DetNet end systems using Layer-4
(L4) transport protocols or application protocols. However, these
protocols are out of scope of this document.
</t>
</section>
<section title="Forwarding Sub-Layer Considerations">
<section title="Class of Service">
<t>
Class of Service (CoS) for DetNet flows carried in IPv6 is provided using the standard
differentiated services code point (DSCP) field <xref
target="RFC2474"/> and related mechanisms. The 2-bit explicit
congestion notification (ECN) <xref target="RFC3168"/> field MAY
also be used.
</t>
<t>
One additional consideration for DetNet nodes which support CoS
services is that they MUST ensure that the CoS service classes do
not impact the congestion protection and latency control mechanisms
used to provide DetNet QoS. This requirement is similar to
requirement for MPLS LSRs to that CoS LSPs do not impact the
resources allocated to TE LSPs via <xref target="RFC3473"/>.
</t>
</section>
<section title="Quality of Service" anchor="QoS">
<t>
Quality of Service (QoS) for DetNet service flows carried in IP MUST be provided locally by
the DetNet-aware hosts and routers supporting DetNet flows. Such
support leverages the underlying network layer such as
802.1 TSN. The traffic control mechanisms used to deliver QoS for
IP encapsulated DetNet flows are expected to be defined in a future
document. From an encapsulation perspective, the combination of the 6-tuple i.e.,
the typical 5-tuple enhanced with the DSCP and previously
mentioned two optional fields, uniquely identifies a DetNet
service flow.
</t>
<t>
Packets that are marked with a DetNet Class of Service value,
but that have not been the subject of a completed reservation,
can disrupt the QoS offered to properly reserved DetNet flows
by using resources allocated to the reserved flows.
Therefore, the network nodes of a DetNet network must:
<list style="symbols">
<t>
Defend the DetNet QoS by discarding or remarking (to a
non-DetNet CoS) packets received that are not the subject
of a completed reservation. </t><t> Not use a DetNet
reserved resource, e.g. a queue or shaper reserved for
DetNet flows, for any packet that does not carry a DetNet
Class of Service marker.
</t>
</list>
</t>
</section>
</section>
<section title="DetNet Flow Aggregation" anchor="aggregation">
<t>
As described in <xref
target="I-D.ietf-detnet-data-plane-framework"/>, the ability to
aggregate individual flows, and their associated resource
control, into a larger aggregate is an important technique for
improving scaling by reducing the state per hop. DetNet IP
data plane aggregation can take place within a single node,
when that node maintains state about both the aggregated and
individual flows. It can also take place between nodes, where
one node maintains state about only flow aggregates while the
other node maintains state on all or a portion of the component
flows. In either case, the management or control function that
provisions the aggregate flows must ensure that adequate
resources are allocated and configured to provide combined
service requirements of the individual flows. As DetNet is
concerned about latency and jitter, more than just bandwidth
needs to be considered.
</t>
<t>
From a single node perspective, the aggregation of IP flows
impacts DetNet IP data plane flow identification and resource
allocation. As discussed above, IP flow identification uses
the IP "6-tuple" for flow identification. DetNet IP flows can
be aggregated using any of the 6-tuple, or two additional optional fields defined in <xref
target="ip-flow-id"/>. The use of prefixes, wildcards,
lists, and value ranges allows a DetNet node to identify
aggregate DetNet flows. From a resource allocation
perspective, DetNet nodes must provide service to a aggregate
and not on a component flow basis.
</t>
<t>
It is the responsibility of the DetNet controller plane to
properly provision the use of these aggregation mechanisms.
This includes ensuring that aggregated flows have compatible
e.g., the same or very similar QoS and/or CoS characteristics,
see <xref target="QoS"/>. It also includes ensuring that per
component-flow service requirements are satisfied by the
aggregate, see <xref target="ip-svc"/>.
</t>
</section>
<section title="Bidirectional Traffic">
<t>
While the DetNet IP data plane must support bidirectional
DetNet flows, there are no special bidirectional features with
respect to the data plane other than the need for the two
directions of a co-routed bidirectional flow to take the same
path. That is to say that bidirectional DetNet flows are
solely represented at the management and control plane levels,
without specific support or knowledge within the DetNet data
plane. Fate sharing and associated or co-routed
bidirectional flows can be managed at the control level.
</t>
<t>
Control and management mechanisms need to support
bidirectional flows, but the specification of such mechanisms
are out of scope of this document. An example control plane
solution for MPLS can be found in <xref target="RFC7551"/>.
</t>
</section>
</section>
<!-- ===================================================================== -->
<!-- ===================================================================== -->
<section anchor="ip-procs" title="DetNet IP Data Plane Procedures">
<t>
This section provides DetNet IP data plane procedures. These
procedures have been divided into the following areas: flow
identification, forwarding and traffic treatment. Flow
identification includes those procedures related to matching IP
and higher layer protocol header information to DetNet flow
(state) information and service requirements. Flow
identification is also sometimes called Traffic classification,
for example see <xref target="RFC5777"/>. Forwarding includes
those procedures related to next hop selection and
delivery. Traffic treatment includes those procedures related to
providing an identified flow with the required DetNet service.
</t>
<t>
DetNet IP data plane establishment and operational procedures
also have requirements on the control and management systems
for DetNet flows and these are referred in this section.
Specifically this section identifies a
number of information elements that require support via the
management and control interfaces supported by a DetNet node.
The specific mechanism used for such support is out of the scope
of this document. A summary of the requirements for management and control
related information is included. Conformance
language is not used in the summary since applies to future
mechanisms such as those that may be provided in YANG models
<xref target="I-D.ietf-detnet-yang"/>.
</t>
<section anchor="ip-flow-id"
title="DetNet IP Flow Identification Procedures">
<t>
IP and higher layer protocol header information is used to
identify DetNet flows. All DetNet implementations that support
this document MUST identify individual DetNet flows based on
the set of information identified in this section. Note, that
additional flow identification requirements, e.g., to support
other higher layer protocols, may be defined in future.
</t>
<t>
The configuration and control information used to identify an
individual DetNet flow MUST be ordered by an implementation.
Implementations MUST support a fixed order when identifying
flows, and MUST identify a DetNet flow by the first set of
matching flow information.
</t>
<t>
Implementations of this document MUST support DetNet flow
identification when the implementation is acting as a
DetNet end systems, a relay node or as an edge node.
</t>
<section anchor="ip-hdr" title="IP Header Information">
<t>
Implementations of this document MUST support DetNet flow
identification based on IP header information. The IPv4
header is defined in <xref target="RFC0791"/> and the IPv6
is defined in <xref target="RFC8200"/>.
</t>
<section title="Source Address Field">
<t>
Implementations of this document MUST support DetNet flow
identification based on the Source Address field of an IP
packet. Implementations SHOULD support longest prefix
matching for this field, see <xref target="RFC1812"/> and
<xref target="RFC7608"/>. Note that a prefix length of
zero (0) effectively means that the field is ignored.
</t>
</section>
<section title="Destination Address Field">
<t>
Implementations of this document MUST support DetNet flow
identification based on the Destination Address field of an IP
packet. Implementations SHOULD support longest prefix
matching for this field, see <xref target="RFC1812"/> and
<xref target="RFC7608"/>. Note that a prefix length of
zero (0) effectively means that the field is ignored.
</t>
<t>
Note: any IP address value is allowed, including an IP
multicast destination address.
</t>
</section>
<section anchor="nxt-proto-field"
title="IPv4 Protocol and IPv6 Next Header Fields">
<t>
Implementations of this document MUST support DetNet flow
identification based on the IPv4 Protocol field when
processing IPv4 packets, and the IPv6 Next Header Field
when processing IPv6 packets. An implementation MUST
support flow identification based based the next protocol
values defined in <xref target="nxt-proto"/>. Other,
non-zero values, MUST be used for flow identification.
Implementations SHOULD allow for these fields to be
ignored for a specific DetNet flow.
</t>
</section>
<section title="IPv4 Type of Service and IPv6 Traffic Class Fields">
<t>
These fields are used to support Differentiated Services
<xref target="RFC2474"/> and Explicit Congestion
Notification <xref target="RFC3168"/>. Implementations of
this document MUST support DetNet flow identification
based on the IPv4 Type of Service field when processing
IPv4 packets, and the IPv6 Traffic Class Field when
processing IPv6 packets. Implementations MUST support list
based matching of DSCP values, where the list is composed
of possible field values that are to be considered when
identifying a specific DetNet flow. Implementations
SHOULD allow for this field to be ignored for a specific
DetNet flow.
</t>
<t>
Implementations of this document MUST allow the ECN field
to be ignored as part of DetNet flow identification.
Additionally, implementations SHOULD support
identification of DetNet flows based on the value carried
in the ECN field. When this field is used to identify a
specific DetNet flow, implementations MUST support a list
of ECN values that match a specific slow.
</t>
</section>
<section title="IPv6 Flow Label Field">
<t>
Implementations of this document SHOULD support identification of
DetNet flows based on the IPv6 Flow Label field. Implementations
that support matching based on this field MUST allow for this
field to be ignored for a specific DetNet flow. When this field
is used to identify a specific DetNet flow, implementations MAY
exclude the IPv6 Next Header field and next header information as
part of DetNet flow identification.
</t>
</section>
</section>
<section anchor="nxt-proto" title="Other Protocol Header Information">
<t>
Implementations of this document MUST support DetNet flow
identification based on header information identified in this
section. Support for TCP, UDP and IPsec flows is defined.
Future documents are expected to define support for other
protocols.
</t>
<section title="TCP and UDP">
<t>
DetNet flow identification for TCP <xref
target="RFC0793"/> and UDP <xref target="RFC0768"/> is
achieved based on the Source and Destination
Port fields carried in each protocol's header. These
fields share a common format and common DetNet flow
identification procedures.
</t>
<section title="Source Port Field">
<t>
Implementations of this document MUST support DetNet flow
identification based on the Source Port field of a TCP or
UDP packet. Implementations MUST support flow
identification based on a particular value carried in the
field, i.e., an exact value. Implementations SHOULD support
range-based port matching. Implementation MUST also allow
for the field to be ignored for a specific DetNet flow.
</t>
</section>
<section title="Destination Port Field">
<t>
Implementations of this document MUST support DetNet flow
identification based on the Destination Port field of a TCP or
UDP packet. Implementations MUST support flow
identification based on a particular value carried in the
field, i.e., an exact value. Implementations SHOULD support
range-based port matching. Implementation MUST also allow
for the field to be ignored for a specific DetNet flow.
</t>
</section>
</section>
<section title="IPsec AH and ESP">
<t>
IPsec Authentication Header (AH) <xref target="RFC4302"/>
and Encapsulating Security Payload (ESP) <xref
target="RFC4303"/> share a common format for the Security
Parameters Index (SPI) field. Implementations MUST
support flow identification based on a particular value
carried in the field, i.e., an exact value. Implementation SHOULD
also allow for the field to be ignored for a specific
DetNet flow.
</t>
</section>
</section>
</section>
<section anchor="ip-fwd" title="Forwarding Procedures">
<t>
General requirements for IP nodes are defined in <xref
target="RFC1122"/>, <xref target="RFC1812"/> and <xref
target="RFC6434"/>, and are not modified by this document. The
typical next-hop selection process is impacted by DetNet.
Specifically, implementations of this document SHALL use
management and control information to select the one or more
outgoing interfaces and next hops to be used for a packet
belonging to a DetNet flow.
</t>
<t>
The use of multiple paths or links, e.g., ECMP, to support a
single DetNet flow is NOT RECOMMENDED. ECMP MAY be used for
non-DetNet flows within a DetNet domain.
</t>
<t>
The above implies that management and control functions will
be defined to support this requirement, e.g., see <xref target="I-D.ietf-detnet-yang"/>.
</t>
</section>
<section anchor="ip-svc" title="DetNet IP Traffic Treatment Procedures">
<t>
Implementations if this document MUST ensure that a DetNet flow
receives the traffic treatment that is provisioned for it via
configuration or the controller plane, e.g., via <xref target="I-D.ietf-detnet-yang"/>.
General information on DetNet service can be found in <xref
target="I-D.ietf-detnet-flow-information-model"/>. Typical
mechanisms used to provide different treatment to different flows
includes the allocation of system resources (such as queues and
buffers) and provisioning or related parameters (such as shaping, and
policing). Support can also be provided via an underlying network
technology such as MPLS <xref target="I-D.ietf-detnet-ip-over-mpls"/>. and
IEEE802.1 TSN <xref target="I-D.ietf-detnet-ip-over-tsn"/>. Other than in
the TSN case, the specific mechanisms used by a DetNet node to ensure
DetNet service delivery requirements are met for supported DetNet
flows is outside the scope of this document.
</t>
</section>
</section>
<section anchor="ip-flow-id-info"
title="Management and Control Information Summary">
<t>
The following summarizes the set of information that is needed to
identify individual and aggregated DetNet flows:
<list style="symbols">
<t>IPv4 and IPv6 source address field.</t>
<t>IPv4 and IPv6 source address prefix length, where a zero
(0) value effectively means that the address field is
ignored.</t>
<t>IPv4 and IPv6 destination address field.</t>
<t>IPv4 and IPv6 destination address prefix length, where a
zero (0) effectively means that the address field is
ignored.</t>
<t>IPv4 protocol field. A limited set of values is allowed,
and the ability to ignore this field, e.g., via
configuration of the value zero (0), is desirable.</t>
<t>IPv6 next header field. A limited set of values is allowed,
and the ability to ignore this field, e.g., via
configuration of the value zero (0), is desirable.</t>
<t>For the IPv4 Type of Service and IPv6 Traffic Class
Fields:
<list style="symbols">
<t>If the DSCP field is to be used in flow
identification. Ignoring the DSCP filed is optional.</t>
<t>When the DSCP field is used in flow identification, a
list of field values that may be used by a specific flow.</t>
<t>If the ECN field is to be used in flow
identification. Matching based on ECN filed values is optional.</t>
<t>When ECN field is used in flow identification, a
list of field values that may be used by a specific flow.</t>
</list></t>
<t>IPv6 flow label field. This field can be optionally used
for matching. When used, can be exclusive of matching
against the next header field.</t>
<t>TCP and UDP Source Port. Exact and wildcard matching is
required. Port ranges can optionally be used.</t>
<t>TCP and UDP Destination Port. Exact and wildcard matching is
required. Port ranges can optionally be used.</t>
<t>IPsec Header SPI field. Exact matching is
required. </t>
</list>
This information MUST be provisioned per DetNet flow via
configuration, e.g., via the controller or management plane.
</t>
<t>
Information identifying a DetNet flow is ordered and
implementations use the first match. This can, for example, be
used to provide a DetNet service for a specific UDP flow, with
unique Source and Destination Port field values, while
providing a different service for the aggregate of all other
flows with that same UDP Destination Port value.
</t>
<t>
It is the responsibility of the DetNet controller plane to
properly provision both flow identification information and
the flow specific resources needed to provided the traffic
treatment needed to meet each flow's service requirements.
This applies for aggregated and individual flows.
</t>
</section>
<!-- ===================================================================== -->
<section title="Security Considerations">
<t>
Security considerations for DetNet are described in detail in
<xref target="I-D.ietf-detnet-security"/>. General security considerations
are described in <xref target="I-D.ietf-detnet-architecture"/>. This section
considers exclusively security considerations which are specific to the DetNet
IP data plane.
</t>
<t>
Security aspects which are unique to DetNet are those whose aim is to
provide the specific quality of service aspects of DetNet, which are
primarily to deliver data flows with extremely low packet loss rates
and bounded end-to-end delivery latency.
</t>
<t>
The primary considerations for the data plane is to maintain
integrity of data and delivery of the associated DetNet service traversing
the DetNet network.
Application flows can be protected through whatever means is
provided by the underlying technology. For example, encryption may be
used, such as that provided by IPSec <xref target="RFC4301"/> for IP
flows and/or by an underlying sub-net using MACSec
<xref target="IEEE802.1AE-2018"/> for IP over Ethernet (Layer-2) flows.
</t>
<t>
From a data plane perspective this document does not add or modify any
header information.
</t>
<t>
At the management and control level DetNet flows are identified on a
per-flow basis, which may provide controller plane
attackers with additional information about the data flows (when
compared to controller planes that do not include per-flow identification).
This is an inherent property of DetNet which has security
implications that should be considered when determining if DetNet is
a suitable technology for any given use case.
</t>
<t>
To provide uninterrupted availability of the DetNet
service, provisions can be made against DOS attacks and delay
attacks. To protect against DOS attacks, excess traffic due to
malicious or malfunctioning devices can be prevented or mitigated,
for example through the use of existing mechanism such as policing and shaping applied at
the input of a DetNet domain. To prevent DetNet packets from
being delayed by an entity external to a DetNet domain, DetNet
technology definition can allow for the mitigation of
Man-In-The-Middle attacks, for example through use of
authentication and authorization of devices within the DetNet domain.
</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>
This document does not require an action from IANA.
</t>
</section>
<section anchor="acks" title="Acknowledgements">