< draft-ietf-ippm-stamp-07.txt   draft-ietf-ippm-stamp-09.txt >
Network Working Group G. Mirsky Network Working Group G. Mirsky
Internet-Draft ZTE Corp. Internet-Draft ZTE Corp.
Intended status: Standards Track G. Jun Intended status: Standards Track G. Jun
Expires: February 13, 2020 ZTE Corporation Expires: April 2, 2020 ZTE Corporation
H. Nydell H. Nydell
Accedian Networks Accedian Networks
R. Foote R. Foote
Nokia Nokia
August 12, 2019 September 30, 2019
Simple Two-way Active Measurement Protocol Simple Two-way Active Measurement Protocol
draft-ietf-ippm-stamp-07 draft-ietf-ippm-stamp-09
Abstract Abstract
This document describes a Simple Two-way Active Measurement Protocol This document describes a Simple Two-way Active Measurement Protocol
which enables the measurement of both one-way and round-trip which enables the measurement of both one-way and round-trip
performance metrics like delay, delay variation, and packet loss. performance metrics like delay, delay variation, and packet loss.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 37 skipping to change at page 1, line 37
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 13, 2020. This Internet-Draft will expire on April 2, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 14
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions used in this document . . . . . . . . . . . . . . 3 2. Conventions used in this document . . . . . . . . . . . . . . 3
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3
3. Softwarization of Performance Measurement . . . . . . . . . . 3 3. Operation and Management of Performance Measurement Based on
STAMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4
4.1. Session-Sender Behavior and Packet Format . . . . . . . . 5 4.1. UDP Port Numbers in STAMP Testing . . . . . . . . . . . . 5
4.1.1. Session-Sender Packet Format in Unauthenticated Mode 5 4.2. Session-Sender Behavior and Packet Format . . . . . . . . 5
4.1.2. Session-Sender Packet Format in Authenticated Mode . 6 4.2.1. Session-Sender Packet Format in Unauthenticated Mode 5
4.2. Session-Reflector Behavior and Packet Format . . . . . . 7 4.2.2. Session-Sender Packet Format in Authenticated Mode . 7
4.2.1. Session-Reflector Packet Format in Unauthenticated 4.3. Session-Reflector Behavior and Packet Format . . . . . . 8
4.3.1. Session-Reflector Packet Format in Unauthenticated
Mode . . . . . . . . . . . . . . . . . . . . . . . . 8 Mode . . . . . . . . . . . . . . . . . . . . . . . . 8
4.2.2. Session-Reflector Packet Format in Authenticated Mode 9 4.3.2. Session-Reflector Packet Format in Authenticated Mode 9
4.3. Integrity and Confidentiality Protection in STAMP . . . . 10 4.4. Integrity Protection in STAMP . . . . . . . . . . . . . . 10
4.4. Interoperability with TWAMP Light . . . . . . . . . . . . 11 4.5. Confidentiality Protection in STAMP . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 4.6. Interoperability with TWAMP Light . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Operational Considerations . . . . . . . . . . . . . . . . . 12
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . 12 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
8.2. Informative References . . . . . . . . . . . . . . . . . 14 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 9.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
Development and deployment of Two-Way Active Measurement Protocol Development and deployment of Two-Way Active Measurement Protocol
(TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined
features such as Reflect Octets and Symmetrical Size for TWAMP Symmetrical Size for TWAMP provided invaluable experience. Several
provided invaluable experience. Several independent implementations independent implementations of both TWAMP and TWAMP Light exist, have
exist, have been deployed and provide important operational been deployed, and provide important operational performance
performance measurements. At the same time, there has been measurements.
noticeable interest in using a more straightforward mechanism for
active performance monitoring that can provide deterministic behavior
and inherit separation of control (vendor-specific configuration or
orchestration) and test functions. One of such is Performance
Measurement from IP Edge to Customer Equipment using TWAMP Light from
Broadband Forum [BBF.TR-390] used as the reference TWAMP Light that,
according to [RFC8545], includes sub-set of TWAMP-Test functions in
combination with other applications that provide, for example,
control and security. This document defines an active performance
measurement test protocol, Simple Two-way Active Measurement Protocol
(STAMP), that enables measurement of both one-way and round-trip
performance metrics like delay, delay variation, and packet loss.
Some TWAMP extensions, e.g., [RFC7750] are supported by the
extensions to STAMP base specification in
[I-D.ietf-ippm-stamp-option-tlv].
2. Conventions used in this document
2.1. Terminology
AES Advanced Encryption Standard At the same time, there has been noticeable interest in using a more
straightforward mechanism for active performance monitoring that can
provide deterministic behavior and inherent separation of control
(vendor-specific configuration or orchestration) and test functions.
Recent work on IP Edge to Customer Equipment using TWAMP Light from
Broadband Forum [BBF.TR-390] demonstrated that interoperability among
implementations of TWAMP Light is challenged because the composition
and operation of TWAMP Light were not sufficiently specified in
[RFC5357]. According to [RFC8545], TWAMP Light includes sub-set of
TWAMP-Test functions to provide comprehensive solution requires
support by other applications that provide, for example, control and
security.
CBC Cipher Block Chaining This document defines an active performance measurement test
protocol, Simple Two-way Active Measurement Protocol (STAMP), that
enables measurement of both one-way and round-trip performance
metrics like delay, delay variation, and packet loss. Some TWAMP
extensions, e.g., [RFC7750] are supported by the extensions to STAMP
base specification in [I-D.ietf-ippm-stamp-option-tlv].
ECB Electronic Cookbook 2. Conventions used in this document
KEK Key-encryption Key 2.1. Terminology
STAMP - Simple Two-way Active Measurement Protocol STAMP - Simple Two-way Active Measurement Protocol
NTP - Network Time Protocol NTP - Network Time Protocol
PTP - Precision Time Protocol PTP - Precision Time Protocol
HMAC Hashed Message Authentication Code HMAC Hashed Message Authentication Code
OWAMP One-Way Active Measurement Protocol OWAMP One-Way Active Measurement Protocol
skipping to change at page 3, line 43 skipping to change at page 3, line 44
MBZ May be Zero MBZ May be Zero
2.2. Requirements Language 2.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Softwarization of Performance Measurement 3. Operation and Management of Performance Measurement Based on STAMP
Figure 1 presents the Simple Two-way Active Measurement Protocol Figure 1 presents the Simple Two-way Active Measurement Protocol
(STAMP) Session-Sender, and Session-Reflector with a measurement (STAMP) Session-Sender, and Session-Reflector with a measurement
session. The configuration and management of the STAMP Session- session. In this document, a measurement session also referred to as
Sender, Session-Reflector, and management of the STAMP sessions can STAMP session, is the bi-directional packet flow between one specific
be achieved through various means. Command Line Interface, OSS/BSS Session-Sender and one particular Session-Reflector for a time
(operations support system/business support system as a combination duration. The configuration and management of the STAMP Session-
of two systems used to support a range of telecommunication services) Sender, Session-Reflector, and management of the STAMP sessions are
using SNMP or controllers in Software-Defined Networking using outside the scope of this document and can be achieved through
Netconf/YANG are but a few examples. various means. A few examples are: Command Line Interface,
telecommunication services' OSS/BSS systems, SNMP, and Netconf/YANG-
based SDN controllers.
o----------------------------------------------------------o o----------------------------------------------------------o
| Configuration and | | Configuration and |
| Management | | Management |
o----------------------------------------------------------o o----------------------------------------------------------o
|| || || ||
|| || || ||
|| || || ||
+----------------------+ +-------------------------+ +----------------------+ +-------------------------+
| STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | | STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector |
+----------------------+ +-------------------------+ +----------------------+ +-------------------------+
Figure 1: STAMP Reference Model Figure 1: STAMP Reference Model
4. Theory of Operation 4. Theory of Operation
STAMP Session-Sender transmits test packets over UDP transport toward STAMP Session-Sender transmits test packets over UDP transport toward
STAMP Session-Reflector. A STAMP Session-Sender MUST use UDP port STAMP Session-Reflector. STAMP Session-Reflector receives Session-
862 (TWAMP-Test Receiver Port) as the default destination UDP port Sender's packet and acts according to the configuration and optional
number. A STAMP implementation of Session-Sender MUST be able to use control information communicated in the Session-Sender's test packet.
UDP port numbers from User, a.k.a. Registered, Ports and Dynamic, Two modes of STAMP Session-Reflector characterize the expected
a.k.a. Private or Ephemeral, Ports ranges defined in [RFC6335]. behavior and, consequently, performance metrics that can be measured:
Before using numbers from the User Ports range, the possible impact
on the network MUST be carefully studied and agreed by all users of
the network.
STAMP Session-Reflector receives Session-Sender's packet and acts o Stateless - STAMP Session-Reflector does not maintain test state
according to the configuration and optional control information and will use the value in the Sequence Number field in the
communicated in the Session-Sender's test packet. An implementation received packet as the value for the Sequence Number field in the
of STAMP Session-Reflector by default MUST use receive STAMP test reflected packet. As a result, values in Sequence Number and
packets on UDP port 862. An implementation of Session-Reflector that Session-Sender Sequence Number fields are the same, and only
supports this specification MUST be able to define the port number to round-trip packet loss can be calculated while the reflector is
receive STAMP test packets from User Ports and Dynamic Ports ranges operating in stateless mode.
that are defined in [RFC6335]. STAMP defines two different test
packet formats, one for packets transmitted by the STAMP-Session- o Stateful - STAMP Session-Reflector maintains test state thus
Sender and one for packets transmitted by the STAMP-Session- enabling the ability to determine forward loss, gaps recognized in
Reflector. the received sequence number. As a result, both near-end
(forward) and far-end (backward) packet loss can be computed.
That implies that the STAMP Session-Reflector MUST keep a state
for each accepted STAMP-test session, uniquely identifying STAMP-
test packets to one such session instance, and enabling adding a
sequence number in the test reply that is individually incremented
on a per-session basis.
STAMP supports two modes: unauthenticated and authenticated. STAMP supports two modes: unauthenticated and authenticated.
Unauthenticated STAMP test packets, defined in Section 4.1.1 and Unauthenticated STAMP test packets, defined in Section 4.2.1 and
Section 4.2.1, ensure interworking between STAMP and TWAMP Light as Section 4.3.1, ensure interworking between STAMP and TWAMP Light as
described in Section 4.4 packet formats. described in Section 4.6 packet formats.
By default, STAMP uses symmetrical packets, i.e., size of the packet By default, STAMP uses symmetrical packets, i.e., size of the packet
transmitted by Session-Reflector equals the size of the packet transmitted by Session-Reflector equals the size of the packet
received by the Session-Reflector. received by the Session-Reflector.
4.1. Session-Sender Behavior and Packet Format 4.1. UDP Port Numbers in STAMP Testing
Because STAMP supports symmetrical test packets, STAMP Session-Sender A STAMP Session-Sender MUST use UDP port 862 (TWAMP-Test Receiver
packet has a minimum size of 44 octets in unauthenticated mode, see Port) as the default destination UDP port number. A STAMP
Figure 2, and 112 octets in the authenticated mode, see Figure 4. implementation of Session-Sender MUST be able to use UDP port numbers
from User, a.k.a. Registered, Ports and Dynamic, a.k.a. Private or
Ephemeral, Ports ranges defined in [RFC6335]. Before using numbers
from the User Ports range, the possible impact on the network MUST be
carefully studied and agreed by all users of the network domain where
the test has been planned.
4.1.1. Session-Sender Packet Format in Unauthenticated Mode An implementation of STAMP Session-Reflector by default MUST receive
STAMP test packets on UDP port 862. An implementation of Session-
Reflector that supports this specification MUST be able to define the
port number to receive STAMP test packets from User Ports and Dynamic
Ports ranges that are defined in [RFC6335]. STAMP defines two
different test packet formats, one for packets transmitted by the
STAMP-Session-Sender and one for packets transmitted by the STAMP-
Session-Reflector.
4.2. Session-Sender Behavior and Packet Format
STAMP supports symmetrical test packets. The base STAMP Session-
Sender packet has a minimum size of 44 octets in unauthenticated
mode, see Figure 2, and 112 octets in the authenticated mode, see
Figure 4. The variable length of a test packet in STAMP is supported
by using Extra Padding TLV defined in
[I-D.ietf-ippm-stamp-option-tlv].
4.2.1. Session-Sender Packet Format in Unauthenticated Mode
STAMP Session-Sender packet format in unauthenticated mode: STAMP Session-Sender packet format in unauthenticated mode:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp | | Timestamp |
| | | |
skipping to change at page 6, line 17 skipping to change at page 6, line 51
0 1 0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S|Z| Scale | Multiplier | |S|Z| Scale | Multiplier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Error Estimate Format Figure 3: Error Estimate Format
where S, Scale, and Multiplier fields are interpreted as they have where S, Scale, and Multiplier fields are interpreted as they have
been defined in section 4.1.2 [RFC4656]; and Z field - as has been been defined in section 4.1.2 [RFC4656]; and Z flag - as has been
defined in section 2.3 [RFC8186]: defined in section 2.3 [RFC8186]:
* 0 - NTP 64 bit format of a timestamp; * 0 - NTP 64 bit format of a timestamp;
* 1 - PTPv2 truncated format of a timestamp. * 1 - PTPv2 truncated format of a timestamp.
The STAMP Session-Sender and Session-Reflector MAY use, not use, The STAMP Session-Sender and Session-Reflector MUST use a Z field
or set value of the Z field in accordance with the timestamp value of 0, (NTP 64 bit format of a timestamp) as the default.
format in use. This optional field is to enhance operations, but The STAMP Session-Sender and Session-Reflector MAY optionally set
local configuration or defaults could be used in its place. the Z field to a value of 1 (PTPv2 truncated format of a
timestamp).
o May-be-Zero (MBZ) field in the session-sender unauthenticated o May-be-Zero (MBZ) field in the session-sender unauthenticated
packet is 30 octets long. It MAY be all zeroed on the packet is 30 octets long. It MAY be all zeroed on the
transmission and MUST be ignored on receipt. transmission and MUST be ignored on receipt.
4.1.2. Session-Sender Packet Format in Authenticated Mode 4.2.2. Session-Sender Packet Format in Authenticated Mode
STAMP Session-Sender packet format in authenticated mode: STAMP Session-Sender packet format in authenticated mode:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
| MBZ (12 octets) | | MBZ (12 octets) |
skipping to change at page 7, line 33 skipping to change at page 7, line 51
| | | |
| HMAC (16 octets) | | HMAC (16 octets) |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: STAMP Session-Sender test packet format in authenticated Figure 4: STAMP Session-Sender test packet format in authenticated
mode mode
The field definitions are the same as the unauthenticated mode, The field definitions are the same as the unauthenticated mode,
listed in Section 4.1.1. Also, MBZ fields are used to align the listed in Section 4.2.1. Also, MBZ fields are used to to make the
packet on 16 octets boundary. The value of the field MAY be zeroed packet length a multiple of 16 octets. The value of the field MAY be
on transmission and MUST be ignored on receipt. Also, the packet zeroed on transmission and MUST be ignored on receipt. Also, the
includes a key-hashed message authentication code (HMAC) ([RFC2104]) packet includes a key-hashed message authentication code (HMAC)
hash at the end of the PDU. The detailed use of the HMAC field is ([RFC2104]) hash at the end of the PDU. The detailed use of the HMAC
described in Section 4.3. field is described in Section 4.4.
4.2. Session-Reflector Behavior and Packet Format 4.3. Session-Reflector Behavior and Packet Format
The Session-Reflector receives the STAMP test packet, verifies it, The Session-Reflector receives the STAMP test packet, verifies it,
prepares and transmits the reflected test packet. prepares and transmits the reflected test packet.
Two modes of STAMP Session-Reflector characterize the expected 4.3.1. Session-Reflector Packet Format in Unauthenticated Mode
behavior and, consequently, performance metrics that can be measured:
o Stateless - STAMP Session-Reflector does not maintain test state
and will reflect the received sequence number without
modification. As a result, only round-trip packet loss can be
calculated while the reflector is operating in stateless mode.
o Stateful - STAMP Session-Reflector maintains test state thus
enabling the ability to determine forward loss, gaps recognized in
the received sequence number. As a result, both near-end
(forward) and far-end (backward) packet loss can be computed.
That implies that the STAMP Session-Reflector MUST keep a state
for each accepted STAMP-test session, uniquely identifying STAMP-
test packets to one such session instance, and enabling adding a
sequence number in the test reply that is individually incremented
on a per-session basis.
4.2.1. Session-Reflector Packet Format in Unauthenticated Mode
For unauthenticated mode: For unauthenticated mode:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp | | Timestamp |
| | | |
skipping to change at page 9, line 11 skipping to change at page 9, line 11
* in the stateless mode the Session-Reflector copies the value * in the stateless mode the Session-Reflector copies the value
from the received STAMP test packet's Sequence Number field; from the received STAMP test packet's Sequence Number field;
* in the stateful mode the Session-Reflector counts the received * in the stateful mode the Session-Reflector counts the received
STAMP test packets in each test session and uses that counter STAMP test packets in each test session and uses that counter
to set the value of the Sequence Number field. to set the value of the Sequence Number field.
o Timestamp and Receiver Timestamp fields are each eight octets o Timestamp and Receiver Timestamp fields are each eight octets
long. The format of these fields, NTP or PTPv2, indicated by the long. The format of these fields, NTP or PTPv2, indicated by the
Z flag of the Error Estimate field as described in Section 4.1. Z flag of the Error Estimate field as described in Section 4.2.
o Error Estimate has the same size and interpretation as described o Error Estimate has the same size and interpretation as described
in Section 4.1. in Section 4.2.
o Session-Sender Sequence Number, Session-Sender Timestamp, and o Session-Sender Sequence Number, Session-Sender Timestamp, and
Session-Sender Error Estimate are copies of the corresponding Session-Sender Error Estimate are copies of the corresponding
fields in the STAMP test packet sent by the Session-Sender. fields in the STAMP test packet sent by the Session-Sender.
o Session-Sender TTL is one octet long field, and its value is the o Session-Sender TTL is one octet long field, and its value is the
copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the
received STAMP test packet. received STAMP test packet.
o MBZ is used to achieve alignment on a four octets boundary. The o MBZ is used to achieve alignment of fields within the packet on a
value of the field MAY be zeroed on transmission and MUST be four octets boundary. The value of the field MAY be zeroed on
ignored on receipt. transmission and MUST be ignored on receipt.
4.2.2. Session-Reflector Packet Format in Authenticated Mode 4.3.2. Session-Reflector Packet Format in Authenticated Mode
For the authenticated mode: For the authenticated mode:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number | | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MBZ (12 octets) | | MBZ (12 octets) |
| | | |
skipping to change at page 10, line 34 skipping to change at page 10, line 34
| HMAC (16 octets) | | HMAC (16 octets) |
| | | |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: STAMP Session-Reflector test packet format in authenticated Figure 6: STAMP Session-Reflector test packet format in authenticated
mode mode
The field definitions are the same as the unauthenticated mode, The field definitions are the same as the unauthenticated mode,
listed in Section 4.2.1. Additionally, the MBZ field is used to listed in Section 4.3.1. Additionally, the MBZ field is used to to
align the packet on 16 octets boundary. The value of the field MAY make the packet length a multiple of 16 octets. The value of the
be zeroed on transmission and MUST be ignored on receipt. Also, field MAY be zeroed on transmission and MUST be ignored on receipt.
STAMP Session-Reflector test packet format in authenticated mode Also, STAMP Session-Reflector test packet format in authenticated
includes a key (HMAC) ([RFC2104]) hash at the end of the PDU. The mode includes a key (HMAC) ([RFC2104]) hash at the end of the PDU.
detailed use of the HMAC field is in Section 4.3. The detailed use of the HMAC field is in Section 4.4.
4.3. Integrity and Confidentiality Protection in STAMP 4.4. Integrity Protection in STAMP
To provide integrity protection, each STAMP message is being Authenticated mode provides integrity protection to each STAMP
authenticated by adding Hashed Message Authentication Code (HMAC). message by adding Hashed Message Authentication Code (HMAC). STAMP
STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use uses HMAC-SHA-256 truncated to 128 bits (similarly to the use of it
of it in IPSec defined in [RFC4868]); hence the length of the HMAC in IPSec defined in [RFC4868]); hence the length of the HMAC field is
field is 16 octets. HMAC uses its own key, and the definition of the 16 octets. In the Authenticated mode, HMAC covers the first six
mechanism to distribute the HMAC key is outside the scope of this blocks (96 octets). HMAC uses its own key; key management and the
mechanisms to distribute the HMAC key is outside the scope of this
specification. One example is to use an orchestrator to configure specification. One example is to use an orchestrator to configure
HMAC key based on STAMP YANG data model [I-D.ietf-ippm-stamp-yang]. HMAC key based on STAMP YANG data model [I-D.ietf-ippm-stamp-yang].
HMAC MUST be verified as early as possible to avoid using or HMAC MUST be verified as early as possible to avoid using or
propagating corrupted data. propagating corrupted data.
If confidentiality protection for STAMP is required, encryption at 4.5. Confidentiality Protection in STAMP
the higher level MUST be used. For example, STAMP packets could be
transmitted in the dedicated IPsec tunnel or share the IPsec tunnel
with the monitored flow.
4.4. Interoperability with TWAMP Light If confidentiality protection for STAMP is required, a STAMP test
session MUST use a secured transport. For example, STAMP packets
could be transmitted in the dedicated IPsec tunnel or share the IPsec
tunnel with the monitored flow. Also, Datagram Transport Layer
Security protocol would provide the desired confidentiality
protection.
4.6. Interoperability with TWAMP Light
One of the essential requirements to STAMP is the ability to One of the essential requirements to STAMP is the ability to
interwork with a TWAMP Light device. There are two possible interwork with a TWAMP Light device. Because STAMP and TWAMP use
combinations for such use case: different algorithms in Authenticated mode (HMAC-SHA-256 vs. HMAC-
SHA-1), interoperability is only considered for Unauthenticated mode.
There are two possible combinations for such use case:
o STAMP Session-Sender with TWAMP Light Session-Reflector; o STAMP Session-Sender with TWAMP Light Session-Reflector;
o TWAMP Light Session-Sender with STAMP Session-Reflector. o TWAMP Light Session-Sender with STAMP Session-Reflector.
In the former case, the Session-Sender MAY not be aware that its In the former case, the Session-Sender MAY not be aware that its
Session-Reflector does not support STAMP. For example, a TWAMP Light Session-Reflector does not support STAMP. For example, a TWAMP Light
Session-Reflector may not support the use of UDP port 862 as defined Session-Reflector may not support the use of UDP port 862 as
in [RFC8545]. Thus STAMP Session-Sender MAY use port numbers as specified in [RFC8545]. Thus Section 4. permits a STAMP Session-
defined in Section 4. If any of STAMP extensions are used, the TWAMP Sender to use alternative ports. If any of STAMP extensions are
Light Session-Reflector will view them as Packet Padding field. The used, the TWAMP Light Session-Reflector will view them as Packet
Session-Sender SHOULD use the default format for its timestamps - Padding field.
NTP. And it MAY use PTPv2 timestamp format.
In the latter scenario, if a TWAMP Light Session-Sender does not In the latter scenario, if a TWAMP Light Session-Sender does not
support the use of UDP port 862, the test management system MUST set support the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number as defined in STAMP Session-Reflector to use UDP port number, as permitted by
Section 4. If the TWAMP Light Session-Sender includes Packet Padding Section 4. The Session-Reflector MUST be set to use the default
field in its transmitted packet, the STAMP Session-Reflector will format for its timestamps, NTP.
return the reflected packet of the symmetrical size if the size of
the received test packet is larger than the size of the STAMP base
packet. The Session-Reflector MUST be set to use the default format
for its timestamps, NTP.
STAMP does not support the Reflect Octets capability defined in A STAMP Session-Reflector that supports this specification would
transmit the base packet (Figure 5) regardless of the size of the
Padding field in the packet received from TWAMP Session-Sender.
Also, STAMP does not support the Reflect Octets capability defined in
[RFC6038]. If the Server Octets field is present in the TWAMP [RFC6038]. If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field but will transmit the content starting from the Server Octets field and will transmit the
reflected packet of equal size. reflected packet, as displayed in Figure 5.
5. IANA Considerations 5. Operational Considerations
STAMP is intended to be used on production networks to enable the
operator to assess service level agreements based on packet delay,
delay variation, and loss. When using STAMP over the Internet,
especially when STAMP test packets are transmitted with the
destination UDP port number from the User Ports range, the possible
impact of the STAMP test packets MUST be thoroughly analyzed. The
use of STAMP for each case MUST be agreed by users of nodes hosting
the Session-Sender and Session-Reflector before starting the STAMP
test session.
Also, the use of the well-known port number as the destination UDP
port number in STAMP test packets transmitted by a Session-Sender
would not impede the ability to measure performance in an Equal Cost
Multipath environment and analysis in Section 5.3 [RFC8545] fully
applies to STAMP.
6. IANA Considerations
This document doesn't have any IANA action. This section may be This document doesn't have any IANA action. This section may be
removed before the publication. removed before the publication.
6. Security Considerations 7. Security Considerations
In general, all the security considerations related to TWAMP-Test, [RFC5357] does not identify security considerations specific to
discussed in [RFC5357] apply to STAMP. Since STAMP uses the well- TWAMP-Test but refers to security considerations identified for OWAMP
known UDP port number allocated for the OWAMP-Test/TWAMP-Test in [RFC4656]. Since both OWAMP and TWAMP include control plane and
Receiver port, the security considerations and measures to mitigate data plane components, only security considerations related to OWAMP-
the risk of the attack using the registered port number documented in Test, discussed in Sections 6.2, 6.3 [RFC4656] apply to STAMP.
Section 6 [RFC8545] equally apply to STAMP. Because of the control
and management of a STAMP test being outside the scope of this STAMP uses the well-known UDP port number allocated for the OWAMP-
specification only the more general requirement is set: Test/TWAMP-Test Receiver port. Thus the security considerations and
measures to mitigate the risk of the attack using the registered port
number documented in Section 6 [RFC8545] equally apply to STAMP.
Because of the control and management of a STAMP test being outside
the scope of this specification only the more general requirement is
set:
To mitigate the possible attack vector, the control, and To mitigate the possible attack vector, the control, and
management of a STAMP test session MUST use the secured transport. management of a STAMP test session MUST use the secured transport.
Load of STAMP test packets offered to a network MUST be carefully The load of the STAMP test packets offered to a network MUST be
estimated, and the possible impact on the existing services MUST carefully estimated, and the possible impact on the existing
be thoroughly analyzed before launching the test session. services MUST be thoroughly analyzed before launching the test
[RFC8085] section 3.1.5 provides guidance on handling network load session. [RFC8085] section 3.1.5 provides guidance on handling
for UDP-based protocol. While the characteristic of test traffic network load for UDP-based protocol. While the characteristic of
depends on the test objective, it is highly recommended to stay in test traffic depends on the test objective, it is highly
the limits as provided in [RFC8085]. recommended to stay in the limits as provided in [RFC8085].
STAMP test packets can be transmitted with the destination UDP port
number from the User Ports range, as defined in Section 4, that is
already or will be assigned by IANA. The possible impact of the
STAMP test packets on the network MUST be thoroughly analyzed, and
the use of STAMP for each case MUST be agreed by all users on the
network before starting the STAMP test session.
Use of HMAC-SHA-256 in the authenticated mode protects the data Use of HMAC-SHA-256 in the authenticated mode protects the data
integrity of the STAMP test packets. integrity of the STAMP test packets.
7. Acknowledgments 8. Acknowledgments
Authors express their appreciation to Jose Ignacio Alvarez-Hamelin Authors express their appreciation to Jose Ignacio Alvarez-Hamelin
and Brian Weis for their great insights into the security and and Brian Weis for their great insights into the security and
identity protection, and the most helpful and practical suggestions. identity protection, and the most helpful and practical suggestions.
Also, our sincere thanks to David Ball and Rakesh Gandhi or their Also, our sincere thanks to David Ball and Rakesh Gandhi or their
thorough reviews and helpful comments. thorough reviews and helpful comments.
8. References 9. References
8.1. Normative References 9.1. Normative References
[I-D.ietf-ippm-stamp-option-tlv]
Mirsky, G., Xiao, M., Jun, G., Nydell, H., Foote, R., and
A. Masputra, "Simple Two-way Active Measurement Protocol
Optional Extensions", draft-ietf-ippm-stamp-option-tlv-01
(work in progress), September 2019.
[IEEE.1588.2008] [IEEE.1588.2008]
"Standard for a Precision Clock Synchronization Protocol "Standard for a Precision Clock Synchronization Protocol
for Networked Measurement and Control Systems", for Networked Measurement and Control Systems",
IEEE Standard 1588, March 2008. IEEE Standard 1588, March 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 14, line 5 skipping to change at page 14, line 32
Timestamp Format in a Two-Way Active Measurement Protocol Timestamp Format in a Two-Way Active Measurement Protocol
(TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017, (TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017,
<https://www.rfc-editor.org/info/rfc8186>. <https://www.rfc-editor.org/info/rfc8186>.
[RFC8545] Morton, A., Ed. and G. Mirsky, Ed., "Well-Known Port [RFC8545] Morton, A., Ed. and G. Mirsky, Ed., "Well-Known Port
Assignments for the One-Way Active Measurement Protocol Assignments for the One-Way Active Measurement Protocol
(OWAMP) and the Two-Way Active Measurement Protocol (OWAMP) and the Two-Way Active Measurement Protocol
(TWAMP)", RFC 8545, DOI 10.17487/RFC8545, March 2019, (TWAMP)", RFC 8545, DOI 10.17487/RFC8545, March 2019,
<https://www.rfc-editor.org/info/rfc8545>. <https://www.rfc-editor.org/info/rfc8545>.
8.2. Informative References 9.2. Informative References
[BBF.TR-390] [BBF.TR-390]
"Performance Measurement from IP Edge to Customer "Performance Measurement from IP Edge to Customer
Equipment using TWAMP Light", BBF TR-390, May 2017. Equipment using TWAMP Light", BBF TR-390, May 2017.
[I-D.ietf-ippm-stamp-option-tlv]
Mirsky, G., Xiao, M., Jun, G., Nydell, H., and R. Foote,
"Simple Two-way Active Measurement Protocol Optional
Extensions", draft-ietf-ippm-stamp-option-tlv-00 (work in
progress), July 2019.
[I-D.ietf-ippm-stamp-yang] [I-D.ietf-ippm-stamp-yang]
Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active
Measurement Protocol (STAMP) Data Model", draft-ietf-ippm- Measurement Protocol (STAMP) Data Model", draft-ietf-ippm-
stamp-yang-03 (work in progress), March 2019. stamp-yang-04 (work in progress), September 2019.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>. <https://www.rfc-editor.org/info/rfc2104>.
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-
384, and HMAC-SHA-512 with IPsec", RFC 4868, 384, and HMAC-SHA-512 with IPsec", RFC 4868,
DOI 10.17487/RFC4868, May 2007, DOI 10.17487/RFC4868, May 2007,
<https://www.rfc-editor.org/info/rfc4868>. <https://www.rfc-editor.org/info/rfc4868>.
 End of changes. 51 change blocks. 
192 lines changed or deleted 224 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/