< draft-ietf-ippm-stamp-06.txt | draft-ietf-ippm-stamp-07.txt > | |||
---|---|---|---|---|
Network Working Group G. Mirsky | Network Working Group G. Mirsky | |||
Internet-Draft ZTE Corp. | Internet-Draft ZTE Corp. | |||
Intended status: Standards Track G. Jun | Intended status: Standards Track G. Jun | |||
Expires: October 25, 2019 ZTE Corporation | Expires: February 9, 2020 ZTE Corporation | |||
H. Nydell | H. Nydell | |||
Accedian Networks | Accedian Networks | |||
R. Foote | R. Foote | |||
Nokia | Nokia | |||
April 23, 2019 | August 8, 2019 | |||
Simple Two-way Active Measurement Protocol | Simple Two-way Active Measurement Protocol | |||
draft-ietf-ippm-stamp-06 | draft-ietf-ippm-stamp-07 | |||
Abstract | Abstract | |||
This document describes a Simple Two-way Active Measurement Protocol | This document describes a Simple Two-way Active Measurement Protocol | |||
which enables the measurement of both one-way and round-trip | which enables the measurement of both one-way and round-trip | |||
performance metrics like delay, delay variation, and packet loss. | performance metrics like delay, delay variation, and packet loss. | |||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on October 25, 2019. | This Internet-Draft will expire on February 9, 2020. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 2, line 21 ¶ | skipping to change at page 2, line 21 ¶ | |||
2. Conventions used in this document . . . . . . . . . . . . . . 3 | 2. Conventions used in this document . . . . . . . . . . . . . . 3 | |||
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3 | |||
3. Softwarization of Performance Measurement . . . . . . . . . . 3 | 3. Softwarization of Performance Measurement . . . . . . . . . . 3 | |||
4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 | 4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4 | |||
4.1. Session-Sender Behavior and Packet Format . . . . . . . . 4 | 4.1. Session-Sender Behavior and Packet Format . . . . . . . . 4 | |||
4.1.1. Session-Sender Packet Format in Unauthenticated Mode 4 | 4.1.1. Session-Sender Packet Format in Unauthenticated Mode 4 | |||
4.1.2. Session-Sender Packet Format in Authenticated Mode . 6 | 4.1.2. Session-Sender Packet Format in Authenticated Mode . 6 | |||
4.2. Session-Reflector Behavior and Packet Format . . . . . . 7 | 4.2. Session-Reflector Behavior and Packet Format . . . . . . 7 | |||
4.2.1. Session-Reflector Packet Format in Unauthenticated | 4.2.1. Session-Reflector Packet Format in Unauthenticated | |||
Mode . . . . . . . . . . . . . . . . . . . . . . . . 8 | Mode . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
4.2.2. Session-Reflector Packet Format in Authenticated Mode 9 | 4.2.2. Session-Reflector Packet Format in Authenticated Mode 9 | |||
4.3. Integrity and Confidentiality Protection in STAMP . . . . 11 | 4.3. Integrity and Confidentiality Protection in STAMP . . . . 10 | |||
4.4. Interoperability with TWAMP Light . . . . . . . . . . . . 11 | 4.4. Interoperability with TWAMP Light . . . . . . . . . . . . 11 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | |||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 | 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
8.2. Informative References . . . . . . . . . . . . . . . . . 13 | 8.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
1. Introduction | 1. Introduction | |||
Development and deployment of Two-Way Active Measurement Protocol | Development and deployment of Two-Way Active Measurement Protocol | |||
(TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined | (TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined | |||
skipping to change at page 2, line 49 ¶ | skipping to change at page 2, line 49 ¶ | |||
exist, have been deployed and provide important operational | exist, have been deployed and provide important operational | |||
performance measurements. At the same time, there has been | performance measurements. At the same time, there has been | |||
noticeable interest in using a simpler mechanism for active | noticeable interest in using a simpler mechanism for active | |||
performance monitoring that can provide deterministic behavior and | performance monitoring that can provide deterministic behavior and | |||
inherit separation of control (vendor-specific configuration or | inherit separation of control (vendor-specific configuration or | |||
orchestration) and test functions. One of such is Performance | orchestration) and test functions. One of such is Performance | |||
Measurement from IP Edge to Customer Equipment using TWAMP Light from | Measurement from IP Edge to Customer Equipment using TWAMP Light from | |||
Broadband Forum [BBF.TR-390] used as the reference TWAMP Light that, | Broadband Forum [BBF.TR-390] used as the reference TWAMP Light that, | |||
according to [RFC8545], includes sub-set of TWAMP-Test functions in | according to [RFC8545], includes sub-set of TWAMP-Test functions in | |||
combination with other applications that provide, for example, | combination with other applications that provide, for example, | |||
control and security. This document defines active performance | control and security. This document defines an active performance | |||
measurement test protocol, Simple Two-way Active Measurement Protocol | measurement test protocol, Simple Two-way Active Measurement Protocol | |||
(STAMP), that enables measurement of both one-way and round-trip | (STAMP), that enables measurement of both one-way and round-trip | |||
performance metrics like delay, delay variation, and packet loss. | performance metrics like delay, delay variation, and packet loss. | |||
2. Conventions used in this document | 2. Conventions used in this document | |||
2.1. Terminology | 2.1. Terminology | |||
AES Advanced Encryption Standard | AES Advanced Encryption Standard | |||
skipping to change at page 3, line 31 ¶ | skipping to change at page 3, line 31 ¶ | |||
NTP - Network Time Protocol | NTP - Network Time Protocol | |||
PTP - Precision Time Protocol | PTP - Precision Time Protocol | |||
HMAC Hashed Message Authentication Code | HMAC Hashed Message Authentication Code | |||
OWAMP One-Way Active Measurement Protocol | OWAMP One-Way Active Measurement Protocol | |||
TWAMP Two-Way Active Measurement Protocol | TWAMP Two-Way Active Measurement Protocol | |||
MBZ May be Zero | ||||
2.2. Requirements Language | 2.2. Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
3. Softwarization of Performance Measurement | 3. Softwarization of Performance Measurement | |||
skipping to change at page 4, line 20 ¶ | skipping to change at page 4, line 20 ¶ | |||
|| || | || || | |||
|| || | || || | |||
+----------------------+ +-------------------------+ | +----------------------+ +-------------------------+ | |||
| STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | | | STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector | | |||
+----------------------+ +-------------------------+ | +----------------------+ +-------------------------+ | |||
Figure 1: STAMP Reference Model | Figure 1: STAMP Reference Model | |||
4. Theory of Operation | 4. Theory of Operation | |||
STAMP Session-Sender transmits test packets toward STAMP Session- | STAMP Session-Sender transmits test packets over UDP transport toward | |||
Reflector. STAMP Session-Reflector receives Session-Sender's packet | STAMP Session-Reflector. STAMP Session-Reflector receives Session- | |||
and acts according to the configuration and optional control | Sender's packet and acts according to the configuration and optional | |||
information communicated in the Session-Sender's test packet. STAMP | control information communicated in the Session-Sender's test packet. | |||
defines two different test packet formats, one for packets | STAMP defines two different test packet formats, one for packets | |||
transmitted by the STAMP-Session-Sender and one for packets | transmitted by the STAMP-Session-Sender and one for packets | |||
transmitted by the STAMP-Session-Reflector. STAMP supports two | transmitted by the STAMP-Session-Reflector. STAMP supports two | |||
modes: unauthenticated and authenticated. Unauthenticated STAMP test | modes: unauthenticated and authenticated. Unauthenticated STAMP test | |||
packets, defined in Section 4.1.1 and Section 4.2.1, ensure | packets, defined in Section 4.1.1 and Section 4.2.1, ensure | |||
interworking between STAMP and TWAMP Light as described in | interworking between STAMP and TWAMP Light as described in | |||
Section 4.4 packet formats. | Section 4.4 packet formats. | |||
By default, STAMP uses symmetrical packets, i.e., size of the packet | By default, STAMP uses symmetrical packets, i.e., size of the packet | |||
transmitted by Session-Reflector equals the size of the packet | transmitted by Session-Reflector equals the size of the packet | |||
received by the Session-Reflector. | received by the Session-Reflector. | |||
skipping to change at page 5, line 17 ¶ | skipping to change at page 5, line 17 ¶ | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Sequence Number | | | Sequence Number | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Timestamp | | | Timestamp | | |||
| | | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Error Estimate | | | | Error Estimate | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | |||
| | | | | | |||
| | | | | | |||
| MBZ (27 octets) | | | MBZ (30 octets) | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | | |||
| | Server Octets | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ||||
| Remaining Packet Padding (to be reflected) | | ||||
~ (length in octets specified in Server Octets) ~ | ||||
+ +-+-+-+-+-+-+-+-+ | ||||
| | | ||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
Figure 2: STAMP Session-Sender test packet format in unauthenticated | Figure 2: STAMP Session-Sender test packet format in unauthenticated | |||
mode | mode | |||
where fields are defined as the following: | where fields are defined as the following: | |||
o Sequence Number is four octets long field. For each new session | o Sequence Number is four octets long field. For each new session | |||
its value starts at zero and is incremented with each transmitted | its value starts at zero and is incremented with each transmitted | |||
packet. | packet. | |||
skipping to change at page 6, line 25 ¶ | skipping to change at page 6, line 14 ¶ | |||
* 0 - NTP 64 bit format of a timestamp; | * 0 - NTP 64 bit format of a timestamp; | |||
* 1 - PTPv2 truncated format of a timestamp. | * 1 - PTPv2 truncated format of a timestamp. | |||
The STAMP Session-Sender and Session-Reflector MAY use, not use, | The STAMP Session-Sender and Session-Reflector MAY use, not use, | |||
or set value of the Z field in accordance with the timestamp | or set value of the Z field in accordance with the timestamp | |||
format in use. This optional field is to enhance operations, but | format in use. This optional field is to enhance operations, but | |||
local configuration or defaults could be used in its place. | local configuration or defaults could be used in its place. | |||
o Must-be-Zero (MBZ) field in the session-sender unauthenticated | o May-be-Zero (MBZ) field in the session-sender unauthenticated | |||
packet is 27 octets long. It MUST be all zeroed on the | packet is 30 octets long. It MAY be all zeroed on the | |||
transmission and ignored on receipt. | transmission and MUST be ignored on receipt. | |||
o Server Octets field is optional two octets long field. This field | ||||
is used for the Reflect Octets capability defined in [RFC6038]. | ||||
If being used, the Server Octets field MUST follow the 27 octets | ||||
long MBZ field. The value in the Server Octets field equals the | ||||
number of octets the Session-Reflector is expected to copy back to | ||||
the Session-Sender starting with the Server Octets field. Thus | ||||
the minimum non-zero value for the Server Octets field is two. | ||||
Therefore, the value of one is invalid. If none of Payload to be | ||||
copied, the value of the Server Octets field MUST be set to zero | ||||
on transmit. | ||||
o Remaining Packet Padding is an optional field of variable length. | ||||
The number of octets in the Remaining Packet Padding field is the | ||||
value of the Server Octets field minus the length of the Server | ||||
Octets field. | ||||
4.1.2. Session-Sender Packet Format in Authenticated Mode | 4.1.2. Session-Sender Packet Format in Authenticated Mode | |||
STAMP Session-Sender packet format in authenticated mode: | STAMP Session-Sender packet format in authenticated mode: | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Sequence Number | | | Sequence Number | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
skipping to change at page 7, line 33 ¶ | skipping to change at page 6, line 50 ¶ | |||
| | | | | | |||
| HMAC (16 octets) | | | HMAC (16 octets) | | |||
| | | | | | |||
| | | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 4: STAMP Session-Sender test packet format in authenticated | Figure 4: STAMP Session-Sender test packet format in authenticated | |||
mode | mode | |||
The field definitions are the same as the unauthenticated mode, | The field definitions are the same as the unauthenticated mode, | |||
listed in Section 4.1.1. Also, Comp.MBZ field is a variable length | listed in Section 4.1.1. Also, MBZ fields iare used to align the | |||
field to align the packet on 16 octets boundary. Also, the packet | packet on 16 octets boundary. The value of the field MAY be zeroed | |||
on transmission and MUST be ignored on receipt. Also, the packet | ||||
includes a key-hashed message authentication code (HMAC) ([RFC2104]) | includes a key-hashed message authentication code (HMAC) ([RFC2104]) | |||
hash at the end of the PDU. The detailed use of the HMAC field is | hash at the end of the PDU. The detailed use of the HMAC field is | |||
described in Section 4.3. | described in Section 4.3. | |||
4.2. Session-Reflector Behavior and Packet Format | 4.2. Session-Reflector Behavior and Packet Format | |||
The Session-Reflector receives the STAMP test packet, verifies it, | The Session-Reflector receives the STAMP test packet, verifies it, | |||
prepares and transmits the reflected test packet. | prepares and transmits the reflected test packet. | |||
Two modes of STAMP Session-Reflector characterize the expected | Two modes of STAMP Session-Reflector characterize the expected | |||
skipping to change at page 8, line 39 ¶ | skipping to change at page 8, line 25 ¶ | |||
| Receive Timestamp | | | Receive Timestamp | | |||
| | | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Session-Sender Sequence Number | | | Session-Sender Sequence Number | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Session-Sender Timestamp | | | Session-Sender Timestamp | | |||
| | | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Session-Sender Error Estimate | MBZ | | | Session-Sender Error Estimate | MBZ | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
|Ses-Sender TTL | | | |Ses-Sender TTL | MBZ | | |||
+-+-+-+-+-+-+-+-+ + | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | ||||
~ Packet Padding (reflected) ~ | ||||
+ +-+-+-+-+-+-+-+-+ | ||||
| | | ||||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||||
Figure 5: STAMP Session-Reflector test packet format in | Figure 5: STAMP Session-Reflector test packet format in | |||
unauthenticated mode | unauthenticated mode | |||
where fields are defined as the following: | where fields are defined as the following: | |||
o Sequence Number is four octets long field. The value of the | o Sequence Number is four octets long field. The value of the | |||
Sequence Number field is set according to the mode of the STAMP | Sequence Number field is set according to the mode of the STAMP | |||
Session-Reflector: | Session-Reflector: | |||
skipping to change at page 9, line 31 ¶ | skipping to change at page 9, line 13 ¶ | |||
in Section 4.1. | in Section 4.1. | |||
o Session-Sender Sequence Number, Session-Sender Timestamp, and | o Session-Sender Sequence Number, Session-Sender Timestamp, and | |||
Session-Sender Error Estimate are copies of the corresponding | Session-Sender Error Estimate are copies of the corresponding | |||
fields in the STAMP test packet sent by the Session-Sender. | fields in the STAMP test packet sent by the Session-Sender. | |||
o Session-Sender TTL is one octet long field, and its value is the | o Session-Sender TTL is one octet long field, and its value is the | |||
copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the | copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the | |||
received STAMP test packet. | received STAMP test packet. | |||
o Packet Padding (reflected) is an optional variable length field. | o MBZ is used to achieve alignment on a four octets boundary. The | |||
The length of the Packet Padding (reflected) field MUST be equal | value of the field MAY be zeroed on transmission and MUST be | |||
to the value of the Server Octets field (Figure 2). If the value | ignored on receipt. | |||
is non-zero, the Session-Reflector MUST copy number of octets | ||||
equal to the value of Server Octets field starting with the Server | ||||
Octets field. | ||||
o Comp.MBZ is a variable length field used to achieve alignment on a | ||||
word boundary. Thus the length of Comp.MBZ field may be only 0, | ||||
1, 2 or 3 octets. The value of the field MUST be zeroed on | ||||
transmission and ignored on receipt. | ||||
4.2.2. Session-Reflector Packet Format in Authenticated Mode | 4.2.2. Session-Reflector Packet Format in Authenticated Mode | |||
For the authenticated mode: | For the authenticated mode: | |||
0 1 2 3 | 0 1 2 3 | |||
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| Sequence Number | | | Sequence Number | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
skipping to change at page 10, line 49 ¶ | skipping to change at page 10, line 23 ¶ | |||
| HMAC (16 octets) | | | HMAC (16 octets) | | |||
| | | | | | |||
| | | | | | |||
| | | | | | |||
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
Figure 6: STAMP Session-Reflector test packet format in authenticated | Figure 6: STAMP Session-Reflector test packet format in authenticated | |||
mode | mode | |||
The field definitions are the same as the unauthenticated mode, | The field definitions are the same as the unauthenticated mode, | |||
listed in Section 4.2.1. Additionally, the packet MAY include | listed in Section 4.2.1. Additionally, the MBZ field is used to | |||
Comp.MBZ field is a variable length field to align the packet on 16 | align the packet on 16 octets boundary. The value of the field MAY | |||
octets boundary. Also, STAMP Session-Reflector test packet format in | be zeroed on transmission and MUST be ignored on receipt. Also, | |||
authenticated mode includes a key (HMAC) ([RFC2104]) hash at the end | STAMP Session-Reflector test packet format in authenticated mode | |||
of the PDU. The detailed use of the HMAC field is in Section 4.3. | includes a key (HMAC) ([RFC2104]) hash at the end of the PDU. The | |||
detailed use of the HMAC field is in Section 4.3. | ||||
4.3. Integrity and Confidentiality Protection in STAMP | 4.3. Integrity and Confidentiality Protection in STAMP | |||
To provide integrity protection, each STAMP message is being | To provide integrity protection, each STAMP message is being | |||
authenticated by adding Hashed Message Authentication Code (HMAC). | authenticated by adding Hashed Message Authentication Code (HMAC). | |||
STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use | STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use | |||
of it in IPSec defined in [RFC4868]); hence the length of the HMAC | of it in IPSec defined in [RFC4868]); hence the length of the HMAC | |||
field is 16 octets. HMAC uses own key and the definition of the | field is 16 octets. HMAC uses own key and the definition of the | |||
mechanism to distribute the HMAC key is outside the scope of this | mechanism to distribute the HMAC key is outside the scope of this | |||
specification. One example is to use an orchestrator to configure | specification. One example is to use an orchestrator to configure | |||
skipping to change at page 11, line 48 ¶ | skipping to change at page 11, line 27 ¶ | |||
Session-Reflector may not support the use of UDP port 862 as defined | Session-Reflector may not support the use of UDP port 862 as defined | |||
in [RFC8545]. Thus STAMP Session-Sender MUST be able to send test | in [RFC8545]. Thus STAMP Session-Sender MUST be able to send test | |||
packets to destination UDP port number from the Dynamic and/or | packets to destination UDP port number from the Dynamic and/or | |||
Private Ports range 49152-65535, test management system should find a | Private Ports range 49152-65535, test management system should find a | |||
port number that both devices can use. And if any of STAMP | port number that both devices can use. And if any of STAMP | |||
extensions are used, the TWAMP Light Session-Reflector will view them | extensions are used, the TWAMP Light Session-Reflector will view them | |||
as Packet Padding field. The Session-Sender SHOULD use the default | as Packet Padding field. The Session-Sender SHOULD use the default | |||
format for its timestamps - NTP. And it MAY use PTPv2 timestamp | format for its timestamps - NTP. And it MAY use PTPv2 timestamp | |||
format. | format. | |||
In the latter scenario, the test management system should set STAMP | In the latter scenario, the test management system SHOULD set STAMP | |||
Session-Reflector to use UDP port number from the Dynamic and/or | Session-Reflector to use UDP port number from the Dynamic and/or | |||
Private Ports range. As for Packet Padding field that the TWAMP | Private Ports range. If the TWAMP Light Session-Sender includes | |||
Light Session-Sender includes in its transmitted packet, the STAMP | Packet Padding field in its transmitted packet, the STAMP Session- | |||
Session-Reflector will process it according to [RFC6038] and return | Reflector will return the reflected packet of the symmetrical size if | |||
reflected packet of the symmetrical size. The Session-Reflector MUST | the size of the received test packet is larger than the size of STAMP | |||
use the default format for its timestamps - NTP. | base packet. The Session-Reflector MUST be set to use the default | |||
format for its timestamps, NTP. | ||||
STAMP does not support the Reflect Octets capability defined in | ||||
[RFC6038]. If the Server Octets field is present in the TWAMP | ||||
Session-Sender packet, STAMP Session-Reflector will not copy the | ||||
content starting from the Server Octets field but will transmit the | ||||
reflected packet of equal size. | ||||
5. IANA Considerations | 5. IANA Considerations | |||
This document doesn't have any IANA action. This section may be | This document doesn't have any IANA action. This section may be | |||
removed before the publication. | removed before the publication. | |||
6. Security Considerations | 6. Security Considerations | |||
In general, all the security considerations related to TWAMP-Test, | In general, all the security considerations related to TWAMP-Test, | |||
discussed in [RFC5357] apply to STAMP. Since STAMP uses the well- | discussed in [RFC5357] apply to STAMP. Since STAMP uses the well- | |||
known UDP port number allocated for the OWAMP-Test/TWAMP-Test | known UDP port number allocated for the OWAMP-Test/TWAMP-Test | |||
Receiver port, the security considerations and measures to mitigate | Receiver port, the security considerations and measures to mitigate | |||
the risk of the attack using the registered port number documented in | the risk of the attack using the registered port number documented in | |||
Section 6 [RFC8545] equally apply to STAMP. Because of the control | Section 6 [RFC8545] equally apply to STAMP. Because of the control | |||
and management of a STAMP test being outside the scope of this | and management of a STAMP test being outside the scope of this | |||
specification only the more general requirement is set: | specification only the more general requirement is set: | |||
To mitigate the possible attack vector, the control and management | To mitigate the possible attack vector, the control and management | |||
of a STAMP test session MUST use the secured transport. | of a STAMP test session MUST use the secured transport. | |||
Load of STAMP test packets offered to a network MUST be carefully | ||||
estimated, and the possible impact on the existing services MUST | ||||
be thoroughly analyzed before launching the test session. | ||||
[RFC8085] section 3.1.5 provides guidance on handling network load | ||||
for UDP-based protocol. While the characteristic of test traffic | ||||
depends on the test objective, it is highly recommended to stay in | ||||
the limits as provided in [RFC8085]. | ||||
Use of HMAC-SHA-256 in the authenticated mode protects the data | Use of HMAC-SHA-256 in the authenticated mode protects the data | |||
integrity of the STAMP test packets. | integrity of the STAMP test packets. | |||
7. Acknowledgments | 7. Acknowledgments | |||
Authors express their appreciation to Jose Ignacio Alvarez-Hamelin | Authors express their appreciation to Jose Ignacio Alvarez-Hamelin | |||
and Brian Weis for their great insights into the security and | and Brian Weis for their great insights into the security and | |||
identity protection, and the most helpful and practical suggestions. | identity protection, and the most helpful and practical suggestions. | |||
Also, our sincere thanks to David Ball for his thorough review and | Also, our sincere thanks to David Ball and Rakesh Gandhi or their | |||
helpful comments. | thorough reviews and helpful comments. | |||
8. References | 8. References | |||
8.1. Normative References | 8.1. Normative References | |||
[IEEE.1588.2008] | [IEEE.1588.2008] | |||
"Standard for a Precision Clock Synchronization Protocol | "Standard for a Precision Clock Synchronization Protocol | |||
for Networked Measurement and Control Systems", | for Networked Measurement and Control Systems", | |||
IEEE Standard 1588, March 2008. | IEEE Standard 1588, March 2008. | |||
skipping to change at page 14, line 15 ¶ | skipping to change at page 14, line 10 ¶ | |||
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
Hashing for Message Authentication", RFC 2104, | Hashing for Message Authentication", RFC 2104, | |||
DOI 10.17487/RFC2104, February 1997, | DOI 10.17487/RFC2104, February 1997, | |||
<https://www.rfc-editor.org/info/rfc2104>. | <https://www.rfc-editor.org/info/rfc2104>. | |||
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- | [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- | |||
384, and HMAC-SHA-512 with IPsec", RFC 4868, | 384, and HMAC-SHA-512 with IPsec", RFC 4868, | |||
DOI 10.17487/RFC4868, May 2007, | DOI 10.17487/RFC4868, May 2007, | |||
<https://www.rfc-editor.org/info/rfc4868>. | <https://www.rfc-editor.org/info/rfc4868>. | |||
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage | ||||
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, | ||||
March 2017, <https://www.rfc-editor.org/info/rfc8085>. | ||||
Authors' Addresses | Authors' Addresses | |||
Greg Mirsky | Greg Mirsky | |||
ZTE Corp. | ZTE Corp. | |||
Email: gregimirsky@gmail.com | Email: gregimirsky@gmail.com | |||
Guo Jun | Guo Jun | |||
ZTE Corporation | ZTE Corporation | |||
68# Zijinghua Road | 68# Zijinghua Road | |||
End of changes. 22 change blocks. | ||||
75 lines changed or deleted | 63 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |