Hi Dale,
thank you for your review, comments, and suggestions. Please find answers and notes in-line under the GIM>> tag.
Attached, please find the diff between -07 and the current working version, as well as, the working version of the draft.
Regards,
Greg
On Tue, Sep 3, 2019 at 6:01 PM Dale Worley via Datatracker <noreply@xxxxxxxx> wrote:
----------------------------------------------------------------------
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.
For more information, please see the FAQ at
<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
Document: draft-ietf-ippm-stamp-07
Reviewer: Dale R. Worley
Review Date: 2019-09-03
IETF LC End Date: 2019-09-03
IESG Telechat date: 2019-09-19
Summary:
This draft is on the right track but has open issues, described
in the review.
Minor technical issue:
4.4. Interoperability with TWAMP Light
The consequences of using a TWAMP Session-Sender with a STAMP
Session-Reflector aren't adequately described. I suspect that the WG
understands the technical solution, but the text does not make that
clear.
If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field but will transmit the
reflected packet of equal size.
The final phrase appears to not be true. In both unauthenticated and
authenticated mode, the size of the reflected packet is fixed, and so
in this case, it will not have equal size with the incoming packet.
Also, there is no requirement that a STAMP Session-Reflector even
accept incoming packets that are not of the standard length.
GIM>> Thank you for catching this issue. When the work on STAMP specification started, this draft also included extensions, such as Extra Padding TLV. Over the course of our work, all extensions were moved to the separate draft. Would the following update (including the previous paragraph in the section) address your concern:
OLD TEXT:
In the latter scenario, if a TWAMP Light Session-Sender does not
support the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number as defined in
Section 4. If the TWAMP Light Session-Sender includes Packet Padding
field in its transmitted packet, the STAMP Session-Reflector will
return the reflected packet of the symmetrical size if the size of
the received test packet is larger than the size of the STAMP base
packet. The Session-Reflector MUST be set to use the default format
for its timestamps, NTP.
STAMP does not support the Reflect Octets capability defined in
[RFC6038]. If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field but will transmit the
reflected packet of equal size.
support the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number as defined in
Section 4. If the TWAMP Light Session-Sender includes Packet Padding
field in its transmitted packet, the STAMP Session-Reflector will
return the reflected packet of the symmetrical size if the size of
the received test packet is larger than the size of the STAMP base
packet. The Session-Reflector MUST be set to use the default format
for its timestamps, NTP.
STAMP does not support the Reflect Octets capability defined in
[RFC6038]. If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field but will transmit the
reflected packet of equal size.
NEW TEXT:
In the latter scenario, if a TWAMP Light Session-Sender does notsupport the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number as defined in
Section 4. The Session-Reflector MUST be set to use the default
format for its timestamps, NTP.
A STAMP Session-Reflector that supports this specification would
transmit the base packet (Figure 5) regardless of the size of the
Padding field in the packet received from TWAMP Session-Sender.
Also, STAMP does not support the Reflect Octets capability defined in
[RFC6038]. If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field and will transmit the
reflected packet, as displayed in Figure 5.
It seems that there is an unwritten requirement that a STAMP
Session-Reflector accept longer packets than are expected for its
configured operation mode and simply ignore the trailing excess
octets.
There are also some interactions with how the HMAC is verified for
over-length incoming authenticated packets -- how does a STAMP
Session-Reflector authenticate an incoming packet that is longer than
the STAMP format?
GIM>> Authentication in TWAMP and STAMP use different algorithms (HMAC-SHA-256 in STAMP vs. HMAC-SHA-1 in TWAMP as inherited from OWAMP [RFC4656]), we don't have the requirement to provide interoperability in Authenticated mode. Will update the first paragraph of the interoperability section to explicitly state the scope:
OLD TEXT:
One of the essential requirements to STAMP is the ability to
interwork with a TWAMP Light device.
interwork with a TWAMP Light device.
NEW TEXT:
One of the essential requirements to STAMP is the ability to
interwork with a TWAMP Light device. Because STAMP and TWAMP use
different algorithms in Authenticated mode (HMAC-SHA-256 vs. HMAC-
SHA-1), interoperability is only considered for Unauthenticated mode.
interwork with a TWAMP Light device. Because STAMP and TWAMP use
different algorithms in Authenticated mode (HMAC-SHA-256 vs. HMAC-
SHA-1), interoperability is only considered for Unauthenticated mode.
Editorial issues:
1. Introduction
and inherit separation of control (vendor-specific configuration or
orchestration) and test functions.
Is "inherit" intended to be "inherent"?
GIM>> Thank you. That was the intention. Done.
One of such is Performance
Measurement from IP Edge to Customer Equipment using TWAMP Light from
Broadband Forum [BBF.TR-390] used as the reference TWAMP Light that,
according to [RFC8545], includes sub-set of TWAMP-Test functions in
combination with other applications that provide, for example,
control and security.
This sentence is awkward because of the length of the title in the
middle of the sentence. Perhaps
One of such is [BBF.TR-390] (Performance Measurement from IP Edge
to Customer Equipment using TWAMP Light from the Broadband Forum),
a the reference TWAMP Light, that includes a sub-set of TWAMP-Test
functions along with control and security functions.
GIM>> Thank you for the proposed text. While addressing other comments the text has been transformed to the following:
CURRENT TEXT:
Recent work on IP Edge to Customer Equipment using TWAMP Light fromBroadband Forum [BBF.TR-390] demonstrated that interoperability among
implementations of TWAMP Light is challenged because the composition
and operation of TWAMP Light were not sufficiently specified in
[RFC5357]. According to [RFC8545], TWAMP Light includes sub-set of
TWAMP-Test functions to provide comprehensive solution requires
support by other applications that provide, for example, control and
security.
Hope the current version is clearer and more readable.
--
This document defines an active performance measurement test protocol
This sentence doesn't explicitly say that STAMP is connected to TWAMP,
despite that the preceding sentence does explicitly say that
BBF.TR-390 is connected to TWAMP. Perhaps, "This document defines
another such mechanism ..." Perhaps also precede with a paragraph
break for clarity.
GIM>> Introduction section now has three paragraphs and the last refers to common extensions. Do you feel that the current version made the relationship between TWAMP-Test and STAMP clearer:
CURRENT TEXT:
This document defines an active performance measurement test
protocol, Simple Two-way Active Measurement Protocol (STAMP), that
enables measurement of both one-way and round-trip performance
metrics like delay, delay variation, and packet loss. Some TWAMP
extensions, e.g., [RFC7750] are supported by the extensions to STAMP
base specification in [I-D.ietf-ippm-stamp-option-tlv].
protocol, Simple Two-way Active Measurement Protocol (STAMP), that
enables measurement of both one-way and round-trip performance
metrics like delay, delay variation, and packet loss. Some TWAMP
extensions, e.g., [RFC7750] are supported by the extensions to STAMP
base specification in [I-D.ietf-ippm-stamp-option-tlv].
2.1. Terminology
AES Advanced Encryption Standard
CBC Cipher Block Chaining
ECB Electronic Cookbook
KEK Key-encryption Key
These four terms are not used in the document.
GIM>> Thank you, removed.
3. Softwarization of Performance Measurement
The configuration and management of the STAMP Session-
Sender, Session-Reflector, and management of the STAMP sessions can
be achieved through various means.
You should probably revise to add "... sessions are outside the scope
of this document and can be ...".
GIM>> Thank you for the suggested text. Agreed and added.
Command Line Interface, OSS/BSS
(operations support system/business support system as a combination
of two systems used to support a range of telecommunication services)
using SNMP or controllers in Software-Defined Networking using
Netconf/YANG are but a few examples.
This sentence is long and awkward in a number of ways. One version
that I think is clearer is:
A few examples are: Command Line Interface, telecommunication
services' OSS/BSS systems, SNMP, and Netconf/YANG-based SDN
controllers.
GIM>> Many thanks for the proposal. The text is denser and informative.
4. Theory of Operation
About half of the text in section 4 is about port assignments, but
that isn't really part of the "Theory of Operation". I think the
exposition would be easier to read if the text about port assignments
was extracted and put into a separate subsection (probably placed
between 4 and 4.1).
GIM>> I've re-arranged Section 4. Please let me know if the flow of information is clear and makes sense.
4.1.1. Session-Sender Packet Format in Unauthenticated Mode
o Sequence Number is four octets long field. For each new session
its value starts at zero and is incremented with each transmitted
packet.
There is no definition of what a STAMP session is in this document.
The idea is more or less obvious, but it would be useful to call out
its primary properties in section 4 "Theory of Operation". It seems
like the primary properties are that a session is between one
Session-Sender and one Session-Reflector and a session contains a
potentially unlimited number of packets sent between the two.
GIM>> Magnus had similar comment and in course of our discussion we've agreed on the following definition of a STAMP session, now part of Section 3:
In this document, a measurement session also referred to as
STAMP session, is the bi-directional packet flow between one specificSession-Sender and one particular Session-Reflector for a time
duration.
o Timestamp is eight octets long field. STAMP node MUST support
Network Time Protocol (NTP) version 4 64-bit timestamp format
[RFC5905], the format used in [RFC5357]. STAMP node MAY support
IEEE 1588v2 Precision Time Protocol truncated 64-bit timestamp
format [IEEE.1588.2008], the format used in [RFC8186].
The specification of how the time format for a particular packet is
chosen is weak. I think you want to add to the above paragraph that
the choice of format is determined either by configuration or the Z
bit in the Error Estimate field.
GIM>> In regard to the format of a timestamp, STAMP specification follows the idea of RFC 8186 where extension to negotiate timestamp format for TWAMP-Control and the new interpretation of Z flag were defined. For STAMP, as defined for TWAMP, the value of the Z flag in the Error Estimate field is only to reflect the format used by the node.
4.1.2. Session-Sender Packet Format in Authenticated Mode
Also, MBZ fields are used to align the packet on 16 octets
boundary.
You can't align the packet itself using a field within the packet.
You want to say "are used to align the fields within the packet on 16
octets boundaries." Or perhaps "to make the packet length a multiple
of 16 octets." Similarly in 4.2.1 and 4.2.2.
GIM>> Thank you for the suggested text. I've used the second option.
4.2. Session-Reflector Behavior and Packet Format
Two modes of STAMP Session-Reflector characterize the expected
behavior and, consequently, performance metrics that can be measured:
o Stateless - STAMP Session-Reflector does not maintain test state
and will reflect the received sequence number without
modification. As a result, only round-trip packet loss can be
calculated while the reflector is operating in stateless mode.
o Stateful - STAMP Session-Reflector maintains test state thus
enabling the ability to determine forward loss, gaps recognized in
the received sequence number. As a result, both near-end
(forward) and far-end (backward) packet loss can be computed.
That implies that the STAMP Session-Reflector MUST keep a state
for each accepted STAMP-test session, uniquely identifying STAMP-
test packets to one such session instance, and enabling adding a
sequence number in the test reply that is individually incremented
on a per-session basis.
This seems important enough -- the mode determines what data STAMP
can measure -- to be promoted to part of section 4, "Theory of
Operation".
GIM>> I agree. Moved the text to Section 4 and re-named this section to
Session-Reflector Packet Format
4.3. Integrity and Confidentiality Protection in STAMP
To provide integrity protection, each STAMP message is being
authenticated by adding Hashed Message Authentication Code (HMAC).
Of course, this is only regarding authenticated mode. So you want to
phrase this "Authenticated mode provides integrity protection to each
STAMP message by adding ...".
GIM>> Again, thank you for the suggestion.
4.4. Interoperability with TWAMP Light
For example, a TWAMP Light
Session-Reflector may not support the use of UDP port 862 as defined
in [RFC8545]. Thus STAMP Session-Sender MAY use port numbers as
defined in Section 4.
The connection between these two sentences is unclear. I think it
means:
For example, a TWAMP Light
Session-Reflector may not support the use of UDP port 862 as specified
in [RFC8545]. Thus Section 4 permits a STAMP Session-Sender to use
alternative ports.
GIM>> Great, thank you!
--
The
Session-Sender SHOULD use the default format for its timestamps -
NTP. And it MAY use PTPv2 timestamp format
The first sentence could be made more specific. But the second
sentence seems to be redundant -- SHOULD is never mandatory, so you
don't have to add a MAY. So perhaps,
When interoperating with a TWAMP Light Session-Reflector, the
Session-Sender SHOULD use the default format for its timestamps -
NTP.
GIM>> We've reviewed these requirements and had agreed that they are not needed. The STAMP Session-Sender is required to be able to interpret both formats, NTP and PTP2, and the selection is local decision that has no impact on the ability to interwork with TWAMP Light Session-Reflector. Hence, these two sentences were removed.
--
In the latter scenario, if a TWAMP Light Session-Sender does not
support the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number as defined in
Section 4.
The phrase "to use UDP port number as defined in Section 4" isn't
clear, since second 4 doesn't define what UDP port number should be
used in this situation. I think the meaning is "the test management
system MUST set STAMP Session-Reflector to use an acceptable UDP port
number, as permitted by Section 4".
GIM>> Thank you, accepted the text you've proposed.
6. Security Considerations
STAMP test packets can be transmitted with the destination UDP port
number from the User Ports range, as defined in Section 4, that is
already or will be assigned by IANA.
This sentence seems to be more part of the port-number discussion (see
comments on section 4) than security considerations -- unless the
usage of port numbers is a topic in security.
Additionally, it appears that section 4 requires that a STAMP service
can be configured to sent packets to any port within the User Ports
range, regardless of whether IANA assigns a User Port specifically to
STAMP. With this consideration, the phrase "that is already or will
be assigned by IANA" seems to be either redundant or too narrow.
GIM>> This text has been moved to the Operational Considerations section. In the process of re-arraging we've removed the characterization "already or will be assigned by IANA". Please let me know if the current version of the text is acceptable.
Network Working Group G. Mirsky
Internet-Draft ZTE Corp.
Intended status: Standards Track G. Jun
Expires: April 2, 2020 ZTE Corporation
H. Nydell
Accedian Networks
R. Foote
Nokia
September 30, 2019
Simple Two-way Active Measurement Protocol
draft-ietf-ippm-stamp-09
Abstract
This document describes a Simple Two-way Active Measurement Protocol
which enables the measurement of both one-way and round-trip
performance metrics like delay, delay variation, and packet loss.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 2, 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Mirsky, et al. Expires April 2, 2020 [Page 1]
Internet-Draft STAMP September 2019
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions used in this document . . . . . . . . . . . . . . 3
2.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2.2. Requirements Language . . . . . . . . . . . . . . . . . . 3
3. Operation and Management of Performance Measurement Based on
STAMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Theory of Operation . . . . . . . . . . . . . . . . . . . . . 4
4.1. UDP Port Numbers in STAMP Testing . . . . . . . . . . . . 5
4.2. Session-Sender Behavior and Packet Format . . . . . . . . 5
4.2.1. Session-Sender Packet Format in Unauthenticated Mode 5
4.2.2. Session-Sender Packet Format in Authenticated Mode . 7
4.3. Session-Reflector Behavior and Packet Format . . . . . . 8
4.3.1. Session-Reflector Packet Format in Unauthenticated
Mode . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3.2. Session-Reflector Packet Format in Authenticated Mode 9
4.4. Integrity Protection in STAMP . . . . . . . . . . . . . . 10
4.5. Confidentiality Protection in STAMP . . . . . . . . . . . 11
4.6. Interoperability with TWAMP Light . . . . . . . . . . . . 11
5. Operational Considerations . . . . . . . . . . . . . . . . . 12
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13
9.1. Normative References . . . . . . . . . . . . . . . . . . 13
9.2. Informative References . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
Development and deployment of Two-Way Active Measurement Protocol
(TWAMP) [RFC5357] and its extensions, e.g., [RFC6038] that defined
Symmetrical Size for TWAMP provided invaluable experience. Several
independent implementations of both TWAMP and TWAMP Light exist, have
been deployed, and provide important operational performance
measurements.
At the same time, there has been noticeable interest in using a more
straightforward mechanism for active performance monitoring that can
provide deterministic behavior and inherent separation of control
(vendor-specific configuration or orchestration) and test functions.
Recent work on IP Edge to Customer Equipment using TWAMP Light from
Broadband Forum [BBF.TR-390] demonstrated that interoperability among
Mirsky, et al. Expires April 2, 2020 [Page 2]
Internet-Draft STAMP September 2019
implementations of TWAMP Light is challenged because the composition
and operation of TWAMP Light were not sufficiently specified in
[RFC5357]. According to [RFC8545], TWAMP Light includes sub-set of
TWAMP-Test functions to provide comprehensive solution requires
support by other applications that provide, for example, control and
security.
This document defines an active performance measurement test
protocol, Simple Two-way Active Measurement Protocol (STAMP), that
enables measurement of both one-way and round-trip performance
metrics like delay, delay variation, and packet loss. Some TWAMP
extensions, e.g., [RFC7750] are supported by the extensions to STAMP
base specification in [I-D.ietf-ippm-stamp-option-tlv].
2. Conventions used in this document
2.1. Terminology
STAMP - Simple Two-way Active Measurement Protocol
NTP - Network Time Protocol
PTP - Precision Time Protocol
HMAC Hashed Message Authentication Code
OWAMP One-Way Active Measurement Protocol
TWAMP Two-Way Active Measurement Protocol
MBZ May be Zero
2.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Operation and Management of Performance Measurement Based on STAMP
Figure 1 presents the Simple Two-way Active Measurement Protocol
(STAMP) Session-Sender, and Session-Reflector with a measurement
session. In this document, a measurement session also referred to as
STAMP session, is the bi-directional packet flow between one specific
Session-Sender and one particular Session-Reflector for a time
duration. The configuration and management of the STAMP Session-
Mirsky, et al. Expires April 2, 2020 [Page 3]
Internet-Draft STAMP September 2019
Sender, Session-Reflector, and management of the STAMP sessions are
outside the scope of this document and can be achieved through
various means. A few examples are: Command Line Interface,
telecommunication services' OSS/BSS systems, SNMP, and Netconf/YANG-
based SDN controllers.
o----------------------------------------------------------o
| Configuration and |
| Management |
o----------------------------------------------------------o
|| ||
|| ||
|| ||
+----------------------+ +-------------------------+
| STAMP Session-Sender | <--- STAMP---> | STAMP Session-Reflector |
+----------------------+ +-------------------------+
Figure 1: STAMP Reference Model
4. Theory of Operation
STAMP Session-Sender transmits test packets over UDP transport toward
STAMP Session-Reflector. STAMP Session-Reflector receives Session-
Sender's packet and acts according to the configuration and optional
control information communicated in the Session-Sender's test packet.
Two modes of STAMP Session-Reflector characterize the expected
behavior and, consequently, performance metrics that can be measured:
o Stateless - STAMP Session-Reflector does not maintain test state
and will use the value in the Sequence Number field in the
received packet as the value for the Sequence Number field in the
reflected packet. As a result, values in Sequence Number and
Session-Sender Sequence Number fields are the same, and only
round-trip packet loss can be calculated while the reflector is
operating in stateless mode.
o Stateful - STAMP Session-Reflector maintains test state thus
enabling the ability to determine forward loss, gaps recognized in
the received sequence number. As a result, both near-end
(forward) and far-end (backward) packet loss can be computed.
That implies that the STAMP Session-Reflector MUST keep a state
for each accepted STAMP-test session, uniquely identifying STAMP-
test packets to one such session instance, and enabling adding a
sequence number in the test reply that is individually incremented
on a per-session basis.
Mirsky, et al. Expires April 2, 2020 [Page 4]
Internet-Draft STAMP September 2019
STAMP supports two modes: unauthenticated and authenticated.
Unauthenticated STAMP test packets, defined in Section 4.2.1 and
Section 4.3.1, ensure interworking between STAMP and TWAMP Light as
described in Section 4.6 packet formats.
By default, STAMP uses symmetrical packets, i.e., size of the packet
transmitted by Session-Reflector equals the size of the packet
received by the Session-Reflector.
4.1. UDP Port Numbers in STAMP Testing
A STAMP Session-Sender MUST use UDP port 862 (TWAMP-Test Receiver
Port) as the default destination UDP port number. A STAMP
implementation of Session-Sender MUST be able to use UDP port numbers
from User, a.k.a. Registered, Ports and Dynamic, a.k.a. Private or
Ephemeral, Ports ranges defined in [RFC6335]. Before using numbers
from the User Ports range, the possible impact on the network MUST be
carefully studied and agreed by all users of the network domain where
the test has been planned.
An implementation of STAMP Session-Reflector by default MUST receive
STAMP test packets on UDP port 862. An implementation of Session-
Reflector that supports this specification MUST be able to define the
port number to receive STAMP test packets from User Ports and Dynamic
Ports ranges that are defined in [RFC6335]. STAMP defines two
different test packet formats, one for packets transmitted by the
STAMP-Session-Sender and one for packets transmitted by the STAMP-
Session-Reflector.
4.2. Session-Sender Behavior and Packet Format
STAMP supports symmetrical test packets. The base STAMP Session-
Sender packet has a minimum size of 44 octets in unauthenticated
mode, see Figure 2, and 112 octets in the authenticated mode, see
Figure 4. The variable length of a test packet in STAMP is supported
by using Extra Padding TLV defined in
[I-D.ietf-ippm-stamp-option-tlv].
4.2.1. Session-Sender Packet Format in Unauthenticated Mode
STAMP Session-Sender packet format in unauthenticated mode:
Mirsky, et al. Expires April 2, 2020 [Page 5]
Internet-Draft STAMP September 2019
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| |
| |
| MBZ (30 octets) |
| |
| |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: STAMP Session-Sender test packet format in unauthenticated
mode
where fields are defined as the following:
o Sequence Number is four octets long field. For each new session
its value starts at zero and is incremented with each transmitted
packet.
o Timestamp is eight octets long field. STAMP node MUST support
Network Time Protocol (NTP) version 4 64-bit timestamp format
[RFC5905], the format used in [RFC5357]. STAMP node MAY support
IEEE 1588v2 Precision Time Protocol truncated 64-bit timestamp
format [IEEE.1588.2008], the format used in [RFC8186].
o Error Estimate is two octets long field with format displayed in
Figure 3
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|S|Z| Scale | Multiplier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Error Estimate Format
where S, Scale, and Multiplier fields are interpreted as they have
been defined in section 4.1.2 [RFC4656]; and Z flag - as has been
defined in section 2.3 [RFC8186]:
Mirsky, et al. Expires April 2, 2020 [Page 6]
Internet-Draft STAMP September 2019
* 0 - NTP 64 bit format of a timestamp;
* 1 - PTPv2 truncated format of a timestamp.
The STAMP Session-Sender and Session-Reflector MUST use a Z field
value of 0, (NTP 64 bit format of a timestamp) as the default.
The STAMP Session-Sender and Session-Reflector MAY optionally set
the Z field to a value of 1 (PTPv2 truncated format of a
timestamp).
o May-be-Zero (MBZ) field in the session-sender unauthenticated
packet is 30 octets long. It MAY be all zeroed on the
transmission and MUST be ignored on receipt.
4.2.2. Session-Sender Packet Format in Authenticated Mode
STAMP Session-Sender packet format in authenticated mode:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| MBZ (12 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
~ ~
| MBZ (70 octets) |
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| HMAC (16 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: STAMP Session-Sender test packet format in authenticated
mode
The field definitions are the same as the unauthenticated mode,
listed in Section 4.2.1. Also, MBZ fields are used to to make the
packet length a multiple of 16 octets. The value of the field MAY be
Mirsky, et al. Expires April 2, 2020 [Page 7]
Internet-Draft STAMP September 2019
zeroed on transmission and MUST be ignored on receipt. Also, the
packet includes a key-hashed message authentication code (HMAC)
([RFC2104]) hash at the end of the PDU. The detailed use of the HMAC
field is described in Section 4.4.
4.3. Session-Reflector Behavior and Packet Format
The Session-Reflector receives the STAMP test packet, verifies it,
prepares and transmits the reflected test packet.
4.3.1. Session-Reflector Packet Format in Unauthenticated Mode
For unauthenticated mode:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Receive Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Error Estimate | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ses-Sender TTL | MBZ |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: STAMP Session-Reflector test packet format in
unauthenticated mode
where fields are defined as the following:
o Sequence Number is four octets long field. The value of the
Sequence Number field is set according to the mode of the STAMP
Session-Reflector:
* in the stateless mode the Session-Reflector copies the value
from the received STAMP test packet's Sequence Number field;
Mirsky, et al. Expires April 2, 2020 [Page 8]
Internet-Draft STAMP September 2019
* in the stateful mode the Session-Reflector counts the received
STAMP test packets in each test session and uses that counter
to set the value of the Sequence Number field.
o Timestamp and Receiver Timestamp fields are each eight octets
long. The format of these fields, NTP or PTPv2, indicated by the
Z flag of the Error Estimate field as described in Section 4.2.
o Error Estimate has the same size and interpretation as described
in Section 4.2.
o Session-Sender Sequence Number, Session-Sender Timestamp, and
Session-Sender Error Estimate are copies of the corresponding
fields in the STAMP test packet sent by the Session-Sender.
o Session-Sender TTL is one octet long field, and its value is the
copy of the TTL field in IPv4 (or Hop Limit in IPv6) from the
received STAMP test packet.
o MBZ is used to achieve alignment of fields within the packet on a
four octets boundary. The value of the field MAY be zeroed on
transmission and MUST be ignored on receipt.
4.3.2. Session-Reflector Packet Format in Authenticated Mode
For the authenticated mode:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MBZ (12 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| MBZ (6 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Receive Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MBZ (8 octets) |
| |
Mirsky, et al. Expires April 2, 2020 [Page 9]
Internet-Draft STAMP September 2019
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MBZ (12 octets) |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Timestamp |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Session-Sender Error Estimate | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| MBZ (6 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ses-Sender TTL | |
+-+-+-+-+-+-+-+-+ +
| |
| MBZ (15 octets) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HMAC (16 octets) |
| |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: STAMP Session-Reflector test packet format in authenticated
mode
The field definitions are the same as the unauthenticated mode,
listed in Section 4.3.1. Additionally, the MBZ field is used to to
make the packet length a multiple of 16 octets. The value of the
field MAY be zeroed on transmission and MUST be ignored on receipt.
Also, STAMP Session-Reflector test packet format in authenticated
mode includes a key (HMAC) ([RFC2104]) hash at the end of the PDU.
The detailed use of the HMAC field is in Section 4.4.
4.4. Integrity Protection in STAMP
Authenticated mode provides integrity protection to each STAMP
message by adding Hashed Message Authentication Code (HMAC). STAMP
uses HMAC-SHA-256 truncated to 128 bits (similarly to the use of it
in IPSec defined in [RFC4868]); hence the length of the HMAC field is
16 octets. In the Authenticated mode, HMAC covers the first six
blocks (96 octets). HMAC uses its own key; key management and the
mechanisms to distribute the HMAC key is outside the scope of this
specification. One example is to use an orchestrator to configure
Mirsky, et al. Expires April 2, 2020 [Page 10]
Internet-Draft STAMP September 2019
HMAC key based on STAMP YANG data model [I-D.ietf-ippm-stamp-yang].
HMAC MUST be verified as early as possible to avoid using or
propagating corrupted data.
4.5. Confidentiality Protection in STAMP
If confidentiality protection for STAMP is required, a STAMP test
session MUST use a secured transport. For example, STAMP packets
could be transmitted in the dedicated IPsec tunnel or share the IPsec
tunnel with the monitored flow. Also, Datagram Transport Layer
Security protocol would provide the desired confidentiality
protection.
4.6. Interoperability with TWAMP Light
One of the essential requirements to STAMP is the ability to
interwork with a TWAMP Light device. Because STAMP and TWAMP use
different algorithms in Authenticated mode (HMAC-SHA-256 vs. HMAC-
SHA-1), interoperability is only considered for Unauthenticated mode.
There are two possible combinations for such use case:
o STAMP Session-Sender with TWAMP Light Session-Reflector;
o TWAMP Light Session-Sender with STAMP Session-Reflector.
In the former case, the Session-Sender MAY not be aware that its
Session-Reflector does not support STAMP. For example, a TWAMP Light
Session-Reflector may not support the use of UDP port 862 as
specified in [RFC8545]. Thus Section 4. permits a STAMP Session-
Sender to use alternative ports. If any of STAMP extensions are
used, the TWAMP Light Session-Reflector will view them as Packet
Padding field.
In the latter scenario, if a TWAMP Light Session-Sender does not
support the use of UDP port 862, the test management system MUST set
STAMP Session-Reflector to use UDP port number, as permitted by
Section 4. The Session-Reflector MUST be set to use the default
format for its timestamps, NTP.
A STAMP Session-Reflector that supports this specification would
transmit the base packet (Figure 5) regardless of the size of the
Padding field in the packet received from TWAMP Session-Sender.
Also, STAMP does not support the Reflect Octets capability defined in
[RFC6038]. If the Server Octets field is present in the TWAMP
Session-Sender packet, STAMP Session-Reflector will not copy the
content starting from the Server Octets field and will transmit the
reflected packet, as displayed in Figure 5.
Mirsky, et al. Expires April 2, 2020 [Page 11]
Internet-Draft STAMP September 2019
5. Operational Considerations
STAMP is intended to be used on production networks to enable the
operator to assess service level agreements based on packet delay,
delay variation, and loss. When using STAMP over the Internet,
especially when STAMP test packets are transmitted with the
destination UDP port number from the User Ports range, the possible
impact of the STAMP test packets MUST be thoroughly analyzed. The
use of STAMP for each case MUST be agreed by users of nodes hosting
the Session-Sender and Session-Reflector before starting the STAMP
test session.
Also, the use of the well-known port number as the destination UDP
port number in STAMP test packets transmitted by a Session-Sender
would not impede the ability to measure performance in an Equal Cost
Multipath environment and analysis in Section 5.3 [RFC8545] fully
applies to STAMP.
6. IANA Considerations
This document doesn't have any IANA action. This section may be
removed before the publication.
7. Security Considerations
[RFC5357] does not identify security considerations specific to
TWAMP-Test but refers to security considerations identified for OWAMP
in [RFC4656]. Since both OWAMP and TWAMP include control plane and
data plane components, only security considerations related to OWAMP-
Test, discussed in Sections 6.2, 6.3 [RFC4656] apply to STAMP.
STAMP uses the well-known UDP port number allocated for the OWAMP-
Test/TWAMP-Test Receiver port. Thus the security considerations and
measures to mitigate the risk of the attack using the registered port
number documented in Section 6 [RFC8545] equally apply to STAMP.
Because of the control and management of a STAMP test being outside
the scope of this specification only the more general requirement is
set:
To mitigate the possible attack vector, the control, and
management of a STAMP test session MUST use the secured transport.
The load of the STAMP test packets offered to a network MUST be
carefully estimated, and the possible impact on the existing
services MUST be thoroughly analyzed before launching the test
session. [RFC8085] section 3.1.5 provides guidance on handling
network load for UDP-based protocol. While the characteristic of
Mirsky, et al. Expires April 2, 2020 [Page 12]
Internet-Draft STAMP September 2019
test traffic depends on the test objective, it is highly
recommended to stay in the limits as provided in [RFC8085].
Use of HMAC-SHA-256 in the authenticated mode protects the data
integrity of the STAMP test packets.
8. Acknowledgments
Authors express their appreciation to Jose Ignacio Alvarez-Hamelin
and Brian Weis for their great insights into the security and
identity protection, and the most helpful and practical suggestions.
Also, our sincere thanks to David Ball and Rakesh Gandhi or their
thorough reviews and helpful comments.
9. References
9.1. Normative References
[I-D.ietf-ippm-stamp-option-tlv]
Mirsky, G., Xiao, M., Jun, G., Nydell, H., Foote, R., and
A. Masputra, "Simple Two-way Active Measurement Protocol
Optional Extensions", draft-ietf-ippm-stamp-option-tlv-01
(work in progress), September 2019.
[IEEE.1588.2008]
"Standard for a Precision Clock Synchronization Protocol
for Networked Measurement and Control Systems",
IEEE Standard 1588, March 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M.
Zekauskas, "A One-way Active Measurement Protocol
(OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006,
<https://www.rfc-editor.org/info/rfc4656>.
[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J.
Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)",
RFC 5357, DOI 10.17487/RFC5357, October 2008,
<https://www.rfc-editor.org/info/rfc5357>.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010,
<https://www.rfc-editor.org/info/rfc5905>.
Mirsky, et al. Expires April 2, 2020 [Page 13]
Internet-Draft STAMP September 2019
[RFC6038] Morton, A. and L. Ciavattone, "Two-Way Active Measurement
Protocol (TWAMP) Reflect Octets and Symmetrical Size
Features", RFC 6038, DOI 10.17487/RFC6038, October 2010,
<https://www.rfc-editor.org/info/rfc6038>.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8186] Mirsky, G. and I. Meilik, "Support of the IEEE 1588
Timestamp Format in a Two-Way Active Measurement Protocol
(TWAMP)", RFC 8186, DOI 10.17487/RFC8186, June 2017,
<https://www.rfc-editor.org/info/rfc8186>.
[RFC8545] Morton, A., Ed. and G. Mirsky, Ed., "Well-Known Port
Assignments for the One-Way Active Measurement Protocol
(OWAMP) and the Two-Way Active Measurement Protocol
(TWAMP)", RFC 8545, DOI 10.17487/RFC8545, March 2019,
<https://www.rfc-editor.org/info/rfc8545>.
9.2. Informative References
[BBF.TR-390]
"Performance Measurement from IP Edge to Customer
Equipment using TWAMP Light", BBF TR-390, May 2017.
[I-D.ietf-ippm-stamp-yang]
Mirsky, G., Xiao, M., and W. Luo, "Simple Two-way Active
Measurement Protocol (STAMP) Data Model", draft-ietf-ippm-
stamp-yang-04 (work in progress), September 2019.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>.
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-
384, and HMAC-SHA-512 with IPsec", RFC 4868,
DOI 10.17487/RFC4868, May 2007,
<https://www.rfc-editor.org/info/rfc4868>.
Mirsky, et al. Expires April 2, 2020 [Page 14]
Internet-Draft STAMP September 2019
[RFC7750] Hedin, J., Mirsky, G., and S. Baillargeon, "Differentiated
Service Code Point and Explicit Congestion Notification
Monitoring in the Two-Way Active Measurement Protocol
(TWAMP)", RFC 7750, DOI 10.17487/RFC7750, February 2016,
<https://www.rfc-editor.org/info/rfc7750>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>.
Authors' Addresses
Greg Mirsky
ZTE Corp.
Email: gregimirsky@xxxxxxxxx
Guo Jun
ZTE Corporation
68# Zijinghua Road
Nanjing, Jiangsu 210012
P.R.China
Phone: +86 18105183663
Email: guo.jun2@xxxxxxxxxx
Henrik Nydell
Accedian Networks
Email: hnydell@xxxxxxxxxxxx
Richard Foote
Nokia
Email: footer.foote@xxxxxxxxx
Mirsky, et al. Expires April 2, 2020 [Page 15]
<<< text/html; charset="UTF-8"; name="Diff_ draft-ietf-ippm-stamp-07.txt - draft-ietf-ippm-stamp-09.txt.html": Unrecognized >>>
