<?xmlversion="1.0"?>version='1.0' encoding='UTF-8'?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd" [<!ENTITY RFC2119 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">[ <!ENTITYRFC8287 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8287.xml">nbsp " "> <!ENTITYRFC8029 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8029.xml">zwsp "​"> <!ENTITYRFC8403 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8403.xml">nbhy "‑"> <!ENTITYRFC8402 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8402.xml"> <!ENTITY RFC8604 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8604.xml"> <!ENTITY RFC7743 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7743.xml"> <!ENTITY RFC3107 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3107.xml"> <!ENTITY RFC8660 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8660.xml"> <!ENTITY RFC7110 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7110.xml"> <!ENTITY RFC9087 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9087.xml"> <!ENTITY RFC8277 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8277.xml"> <!ENTITY RFC8174 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC9086 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9086.xml"> <!ENTITY RFC9256 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9256.xml"> <!ENTITY RFC9552 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9552.xml"> <!ENTITY RFC7942 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7942.xml"> <!ENTITY RFC9350 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.9350.xml"> <!ENTITY RFC3032 PUBLIC "" "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3032.xml">wj "⁠"> ]><?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ietf-mpls-spring-inter-domain-oam-20"ipr="trust200902">number="9716" consensus="true" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <front> <titleabbrev="Inter-as-OAM">Path Monitoring System/Head-end basedabbrev="MPLS Ping and Traceroute in Inter-Domain SR Networks">Mechanisms for MPLS Ping and Traceroute Procedures inInter-domainInter-Domain Segment Routing Networks</title> <seriesInfo name="RFC" value="9716"/> <author initials="S." surname="Hegde" fullname="Shraddha Hegde"> <organization>JuniperNetworksNetworks, Inc.</organization> <address> <postal> <street>Exora Business Park</street> <city>Bangalore</city> <region>KA</region> <code>560103</code> <country>India</country> </postal> <email>shraddha@juniper.net</email> </address> </author> <author initials="K." surname="Arora" fullname="Kapil Arora"> <organization>Individual Contributor</organization> <address><postal> <street></street> <city></city> <region></region> <code></code> <country></country> </postal><email>kapil.it@gmail.com</email> </address> </author> <author initials="M." surname="Srivastava" fullname="Mukul Srivastava"> <organization>JuniperNetworksNetworks, Inc.</organization> <address><postal> <street></street> <city></city> <region></region> <code></code> <country></country> </postal><email>msri@juniper.net</email> </address> </author> <author initials="S." surname="Ninan" fullname="Samson Ninan"> <organization>Ciena</organization> <address><postal> <street></street> <city></city> <region></region> <code></code> <country></country> </postal><email>samson.cse@gmail.com</email> </address> </author> <author initials="N." surname="Kumar" fullname="Nagendra Kumar"> <organization>Oracle</organization> <address><postal> <street></street> <city></city> <region></region> <code></code> <country></country> </postal><email>nagendrakumar.nainar@gmail.com</email> </address> </author> <dateyear="2024"/> <area>Routing</area> <workgroup>Routing area</workgroup>year="2025" month="January"/> <area>RTG</area> <workgroup>mpls</workgroup> <keyword>OAM</keyword> <keyword>EPE</keyword> <keyword>BGP-LS</keyword> <keyword>BGP</keyword> <keyword>SPRING</keyword> <keyword>SDN</keyword> <abstract> <t>The Segment Routing (SR) architecture leverages source routing and can be directly applied to the use of an MPLS data plane.An SR-MPLSA Segment Routing over MPLS (SR-MPLS) network may consist of multiple IGP domains or multiple Autonomous Systems (ASes) under the control of the same organization. It is useful to have the Label Switched Path (LSP) ping and traceroute procedures when an SR end-to-end path traverses multiple ASes or IGP domains. This document outlines mechanisms to enable efficient LSP ping and traceroute procedures in inter-AS and inter-domain SR-MPLSnetworksnetworks. This is achieved through a straightforward extension to the Operations, Administration, and Maintenance (OAM) protocol, relying solely on data plane forwarding for handling echo replies on transit nodes.</t> </abstract> </front> <middle> <sectiontitle="Introduction" anchor='intro'> <t> Manyanchor="intro" numbered="true" toc="default"> <name>Introduction</name> <t>Many network deployments have built their networks consisting of multiple ASes either for the ease of operations or as a result of network mergers and acquisitions. SR can be deployed in such scenarios to provide end-to-end paths, traversing multiple Autonomoussystems (ASes). </t> <t> <xref target='RFC8660'/>Systems (ASes).</t> <t><xref target="RFC8660" format="default"/> specifies SR with an MPLS data plane. <xreftarget='RFC8402'/>target="RFC8402" format="default"/> describes BGPPeering Segments,peering segments, and <xreftarget='RFC9087'/>target="RFC9087" format="default"/> describesCentralizedcentralized BGP Egress Peer Engineering, which will help in steering packets from one AS to another. By utilizing these SR capabilities, it is possible to create paths that span multipleASes. </t> <t>ASes.</t> <figureanchor="Topology_1" title="Inter-ASanchor="Topology_1"> <name>Inter-AS Segment RoutingTopology"> <artwork>Topology</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +----------------+ | Controller/PMS | +----------------+ |---AS1-----||------AS2------||----AS2----| |----AS3---| ASBR2----ASBR3 ASBR5------ASBR7 / \ / \ / \ / \ PE1----P1---P2 P3---P4---PE4 P5---P6--PE5 \ / \ / \ / \ / ASBR1----ASBR4 ASBR6------ASBR8Autonomous System: AS1,]]></artwork> </figure> <dl> <dt>Autonomous System:</dt><dd>AS1, AS2,AS3 Provider Edge: PE1,AS3</dd> <dt>Provider Edge:</dt><dd>PE1, PE4,PE5 Provider: P1,PE5</dd> <dt>Provider:</dt><dd>P1, P2, P3, P4, P5,P6 ASP6</dd> <dt>Autonomous System BoundaryRouter: ASBR1,Router:</dt><dd>ASBR1, ASBR2, ASBR3, ASBR4, ASBR5, ASBR6, ASBR7,ASBR8 </artwork> </figure> </t>ASBR8</dd> </dl> <t>For example, <xreftarget="Topology_1"/>target="Topology_1" format="default"/> describes an inter-AS network scenario consisting of ASes AS1,AS2AS2, and AS3. AS1, AS2, and AS3 are SRenabledenabled, and the egress links havePeerNode SID/PeerAdj SID/ PeerSet SIDthe following Segment Identifiers (SIDs) configured and advertised via <xreftarget="RFC9086"/>.target="RFC9086" format="default"/>: PeerNode SID, PeerAdj SID, and PeerSet SID. The PeerNodeSID/PeerAdj SID/PeerSetSID, PeerAdj SID, and PeerSet SID are referred to as Egress Peer Engineering SIDs (EPE-SIDs) in this document. The controller or the head-end can build an end-to-endTraffic-Engineeredtraffic-engineered path consisting of Node-SIDs, Adjacency-SIDs, and EPE-SIDs. It is useful for operators to be able to perform LSP ping and traceroute procedures on these inter-AS SR-MPLS paths, to detect and diagnose faileddeliveriesdeliveries, and to determine the actual path that traffic takes through the network. LSPping/tracerouteping and traceroute procedures use IP connectivity for echoreplyreplies to reach the head-end. In inter-AS networks, IP connectivity may not be there from each router in the path. For example, in <xreftarget="Topology_1"/>,target="Topology_1" format="default"/>, P3 and P4 may not have IP connectivity for PE1.</t> <t>It is not always possible to carry out LSP ping and traceroute functionality on these paths to verify basic connectivity and fault isolation using existing LSP ping and traceroutemechanisms(<xref target="RFC8287"/>mechanisms (see <xref target="RFC8287" format="default"/> and <xreftarget="RFC8029"/>).target="RFC8029" format="default"/>). That is because there might not always be IP connectivity from a responding node back to the source address of the ping packet when the responding node is in a different AS from the source of theping. </t>ping.</t> <t><xreftarget ="RFC8403"/>target="RFC8403" format="default"/> describes mechanisms to carry out MPLSping/tracerouteping and traceroute from a Path Monitoring System (PMS). It is possible to build GRE tunnels or static routes to each router in the network to get IP connectivity for the reverse path. This mechanism is operationally very heavy and requires the PMS to be capable of building a huge number of GRE tunnels or installing the necessary static routes, which may not be feasible.</t><t> <xref target="RFC7743"/><t><xref target="RFC7743" format="default"/> describes anEcho-relay basedEcho-relay-based solutionbasedthat is predicated on advertising a new Relay Node Address Stack TLV containing a stack of Echo-relay IP addresses. These mechanisms can be applied to SR networks as well. The<xref target="RFC7743"/>mechanism from <xref target="RFC7743" format="default"/> requires the return ping packet to be processed on the slow path or as a bump-in-the-wire on every relay node. The motivation of the current document is to provide an alternate mechanism forping/tracerouteping and traceroute in inter-domain SR networks. The definition of the term "domain" as applicable to this document is defined in <xreftarget="domain_definition"/>. </t> <t> Thistarget="domain_definition" format="default"/>.</t> <t>This document describes a new mechanism that is efficient and simple and can be easily deployed in SR-MPLS networks. This mechanism uses MPLSpathspaths, and no changes are required in the forwarding path. Any MPLS-capable node will be able to forward the echo-reply packet in the fast path. The current document describes a mechanism that uses the Reply Path TLV <xreftarget="RFC7110"/>target="RFC7110" format="default"/> to convey the reverse path. Three new sub-TLVs are defined for the ReplypathPath TLV that facilitate encoding SR labelstack.stacks. The return path can either be derived by a smart application or a controller that has a full topology view or end-to-end view of a section of the topology. This document also proposes mechanisms to derive the return path dynamically during tracerouteprocedures. </t> <t> Thisprocedures.</t> <t>This document focuses on the inter-domain use case. The protocol extensions described may also indicate the return path for other use cases, which are outside the scope of this document and are not further detailed here. The SRv6 data plane is also not covered in thisdocument</t>document.</t> <sectionanchor='domain_definition' title='Definitionanchor="domain_definition" numbered="true" toc="default"> <name>Definition ofDomain'> <t> InDomain</name> <t>In this document, the term "domain" refers to an IGP domain where every node is visible to every other node for the purpose of shortest path computation, implying an IGP area or level. An Autonomous System (AS) comprises one or more IGP domains. The procedures described herein are applicable to paths constructed across multiple domains, including both inter-area and inter-AS paths. These procedures and deployment scenarios are relevant for inter-AS paths where the participating ASes are under closely coordinating administrations or single ownership. This document pertains to SR-MPLS networks where all nodes within each domain areSR-capable.SR capable. It also applies to SR-MPLS networks where SR functions as an overlay with SR-incapable underlay nodes. In such networks, the traceroute procedure is executed only on the overlay SRnodes. </t>nodes.</t> </section> <sectionanchor='reqs' title='Requirements Language'>anchor="reqs" numbered="true" toc="default"> <name>Requirements Language</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xreftarget ="RFC2119"/>target="RFC2119"/> <xreftarget ="RFC8174"/>target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> </section> <sectionanchor='inter_domain' title='Inter-domainanchor="inter_domain" numbered="true" toc="default"> <name>Inter-Domain Networks with MultipleIGPs'>IGPs</name> <t>When the network consists of a large number of nodes, the nodes are segregated into multiple IGP domains as shown in <xreftarget="Topology_2"/>.target="Topology_2" format="default"/>. The connectivity to the remote PEs can be achievedusing BGP-Labeled Unicast (BGP-LU)by BGP advertisements with an MPLS label bound to the prefix as described in <xreftarget="RFC8277"/>target="RFC8277" format="default"/> or bystacking the labels for each domainbuilding paths using a list of segments as described in <xreftarget="RFC8604"/>.target="RFC8604" format="default"/>. </t> <figureanchor="Topology_2" title="Inter-domainanchor="Topology_2"> <name>Inter-Domain Networks with MultipleIGPs"> <artwork>IGPs</name> <artwork name="" type="" align="left" alt=""><![CDATA[ |-Domain 1|-------Domain 2-----|--Domain 3-| PE1------ABR1--------P--------ABR2------PE4 \ / \ /\ / -------- ----------------- ------- BGP-LU BGP-LU BGP-LU</artwork>]]></artwork> </figure>It<t>It is useful to support MPLS ping and traceroute mechanisms for these networks. The procedures described in this document for constructing the Reply Path TLV and its use in echoreplyreplies are equally applicable to networks consisting of multiple IGP domains that useBGP-LUBGP-Labeled Unicast (BGP-LU) or labelstacking. </t>stacking.</t> </section> <sectionanchor='Reply_path_TLV' title='Replyanchor="Reply_path_TLV" numbered="true" toc="default"> <name>Reply PathTLV'> <t>ReplyTLV</name> <t>The Reply Path (RP) TLV is defined in <xreftarget="RFC7110"/>.target="RFC7110" format="default"/>. SR networks statically assign the labels tonodesnodes, and a PMS/head-end may know the entire Link State Database (LSDB) along with assigned SIDs. The reverse path can be built from the PMS/head-end by stacking segments for the reverse path. The Reply Path TLV as defined in <xreftarget="RFC7110"/>target="RFC7110" format="default"/> is used to carry the return path. Replymode 5, ReplyMode 5 (Reply via SpecifiedPathPath) is defined insection 4.1 of<xreftarget="RFC7110"/>.target="RFC7110" sectionFormat="of" section="4.1"/>. While using the procedures described in this document, thereply modeReply Mode is set to 5 (Reply via Specified Path), and the Reply Path TLV is included in the echo request message as described in <xreftarget="RFC7110"/>.target="RFC7110" format="default"/>. The Reply Path TLV is constructed as perSection 4.2 of<xreftarget="RFC7110"/>.target="RFC7110" sectionFormat="of" section="4.2"/>. This document defines three new sub-TLVs to encode the SRpath.</t> <t> ThePath.</t> <t>The type of segment that the head-end chooses to send in the Reply Path TLV is governed by local policy. Implementations may provide Command Line Interface (CLI) input parameters in the form ofLabels/IPv4 addresses/IPv6 addresseslabels, IPv4 addresses, IPv6 addresses, or a combination ofthesethese, which get encoded in the Reply Path TLV. Implementations may also provide mechanisms to acquire the LSDB of remote domains and compute the return path based on the acquired LSDB. For traceroute purposes, the return path will have to consider the reply being sent from every node along the path. The return path changes when the traceroute progresses and crosses each domain. One of the ways this can be implemented on the head-end is to acquire the entire LSDB (of all domains) and build a return path for every node along the SR-MPLS path based on the knowledge of the LSDB. Another mechanism is to use a dynamically computed return path as described in <xreftarget="Dynamic_TLV_building"/> </t> <t> Sometarget="Dynamic_TLV_building" format="default"/>.</t> <t>Some networks may consist of IPv4-only domains and IPv6-only domains. Handling end-to-end MPLS OAM for such networks is out of the scope of this document. It is recommended to use dual-stack in such cases and use end-to-end IPv6 addresses for MPLS ping and tracerouteprocedures. </t>procedures.</t> </section> <sectionanchor='segment_sub_tlv' title='Segment Sub-TLV'> <t> Section 4 of <xref target="RFC9256"/>anchor="segment_sub_tlv" numbered="true" toc="default"> <name>Segment Sub-TLV</name> <t><xref target="RFC9256" sectionFormat="of" section="4"/> defines varioussegment types.Segment Types. The types of segments applicable to this document have been defined in this section for the use of MPLS OAM. The intention was to keep the definitions as close to those in <xreftarget="RFC9256"/>target="RFC9256" format="default"/> aspossiblepossible, with modifications only when needed. One or more Segment sub-TLVs can be included in the Reply Path TLV. The Segment sub-TLVs included in a Reply Path TLVMAY<bcp14>MAY</bcp14> be of different types.</t><t> The<t>The below types of Segment sub-TLVs apply to the Reply Path TLV. The code points for the sub-TLVs are taken from the IANA registry common to TLVs 1, 16, and 21. This document defines the usage and processing of the Type-A, Type-C, and Type-D Segment sub-TLVsusage and processingwhenit appearsthey appear in TLV21(Reply21 (Reply Path TLV). If these sub-TLVs appear in TLVs 1 or 16, appropriate error codesMUST<bcp14>MUST</bcp14> be returned as defined in <xreftarget="RFC8029"/>.</t> <t>Type-A: SIDtarget="RFC8029" format="default"/>.</t> <dl> <dt>Type-A:</dt><dd>SID only, in the form of an MPLSLabel</t> <t>Type-C: IPv4label</dd> <dt>Type-C:</dt><dd>IPv4 Node Address with an optionalSID</t> <t>Type-D: IPv6SID</dd> <dt>Type-D:</dt><dd>IPv6 Node Address with an optional SID forSR MPLS</t>SR-MPLS</dd> </dl> <sectionanchor='type1' title='Type-A:anchor="type1" numbered="true" toc="default"> <name>Type-A: SIDonly,Only, in theformForm of an MPLSLabel'>Label</name> <t>TheType AType-A SegmentSub-TLVsub-TLV encodes a single SID in the form of an MPLS label. The format is as follows:</t> <figureanchor="type1_tlv" title="Type-Aanchor="type1_tlv"> <name>Type-A SegmentSub-TLV"> <artwork>Sub-TLV</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | RESERVED | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label | TC |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork>]]></artwork> </figure><t> where:</t> <t> Type: 2 octects.<t>Where:</t> <dl> <dt>Type:</dt><dd>2 octets. Carries valueTBD1(to be assigned46 (assigned by IANA from theregistry"Sub-TLVs for TLV Types 1, 16, and21").</t> <t> Length: 221" registry).</dd> <dt>Length:</dt><dd>2 octets. Carries value 8. The length value excludes the length of the Type and LengthFields.</t> <t> Flags: 1fields.</dd> <dt>Flags:</dt><dd>1 octet of flags as defined in <xreftarget="flags"/>.</t> <t> RESERVED: 3target="flags" format="default"/>.</dd> <dt>RESERVED:</dt><dd>3 octets of reserved bits.MUST<bcp14>MUST</bcp14> be set to zero when sending;MUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t> Label: 20receipt.</dd> <dt>Label:</dt><dd>20 bits of labelvalue.</t> <t> TC: 3value.</dd> <dt>TC:</dt><dd>3 bits oftraffic class.Traffic Class (TC). If the originator wants the receiver to choose the TC value, itMUST<bcp14>MUST</bcp14> set theTraffic Class (TC)TC field tozero.</t> <t> S: 1zero.</dd> <dt>S:</dt><dd>1 bitReserved.TheReserved. The S bitMUST<bcp14>MUST</bcp14> be zero upontransmission,transmission andMUST<bcp14>MUST</bcp14> be ignored uponreception. </t> <t> TTL: 1reception.</dd> <dt>TTL:</dt><dd>1 octet of TTL. If the originator wants the receiver to choose the TTL value, itMUST<bcp14>MUST</bcp14> set the TTL field to255.</t> <t> The label,255.</dd> </dl> <t>The labels, TC, S, and TTL are collectively referred to as a SID.</t><t> The<t>The following applies to the Type-A Segment sub-TLV:</t><t> The<t>The receiverMAY<bcp14>MAY</bcp14> override the originator's values for these fields. This would be determined by local policy at the receiver. One possible policy would be to override the fields only if the fields have the default values specified above.</t> </section> <sectionanchor='type3' title='Type-C:anchor="type3" numbered="true" toc="default"> <name>Type-C: IPv4 Node Address with an Optional SID forSR-MPLS'>SR-MPLS</name> <t>The Type-C Segment sub-TLV encodes an IPv4node address,Node Address, SR Algorithm, and an optional SID in the form of an MPLS label. The format is as follows:</t> <figureanchor="type3_tlv" title="Type-Canchor="type3_tlv"> <name>Type-C SegmentSub-TLV"> <artwork>Sub-TLV</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags | RESERVED (MBZ) | SR Algorithm | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 Node Address (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SID (optional, 4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork>]]></artwork> </figure><t>where:</t> <t> Type: TBD2 (to be assigned<t>Where:</t> <dl> <dt>Type:</dt><dd>47 (assigned by IANA from theregistry"Sub-TLVs for TLV Types 1, 16, and21").</t> <t> Length: 221" registry).</dd> <dt>Length:</dt><dd>2 octets.CariesCarries value 8 when no optional SID is included or value 12 when the optional SID isincluded.</t> <t> Flags: 1included.</dd> <dt>Flags:</dt><dd>1 octet of flags as defined in <xreftarget="flags"/>.</t> <t> RESERVED: 2target="flags" format="default"/>.</dd> <dt>RESERVED:</dt><dd>2 octets of reserved bits.MUST<bcp14>MUST</bcp14> be set to zero when sending;MUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t> SR Algorithm: 1 octet specifyingreceipt.</dd> <dt>SR Algorithm:</dt><dd>1 octet. When the A-Flag (as defined in <xref target="flags" format="default"/>) is present, this specifies the SR Algorithm as described insection 3.1.1 in<xreftarget="RFC8402"/>target="RFC8402" sectionFormat="of" section="3.1.1"/> or the Flexiblealgorithm as defined in <xref target="RFC9350"/>, when A-FlagAlgorithm as defined in <xreftarget="flags"/> is present.target="RFC9350" format="default"/>. The SR Algorithm is used by the receiver to derive theLabel.label. WhenA-flagthe A-Flag is unset, this field has no meaning and thusMUST<bcp14>MUST</bcp14> be set to zero (MBZ) on transmission and ignored onreceipt.</t> <t> IPv4receipt.</dd> <dt>IPv4 NodeAddress: 4-octetAddress:</dt><dd>4-octet IPv4 address representing a node. The IPv4 Node AddressMUST<bcp14>MUST</bcp14> be present. It should be a stable address belonging to the node(eg:loopback address).</t> <t> SID: optional:(e.g., loopback address).</dd> <dt>SID:</dt><dd>Optional 4-octet field containinglabel,the labels TC,SS, and TTL as defined in <xreftarget="type1"/>.target="type1" format="default"/>. When the SID field is present, itMUST<bcp14>MUST</bcp14> be used for constructing the ReplyPath.</t>Path.</dd> </dl> </section> <sectionanchor='type4' title='Type D:anchor="type4" numbered="true" toc="default"> <name>Type-D: IPv6 Node Address with an Optional SID forSR MPLS'>SR-MPLS</name> <t>The Type-D Segment sub-TLV encodes an IPv6node address,Node Address, SRAlgorithmAlgorithm, and an optional SID in the form of an MPLS label. The format is as follows:</t> <figureanchor="type4_tlv" title="Type-Danchor="type4_tlv"> <name>Type-D SegmentSub-TLV"> <artwork>Sub-TLV</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |RESERVED(MBZ)RESERVED (MBZ) | SR Algorithm | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // IPv6 Node Address (16 octets) // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SID (optional, 4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</artwork>]]></artwork> </figure><t>where:</t> <t> Type: TBD3 (to be assigned<t>Where:</t> <dl> <dt>Type:</dt><dd>48 (assigned by IANA from theregistry"Sub-TLVs for TLV Types 1, 16, and21").</t> <t> Length: 2 Octets. Caries21" registry).</dd> <dt>Length:</dt><dd>2 octets. Carries value 20 when no optional SID is included or value 24 when the optional SID isincluded.</t> <t> Flags: 1included.</dd> <dt>Flags:</dt><dd>1 octet of flags as defined in <xreftarget="flags"/>.</t> <t> RESERVED: 2-octetstarget="flags" format="default"/>.</dd> <dt>RESERVED:</dt><dd>2 octets of reserved bits.MUST<bcp14>MUST</bcp14> be set to zero when sending;MUST<bcp14>MUST</bcp14> be ignored onreceipt.</t> <t>receipt.</dd> <dt>SR Algorithm:</dt><dd>1 octet. When the A-Flag (as defined in <xref target="flags" format="default"/>) is present, this specifies the SRAlgorithm: 1 octet specifying SR-AlgorithmAlgorithm as described insection 3.1.1 in<xreftarget="RFC8402"/>target="RFC8402" sectionFormat="of" section="3.1.1"/> or the Flexiblealgorithm as defined in <xref target="RFC9350"/>, when A-FlagAlgorithm as defined in <xreftarget="flags"/> is present. SR-Algorithmtarget="RFC9350" format="default"/>. The SR Algorithm is used by the receiver to derive the label. WhenA-flagthe A-Flag is unset, this field has no meaning and thusMUST<bcp14>MUST</bcp14> be set to zero (MBZ) on transmission and ignored onreceipt.</t> <t> IPv6receipt.</dd> <dt>IPv6 NodeAddress: 16-octetAddress:</dt><dd>16-octet IPv6 address of one interface of a node. The IPv6 Node AddressMUST<bcp14>MUST</bcp14> be present. It should be a stable address belonging to the node(eg:loopback address).</t> <t> SID: optional:(e.g., loopback address).</dd> <dt>SID:</dt><dd>Optional 4-octet field containinglabel, TC, S and TTL as defined in <xref target="type1"/>. The SID is optional and specifies a 4-octet MPLS SID containing label,the labels TC, S, and TTL as defined in <xreftarget="type1"/>.target="type1" format="default"/>. When the SID field is present, itMUST<bcp14>MUST</bcp14> be used for constructing the ReplyPath.</t>Path.</dd> </dl> </section> <sectionanchor='flags' title='Segment Flags'>anchor="flags" numbered="true" toc="default"> <name>Segment Flags</name> <t>The Segment Types described above contain the following flags in the"Flags"Flags field (codesto beassigned by IANA from thenew registry"Segment ID Sub-TLVFlags"):Flags" registry): </t> <figureanchor="flags_field" title="Flags"> <artwork>anchor="flags_field"> <name>Flags</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ | |A| | | | | | | +-+-+-+-+-+-+-+-+</artwork>]]></artwork> </figure><t>where:</t> <t>A-Flag: This<t>Where:</t> <dl> <dt>A-Flag:</dt><dd>This flag indicates the presence of an SR Algorithm ID in the"SR-Algorithm"SR Algorithm field applicable to varioussegment Types. </t>Segment Types.</dd> </dl> <t>Unused bits in the Flag octetMUST<bcp14>MUST</bcp14> be set to zero upon transmission andMUST<bcp14>MUST</bcp14> be ignored upon receipt.</t> <t>The following applies to the Segment Flags:</t><t><t>The A-Flag applies to Segment Type-C and Type-D. If the A-Flag appears with the Type-A Segment Type, itMUST<bcp14>MUST</bcp14> be ignored.</t> </section> </section> <sectionanchor='procedure' title='Detailed Procedures '> <t> Thisanchor="procedure" numbered="true" toc="default"> <name>Detailed Procedures</name> <t>This section uses the term "initiator" for the node that initiates the MPLS ping or the MPLS traceroute procedure. The term "responder" is used for the node that receives the echo request and sends the echo reply. The termegress node"egress node" is used to identify the last node where the MPLS ping or traceroute is destined to. In an MPLSnetworknetwork, any node can beinitiator or responderan initiator, responder, or egress.</t> <sectionanchor='initiator_procedure' title='Sendinganchor="initiator_procedure" numbered="true" toc="default"> <name>Sending an EchoRequest'>Request</name> <t>In the inter-AS scenario, the procedures outlined in this document are employed to specify the return path when IP connectivity to the initiator is unavailable. These procedures may also be utilized regardless of the availability of IP connectivity. The LSP ping initiatorMUST<bcp14>MUST</bcp14> set the Reply Mode of the echo request to 5"Reply(Reply via SpecifiedPath",Path), and a Reply Path TLVMUST<bcp14>MUST</bcp14> be carried in the echo request message correspondingly. The Reply Path TLVMUST<bcp14>MUST</bcp14> contain the SR Path in the reverse direction encoded as an ordered list of segments. The first segmentMUST<bcp14>MUST</bcp14> correspond to the top segment in the MPLS header that the responderMUST<bcp14>MUST</bcp14> use while sending the echo reply. </t> </section> <sectionanchor='responder_procedure' title='Receivinganchor="responder_procedure" numbered="true" toc="default"> <name>Receiving an EchoRequest'>Request</name> <t>As described in <xreftarget="RFC7110"/>,target="RFC7110" format="default"/>, when the ReplymodeMode is set to 5 (Reply via Specified Path), the echo request must contain the ReplypathPath TLV.AbsenceThe absence of the Reply Path TLV is treated as a malformed echo request. When an echo request is received, if the responder does not support the Reply Mode 5 defined in <xreftarget="RFC7110"/>,target="RFC7110" format="default"/>, an echo reply with thereturn codeReturn Code set to "Malformed echo request received" and the Subcode set to zero must be sent back to the initiator according to the rules of <xreftarget="RFC8029"/>.target="RFC8029" format="default"/>. If the echo request message contains a malformed Segment sub-TLV, such as an incorrect length field, an echo reply must be sent back to the initiator withreturn codethe Return Code set to "Malformed echo request received" and the Subcode set tozero must be sent back to the initiator.</t>zero.</t> <t>When a Reply Path TLV is received, the responder that supports processingit, MUSTit <bcp14>MUST</bcp14> use the segments in Reply Path TLV to build the echo reply. The responderMUST<bcp14>MUST</bcp14> follow the normalFECForwarding Equivalence Class (FEC) validation procedures as described in <xreftarget="RFC8029"/>target="RFC8029" format="default"/> and <xreftarget="RFC8287"/>target="RFC8287" format="default"/> and this document does not suggest any change to those procedures. When the echo reply has to be sentoutout, the Reply Path TLVMUST<bcp14>MUST</bcp14> be used to construct the MPLS packet to sendout. </t>out.</t> </section> <sectionanchor='sending_echo_reply' title='Sendinganchor="sending_echo_reply" numbered="true" toc="default"> <name>Sending an EchoReply'>Reply</name> <t>The echo reply message is sent as an MPLS packet with an MPLS label stack. The echo reply messageMUST<bcp14>MUST</bcp14> be constructed as described inthe<xreftarget="RFC8029"/>.target="RFC8029" format="default"/>. An MPLS packet is constructed with an echo reply in the payload. The top labelMUST<bcp14>MUST</bcp14> be constructed from the first segment of the Reply Path TLV. The remaining labelsMUST<bcp14>MUST</bcp14> be constructed by following the order of the segments from the Reply Path TLV. The MPLS header of theEcho Reply MUSTecho reply <bcp14>MUST</bcp14> be constructed from the segments in the Reply Path TLV andMUST NOT<bcp14>MUST NOT</bcp14> add any other label. The S bit is set for the bottom label as per the MPLS specifications <xreftarget="RFC3032"/>target="RFC3032" format="default"/>. The responderMAY<bcp14>MAY</bcp14> check the reachability of the top label in its own Label Forwarding Information Base (LFIB) before sending the echo reply. If the top label is unreachable, the responderSHOULD<bcp14>SHOULD</bcp14> send the appropriatereturn codeReturn Code and follow the procedures as persection 5.2 of<xreftarget="RFC7110"/>.target="RFC7110" sectionFormat="of" section="5.2"/>. The exception case is when the responder does not have IP reachability to the originator, in whichcasecase, it may not be possible to send anEcho Replyecho reply at all. Even if sent(for example by(by following a default route present on theresponder),responder, for example), theEcho Replyecho reply might not reach the originator. The nodeMAY<bcp14>MAY</bcp14> provide necessary log information in case of unreachability. In certain scenarios, the head-endMAY<bcp14>MAY</bcp14> choose to send Type-C/Type-D segments consisting of IPv4 addresses or IPv6addresses,addresses when it is unable to derive the SID from available topology information.OptionallyOptionally, the SID may also be associated with the Type-C/Type-D segment, if such information is available from the controller or via operator input. In such cases, the node sending the echo replyMUST<bcp14>MUST</bcp14> derive the MPLS labels based on the Node-SIDs associated with the IPv4/IPv6 addresses. If an optional MPLS SID is present in the Type-C/Type-Dsegmentssegments, the SIDMUST<bcp14>MUST</bcp14> be used to encode the echo reply with MPLS labels. If the MPLS SID does not match with the IPv4 or IPv6 address field in the Type-C or Type-D SID, log information should be generated.</t><t> The reply path return code<t>The Reply Path Return Code is set as described insection 7.4 of<xreftarget="RFC7110"/>.target="RFC7110" sectionFormat="of" section="7.4"/>. According tosection 5.3 of<xreftarget="RFC7110"/>,target="RFC7110" sectionFormat="of" section="5.3"/>, the Reply Path TLV is included in an echo reply indicating the specified return path that the echo reply message is required to follow.</t><t> When<t>When the node is configured to dynamically create a return path for the next echo request, the procedures described in <xreftarget="Dynamic_TLV_building"/> MUSTtarget="Dynamic_TLV_building" format="default"/> <bcp14>MUST</bcp14> be used. Thereply path return code MUSTReply Path Return Code <bcp14>MUST</bcp14> be set toTBA10x0006, and the same Reply Path TLV or a new Reply Path TLVMUST<bcp14>MUST</bcp14> be included in the echoreply. </t>reply.</t> </section> <sectionanchor='Receiving_echo_reply' title='Receivinganchor="Receiving_echo_reply" numbered="true" toc="default"> <name>Receiving an EchoReply'>Reply</name> <t>The rules and processes defined inSection 4.6 of<xreftarget="RFC8029"/>target="RFC8029" sectionFormat="of" section="4.6"/> andSection 5.4 of<xreftarget="RFC7110"/>target="RFC7110" sectionFormat="of" section="5.4"/> apply here. In addition, if the Reply Pathreturn codeReturn Code is "Use Reply Path TLVin thefrom this echo reply for building the next echo request"(defined(as defined in this document), the Reply Path TLV from the echoReply MUSTreply <bcp14>MUST</bcp14> be sent in the next echo request with the TTL incremented by 1. If the initiator node does not support thereturn codeReturn Code "Use Reply Path TLVin thefrom this echo reply for building the next echo request", log information should be generated indicating thereturn codeReturn Code, and the operator may choose to specify the return path explicitly or use other mechanisms to verify the SRpolicy.Policy. If thereturn codeReturn Code isTBA2,0x0007 "Local policy does not allow dynamicReturn Pathreturn path building", it indicates that the intermediate node does not support building the dynamic return path. Log information should be generated on the initiator receiving thisreturn codeReturn Code, and the operator may choose to specify the return path explicitly or use other mechanisms to verify the SR Policy. If the TTL is already 255, the traceroute procedureMUST<bcp14>MUST</bcp14> be ended with an appropriate logmessage. </t>message.</t> </section> <sectionanchor='Dynamic_TLV_building' title='Buildinganchor="Dynamic_TLV_building" numbered="true" toc="default"> <name>Building a Reply Path TLVDynamically'>Dynamically</name> <t>In some cases, the head-end may not have complete visibility ofInter-AS/Inter-domaininter-AS/inter-domain topology. In such cases, it can rely on routers in the path to build the reverse path for MPLS traceroute procedures. For this purpose, the Reply Path TLV in the echo reply corresponds to the return path to be used in building the next echo request. A newreturn codeReturn Code "Use Reply Path TLVin thefrom this echo reply for building the next echo request" is defined in this document.<artwork> Value Meaning ------ ---------------------- TBA1 Use</t> <table anchor="tba1-value"> <name></name> <thead> <tr> <th>Value</th> <th>Meaning</th> </tr> </thead> <tbody> <tr> <td>0x0006</td> <td>Use Reply Path TLVin thefrom this echo reply for building the next echorequest. </artwork> </t>request</td> </tr> </tbody> </table> <sectionanchor='TLV_build_procedures' title='The Proceduresanchor="TLV_build_procedures" numbered="true" toc="default"> <name>Procedures to Build the ReturnPath'> <t> ToPath</name> <t>To dynamically build the returnPathpath for the traceroute procedures, the domain border nodes along the path being traced should support the procedures described in this section. Local policy on the domain border nodes should determine whether the domain border node participates in building the return path dynamically during traceroute.</t><t> The<t>The head-end/PMS node may include its node label while initiating the traceroute procedure. When an Area Border Router (ABR) receives the echo request, if the local policy implies building a dynamic return path, the ABR should include itsNodenode label in thereply pathReply Path TLV and send it in the echo reply. If there is a Reply Path TLV included in the received echo request message, the ABR's node label is added before the existing segments. The type of segment added is based on local policy. In cases whenSRGBthe Segment Routing Global Block (SRGB) is not uniform across thenetworknetwork, which can be inferred from the LSDB, it isRECOMMENDED<bcp14>RECOMMENDED</bcp14> to add a Type-C or a Type-Dsegment, butsegment. However, implementationsMAY<bcp14>MAY</bcp14> safely use other approaches if they see benefits in doing so. If the existing segment in the Reply Path TLV is a Type-C/Type-D segment, that segment should be converted to a Type-A segment based on the ABR's own SRGB. This is because downstream nodes in the path will not know what SRGB to use to translate the IP address to a label. As the ABR added its ownNodenode label, it is guaranteed that this ABR will be in the return path and will be forwarding the traffic based on the next label after its label.</t> <t>When an ASBR receives an echo request from another AS, and the ASBR is configured to build the return path dynamically, the ASBR should build a Reply Path TLV and include it in the echo reply. The Reply Path TLV should consist of its node label and an EPE-SID to the AS from where the traceroute message was received. A Replypath return codePath Return Code ofTBA1 MUST0x0006 <bcp14>MUST</bcp14> be set in the echo reply to indicate that the next echo requestMUST<bcp14>MUST</bcp14> use the returnPathpath from the Reply Path TLV in the echo reply. ASBR should locally decide the outgoing interface for the echo reply packet. Generally, remote ASBR will choose the interface on which the incoming OAM packet was received to send the echo reply out. In case the ASBR identifies multiple paths to reach the initiator, itMUST<bcp14>MUST</bcp14> choose to send one such path in the Reply Path TLV. The Reply Path TLV is built by adding twosegment sub TLVs.Segment sub-TLVs. The topsegment sub TLVSegment sub-TLV consists of the ASBR'sNode SIDNode-SID, and the second segment consists of the EPE-SID in the reverse direction to reach the AS from which the OAM packet was received. The type of segment chosen to build the Reply Path TLV is a local policy. It is recommended to use the Type-C/Type-D segment for the top segment when the SRGB is not guaranteed to be uniform in thedomain. </t> <t> Irrespectivedomain.</t> <t>Irrespective of which type of segment is included in the Reply Path TLV, the responder to the echo requestsMUST<bcp14>MUST</bcp14> always translate the Reply Path TLV to a label stack and build an MPLS header for the echo reply packet. This procedure can be applied to an end-to-end path consisting of multiple ASes. Each ASBR that receives an echo request from another AS adds its Node-SID and EPE-SID on top of the existing segments in the Reply Path TLV.</t><t> An<t>An ASBR that receives the echo request from a neighbor belonging to the sameAS, MUSTAS <bcp14>MUST</bcp14> look at the Reply Path TLV received in the echo request. If the Reply Path TLV consists of a Type-C/Type-D segment, itMUST<bcp14>MUST</bcp14> convert the Type-C/Type-D segment to a Type-A segment by deriving a label from its own SRGB. The ASBRMUST<bcp14>MUST</bcp14> set thereply path return codeReply Path Return Code toTBA10x0006 and send the newly constructed Reply Path TLV in the echo reply.</t> <t>Internal nodes or non-domain border nodes might not set the Reply Path TLVreturn codeReturn Code toTBA10x0006 in the echo reply message as there is no change in the returnPath.path. In these cases, the head-end node/PMS that initiates the traceroute procedureMUST<bcp14>MUST</bcp14> continue to send the previously sent Reply Path TLV in the echo request message in every subsequent echo request. </t> <t>Note that an ASBR's local policy may prohibit it from participating in the dynamic traceroute procedures. If such an ASBR is encountered in the forward path, dynamic returnpath-buildingpath building procedures will fail. In such cases, an ASBR that supports this documentMUST<bcp14>MUST</bcp14> set thereturn code TBA2Return Code to 0x0007 to indicate that local policies do not allow the dynamic return path building.</t><t> <artwork> Value Meaning ------ --------------------------------------------------- TBA2 Local<table anchor="tba2-value"> <name></name> <thead> <tr> <th>Value</th> <th>Meaning</th> </tr> </thead> <tbody> <tr> <td>0x0007</td> <td>Local policy does not allow dynamicReturn Path building. </artwork> </t>return path building</td> </tr> </tbody> </table> </section> </section> </section> <sectiontitle='Security Considerations' anchor='sec-con'> <t> Theanchor="sec-con" numbered="true" toc="default"> <name>Security Considerations</name> <t>The procedures described in this document enable LSP ping and traceroute procedures to be executed across multiple IGP domains or multiple ASes that belong to the same administration or closely cooperating administrations. It is assumed that sharing domain internal information across such domains does not pose a security risk. However, the procedures described in this document may be used by an attacker to extract the domain's internal information. An operatorMUST<bcp14>MUST</bcp14> deploy appropriate filter policies as described in <xreftarget="RFC8029"/>target="RFC8029" format="default"/> to restrict the LSPping/tracerouteping and traceroute packets based on origin. It is alsoRECOMMENDED<bcp14>RECOMMENDED</bcp14> that an operator deploy security mechanisms such asMACsecMedia Access Control Security (MACsec) <xreftarget="IEEE-802.1AE"/>target="IEEE-802.1AE" format="default"/> on inter-domain links or security-vulnerable links to prevent spoofingattacks. </t> <t> Allattacks.</t> <t>All the security considerations defined in <xreftarget="RFC8029"/>target="RFC8029" format="default"/> will be applicable for this document. Appropriate filter policiesSHOULD<bcp14>SHOULD</bcp14> be applied at the edges to prevent attackers from getting into the network. In the event of such a security breach, the network devicesMUST<bcp14>MUST</bcp14> have mechanisms to preventDenial-of-servicedenial-of-service attacks as described in <xreftarget="RFC8029"/>.</t>target="RFC8029" format="default"/>.</t> </section> <section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <section anchor="iana_segment_sub_tlv"title="Segment Sub-TLV">numbered="true" toc="default"> <name>Segment Sub-TLV</name> <t>IANAshould assignhas assigned three new sub-TLVs from the"sub-TLVs"Sub-TLVs for TLV Types 1, 16, and 21"sub-registryregistry of the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters"registry. <artwork> Sub-Type Sub-TLV Name Reference -------- ----------------- ------------ TBD1 SID onlyregistry group.</t> <table anchor="segment-subTLVs"> <name></name> <thead> <tr> <th>Sub-Type</th> <th>Sub-TLV Name</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>46</td> <td>SID only, in the form of MPLSSection 4.1 label of this document TBD2 IPv4label</td> <td><xref target="type1"/> of RFC 9716</td> </tr> <tr> <td>47</td> <td>IPv4 Node Address withSection 4.2an optional SID forSR-MPLS of this document TBD3 IPv6SR-MPLS</td> <td><xref target="type3"/> of RFC 9716</td> </tr> <tr> <td>48</td> <td>IPv6 Node Address withSection 4.3an optional SID forSR-MPLS of this document </artwork> TheSR-MPLS</td> <td><xref target="type4"/> of RFC 9716</td> </tr> </tbody> </table> <t>The allocation of code points for thesegmentSegment sub-TLVs should be done from the Standards Action range(0-16383) </t>(0-16383).</t> </section> <section anchor="segment_sub_tlv_flags"title="Newnumbered="true" toc="default"> <name>New Registry for Segment ID Sub-TLVFlags">Flags</name> <t>IANAshould createhas created a new "Segment ID Sub-TLVflags"Flags" registry (seeSection<xreftarget="flags"/>) registrytarget="flags" format="default"/>) under the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters"registry.registry group. </t> <t>This registry tracks the assignment of 8 flags in the Segment ID sub-TLV flags field. The flags are numbered from 0(most(the most significantbit,bit and transmitted first) to 7.</t> <t>New entries are assigned by Standards Action. Initial entries in the registry are asfollows: <artwork> Bit number | Name | Reference ------------+----------------------------+-------------- 1 | A Flag | Section 4.4 | |follows:</t> <table anchor="segmentIDsubTLVflags"> <name></name> <thead> <tr> <th>Bit number</th> <th>Name</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>A-Flag</td> <td><xref target="flags"/> ofthis document </artwork> </t>RFC 9716</td> </tr> </tbody> </table> </section> <section anchor="iana_return_code"title="Replynumbered="true" toc="default"> <name>Reply Path Return CodesRegistry"> <t> IANA should assignRegistry</name> <t>IANA has assigned newreturn codesReturn Codes in the "Replypath return codes"Path Return Codes" registry under the "Multiprotocol Label Switching (MPLS) Label Switched Paths (LSPs) Ping Parameters"registry. <artwork> Value Meaning Reference -------- ----------------- ------------ TBA1 Useregistry group.</t> <table anchor="path-return-codes-registry"> <name></name> <thead> <tr> <th>Value</th> <th>Meaning</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>0x0006</td> <td>Use Reply Path TLVThis documentfrom this echo reply for building the next echorequest. TBA2 Localrequest</td> <td>RFC 9716</td> </tr> <tr> <td>0x0007</td> <td>Local policy doesThis documentnot allow dynamic returnPath building. </artwork> The return codespath building</td> <td>RFC 9716</td> </tr> </tbody> </table> <t>The Return Codes should be assigned from the Standards Action range(0x0000-0xFFFB). </t> </section> </section> <section title='Contributors'> <t>Carlos Pignataro</t> <t>NC State University</t> <t>cpignata@gmail.com</t> <t> </t> <t>Zafar Ali</t> <t>Cisco Systems, Inc.</t> <t>zali@cisco.com</t> </section> <section title='Implementation Status'> <t>This section is to be removed before publishing as an RFC.</t> <t>RFC-Editor: Please clean up the references cited by this section before publication.</t> <t>This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in <xref target="RFC7942"/>. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.</t> <section title='Juniper Networks'> <t>Organization: Juniper Networks</t> <t>Implementation: JUNOS.</t> <t>Description: Implementation for sending Return path TLV with Type-A segment subTLV</t> <t>Maturity Level: Prototype</t> <t>Coverage: Partial. Type-A SIDs in Return Path TLV</t> <t>Contact: shraddha@juniper.net</t>(0x0000-0xFFFB).</t> </section> </section><section title='Acknowledgments'> <t> Thanks to Bruno Decraene for suggesting the use of generic Segment sub-TLV. Thanks to Adrian Farrel, Huub van Helvoort, Dhruv Dhody, Dongjie,</middle> <back> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8287.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8029.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7110.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.3032.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8403.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8402.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8604.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7743.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8277.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8660.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9086.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9256.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9552.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9087.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9350.xml"/> <reference anchor="IEEE-802.1AE" target="https://ieeexplore.ieee.org/document/8585421"> <front> <title>IEEE Standard forcareful reviewLocal andcomments. Thanks to Mach Chen for suggesting the use of Reply Path TLV. Thanks to Gregory Mirsky for the detailed review which helped improve the readability of the document to a great extent. </t> </section>metropolitan area networks-Media Access Control (MAC) Security</title> <author> <organization>IEEE</organization> </author> <date month="December" year="2018"/> </front> <seriesInfo name="IEEE Std" value="8021.AE-2018"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8585421"/> </reference> </references> </references> <sectiontitle='APPENDIX'>numbered="true" toc="default"> <name>Examples</name> <t>This section elaborates examples of the inter-domain ping andTraceroutetraceroute procedures described in this document.</t> <sectionanchor='Topology_description' title='Detailed Example '>anchor="Topology_description" numbered="true" toc="default"> <name>Detailed Example</name> <t>The example topology given in <xreftarget="Topology_1"/>target="Topology_1" format="default"/> will be used in the below sections to explain LSP ping and traceroute procedures. The PMS/head-end has a complete view of the topology. PE1, P1, P2, ASBR1, and ASBR2 are in AS1. Similarly, ASBR3, ASBR4, P3, P4, and PE4 are in AS2.</t> <t>AS1 and AS2 have SR enabled. IGPs likeOSPF/ISISOSPF/IS-IS are used to flood SIDs in each AS.TheASBR1, ASBR2,ASBR3,andASBR3, and ASBR4 advertise BGP EPE-SIDs for the inter-AS links.TopologyThe topologies of AS1 and AS2 are advertised viaBGP-LinkBGP - Link State (BGP-LS) to thecontroller/PMScontroller, PMS, or head-end node. The EPE-SIDs are also advertised via BGP-LS as described in <xreftarget="RFC9086"/>.target="RFC9086" format="default"/>. The example uses EPE-SIDs for the inter-ASlinkslinks, but the same could be achieved usingadjacency-SIDsAdjacency-SIDs advertised for a passive IGP link.</t> <t>The description inthethis document usesbelowthe notations below forSegment Identifiers (SIDs).</t>SIDs.</t> <t>Node-SIDs: N-PE1, N-P1,N-ASBR1N-ASBR1, etc.</t> <t>Adjacency-SIDs: Adj-PE1-P1,Adj-P1-P2Adj-P1-P2, etc.</t> <t>EPE-SIDs: EPE-ASBR2-ASBR3, EPE-ASBR1-ASBR4,EPE-ASBR3-ASBR2EPE-ASBR3-ASBR2, etc.</t> <sectionanchor='Mpls_ping_procedures' title='Proceduresanchor="Mpls_ping_procedures" numbered="true" toc="default"> <name>Procedures for Segment Routing LSPping'>Ping</name> <t>Consider an SR-MPLS path from PE1 to PE4 consisting of a label stack [N-P1, N-ASBR1, EPE-ASBR1-ASBR4, N-PE4] from <xreftarget="Topology_1"/>.target="Topology_1" format="default"/>. In order to perform MPLS ping procedures on this path, the remote end (PE4) needs IP connectivity to head-endPE1,PE1 for the echo reply to travel back to PE1. In a deployment that uses a controller-computed inter-domain path, there may be no IP connectivity from PE4 to PE1 as they lie in different ASes.</t><t> PE1<t>PE1 sends an echo request message to the endpoint PE4 along the path that consists of label stacks [N-P1, N-ASBR1, EPE-ASBR1-ASBR4, N-PE4]. PE1 adds the return path from PE4 to PE1 in the echo request message in the Reply Path TLV. As an example, the Reply Path TLV for PE1 to PE4 for LSP ping is [N-ASBR4, EPE-ASBR4-ASBR1, N-PE1]. This example path provides the entire return path up to the head-end node PE1. The mechanism used to construct the return path isimplementation-dependent. </t>implementation dependent.</t> <t>An implementation may also build a returnPathpath consisting of labels to reach its own AS. Once the label stack is popped off, the echo reply message will be exposed. The further packet forwarding will be based on IP lookup. An example returnPathpath for this case could be [N-ASBR4, EPE-ASBR4-ASBR1].</t> <t>On receiving an MPLS echo request, PE4 first validates the FEC in the echo request. PE4 then builds a label stack to send the response from PE4 to PE1 by copying the labels from the Reply Path TLV. PE4 builds the echo reply packet with the MPLS label stackconstructed andconstructed, imposes MPLS headers on top of the echo replypacketpacket, and sends out the packet to PE1. This segmentListlist stack can successfully steer the reply back to the head-end node (PE1).</t><t> Let<t>Let us consider a case when the P3 node does not have a route to reach N-PE4. OnP3P3, a ping packet would bedroppeddropped, and the head-end node (PE1) will not receiveEcho Replyan echo reply indicating failure.</t> </section> <sectionanchor='Mpls_traceroute_procedures' title='Proceduresanchor="Mpls_traceroute_procedures" numbered="true" toc="default"> <name>Procedures for SR LSPtraceroute'>Traceroute</name> <sectionanchor='traceroute_same_srgb' title='Proceduresanchor="traceroute_same_srgb" numbered="true" toc="default"> <name>Procedures for SR LSPtracerouteTraceroute with the Same SRGB on AllNodes'>Nodes</name> <t>The traceroute procedure involves visiting every node on the path and obtaining echo replies from every node. In this section, we describe the traceroute mechanisms when the head-end/PMS has complete visibility of the LSDB. The head-end/PMS computes the return path from each node in the entire SR-MPLS path that is being tracerouted. The return path computation isimplementation-dependent.implementation dependent. As the head-end/PMS completely controls the return path, it can use proprietary computations to build the returnpath. </t>path.</t> <t>One of the ways the return path can be built is to use the principle of building label stacks by adding each domain border node's Node-SID on the return path label stack as the traceroute progresses. For inter-AS networks, in addition to the border node's Node-SID, the EPE-SID in the reverse direction also needs to be added to the labelstack. </t>stack.</t> <t>TheInter-domain/inter-ASinter-domain/inter-AS traceroute procedure uses the TTL expiry mechanism as specified in <xreftarget="RFC8029"/>target="RFC8029" format="default"/> and <xreftarget="RFC8287"/>.target="RFC8287" format="default"/>. Every echo request packet head-end/PMS will include the appropriate return path in the Reply Path TLV. The node that receives the echo request will follow procedures described in Sections <xreftarget="initiator_procedure"/>target="initiator_procedure" format="counter"/> and <xreftarget="responder_procedure"/>target="responder_procedure" format="counter"/> to send out an echoreply. </t>reply.</t> <t>ForExample: </t> <t> Letexample:</t> <t>Let us considerathe topology from <xreftarget="Topology_1"/>.target="Topology_1" format="default"/>. Let us consider an SR-MPLS path [N-P1, N-ASBR1, EPE-ASBR1-ASBR4, N-PE4]. The traceroute is being executed for this inter-AS path for destination PE4. PE1 sends the first echo request with the TTL set to 1 and includes a Reply Path TLV consisting of a Type-A segment containing a label derived from its ownSR Global Block (SRGB).SRGB. Note that the type of segment used in constructing the returnPathpath is determined by local policy. If the entire network has the same SRGB configured, Type-A segments can be used. The TTL expires onP1P1, and P1 sends an echo reply using the return path. Note that implementations may choose to exclude the Reply Path TLV until the traceroute reaches the first domain border as the return IP path to PE1 is expected to be available inside the first domain.</t><t> The<t>The TTL is set to22, and the nexttheecho request is sent out. Until the traceroute procedure reaches the domain border node ASBR1, the same return path TLV consisting of a singleLabellabel (PE1's nodeLabel)label) is used. When an echo request reaches the border node ASBR1, and an echo reply is received from ASBR1, the next echo request needs to include an additional label as ASBR1 is a border node. The head-end node has complete visibility of the network LSDB learned via BGP-LS (see <xreftarget="RFC9552"/>target="RFC9552" format="default"/> and <xreftarget="RFC9086"/>target="RFC9086" format="default"/>) and can derive the details ofAutonomous System Boundary Router (ASBR)ASBR nodes. The Reply Path TLV is built based on the forward path. As the forward path consists of EPE-ASBR1-ASBR4, an EPE-SID in the reverse direction is included in the Reply Path TLV. The return path now consists of twolabelslabels: [EPE-ASBR4-ASBR1, N-PE1]. The echo reply from ASBR4 will use this return path to send the reply.</t><t> The next echo request after<t>After visiting the border nodeASBR4ASBR4, the next echo request will update the return path with the Node-SID label of ASBR4. The return path beyond ASBR4 will be [N-ASBR4, EPE-ASBR4-ASBR1, N-PE1]. This same return path is used until the traceroute procedure reaches the next set of border nodes. When there are multipleASesASes, the traceroute procedure will continue by adding a set of Node-SIDs and EPE-SIDs as the border nodes arevisited. </t>visited.</t> <t>Note that the above returnpath-buildingpath building procedure requires the LSDB of all the domains to be available at thehead-end/PMS. </t> <t> Lethead-end/PMS.</t> <t>Let us consider a case when the P3 node does not have a route to reach N-PE4. When the TTL of the packet is 5, the packet reachesP3 and the packetP3, its TTL becomeszerozero, andthe packetit is sent to the control plane. The FEC validationProceduresprocedures areexecutedexecuted, and theEcho Replyecho reply is sent using the labels in the Reply PathTLVTLV, which is [N-PE1, EPE-ASBR4-ASBR1, N-ASBR4].Head-endThe head-end PE1 increases the TTL to 6 and sends the nextEcho Request.echo request. The packet is dropped at P3 as there is no route on P3 to forward to N-PE4.TracerouteThe traceroute identifies that the path [N-P1, N-ASBR1, EPE-ASBR1-ASBR4, N-PE4] is broken at P3.</t> </section> <sectionanchor='traceroute_different_srgb' title='Proceduresanchor="traceroute_different_srgb" numbered="true" toc="default"> <name>Procedures for SR LSP Traceroute withtheDifferentSRGBs'> <t> <xref target="traceroute_same_srgb"/>SRGBs</name> <t><xref target="traceroute_same_srgb" format="default"/> assumes the same SRGB is configured on all nodes along the path. The SRGB may differ from one node to anothernodenode, and the SR architecture <xreftarget="RFC8402"/>target="RFC8402" format="default"/> allows the nodes to use different SRGBs. In such scenarios, PE1 finds out the difference in the SRGB by looking into theLSDB andLSDB. Then, it sends the Type-C segment (or the Type-D segment, in the case of IPv6 networks)segmentwith the node address of PE1 and with an optional MPLS SID associated with the node address. The receiving node derives the label for the return path based on its own SRGB. When the traceroute procedure crosses the border ASBR1, head-end PE1 should send a Type-A segment for N-PE1 based on the label derived from ASBR1's SRGB. This is requiredbecause,because ASBR4, P3, P4, etc. may not have the topology information to derive SRGB for PE1. After the traceroute procedure reachesASBR4ASBR4, the return path will be [N-PE1 (Type-A with the label based on ASBR1's SRGB), EPE-ASBR4-ASBR1, N-ASBR4 (Type-C)].</t><t> If<t>If the packet needs to follow a return path specific to an algorithm (as defined in <xreftarget="RFC9350"/>),target="RFC9350" format="default"/>), a Type-C Segment sub-TLV with a corresponding algorithm field set should be used.A-flagThe A-Flag should be set to indicate that the SID corresponding to the algorithm should be used.</t><t> To<t>To extend the example to3three or more ASes, let us consider a traceroute from PE1 to PE5 in <xreftarget="Topology_1"/>.target="Topology_1" format="default"/>. In this example, the PE1 to PE5 path has to cross3 domainsthree domains: AS1, AS2, and AS3. Let us consider a path from PE1 to PE5 that goes through [PE1, ASBR1, ASBR4, ASBR6, ASBR8, PE5]. When the traceroute procedure is visiting the nodes in AS1, the Reply Path TLV sent from the head-end consists of [N-PE1]. When the traceroute procedure reaches the ASBR4, the returnPathpath consists of [N-PE1, EPE-ASBR4-ASBR1]. While visiting nodes in AS2, the traceroute procedure consists of the Reply Path TLV [N-PE1, EPE-ASBR4-ASBR1, N-ASBR4]. Similarly, while visiting ASBR8, the EPE-SID from ASBR8 to ASBR6 is added to the Reply Path TLV. While visiting nodes in AS3, the Node-SID of ASBR8 would also beaddedadded, which makes the returnPathpath [N-PE1, EPE-ASBR4-ASBR1, N-ASBR4, EPE-ASBR8-ASBR6,N-ASBR8]</t>N-ASBR8].</t> <t>Let us consider another example from the topology in <xreftarget="Topology_2"/>.target="Topology_2" format="default"/>. This topology consists of multi-domain IGP with a common border node between the domains. This could be achieved with multi-area or multi-level IGP or with multiple instances of IGP deployed on the same node. The return path computation for this topology is similar tothemulti-AScomputationcomputation, except that the return path consists of a single border nodelabel. </t>label.</t> </section> </section> <sectionanchor='TLV_build_procedure_example' title='Proceduresanchor="TLV_build_procedure_example" numbered="true" toc="default"> <name>Procedures forbuildingBuilding Reply Path TLVdynamically'>Dynamically</name> <t>Let us considerathe topology from <xreftarget="Topology_1"/>.target="Topology_1" format="default"/>. Let us consider an SRpolicyPolicy path built from PE1 to PE4 with the following labelstack,stack: N-P1, N-ASBR1, EPE-ASBR1-ASBR4, N-PE4. PE1 begins traceroute procedures with the TTL set to 1 and includes [N-PE1] in the Reply Path TLV. The traceroute packet TTL expires onP1P1, and P1 processes the traceroute as per the procedures described in <xreftarget="RFC8029"/>target="RFC8029" format="default"/> and <xreftarget="RFC8287"/>.target="RFC8287" format="default"/>. P1 sends an echo reply with the same Reply Path TLV with thereply path return codeReply Path Return Code set to 6. Thereturn codeReturn Code of the echo reply itself is set to thereturn codeReturn Code as per <xreftarget="RFC8029"/>target="RFC8029" format="default"/> and <xreftarget="RFC8287"/>.target="RFC8287" format="default"/>. This traceroute doesn't need any changes to the Reply Path TLVtilluntil it leaves AS1. The same Reply Path TLV that is received may be included in the echo reply by P1 andP2P2, or no Reply Path TLV is included so that the head-end continues to use the same return path in the echo request that it used to send the previous echo request.</t> <t>When ASBR1 receives the echo request, in the case it receives the Type-C/Type-D segment in the Reply Path TLV in the echo request, it converts that Type-C/Type-D segment to Type-A based on its own SRGB. When ASBR4 receives the echo request, it should form this Reply Path TLV using its Node-SID (N-ASBR4) and EPE-SID (EPE-ASRB4-ASBR1) labels and set thereply path return codeReply Path Return Code toTBA1. Then0x0006. Then, PE1 should use this Reply Path TLV in subsequent echo requests. In this example, when the subsequent echo request reaches P3, it should use this Reply Path TLV for sending the echo reply. The same Reply Path TLV is sufficient for any router in AS2 to send the reply.BecauseThis is because the firstlabel(N-ASBR4)label (N-ASBR4) can direct the echo reply to ASBR4 and the second one (EPE-ASBR4-ASBR1)tocan direct the echo reply to AS1. Once the echo reply reaches AS1, normal IP forwarding or the N-PE1 helps it to reach PE1.</t><t> The<t>The example described in the above paragraphs can be extended to multipleASesASes. This is done by following the same procedureoffor eachASBRASBR, i.e., addingNode-SIDNode-SIDs andEPE-SIDEPE-SIDs on receiving echo requests from neighboringAS.</t>ASes.</t> <t>Let us considerathe topology from <xreftarget="Topology_2"/>.target="Topology_2" format="default"/>. It consists of multiple IGP domains with multiple areas/levels or separate IGP instances. There is a single border node that separates the two domains. In this case, PE1 sends a traceroute packet with the TTL set to 1 and includes N-PE1 in the Reply Path TLV. ABR1 receives the echorequest and while sending the echo replyrequest, adds its nodeLabellabel to the Reply Path TLV (while sending the echo reply), and sets the Replypath return codePath Return Code toTBA1.0x0006. The Reply Path TLV in the echo reply from ABR1 consists of [N-ABR1, N-PE1]. The next echo request with a TTL of 2 reaches the P node. It is an internalnodenode, so it does not change the returnPath.path. The echo request with a TTL of 3 reachesABR2ABR2, and it adds its node label so the Reply Path TLV sent in the echo reply will be [N-ABR2, N-ABR1, N-PE1]. The echo request with a TTL of 4 reachesPE4PE4, and it sends an echo replyreturn codeReturn Code asEgress.an egress. PE4 does not include any Reply PathTLVTLVs in the echo reply. The above example assumes a uniform SRGB throughout the domain. In the case of different SRGBs, the top segment will be a Type-C/Type-D segment and all other segments will be Type-A. Each border node converts the Type-C/Type-D segment to Type-A before adding its segment to the Reply Path TLV.</t> </section> </section> </section></middle> <back> <references title='Normative References'> &RFC8174; &RFC2119; &RFC8287; &RFC8029; &RFC7110; </references> <references title='Informative References'> &RFC3032; &RFC8403; &RFC8402; &RFC8604; &RFC7743; &RFC8277; &RFC8660; &RFC9086; &RFC9256; &RFC9552; &RFC7942; &RFC9087; &RFC9350; <reference anchor='IEEE-802.1AE'> <front> <title> IEEE Standard<section numbered="false" toc="default"> <name>Acknowledgments</name> <t>Thanks to <contact fullname="Bruno Decraene"/> forLocalsuggesting the use of the generic Segment sub-TLV. Thanks to <contact fullname="Adrian Farrel"/>, <contact fullname="Huub van Helvoort"/>, <contact fullname="Dhruv Dhody"/>, andmetropolitan area networks–Media Access Control (MAC) Security</title> <author> <organization> IEEE </organization> </author> <date month="Aug" year="2023"/> </front> </reference> </references><contact fullname="Dongjie"/> for their careful reviews and comments. Thanks to <contact fullname="Mach Chen"/> for suggesting the use of the Reply Path TLV. Thanks to <contact fullname="Gregory Mirsky"/> for the detailed review, which helped improve the readability of the document to a great extent. </t> </section> <section numbered="false" toc="default"> <name>Contributors</name> <contact fullname="Carlos Pignataro"> <organization>NC State University</organization> <address> <email>cpignata@gmail.com</email> </address> </contact> <contact fullname="Zafar Ali"> <organization>Cisco Systems, Inc.</organization> <address> <email>zali@cisco.com</email> </address> </contact> </section> </back> </rfc>