ZTE Corp.

gregimirsky@gmail.com

ZTE Corporation

68# Zijinghua Road Nanjing Jiangsu 210012 P.R.China +86 18105183663 guo.jun2@zte.com.cn

Accedian Networks

hnydell@accedian.com

Nokia

footer.foote@nokia.com

Transport Network Working Group Internet-Draft IPPM Performance Measurement This document describes a Simple Two-way Active Measurement Protocol which enables the measurement of both one-way and round-trip performance metrics like delay, delay variation, and packet loss.

Development and deployment of Two-Way Active Measurement Protocol (TWAMP) and its extensions, e.g., that defined features such as Reflect Octets and Symmetrical Size for TWAMP provided invaluable experience. Several independent implementations exist, have been deployed and provide important operational performance measurements. At the same time, there has been noticeable interest in using a simpler mechanism for active performance monitoring that can provide deterministic behavior and inherit separation of control (vendor-specific configuration or orchestration) and test functions. One of such is Performance Measurement from IP Edge to Customer Equipment using TWAMP Light from Broadband Forum (). This document defines active performance measurement test protocol, Simple Two-way Active Measurement Protocol (STAMP), that enables measurement of both one-way and round-trip performance metrics like delay, delay variation, and packet loss.

AES Advanced Encryption Standard CBC Cipher Block Chaining ECB Electronic Cookbook KEK Key-encryption Key STAMP - Simple Two-way Active Measurement Protocol NTP - Network Time Protocol PTP - Precision Time Protocol HMAC Hashed Message Authentication Code OWAMP One-Way Active Measurement Protocol TWAMP Two-Way Active Measurement Protocol

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

presents Simple Two-way Active Measurement Protocol (STAMP) Session-Sender and Session-Reflector with a measurement session. The configuration and management of the STAMP Session-Sender, Session-Reflector and management of the STAMP sessions can be achieved through various means. Command Line Interface, OSS/BSS using SNMP or SDN using Netconf/YANG are but a few examples.

| STAMP Session-Reflector | +----------------------+ +-------------------------+ ]]>

STAMP Session-Sender transmits test packets toward STAMP Session-Reflector. STAMP Session-Reflector receives Session-Sender's packet and acts according to the configuration and optional control information communicated in the Session-Sender's test packet. STAMP defines two different test packet formats, one for packets transmitted by the STAMP-Session-Sender and one for packets transmitted by the STAMP-Session-Reflector. STAMP supports two modes: unauthenticated and authenticated. Unauthenticated STAMP test packets are compatible on the wire with unauthenticated TWAMP-Test packet formats. By default, STAMP uses symmetrical packets, i.e., size of the packet transmitted by Session-Reflector equals the size of the packet received by the Session-Reflector.

Because STAMP supports symmetrical test packets, STAMP Session-Sender packet has a minimum size of 44 octets in unauthenticated mode, see , and 48 octets in the authenticated mode, see . For unauthenticated mode:

where fields are defined as the following: Sequence Number is four octets long field. For each new session its value starts at zero and is incremented with each transmitted packet. Timestamp is eight octets long field. STAMP node MUST support Network Time Protocol (NTP) version 4 64-bit timestamp format . STAMP node MAY support IEEE 1588v2 Precision Time Protocol truncated 64-bit timestamp format . Error Estimate is two octets long field with format displayed in

where S, Scale, and Multiplier fields are interpreted as they have been defined in section 4.1.2 ; and Z field - as has been defined in section 2.3 : 0 - NTP 64 bit format of a timestamp; 1 - PTPv2 truncated format of a timestamp. The STAMP Session-Sender and Session-Reflector MAY use, not use, or set value of the Z field in accordance with the timestamp format in use. This optional field is to enhance operations, but local configuration or defaults could be used in its place. Must-be-Zero (MBZ) field in the session-sender unauthenticated packet is 27 octets long. It MUST be all zeroed on the transmission and ignored on receipt. Server Octets field is two octets long field. It MUST follow the 27 octets long MBZ field. The Reflect Octets capability defined in . The value in the Server Octets field equals the number of octets the Session-Reflector is expected to copy back to the Session-Sender starting with the Server Octets field. Thus the minimal non-zero value for the Server Octets field is two. Therefore, the value of one is invalid. If none of Payload to be copied, the value of the Server Octets field MUST be set to zero on transmit. Remaining Packet Padding is an optional field of variable length. The number of octets in the Remaining Packet Padding field is the value of the Server Octets field less the length of the Server Octets field. Comp.MBZ is variable length field used to achieve alignment on a word boundary. Thus the length of Comp.MBZ field may be only 0, 1, 2 or 3 octets. The value of the field MUST be zeroed on transmission and ignored on receipt. The unauthenticated STAMP Session-Sender packet MAY include Type-Length-Value encodings that immediately follow the Comp. MBZ field. Type field is two octets long. The value of the Type field is the codepoint allocated by IANA that identifies data in the Value field. Length is two octets long field, and its value is the length of the Value field in octets. Value field contains the application specific information. The length of the Value field MUST be four octets aligned.

For authenticated mode:

The field definitions are the same as the unauthenticated mode, listed in . Also, Comp.MBZ field is variable length field to align the packet on 16 octets boundary. Also, the packet includes a key-hashed message authentication code (HMAC) () hash at the end of the PDU.

The Session-Reflector receives the STAMP test packet, verifies it, prepares and transmits the reflected test packet. Two modes of STAMP Session-Reflector characterize the expected behavior and, consequently, performance metrics that can be measured: Stateless - STAMP Session-Reflector does not maintain test state and will reflect the received sequence number without modification. As a result, only round-trip packet loss can be calculated while the reflector is operating in stateless mode. Stateful - STAMP Session-Reflector maintains test state thus enabling the ability to determine forward loss, gaps recognized in the received sequence number. As a result, both near-end (forward) and far-end (backward) packet loss can be computed. That implies that the STAMP Session-Reflector MUST keep a state for each accepted STAMP-test session, uniquely identifying STAMP-test packets to one such session instance, and enabling adding a sequence number in the test reply that is individually incremented on a per-session basis.

For unauthenticated mode:

where fields are defined as the following: Sequence Number is four octets long field. The value of the Sequence Number field is set according to the mode of the STAMP Session-Reflector: in the stateless mode the Session-Reflector copies the value from the received STAMP test packet's Sequence Number field; in the stateful mode the Session-Reflector counts the received STAMP test packets in each test session and uses that counter to set the value of the Sequence Number field. Timestamp and Receiver Timestamp fields are each eight octets long. The format of these fields, NTP or PTPv2, indicated by the Z flag of the Error Estimate field as described in . Error Estimate has the same size and interpretation as described in . Session-Sender Sequence Number, Session-Sender Timestamp, and Session-Sender Error Estimate are copies of the corresponding fields in the STAMP test packet sent by the Session-Sender. Session-Sender TTL is one octet long field, and its value is the copy of the TTL field from the received STAMP test packet. Packet Padding (reflected) is an optional variable length field. The length of the Packet Padding (reflected) field MUST be equal to the value of the Server Octets field (). If the value is non-zero, the Session-Reflector MUST copy number of octets equal to the value of Server Octets field starting with the Server Octets field. Comp.MBZ is variable length field used to achieve alignment on a word boundary. Thus the length of Comp.MBZ field may be only 0, 1, 2 or 3 octets. The value of the field MUST be zeroed on transmission and ignored on receipt.

For the authenticated mode:

The field definitions are the same as the unauthenticated mode, listed in . Additionally, the packet MAY include Comp.MBZ field is variable length field to align the packet on 16 octets boundary. Also, STAMP Session-Reflector test packet format in authenticated mode includes a key (HMAC) () hash at the end of the PDU.

To provide integrity protection, each STAMP message is being authenticated by adding Hashed Message Authentication Code (HMAC). STAMP uses HMAC-SHA-256 truncated to 128 bits (similarly to the use of it in IPSec defined in ); hence the length of the HMAC field is 16 octets. HMAC uses own key and the definition of the mechanism to distribute the HMAC key is outside the scope of this specification. One example is to use an orchestrator to configure HMAC key based on STAMP YANG data model . HMAC MUST be verified as early as possible to avoid using or propagating corrupted data. If confidentiality protection for STAMP is required, encryption at the higher level MUST be used.

One of the essential requirements to STAMP is the ability to interwork with TWAMP Light device. There are two possible combinations for such use case: STAMP Session-Sender with TWAMP Light Session-Reflector; TWAMP Light Session-Sender with STAMP Session-Reflector. In the former case, Session-Sender MAY not be aware that its Session-Reflector does not support STAMP. For example, TWAMP Light Session-Reflector may not support the use of UDP port 862 as defined in . Thus STAMP Session-Sender MUST be able to send test packets to destination UDP port number from the Dynamic and/or Private Ports range 49152-65535, test management system should find port number that both devices can use. And if any of TLV-based STAMP extensions are used, the TWAMP Light Session-Reflector will view them as Packet Padding field. The Session-Sender SHOULD use the default format for its timestamps - NTP. And it MAY use PTPv2 timestamp format. In the latter scenario, the test management system should set STAMP Session-Reflector to use UDP port number from the Dynamic and/or Private Ports range. As for Packet Padding field that the TWAMP Light Session-Sender includes in its transmitted packet, the STAMP Session-Reflector will process it according to and return reflected packet of the symmetrical size. The Session-Reflector MUST use the default format for its timestamps - NTP.

This document doesn't have any IANA action. This section may be removed before the publication.

Use of HMAC-SHA-256 in the authenticated mode protects the data integrity of the STAMP test packets.

Authors express their appreciation to Jose Ignacio Alvarez-Hamelin and Brian Weis for their great insights into the security and identity protection, and the most helpful and practical suggestions.