Implementing and Evaluating Ioam Integrity Protection

In-Situ Operations, Administration, and Maintenance (Ioam) gathers telemetry and operational information along a path, within packets.Up to now, Ioam header and data are carried in plain text without any protection against data-altering nodes or middleboxes.However, deploying Ioam in an untrusted or semi-trusted environment requires at least integrity protection.This paper leverages and analyzes work in progress about Ioam integrity protection and explains why the currently proposed solution can be improved.Accordingly, several alternative solutions are discussed, implemented in the Linux kernel, and evaluated.Based on the results, guidance is provided for standardization.Our source code is publicly available.