Session

Securing IOAM in the Linux Kernel: Toward Trustworthy In Situ Network Telemetry

Speakers

Maxime Goffart
Emilien Wansart
Benoit Donnet

Label

Nuts and Bolts

Session Type

Talk

Description

In Situ Operations, Administration, and Maintenance (IOAM) is an IETF-standardized in-band network telemetry protocol that enables routers to collect and embed operational telemetry data directly into IPv6 Extension Headers of in-transit packets. IOAM is designed to operate within a Limited Domain - such as an Internet Service Provider (ISP) or a datacenter network - where boundary filtering is assumed to prevent telemetry data from leaking outside the domain. However, IOAM provides no built-in confidentiality or integrity protection: telemetry fields are transmitted in plaintext and are not authenticated, leaving them vulnerable to interception and forgery by on-path adversaries in the event of a misconfiguration or boundary enforcement failure. To address this gap, we propose a security mechanism providing encryption and authentication for IOAM based on an AEAD scheme, supporting both AES-GCM and ChaCha20-Poly1305. We implement this solution directly in the Linux kernel, with a user-space configuration interface, and evaluate its impact on IPv6 packet forwarding performance. Both the kernel-space and user-space code are released as open source.