Provenance Identifier TCP Option

Introduction Transport connections in operator-managed network domains often traverse elements such as NATs, and service proxies. These devices commonly rewrite transport-layer identifiers or terminate and originate new TCP connections. As a result, what is logically a single communication between two workloads frequently appears as a series of distinct TCP connections. These transformations break provenance continuity. Observations of TCP traffic at different points in the domain cannot reliably be associated with the same logical flow, and operators cannot determine which workload instance originally initiated a connection once rewriting has occurred. This document defines an experimental TCP option that carries a small Provenance Identifier (ProvID). A ProvID is a compact value generated at connection initiation using workload-scoped attributes, such as host IP with process ID. The ProvID enables provenance correlation across rewriting boundaries within the domain. The ProvID option is intended for operator-managed environments such as cloud platforms, enterprise networks, and data centers.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Option Format The Provenance Identifier (ProvID) option uses a fixed-length experimental TCP option format. The option is identified by the experimental option kind and is distinguished by a fixed option length.

ProvID TCP Option Format

Kind: The TCP option kind. The value of this field is 253.
Length: The total length of the TCP option in bytes. For the ProvID option defined in this document, the value of this field is 12.
ExID: The Experiment Identifier (ExID). This 2-byte field identifies the ProvID experiment when used with experimental TCP option kinds. The value of this field is 0xDEE9.
ProvID: The Provenance Identifier. This field is 8 bytes in length and carries a provenance identifier defined by the sender.

IANA Considerations This document's IANA considerations are to be determined and will be provided in a subsequent revision of this draft. [TODO]

Security Considerations This document's security considerations are to be determined and will be provided in a subsequent revision of this draft. [TODO]