Hierarchical Stateful Path Computation Element (PCE)Huawei TechnologiesDivyashree Techno Park, WhitefieldBangaloreKarnataka560066Indiadhruv.ietf@gmail.comSamsung Electronicsyounglee.tx@gmail.comEricssonTorshamnsgatan, 48StockholmSwedendaniele.ceccarelli@ericsson.comSK Telecom6 Hwangsaeul-ro, 258 beon-gilBundang-gu, Seongnam-si,Gyeonggi-do463-784Republic of Koreajongyoon.shin@sk.comLancaster UniversityUKd.king@lancaster.ac.ukPCE Working Group
A stateful Path Computation Element (PCE) maintains information on
the current network state received from the Path Computation Clients
(PCCs), including computed Label Switched Paths (LSPs), reserved
resources within the network, and pending path computation requests.
This information may then be considered when computing the path for a
new traffic-engineered LSP or for any associated/dependent LSPs. The
path-computation response from a PCE helps the PCC to
gracefully establish the computed LSP.
The Hierarchical Path Computation Element (H-PCE) architecture
allows the optimum sequence of
interconnected domains to be selected and network policy to be
applied if applicable, via the use of a hierarchical relationship
between PCEs.
Combining the capabilities of stateful PCE and the hierarchical PCE
would be advantageous. This document describes general considerations
and use cases for the deployment of stateful, but not stateless, PCEs
using the hierarchical PCE architecture.Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
() in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Table of Contents
. Introduction
. Background
. Use Cases and Applicability of Hierarchical Stateful PCE
. Applicability to ACTN
. End-to-End Contiguous LSP
. Applicability of a Stateful P-PCE
. Terminology
. Requirements Language
. Hierarchical Stateful PCE
. Passive Operations
. Active Operations
. PCE Initiation of LSPs
. Per-Domain Stitched LSP
. Security Considerations
. Manageability Considerations
. Control of Function and Policy
. Information and Data Models
. Liveness Detection and Monitoring
. Verification of Correct Operations
. Requirements on Other Protocols
. Impact on Network Operations
. Error Handling between PCEs
. Other Considerations
. Applicability to Interlayer Traffic Engineering
. Scalability Considerations
. Confidentiality
. IANA Considerations
. References
. Normative References
. Informative References
Acknowledgments
Contributors
Authors' Addresses
IntroductionBackground
The Path Computation Element communication Protocol (PCEP)
provides mechanisms for Path Computation Elements (PCEs) to perform
path computations in response to the requests of Path Computation Clients (PCCs).
A stateful PCE is capable of considering, for the purposes of path
computation, not only the network state in terms of links and nodes
(referred to as the Traffic Engineering Database or TED) but also the
status of active services (previously computed paths, and currently
reserved resources, stored in the Label Switched Paths Database
(LSPDB). describes general considerations for a stateful PCE
deployment; it also examines its applicability and benefits as well as
its challenges and limitations through a number of use cases. describes a set of extensions to PCEP to provide stateful
control. For its computations, a stateful PCE has access to not only the information
carried by the network's Interior Gateway Protocol (IGP), but also
the set of active paths and their reserved resources. The additional state
allows the PCE to compute
constrained paths while considering individual LSPs and their
interactions. describes the setup, maintenance, and
teardown of PCE-initiated LSPs under the stateful PCE model. also describes the active stateful PCE. The
active PCE functionality allows a PCE to reroute an existing LSP, make
changes to the attributes of an existing LSP, or delegate control of
specific LSPs to a new PCE.
The ability to compute constrained paths for Traffic Engineering (TE) LSPs in Multiprotocol
Label Switching (MPLS) and Generalized MPLS (GMPLS) networks across
multiple domains has been identified as a key motivation for PCE
development. describes a Hierarchical PCE (H-PCE)
architecture that can be used for computing end-to-end paths for
interdomain MPLS TE and GMPLS Label Switched
Paths (LSPs). Within the H-PCE architecture
, the Parent PCE (P-PCE) is used to compute a multidomain
path based on the domain connectivity information. A Child PCE
(C-PCE) may be responsible for a single domain or multiple domains.
The C-PCE is used to compute the intradomain path based on its
domain topology information.
This document presents general considerations for stateful PCEs, and
not stateless PCEs, in the hierarchical PCE architecture. It focuses
on the behavior changes and additions to the existing stateful PCE
mechanisms (including PCE-initiated LSP setup and active stateful PCE
usage) in the context of networks using the H-PCE architecture.
In this document, Sections and
focus on end-to-end (E2E)
interdomain TE LSP. describes the operations for
stitching per-domain LSPs.Use Cases and Applicability of Hierarchical Stateful PCE
As per , in the hierarchical PCE architecture, a P-PCE
maintains a domain topology map that contains the child domains and
their interconnections. Usually, the P-PCE has no information about
the content of the child domains. But, if the PCE is applied to the
Abstraction and Control of TE Networks (ACTN) as described
in , the Provisioning Network
Controller (PNC) can provide
an abstract topology to the Multi-Domain Service Coordinator (MDSC).
Thus, the P-PCE in MDSC could be aware of topology information in much
more detail than just the domain topology.
In a PCEP session between a PCC (ingress) and a C-PCE, the C-PCE acts
as per the stateful PCE operations described in and
. The same C-PCE behaves as a PCC on the PCEP session
towards the P-PCE. The P-PCE is stateful in nature; thus, it maintains
the state of the interdomain LSPs that are reported to it. The
interdomain LSP could also be delegated by the C-PCE to the P-PCE,
so that the P-PCE could update the interdomain path. The trigger for
this update could be the LSP state change reported for this LSP or
any other LSP. It could also be a change in topology at the P-PCE,
such as interdomain link status change. In case of use of stateful
H-PCE in ACTN, a change in abstract topology learned by the P-PCE
could also trigger the update. Some other external factors (such as a
measurement probe) could also be a trigger at the P-PCE. Any such
update would require an interdomain path recomputation as described
in .
The end-to-end interdomain path computation and setup is described in
. Additionally, a per-domain
stitched-LSP model is
also applicable in a P-PCE initiation model. Sections , , and
describe the
end-to-end contiguous LSP setup, whereas
describes the per-domain stitching.Applicability to ACTN describes a framework for the
Abstraction and Control of TE
Networks (ACTN), where each Provisioning Network Controller (PNC) is
equivalent to a C-PCE, and the P-PCE is the Multi-Domain Service
Coordinator (MDSC). The per-domain stitched LSP is well suited for ACTN
deployments, as per the
hierarchical PCE architecture described in of this document and . examines the applicability of PCE to the ACTN framework. To
support the function of multidomain coordination via hierarchy, the
hierarchy of stateful PCEs plays a crucial role.
In the ACTN framework, a Customer Network Controller (CNC) can request the
MDSC to check whether there is a possibility to meet Virtual Network (VN)
requirements before requesting that the VN be provisioned. The H-PCE
architecture as described in can support this
function using Path Computation Request and Reply (PCReq and PCRep,
respectively) messages between the P-PCE and C-PCEs. When
the CNC requests VN provisioning, the MDSC decomposes this request into
multiple interdomain LSP provisioning requests, which might be further
decomposed into per-domain path segments. This is described in
. The MDSC uses the LSP
initiate request (PCInitiate)
message from the P-PCE towards the C-PCE, and the C-PCE reports the state
back to the P-PCE via a Path Computation State Report (PCRpt) message. The
P-PCE could make changes to the LSP via the use of a Path Computation
Update Request (PCUpd) message.
In this case, the P-PCE (as MDSC) interacts with multiple C-PCEs (as
PNCs) along the interdomain path of the LSP.End-to-End Contiguous LSP
Different signaling options for interdomain RSVP-TE are identified in
. Contiguous LSPs are achieved using the
procedures of and to
create a single end-to-end LSP that spans all domains. describes the technique for establishing the optimum
path when the sequence of domains is not known in advance.
That document shows how the PCE architecture can be extended to allow the
optimum sequence of domains to be selected and the optimum
end-to-end path to be derived.
A stateful P-PCE has to be aware of the interdomain LSPs for it to
consider them during path computation. For instance, when a domain-diverse
path is required from another LSP, the P-PCE needs to be aware of the
LSP. This is the passive stateful P-PCE, as described in . Additionally, the interdomain LSP
could be delegated
to the P-PCE, so that P-PCE could trigger an update via a PCUpd message.
The update could be triggered on receipt of the PCRpt message that
indicates a status change of this LSP or some other LSP. The other LSP
could be an associated LSP (such as a protection LSP ) or an unrelated LSP whose
resource change leads to reoptimization at the P-PCE. This is the active
stateful operation, as described in . Further, the
P-PCE could be instructed to create an interdomain LSP on its own using
the PCInitiate message for an E2E contiguous LSP. The P-PCE would send the
PCInitiate message to the ingress domain C-PCE, which would further
instruct the ingress PCC.
In this document, for the contiguous LSP, the above interactions are
only between the ingress domain C-PCE and the P-PCE. The use of
stateful operations for an interdomain LSP between the
transit/egress domain C-PCEs and the P-PCE is out of the scope of this
document.Applicability of a Stateful P-PCE describes general
considerations for a stateful PCE deployment and examines its
applicability and benefits, as well as its challenges and limitations,
through a number of use cases. These are also applicable to the
stateful P-PCE when used for the interdomain LSP path computation and
setup. It should be noted that though the stateful P-PCE has limited
direct visibility inside the child domain, it could still trigger
reoptimization with the help of child PCEs based on LSP state
changes, abstract topology changes, or some other external
factors.
The C-PCE would delegate control of the interdomain LSP to the P-PCE
so that the P-PCE can make changes to it. Note that, if the C-PCE
becomes aware of a topology change that is hidden from the P-PCE, it
could take back the delegation from the P-PCE to act on it itself.
Similarly, a P-PCE could also request delegation if it needs to make
a change to the LSP (refer to ).Terminology The terminology is as
per , , , , , and .Some key terms are listed below for easy reference.
ACTN:
Abstraction and Control of Traffic Engineering Networks
CNC:
Customer Network Controller
C-PCE:
Child Path Computation Element
H-PCE:
Hierarchical Path Computation Element
IGP:
Interior Gateway Protocol
LSP:
Label Switched Path
LSPDB:
Label Switched Path Database
LSR:
Label Switching Router
MDSC:
Multi-Domain Service Coordinator
PCC:
Path Computation Client
PCE:
Path Computation Element
PCEP:
Path Computation Element communication Protocol
PNC:
Provisioning Network Controller
P-PCE:
Parent Path Computation Element
TED:
Traffic Engineering Database
VN:
Virtual Network
Requirements Language
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document
are to be interpreted as
described in BCP 14
when, and only when, they appear in all capitals, as shown here.
Hierarchical Stateful PCE As described in , in the hierarchical PCE
architecture, a P-PCE maintains a domain topology map that contains the
child domains (seen as vertices in the topology) and their
interconnections (links in the topology). Usually, the P-PCE has no
information about the content of the child domains. Each child domain
has at least one PCE capable of computing paths across the domain.
These PCEs are known as Child PCEs (C-PCEs)
and have a direct relationship with the P-PCE. The P-PCE builds the
domain topology map either via direct configuration or from learned
information received from each C-PCE. The network policy could be
applied while building the domain topology map. This has been
described in detail in .
Note that, in the scope of this document, both the C-PCEs and the P-PCE are
stateful in nature. specifies new functions to support a stateful PCE.
It also specifies that a function can be initiated either from a PCC
towards a PCE (C-E) or from a PCE towards a PCC (E-C).
This document extends these functions to support H-PCE Architecture
from a C-PCE towards P-PCE (EC-EP) or from a P-PCE towards C-PCE
(EP-EC). All PCE types herein (EC-EP and EP-EC) are assumed to be
"stateful PCE".
A number of interactions are expected in the hierarchical stateful
PCE architecture. These include:
LSP State Report (EC-EP):
A child stateful PCE sends an
LSP state report to a parent stateful PCE to indicate the state of an LSP.
LSP State Synchronization (EC-EP):
After the session
between the child and parent stateful PCEs is initialized, the P-PCE
must learn the state of the C-PCE's TE LSPs.
LSP Control Delegation (EC-EP, EP-EC):
A C-PCE grants to the P-PCE
the right to update LSP attributes on one or more LSPs; at any
time, the C-PCE
may withdraw the delegation or the P-PCE may give up the
delegation.
LSP Update Request (EP-EC):
A stateful P-PCE requests
modification of attributes on a C-PCE's TE LSP.
PCE LSP Initiation Request (EP-EC):
A stateful P-PCE requests a C-PCE to initiate a TE LSP.
Note that this hierarchy is recursive, so a Label Switching Router
(LSR), as a PCC, could delegate control to a PCE. That PCE may, in turn,
delegate to its parent, which may further delegate to its parent (if
it exists). Similarly, update operations can also be applied
recursively. defines the H-PCE-CAPABILITY TLV that is used in the Open message to advertise the H-PCE
capability. defines the STATEFUL-PCE-CAPABILITY
TLV used in the Open message to indicate stateful support. To indicate the
support for stateful H-PCE operations described in this document, a PCEP
speaker MUST include both TLVs in an Open message. It is RECOMMENDED that
any implementation that supports stateful operations and H-PCE also implement the
stateful H-PCE operations as described in this document.
Further consideration may be made for optional procedures for stateful
communication coordination between PCEs, including procedures to minimize
computational loops. The procedures described in facilitate stateful communication
between PCEs for various use cases. The procedures and extensions as
described in are
also applicable to child and parent PCE communication. The
SPEAKER-IDENTITY-ID TLV (defined in ) is included in
the LSP object to identify the ingress (PCC). The PCEP-specific identifier
for the LSP (PLSP-ID ) used in the
forwarded PCRpt by the C-PCE to the P-PCE is the same as the original one used by
the PCC.Passive Operations Procedures described in are applied, where the
ingress PCC triggers a path computation request for the destination
towards the C-PCE in the domain where the LSP originates. The C-PCE
further forwards the request to the P-PCE. The P-PCE selects a set of
candidate domain paths based on the domain topology and the state of
the interdomain links. It then sends computation requests to the
C-PCEs responsible for each of the domains on the candidate domain
paths. Each C-PCE computes a set of candidate path segments across
its domain and sends the results to the P-PCE. The P-PCE uses this
information to select path segments and concatenate them to derive the
optimal end-to-end interdomain path. The end-to-end path is then
sent to the C-PCE that received the initial path request, and this
C-PCE passes the path on to the PCC that issued the original
request.
As per , the PCC sends an LSP State
Report carried on a PCRpt
message to the C-PCE, indicating the LSP's status. The C-PCE may
further propagate the State Report to the P-PCE. A local policy at the
C-PCE may dictate which LSPs are reported to the P-PCE. The PCRpt
message is sent from C-PCE to P-PCE.
State synchronization mechanisms as described in and
are applicable to a PCEP session between C-PCE and P-PCE as
well.
We use the hierarchical domain topology example from as the
reference topology for the entirety of this document. It is shown in
Figure 1.
Steps 1 to 11 are exactly as described in
("Hierarchical PCE End-to-End Path Computation Procedure"); the
following additional steps are added for stateful PCE, to be executed
at the end:
(A)
The ingress LSR initiates the setup of the LSP as
per the path and reports the LSP status to PCE1 ("GOING-UP").
(B)
PCE1 further reports the status of the LSP to
the P-PCE (PCE5).
(C)
The ingress LSR notifies PCE1 of the LSP state when the
state is "UP".
(D)
PCE1 further reports the status of the LSP to the P-PCE
(PCE5).
The ingress LSR could trigger path reoptimization by sending the
path computation request as described in ; at this time, it
can include the LSP object in the PCReq message, as described in
.Active Operations describes the case of an
active stateful PCE. The
active PCE functionality uses two specific PCEP messages:
Update Request (PCUpd)
State Report (PCRpt)
The first is sent by the PCE to a PCC for modifying LSP attributes.
The PCC sends back a PCRpt to acknowledge the requested operation or
report any change in the LSP's state.
As per , delegation is an
operation to grant a PCE temporary
rights to modify a subset of LSP parameters on the LSPs of one or more
PCCs. The C-PCE may further choose to delegate to its P-PCE based on
a local policy. The PCRpt message with the "D" (delegate) flag is
sent from C-PCE to P-PCE.
To update an LSP, a PCE sends an LSP Update Request to the PCC using
a PCUpd message. For an LSP delegated to a P-PCE via the C-PCE, the
P-PCE can use the same PCUpd message to request a change to the C-PCE
(the ingress domain PCE). The C-PCE further propagates the update
request to the PCC.
The P-PCE uses the same mechanism described in to
compute the end-to-end path using PCReq and PCRep messages.
For active operations, the following steps are required when
delegating the LSP, again using the reference architecture described
in Figure 1 ("Hierarchical Domain Topology Example").
(A)
The ingress LSR delegates the LSP to PCE1 via a
PCRpt message with D flag set.
(B)
PCE1 further delegates the LSP to the P-PCE
(PCE5).
(C)
Steps 4 to 10 in are executed at P-PCE (PCE5) to
determine the end-to-end path.
(D)
The P-PCE (PCE5) sends the update request to the
C-PCE (PCE1) via PCUpd message.
(E)
PCE1 further updates the LSP to the ingress LSR
(PCC).
(F)
The ingress LSR initiates the setup of the LSP as
per the path and reports the LSP status to PCE1 ("GOING-UP").
(G)
PCE1 further reports the status of the LSP to
the P-PCE (PCE5).
(H)
The ingress LSR notifies PCE1 of the LSP state when
the state is "UP".
(I)
PCE1 further reports the status of the LSP to
the P-PCE (PCE5).
PCE Initiation of LSPs describes the setup,
maintenance, and teardown of
PCE-initiated LSPs under the stateful PCE model, without the need for
local configuration on the PCC, thus allowing for a dynamic network
that is centrally controlled and deployed. To instantiate or delete
an LSP, the PCE sends the Path Computation LSP initiate request
(PCInitiate) message to the PCC. In the case of an interdomain LSP in
hierarchical PCE architecture, the initiation operations can be
carried out at the P-PCE. In that case, after the P-PCE finishes the
E2E path computation, it can send the PCInitiate message to the C-PCE
(the ingress domain PCE), and the C-PCE further propagates the initiate
request to the PCC.
The following steps are performed for PCE-initiated operations, again
using the reference architecture described in Figure 1 ("Hierarchical
Domain Topology Example"):
(A)
The P-PCE (PCE5) is requested to initiate an
LSP. Steps 4 to 10 in are
executed to determine the end-to-end path.
(B)
The P-PCE (PCE5) sends the initiate request to the
child PCE (PCE1) via PCInitiate message.
(C)
PCE1 further propagates the initiate message to
the ingress LSR (PCC).
(D)
The ingress LSR initiates the setup of the LSP as per the path
and reports to PCE1 the LSP status ("GOING-UP").
(E)
PCE1 further reports the status of the LSP to the P-PCE
(PCE5).
(F)
The ingress LSR notifies PCE1 of the LSP state when the state is
"UP".
(G)
PCE1 further reports the status of the LSP to the P-PCE
(PCE5).
The ingress LSR (PCC) generates the PLSP-ID for the LSP and
inform the C-PCE, which is propagated to the P-PCE.Per-Domain Stitched LSP The hierarchical PCE architecture, as per , is
primarily used for E2E LSP. With PCE-initiated capability, another
mode of operation is possible, where multiple intradomain LSPs are
initiated in each domain and are further stitched to form an E2E
LSP. The P-PCE sends PCInitiate message to each C-PCE separately to
initiate individual LSP segments along the domain path. These
individual per-domain LSPs are stitched together by some mechanism,
which is out of the scope of this document (Refer to ).
The following steps are performed for the per-domain stitched LSP
operation, again using the reference architecture described in Figure
1 ("Hierarchical Domain Topology Example"):
(A)
The P-PCE (PCE5) is requested to initiate an LSP. Steps 4 to
10 in are
executed to determine the end-to-end path, which is broken into
per-domain LSPs. For example:
S-BN41
BN41-BN33
BN33-D
It should be noted that the P-PCE may use other mechanisms to
determine the suitable per-domain LSPs (apart from ).
For LSP (BN33-D):
(B)
The P-PCE (PCE5) sends the initiate request to the
child PCE (PCE3) via a PCInitiate message for the LSP (BN33-D).
(C)
PCE3 further propagates the initiate message to
BN33.
(D)
BN33 initiates the setup of the LSP as per the path
and reports to PCE3 the LSP status ("GOING-UP").
(E)
PCE3 further reports the status of the LSP to
the P-PCE (PCE5).
(F)
The node BN33 notifies PCE3 of the LSP state when
the state is "UP".
(G)
PCE3 further reports the status of the LSP to the P-PCE
(PCE5).
For LSP (BN41-BN33):
(H)
The P-PCE (PCE5) sends the initiate request to the
child PCE (PCE4) via PCInitiate message for LSP (BN41-BN33).
(I)
PCE4 further propagates the initiate message to
BN41.
(J)
BN41 initiates the setup of the LSP as per the path
and reports to PCE4 the LSP status ("GOING-UP").
(K)
PCE4 further reports the status of the LSP to
the P-PCE (PCE5).
(L)
The node BN41 notifies PCE4 of the LSP state when
the state is "UP".
(M)
PCE4 further reports the status of the LSP to the P-PCE
(PCE5).
For LSP (S-BN41):
(N)
The P-PCE (PCE5) sends the initiate request to the
child PCE (PCE1) via a PCInitiate message for the LSP (S-BN41).
(O)
PCE1 further propagates the initiate message to
node S.
(P)
S initiates the setup of the LSP as per the path and
reports to PCE1 the LSP status ("GOING-UP").
(Q)
PCE1 further reports the status of the LSP to
the P-PCE (PCE5).
(R)
The node S notifies PCE1 of the LSP state when the state is
"UP".
(S)
PCE1 further reports the status of the LSP to
the P-PCE (PCE5).
Additionally:
(T)
Once the P-PCE receives a report of each per-domain LSP,
it should use a suitable stitching mechanism, which is out of the scope of
this document. In this step, the P-PCE (PCE5) could also initiate an E2E
LSP (S-D) by sending the PCInitiate message to the ingress C-PCE
(PCE1).
Note that each per-domain LSP can be set up in parallel. Further, it
is also possible to stitch the per-domain LSP at the same time as the
per-domain LSPs are initiated. This option is defined in
.Security Considerations The
security considerations listed in , , and
apply to this document,
as well. As per , it is expected that the
parent PCE will require all child PCEs to use full security (i.e., the
highest security mechanism available for PCEP) when communicating with
the parent.
Any multidomain operation necessarily involves the exchange of information
across domain boundaries. This is bound to represent a significant
security and confidentiality risk, especially when the child domains are
controlled by different commercial concerns. PCEP allows individual PCEs
to maintain the confidentiality of their domain-path information using
path-keys , and the hierarchical PCE architecture
is specifically designed to enable as much isolation of information about domain topology and
capabilities as is possible. The LSP state in the PCRpt message
must continue to maintain the internal domain confidentiality when
required.
The security considerations for PCE-initiated LSP in are
also applicable from P-PCE to C-PCE.
Further, describes the use of a path-key for
confidentiality between C-PCE and P-PCE.
Thus, it is RECOMMENDED to secure the PCEP session (between the P-PCE and
the C-PCE) using Transport Layer Security (TLS)
(per the recommendations and best current practices in BCP 195 ) and/or TCP Authentication Option (TCP-AO) . The guidance for implementing PCEP with TLS can be
found in .
In the case of TLS, due care needs to be taken while exposing the parameters of
the X.509 certificate -- such as subjectAltName:otherName, which is set to
Speaker Entity Identifier as per
-- to ensure uniqueness and
avoid any mismatch.Manageability Considerations All
manageability requirements and considerations listed in , , , and apply to stateful
H-PCE defined in this document. In addition, requirements and
considerations listed in this section apply.Control of Function and Policy
Support of the hierarchical procedure will be controlled by the
management organization responsible for each child PCE. The parent
PCE must only accept path-computation requests from authorized child
PCEs. If a parent PCE receives a report from an unauthorized child
PCE, the report should be dropped. All mechanisms described in
and continue to apply.Information and Data Models
An implementation should allow the operator to view the stateful and
H-PCE capabilities advertised by each peer. The "ietf-pcep" PCEP YANG
module is specified in . This YANG module
will be required to be augmented to also include details for stateful
H-PCE deployment and operation. The exact model and attributes are
out of scope for this document.Liveness Detection and Monitoring
Mechanisms defined in this document do not imply any new liveness-detection
or monitoring requirements in addition to those already
listed in .Verification of Correct Operations
Mechanisms defined in this document do not imply any new
operation-verification requirements in addition to those already listed in
and .Requirements on Other Protocols
Mechanisms defined in this document do not imply any new requirements
on other protocols.Impact on Network Operations
Mechanisms defined in and also apply to PCEP
extensions defined in this document.
The stateful H-PCE technique brings the applicability of stateful PCE
(described in ) to the LSP traversing multiple domains.
As described in , a PCEP speaker includes both the
H-PCE-CAPABILITY TLV and
STATEFUL-PCE-CAPABILITY TLV to indicate support
for stateful H-PCE. Note that there is a possibility of a PCEP speaker that
does not support the stateful H-PCE feature but does provide support for
stateful-PCE and H-PCE features. This PCEP speaker
will also include both the TLVs; in this case, a PCEP peer could falsely
assume that the stateful H-PCE feature is also supported. On further PCEP
message exchange, the stateful messages will not be propagated further (as
described in this document), and a stateful H-PCE-based "parent" control of
the LSP will not happen. A PCEP peer should be prepared for this
eventuality as a part of normal procedures.Error Handling between PCEs
Apart from the basic error handling described in this document, an
implementation could also use the enhanced error and notification
mechanism for stateful H-PCE operations described in . Enhanced
features such as
error-behavior propagation, notification, and error-criticality level
are further defined in .Other ConsiderationsApplicability to Interlayer Traffic Engineering describes a framework for applying the PCE-based
architecture to interlayer (G)MPLS traffic engineering. The H-PCE
stateful architecture with stateful P-PCE coordinating with the
stateful C-PCEs of higher and lower layer is shown in .
All procedures described in are also
applicable to interlayer path setup, and therefore to separate domains.Scalability Considerations
It should be noted that if all the C-PCEs were to report all the LSPs
in their domain, it could lead to scalability issues for the P-PCE.
Thus, it is recommended to only report the LSPs that are involved in
H-PCE -- i.e., the LSPs that are either delegated to the P-PCE or
initiated by the P-PCE. Scalability considerations for PCEP as per
continue to apply for the PCEP session between child and
parent PCE.Confidentiality
As described in ,
information about the
content of child domains is not shared, for both scaling and
confidentiality reasons. The child PCE could also conceal the path
information during path computation. A C-PCE may replace a path
segment with a path-key , effectively hiding the content of
a segment of a path.IANA Considerations
This document has no IANA actions.ReferencesNormative ReferencesKey words for use in RFCs to Indicate Requirement LevelsIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.A Path Computation Element (PCE)-Based ArchitectureConstraint-based path computation is a fundamental building block for traffic engineering systems such as Multiprotocol Label Switching (MPLS) and Generalized Multiprotocol Label Switching (GMPLS) networks. Path computation in large, multi-domain, multi-region, or multi-layer networks is complex and may require special computational components and cooperation between the different network domains.This document specifies the architecture for a Path Computation Element (PCE)-based model to address this problem space. This document does not attempt to provide a detailed description of all the architectural components, but rather it describes a set of building blocks for the PCE architecture from which solutions may be constructed. This memo provides information for the Internet community.Path Computation Element (PCE) Communication Protocol (PCEP)This document specifies the Path Computation Element (PCE) Communication Protocol (PCEP) for communications between a Path Computation Client (PCC) and a PCE, or between two PCEs. Such interactions include path computation requests and path computation replies as well as notifications of specific states related to the use of a PCE in the context of Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering. PCEP is designed to be flexible and extensible so as to easily allow for the addition of further messages and objects, should further requirements be expressed in the future. [STANDARDS-TRACK]Preserving Topology Confidentiality in Inter-Domain Path Computation Using a Path-Key-Based MechanismMultiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering (TE) Label Switched Paths (LSPs) may be computed by Path Computation Elements (PCEs). Where the TE LSP crosses multiple domains, such as Autonomous Systems (ASes), the path may be computed by multiple PCEs that cooperate, with each responsible for computing a segment of the path. However, in some cases (e.g., when ASes are administered by separate Service Providers), it would break confidentiality rules for a PCE to supply a path segment to a PCE in another domain, thus disclosing AS-internal topology information. This issue may be circumvented by returning a loose hop and by invoking a new path computation from the domain boundary Label Switching Router (LSR) during TE LSP setup as the signaling message enters the second domain, but this technique has several issues including the problem of maintaining path diversity.This document defines a mechanism to hide the contents of a segment of a path, called the Confidential Path Segment (CPS). The CPS may be replaced by a path-key that can be conveyed in the PCE Communication Protocol (PCEP) and signaled within in a Resource Reservation Protocol TE (RSVP-TE) explicit route object. [STANDARDS-TRACK]The TCP Authentication OptionThis document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK]The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS and GMPLSComputing optimum routes for Label Switched Paths (LSPs) across multiple domains in MPLS Traffic Engineering (MPLS-TE) and GMPLS networks presents a problem because no single point of path computation is aware of all of the links and resources in each domain. A solution may be achieved using the Path Computation Element (PCE) architecture.Where the sequence of domains is known a priori, various techniques can be employed to derive an optimum path. If the domains are simply connected, or if the preferred points of interconnection are also known, the Per-Domain Path Computation technique can be used. Where there are multiple connections between domains and there is no preference for the choice of points of interconnection, the Backward-Recursive PCE-based Computation (BRPC) procedure can be used to derive an optimal path.This document examines techniques to establish the optimum path when the sequence of domains is not known in advance. The document shows how the PCE architecture can be extended to allow the optimum sequence of domains to be selected, and the optimum end-to-end path to be derived through the use of a hierarchical relationship between domains. This document is not an Internet Standards Track specification; it is published for informational purposes.Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are widely used to protect data exchanged over application protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP. Over the last few years, several serious attacks on TLS have emerged, including attacks on its most commonly used cipher suites and their modes of operation. This document provides recommendations for improving the security of deployed services that use TLS and DTLS. The recommendations are applicable to the majority of use cases.Ambiguity of Uppercase vs Lowercase in RFC 2119 Key WordsRFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.Path Computation Element Communication Protocol (PCEP) Extensions for Stateful PCEThe Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Client (PCC) requests.Although PCEP explicitly makes no assumptions regarding the information available to the PCE, it also makes no provisions for PCE control of timing and sequence of path computations within and across PCEP sessions. This document describes a set of extensions to PCEP to enable stateful control of MPLS-TE and GMPLS Label Switched Paths (LSPs) via PCEP.PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)The Path Computation Element Communication Protocol (PCEP) defines the mechanisms for the communication between a Path Computation Client (PCC) and a Path Computation Element (PCE), or among PCEs. This document describes PCEPS -- the usage of Transport Layer Security (TLS) to provide a secure transport for PCEP. The additional security mechanisms are provided by the transport protocol supporting PCEP; therefore, they do not affect the flexibility and extensibility of PCEP.This document updates RFC 5440 in regards to the PCEP initialization phase procedures.Path Computation Element Communication Protocol (PCEP) Extensions for PCE-Initiated LSP Setup in a Stateful PCE ModelThe Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Client (PCC) requests.The extensions for stateful PCE provide active control of Multiprotocol Label Switching (MPLS) Traffic Engineering Label Switched Paths (TE LSPs) via PCEP, for a model where the PCC delegates control over one or more locally configured LSPs to the PCE. This document describes the creation and deletion of PCE-initiated LSPs under the stateful PCE model.The Transport Layer Security (TLS) Protocol Version 1.3This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.Informative ReferencesRSVP-TE: Extensions to RSVP for LSP TunnelsThis document describes the use of RSVP (Resource Reservation Protocol), including all the necessary extensions, to establish label-switched paths (LSPs) in MPLS (Multi-Protocol Label Switching). Since the flow along an LSP is completely identified by the label applied at the ingress node of the path, these paths may be treated as tunnels. A key application of LSP tunnels is traffic engineering with MPLS as specified in RFC 2702. [STANDARDS-TRACK]Generalized Multi-Protocol Label Switching (GMPLS) Signaling Resource ReserVation Protocol-Traffic Engineering (RSVP-TE) ExtensionsThis document describes extensions to Multi-Protocol Label Switching (MPLS) Resource ReserVation Protocol - Traffic Engineering (RSVP-TE) signaling required to support Generalized MPLS. Generalized MPLS extends the MPLS control plane to encompass time-division (e.g., Synchronous Optical Network and Synchronous Digital Hierarchy, SONET/SDH), wavelength (optical lambdas) and spatial switching (e.g., incoming port or fiber to outgoing port or fiber). This document presents a RSVP-TE specific description of the extensions. A generic functional description can be found in separate documents. [STANDARDS-TRACK]A Framework for Inter-Domain Multiprotocol Label Switching Traffic EngineeringThis document provides a framework for establishing and controlling Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineered (TE) Label Switched Paths (LSPs) in multi-domain networks.For the purposes of this document, a domain is considered to be any collection of network elements within a common sphere of address management or path computational responsibility. Examples of such domains include Interior Gateway Protocol (IGP) areas and Autonomous Systems (ASes). This memo provides information for the Internet community.Framework for PCE-Based Inter-Layer MPLS and GMPLS Traffic EngineeringA network may comprise multiple layers. It is important to globally optimize network resource utilization, taking into account all layers rather than optimizing resource utilization at each layer independently. This allows better network efficiency to be achieved through a process that we call inter-layer traffic engineering. The Path Computation Element (PCE) can be a powerful tool to achieve inter-layer traffic engineering.This document describes a framework for applying the PCE-based architecture to inter-layer Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) traffic engineering. It provides suggestions for the deployment of PCE in support of multi-layer networks. This document also describes network models where PCE performs inter-layer traffic engineering, and the relationship between PCE and a functional component called the Virtual Network Topology Manager (VNTM). This memo provides information for the Internet community.Applicability of a Stateful Path Computation Element (PCE)A stateful Path Computation Element (PCE) maintains information about Label Switched Path (LSP) characteristics and resource usage within a network in order to provide traffic-engineering calculations for its associated Path Computation Clients (PCCs). This document describes general considerations for a stateful PCE deployment and examines its applicability and benefits, as well as its challenges and limitations, through a number of use cases. PCE Communication Protocol (PCEP) extensions required for stateful PCE usage are covered in separate documents.Optimizations of Label Switched Path State Synchronization Procedures for a Stateful PCEA stateful Path Computation Element (PCE) has access to not only the information disseminated by the network's Interior Gateway Protocol (IGP) but also the set of active paths and their reserved resources for its computation. The additional Label Switched Path (LSP) state information allows the PCE to compute constrained paths while considering individual LSPs and their interactions. This requires a State Synchronization mechanism between the PCE and the network, the PCE and Path Computation Clients (PCCs), and cooperating PCEs. The basic mechanism for State Synchronization is part of the stateful PCE specification. This document presents motivations for optimizations to the base State Synchronization procedure and specifies the required Path Computation Element Communication Protocol (PCEP) extensions.Framework for Abstraction and Control of TE Networks (ACTN)Traffic Engineered (TE) networks have a variety of mechanisms to facilitate the separation of the data plane and control plane. They also have a range of management and provisioning protocols to configure and activate network resources. These mechanisms represent key technologies for enabling flexible and dynamic networking. The term "Traffic Engineered network" refers to a network that uses any connection-oriented technology under the control of a distributed or centralized control plane to support dynamic provisioning of end-to- end connectivity.Abstraction of network resources is a technique that can be applied to a single network domain or across multiple domains to create a single virtualized network that is under the control of a network operator or the customer of the operator that actually owns the network resources.This document provides a framework for Abstraction and Control of TE Networks (ACTN) to support virtual network services and connectivity services.Applicability of the Path Computation Element (PCE) to the Abstraction and Control of TE Networks (ACTN)Abstraction and Control of TE Networks (ACTN) refers to the set of virtual network (VN) operations needed to orchestrate, control, and manage large-scale multidomain TE networks so as to facilitate network programmability, automation, efficient resource sharing, and end-to-end virtual service-aware connectivity and network function virtualization services.The Path Computation Element (PCE) is a component, application, or network node that is capable of computing a network path or route based on a network graph and applying computational constraints. The PCE serves requests from Path Computation Clients (PCCs) that communicate with it over a local API or using the Path Computation Element Communication Protocol (PCEP).This document examines the applicability of PCE to the ACTN framework.Path Computation Element Communication Protocol (PCEP) Extensions for the Hierarchical Path Computation Element (H-PCE) ArchitectureThe Hierarchical Path Computation Element (H-PCE) architecture is defined in RFC 6805. It provides a mechanism to derive an optimum end-to-end path in a multi-domain environment by using a hierarchical relationship between domains to select the optimum sequence of domains and optimum paths across those domains.This document defines extensions to the Path Computation Element Communication Protocol (PCEP) to support H-PCE procedures.Ability for a Stateful Path Computation Element (PCE) to Request and Obtain Control of a Label Switched Path (LSP)A stateful Path Computation Element (PCE) retains information about the placement of Multiprotocol Label Switching (MPLS) Traffic Engineering Label Switched Paths (TE LSPs). When a PCE has stateful control over LSPs, it may send indications to LSP head-ends to modify the attributes (especially the paths) of the LSPs. A Path Computation Client (PCC) that has set up LSPs under local configuration may delegate control of those LSPs to a stateful PCE.There are use cases in which a stateful PCE may wish to obtain control of locally configured LSPs that it is aware of but have not been delegated to the PCE.This document describes an extension to the Path Computation Element Communication Protocol (PCEP) to enable a PCE to make requests for such control.Path Computation Element Communication Protocol (PCEP) Extensions for Associating Working and Protection Label Switched Paths (LSPs) with Stateful PCEAn active stateful Path Computation Element (PCE) is capable of computing as well as controlling via Path Computation Element Communication Protocol (PCEP) Multiprotocol Label Switching Traffic Engineering (MPLS-TE) Label Switched Paths (LSPs). Furthermore, it is also possible for an active stateful PCE to create, maintain, and delete LSPs. This document defines the PCEP extension to associate two or more LSPs to provide end-to-end path protection.Extensions to the Path Computation Element Communication Protocol for Enhanced Errors and NotificationsThis document defines new error and notification TLVs for the PCE Communication Protocol (PCEP) specified in RFC5440, and will update it. It identifies the possible PCEP behaviors in case of error or notification. Thus, this draft defines types of errors and how they are disclosed to other PCEs in order to support predefined PCEP behaviors.Work in ProgressA YANG Data Model for Path Computation Element Communications Protocol (PCEP)This document defines a YANG data model for the management of Path Computation Element communications Protocol (PCEP) for communications between a Path Computation Client (PCC) and a Path Computation Element (PCE), or between two PCEs. The data model includes configuration and state data.Work in ProgressInter Stateful Path Computation Element (PCE) Communication Procedures.The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. The stateful PCE extensions allow stateful control of Multi-Protocol Label Switching (MPLS) Traffic Engineering Label Switched Paths (TE LSPs) using PCEP. A Path Computation Client (PCC) can synchronize an LSP state information to a Stateful Path Computation Element (PCE). The stateful PCE extension allows a redundancy scenario where a PCC can have redundant PCEP sessions towards multiple PCEs. In such a case, a PCC gives control on a LSP to only a single PCE, and only one PCE is responsible for path computation for this delegated LSP. The document does not state the procedures related to an inter-PCE stateful communication. There are some use cases, where an inter-PCE stateful communication can bring additional resiliency in the design, for instance when some PCC-PCE sessions fails. The inter-PCE stateful communication may also provide a faster update of the LSP states when such an event occurs. Finally, when, in a redundant PCE scenario, there is a need to compute a set of paths that are part of a group (so there is a dependency between the paths), there may be some cases where the computation of all paths in the group is not handled by the same PCE: this situation is called a split-brain. This split-brain scenario may lead to computation loops between PCEs or suboptimal path computation. This document describes the procedures to allow a stateful communication between PCEs for various use-cases and also the procedures to prevent computations loops.Work in ProgressPCEP Extension for Stateful Inter-Domain TunnelsThis document proposes to combine a Backward Recursive or Hierarchical method in Stateful PCE with PCInitiate message to setup independent paths per domain, and combine these different paths together in order to operate them as end-to-end inter-domain paths without the need of signaling session between AS border routers. A new Stitching Label is defined, new Path Setup Types and a new Association Type are considered for that purpose.Work in ProgressAcknowledgments
Thanks to , , , , , , , , and
for their reviews and suggestions.
Thanks to for the RTGDIR
review, for the
GENART review, and
for the SECDIR review.
Thanks to , , , and for the IESG review.ContributorsECI TelecomIndiaavantika.srm@gmail.comHuawei TechnologiesBantian, Longgang DistrictShenzhenGuangdong518129Chinazhang.xian@huawei.comudayasreereddy@gmail.comTelefonica I+DDon Ramon de la Cruz 82-84Madrid28045Spain+34913128832oscar.gonzalezdedios@telefonica.comAuthors' AddressesHuawei TechnologiesDivyashree Techno Park, WhitefieldBangaloreKarnataka560066Indiadhruv.ietf@gmail.comSamsung Electronicsyounglee.tx@gmail.comEricssonTorshamnsgatan, 48StockholmSwedendaniele.ceccarelli@ericsson.comSK Telecom6 Hwangsaeul-ro, 258 beon-gilBundang-gu, Seongnam-si,Gyeonggi-do463-784Republic of Koreajongyoon.shin@sk.comLancaster UniversityUKd.king@lancaster.ac.uk