Path Computation Element (PCE) Communication
Protocol (PCEP) extension for associating Policies and Label Switched
Paths (LSPs)Cisco Systems, Inc.11 Rue Camille DesmoulinsIssy-les-Moulineaux92130Franceslitkows@cisco.comCiena385 Terry Fox DriveKanataOntarioK2K 0L1Canadamsiva282@gmail.comApstra, Inc.jefftant.ietf@gmail.comMetaswitch Networks100 Church StreetEnfieldMiddlesexUKJonathan.Hardwick@metaswitch.comHuawei TechnologiesHuawei Campus, No. 156 Beiqing Rd.Beijing100095Chinac.l@huawei.com
Routing
PCE Working GroupAssociation, PolicyThis document introduces a simple mechanism to associate policies to
a group of Label Switched Paths (LSPs) via an extension to the Path
Computation Element (PCE) Communication Protocol (PCEP). The extension
allows a PCEP speaker to advertise to a PCEP peer that a particular LSP
belongs to a particular Policy Association Group. describes the Path Computation Element
Communication Protocol (PCEP) which enables the communication between a
Path Computation Client (PCC) and a Path Control Element (PCE), or
between two PCEs based on the PCE architecture .
provides additional details on policy within
the PCE architecture and also provides context for the support of PCE
Policy.PCEP Extensions for Stateful PCE Model
describes a set of extensions to PCEP to enable active control of
Multiprotocol Label Switching Traffic Engineering (MPLS-TE) and
Generalized MPLS (GMPLS) tunnels. describes the
set-up and teardown of PCE-initiated LSPs under the active stateful PCE
model, without the need for local configuration on the PCC, thus
allowing for a dynamic network. Currently, the LSPs can either be
signaled via Resource Reservation Protocol Traffic Engineering (RSVP-TE)
or can be segment routed as specified in . introduces a generic mechanism to create a
grouping of LSPs which can then be used to define associations between a
set of LSPs and a set of attributes (such as configuration parameters or
behaviors) and is equally applicable to stateful PCE (active and passive
modes) and stateless PCE.This document specifies a PCEP extension to associate one or more
LSPs with policies using the generic association mechanism.A PCEP speaker may want to influence the PCEP peer with respect to
path selection and other policies. This document describes a PCEP
extension to associate policies by creating Policy Association Group
(PAG) and encoding this association in PCEP messages. The specification
is applicable to both stateful and stateless PCEP sessions.Note that the actual policy definition and the associated parameters
are out of scope of this document.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 when, and only
when, they appear in all capitals, as shown here.The following terminology is used in this document.As described in , the combination of the mandatory fields
Association type, Association ID and Association Source in the
ASSOCIATION object uniquely identify the association group. If the
optional TLVs - Global Association Source or Extended Association ID
are included, then they are included in combination with mandatory
fields to uniquely identify the association group.As described in , the ASSOCIATION object could include other
optional TLVs based on the association types, that provide
'information' related to the association.Label Switch Router.Multiprotocol Label Switching.Policy Association Group.Policy Association Type.Path Computation Client; any client application requesting a
path computation to be performed by a Path Computation Element.Path Computation Element; an entity (component,
application, or network node) that is capable of computing a network
path or route based on a network graph and applying computational
constraints.Path Computation Element Communication
Protocol.Paths computed using PCE can be subjected to various policies at both
the PCE and the PCC. For example, in a centralized traffic engineering
(TE) scenario, network operators may instantiate LSPs and specify
policies for traffic accounting, path monitoring, telemetry, etc., for
some LSPs via the Stateful PCE. Similarly, a PCC could request a user-specific
or service-specific policy to be applied at the PCE, such as constraints
relaxation policy to meet optimal QoS and resiliency.PCEP speaker can use the generic mechanism as per to associate a set of LSPs with a policy, without the
need to know the details of such a policy, which simplifies network
operations, avoids frequent software upgrades, as well as provides an
ability to introduce new policies faster.In the context of Policy-Enabled Path Computation Framework , path computation policies may be applied at either a PCC or a PCE or both.
Consider a Label Switch Router (LSR) with a policy
enabled PCC, it receives a service request via signaling, including
over a Network-Network Interface (NNI) or User-Network Interface (UNI)
reference point, or receives a configuration request over a management
interface to establish a service. The PCC may also apply user-specific or
service-specific policies to decide how the path selection process
should be constrained, that is, which constraints, diversities,
optimization criterion, and constraint relaxation strategies should be
applied in order for the service LSP(s) to have a likelihood to be
successfully established and provide necessary QoS and resilience
against network failures. The user-specific or service-specific policies
applied to PCC and are then passed to the PCE along with the Path
computation request, in the form of constraints .PCEP speaker can use the generic mechanism as per to associate a set of LSPs with policy and its
resulting path computation constraints. This would simplify the path
computation message exchanges in PCEP.As per , LSPs are associated with other LSPs
with which they interact by adding them to a common association group.
Grouping can also be used to define the association between LSPs and
policies associated to them. As described in ,
the association group is uniquely identified by the combination of the
following fields in the ASSOCIATION object: Association Type,
Association ID, Association Source, and (if present) Global Association
Source or Extended Association ID. This document defines a new
Association type, called "Policy Association", of value 3 (early-allocated by IANA), based on the
generic ASSOCIATION object. This new Association type is also called
"PAT", for "Policy Association Type". specifies the mechanism for the capability
advertisement of the Association types supported by a PCEP speaker by
defining a ASSOC-Type-List TLV to be carried within an OPEN object. This
capability exchange for the PAT MUST be done before using the
policy association. Thus the PCEP speaker MUST include the PAT in
the ASSOC-Type-List TLV and MUST receive the same from the PCEP peer
before using the Policy Association Group (PAG) in PCEP messages.This Association type is operator-configured
association in nature and created by the operator manually on the PCEP
peers. An LSP belonging to this association is conveyed via PCEP
messages to the PCEP peer. Operator-configured Association Range MUST
NOT be set for this association-type, and MUST be ignored, so that the
full range of association identifier can be utilized.A PAG can have one or more LSPs. The association parameters including
association identifier, Association type (PAT), as well as the
association source IP address is manually configured by the operator and
is used to identify the PAG as described in .
The Global Association Source and Extended Association ID MAY also be
included.As per the processing rules specified in section 6.4 of , if a PCEP speaker does not support this Policy
Association type, it would return a PCErr message with Error-Type 26
"Association Error" and Error-Value 1 "Association type is not
supported". Since the PAG is opaque in nature, the PAG and the policy
MUST be configured on the PCEP peers as per the operator-configured
association procedures. All further processing is as per section 6.4 of
. If a PCE speaker receives PAG in a PCEP
message, and the policy association information is not configured, it
MUST return a PCErr message with Error-Type 26 "Association Error" and
Error-Value 4 "Association unknown". Associating a particular LSP to multiple policy groups is authorized
from a protocol perspective, however, there is no assurance that the
PCEP speaker will be able to apply multiple policies. If a PCEP speaker
does not support handling of multiple policies for an LSP, it MUST NOT
add the LSP into the association group and MUST return a PCErr with
Error- Type 26 (Association Error) and Error-value 7 (Cannot join the
association group).Association groups and their memberships are defined using the
ASSOCIATION object defined in . Two object types
for IPv4 and IPv6 are defined. The ASSOCIATION object includes
"Association type" indicating the type of the association group. This
document add a new Association type (PAT).PAG may carry optional TLVs including but not limited to -POLICY-PARAMETERS-TLV: Used to communicate opaque information
useful to apply the policy, described in .VENDOR-INFORMATION-TLV: Used to communicate arbitrary vendor
specific behavioral information, described in .The POLICY-PARAMETERS-TLV is an optional TLV that can be carried in
ASSOCIATION object (for PAT) to carry opaque information needed to
apply the policy at the PCEP peer. In some cases to apply a PCE policy
successfully, it is required to also associate some policy parameters
that need to be evaluated. This TLV is used to carry those policy
parameters. The TLV could include one or more policy related
parameters. The encoding format and the order MUST be known to the
PCEP peers, this could be done during the configuration of the policy
(and its association parameters) for the PAG. The TLV format is as per
the format of the PCEP TLVs, as defined in ,
and shown in . Only one
POLICY-PARAMETERS-TLV can be carried and only the first occurrence is
processed and any others MUST be ignored.The type of the POLICY-PARAMETERS-TLV is 48 (early-allocated by IANA) and it has a variable
length. The Value field is variable and padded to a 4-byte alignment;
padding is not included in the Length field. The PCEP peer
implementation needs to be aware of the encoding format, order, and
meaning of the 'Policy Parameters' well in advance based on the
policy. Note that from the protocol point of view this data is opaque
and can be used to carry parameters in any format understood by the
PCEP peers and associated to the policy. The exact use of this TLV is
beyond the scope of this document. Examples are included for
illustration purposes in .If the PCEP peer is unaware of the policy parameters associated
with the policy and it receives the POLICY-PARAMETERS-TLV, it MUST
reject the PCEP message and send a PCErr message with Error-Type 26
"Association Error" and Error-Value TBD3 "Not expecting policy
parameters". Further, if one or more parameters in the
POLICY-PARAMETERS-TLV received by the PCEP speaker are considered as
unacceptable in the context of the associated policy (e.g. out of
range value, badly encoded value...), the PCEP speaker MUST reject the
PCEP message and send a PCErr message with Error-Type 26 "Association
Error" and Error-Value TBD4 "Unacceptable policy parameters".Note that, the vendor-specific behavioral information is encoded in
VENDOR-INFORMATION-TLV which can be used along with this TLV.[Note to the RFC Editor - remove this section before publication, as
well as remove the reference to RFC 7942.]This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in . The description of implementations in this section
is intended to assist the IETF in its decision processes in progressing
drafts to RFCs. Please note that the listing of any individual
implementation here does not imply endorsement by the IETF. Furthermore,
no effort has been spent to verify the information presented here that
was supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.According to , "this will allow reviewers and
working groups to assign due consideration to documents that have the
benefit of running code, which may serve as evidence of valuable
experimentation and feedback that have made the implemented protocols
more mature. It is up to the individual working groups to use this
information as they see fit".Organization: Cisco Systems, Inc.Implementation: IOS-XR PCE and PCC.Description: The PCEP extension specified in this document is
used to convey traffic steering policies.Maturity Level: In shipping product.Coverage: Partial.Contact: mkoldych@cisco.comThe security considerations described in ,
, , and apply to the
extensions described in this document as well. In particular,
a malicious PCEP speaker could be spoofed and used as an attack vector
by creating spurious policy associations as described in .
Further as described in , a spurious LSP can have policies that are inconsistent with those of the
legitimate LSPs of the group and thus cause problems in handling of the policy for the
legitimate LSPs. It should be noted that, Policy association could provide an adversary with the
opportunity to eavesdrop on the relationship between the LSPs. suggest that the implementations and operators to use indirect values as a way to hide any sensitive business
relationships. Thus, securing the PCEP session using Transport Layer Security (TLS)
, as per the recommendations and best current practices in
BCP 195 , is RECOMMENDED.Further, extra care needs to be taken by the implementation with respect to
POLICY-PARAMETERS-TLV while decoding, verifying, and applying these
policy variables. This TLV parsing could be exploited by an
attacker and thus extra care must be taken while configuring policy association that uses POLICY-PARAMETERS-TLV and making sure that the data is easy to parse and verify before use.This document defines a new Association type. The sub-registry
"ASSOCIATION Type Field" of the "Path Computation Element Protocol
(PCEP) Numbers" registry was originally defined in . IANA is requested to confirm the early-allocated
codepoint.The following TLV Type Indicator value is requested within the
"PCEP TLV Type Indicators" subregistry of the "Path Computation
Element Protocol (PCEP) Numbers" registry. IANA is requested to
confirm the early-allocated codepoint.This document defines new Error-Values for Error-type 26
"Association Error" defined in . IANA is
requested to allocate new error values within the "PCEP- ERROR Object
Error Types and Values" subregistry of the PCEP Numbers registry as
follows:An operator MUST be allowed to configure the policy associations at
PCEP peers and associate it with the LSPs. They MAY also allow
configuration to related policy parameters, in which case the operator
MUST also be allowed to set the encoding format and order to parse the
associated policy parameters TLV. describes the PCEP MIB, there are no new
MIB Objects for this document.The PCEP YANG module is defined in . This module supports associations
as defined in and thus supports the Policy
Association groups.An implementation SHOULD allow the operator to view the PAG
configured. Further implementation SHOULD allow to view associations
reported by each peer, and the current set of LSPs in the PAG.Mechanisms defined in this document do not imply any new liveness
detection and monitoring requirements in addition to those already
listed in , , and
.Mechanisms defined in this document do not imply any new operation
verification requirements in addition to those already listed in , , and .Mechanisms defined in this document do not imply any new
requirements on other protocols.Mechanisms defined in this document do not have any impact on
network operations in addition to those already listed in , , and .We would like to acknowledge and thank Santiago Alvarez, Zafar Ali, Luis Tomotaki, Victor Lopez, Rob Shakir, and Clarence Filsfils for working on earlier drafts with similar motivation.A special thanks to the authors of , this
document borrowed some of the text from it. The authors would like to
thank Aijun Wang, Peng Shuping, and Gyan Mishra for their useful
comments.Thanks to Hari for shepherding this document. Thanks to Deborah Brungard for providing comments and being the responsible AD for this document.Thanks to Nic Leymann for RTGDIR review.An example could be a monitoring and telemetry policy P1 that is
dependent on a profile (GOLD/SILVER/BRONZE) as set by the operator. The
PCEP peers need to be aware of the policy P1 (and its associated
characteristics) in advance as well the fact that the policy parameter
will encode the profile of type string in the POLICY-PARAMETERS-TLV. As
an example, LSP1 could encode the PAG with the POLICY-PARAMETERS-TLV
with a string "GOLD".Another example where the path computation at PCE could be dependent
on when the LSP was configured at the PCC. For such a policy P2, the
time-stamp can be encoded in the POLICY-PARAMETERS-TLV and the exact
encoding could be the 64-bit timestamp format as defined in .While the above example has a single field in the
POLICY-PARAMETERS-TLV, it is possible to include multiple fields, but
the exact order, encoding format and meanings need to be known in
advance at the PCEP peers.