Network Working Group F. Zhang Internet-Draft Q. Zhao Intended status: Experimental Huawei Expires: July, 2015 O. Gonzalez de Dios Telefonica I+D R. Casellas CTTC D. King Old Dog Consulting January 27, 2015 Extensions to Path Computation Element Communication Protocol (PCEP) for Hierarchical Path Computation Elements (PCE) draft-ietf-pce-hierarchy-extensions-02 Abstract The Hierarchical Path Computation Element (H-PCE) architecture, provides a mechanism to allow the optimum sequence of domains to be selected,and the optimum end-to-end path to be derived through the use of a hierarchical relationship between domains. This document defines the Path Computation Element Protocol (PCEP) extensions for the purpose of implementing Hierarchical PCE procedures which are described in the aforementioned document. These extensions are experimental and published for examination, discussion, implementation, and evaluation. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire in July, 2015. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the Zhang, et al. July, 2015 [Page 1] Internet-Draft PCEP Extensions for H-PCE January 2015 document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.3. Requirements Language . . . . . . . . . . . . . . . . . . 4 2. Requirements for H-PCE . . . . . . . . . . . . . . . . . . . . 4 2.1. PCEP Requests . . . . . . . . . . . . . . . . . . . . . . 4 2.1.1. Qualification of PCEP Requests . . . . . . . . . . . . 4 2.1.2. Multi-domain Objective Functions . . . . . . . . . . . 5 2.1.3. Multi-domain Metrics . . . . . . . . . . . . . . . . . 6 2.2. Parent PCE Capability Discovery . . . . . . . . . . . . . 6 2.3. PCE Domain and PCE ID Discovery . . . . . . . . . . . . . 6 3. PCEP Extensions (Encoding) . . . . . . . . . . . . . . . . . . 6 3.1. OPEN Object . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1. OF Codes . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.2. OPEN Object Flags . . . . . . . . . . . . . . . . . . 7 3.1.3. Domain-ID TLV . . . . . . . . . . . . . . . . . . . . 7 3.1.4. PCE-ID TLV . . . . . . . . . . . . . . . . . . . . . . 9 3.2. RP object . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2.1. RP Object Flags . . . . . . . . . . . . . . . . . . . 9 3.2.2. Domain-ID TLV . . . . . . . . . . . . . . . . . . . . 9 3.3. Metric Object . . . . . . . . . . . . . . . . . . . . . .10 3.4. PCEP-ERROR Object . . . . . . . . . . . . . . . . . . . .10 3.4.1. Hierarchy PCE Error-Type . . . . . . . . . . . . . . .10 3.5. NO-PATH Object . . . . . . . . . . . . . . . . . . . . . .10 4. H-PCE Procedures . . . . . . . . . . . . . . . . . . . . . . .10 4.1. OPEN Procedure between Child PCE and Parent PCE . . . . .10 4.2. Procedure to Obtain Domain Sequence . . . . . . . . . . .11 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . .11 6. Manageability Considerations . . . . . . . . . . . . . . . . .12 6.1. Control of Function and Policy . . . . . . . . . . . . . .12 6.1.1. Child PCE . . . . . . . . . . . . . . . . . . . . . .12 6.1.2. Parent PCE . . . . . . . . . . . . . . . . . . . . . .13 6.1.3. Policy Control . . . . . . . . . . . . . . . . . . . .13 6.2. Information and Data Models . . . . . . . . . . . . . . .13 6.3. Liveness Detection and Monitoring . . . . . . . . . . . .13 Zhang, et al. July, 2015 [Page 2] Internet-Draft PCEP Extensions for H-PCE January 2015 6.4. Verifying Correct Operation . . . . . . . . . . . . . . .13 6.5. Impact on Network Operation . . . . . . . . . . . . . . .14 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . .14 8. Security Considerations . . . . . . . . . . . . . . . . . . .14 9. Implementation Status . . . . . . . . . . . . . . . . . . . .15 10. Contributing Authors . . . . . . . . . . . . . . . . . . . .16 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .16 12. References . . . . . . . . . . . . . . . . . . . . . . . . . .17 12.1 Normative References . . . . . . . . . . . . . . . . . . . .17 12.2 Informative References . . . . . . . . . . . . . . . . . . .17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .18 1. Introduction [RFC6805] describes a Hierarchical PCE (H-PCE) architecture which can be used for computing end-to-end paths for inter-domain MPLS Traffic Engineering (TE) and GMPLS Label Switched Paths (LSPs). Within the hierarchical PCE architecture, the parent PCE is used to compute a multi-domain path based on the domain connectivity information. A child PCE may be responsible for a single domain or multiple domains, it is used to compute the intra-domain path based on its domain topology information. The H-PCE end-to-end domain path computation procedure is described below: o A path computation client (PCC) sends the inter-domain path computation requests to the child PCE responsible for its domain; o The child PCE forwards the request to the parent PCE; o The parent PCE computes the likely domain paths from the ingress domain to the egress domain; o The parent PCE sends the intra-domain path computation requests (between the domain border nodes) to the child PCEs which are responsible for the domains along the domain path; o The child PCEs return the intra-domain paths to the parent PCE; o The parent PCE constructs the end-to-end inter-domain path based on the intra-domain paths; o The parent PCE returns the inter-domain path to the child PCE; o The child PCE forwards the inter-domain path to the PCC. In addition, the parent PCE may be requested to provide only the sequence of domains to a child PCE so that alternative inter-domain Zhang, et al. July, 2015 [Page 3] Internet-Draft PCEP Extensions for H-PCE January 2015 path computation procedures, including Per Domain (PD) [RFC5152] and Backwards Recursive Path Computation (BRPC) [RFC5441] may be used. This document defines the PCEP extensions for the purpose of implementing Hierarchical PCE procedures, which are described in [RFC6805]. 1.1. Scope The following functions are out of scope of this document. o Finding end point addresses; o Parent Traffic Engineering Database (TED) methods; o Domain connectivity; The document also uses a number of [editor notes] to describe options and alternative solutions. These options and notes will be removed before publication once agreement is reached. 1.2. Terminology This document uses the terminology defined in [RFC4655], [RFC5440] and the additional terms defined in section 1.4 of [RFC6805]. 1.3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Requirements for H-PCE This section compiles the set of requirements of the PCEP protocol to support the H-PCE architecture and procedures. [RFC6805] identifies high-level requirements of PCEP extensions required to support the hierarchical PCE model. 2.1. PCEP Requests The PCReq messages are used by a PCC or PCE to make a path computation request to a PCE. In order to achieve the full functionality of the H-PCE procedures, the PCReq message needs to include: o Qualification of PCE Requests; Zhang, et al. July, 2015 [Page 4] Internet-Draft PCEP Extensions for H-PCE January 2015 o Multi-domain Objective Functions (OF); o Multi-domain Metrics. 2.1.1. Qualification of PCEP Requests As described in section 4.8.1 of [RFC6805], the H-PCE architecture introduces new request qualifications, which are: o It MUST be possible for a child PCE to indicate that a request it sends to a parent PCE should be satisfied by a domain sequence only, that is, not by a full end-to-end path. This allows the child PCE to initiate a per-domain (PD) [RFC5152] or a backward recursive path computation (BRPC) [RFC5441]. o As stated in [RFC6805], section 4.5, if a PCC knows the egress domain, it can supply this information as the path computation request. It SHOULD be possible to specify the destination domain information in a PCEP request, if it is known. 2.1.2. Multi-domain Objective Functions For inter-domain path computation, there are two new objective functions which are defined in section 1.3.1 and 4.1 of [RFC6805]: o Minimize the number of domains crossed. A domain can be either an Autonomous System (AS) or an Internal Gateway Protocol (IGP) area depending on the type of multi-domain network hierarchical PCE is applied to. o Disallow domain re-entry.[Editor's note: Disallow domain re-entry may not be an objective function, but an option in the request]. During the PCEP session establishment procedure, the parent PCE needs to be capable of indicating the Objective Functions (OF) capability in the Open message. This capability information may then be announced by child PCEs, and used for selecting the PCE when a PCC wants a path that satisfies one or multiple inter-domain objective functions. When a PCC requests a PCE to compute an inter-domain path, the PCC needs also to be capable of indicating the new objective functions for inter-domain path. Note that a given child PCE may also act as a parent PCE. For the reasons described previously, new OF codes need to be defined for the new inter-domain objective functions. Then the PCE can notify its new inter-domain objective functions to the PCC by carrying them in the OF-list TLV which is carried in the OPEN object. The PCC can specify which objective function code to use, which is Zhang, et al. July, 2015 [Page 5] Internet-Draft PCEP Extensions for H-PCE January 2015 carried in the OF object when requesting a PCE to compute an inter- domain path. The proposed solution may need to differentiate between the OF code that is requested at the parent level, and the OF code that is requested at the intra-domain (child domain). A parent PCE MUST be capable of ensuring homogeneity, across domains, when applying OF codes for strict OF intra-domain requests. 2.1.3. Multi-domain Metrics For inter-domain path computation, there are several path metrics of interest [Editor's note: Current framework only mentions metric objectives. The metric itself should be also defined]: o Domain count (number of domains crossed); o Border Node count. A PCC may be able to limit the number of domains crossed by applying a limit on these metrics. 2.2. Parent PCE Capability Discovery Parent and child PCE relationships are likely to be configured. However, as mentioned in [RFC6805], it would assist network operators if the child and parent PCE could indicate their H-PCE capabilities. During the PCEP session establishment procedure, the child PCE needs to be capable of indicating to the parent PCE whether it requests the parent PCE capability or not. Also, during the PCEP session establishment procedure, the parent PCE needs to be capable of indicating whether its parent capability can be provided or not. 2.3. PCE Domain and PCE ID Discovery A PCE domain is a single domain with an associated PCE. Although it is possible for a PCE to manage multiple domains. The PCE domain may be an IGP area or AS. The PCE ID is an IPv4 and/or IPv6 address that is used to reach the parent/child PCE. It is RECOMMENDED to use an address that is always reachable if there is any connectivity to the PCE. The PCE ID information and PCE domain identifiers may be provided during the PCEP session establishment procedure or the domain connectivity information collection procedure. Zhang, et al. July, 2015 [Page 6] Internet-Draft PCEP Extensions for H-PCE January 2015 3. PCEP Extensions (Encoding) 3.1. OPEN object 3.1.1. OF Codes This H-PCE experiment will be carried out using the following OF codes: o MTD * Name: Minimize the number of Transit Domains * Objective Function Code * Description: Find a path P such that it passes through the number of transit domains o MBN * Name: Minimize the number of border nodes. * Objective Function Code * Description: Find a path P such that it passes through the least number of border nodes o DDR * Name: Disallow Domain Re-entry (DDR) * Objective Function Code * Description: Find a path P such that does not entry a domain more than once 3.1.2. OPEN Object Flags This H-PCE experiment will also require two OPEN object flags: o Parent PCE Request bit (to be assigned by IANA, recommended bit 0): if set, it would signal that the child PCE wishes to use the peer PCE as a parent PCE. o Parent PCE Indication bit (to be assigned by IANA, recommended bit 1): if set, it would signal that the PCE can be used as a parent PCE by the peer PCE. 3.1.3. Domain-ID TLV The Domain-ID TLV for this H-PCE experiment is defined below: Zhang, et al. July, 2015 [Page 7] Internet-Draft PCEP Extensions for H-PCE January 2015 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Domain Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Domain ID | // // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: Domain-ID TLV Domain Type (8 bits): Indicates the domain type. Two types of domain are currently defined: o Type=1: the Domain ID field carries an IGP Area ID. o Type=2: the Domain ID field carries an AS number. Domain ID (variable): Indicates an IGP Area ID or AS number. It can be 2 bytes, 4 bytes or 8 bytes long depending on the domain identifier used. [Editor's note: draft-dhody-pce-pcep-domain-sequence, section 3.2 deals with the encoding of domain sequences, using ERO-subobjects. Work is ongoing to define domain identifiers for OSPF-TE areas, IS-IS area (which are variable sized), 2-byte and 4-byte AS number, and any other domain that may be defined in the future. It uses RSVP-TE subobject discriminators, rather than new type 1/ type 2. A domain sequence may be encoded as a route object. The "VALUE" part of the TLV could follow common RSVP-TE subobject format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| Type | Length | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AS Id (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| Type | Length | AS Id (2 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: Alternative Domain-ID TLV Zhang, et al. July, 2015 [Page 8] Internet-Draft PCEP Extensions for H-PCE January 2015 3.1.4. PCE-ID TLV The type of PCE-ID TLV for this H-PCE experiment is defined below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Address Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // PCE IP Address // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: PCE-ID TLV Address Type (16 bits): Indicates the address type of PCE IP Address. 1 means IPv4 address type, 2 means IPv6 address type. PCE IP Address: Indicates the reachable address of a PCE. [Editor's note: [RFC5886] already defines the PCE-ID object. If a semantically equivalent PCE-ID TLV is needed (to avoid modifying message grammars to include the object), it can align with the PCEP object: in any case, the length (4 / 16 bytes) can be used to know whether it is an IPv4 or an IPv6 PCE, the address type is not needed.] 3.2. RP object 3.2.1. RP Object Flags The following RP object flags are defined for this H-PCE experiment: o Domain Path Request bit: if set, it means the child PCE wishes to get the domain sequence; o Destination Domain Query bit: if set, it means the parent PCE wishes to get the destination domain ID. 3.2.2. Domain-ID TLV The format of this TLV is defined in Section 3.1.3. This TLV can be carried in an OPEN object to indicate a (list of) managed domains, or carried in a RP object to indicate the destination domain ID when a child PCE responds to the parent PCE's destination domain query by a PCRep message. [Editors note. In some cases, the Parent PCE may need to allocate a node which is not necessarily the destination node.] Zhang, et al. July, 2015 [Page 9] Internet-Draft PCEP Extensions for H-PCE January 2015 3.3. Metric Object There are two new metrics defined in this document for H-PCE: o Domain count (number of domains crossed); o Border Node Count (number of border nodes crossed). 3.4. PCEP-ERROR object 3.4.1. Hierarchy PCE Error-Type A new PCEP Error-Type is used for this H-PCE experiment and is defined below: +------------+------------------------------------------------------+ | Error-Type | Meaning | +------------+------------------------------------------------------+ | 19 | H-PCE error Error-value=1: parent PCE capability | | | cannot be provided | +------------+------------------------------------------------------+ H-PCE error table 3.5. NO-PATH Object To communicate the reason(s) for not being able to find a multi- domain path or domain sequence, the NO-PATH object can be used in the PCRep message. [RFC5440] defines the format of the NO-PATH object. The object may contain a NO-PATH-VECTOR TLV to provide additional information about why a (domain) path computation has failed. Three new bit flags are defined to be carried in the Flags field in the NO-PATH-VECTOR TLV carried in the NO-PATH Object. o Bit 23: When set, the parent PCE indicates that destination domain unknown; o Bit 22: When set, the parent PCE indicates unresponsive child PCE(s); o Bit 21: When set, the parent PCE indicates no available resource available in one or more domain(s). 4. H-PCE Procedures 4.1. OPEN Procedure between Child PCE and Parent PCE Zhang, et al. July, 2015 [Page 10] Internet-Draft PCEP Extensions for H-PCE January 2015 If a child PCE wants to use the peer PCE as a parent, it can set the parent PCE request bit in the OPEN object carried in the Open message during the PCEP session creation procedure. If the peer PCE does not want to provide the parent function to the child PCE, it must send a PCErr message to the child PCE and clear the parent PCE indication bit in the OPEN object. If the parent PCE can provide the parent function to the peer PCE, it may set the parent PCE indication bit in the OPEN object carried in the Open message during the PCEP session creation procedure. The PCE may also report its PCE ID and list of domain ID to the peer PCE by specifying them in the PCE-ID TLV and List of Domain-ID TLVs in the OPEN object carried in the Open message during the PCEP session creation procedure. The OF codes defined in this document can be carried in the OF-list TLV of the OPEN object. If the OF-list TLV carries the OF codes, it means that the PCE is capable of implementing the corresponding objective functions. This information can be used for selecting a proper parent PCE when a child PCE wants to get a path that satisfies a certain objective function. When a specific child PCE sends a PCReq to a peer PCE that requires parental activity and the peer PCE does not want to act as the parent for it, the peer PCE should send a PCErr message to the child PCE and specify the error-type (IANA) and error-value (1) in the PCEP-ERROR object. 4.2. Procedure to obtain Domain Sequence If a child PCE only wants to get the domain sequence for a multi- domain path computation from a parent PCE, it can set the Domain Path Request bit in the RP object carried in a PCReq message. The parent PCE which receives the PCReq message tries to compute a domain sequence for it. If the domain path computation succeeds the parent PCE sends a PCRep message which carries the domain sequence in the ERO to the child PCE. The domain sequence is specified as AS or AREA ERO sub-objects (type 32 for AS [RFC3209] or a to-be-defined IGP area type). Otherwise it sends a PCReq message which carries the NO-PATH object to the child PCE. 5. Error Handling A PCE that is capable of acting as a parent PCE might not be configured or willing to act as the parent for a specific child PCE. This fact could be determined when the child sends a PCReq that requires parental activity (such as querying other child PCEs), and Zhang, et al. July, 2015 [Page 11] Internet-Draft PCEP Extensions for H-PCE January 2015 could result in a negative response in a PCEP Error (PCErr) message and indicate the hierarchy PCE error types. Additionally, the parent PCE may fail to find the multi-domain path or domain sequence due to one or more of the following reasons: o A child PCE cannot find a suitable path to the egress; o The parent PCE do not hear from a child PCE for a specified time; o The objective functions specified in the path request cannot be met. In this case, the parent PCE MAY need to send a negative path computation reply specifying the reason. This can be achieved by including NO-PATH object in the PCRep message. Extension to NO-PATH object is needed to include the aforementioned reasons. 6. Manageability Considerations General PCE and PCEP management considerations are discussed in [RFC4655] and [RFC5440]. There are additional management considerations for H-PCE which are described in [RFC6805], and repeated in this section. The administrative entity responsible for the management of the parent PCEs must be determined for the following cases: o multi-domains (e.g., IGP areas or multiple ASes) within a single service provider network, the management responsibility for the parent PCE would most likely be handled by the service provider, o multiple ASes within different service provider networks, it may be necessary for a third party to manage the parent PCEs according to commercial and policy agreements from each of the participating service providers. [To be discussed further.] 6.1. Control of Function and Policy [To be discussed further.] 6.1.1. Child PCE Support of the hierarchical procedure will be controlled by the management organization responsible for each child PCE. A child PCE must be configured with the address of its parent PCE in order for it to interact with its parent PCE. The child PCE must also be authorized to peer with the parent PCE. Zhang, et al. July, 2015 [Page 12] Internet-Draft PCEP Extensions for H-PCE January 2015 6.1.2. Parent PCE The parent PCE must only accept path computation requests from authorized child PCEs. If a parent PCE receives requests from an unauthorized child PCE, the request should be dropped. This means that a parent PCE must be configured with the identities and security credentials of all of its child PCEs, or there must be some form of shared secret that allows an unknown child PCE to be authorized by the parent PCE. 6.1.3. Policy Control It may be necessary to maintain a policy module on the parent PCE [RFC5394]. This would allow the parent PCE to apply commercially relevant constraints such as SLAs, security, peering preferences, and monetary costs. It may also be necessary for the parent PCE to limit end-to-end path selection by including or excluding specific domains based on commercial relationships, security implications, and reliability. 6.2. Information and Data Models A PCEP MIB module is defined in [RFC7420] that describes managed objects for modeling of PCEP communication. A H-PCE MIB module, or additional data model will be required to report parent PCE and child PCE information, including: o parent PCE configuration and status, o child PCE configuration and information, o notifications to indicate session changes between parent PCEs and child PCEs, and o notification of parent PCE TED updates and changes. 6.3. Liveness Detection and Monitoring The hierarchical procedure requires interaction with multiple PCEs. Once a child PCE requests an end-to-end path, a sequence of events occurs that requires interaction between the parent PCE and each child PCE. If a child PCE is not operational, and an alternate transit domain is not available, then a failure must be reported. 6.4. Verifying Correct Operation Verifying the correct operation of a parent PCE can be performed by monitoring a set of parameters. The parent PCE implementation should provide the following parameters monitored by the parent PCE: Zhang, et al. July, 2015 [Page 13] Internet-Draft PCEP Extensions for H-PCE January 2015 o number of child PCE requests, o number of successful hierarchical PCE procedures completions on a per-PCE-peer basis, o number of hierarchical PCE procedure completion failures on a per- PCE-peer basis, and o number of hierarchical PCE procedure requests from unauthorized child PCEs. 6.5. Impact on Network Operation The hierarchical PCE procedure is a multiple-PCE path computation scheme. Subsequent requests to and from the child and parent PCEs do not differ from other path computation requests and should not have any significant impact on network operations. 7. IANA Considerations Due to the experimental nature of this draft no IANA requests are made. 8. Security Considerations The hierarchical PCE procedure relies on PCEP and inherits the security requirements defined in [RFC5440]. As PCEP operates over TCP, it may also make use of TCP security mechanisms, including Transport Layer Security (TLS). H-PCE operation also relies on information used to build the TED. Attacks on a parent or child PCE may be achieved by falsifying or impeding this flow of information. If the child PCE listens to the IGP for populating the TED, then normal IGP security measures may be applied, and it should be noted that an IGP routing system is generally assumed to be a trusted domain such that router subversion is not a risk. The parent PCE TED is constructed as described in this document and may involve: o multiple parent-child relationships using PCEP o the parent PCE listening to child domain IGPs (with the same security features as a child PCE listening to its IGP) o an external mechanism (such as [BGP-LS]), which will need to be authorized and secured. Zhang, et al. July, 2015 [Page 14] Internet-Draft PCEP Extensions for H-PCE January 2015 Any multi-domain operation necessarily involves the exchange of information across domain boundaries. This is bound to represent a significant security and confidentiality risk especially when the child domains are controlled by different commercial concerns. PCEP allows individual PCEs to maintain confidentiality of their domain path information using path-keys [RFC5520], and the H-PCE architecture is specifically designed to enable as much isolation of domain topology and capabilities information as is possible. For further considerations of the security issues related to inter-AS path computation, see [RFC5376]. [To be discussed further.] 9. Implementation Status The H-PCE architecture and protocol procedures describe in this I-D were implemented and tested for a variety of optical research applications. This work was led by: o Ramon Casellas o Centre Tecnologic de Telecomunicacions de Catalunya (CTTC) The H-PCE instances (parent and child) were multi-threaded asynchronous processes. Implemented in C++11, using C++ Boost Libraries. The targeted system used to deploy and run H-PCE applications was a POSIX system (Debian GNU/Linux operating system). Some parts of the software may require a Linux Kernel, the availability of a Routing Controller running collocated in the same host and the usage of libnetfilter / libipq and GNU/Linux firewalling capabilities. Most of the functionality, including algorithms is done by means of plugins (e.g., as shared libraries or .so files in Unix systems). The CTTC PCE supports the H-PCE architecture, but also supports stateful PCE with active capabilities, as an OpenFlow controller, and has dedicated plugins to support monitoring, BRPC, P2MP, path keys, back end PCEs. Management of the H-PCE entities was supported via HTTP and CLI via Telnet. Further details of the H-PCE prototyping and experimentation can be found in the following scientific papers: R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. Morita, "Inter-layer traffic engineering with hierarchical-PCE in Zhang, et al. July, 2015 [Page 15] Internet-Draft PCEP Extensions for H-PCE January 2015 MPLS-TP over wavelength switched optical networks" , Optics Express, Vol. 20, No. 28, December 2012. R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. Morita, M. Msurusawa, "Dynamic virtual link mesh topology aggregation in multi-domain translucent WSON with hierarchical-PCE", Optics Express Journal, Vol. 19, No. 26, December 2011. R. Casellas, R. Munoz, R. Martinez, R. Vilalta, L. Liu, T. Tsuritani, I. Morita, V. Lopez, O. Gonzalez de Dios, J. P. Fernandez-Palacios, "SDN based Provisioning Orchestration of OpenFlow/GMPLS Flexi-grid Networks with a Stateful Hierarchical PCE", in Proceedings of Optical Fiber Communication Conference and Exposition (OFC), 9-13 March, 2014, San Francisco (EEUU). Extended Version to appear in Journal Of Optical Communications and Networking January 2015 F. Paolucci, O. Gonzalez de Dios, R. Casellas, S. Duhovnikov, P. Castoldi, R. Munoz, R. Martinez, "Experimenting Hierarchical PCE Architecture in a Distributed Multi-Platform Control Plane Testbed" , in Proceedings of Optical Fiber Communication Conference and Exposition (OFC) and The National Fiber Optic Engineers Conference (NFOEC), 4-8 March, 2012, Los Angeles, California (USA). R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. Morita, M. Tsurusawa, "Dynamic Virtual Link Mesh Topology Aggregation in Multi-Domain Translucent WSON with Hierarchical-PCE", in Proceedings of 37th European Conference and Exhibition on Optical Communication (ECOC 2011), 18-22 September 2011, Geneve ( Switzerland). R. Casellas, R. Munoz, R. Martinez, "Lab Trial of Multi-Domain Path Computation in GMPLS Controlled WSON Using a Hierarchical PCE", in Proceedings of OFC/NFOEC Conference (OFC2011), 10 March 2011, Los Angeles (USA). [Note to the RFC Editor - This section is intended to be removed before publication.] 10. Contributing Authors Xian Zhang Huawei zhang.xian@huawei.com 11. Acknowledgments The Internet-Draft and implementation has been partially funded by the European Commission under the project Industry-Driven Elastic and Zhang, et al. July, 2015 [Page 16] Internet-Draft PCEP Extensions for H-PCE January 2015 Adaptive Lambda Infrastructure for Service and Transport Networks (IDEALIST) of the Seventh Framework Program, with Grant Agreement Number: 317999. 12. References 12.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP Tunnels", RFC 3209, December 2001. [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation Element (PCE)-Based Architecture", RFC 4655, August 2006. [RFC5152] Vasseur, JP., Ayyangar, A., and R. Zhang, "A Per-Domain Path Computation Method for Establishing Inter-Domain Traffic Engineering (TE) Label Switched Paths (LSPs)", RFC 5152, February 2008. [RFC5440] Vasseur, JP. and JL. Le Roux, "Path Computation Element (PCE) Communication Protocol (PCEP)", RFC 5440, March 2009. [RFC5441] Vasseur, JP., Zhang, R., Bitar, N., and JL. Le Roux, "A Backward-Recursive PCE-Based Computation (BRPC) Procedure to Compute Shortest Constrained Inter-Domain Traffic Engineering Label Switched Paths", RFC 5441, April 2009. [RFC5886] Vasseur, JP., Le Roux, JL., and Y. Ikejiri, "A Set of Monitoring Tools for Path Computation Element (PCE)-Based Architecture", RFC 5886, June 2010. [RFC6805] King, D. and A. Farrel, "The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS and GMPLS", RFC 6805, November 2012. 12.2 Informative References [RFC5376] Bitar, N., Zhang, R., and K. Kumaki, "Inter-AS Requirements for the Path Computation Element Communication Protocol (PCECP)", RFC 5376, November 2008. Zhang, et al. July, 2015 [Page 17] Internet-Draft PCEP Extensions for H-PCE January 2015 [RFC5394] Bryskin, I., Papadimitriou, D., Berger, L., and J. Ash, "Policy-Enabled Path Computation Framework", RFC 5394, December 2008. [RFC5520] Bradford, R., Ed., Vasseur, JP., and A. Farrel, "Preserving Topology Confidentiality in Inter-Domain Path Computation Using a Path-Key-Based Mechanism", RFC 5520, April 2009. [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., Hardwick, J., "Path Computation Element Communication Protocol (PCEP) Management Information Base (MIB) Module", RFC 7420, December 2014. [BGP-LS] Gredler, H., Medved, J., Previdi, S., Farrel, A., and S. Ray, "North-Bound Distribution of Link-State and TE Information using BGP", Work in Progress, January 2015. Authors' Addresses Fatai Zhang Huawei Huawei Base, Bantian, Longgang District Shenzhen, 518129 China Phone: +86-755-28972912 Email: zhangfatai@huawei.com Quintin Zhao Huawei 125 Nagog Technology Park Acton, MA 01719 US Phone: Email: qzhao@huawei.com Oscar Gonzalez de Dios Telefonica I+D Don Ramon de la Cruz 82-84 Madrid, 28045 Spain Phone: +34913128832 Email: ogondio@tid.es Zhang, et al. July, 2015 [Page 18] Internet-Draft PCEP Extensions for H-PCE January 2015 Ramon Casellas CTTC Av. Carl Friedrich Gauss n.7 Castelldefels, Barcelona Spain Phone: +34 93 645 29 00 Email: ramon.casellas@cttc.es Daniel King Old Dog Consulting UK Phone: Email: daniel@olddog.co.uk Zhang, et al. July, 2015 [Page 19] Internet-Draft PCEP Extensions for H-PCE January 2015