idnits 2.17.1 draft-ietf-pce-binding-label-sid-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 15, 2021) is 922 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 7525 (Obsoleted by RFC 9325) == Outdated reference: A later version (-25) exists of draft-ietf-pce-segment-routing-ipv6-09 == Outdated reference: A later version (-22) exists of draft-ietf-spring-segment-routing-policy-13 == Outdated reference: A later version (-23) exists of draft-ietf-pce-pcep-yang-16 Summary: 1 error (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PCE Working Group S. Sivabalan 3 Internet-Draft Ciena Corporation 4 Intended status: Standards Track C. Filsfils 5 Expires: April 18, 2022 Cisco Systems, Inc. 6 J. Tantsura 7 Microsoft Corporation 8 S. Previdi 9 C. Li, Ed. 10 Huawei Technologies 11 October 15, 2021 13 Carrying Binding Label/Segment Identifier in PCE-based Networks. 14 draft-ietf-pce-binding-label-sid-11 16 Abstract 18 In order to provide greater scalability, network confidentiality, and 19 service independence, Segment Routing (SR) utilizes a Binding Segment 20 Identifier (BSID). It is possible to associate a BSID to an RSVP-TE- 21 signaled Traffic Engineering Label Switched Path or an SR Traffic 22 Engineering path. The BSID can be used by an upstream node for 23 steering traffic into the appropriate TE path to enforce SR policies. 24 This document specifies the binding value as an MPLS label or Segment 25 Identifier. It further specifies an approach for reporting binding 26 label/Segment Identifier (SID) by a Path Computation Client (PCC) to 27 the Path Computation Element (PCE) to support PCE-based Traffic 28 Engineering policies. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on April 18, 2022. 47 Copyright Notice 49 Copyright (c) 2021 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 65 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 66 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 4. Path Binding TLV . . . . . . . . . . . . . . . . . . . . . . 5 68 4.1. SRv6 Endpoint Behavior and SID Structure . . . . . . . . 7 69 5. Operation . . . . . . . . . . . . . . . . . . . . . . . . . . 8 70 6. Binding SID in SR-ERO . . . . . . . . . . . . . . . . . . . . 10 71 7. Binding SID in SRv6-ERO . . . . . . . . . . . . . . . . . . . 11 72 8. PCE Allocation of Binding label/SID . . . . . . . . . . . . . 11 73 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 12 74 9.1. Huawei . . . . . . . . . . . . . . . . . . . . . . . . . 13 75 9.2. Cisco . . . . . . . . . . . . . . . . . . . . . . . . . . 13 76 10. Security Considerations . . . . . . . . . . . . . . . . . . . 14 77 11. Manageability Considerations . . . . . . . . . . . . . . . . 14 78 11.1. Control of Function and Policy . . . . . . . . . . . . . 14 79 11.2. Information and Data Models . . . . . . . . . . . . . . 14 80 11.3. Liveness Detection and Monitoring . . . . . . . . . . . 15 81 11.4. Verify Correct Operations . . . . . . . . . . . . . . . 15 82 11.5. Requirements On Other Protocols . . . . . . . . . . . . 15 83 11.6. Impact On Network Operations . . . . . . . . . . . . . . 15 84 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 85 12.1. PCEP TLV Type Indicators . . . . . . . . . . . . . . . . 15 86 12.1.1. TE-PATH-BINDING TLV . . . . . . . . . . . . . . . . 15 87 12.2. LSP Object . . . . . . . . . . . . . . . . . . . . . . . 16 88 12.3. PCEP Error Type and Value . . . . . . . . . . . . . . . 16 89 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 90 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 91 14.1. Normative References . . . . . . . . . . . . . . . . . . 17 92 14.2. Informative References . . . . . . . . . . . . . . . . . 19 93 Appendix A. Contributor Addresses . . . . . . . . . . . . . . . 21 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 96 1. Introduction 98 A Path Computation Element (PCE) can compute Traffic Engineering 99 paths (TE paths) through a network where those paths are subject to 100 various constraints. Currently, TE paths are set up using either the 101 RSVP-TE signaling protocol or Segment Routing (SR). We refer to such 102 paths as RSVP-TE paths and SR-TE paths respectively in this document. 104 As per [RFC8402] SR allows a head-end node to steer a packet flow 105 along any path. The head-end node is said to steer a flow into a 106 Segment Routing Policy (SR Policy). Further, as per 107 [I-D.ietf-spring-segment-routing-policy], an SR Policy is a framework 108 that enables the instantiation of an ordered list of segments on a 109 node for implementing a source routing policy with a specific intent 110 for traffic steering from that node. 112 As described in [RFC8402], a Binding Segment Identifier (BSID) is 113 bound to a Segment Routing (SR) Policy, instantiation of which may 114 involve a list of Segment Identifiers (SIDs). Any packets received 115 with an active segment equal to a BSID are steered onto the bound SR 116 Policy. A BSID may be either a local (SR Local Block (SRLB)) or a 117 global (SR Global Block (SRGB)) SID. As per Section 6.4 of 118 [I-D.ietf-spring-segment-routing-policy] a BSID can also be 119 associated with any type of interface or tunnel to enable the use of 120 a non-SR interface or tunnel as a segment in a SID list. In this 121 document, binding label/SID is used to generalize the allocation of 122 binding value for both SR and non-SR paths. 124 [RFC5440] describes the PCE communication Protocol(PCEP) for 125 communication between a Path Computation Client (PCC) and a PCE or 126 between a pair of PCEs as per [RFC4655]. [RFC8231] specifies 127 extensions to PCEP that allow a PCC to delegate its Label Switched 128 Paths (LSPs) to a stateful PCE. A stateful PCE can then update the 129 state of LSPs delegated to it. [RFC8281] specifies a mechanism 130 allowing a PCE to dynamically instantiate an LSP on a PCC by sending 131 the path and characteristics. 133 [RFC8664] provides a mechanism for a PCE (acting as a network 134 controller) to instantiate SR-TE paths (candidate paths) for an SR 135 Policy onto a head-end node (acting as a PCC) using PCEP. For more 136 information on the SR Policy Architecture, see 137 [I-D.ietf-spring-segment-routing-policy]. 139 A binding label/SID has local significance to the ingress node of the 140 corresponding TE path. When a stateful PCE is deployed for setting 141 up TE paths, it may be desirable for a PCC to report the binding 142 label/SID to the stateful PCE for the purpose of enforcing end-to-end 143 TE/SR policy. A sample Data Center (DC) use-case is illustrated in 144 Figure 1. In the MPLS DC network, an SR LSP (without traffic 145 engineering) is established using a prefix SID advertised by BGP (see 146 [RFC8669]). In the IP/MPLS WAN, an SR-TE LSP is set up using the 147 PCE. The list of SIDs of the SR-TE LSP is {A, B, C, D}. The gateway 148 node 1 (which is the PCC) allocates a binding SID X and reports it to 149 the PCE. In order for the access node to steer the traffic over the 150 SR-TE LSP, the PCE passes the SID stack {Y, X} where Y is the prefix 151 SID of the gateway node-1 to the access node. In the absence of the 152 binding SID X, the PCE would pass the SID stack {Y, A, B, C, D} to 153 the access node. This example also illustrates the additional 154 benefit of using the binding label/SID to reduce the number of SIDs 155 imposed by the access nodes with a limited forwarding capacity. 157 SID stack 158 {Y, X} +-----+ 159 _ _ _ _ _ _ _ _ _ _ _ _ _ _| PCE | 160 | +-----+ 161 | ^ 162 | | Binding 163 | .-----. | SID (X) .-----. 164 | ( ) | ( ) 165 V .--( )--. | .--( )--. 166 +------+ ( ) +-------+ ( ) +-------+ 167 |Access|_( MPLS DC Network )_|Gateway|_( IP/MPLS WAN )_|Gateway| 168 | Node | ( ==============> ) |Node-1 | ( ================> ) |Node-2 | 169 +------+ ( SR path ) +-------+ ( SR-TE path ) +-------+ 170 '--( )--' Prefix '--( )--' 171 ( ) SID of ( ) 172 '-----' Node-1 '-----' 173 is Y SIDs for SR-TE LSP: 174 {A, B, C, D} 176 Figure 1: A Sample Use-case of Binding SID 178 A PCC could report to the stateful PCE the binding label/SID it 179 allocated via a Path Computation LSP State Report (PCRpt) message. 180 It is also possible for a stateful PCE to request a PCC to allocate a 181 specific binding label/SID by sending a Path Computation LSP Update 182 Request (PCUpd) message. If the PCC can successfully allocate the 183 specified binding value, it reports the binding value to the PCE. 184 Otherwise, the PCC sends an error message to the PCE indicating the 185 cause of the failure. A local policy or configuration at the PCC 186 SHOULD dictate if the binding label/SID needs to be assigned. 188 In this document, we introduce a new OPTIONAL TLV that a PCC can use 189 in order to report the binding label/SID associated with a TE LSP, or 190 a PCE to request a PCC to allocate a specific binding label/SID 191 value. This TLV is intended for TE LSPs established using RSVP-TE, 192 SR, or any other future method. Also, in the case of SR-TE LSPs, the 193 TLV can carry a binding label (for SR-TE path with MPLS data-plane) 194 or a binding IPv6 SID (e.g., IPv6 address for SR-TE paths with IPv6 195 data-plane). Throughout this document, the term "binding value" 196 means either an MPLS label or a SID. 198 Additionally, to support the PCE-based central controller [RFC8283] 199 operation where the PCE would take responsibility for managing some 200 part of the MPLS label space for each of the routers that it 201 controls, the PCE could directly make the binding label/SID 202 allocation and inform the PCC. See Section 8 for details. 204 2. Requirements Language 206 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 207 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 208 "OPTIONAL" in this document are to be interpreted as described in BCP 209 14 [RFC2119] [RFC8174] when, and only when, they appear in all 210 capitals, as shown here. 212 3. Terminology 214 The following terminologies are used in this document: 216 BSID: Binding Segment Identifier. 218 LSP: Label Switched Path. 220 PCC: Path Computation Client. 222 PCEP: Path Computation Element communication Protocol. 224 RSVP-TE: Resource ReserVation Protocol-Traffic Engineering. 226 SID: Segment Identifier. 228 SR: Segment Routing. 230 4. Path Binding TLV 232 The new optional TLV called "TE-PATH-BINDING TLV" (whose format is 233 shown in Figure 2) is defined to carry the binding label/SID for a TE 234 path. This TLV is associated with the LSP object specified in 235 [RFC8231]. This TLV can also be carried in the PCEP-ERROR object 237 [RFC5440] in case of error. Multiple instances of TE-PATH-BINDING 238 TLVs MAY be present in the LSP and PCEP-ERROR object. The type of 239 this TLV is 55 (early allocated by IANA). The length is variable. 241 [Note to RFC Editor: Please remove "(early allocated by IANA)" before 242 publication] 244 0 1 2 3 245 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 | Type = 55 | Length | 248 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 249 | BT | Flags | Reserved | 250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 ~ Binding Value (variable length) ~ 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 Figure 2: TE-PATH-BINDING TLV 256 TE-PATH-BINDING TLV is a generic TLV such that it is able to carry 257 binding label/SID (i.e. MPLS label or SRv6 SID). It is formatted 258 according to the rules specified in [RFC5440]. The value portion of 259 the TLV comprises: 261 Binding Type (BT): A one-octet field that identifies the type of 262 binding included in the TLV. This document specifies the following 263 BT values: 265 o BT = 0: The binding value is a 20-bit MPLS label value. The TLV 266 is padded to 4-bytes alignment. The Length MUST be set to 7 (the 267 padding is not included in the length, as per [RFC5440] 268 Section 7.1) and the first 20 bits are used to encode the MPLS 269 label value. 271 o BT = 1: The binding value is a 32-bit MPLS label stack entry as 272 per [RFC3032] with Label, TC [RFC5462], S, and TTL values encoded. 273 Note that the receiver MAY choose to override TC, S, and TTL 274 values according to its local policy. The Length MUST be set to 275 8. 277 o BT = 2: The binding value is an SRv6 SID with the format of a 278 16-octet IPv6 address, representing the binding SID for SRv6. The 279 Length MUST be set to 20. 281 o BT = 3: The binding value is a 24 octet field, defined in 282 Section 4.1, that contains the SRv6 SID as well as its Behavior 283 and Structure. The Length MUST be set to 28. 285 Section 12.1.1 defines the IANA registry used to maintain all these 286 binding types as well as any future ones. Note that multiple TE- 287 PATH-BINDING TLVs with different Binding Types MAY be present for the 288 same LSP. 290 Flags: 1 octet of flags. The following flag is defined in the new 291 registry "TE-PATH-BINDING TLV Flag field" as described in 292 Section 12.1.1: 294 0 1 2 3 4 5 6 7 295 +-+-+-+-+-+-+-+-+ 296 |R| | 297 +-+-+-+-+-+-+-+-+ 299 Figure 3: Flags 301 where: 303 o R (Removal - 1 bit): When set, the requesting PCEP peer requires 304 the removal of the binding value for the LSP. When unset, the 305 PCEP peer indicates that the binding value is added or retained 306 for the LSP. This flag is used in the PCRpt and PCUpd messages. 307 It is ignored in other PCEP messages. 309 o The unassigned flags MUST be set to 0 while sending and ignored on 310 receipt. 312 Reserved: MUST be set to 0 while sending and ignored on receipt. 314 Binding Value: A variable-length field, padded with trailing zeros to 315 a 4-octet boundary. When the BT is 0, the 20 bits represent the MPLS 316 label. When the BT is 1, the 32 bits represent the MPLS label stack 317 entry as per [RFC3032]. When the BT is 2, the 128 bits represent the 318 SRv6 SID. When the BT is 3, the Binding Value also contains the SRv6 319 Endpoint Behavior and SID Structure, defined in Section 4.1. 321 4.1. SRv6 Endpoint Behavior and SID Structure 323 This section specifies the format of the Binding Value in the TE- 324 PATH-BINDING TLV when the BT is set to 3 for the SRv6 Binding SIDs 325 [RFC8986]. The format is shown in Figure 4. 327 0 1 2 3 328 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 329 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 330 | SRv6 Binding SID (16 octets) | 331 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 332 | Reserved | Endpoint Behavior | 333 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 334 | LB Length | LN Length | Fun. Length | Arg. Length | 335 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 337 Figure 4: SRv6 Endpoint Behavior and SID Structure 339 The Binding Value consists of: 341 o SRv6 Binding SID: 16 octets. The 128-bit IPv6 address, 342 representing the binding SID for SRv6. 344 o Reserved: 2 octets. It MUST be set to 0 on transmit and ignored 345 on receipt. 347 o Endpoint Behavior: 2 octets. The Endpoint Behavior code point for 348 this SRv6 SID as per the IANA subregistry called "SRv6 Endpoint 349 Behaviors", created by [RFC8986]. When the field is set with the 350 value 0, the endpoint behavior is considered unknown. 352 o The following fields are used to advertise the length of each 353 individual part of the SRv6 SID as defined in [RFC8986]: 355 * LB Length: 1 octet. SRv6 SID Locator Block length in bits. 357 * LN Length: 1 octet. SRv6 SID Locator Node length in bits. 359 * Function Length: 1 octet. SRv6 SID Function length in bits. 361 * Argument Length: 1 octet. SRv6 SID Arguments length in bits. 363 5. Operation 365 The binding value is allocated by the PCC and reported to a PCE via a 366 PCRpt message. If a PCE does not recognize the TE-PATH-BINDING TLV, 367 it would ignore the TLV in accordance with [RFC5440]. If a PCE 368 recognizes the TLV but does not support the TLV, it MUST send a PCErr 369 with Error-Type = 2 (Capability not supported). 371 Multiple TE-PATH-BINDING TLVs are allowed to be present in the same 372 LSP object. This signifies the presence of multiple binding SIDs for 373 the given LSP. In the case of multiple TE-PATH-BINDING TLVs, the 374 existing instances of TE-PATH-BINDING TLVs MAY be included in the LSP 375 object. In case of an error condition, the whole message is rejected 376 and the resulting PCErr message MAY include the offending TE-PATH- 377 BINDING TLV in the PCEP-ERROR object. 379 If a PCE recognizes an invalid binding value (e.g., label value from 380 the reserved MPLS label space), it MUST send a PCErr message with 381 Error-Type = 10 ("Reception of an invalid object") and Error Value = 382 2 ("Bad label value") as specified in [RFC8664]. 384 For SRv6 BSIDs, it is RECOMMENDED to always explicitly specify the 385 SRv6 Endpoint Behavior and SID Structure in the TE-PATH-BINDING TLV 386 by setting the BT (Binding Type) to 3. This enables the sender to 387 have control of the SRv6 Endpoint Behavior and SID Structure. A 388 sender MAY choose to set the BT to 2, in which case the receiving 389 implementation chooses how to interpret the SRv6 Endpoint Behavior 390 and SID Structure according to local policy. 392 If a PCC wishes to withdraw a previously reported binding value, it 393 MUST send a PCRpt message with the specific TE-PATH-BINDING TLV with 394 R flag set to 1. If a PCC wishes to modify a previously reported 395 binding, it MUST withdraw the former binding value (with R flag set 396 in the former TE-PATH-BINDING TLV) and include a new TE-PATH-BINDING 397 TLV containing the new binding value. Note that other instances of 398 TE-PATH-BINDING TLVs that are unchanged MAY also be included. 400 If a PCE requires a PCC to allocate a (or several) specific binding 401 value(s), it may do so by sending a PCUpd or PCInitiate message 402 containing a TE-PATH-BINDING TLV(s). If the value(s) can be 403 successfully allocated, the PCC reports the binding value(s) to the 404 PCE. If the PCC considers the binding value specified by the PCE 405 invalid, it MUST send a PCErr message with Error-Type = TBD2 406 ("Binding label/SID failure") and Error Value = TBD3 ("Invalid SID"). 407 If the binding value is valid, but the PCC is unable to allocate the 408 binding value, it MUST send a PCErr message with Error-Type = TBD2 409 ("Binding label/SID failure") and Error Value = TBD4 ("Unable to 410 allocate the specified binding value"). Note that, in case of an 411 error, the PCC rejects the PCUpd or PCInitiate message in its 412 entirety and can include the offending TE-PATH-BINDING TLV in the 413 PCEP-ERROR object. 415 If a PCE wishes to request the withdrawal of a previously reported 416 binding value, it MUST send a PCUpd message with the specific TE- 417 PATH-BINDING TLV with R flag set to 1. If a PCE wishes to modify a 418 previously requested binding value, it MUST request the withdrawal of 419 the former binding value (with R flag set in the former TE-PATH- 420 BINDING TLV) and include a new TE-PATH-BINDING TLV containing the new 421 binding value. 423 In some cases, a stateful PCE may want to request that the PCC 424 allocate a binding value of the PCC's own choosing. It instructs the 425 PCC by sending a PCUpd message containing an empty TE-PATH-BINDING 426 TLV, i.e., no binding value is specified (bringing the Length field 427 of the TLV to 4). A PCE can also request a PCC to allocate a binding 428 value at the time of initiation by sending a PCInitiate message with 429 an empty TE-PATH-BINDING TLV. Only one such instance of empty TE- 430 PATH-BINDING TLV SHOULD be included in the LSP object and others 431 ignored on receipt. If the PCC is unable to allocate a new binding 432 value as per the specified BT, it MUST send a PCErr message with 433 Error-Type = TBD2 ("Binding label/SID failure") and Error-Value = 434 TBD5 ("Unable to allocate a new binding label/SID"). 436 As previously noted, if a message contains an invalid TE-PATH-BINDING 437 TLV that leads to an error condition, the whole message is rejected 438 including any other valid instances of TE-PATH-BINDING TLVs, if any. 439 The resulting error message MAY include the offending TE-PATH-BINDING 440 TLV in the PCEP-ERROR object. 442 If a PCC receives a TE-PATH-BINDING TLV in any message other than 443 PCUpd or PCInitiate, it MUST close the corresponding PCEP session 444 with the reason "Reception of a malformed PCEP message" (according to 445 [RFC5440]). Similarly, if a PCE receives a TE-PATH-BINDING TLV in 446 any message other than a PCRpt or if the TE-PATH-BINDING TLV is 447 associated with any object other than an LSP or PCEP-ERROR object, 448 the PCE MUST close the corresponding PCEP session with the reason 449 "Reception of a malformed PCEP message" (according to [RFC5440]). 451 If a TE-PATH-BINDING TLV is absent in the PCRpt message and no 452 binding values were reported before, the PCE MUST assume that the 453 corresponding LSP does not have any binding. Similarly, if TE-PATH- 454 BINDING TLV is absent in the PCUpd message and no binding values were 455 reported before, the PCC's local policy dictates how the binding 456 allocations are made for a given LSP. 458 6. Binding SID in SR-ERO 460 In PCEP messages, LSP route information is carried in the Explicit 461 Route Object (ERO), which consists of a sequence of subobjects. 462 [RFC8664] defines the "SR-ERO subobject" capable of carrying a SID as 463 well as the identity of the node/adjacency (NAI) represented by the 464 SID. The NAI Type (NT) field indicates the type and format of the 465 NAI contained in the SR-ERO. In case of binding SID, the NAI MUST 466 NOT be included and NT MUST be set to zero. [RFC8664] Section 5.2.1 467 specifies bit settings and error handling in the case when NT=0. 469 7. Binding SID in SRv6-ERO 471 [I-D.ietf-pce-segment-routing-ipv6] defines the "SRv6-ERO subobject" 472 for an SRv6 SID. Similarly to SR-ERO (Section 6), the NAI MUST NOT 473 be included and the NT MUST be set to zero. [RFC8664] Section 5.2.1 474 specifies bit settings and error handling in the case when NT=0. 476 8. PCE Allocation of Binding label/SID 478 Section 5 already includes the scenario where a PCE requires a PCC to 479 allocate a specified binding value by sending a PCUpd or PCInitiate 480 message containing a TE-PATH-BINDING TLV. This section specifies an 481 OPTIONAL feature for the PCE to allocate the binding label/SID of its 482 own accord in the case where the PCE also controls the label space of 483 the PCC and can make the label allocation on its own as described in 484 [RFC8283]. Note that the act of requesting a specific binding value 485 (Section 5) is different from the act of allocating a binding label/ 486 SID as described in this section. 488 [RFC8283] introduces the architecture for PCE as a central controller 489 as an extension of the architecture described in [RFC4655] and 490 assumes the continued use of PCEP as the protocol used between PCE 491 and PCC. [RFC9050] specifies the procedures and PCEP extensions for 492 using the PCE as the central controller. 494 When PCECC operations are supported as per [RFC9050], the binding 495 label/SID MAY also be allocated by the PCE itself. Both peers need 496 to exchange the PCECC capability as described in [RFC9050] before the 497 PCE can allocate the binding label/SID on its own. 499 A new P flag in the LSP object [RFC8231] is introduced to indicate 500 that the allocation needs to be made by the PCE: 502 o P (PCE-allocated binding label/SID): If the bit is set to 1, it 503 indicates that the PCC requests PCE to make allocations for this 504 LSP. The TE-PATH-BINDING TLV in the LSP object identifies that 505 the allocation is for a binding label/SID. A PCC MUST set this 506 bit to 1 and include a TE-PATH-BINDING TLV in the LSP object if it 507 wishes to request for allocation of binding label/SID by the PCE 508 in the PCEP message. A PCE MUST also set this bit to 1 and 509 include a TE-PATH-BINDING TLV to indicate that the binding label/ 510 SID is allocated by PCE and encoded in the PCEP message towards 511 the PCC. Further, a PCE MUST set this bit to 0 and include a TE- 512 PATH-BINDING TLV in the LSP object if it wishes to indicate that 513 the binding label/SID should be allocated by the PCC as described 514 in Section 5. 516 Note that - 517 o A PCE could allocate the binding label/SID of its own accord for a 518 PCE-initiated or delegated LSP, and inform the PCC in the 519 PCInitiate message or PCUpd message by setting P=1 and including 520 TE-PATH-BINDING TLV in the LSP object. 522 o To let the PCC allocate the binding label/SID, a PCE MUST set P=0 523 and include an empty TE-PATH-BINDING TLV ( i.e., no binding value 524 is specified) in the LSP object in PCInitiate/PCUpd message. 526 o To request that the PCE allocate the binding label/SID, a PCC MUST 527 set P=1, D=1, and include an empty TE-PATH-BINDING TLV in PCRpt 528 message. The PCE SHOULD allocate it and respond to the PCC with 529 PCUpd message including the allocated binding label/SID in the TE- 530 PATH-BINDING TLV and P=1, D=1 in the LSP object. If the PCE is 531 unable to allocate, it MUST send a PCErr message with Error-Type = 532 TBD2 ("Binding label/SID failure") and Error-Value = TBD5 ("Unable 533 to allocate a new binding label/SID"). 535 o If one or both speakers (PCE and PCC) have not indicated support 536 and willingness to use the PCEP extensions for the PCECC as per 537 [RFC9050] and a PCEP peer receives P=1 in the LSP object, it MUST: 539 * send a PCErr message with Error-Type=19 (Invalid Operation) and 540 Error-value=16 (Attempted PCECC operations when PCECC 541 capability was not advertised) and 543 * terminate the PCEP session. 545 o A legacy PCEP speaker that does not recognize the P flag in the 546 LSP object would ignore it in accordance with [RFC8231]. 548 It is assumed that the label range to be used by a PCE is known and 549 set on both PCEP peers. The exact mechanism is out of the scope of 550 [RFC9050] or this document. Note that the specific BSID could be 551 from the PCE-controlled or the PCC-controlled label space. The PCE 552 can directly allocate the label from the PCE-controlled label space 553 using P=1 as described above, whereas the PCE can request the 554 allocation of a specific BSID from the PCC-controlled label space 555 with P=0 as described in Section 5. 557 9. Implementation Status 559 [Note to the RFC Editor - remove this section before publication, as 560 well as remove the reference to RFC 7942.] 562 This section records the status of known implementations of the 563 protocol defined by this specification at the time of posting of this 564 Internet-Draft, and is based on a proposal described in [RFC7942]. 566 The description of implementations in this section is intended to 567 assist the IETF in its decision processes in progressing drafts to 568 RFCs. Please note that the listing of any individual implementation 569 here does not imply endorsement by the IETF. Furthermore, no effort 570 has been spent to verify the information presented here that was 571 supplied by IETF contributors. This is not intended as, and must not 572 be construed to be, a catalog of available implementations or their 573 features. Readers are advised to note that other implementations may 574 exist. 576 According to [RFC7942], "this will allow reviewers and working groups 577 to assign due consideration to documents that have the benefit of 578 running code, which may serve as evidence of valuable experimentation 579 and feedback that have made the implemented protocols more mature. 580 It is up to the individual working groups to use this information as 581 they see fit". 583 9.1. Huawei 585 o Organization: Huawei 587 o Implementation: Huawei's Router and Controller 589 o Description: An experimental code-point is used and will be 590 modified to the value allocated in this document. 592 o Maturity Level: Production 594 o Coverage: Full 596 o Contact: c.l@huawei.com 598 9.2. Cisco 600 o Organization: Cisco Systems 602 o Implementation: Head-end and controller. 604 o Description: An experimental code-point is used and will be 605 modified to the value allocated in this document. 607 o Maturity Level: Production 609 o Coverage: Full 611 o Contact: mkoldych@cisco.com 613 10. Security Considerations 615 The security considerations described in [RFC5440], [RFC8231], 616 [RFC8281] and [RFC8664] are applicable to this specification. No 617 additional security measure is required. 619 As described in [RFC8664], SR allows a network controller to 620 instantiate and control paths in the network. A rogue PCE can 621 manipulate binding SID allocations to move traffic around for some 622 other LSP that uses BSID in its SR-ERO. Note that path {A, B, BSID} 623 can be misdirected just by assigning the BSID value to a different 624 LSP making it a lot easier to misdirect traffic (and harder to 625 detect). 627 Note that in case of BT as 3, the manipulation of SID structure could 628 be exploited by falsifying the various length values. 630 Thus, as per [RFC8231], it is RECOMMENDED that these PCEP extensions 631 only be activated on authenticated and encrypted sessions across PCEs 632 and PCCs belonging to the same administrative authority, using 633 Transport Layer Security (TLS) [RFC8253], as per the recommendations 634 and best current practices in BCP195 [RFC7525] (unless explicitly set 635 aside in [RFC8253]). 637 11. Manageability Considerations 639 All manageability requirements and considerations listed in 640 [RFC5440], [RFC8231], and [RFC8664] apply to PCEP protocol extensions 641 defined in this document. In addition, requirements and 642 considerations listed in this section apply. 644 11.1. Control of Function and Policy 646 A PCC implementation SHOULD allow the operator to configure the 647 policy the PCC needs to apply when allocating the binding label/SID. 649 For BT is 2, the operator needs to have local policy set to decide 650 the SID structure and the SRv6 Endpoint Behavior of the BSID. 652 11.2. Information and Data Models 654 The PCEP YANG module [I-D.ietf-pce-pcep-yang] will be extended to 655 include policy configuration for binding label/SID allocation. 657 11.3. Liveness Detection and Monitoring 659 The mechanisms defined in this document do not imply any new liveness 660 detection and monitoring requirements in addition to those already 661 listed in [RFC5440]. 663 11.4. Verify Correct Operations 665 The mechanisms defined in this document do not imply any new 666 operation verification requirements in addition to those already 667 listed in [RFC5440], [RFC8231], and [RFC8664]. 669 11.5. Requirements On Other Protocols 671 The mechanisms defined in this document do not imply any new 672 requirements on other protocols. 674 11.6. Impact On Network Operations 676 The mechanisms defined in [RFC5440], [RFC8231], and [RFC8664] also 677 apply to the PCEP extensions defined in this document. 679 12. IANA Considerations 681 IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" 682 registry. This document requests IANA actions to allocate code 683 points for the protocol elements defined in this document. 685 12.1. PCEP TLV Type Indicators 687 This document defines a new PCEP TLV; IANA is requested to confirm 688 the following early allocations from the "PCEP TLV Type Indicators" 689 subregistry of the PCEP Numbers registry, as follows: 691 Value Description Reference 693 55 TE-PATH-BINDING This document 695 12.1.1. TE-PATH-BINDING TLV 697 IANA is requested to create a new subregistry "TE-PATH-BINDING TLV BT 698 field" to manage the value of the Binding Type field in the TE-PATH- 699 BINDING TLV. Initial values for the subregistry are given below. 700 New values are assigned by Standards Action [RFC8126]. 702 Value Description Reference 704 0 MPLS Label This document 705 1 MPLS Label Stack This document 706 Entry 707 2 SRv6 SID This document 708 3 SRv6 SID with This document 709 Behavior and 710 Structure 711 4-255 Unassigned This document 713 IANA is requested to create a new subregistry "TE-PATH-BINDING TLV 714 Flag field" to manage the Flag field in the TE-PATH-BINDING TLV. New 715 values are to be assigned by Standards Action [RFC8126]. Each bit 716 should be tracked with the following qualities: 718 o Bit number (count from 0 as the most significant bit) 720 o Description 722 o Reference 724 Bit Description Reference 726 0 R (Removal) This document 727 1-7 Unassigned This document 729 12.2. LSP Object 731 IANA is requested to confirm the early allocation for a new code- 732 point in the "LSP Object Flag Field" sub-registry for the new P flag 733 as follows: 735 Bit Description Reference 737 0 PCE-allocated binding This document 738 label/SID 740 12.3. PCEP Error Type and Value 742 This document defines a new Error-type and associated Error-Values 743 for the PCErr message. IANA is requested to allocate new error-type 744 and error-values within the "PCEP-ERROR Object Error Types and 745 Values" subregistry of the PCEP Numbers registry, as follows: 747 Error-Type Meaning Error-value Reference 749 TBD2 Binding label/SID 0: Unassigned This 750 failure document 751 TBD3: Invalid SID This 752 document 753 TBD4: Unable to allocate the This 754 specified binding value document 755 TBD5: Unable to allocate a This 756 new binding label/SID document 758 13. Acknowledgements 760 We would like to thank Milos Fabian, Mrinmoy Das, Andrew Stone, Tom 761 Petch, Aijun Wang, Olivier Dugeon, and Adrian Farrel for their 762 valuable comments. 764 Thanks to Julien Meuric for shepherding. Thanks to John Scudder for 765 the AD review. 767 14. References 769 14.1. Normative References 771 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 772 Requirement Levels", BCP 14, RFC 2119, 773 DOI 10.17487/RFC2119, March 1997, 774 . 776 [RFC3032] Rosen, E., Tappan, D., Fedorkow, G., Rekhter, Y., 777 Farinacci, D., Li, T., and A. Conta, "MPLS Label Stack 778 Encoding", RFC 3032, DOI 10.17487/RFC3032, January 2001, 779 . 781 [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation 782 Element (PCE) Communication Protocol (PCEP)", RFC 5440, 783 DOI 10.17487/RFC5440, March 2009, 784 . 786 [RFC5462] Andersson, L. and R. Asati, "Multiprotocol Label Switching 787 (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic 788 Class" Field", RFC 5462, DOI 10.17487/RFC5462, February 789 2009, . 791 [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, 792 "Recommendations for Secure Use of Transport Layer 793 Security (TLS) and Datagram Transport Layer Security 794 (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 795 2015, . 797 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 798 Code: The Implementation Status Section", BCP 205, 799 RFC 7942, DOI 10.17487/RFC7942, July 2016, 800 . 802 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 803 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 804 May 2017, . 806 [RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path 807 Computation Element Communication Protocol (PCEP) 808 Extensions for Stateful PCE", RFC 8231, 809 DOI 10.17487/RFC8231, September 2017, 810 . 812 [RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, 813 "PCEPS: Usage of TLS to Provide a Secure Transport for the 814 Path Computation Element Communication Protocol (PCEP)", 815 RFC 8253, DOI 10.17487/RFC8253, October 2017, 816 . 818 [RFC8281] Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "Path 819 Computation Element Communication Protocol (PCEP) 820 Extensions for PCE-Initiated LSP Setup in a Stateful PCE 821 Model", RFC 8281, DOI 10.17487/RFC8281, December 2017, 822 . 824 [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., 825 Decraene, B., Litkowski, S., and R. Shakir, "Segment 826 Routing Architecture", RFC 8402, DOI 10.17487/RFC8402, 827 July 2018, . 829 [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 830 and J. Hardwick, "Path Computation Element Communication 831 Protocol (PCEP) Extensions for Segment Routing", RFC 8664, 832 DOI 10.17487/RFC8664, December 2019, 833 . 835 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 836 Writing an IANA Considerations Section in RFCs", BCP 26, 837 RFC 8126, DOI 10.17487/RFC8126, June 2017, 838 . 840 [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, 841 D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 842 (SRv6) Network Programming", RFC 8986, 843 DOI 10.17487/RFC8986, February 2021, 844 . 846 [RFC9050] Li, Z., Peng, S., Negi, M., Zhao, Q., and C. Zhou, "Path 847 Computation Element Communication Protocol (PCEP) 848 Procedures and Extensions for Using the PCE as a Central 849 Controller (PCECC) of LSPs", RFC 9050, 850 DOI 10.17487/RFC9050, July 2021, 851 . 853 [I-D.ietf-pce-segment-routing-ipv6] 854 Li, C., Negi, M., Sivabalan, S., Koldychev, M., 855 Kaladharan, P., and Y. Zhu, "PCEP Extensions for Segment 856 Routing leveraging the IPv6 data plane", draft-ietf-pce- 857 segment-routing-ipv6-09 (work in progress), May 2021. 859 14.2. Informative References 861 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation 862 Element (PCE)-Based Architecture", RFC 4655, 863 DOI 10.17487/RFC4655, August 2006, 864 . 866 [RFC8283] Farrel, A., Ed., Zhao, Q., Ed., Li, Z., and C. Zhou, "An 867 Architecture for Use of PCE and the PCE Communication 868 Protocol (PCEP) in a Network with Central Control", 869 RFC 8283, DOI 10.17487/RFC8283, December 2017, 870 . 872 [RFC8669] Previdi, S., Filsfils, C., Lindem, A., Ed., Sreekantiah, 873 A., and H. Gredler, "Segment Routing Prefix Segment 874 Identifier Extensions for BGP", RFC 8669, 875 DOI 10.17487/RFC8669, December 2019, 876 . 878 [I-D.ietf-spring-segment-routing-policy] 879 Filsfils, C., Talaulikar, K., Voyer, D., Bogdanov, A., and 880 P. Mattes, "Segment Routing Policy Architecture", draft- 881 ietf-spring-segment-routing-policy-13 (work in progress), 882 May 2021. 884 [I-D.ietf-pce-pcep-yang] 885 Dhody, D., Hardwick, J., Beeram, V. P., and J. Tantsura, 886 "A YANG Data Model for Path Computation Element 887 Communications Protocol (PCEP)", draft-ietf-pce-pcep- 888 yang-16 (work in progress), February 2021. 890 Appendix A. Contributor Addresses 892 Jonathan Hardwick 893 Metaswitch Networks 894 33 Genotin Road 895 Enfield 896 United Kingdom 898 EMail: Jonathan.Hardwick@metaswitch.com 900 Dhruv Dhody 901 Huawei Technologies 902 Divyashree Techno Park, Whitefield 903 Bangalore, Karnataka 560066 904 India 906 EMail: dhruv.ietf@gmail.com 908 Mahendra Singh Negi 909 RtBrick India 910 N-17L, Floor-1, 18th Cross Rd, HSR Layout Sector-3 911 Bangalore, Karnataka 560102 912 India 914 EMail: mahend.ietf@gmail.com 916 Mike Koldychev 917 Cisco Systems, Inc. 918 2000 Innovation Drive 919 Kanata, Ontario K2K 3E8 920 Canada 922 Email: mkoldych@cisco.com 924 Zafar Ali 925 Cisco Systems, Inc. 927 Email: zali@cisco.com 929 Authors' Addresses 931 Siva Sivabalan 932 Ciena Corporation 934 EMail: msiva282@gmail.com 935 Clarence Filsfils 936 Cisco Systems, Inc. 937 Pegasus Parc 938 De kleetlaan 6a, DIEGEM BRABANT 1831 939 BELGIUM 941 EMail: cfilsfil@cisco.com 943 Jeff Tantsura 944 Microsoft Corporation 946 EMail: jefftant.ietf@gmail.com 948 Stefano Previdi 949 Huawei Technologies 951 EMail: stefano@previdi.net 953 Cheng Li (editor) 954 Huawei Technologies 955 Huawei Campus, No. 156 Beiqing Rd. 956 Beijing 100095 957 China 959 EMail: c.l@huawei.com