idnits 2.17.1 draft-ietf-pce-hierarchy-extensions-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 27, 2015) is 3371 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group F. Zhang 2 Internet-Draft Q. Zhao 3 Intended status: Experimental Huawei 4 Expires: July, 2015 O. Gonzalez de Dios 5 Telefonica I+D 6 R. Casellas 7 CTTC 8 D. King 9 Old Dog Consulting 10 January 27, 2015 12 Extensions to Path Computation Element Communication Protocol (PCEP) for 13 Hierarchical Path Computation Elements (PCE) 14 draft-ietf-pce-hierarchy-extensions-02 16 Abstract 18 The Hierarchical Path Computation Element (H-PCE) architecture, 19 provides a mechanism to allow the optimum sequence of domains to be 20 selected,and the optimum end-to-end path to be derived through the 21 use of a hierarchical relationship between domains. 23 This document defines the Path Computation Element Protocol (PCEP) 24 extensions for the purpose of implementing Hierarchical PCE 25 procedures which are described in the aforementioned document. These 26 extensions are experimental and published for examination, 27 discussion, implementation, and evaluation. 29 Status of this Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at http://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire in July, 2015. 46 Copyright Notice 48 Copyright (c) 2015 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 66 1.3. Requirements Language . . . . . . . . . . . . . . . . . . 4 67 2. Requirements for H-PCE . . . . . . . . . . . . . . . . . . . . 4 68 2.1. PCEP Requests . . . . . . . . . . . . . . . . . . . . . . 4 69 2.1.1. Qualification of PCEP Requests . . . . . . . . . . . . 4 70 2.1.2. Multi-domain Objective Functions . . . . . . . . . . . 5 71 2.1.3. Multi-domain Metrics . . . . . . . . . . . . . . . . . 6 72 2.2. Parent PCE Capability Discovery . . . . . . . . . . . . . 6 73 2.3. PCE Domain and PCE ID Discovery . . . . . . . . . . . . . 6 74 3. PCEP Extensions (Encoding) . . . . . . . . . . . . . . . . . . 6 75 3.1. OPEN Object . . . . . . . . . . . . . . . . . . . . . . . 6 76 3.1.1. OF Codes . . . . . . . . . . . . . . . . . . . . . . . 6 77 3.1.2. OPEN Object Flags . . . . . . . . . . . . . . . . . . 7 78 3.1.3. Domain-ID TLV . . . . . . . . . . . . . . . . . . . . 7 79 3.1.4. PCE-ID TLV . . . . . . . . . . . . . . . . . . . . . . 9 80 3.2. RP object . . . . . . . . . . . . . . . . . . . . . . . . 9 81 3.2.1. RP Object Flags . . . . . . . . . . . . . . . . . . . 9 82 3.2.2. Domain-ID TLV . . . . . . . . . . . . . . . . . . . . 9 83 3.3. Metric Object . . . . . . . . . . . . . . . . . . . . . .10 84 3.4. PCEP-ERROR Object . . . . . . . . . . . . . . . . . . . .10 85 3.4.1. Hierarchy PCE Error-Type . . . . . . . . . . . . . . .10 86 3.5. NO-PATH Object . . . . . . . . . . . . . . . . . . . . . .10 87 4. H-PCE Procedures . . . . . . . . . . . . . . . . . . . . . . .10 88 4.1. OPEN Procedure between Child PCE and Parent PCE . . . . .10 89 4.2. Procedure to Obtain Domain Sequence . . . . . . . . . . .11 90 5. Error Handling . . . . . . . . . . . . . . . . . . . . . . . .11 91 6. Manageability Considerations . . . . . . . . . . . . . . . . .12 92 6.1. Control of Function and Policy . . . . . . . . . . . . . .12 93 6.1.1. Child PCE . . . . . . . . . . . . . . . . . . . . . .12 94 6.1.2. Parent PCE . . . . . . . . . . . . . . . . . . . . . .13 95 6.1.3. Policy Control . . . . . . . . . . . . . . . . . . . .13 96 6.2. Information and Data Models . . . . . . . . . . . . . . .13 97 6.3. Liveness Detection and Monitoring . . . . . . . . . . . .13 98 6.4. Verifying Correct Operation . . . . . . . . . . . . . . .13 99 6.5. Impact on Network Operation . . . . . . . . . . . . . . .14 100 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . .14 101 8. Security Considerations . . . . . . . . . . . . . . . . . . .14 102 9. Implementation Status . . . . . . . . . . . . . . . . . . . .15 103 10. Contributing Authors . . . . . . . . . . . . . . . . . . . .16 104 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .16 105 12. References . . . . . . . . . . . . . . . . . . . . . . . . . .17 106 12.1 Normative References . . . . . . . . . . . . . . . . . . . .17 107 12.2 Informative References . . . . . . . . . . . . . . . . . . .17 108 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .18 110 1. Introduction 112 [RFC6805] describes a Hierarchical PCE (H-PCE) architecture which can 113 be used for computing end-to-end paths for inter-domain MPLS Traffic 114 Engineering (TE) and GMPLS Label Switched Paths (LSPs). 116 Within the hierarchical PCE architecture, the parent PCE is used to 117 compute a multi-domain path based on the domain connectivity 118 information. A child PCE may be responsible for a single domain or 119 multiple domains, it is used to compute the intra-domain path based 120 on its domain topology information. 122 The H-PCE end-to-end domain path computation procedure is described 123 below: 125 o A path computation client (PCC) sends the inter-domain path 126 computation requests to the child PCE responsible for its domain; 128 o The child PCE forwards the request to the parent PCE; 130 o The parent PCE computes the likely domain paths from the ingress 131 domain to the egress domain; 133 o The parent PCE sends the intra-domain path computation requests 134 (between the domain border nodes) to the child PCEs which are 135 responsible for the domains along the domain path; 137 o The child PCEs return the intra-domain paths to the parent PCE; 139 o The parent PCE constructs the end-to-end inter-domain path based 140 on the intra-domain paths; 142 o The parent PCE returns the inter-domain path to the child PCE; 144 o The child PCE forwards the inter-domain path to the PCC. 146 In addition, the parent PCE may be requested to provide only the 147 sequence of domains to a child PCE so that alternative inter-domain 148 path computation procedures, including Per Domain (PD) [RFC5152] and 149 Backwards Recursive Path Computation (BRPC) [RFC5441] may be used. 151 This document defines the PCEP extensions for the purpose of 152 implementing Hierarchical PCE procedures, which are described in 153 [RFC6805]. 155 1.1. Scope 157 The following functions are out of scope of this document. 159 o Finding end point addresses; 161 o Parent Traffic Engineering Database (TED) methods; 163 o Domain connectivity; 165 The document also uses a number of [editor notes] to describe options 166 and alternative solutions. These options and notes will be removed 167 before publication once agreement is reached. 169 1.2. Terminology 171 This document uses the terminology defined in [RFC4655], [RFC5440] 172 and the additional terms defined in section 1.4 of [RFC6805]. 174 1.3. Requirements Language 176 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 177 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 178 document are to be interpreted as described in [RFC2119]. 180 2. Requirements for H-PCE 182 This section compiles the set of requirements of the PCEP protocol to 183 support the H-PCE architecture and procedures. 185 [RFC6805] identifies high-level requirements of PCEP extensions 186 required to support the hierarchical PCE model. 188 2.1. PCEP Requests 190 The PCReq messages are used by a PCC or PCE to make a path 191 computation request to a PCE. In order to achieve the full 192 functionality of the H-PCE procedures, the PCReq message needs to 193 include: 195 o Qualification of PCE Requests; 196 o Multi-domain Objective Functions (OF); 198 o Multi-domain Metrics. 200 2.1.1. Qualification of PCEP Requests 202 As described in section 4.8.1 of [RFC6805], the H-PCE architecture 203 introduces new request qualifications, which are: 205 o It MUST be possible for a child PCE to indicate that a request it 206 sends to a parent PCE should be satisfied by a domain sequence 207 only, that is, not by a full end-to-end path. This allows the 208 child PCE to initiate a per-domain (PD) [RFC5152] or a backward 209 recursive path computation (BRPC) [RFC5441]. 211 o As stated in [RFC6805], section 4.5, if a PCC knows the egress 212 domain, it can supply this information as the path computation 213 request. It SHOULD be possible to specify the destination domain 214 information in a PCEP request, if it is known. 216 2.1.2. Multi-domain Objective Functions 218 For inter-domain path computation, there are two new objective 219 functions which are defined in section 1.3.1 and 4.1 of [RFC6805]: 221 o Minimize the number of domains crossed. A domain can be either an 222 Autonomous System (AS) or an Internal Gateway Protocol (IGP) area 223 depending on the type of multi-domain network hierarchical PCE is 224 applied to. 226 o Disallow domain re-entry.[Editor's note: Disallow domain re-entry 227 may not be an objective function, but an option in the request]. 229 During the PCEP session establishment procedure, the parent PCE needs 230 to be capable of indicating the Objective Functions (OF) capability 231 in the Open message. This capability information may then be 232 announced by child PCEs, and used for selecting the PCE when a PCC 233 wants a path that satisfies one or multiple inter-domain objective 234 functions. 236 When a PCC requests a PCE to compute an inter-domain path, the PCC 237 needs also to be capable of indicating the new objective functions 238 for inter-domain path. Note that a given child PCE may also act as a 239 parent PCE. 241 For the reasons described previously, new OF codes need to be defined 242 for the new inter-domain objective functions. Then the PCE can 243 notify its new inter-domain objective functions to the PCC by 244 carrying them in the OF-list TLV which is carried in the OPEN object. 245 The PCC can specify which objective function code to use, which is 246 carried in the OF object when requesting a PCE to compute an inter- 247 domain path. 249 The proposed solution may need to differentiate between the OF code 250 that is requested at the parent level, and the OF code that is 251 requested at the intra-domain (child domain). 253 A parent PCE MUST be capable of ensuring homogeneity, across domains, 254 when applying OF codes for strict OF intra-domain requests. 256 2.1.3. Multi-domain Metrics 258 For inter-domain path computation, there are several path metrics of 259 interest [Editor's note: Current framework only mentions metric 260 objectives. The metric itself should be also defined]: 262 o Domain count (number of domains crossed); 264 o Border Node count. 266 A PCC may be able to limit the number of domains crossed by applying 267 a limit on these metrics. 269 2.2. Parent PCE Capability Discovery 271 Parent and child PCE relationships are likely to be configured. 272 However, as mentioned in [RFC6805], it would assist network operators 273 if the child and parent PCE could indicate their H-PCE capabilities. 275 During the PCEP session establishment procedure, the child PCE needs 276 to be capable of indicating to the parent PCE whether it requests the 277 parent PCE capability or not. Also, during the PCEP session 278 establishment procedure, the parent PCE needs to be capable of 279 indicating whether its parent capability can be provided or not. 281 2.3. PCE Domain and PCE ID Discovery 283 A PCE domain is a single domain with an associated PCE. Although it 284 is possible for a PCE to manage multiple domains. The PCE domain may 285 be an IGP area or AS. 287 The PCE ID is an IPv4 and/or IPv6 address that is used to reach the 288 parent/child PCE. It is RECOMMENDED to use an address that is always 289 reachable if there is any connectivity to the PCE. 291 The PCE ID information and PCE domain identifiers may be provided 292 during the PCEP session establishment procedure or the domain 293 connectivity information collection procedure. 295 3. PCEP Extensions (Encoding) 297 3.1. OPEN object 299 3.1.1. OF Codes 301 This H-PCE experiment will be carried out using the following OF 302 codes: 304 o MTD 306 * Name: Minimize the number of Transit Domains 308 * Objective Function Code 310 * Description: Find a path P such that it passes through the 311 number of transit domains 313 o MBN 315 * Name: Minimize the number of border nodes. 317 * Objective Function Code 319 * Description: Find a path P such that it passes through the 320 least number of border nodes 322 o DDR 324 * Name: Disallow Domain Re-entry (DDR) 326 * Objective Function Code 328 * Description: Find a path P such that does not entry a domain 329 more than once 331 3.1.2. OPEN Object Flags 333 This H-PCE experiment will also require two OPEN object flags: 335 o Parent PCE Request bit (to be assigned by IANA, recommended bit 336 0): if set, it would signal that the child PCE wishes to use the 337 peer PCE as a parent PCE. 339 o Parent PCE Indication bit (to be assigned by IANA, recommended bit 340 1): if set, it would signal that the PCE can be used as a parent 341 PCE by the peer PCE. 343 3.1.3. Domain-ID TLV 345 The Domain-ID TLV for this H-PCE experiment is defined below: 347 0 1 2 3 348 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 350 | Domain Type | Reserved | 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | Domain ID | 353 // // 354 | | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 357 Figure 1: Domain-ID TLV 359 Domain Type (8 bits): Indicates the domain type. Two types of domain 360 are currently defined: 362 o Type=1: the Domain ID field carries an IGP Area ID. 364 o Type=2: the Domain ID field carries an AS number. 366 Domain ID (variable): Indicates an IGP Area ID or AS number. It can 367 be 2 bytes, 4 bytes or 8 bytes long depending on the domain 368 identifier used. 370 [Editor's note: draft-dhody-pce-pcep-domain-sequence, section 3.2 371 deals with the encoding of domain sequences, using ERO-subobjects. 372 Work is ongoing to define domain identifiers for OSPF-TE areas, IS-IS 373 area (which are variable sized), 2-byte and 4-byte AS number, and any 374 other domain that may be defined in the future. It uses RSVP-TE 375 subobject discriminators, rather than new type 1/ type 2. A domain 376 sequence may be encoded as a route object. The "VALUE" part of the 377 TLV could follow common RSVP-TE subobject format: 379 0 1 2 3 380 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 382 |0| Type | Length | Reserved | 383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 384 | AS Id (4 bytes) | 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 0 1 2 3 388 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 389 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 390 |0| Type | Length | AS Id (2 bytes) | 391 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 393 Figure 2: Alternative Domain-ID TLV 395 3.1.4. PCE-ID TLV 397 The type of PCE-ID TLV for this H-PCE experiment is defined below: 399 0 1 2 3 400 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 401 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 402 | Address Type | Reserved | 403 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 404 | | 405 // PCE IP Address // 406 | | 407 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 409 Figure 3: PCE-ID TLV 411 Address Type (16 bits): Indicates the address type of PCE IP Address. 412 1 means IPv4 address type, 2 means IPv6 address type. 414 PCE IP Address: Indicates the reachable address of a PCE. 416 [Editor's note: [RFC5886] already defines the PCE-ID object. If a 417 semantically equivalent PCE-ID TLV is needed (to avoid modifying 418 message grammars to include the object), it can align with the PCEP 419 object: in any case, the length (4 / 16 bytes) can be used to know 420 whether it is an IPv4 or an IPv6 PCE, the address type is not 421 needed.] 423 3.2. RP object 425 3.2.1. RP Object Flags 427 The following RP object flags are defined for this H-PCE experiment: 429 o Domain Path Request bit: if set, it means the child PCE wishes to 430 get the domain sequence; 432 o Destination Domain Query bit: if set, it means the parent PCE 433 wishes to get the destination domain ID. 435 3.2.2. Domain-ID TLV 437 The format of this TLV is defined in Section 3.1.3. This TLV can be 438 carried in an OPEN object to indicate a (list of) managed domains, or 439 carried in a RP object to indicate the destination domain ID when a 440 child PCE responds to the parent PCE's destination domain query by a 441 PCRep message. 443 [Editors note. In some cases, the Parent PCE may need to allocate a 444 node which is not necessarily the destination node.] 446 3.3. Metric Object 448 There are two new metrics defined in this document for H-PCE: 450 o Domain count (number of domains crossed); 452 o Border Node Count (number of border nodes crossed). 454 3.4. PCEP-ERROR object 456 3.4.1. Hierarchy PCE Error-Type 458 A new PCEP Error-Type is used for this H-PCE experiment and is 459 defined below: 461 +------------+------------------------------------------------------+ 462 | Error-Type | Meaning | 463 +------------+------------------------------------------------------+ 464 | 19 | H-PCE error Error-value=1: parent PCE capability | 465 | | cannot be provided | 466 +------------+------------------------------------------------------+ 468 H-PCE error table 470 3.5. NO-PATH Object 472 To communicate the reason(s) for not being able to find a multi- 473 domain path or domain sequence, the NO-PATH object can be used in the 474 PCRep message. [RFC5440] defines the format of the NO-PATH object. 475 The object may contain a NO-PATH-VECTOR TLV to provide additional 476 information about why a (domain) path computation has failed. 478 Three new bit flags are defined to be carried in the Flags field in 479 the NO-PATH-VECTOR TLV carried in the NO-PATH Object. 481 o Bit 23: When set, the parent PCE indicates that destination domain 482 unknown; 484 o Bit 22: When set, the parent PCE indicates unresponsive child 485 PCE(s); 487 o Bit 21: When set, the parent PCE indicates no available resource 488 available in one or more domain(s). 490 4. H-PCE Procedures 492 4.1. OPEN Procedure between Child PCE and Parent PCE 493 If a child PCE wants to use the peer PCE as a parent, it can set the 494 parent PCE request bit in the OPEN object carried in the Open message 495 during the PCEP session creation procedure. If the peer PCE does not 496 want to provide the parent function to the child PCE, it must send a 497 PCErr message to the child PCE and clear the parent PCE indication 498 bit in the OPEN object. 500 If the parent PCE can provide the parent function to the peer PCE, it 501 may set the parent PCE indication bit in the OPEN object carried in 502 the Open message during the PCEP session creation procedure. 504 The PCE may also report its PCE ID and list of domain ID to the peer 505 PCE by specifying them in the PCE-ID TLV and List of Domain-ID TLVs 506 in the OPEN object carried in the Open message during the PCEP 507 session creation procedure. 509 The OF codes defined in this document can be carried in the OF-list 510 TLV of the OPEN object. If the OF-list TLV carries the OF codes, it 511 means that the PCE is capable of implementing the corresponding 512 objective functions. This information can be used for selecting a 513 proper parent PCE when a child PCE wants to get a path that satisfies 514 a certain objective function. 516 When a specific child PCE sends a PCReq to a peer PCE that requires 517 parental activity and the peer PCE does not want to act as the parent 518 for it, the peer PCE should send a PCErr message to the child PCE and 519 specify the error-type (IANA) and error-value (1) in the PCEP-ERROR 520 object. 522 4.2. Procedure to obtain Domain Sequence 524 If a child PCE only wants to get the domain sequence for a multi- 525 domain path computation from a parent PCE, it can set the Domain Path 526 Request bit in the RP object carried in a PCReq message. The parent 527 PCE which receives the PCReq message tries to compute a domain 528 sequence for it. If the domain path computation succeeds the parent 529 PCE sends a PCRep message which carries the domain sequence in the 530 ERO to the child PCE. The domain sequence is specified as AS or AREA 531 ERO sub-objects (type 32 for AS [RFC3209] or a to-be-defined IGP area 532 type). Otherwise it sends a PCReq message which carries the NO-PATH 533 object to the child PCE. 535 5. Error Handling 537 A PCE that is capable of acting as a parent PCE might not be 538 configured or willing to act as the parent for a specific child PCE. 540 This fact could be determined when the child sends a PCReq that 541 requires parental activity (such as querying other child PCEs), and 542 could result in a negative response in a PCEP Error (PCErr) message 543 and indicate the hierarchy PCE error types. 545 Additionally, the parent PCE may fail to find the multi-domain path 546 or domain sequence due to one or more of the following reasons: 548 o A child PCE cannot find a suitable path to the egress; 550 o The parent PCE do not hear from a child PCE for a specified time; 552 o The objective functions specified in the path request cannot be 553 met. 555 In this case, the parent PCE MAY need to send a negative path 556 computation reply specifying the reason. This can be achieved by 557 including NO-PATH object in the PCRep message. Extension to NO-PATH 558 object is needed to include the aforementioned reasons. 560 6. Manageability Considerations 562 General PCE and PCEP management considerations are discussed in 563 [RFC4655] and [RFC5440]. There are additional management 564 considerations for H-PCE which are described in [RFC6805], and 565 repeated in this section. 567 The administrative entity responsible for the management of the 568 parent PCEs must be determined for the following cases: 570 o multi-domains (e.g., IGP areas or multiple ASes) within a single 571 service provider network, the management responsibility for the 572 parent PCE would most likely be handled by the service provider, 574 o multiple ASes within different service provider networks, it may 575 be necessary for a third party to manage the parent PCEs according 576 to commercial and policy agreements from each of the participating 577 service providers. 579 [To be discussed further.] 581 6.1. Control of Function and Policy 583 [To be discussed further.] 585 6.1.1. Child PCE 587 Support of the hierarchical procedure will be controlled by the 588 management organization responsible for each child PCE. A child 589 PCE must be configured with the address of its parent PCE in order 590 for it to interact with its parent PCE. The child PCE must also 591 be authorized to peer with the parent PCE. 593 6.1.2. Parent PCE 595 The parent PCE must only accept path computation requests from 596 authorized child PCEs. If a parent PCE receives requests from an 597 unauthorized child PCE, the request should be dropped. This means 598 that a parent PCE must be configured with the identities and 599 security credentials of all of its child PCEs, or there must be 600 some form of shared secret that allows an unknown child PCE to be 601 authorized by the parent PCE. 603 6.1.3. Policy Control 605 It may be necessary to maintain a policy module on the parent PCE 606 [RFC5394]. This would allow the parent PCE to apply commercially 607 relevant constraints such as SLAs, security, peering preferences, and 608 monetary costs. 610 It may also be necessary for the parent PCE to limit end-to-end path 611 selection by including or excluding specific domains based on 612 commercial relationships, security implications, and reliability. 614 6.2. Information and Data Models 616 A PCEP MIB module is defined in [RFC7420] that describes managed 617 objects for modeling of PCEP communication. A H-PCE MIB module, 618 or additional data model will be required to report parent PCE 619 and child PCE information, including: 621 o parent PCE configuration and status, 623 o child PCE configuration and information, 625 o notifications to indicate session changes between parent PCEs and 626 child PCEs, and 628 o notification of parent PCE TED updates and changes. 630 6.3. Liveness Detection and Monitoring 632 The hierarchical procedure requires interaction with multiple PCEs. 633 Once a child PCE requests an end-to-end path, a sequence of events 634 occurs that requires interaction between the parent PCE and each 635 child PCE. If a child PCE is not operational, and an alternate 636 transit domain is not available, then a failure must be reported. 638 6.4. Verifying Correct Operation 640 Verifying the correct operation of a parent PCE can be performed by 641 monitoring a set of parameters. The parent PCE implementation should 642 provide the following parameters monitored by the parent PCE: 644 o number of child PCE requests, 646 o number of successful hierarchical PCE procedures completions on a 647 per-PCE-peer basis, 649 o number of hierarchical PCE procedure completion failures on a per- 650 PCE-peer basis, and 652 o number of hierarchical PCE procedure requests from unauthorized 653 child PCEs. 655 6.5. Impact on Network Operation 657 The hierarchical PCE procedure is a multiple-PCE path computation 658 scheme. Subsequent requests to and from the child and parent PCEs do 659 not differ from other path computation requests and should not have 660 any significant impact on network operations. 662 7. IANA Considerations 664 Due to the experimental nature of this draft no IANA requests are 665 made. 667 8. Security Considerations 669 The hierarchical PCE procedure relies on PCEP and inherits the 670 security requirements defined in [RFC5440]. As PCEP operates 671 over TCP, it may also make use of TCP security mechanisms, 672 including Transport Layer Security (TLS). 674 H-PCE operation also relies on information used to build the TED. 675 Attacks on a parent or child PCE may be achieved by falsifying 676 or impeding this flow of information. If the child PCE listens to 677 the IGP for populating the TED, then normal IGP security measures 678 may be applied, and it should be noted that an IGP routing 679 system is generally assumed to be a trusted domain such that router 680 subversion is not a risk. The parent PCE TED is constructed as 681 described in this document and may involve: 683 o multiple parent-child relationships using PCEP 685 o the parent PCE listening to child domain IGPs (with the same 686 security features as a child PCE listening to its IGP) 688 o an external mechanism (such as [BGP-LS]), which will need to be 689 authorized and secured. 691 Any multi-domain operation necessarily involves the exchange of 692 information across domain boundaries. This is bound to represent a 693 significant security and confidentiality risk especially when the 694 child domains are controlled by different commercial concerns. PCEP 695 allows individual PCEs to maintain confidentiality of their domain 696 path information using path-keys [RFC5520], and the H-PCE 697 architecture is specifically designed to enable as much isolation of 698 domain topology and capabilities information as is possible. 700 For further considerations of the security issues related to inter-AS 701 path computation, see [RFC5376]. 703 [To be discussed further.] 705 9. Implementation Status 707 The H-PCE architecture and protocol procedures describe in this I-D 708 were implemented and tested for a variety of optical research 709 applications. 711 This work was led by: 713 o Ramon Casellas 714 o Centre Tecnologic de Telecomunicacions de Catalunya (CTTC) 716 The H-PCE instances (parent and child) were multi-threaded 717 asynchronous processes. Implemented in C++11, using C++ Boost 718 Libraries. The targeted system used to deploy and run H-PCE 719 applications was a POSIX system (Debian GNU/Linux operating 720 system). 722 Some parts of the software may require a Linux Kernel, the 723 availability of a Routing Controller running collocated in the same 724 host and the usage of libnetfilter / libipq and GNU/Linux 725 firewalling capabilities. Most of the functionality, including 726 algorithms is done by means of plugins (e.g., as shared libraries 727 or .so files in Unix systems). 729 The CTTC PCE supports the H-PCE architecture, but also supports 730 stateful PCE with active capabilities, as an OpenFlow controller, 731 and has dedicated plugins to support monitoring, BRPC, P2MP, path 732 keys, back end PCEs. Management of the H-PCE entities was supported 733 via HTTP and CLI via Telnet. 735 Further details of the H-PCE prototyping and experimentation can be 736 found in the following scientific papers: 738 R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. 739 Morita, "Inter-layer traffic engineering with hierarchical-PCE in 740 MPLS-TP over wavelength switched optical networks" , Optics 741 Express, Vol. 20, No. 28, December 2012. 743 R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. Morita, 744 M. Msurusawa, "Dynamic virtual link mesh topology aggregation in 745 multi-domain translucent WSON with hierarchical-PCE", Optics Express 746 Journal, Vol. 19, No. 26, December 2011. 748 R. Casellas, R. Munoz, R. Martinez, R. Vilalta, L. Liu, T. Tsuritani, 749 I. Morita, V. Lopez, O. Gonzalez de Dios, J. P. Fernandez-Palacios, 750 "SDN based Provisioning Orchestration of OpenFlow/GMPLS Flexi-grid 751 Networks with a Stateful Hierarchical PCE", in Proceedings of Optical 752 Fiber Communication Conference and Exposition (OFC), 9-13 March, 753 2014, San Francisco (EEUU). Extended Version to appear in Journal 754 Of Optical Communications and Networking January 2015 756 F. Paolucci, O. Gonzalez de Dios, R. Casellas, S. Duhovnikov, P. 757 Castoldi, R. Munoz, R. Martinez, "Experimenting Hierarchical PCE 758 Architecture in a Distributed Multi-Platform Control Plane Testbed" , 759 in Proceedings of Optical Fiber Communication Conference and 760 Exposition (OFC) and The National Fiber Optic Engineers Conference 761 (NFOEC), 4-8 March, 2012, Los Angeles, California (USA). 763 R. Casellas, R. Martinez, R. Munoz, L. Liu, T. Tsuritani, I. Morita, 764 M. Tsurusawa, "Dynamic Virtual Link Mesh Topology Aggregation in 765 Multi-Domain Translucent WSON with Hierarchical-PCE", in 766 Proceedings of 37th European Conference and Exhibition on Optical 767 Communication (ECOC 2011), 18-22 September 2011, Geneve ( 768 Switzerland). 770 R. Casellas, R. Munoz, R. Martinez, "Lab Trial of Multi-Domain Path 771 Computation in GMPLS Controlled WSON Using a Hierarchical PCE", in 772 Proceedings of OFC/NFOEC Conference (OFC2011), 10 March 2011, Los 773 Angeles (USA). 775 [Note to the RFC Editor - This section is intended to be removed 776 before publication.] 778 10. Contributing Authors 780 Xian Zhang 781 Huawei 782 zhang.xian@huawei.com 784 11. Acknowledgments 786 The Internet-Draft and implementation has been partially funded by 787 the European Commission under the project Industry-Driven Elastic and 788 Adaptive Lambda Infrastructure for Service and Transport Networks 789 (IDEALIST) of the Seventh Framework Program, with Grant Agreement 790 Number: 317999. 792 12. References 794 12.1 Normative References 796 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 797 Requirement Levels", BCP 14, RFC 2119, March 1997. 799 [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V., 800 and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP 801 Tunnels", RFC 3209, December 2001. 803 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation 804 Element (PCE)-Based Architecture", RFC 4655, August 2006. 806 [RFC5152] Vasseur, JP., Ayyangar, A., and R. Zhang, "A Per-Domain 807 Path Computation Method for Establishing Inter-Domain 808 Traffic Engineering (TE) Label Switched Paths (LSPs)", 809 RFC 5152, February 2008. 811 [RFC5440] Vasseur, JP. and JL. Le Roux, "Path Computation Element 812 (PCE) Communication Protocol (PCEP)", RFC 5440, 813 March 2009. 815 [RFC5441] Vasseur, JP., Zhang, R., Bitar, N., and JL. Le Roux, "A 816 Backward-Recursive PCE-Based Computation (BRPC) Procedure 817 to Compute Shortest Constrained Inter-Domain Traffic 818 Engineering Label Switched Paths", RFC 5441, April 2009. 820 [RFC5886] Vasseur, JP., Le Roux, JL., and Y. Ikejiri, "A Set of 821 Monitoring Tools for Path Computation Element (PCE)-Based 822 Architecture", RFC 5886, June 2010. 824 [RFC6805] King, D. and A. Farrel, "The Application of the Path 825 Computation Element Architecture to the Determination of a 826 Sequence of Domains in MPLS and GMPLS", RFC 6805, 827 November 2012. 829 12.2 Informative References 831 [RFC5376] Bitar, N., Zhang, R., and K. Kumaki, "Inter-AS 832 Requirements for the Path Computation Element 833 Communication Protocol (PCECP)", RFC 5376, November 834 2008. 836 [RFC5394] Bryskin, I., Papadimitriou, D., Berger, L., and J. Ash, 837 "Policy-Enabled Path Computation Framework", RFC 5394, 838 December 2008. 840 [RFC5520] Bradford, R., Ed., Vasseur, JP., and A. Farrel, 841 "Preserving Topology Confidentiality in Inter-Domain 842 Path Computation Using a Path-Key-Based Mechanism", 843 RFC 5520, April 2009. 845 [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., Hardwick, 846 J., "Path Computation Element Communication Protocol 847 (PCEP) Management Information Base (MIB) Module", RFC 848 7420, December 2014. 850 [BGP-LS] Gredler, H., Medved, J., Previdi, S., Farrel, A., and 851 S. Ray, "North-Bound Distribution of Link-State and TE 852 Information using BGP", Work in Progress, January 2015. 854 Authors' Addresses 856 Fatai Zhang 857 Huawei 858 Huawei Base, Bantian, Longgang District 859 Shenzhen, 518129 860 China 862 Phone: +86-755-28972912 863 Email: zhangfatai@huawei.com 865 Quintin Zhao 866 Huawei 867 125 Nagog Technology Park 868 Acton, MA 01719 869 US 871 Phone: 872 Email: qzhao@huawei.com 874 Oscar Gonzalez de Dios 875 Telefonica I+D 876 Don Ramon de la Cruz 82-84 877 Madrid, 28045 878 Spain 880 Phone: +34913128832 881 Email: ogondio@tid.es 882 Ramon Casellas 883 CTTC 884 Av. Carl Friedrich Gauss n.7 885 Castelldefels, Barcelona 886 Spain 888 Phone: +34 93 645 29 00 889 Email: ramon.casellas@cttc.es 891 Daniel King 892 Old Dog Consulting 893 UK 895 Phone: 896 Email: daniel@olddog.co.uk