idnits 2.17.1 draft-ietf-pce-pcep-flowspec-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 1, 2018) is 2125 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-27) exists of draft-dhodylee-pce-pcep-ls-11 ** Downref: Normative reference to an Experimental draft: draft-dhodylee-pce-pcep-ls (ref. 'I-D.dhodylee-pce-pcep-ls') == Outdated reference: A later version (-22) exists of draft-ietf-idr-flow-spec-v6-09 ** Obsolete normative reference: RFC 5575 (Obsoleted by RFC 8955) == Outdated reference: A later version (-16) exists of draft-ietf-pce-segment-routing-12 Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Dhody, Ed. 3 Internet-Draft Huawei Technologies 4 Intended status: Standards Track A. Farrel, Ed. 5 Expires: January 2, 2019 Juniper Networks 6 Z. Li 7 Huawei Technologies 8 July 1, 2018 10 PCEP Extension for Flow Specification 11 draft-ietf-pce-pcep-flowspec-01 13 Abstract 15 The Path Computation Element (PCE) is a functional component capable 16 of selecting the paths through a traffic engineered network. These 17 paths may be supplied in response to requests for computation, or may 18 be unsolicited instructions issued by the PCE to network elements. 19 Both approaches use the PCE Communication Protocol (PCEP) to convey 20 the details of the computed path. 22 Traffic flows may be categorized and described using "Flow 23 Specifications". RFC 5575 defines the Flow Specification and 24 describes how it may be distributed in BGP to allow specific traffic 25 flows to be associated with routes. 27 This document specifies a set of extensions to PCEP to support 28 dissemination of Flow Specifications. This allows a PCE to indicate 29 what traffic should be placed on each path that it is aware of. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on January 2, 2019. 48 Copyright Notice 50 Copyright (c) 2018 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (https://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 67 3. Procedures for PCE Use of Flow Specifications . . . . . . . . 4 68 3.1. Capability Advertisement . . . . . . . . . . . . . . . . 5 69 3.1.1. PCEP OPEN Message . . . . . . . . . . . . . . . . . . 5 70 3.1.2. IGP PCE Capabilities Advertisement . . . . . . . . . 5 71 3.2. Dissemination Procedures . . . . . . . . . . . . . . . . 6 72 3.3. Flow Specification Synchronization . . . . . . . . . . . 7 73 4. PCE FlowSpec Capability TLV . . . . . . . . . . . . . . . . . 7 74 5. PCEP Flow Spec Object . . . . . . . . . . . . . . . . . . . . 8 75 6. Flow Filter TLV . . . . . . . . . . . . . . . . . . . . . . . 9 76 7. Flow Specification TLVs . . . . . . . . . . . . . . . . . . . 10 77 8. Detailed Procedures . . . . . . . . . . . . . . . . . . . . . 13 78 8.1. Default Behavior and Backward Compatibility . . . . . . . 14 79 8.2. Composite Flow Specifications . . . . . . . . . . . . . . 14 80 8.3. Modifying Flow Specifications . . . . . . . . . . . . . . 14 81 8.4. Multiple Flow Specifications . . . . . . . . . . . . . . 14 82 8.5. Adding and Removing Flow Specifications . . . . . . . . . 15 83 8.6. VPN Identifiers . . . . . . . . . . . . . . . . . . . . . 15 84 8.7. Priorities and Overlapping Flow Specifications . . . . . 15 85 9. PCEP Messages . . . . . . . . . . . . . . . . . . . . . . . . 16 86 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 87 10.1. PCEP Objects . . . . . . . . . . . . . . . . . . . . . . 19 88 10.2. PCEP TLV Type Indicators . . . . . . . . . . . . . . . . 19 89 10.3. Flow Specification TLV Type Indicators . . . . . . . . . 19 90 10.4. PCEP Error Codes . . . . . . . . . . . . . . . . . . . . 20 91 10.5. PCE Capability Flag . . . . . . . . . . . . . . . . . . 21 92 11. Security Considerations . . . . . . . . . . . . . . . . . . . 21 93 12. Manageability Considerations . . . . . . . . . . . . . . . . 22 94 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 22 95 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 96 14.1. Normative References . . . . . . . . . . . . . . . . . . 22 97 14.2. Informative References . . . . . . . . . . . . . . . . . 23 98 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 24 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 101 1. Introduction 103 [RFC4655] defines the Path Computation Element (PCE), a functional 104 component capable of computing paths for use in traffic engineering 105 networks. PCE was originally conceived for use in Multiprotocol 106 Label Switching (MPLS) for Traffic Engineering (TE) networks to 107 derive the routes of Label Switched Paths (LSPs). However, the scope 108 of PCE was quickly extended to make it applicable to Generalized MPLS 109 (GMPLS) networks, and more recent work has brought other traffic 110 engineering technologies and planning applications into scope (for 111 example, Segment Routing (SR) [I-D.ietf-pce-segment-routing]). 113 [RFC5440] describes the Path Computation Element Communication 114 Protocol (PCEP). PCEP defines the communication between a Path 115 Computation Client (PCC) and a PCE, or between PCE and PCE, enabling 116 computation of path for MPLS-TE LSPs. 118 Stateful PCE [RFC8231] specifies a set of extensions to PCEP to 119 enable control of TE-LSPs by a PCE that retains state about the the 120 LSPs provisioned in the network (a stateful PCE). [RFC8281] 121 describes the setup, maintenance, and teardown of LSPs initiated by a 122 stateful PCE without the need for local configuration on the PCC, 123 thus allowing for a dynamic network that is centrally controlled. 124 [RFC8283] introduces the architecture for PCE as a central controller 125 and describes how PCE can be viewed as a component that performs 126 computation to place 'flows' within the network and decide how these 127 flows are routed. 129 Dissemination of traffic flow specifications (Flow Specifications) 130 was introduced for BGP in [RFC5575]. A Flow Specification is 131 comprised of traffic filtering rules and actions. The routers that 132 receive a Flow Specification can classify received packets according 133 to the traffic filtering rules and can direct packets based on the 134 actions. 136 When a PCE is used to initiate tunnels (such as TE-LSPs or SR paths) 137 using PCEP, it is important that the head end of the tunnels 138 understands what traffic to place on each tunnel. The data flows 139 intended for a tunnel can be described using Flow Specifications, and 140 when PCEP is in use for tunnel initiation it makes sense for that 141 same protocol to be used to distribute the Flow Specifications that 142 describe what data is to flow on those tunnels. 144 This document specifies a set of extensions to PCEP to support 145 dissemination of Flow Specifications. The extensions include the 146 creation, update, and withdrawal of Flow Specifications via PCEP, and 147 can be applied to tunnels initiated by the PCE or to tunnels where 148 control is delegated to the PCE by the PCC. Furthermore, a PCC 149 requesting a new path can include Flow Specifications in the request 150 to indicate the purpose of the tunnel allowing the PCE to factor this 151 in during the path computation. 153 Flow Specifications are carried in TLVs within a new Flow Spec Object 154 defined in this document. The flow filtering rules indicated by the 155 Flow Specifications are mainly defined by BGP Flow Specifications. 157 2. Terminology 159 This document uses the following terms defined in [RFC5440]: PCC, 160 PCE, PCEP Peer. 162 The following term from [RFC5575] is used frequently throughout this 163 document: 165 Flow Specification (FlowSpec): A Flow Specification is an n-tuple 166 consisting of several matching criteria that can be applied to IP 167 traffic, including filters and actions. Each FlowSpec consists of 168 a set of filters and a set of actions. 170 This document uses the terms "stateful PCE" and "active PCE" as 171 advocated in [RFC7399]. 173 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 174 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 175 "OPTIONAL" in this document are to be interpreted as described in BCP 176 14 [RFC2119] [RFC8174] when, and only when, they appear in all 177 capitals, as shown here. 179 3. Procedures for PCE Use of Flow Specifications 181 There are three elements of procedure: 183 o A PCE and a PCC must be able to indicate whether or not they 184 support the use of Flow Specifications. 186 o A PCE or PCC must be able to include Flow Specifications in PCEP 187 messages with clear understanding of the applicability of those 188 Flow Specifications in each case including whether the use of such 189 information is mandatory, constrained, or optional, and how 190 overlapping Flow Specifications will be resolved. 192 o Flow Specification information/state must be synchronized between 193 PCEP peers so that, on recovery, the peers have the same 194 understanding of which Flow Specifications apply. 196 The following subsections describe these points. 198 3.1. Capability Advertisement 200 As with most PCEP capability advertisements, the ability to support 201 Flow Specifications can be indicated in the PCEP OPEN message or in 202 IGP PCE capability advertisements. 204 3.1.1. PCEP OPEN Message 206 During PCEP session establishment, a PCC or PCE that supports the 207 procedures described in this document announces this fact by 208 including the "PCE FlowSpec Capability" TLV (described in Section 4) 209 in the OPEN Object carried in the PCEP Open message. 211 The presence of the PCE FlowSpec Capability TLV in the OPEN Object in 212 a PCE's OPEN message indicates that the PCE can distribute FlowSpecs 213 to PCCs and can receive FlowSpecs in messages from the PCCs. 215 The presence of the PCE FlowSpec Capability TLV in the OPEN Object in 216 a PCC's OPEN message indicates that the PCC supports the FlowSpec 217 functionality described in this document. 219 If either one of a pair of PCEP peers does not indicate support of 220 the functionality described in this document by not including the PCE 221 FlowSpec Capability TLV in the OPEN Object in its OPEN message, then 222 the other peer MUST NOT include a FlowSpec object in any PCEP message 223 sent to the peer that does not support the procedures. If a FlowSpec 224 object is received even though support has not been indicated, the 225 receiver will respond with a PCErr message reporting the objects 226 containing the FlowSpec as described in [RFC5440]: that is, it will 227 use 'Unknown Object' if it does not support this specification, and 228 'Not supported object' if it supports this specification but has not 229 chosen to support FlowSpec objects on this PCEP session. 231 3.1.2. IGP PCE Capabilities Advertisement 233 The ability to advertise support for PCEP and PCE features in IGP 234 advertisements is provided for OSPF in [RFC5088] and for IS-IS in 235 [RFC5089]. The mechanism uses the PCE Discovery TLV which has a PCE- 236 CAP-FLAGS sub-TLV containing bit-flags each of which indicates 237 support for a different feature. 239 This document defines a new PCE-CAP-FLAGS sub-TLV bit, the FlowSpec 240 Capable flag (bit number TBD1). Setting the bit indicates that an 241 advertising PCE supports the procedures defined in this document. 243 Note that while PCE FlowSpec Capability may be advertised during 244 discovery, PCEP speakers that wish to use Flow Specification in PCEP 245 MUST negotiate PCE FlowSpec Capability during PCEP session setup, as 246 specified in Section 3.1.1. A PCC MAY initiate PCE FlowSpec 247 Capability negotiation at PCEP session setup even if it did not 248 receive any IGP PCE capability advertisement, and a PCEP peer that 249 advertised support for FlowSpec in the IGP is not obliged to support 250 these procedures on any given PCEP session. 252 3.2. Dissemination Procedures 254 This section describes the procedures to support Flow Specifications 255 in PCEP messages. 257 The primary purpose of distributing Flow Specification information is 258 to allow a PCE to indicate to a PCC what traffic it should place on a 259 path (such as an LSP or an SR path). This means that the Flow 260 Specification may be included in: 262 o PCInitiate messages so that an active PCE can indicate the traffic 263 to place on a path at the time that the PCE instantiates the path. 265 o PCUpd messages so that an active PCE can indicate or change the 266 traffic to place on a path that has already been set up. 268 o PCRpt messages so that a PCC can report the traffic that the PCC 269 plans to place on the path. 271 o PCReq messages so that a PCC can indicate what traffic it plans to 272 place on a path at the time it requests the PCE to perform a 273 computation in case that information aids the PCE in its work. 275 o PCRep messages so that a PCE that has been asked to compute a path 276 can suggest which traffic could be placed on a path that a PCC may 277 be about to set up. 279 o PCErr messages so that issues related to paths and the traffic 280 they carry can be reported to the PCE by the PCC, and so that 281 problems with other PCEP messages that carry Flow Specifications 282 can be reported. 284 To carry Flow Specifications in PCEP messages, this document defines 285 a new PCEP object called the PCEP Flow Spec Object. The object is 286 OPTIONAL in the messages described above and MAY appear more than 287 once in each message. 289 The PCEP Flow Spec Object carries zero or one Flow Filter TLV which 290 describes a traffic flow. 292 The inclusion of multiple PCEP Flow Spec Objects allows multiple 293 traffic flows to be placed on a single path. 295 Once a PCE and PCC have established that they can both support the 296 use of Flow Specifications in PCEP messages, such information may be 297 exchanged at any time for new or existing paths. 299 The application and prioritization of Flow Specifications is 300 described in Section 8.7. 302 3.3. Flow Specification Synchronization 304 The Flow Specifications are carried along with the LSP State 305 information as per [RFC8231] making the Flow Specifications part of 306 the LSP database (LSP-DB). Thus, the synchronization of the Flow 307 Specification information is done as part of LSP-DB synchronization. 308 This may be achieved using normal state synchronization procedures as 309 described in [RFC8231] or enhanced state synchronization procedures 310 as defined in [RFC8232]. 312 The approach selected will be implementation and deployment specific 313 and will depend on issues such as how the databases are constructed 314 and what level of synchronization support is needed. 316 4. PCE FlowSpec Capability TLV 318 The PCE-FLOWSPEC-CAPABILITY TLV is an optional TLV that can be 319 carried in the OPEN Object [RFC5440] to exchange PCE FlowSpec 320 capabilities of PCEP speakers. 322 The format of the PCE-FLOWSPEC-CAPABILITY TLV follows the format of 323 all PCEP TLVs as defined in [RFC5440] and is shown in Figure 1. 325 0 1 2 3 326 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 327 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 328 | Type=TBD2 | Length=2 | 329 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 330 | Value=0 | Padding | 331 +---------------------------------------------------------------+ 333 Figure 1: PCE-FLOWSPEC-CAPABILITY TLV format 335 The type of the PCE-FLOWSPEC-CAPABILITY TLV is TBD2 and it has a 336 fixed length of 2 octets. The Value field is set to default value 0. 337 The two bytes of padding MUST be set to zero and ignored on receipt. 339 The inclusion of this TLV in an OPEN object indicates that the sender 340 can perform FlowSpec handling as defined in this document. 342 5. PCEP Flow Spec Object 344 The PCEP Flow Spec object defined in this document is compliant with 345 the PCEP object format defined in [RFC5440]. It is OPTIONAL in the 346 PCReq, PCRep, PCErr, PCInitiate, PCRpt, and PCUpd messages and MAY be 347 present zero, one, or more times. Each instance of the object 348 specifies a traffic flow. 350 The PCEP Flow Spec object carries a FlowSpec filter rule encoded in a 351 TLV (as defined in Section 6. 353 The FLOW SPEC Object-Class is TBD3 (to be assigned by IANA). 355 The FLOW SPEC Object-Type is 1. 357 The format of the body of the PCEP Flow Spec object is shown in 358 Figure 2 359 0 1 2 3 360 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 361 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 362 | FS-ID | 363 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 364 | Reserved |R| 365 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 366 | | 367 | Flow Filter TLV (variable) | 368 | | 369 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 371 Figure 2: PCEP Flow Spec Object Body Format 373 FS-ID (32-bits): A PCEP-specific identifier for the FlowSpec 374 information. A PCE or PCC creates an FS-ID for each FlowSpec that it 375 originates, and the value is unique within the scope of that PCE or 376 PCC and is constant for the lifetime of a PCEP session. All 377 subsequent PCEP messages can identify the FlowSpec using the FS-ID. 378 The values 0 and 0xFFFFFFFF are reserved and MUST NOT be used. 380 Reserved bits: MUST be set to zero on transmission and ignored on 381 receipt. 383 R bit: The Remove bit is set when a PCEP Flow Spec Object is included 384 in a PCEP message to indicate removal of the Flow Specification from 385 the associated tunnel. If the bit is clear, the Flow Specification 386 is being added or modified. 388 Flow Filter TLV (variable): One TLV MAY be included. 390 The Flow Filter TLV is OPTIONAL when the R bit is set. The TLV MUST 391 be present when the R bit is clear. If the TLV is missing when the R 392 bit is clear, the PCEP peer MUST respond with a PCErr message with 393 error-type TBD8 (FlowSpec Error), error-value 2 (Malformed FlowSpec). 395 6. Flow Filter TLV 397 A new PCEP TLV is defined to convey Flow Specification filtering 398 rules that specify what traffic is carried on a path. The TLV 399 follows the format of all PCEP TLVs as defined in [RFC5440]. The 400 Type field values come from the codepoint space for PCEP TLVs and has 401 the value TBD4. 403 The Value field contains one or more sub-TLVs (the Flow Specification 404 TLVs) as defined in Section 7. Only one Flow Filter TLV can be 405 present and represents the complete definition of a Flow 406 Specification for traffic to be placed on the tunnel indicated by the 407 PCEP message in which the PCEP Flow Spec Object is carried. The set 408 of Flow Specification TLVs in a single instance of a Flow Filter TLV 409 are combined to indicate the specific Flow Specification. 411 Further Flow Specifications can be included in a PCEP message by 412 including additional Flow Spec objects. 414 7. Flow Specification TLVs 416 The Flow Filter TLV carries one or more Flow Specification TLV. The 417 Flow Specification TLV follows the format of all PCEP TLVs as defined 418 in [RFC5440], however, the Type values are selected from a separate 419 IANA registry (see Section 10) rather than from the common PCEP TLV 420 registry. 422 Type values are chosen so that there can be commonality with Flow 423 Specifications defined for use with BGP. This is possible because 424 the BGP Flow Spec encoding uses a single octet to encode the type 425 where PCEP uses two octets. Thus the space of values for the Type 426 field is partitioned as shown in Figure 3. 428 Range | 429 ---------------+--------------------------------------------------- 430 0 | Reserved - must not be allocated. 431 | 432 1 .. 255 | Per BGP registry defined by [RFC5575]. 433 | Not to be allocated in this registry. 434 | 435 256 .. 65535 | New PCEP Flow Specifications allocated according 436 | to the registry defined in this document. 438 Figure 3: Flow Specification TLV Type Ranges 440 The content of the Value field in each TLV is specific to the type 441 and describes the parameters of the Flow Specification. The 442 definition of the format of many of these Value fields is inherited 443 from BGP specifications as shown in Figure 4. Specifically, the 444 inheritance is from [RFC5575] and [I-D.ietf-idr-flow-spec-v6], but 445 may also be inherited from future BGP specifications. 447 When multiple Flow Specification TLVs are present in a single Flow 448 Filter TLV they are combined to produce a more detailed description 449 of a flow. For examples and rules about how this is achieved, see 450 [RFC5575]. 452 An implementation that receives a PCEP message carrying a Flow 453 Specification TLV with a type value that it does not recognize or 454 does not support MUST respond with a PCErr message with error-type 455 TBD8 (FlowSpec Error), error-value 1 (Unsupported FlowSpec) and MUST 456 NOT install the Flow Specification. 458 When used in other protocols (such as BGP) these Flow Specifications 459 are also associated with actions to indicate how traffic matching the 460 Flow Specification should be treated. In PCEP, however, the only 461 action is to associate the traffic with a tunnel and to forward 462 matching traffic on to that path, so no encoding of an action is 463 needed. 465 Section 8.7 describes how overlapping Flow Specifications are 466 prioritized and handled. 468 +-------+-------------------------+-----------------------------+ 469 | Type | Description | Value defined in | 470 | | | | 471 +-------+-------------------------+-----------------------------+ 472 | * | Destination IPv4 Prefix | [RFC5575] | 473 +-------+-------------------------+-----------------------------+ 474 | * | Source IPv4 Prefix | [RFC5575] | 475 +-------+-------------------------+-----------------------------+ 476 | * | IP Protocol | [RFC5575] | 477 +-------+-------------------------+-----------------------------+ 478 | * | Port | [RFC5575] | 479 +-------+-------------------------+-----------------------------+ 480 | * | Destination port | [RFC5575] | 481 +-------+-------------------------+-----------------------------+ 482 | * | Source port | [RFC5575] | 483 +-------+-------------------------+-----------------------------+ 484 | * | ICMP type | [RFC5575] | 485 +-------+-------------------------+-----------------------------+ 486 | * | ICMP code | [RFC5575] | 487 +-------+-------------------------+-----------------------------+ 488 | * | TCP flags | [RFC5575] | 489 +-------+-------------------------+-----------------------------+ 490 | * | Packet length | [RFC5575] | 491 +-------+-------------------------+-----------------------------+ 492 | * | DSCP | [RFC5575] | 493 +-------+-------------------------+-----------------------------+ 494 | * | Fragment | [RFC5575] | 495 +-------+-------------------------+-----------------------------+ 496 | * | Flow Label | [I-D.ietf-idr-flow-spec-v6] | 497 +-------+-------------------------+-----------------------------+ 498 | * | Destination IPv6 Prefix | [I-D.ietf-idr-flow-spec-v6] | 499 +-------+-------------------------+-----------------------------+ 500 | * | Source IPv6 Prefix | [I-D.ietf-idr-flow-spec-v6] | 501 +-------+-------------------------+-----------------------------+ 502 | * | Next Header | [I-D.ietf-idr-flow-spec-v6] | 503 +-------+-------------------------+-----------------------------+ 504 | TBD5 | Route Distinguisher | [I-D.dhodylee-pce-pcep-ls] | 505 +-------+-------------------------+-----------------------------+ 506 | TBD6 | IPv4 Multicast Flow | [This.I-D] | 507 +-------+-------------------------+-----------------------------+ 508 | TBD7 | IPv6 Multicast Flow | [This.I-D] | 509 +-------+-------------------------+-----------------------------+ 511 * Indicates that the TLV Type value comes from the value used 512 in BGP. 514 Figure 4: Table of Flow Specification TLV Types 516 All Flow Specification TLVs with Types in the range 1 to 255 have 517 Values defined for use in BGP (for example, in [RFC5575] and 518 [I-D.ietf-idr-flow-spec-v6]) and are set using the BGP encoding, but 519 without the type or length octets (the relevant information is in the 520 Type and Length fields of the TLV). The Value field is padded with 521 trailing zeros to achieve 4-byte alignment. 523 [I-D.dhodylee-pce-pcep-ls] defines a way to convey identification of 524 a VPN in PCEP via a Route Distinguisher (RD) [RFC4364] encoded in 525 ROUTE-DISTINGUISHER TLV. A Flow Specification TLV with Type TBD5 526 carries a Value field matching that present in the ROUTE- 527 DISTINGUISHER TLV and is used to identify that other flow filter 528 information (for example, an IPv4 destination prefix) is associated 529 with a specific VPN identified by the RD. See Section 8.6 for 530 further discussion of VPN identification. 532 Although it may be possible to describe a multicast Flow 533 Specification from the combination of other Flow Specification TLVs 534 with specific values, it is more convenient to use a dedicated Flow 535 Specification TLV. Flow Specification TLVs with Type values TBD6 and 536 TBD7 are used to identify a multicast flow for IPv4 and IPv6 537 respectively. The Value field is encoded as shown in Figure 5. 539 0 1 2 3 540 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 542 | Rsvd |S|W|R| Rsvd |B|Z| Src Mask Len | Grp Mask Len | 543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 544 ~ Source Address ~ 545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 546 ~ Group multicast Address ~ 547 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 549 Figure 5: Multicast Flow Specification TLV Encoding 551 The fields of the two Multicast Flow Specification TLVs are as 552 described in Section 4.9.1 of [RFC7761] noting that the two address 553 fields are 32 bits for the IPv4 Multicast Flow and 128 bits for the 554 IPv6 Multicast Flow. Reserved fields (RSVD) MUST be set to zero and 555 ignored on receipt. 557 8. Detailed Procedures 559 This section outlines some specific detailed procedures for using the 560 protocol extensions defined in this document. 562 8.1. Default Behavior and Backward Compatibility 564 The default behavior is that no Flow Specification is applied to a 565 tunnel. That is, the default is that the Flow Spec object is not 566 used as is the case in all systems before the implementation of this 567 specification. 569 In this case it is a local matter (such as through configuration) how 570 tunnel head ends are instructed what traffic to place on a tunnel. 572 [RFC5440]describes how receivers respond when they see unknown PCEP 573 objects. 575 8.2. Composite Flow Specifications 577 Flow Specifications may be represented by a single Flow Specification 578 TLV or may require a more complex description using multiple Flow 579 Specification TLVs. For example, a flow indicated by a source- 580 destination pair of IPv6 addresses would be described by the 581 combination of Destination IPv6 Prefix and Source IPv6 Prefix Flow 582 Specification TLVs. 584 8.3. Modifying Flow Specifications 586 A PCE may want to modify a Flow Specification associated with a 587 tunnel, or a PCC may want to report a change to the Flow 588 Specification it is using with a tunnel. 590 It is important that the specific Flow Specification is identified so 591 that it is clear that this is a modification of an existing flow and 592 not the addition of a new flow as described in Section 8.4. The FS- 593 ID field of the PCEP Flow Spec Object is used to identify a specific 594 Flow Specification. 596 When modifying a Flow Specification, all Flow Specification TLVs for 597 the intended specification of the flow MUST be included in the PCEP 598 Flow Spec Object and the FS-ID MUST be retained from the previous 599 description of the flow. 601 8.4. Multiple Flow Specifications 603 It is possible that multiple flows will be place on a single tunnel. 604 In some cases it is possible to to define these within a single PCEP 605 Flow Spec Object: for example, two Destination IPv4 Prefix TLVs could 606 be included to indicate that packets matching either prefix are 607 acceptable. PCEP would consider this as a single Flow Specification 608 identified by a single FS-ID. 610 In other scenarios the use of multiple Flow Specification TLVs would 611 be confusing. For example, if flows from A to B and from C to D are 612 to be included then using two Source IPv4 Prefix TLVs and two 613 Destination IPv4 Prefix TLVs would be confusing (are flows from A to 614 D included?). In these cases, each Flow Specification is carried in 615 its own PCEP Flow Spec Object with multiple objects present on a 616 single PCEP message. Use of separate objects also allows easier 617 removal and modification of Flow Specifications. 619 8.5. Adding and Removing Flow Specifications 621 The Remove bit in the the PCEP Flow Spec Object is left clear when a 622 Flow Specification is being added or modified. 624 To remove a Flow Specification, a PCEP Flow Spec Object is included 625 with the FS-ID matching the one being removed, and the R bit set to 626 indicate removal. In this case it is not necessary to include any 627 Flow Specification TLVs. 629 If the R bit is set and Flow Specification TLVs are present an 630 implementation MAY ignore them. If the implementation checks the 631 Flow Specification TLVs against those recorded for the FS-ID of the 632 Flow Specification being removed and finds a mismatch, the Flow 633 Specification MUST still be removed and the implementation SHOULD 634 record a local exception or log. 636 8.6. VPN Identifiers 638 VPN instances are identified in BGP using Route Distinguishers (RDs) 639 [RFC4364]. These values are not normally considered to have any 640 meaning outside of the network, and they are not encoded in data 641 packets belonging to the VPNs. However, RDs provide a useful way of 642 identifying VPN instances and are often manually or automatically 643 assigned to VPNs as they are provisioned. 645 Thus the RD provides a useful way to indicate that traffic for a 646 particular VPN should be placed on a given tunnel. The tunnel head 647 end will need to interpret this Flow Specification not as a filter on 648 the fields of data packets, but using the other mechanisms that it 649 already uses to identify VPN traffic. This could be based on the 650 incoming port (for port-based VPNs) or may leverage knowledge of the 651 VRF that is in use for the traffic. 653 8.7. Priorities and Overlapping Flow Specifications 655 TBD 656 An implementation that receives a PCEP message carrying a Flow 657 Specification that it cannot resolve against other Flow 658 Specifications already installed MUST respond with a PCErr message 659 with error-type TBD8 (FlowSpec Error), error-value 3 (Unresolvable 660 conflict) and MUST NOT install the Flow Specification. 662 9. PCEP Messages 664 The figures in this section use the notation defined in [RFC5511]. 666 The FLOW SPEC Object is OPTIONAL and MAY be carried in the PCEP 667 messages. 669 The PCInitiate message is defined in [RFC8281] and updated as below: 671 ::= 672 674 Where: 675 ::= 676 [] 678 ::= 679 ( | 680 ) 682 ::= 683 684 [] 685 686 [] 687 [] 689 Where: 690 ::= [] 692 The PCUpd message is defined in [RFC8231] and updated as below: 694 ::= 695 697 Where: 698 ::= 699 [] 701 ::= 702 703 704 [] 706 Where: 707 ::= 709 ::= [] 711 The PCRpt message is defined in [RFC8231] and updated as below: 713 ::= 714 716 Where: 717 ::= [] 719 ::= [] 720 721 722 [] 724 Where: 725 ::= 726 [] 727 729 ::= [] 731 The PCReq message is defined in [RFC5440] and updated in [RFC8231], 732 it is further updated below for flow specification: 734 ::= 735 [] 736 738 Where: 739 ::= [] 741 ::= [] 743 ::= 744 745 [] 746 [] 747 [] 748 [] 749 [[]] 750 [] 751 [] 752 [] 754 Where: 755 ::= [] 757 The PCRep message is defined in [RFC5440] and updated in [RFC8231], 758 it is further updated below for flow specification: 760 ::= 761 763 Where: 764 ::=[] 766 ::= 767 [] 768 [] 769 [] 770 [] 771 [] 773 Where: 774 ::= [] 776 10. IANA Considerations 778 IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" 779 registry. This document requests IANA actions to allocate code 780 points for the protocol elements defined in this document. 782 10.1. PCEP Objects 784 Each PCEP object has an Object-Class and an Object-Type. IANA 785 maintains a subregistry called "PCEP Objects". IANA is requested to 786 make an assignment from this subregistry as follows: 788 Object-Class | Value Name | Object-Type | Reference 789 -------------+-------------+------------------------+---------------- 790 TBD3 | FLOW SPEC | 0: Reserved | [This.I-D] 791 | | 1: Flow Specification | [This.I-D] 793 10.2. PCEP TLV Type Indicators 795 IANA maintains a subregistry called "PCEP TLV Type Indicators". IANA 796 is requested to make an assignment from this subregistry as follows: 798 Value | Meaning | Reference 799 --------+------------------------------+------------- 800 TBD2 | PCE-FLOWSPEC-CAPABILITY TLV | [This.I-D] 801 TBD4 | FLOW FILTER TLV | [This.I-D] 803 10.3. Flow Specification TLV Type Indicators 805 IANA is requested to create a new subregistry call the "PCEP Flow 806 Specification TLV Type Indicators" registry. 808 Allocations from this registry are to be made according to the 809 following assignment policies [RFC8126]: 811 Range | Assignment policy 812 ---------------+--------------------------------------------------- 813 0 | Reserved - must not be allocated. 814 | 815 1 .. 255 | Reserved - must not be allocated. 816 | Usage mirrors the BGP FlowSpec registry [RFC5575]. 817 | 818 258 .. 64506 | Specification Required 819 | 820 64507 .. 65531 | First Come First Served 821 | 822 65532 .. 65535 | Experimental 824 IANA is requested to pre-populate this registry with values defined 825 in this document as follows, taking the new values from the range 258 826 to 64506: 828 Value | Meaning 829 -------+------------------------ 830 TBD5 | Route Distinguisher 831 TBD6 | IPv4 Multicast 832 TBD7 | IPv6 Multicast 834 10.4. PCEP Error Codes 836 IANA maintains a subregistry called "PCEP-ERROR Object Error Types 837 and Values". Entries in this subregistry are described by Error-Type 838 and Error-value. IANA is requested to make the following assignment 839 from this subregistry: 841 Error-| Meaning | Error-value | Reference 842 Type | | | 843 -------+--------------------+----------------------------+----------- 844 TBD8 | FlowSpec error | 0: Unassigned | [This.I-D] 845 | | 1: Unsupported FlowSpec | [This.I-D] 846 | | 2: Malformed FlowSpec | [This.I-D] 847 | | 3: Unresolvable conflict | [This.I-D] 848 | | 4-255: Unassigned | [This.I-D] 850 10.5. PCE Capability Flag 852 IANA maintains a subregistry called "Open Shortest Path First v2 853 (OSPFv2) Parameters" with a sub-registry called "Path Computation 854 Element (PCE) Capability Flags". IANA is requested to assign a new 855 capability bit from this registry as follows: 857 Bit | Capability Description | Reference 858 -------+-------------------------------+------------ 859 TBD1 | FlowSpec | [This.I-D] 861 11. Security Considerations 863 We may assume that a system that utilizes a remote PCE is subject to 864 a number of vulnerabilities that could allow spurious LSPs or SR 865 paths to be established or that could result in existing paths being 866 modified or torn down. Such systems, therefore, apply security 867 considerations as described in [RFC5440], [RFC6952], and [RFC8253]. 869 The description of Flow Specifications associated with paths set up 870 or controlled by a PCE add a further detail that could be attacked 871 without tearing down LSPs or SR paths, but causing traffic to be 872 misrouted within the network. Therefore, the use of the security 873 mechanisms for PCEP referenced above is important. 875 Visibility into the information carried in PCEP does not have direct 876 privacy concerns for end-users' data, however, knowledge of how data 877 is routed in a network may make that data more vulnerable. Of 878 course, the ability to interfere with the way data is routed also 879 makes the data more vulnerable. Furthermore, knowledge of the 880 connected end-points (such as multicast receivers or VPN sites) is 881 usually considered private customer information. Therefore, 882 implementations or deployments concerned to protect privacy MUST 883 apply the mechanisms described in the documents referenced above. 885 Experience with Flow Specifications in BGP systems indicates that 886 they can become complex and that the overlap of Flow Specifications 887 installed in different orders can lead to unexpected results. 888 Although this is not directly a security issue per se, the confusion 889 and unexpected forwarding behavior may be engineered or exploited by 890 an attacker. Therefore, implementers and operators SHOULD pay 891 careful attention to the Manageability Considerations described in 892 Section 12. 894 12. Manageability Considerations 896 TBD 898 13. Acknowledgements 900 Thanks to Julian Lucek and Sudhir Cheruathur for useful discussions. 902 14. References 904 14.1. Normative References 906 [I-D.dhodylee-pce-pcep-ls] 907 Dhody, D., Lee, Y., and D. Ceccarelli, "PCEP Extension for 908 Distribution of Link-State and TE Information.", draft- 909 dhodylee-pce-pcep-ls-11 (work in progress), June 2018. 911 [I-D.ietf-idr-flow-spec-v6] 912 McPherson, D., Raszuk, R., Pithawala, B., 913 akarch@cisco.com, a., and S. Hares, "Dissemination of Flow 914 Specification Rules for IPv6", draft-ietf-idr-flow-spec- 915 v6-09 (work in progress), November 2017. 917 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 918 Requirement Levels", BCP 14, RFC 2119, 919 DOI 10.17487/RFC2119, March 1997, 920 . 922 [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation 923 Element (PCE) Communication Protocol (PCEP)", RFC 5440, 924 DOI 10.17487/RFC5440, March 2009, 925 . 927 [RFC5511] Farrel, A., "Routing Backus-Naur Form (RBNF): A Syntax 928 Used to Form Encoding Rules in Various Routing Protocol 929 Specifications", RFC 5511, DOI 10.17487/RFC5511, April 930 2009, . 932 [RFC5575] Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., 933 and D. McPherson, "Dissemination of Flow Specification 934 Rules", RFC 5575, DOI 10.17487/RFC5575, August 2009, 935 . 937 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 938 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 939 May 2017, . 941 [RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, 942 "PCEPS: Usage of TLS to Provide a Secure Transport for the 943 Path Computation Element Communication Protocol (PCEP)", 944 RFC 8253, DOI 10.17487/RFC8253, October 2017, 945 . 947 14.2. Informative References 949 [I-D.ietf-pce-segment-routing] 950 Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 951 and J. Hardwick, "PCEP Extensions for Segment Routing", 952 draft-ietf-pce-segment-routing-12 (work in progress), June 953 2018. 955 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 956 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 957 2006, . 959 [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation 960 Element (PCE)-Based Architecture", RFC 4655, 961 DOI 10.17487/RFC4655, August 2006, 962 . 964 [RFC5088] Le Roux, JL., Ed., Vasseur, JP., Ed., Ikejiri, Y., and R. 965 Zhang, "OSPF Protocol Extensions for Path Computation 966 Element (PCE) Discovery", RFC 5088, DOI 10.17487/RFC5088, 967 January 2008, . 969 [RFC5089] Le Roux, JL., Ed., Vasseur, JP., Ed., Ikejiri, Y., and R. 970 Zhang, "IS-IS Protocol Extensions for Path Computation 971 Element (PCE) Discovery", RFC 5089, DOI 10.17487/RFC5089, 972 January 2008, . 974 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 975 BGP, LDP, PCEP, and MSDP Issues According to the Keying 976 and Authentication for Routing Protocols (KARP) Design 977 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 978 . 980 [RFC7399] Farrel, A. and D. King, "Unanswered Questions in the Path 981 Computation Element Architecture", RFC 7399, 982 DOI 10.17487/RFC7399, October 2014, 983 . 985 [RFC7761] Fenner, B., Handley, M., Holbrook, H., Kouvelas, I., 986 Parekh, R., Zhang, Z., and L. Zheng, "Protocol Independent 987 Multicast - Sparse Mode (PIM-SM): Protocol Specification 988 (Revised)", STD 83, RFC 7761, DOI 10.17487/RFC7761, March 989 2016, . 991 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 992 Writing an IANA Considerations Section in RFCs", BCP 26, 993 RFC 8126, DOI 10.17487/RFC8126, June 2017, 994 . 996 [RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path 997 Computation Element Communication Protocol (PCEP) 998 Extensions for Stateful PCE", RFC 8231, 999 DOI 10.17487/RFC8231, September 2017, 1000 . 1002 [RFC8232] Crabbe, E., Minei, I., Medved, J., Varga, R., Zhang, X., 1003 and D. Dhody, "Optimizations of Label Switched Path State 1004 Synchronization Procedures for a Stateful PCE", RFC 8232, 1005 DOI 10.17487/RFC8232, September 2017, 1006 . 1008 [RFC8281] Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "Path 1009 Computation Element Communication Protocol (PCEP) 1010 Extensions for PCE-Initiated LSP Setup in a Stateful PCE 1011 Model", RFC 8281, DOI 10.17487/RFC8281, December 2017, 1012 . 1014 [RFC8283] Farrel, A., Ed., Zhao, Q., Ed., Li, Z., and C. Zhou, "An 1015 Architecture for Use of PCE and the PCE Communication 1016 Protocol (PCEP) in a Network with Central Control", 1017 RFC 8283, DOI 10.17487/RFC8283, December 2017, 1018 . 1020 Appendix A. Contributors 1022 Shankara 1023 Huawei Technologies 1024 Divyashree Techno Park, 1025 Whitefield Bangalore, 1026 Karnataka 1027 560066 1028 India 1030 Email: shankara@huawei.com 1031 Qiandeng Liang 1032 Huawei Technologies 1033 101 Software Avenue, 1034 Yuhuatai District 1035 Nanjing 1036 210012 1037 China 1039 Email: liangqiandeng@huawei.com 1041 Cyril Margaria 1042 Juniper Networks 1043 200 Somerset Corporate Boulevard, Suite 4001 1044 Bridgewater, NJ 1045 08807 1046 USA 1048 Email: cmargaria@juniper.net 1050 Colby Barth 1051 Juniper Networks 1052 200 Somerset Corporate Boulevard, Suite 4001 1053 Bridgewater, NJ 1054 08807 1055 USA 1057 Email: cbarth@juniper.net 1059 Xia Chen 1060 Huawei Technologies 1061 Huawei Bld., No.156 Beiqing Rd. 1062 Beijing 1063 100095 1064 China 1066 Email: jescia.chenxia@huawei.com 1068 Shunwan Zhuang 1069 Huawei Technologies 1070 Huawei Bld., No.156 Beiqing Rd. 1071 Beijing 1072 100095 1073 China 1075 Email: zhuangshunwan@huawei.com 1077 Authors' Addresses 1079 Dhruv Dhody (editor) 1080 Huawei Technologies 1081 Divyashree Techno Park, Whitefield 1082 Bangalore, Karnataka 560066 1083 India 1085 Email: dhruv.ietf@gmail.com 1087 Adrian Farrel (editor) 1088 Juniper Networks 1090 Email: afarrel@juniper.net 1092 Zhenbin Li 1093 Huawei Technologies 1094 Huawei Bld., No.156 Beiqing Rd. 1095 Beijing 100095 1096 China 1098 Email: lizhenbin@huawei.com