| PCE Working Group | H. Ananthakrishnan |
| Internet-Draft | Packet Design |
| Intended status: Standards Track | S. Sivabalan |
| Expires: December 31, 2017 | Cisco |
| C. Barth | |
| R. Torvi | |
| Juniper Networks | |
| I. Minei | |
| Google, Inc | |
| E. Crabbe | |
| Individual Contributor | |
| D. Dhody | |
| Huawei Technologies | |
| June 29, 2017 |
PCEP Extensions for MPSL-TE LSP Path Protection with stateful PCE
draft-ananthakrishnan-pce-stateful-path-protection-03
A stateful Path Computation Element (PCE) is capable of computing as well as controlling via Path Computation Element Protocol (PCEP) Multiprotocol Label Switching Traffic Engineering Label Switched Paths (MPLS LSP). Furthermore, it is also possible for a stateful PCE to create, maintain, and delete LSPs. This document describes PCEP extension to associate two or more LSPs to provide end-to-end path protection.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 31, 2017.
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[RFC5440] describes PCEP for communication between a Path Computation Client (PCC) and a PCE or between one a pair of PCEs as per [RFC4655]. A PCE computes paths for MPLS-TE LSPs based on various constraints and optimization criteria.
Stateful pce [I-D.ietf-pce-stateful-pce] specifies a set of extensions to PCEP to enable stateful control of paths such as MPLS TE LSPs between and across PCEP sessions in compliance with [RFC4657]. It includes mechanisms to effect LSP state synchronization between PCCs and PCEs, delegation of control of LSPs to PCEs, and PCE control of timing and sequence of path computations within and across PCEP sessions and focuses on a model where LSPs are configured on the PCC and control over them is delegated to the PCE. Furthermore, a mechanism to dynamically instantiate LSPs on a PCC based on the requests from a stateful PCE or a controller using stateful PCE is specified in [I-D.ietf-pce-pce-initiated-lsp].
Path protection refers to a paradigm in which the working LSP is protected by one or more protection LSP(s). When the working LSP fails, protection LSP(s) is/are activated. When the working LSPs are computed and controlled by the PCE, there is benefit in a mode of operation where protection LSPs are as well.
This document specifies a stateful PCEP extension to associate two or more LSPs for the purpose of setting up path protection. The proposed extension covers the following scenarios:
Note that protection LSP can be established prior to the failure (in which case the LSP is said to me in standby mode) or post failure of the corresponding working LSP according to the operator choice/policy.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
The following terminologies are used in this document:
LSPs are not associated by listing the other LSPs with which they interact, but rather by making them belong to an association group referred to as "Path Protection Association Group" (PPAG) in this document. All LSPs join a PPAG individually. PPAG is based on the generic Association object used to associate two or more LSPs specified in [I-D.ietf-pce-association-group]. A member of a PPAG can take the role of working or protection LSP. This document defines a new association type called "Path Protection Association Type" of value TBD1. A PPAG can have one working LSP and/or one or more protection LSPs. The source and destination of all LSPs within a PPAG MUST be the same.
The format of the Association object used for PPAG is specified in [I-D.ietf-pce-association-group] and replicated in this document for easy reference in Figure 1 and Figure 2.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Flags |R|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Association type = TBD1 | Association |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IPv4 Association Source |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Optional TLVs //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: PPAG IPv4 ASSOCIATION Object format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Flags |R|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Association Type = TBD1 | Association |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
| IPv6 Association Source |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
// Optional TLVs //
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: PPAG IPv6 ASSOCIATION Object format
This document defines a new Association type, the Path Protection Association type, value will be assigned by IANA (TBD1).
This Association-Type is dynamic in nature and created by the PCC or PCE for the LSPs originating at the same head node and terminating at the same destination. These associations are conveyed via PCEP messages to the PCEP peer. Operator-configured Association Range SHOULD NOT be set for this association-type and MUST be ignored.
The Path Protection Association TLV is an optional TLV for use with the Path Protection Association Object Type. The Path Protection Association TLV MUST NOT be present more than once. If it appears more than once, only the first occurrence is processed and any others MUST be ignored.
The Path Protection Association TLV follows the PCEP TLV format of [RFC5440].
The type (16 bits) of the TLV is to be assigned by IANA. The length field is 16 bit-long and has a fixed value of 4.
The value comprises a single field, the Path Protection Association Flags (32 bits), where each bit represents a flag option.
The format of the Path Protection Association TLV is as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = TBD2 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Path Protection Association Flags |S|P|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: Path Protection Association TLV format
P (PROTECTION-LSP 1 bit) - Indicates whether the LSP associated with the PPAG is working or protection LSP. If this flag is set, the LSP is a protection LSP.
S (STANDBY 1 bit)- When the P flag is set, the S flag indicates whether the protection LSP associated with the PPAG is in standby mode. The S flag is ignored if the P flag is not set.
If the Path Protection Association TLV is missing, it means the LSP is the working LSP.
A PCC can associate a set of LSPs under its control for path protection purpose. Similarly, the PCC can remove on or more LSPs under its control from the corresponding PPAG. In both cases, the PCC must report the change in association to PCE(s) via PCRpt message. A PCC can also delegate the working and protection LSPs to a stateful PCE, where PCE would control and update the paths and attributes of the LSPs in the association group.
A stateless PCC can request protection to a PCE through PCReq message.
A PCE can create/update working and protection LSPs independently. As specified in [I-D.ietf-pce-association-group], Association Groups can be created by both PCE and PCC.
A PCE can remove a protection LSP from a PPAG as specified in [I-D.ietf-pce-association-group].
During state synchronization, a PCC MUST report all the existing path protection association groups as well as any path protection flags to PCE(s). Following the state synchronization, the PCE would remove all stale information as per [I-D.ietf-pce-association-group].
All LSPs (working or protection) within a PPAG MUST have the same source and destination. If a PCE attempts to add an LSP to a PPAG and the source and/or destination of the LSP is/are different from the LSP(s) in the PPAG, the PCC MUST send PCErr with Error-Type= TBD (Association Error) [I-D.ietf-pce-association-group] and Error-Value = TBD3 (End points mismatch for Path Protection Association).
There MUST be only one working LSP within a PPAG. If a PCEP Speaker attempts to add another working LSP, the PCEP peer MUST send PCErr with Error-Type=TBD (Association Error) [I-D.ietf-pce-association-group] and Error-Value = TBD4 (Attempt to add another working LSP for Path Protection Association).
The diversity requirement for a group of LSPs is handled via another association type called "Disjointness Association", as described in [I-D.ietf-pce-association-diversity]. The diversity requirements for the the protection LSP are also handled by including both ASSOCIATION object for the group of LSPs.
This document defines a new association type, originally defined in [I-D.ietf-pce-association-group], for path protection. IANA is requested to make the assignment of a new value for the sub-registry "ASSOCIATION Type Field" (request to be created in [I-D.ietf-pce-association-group]), as follows:
| Association Type Value | Association Name | Reference |
|---|---|---|
| TBD1 (Suggested value - 1) | Path Protection Association | This document |
This document defines a new TLV for carrying additional information of LSPs within a path protection association group. IANA is requested to make the assignment of a new value for the existing "PCEP TLV Type Indicators" registry as follows:
| TLV Type Value | TLV Name | Reference |
|---|---|---|
| TBD2 (suggested Value - 29) | Path Protection Association Group TLV | This document |
This document requests that a new sub-registry, named "Path protection Association Group TLV Flag Field", is created within the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field in the Path Protection Association Group TLV. New values are to be assigned by Standards Action [RFC8126]. Each bit should be tracked with the following qualities:
Each bit should be tracked with the following qualities:
| Bit Number | Name | Reference |
|---|---|---|
| 31 | P - PROTECTION-LSP | This document |
| 30 | S - STANDBY | This document |
This document defines new Error-Type and Error-Value related to path protection association. IANA is requested to allocate new error values within the "PCEP-ERROR Object Error Types and Values" sub-registry of the PCEP Numbers registry, as follows:
| Error-Type | Meaning | Reference |
|---|---|---|
| TBD | Association error | [I-D.ietf-pce-association-group] |
| Error-value=TBD3: End points mismatch for Path Protection Association | This document | |
| Error-value=TBD4: Attempt to add another working LSP for Path Protection Association | This document |
The security considerations described in [I-D.ietf-pce-stateful-pce], [I-D.ietf-pce-pce-initiated-lsp], and [RFC5440] apply to the extensions described in this document as well. Additional considerations related to associations where a malicious PCEP speaker could be spoofed and could be used as an attack vector by creating associations is described in [I-D.ietf-pce-association-group]. Thus securing the PCEP session using Transport Layer Security (TLS) [I-D.ietf-pce-pceps], as per the recommendations and best current practices in [RFC7525], is RECOMMENDED.
Mechanisms defined in this document do not imply any control or policy requirements in addition to those already listed in [RFC5440], [I-D.ietf-pce-stateful-pce], and [I-D.ietf-pce-pce-initiated-lsp].
[RFC7420] describes the PCEP MIB, there are no new MIB Objects for this document.
The PCEP YANG module [I-D.ietf-pce-pcep-yang] supports associations.
Mechanisms defined in this document do not imply any new liveness detection and monitoring requirements in addition to those already listed in [RFC5440], [I-D.ietf-pce-stateful-pce], and [I-D.ietf-pce-pce-initiated-lsp].
Mechanisms defined in this document do not imply any new operation verification requirements in addition to those already listed in [RFC5440], [I-D.ietf-pce-stateful-pce], and [I-D.ietf-pce-pce-initiated-lsp].
Mechanisms defined in this document do not imply any new requirements on other protocols.
Mechanisms defined in this document do not have any impact on network operations in addition to those already listed in [RFC5440], [I-D.ietf-pce-stateful-pce], and [I-D.ietf-pce-pce-initiated-lsp].
We would like to thank Jeff Tantsura and Xian Zhang for their contributions to this document.