Internet DRAFT - draft-li-pce-pcep-l2-flowspec
draft-li-pce-pcep-l2-flowspec
PCE Working Group D. Dhody
Internet-Draft Huawei Technologies
Intended status: Standards Track A. Farrel
Expires: April 17, 2022 Old Dog Consulting
Z. Li
Huawei Technologies
October 14, 2021
PCEP Extension for L2 Flow Specification
draft-li-pce-pcep-l2-flowspec-00
Abstract
The Path Computation Element (PCE) is a functional component capable
of selecting paths through a traffic engineering network. These
paths may be supplied in response to requests for computation, or may
be unsolicited requests issued by the PCE to network elements. Both
approaches use the PCE Communication Protocol (PCEP) to convey the
details of the computed path.
Traffic flows may be categorized and described using "Flow
Specifications". RFC 8955 defines the Flow Specification and
describes how Flow Specification Components are used to describe
traffic flows. RFC 8955 also defines how Flow Specifications may be
distributed in BGP to allow specific traffic flows to be associated
with routes.
RFC XXXX specifies a set of extensions to PCEP to support
dissemination of Flow Specifications. This allows a PCE to indicate
what traffic should be placed on each path that it is aware of.
The extensions defined in this document extends the support for
Ethernet Layer 2 (L2) and Layer 2 Virtual Private Network (L2VPN)
traffic filtering rules either by themselves or in conjunction with
L3 flowspecs.
RFC Editor Note: Please replace XXXX in the Abstract with the RFC
number assigned to draft-ietf-pce-pcep-flowspec when it is published.
Please remove this note.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
Dhody, et al. Expires April 17, 2022 [Page 1]
Internet-Draft PCEP-L2-FlowSpec October 2021
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 17, 2022.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. L2 Flow Specifications . . . . . . . . . . . . . . . . . . . 5
3.1. L2 Flow Specification TLVs . . . . . . . . . . . . . . . 6
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
4.1. PCEP TLV Type Indicators . . . . . . . . . . . . . . . . 7
4.2. L2 Flow Specification TLV Type Indicators . . . . . . . . 7
5. Implementation Status . . . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . 9
8.2. Informative References . . . . . . . . . . . . . . . . . 10
Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
RFC Editor Note: Please remove the below text before publication -
Dhody, et al. Expires April 17, 2022 [Page 2]
Internet-Draft PCEP-L2-FlowSpec October 2021
The text in the document was earlier part of version 12 of draft-
ietf-pce-pcep-flowspec which was approved by the IESG and was in
the RFC Editor queue for a long time waiting for draft-ietf-idr-
flowspec-l2vpn to be ready. The pending specification for
Flowspec V2 and implementation based on it will take time, it was
decided to strip the L2 flowspec from the draft-ietf-pce-pcep-
flowspec and move it an independent document (this one!).
[RFC4655] defines the Path Computation Element (PCE), a functional
component capable of computing paths for use in traffic engineering
networks. PCE was originally conceived for use in Multiprotocol
Label Switching (MPLS) for Traffic Engineering (TE) networks to
derive the routes of Label Switched Paths (LSPs). However, the scope
of PCE was quickly extended to make it applicable to Generalized MPLS
(GMPLS)-controlled networks, and more recent work has brought other
traffic engineering technologies and planning applications into scope
(for example, Segment Routing (SR) [RFC8664]).
[RFC5440] describes the Path Computation Element Communication
Protocol (PCEP). PCEP defines the communication between a Path
Computation Client (PCC) and a PCE, or between PCE and PCE, enabling
computation of path for MPLS-TE LSPs.
Stateful PCE [RFC8231] specifies a set of extensions to PCEP to
enable control of TE-LSPs by a PCE that retains state about the LSPs
provisioned in the network (a stateful PCE). [RFC8281] describes the
setup, maintenance, and teardown of LSPs initiated by a stateful PCE
without the need for local configuration on the PCC, thus allowing
for a dynamic network that is centrally controlled. [RFC8283]
introduces the architecture for PCE as a central controller and
describes how PCE can be viewed as a component that performs
computation to place 'flows' within the network and decide how these
flows are routed.
The description of traffic flows by the combination of multiple Flow
Specification Components and their dissemination as traffic flow
specifications (Flow Specifications) is described for BGP in
[RFC8955]. In BGP, a Flow Specification is comprised of traffic
filtering rules and is associated with actions to perform on the
packets that match the Flow Specification. The BGP routers that
receive a Flow Specification can classify received packets according
to the traffic filtering rules and can direct packets based on the
associated actions. [I-D.hares-idr-flowspec-v2] specify the version
2 of the BGP flow specification protocol that resolves some of issues
with version 1.
When a PCE is used to initiate tunnels (such as TE-LSPs or SR paths)
using PCEP, it is important that the head end of the tunnels
Dhody, et al. Expires April 17, 2022 [Page 3]
Internet-Draft PCEP-L2-FlowSpec October 2021
understands what traffic to place on each tunnel. The data flows
intended for a tunnel can be described using Flow Specification
Components. When PCEP is in use for tunnel initiation it makes sense
for that same protocol to be used to distribute the Flow
Specification Components that describe what data is to flow on those
tunnels.
[I-D.ietf-pce-pcep-flowspec] specifies a set of extensions to PCEP to
support dissemination of Flow Specification Components. It includes
the creation, update, and withdrawal of Flow Specifications via PCEP,
and can be applied to tunnels initiated by the PCE or to tunnels
where control is delegated to the PCE by the PCC. Furthermore, a PCC
requesting a new path can include Flow Specifications in the request
to indicate the purpose of the tunnel allowing the PCE to factor this
into the path computation.
[I-D.ietf-idr-flowspec-l2vpn] defines a BGP flowspec extension to
disseminate Ethernet Layer 2 (L2) and Layer 2 Virtual Private Network
(L2VPN) traffic filtering rules either by themselves or in
conjunction with L3 flowspecs. This document extends the same
support for PCEP by defining a new L2 Flow Filter TLV to be carried
within the FLOWSPEC object. The context and the procedures for the
use of Flow Specifications is as per [I-D.ietf-pce-pcep-flowspec].
2. Terminology
This document uses the following terms defined in [RFC5440]: PCC,
PCE, PCEP Peer.
The following term from [RFC8955] is used frequently throughout this
document:
A Flow Specification is an n-tuple consisting of several matching
criteria that can be applied to IP traffic. A given IP packet is
said to match the defined Flow Specification if it matches all the
specified criteria.
Its usage in PCEP is further clarified in
[I-D.ietf-pce-pcep-flowspec].
This document uses the terms "stateful PCE" and "active PCE" as
advocated in [RFC7399].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Dhody, et al. Expires April 17, 2022 [Page 4]
Internet-Draft PCEP-L2-FlowSpec October 2021
3. L2 Flow Specifications
As per [I-D.ietf-pce-pcep-flowspec], to carry Flow Specifications in
PCEP messages, a PCEP object called the PCEP FLOWSPEC object is
defined. To describe a traffic flow, a PCEP TLV called the Flow
Filter TLV is aldo defined. This document extends the support for L2
flow specifications by creating a new PCEP TLV called L2 Flow Filter
TLV and update the processing rules.
The PCEP FLOWSPEC object carries a FlowSpec filter rule encoded in a
TLV. To describe a traffic flow based on both L3 and L2 fields a new
L2 Flow Filter TLV is introduced by this document. The PCEP FLOWSPEC
object could carries one of the following combinations of TLVs:
o no TLV
o one Flow Filter TLV
o one L2 Flow Filter TLV
o both a Flow Filter TLV and an L2 Flow Filter TLV
At most one L2 Flow Filter TLV MAY be include in the the PCEP
FLOWSPEC object. The TLV is OPTIONAL when the R (remove) bit is set
in the object. At least one Flow Filter TLV or one L2 Flow Filter
TLV MUST be present when the R bit is clear. If both TLVs are
missing when the R bit is clear, the PCEP peer MUST respond with a
PCErr message with error-type TBD1 (FlowSpec Error) and error-value 2
(Malformed FlowSpec). A Flow Filter TLV and a L2 Flow Filter TLV MAY
both be present when filtering is based on both L3 and L2 fields.
The TLV follow the format of all PCEP TLVs as defined in [RFC5440].
The Type field values come from the codepoint space for PCEP TLVs and
has the value TBD2. The value field of L2 Flow Filter TLV contain
one or more sub-TLVs (Section 3.1, and they represent the complete
definition of a Flow Specification for traffic to be placed on the
tunnel. The set of Flow Specification TLVs and L2 Flow Filter TLVs
in a single instance of a Flow Filter TLV are combined to indicate
the specific Flow Specification. Note that the PCEP FLOWSPEC object
can include just one Flow Filter TLV, just one L2 Flow Filter TLV, or
one of each TLV.
The rest of the procedures are same as [I-D.ietf-pce-pcep-flowspec].
Dhody, et al. Expires April 17, 2022 [Page 5]
Internet-Draft PCEP-L2-FlowSpec October 2021
3.1. L2 Flow Specification TLVs
The L2 Flow Filter TLV carries one or more L2 Flow Specification TLV.
The L2 Flow Specification TLV follows the format of all PCEP TLVs as
defined in [RFC5440]. However, the Type values are selected from a
separate IANA registry (see Section 4.2) rather than from the common
PCEP TLV registry.
Type values are chosen so that there can be commonality with L2 Flow
Specifications defined for use with BGP
[I-D.ietf-idr-flowspec-l2vpn]. This is possible because the BGP Flow
Spec encoding uses a single octet to encode the type where as PCEP
uses two octets. Thus the space of values for the Type field is
partitioned as shown in Figure 1.
Range |
---------------+-------------------------------------------------
0 .. 255 | Per BGP registry defined by
| [I-D.ietf-idr-flowspec-l2vpn].
| Not to be allocated in this registry.
|
256 .. 65535 | New PCEP Flow Specifications allocated according
| to the registry defined in this document.
Figure 1: L2 Flow Specification TLV Type Ranges
[I-D.ietf-idr-flowspec-l2vpn] is the reference for the registry "L2
Flow Spec Component Types" and defines the allocations it contains.
The content of the Value field in each TLV is specific to the type
and describes the parameters of the Flow Specification. The
definition of the format of many of these Value fields is inherited
from BGP specifications. Specifically, the inheritance is from
[I-D.ietf-idr-flowspec-l2vpn], but may also be inherited from future
BGP specifications.
When multiple L2 Flow Specification TLVs are present in a single L2
Flow Filter TLV they are combined to produce a more detailed
specification of a flow. Similarly, when both Flow Filter TLV and L2
Flow Filter TLV are present, they are combined to produce a more
detailed specification of a flow.
An implementation that receives a PCEP message carrying a L2 Flow
Specification TLV with a type value that it does not recognize or
does not support MUST respond with a PCErr message with error-type
Dhody, et al. Expires April 17, 2022 [Page 6]
Internet-Draft PCEP-L2-FlowSpec October 2021
TBD1 (FlowSpec Error), error-value 1 (Unsupported FlowSpec) and MUST
NOT install the Flow Specification.
All L2 Flow Specification TLVs with Types in the range 0 to 255 have
their Values interpreted as defined for use in BGP (for example, in
[I-D.ietf-idr-flowspec-l2vpn]) and are set using the BGP encoding,
but without the type octet (the relevant information is in the Type
field of the TLV). The Value field is padded with trailing zeros to
achieve 4-byte alignment.
This document defines no new types.
4. IANA Considerations
IANA maintains the "Path Computation Element Protocol (PCEP) Numbers"
registry. This document requests IANA actions to allocate code
points for the protocol elements defined in this document.
4.1. PCEP TLV Type Indicators
IANA maintains a subregistry called "PCEP TLV Type Indicators". IANA
is requested to make an assignment from this subregistry as follows:
Value | Meaning | Reference
--------+------------------------------+-------------
TBD2 | L2 FLOW FILTER TLV | [This.I-D]
4.2. L2 Flow Specification TLV Type Indicators
IANA is requested to create a new subregistry called the "PCEP L2
Flow Specification TLV Type Indicators" registry.
Allocations from this registry are to be made according to the
following assignment policies [RFC8126]:
Dhody, et al. Expires April 17, 2022 [Page 7]
Internet-Draft PCEP-L2-FlowSpec October 2021
Range | Assignment policy
---------------+---------------------------------------------------
0 .. 255 | Reserved - must not be allocated.
| Usage mirrors the BGP L2 FlowSpec registry
| [I-D.ietf-idr-flowspec-l2vpn].
|
256 .. 64506 | Specification Required
|
64507 .. 65531 | First Come First Served
|
65532 .. 65535 | Experimental
5. Implementation Status
[NOTE TO RFC EDITOR : This whole section and the reference to RFC
7942 is to be removed before publication as an RFC]
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942].
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation
here does not imply endorsement by the IETF. Furthermore, no effort
has been spent to verify the information presented here that was
supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.
According to [RFC7942], "this will allow reviewers and working groups
to assign due consideration to documents that have the benefit of
running code, which may serve as evidence of valuable experimentation
and feedback that have made the implemented protocols more mature.
It is up to the individual working groups to use this information as
they see fit".
At the time of posting the -00 version of this document, there are no
known implementations of this mechanism. It is believed that two
vendors are considering prototype implementations, but these plans
are too vague to make any further assertions.
6. Security Considerations
We may assume that a system that utilizes a remote PCE is subject to
a number of vulnerabilities that could allow spurious LSPs or SR
paths to be established or that could result in existing paths being
Dhody, et al. Expires April 17, 2022 [Page 8]
Internet-Draft PCEP-L2-FlowSpec October 2021
modified or torn down. Such systems, therefore, apply security
considerations as described in [RFC5440], Section 2.5 of [RFC6952],
[RFC8253], and [RFC8955].
As per [I-D.ietf-pce-pcep-flowspec], the description of Flow
Specifications associated with paths set up or controlled by a PCE
add a further detail that could be attacked without tearing down LSPs
or SR paths, but causing traffic to be misrouted within the network.
Therefore, the use of the security mechanisms for PCEP referenced
above is important. It further list the security considerations with
respect to flow specifications which are applicable to L2 flowspec as
well.
7. Acknowledgements
Thanks to Susan Hares for discussion related to BGP Flowspec V2.
8. References
8.1. Normative References
[I-D.ietf-idr-flowspec-l2vpn]
Hao, W., Eastlake, D. E., Litkowski, S., and S. Zhuang,
"BGP Dissemination of L2 Flow Specification Rules", draft-
ietf-idr-flowspec-l2vpn-17 (work in progress), May 2021.
[I-D.ietf-pce-pcep-flowspec]
Dhody, D., Farrel, A., and Z. Li, "PCEP Extension for Flow
Specification", draft-ietf-pce-pcep-flowspec-13 (work in
progress), October 2021.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation
Element (PCE) Communication Protocol (PCEP)", RFC 5440,
DOI 10.17487/RFC5440, March 2009,
<https://www.rfc-editor.org/info/rfc5440>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Dhody, et al. Expires April 17, 2022 [Page 9]
Internet-Draft PCEP-L2-FlowSpec October 2021
[RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path
Computation Element Communication Protocol (PCEP)
Extensions for Stateful PCE", RFC 8231,
DOI 10.17487/RFC8231, September 2017,
<https://www.rfc-editor.org/info/rfc8231>.
[RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody,
"PCEPS: Usage of TLS to Provide a Secure Transport for the
Path Computation Element Communication Protocol (PCEP)",
RFC 8253, DOI 10.17487/RFC8253, October 2017,
<https://www.rfc-editor.org/info/rfc8253>.
[RFC8281] Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "Path
Computation Element Communication Protocol (PCEP)
Extensions for PCE-Initiated LSP Setup in a Stateful PCE
Model", RFC 8281, DOI 10.17487/RFC8281, December 2017,
<https://www.rfc-editor.org/info/rfc8281>.
[RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M.
Bacher, "Dissemination of Flow Specification Rules",
RFC 8955, DOI 10.17487/RFC8955, December 2020,
<https://www.rfc-editor.org/info/rfc8955>.
8.2. Informative References
[I-D.hares-idr-flowspec-v2]
Hares, S. and D. Eastlake, "BGP Flow Specification Version
2", draft-hares-idr-flowspec-v2-02 (work in progress),
July 2021.
[RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation
Element (PCE)-Based Architecture", RFC 4655,
DOI 10.17487/RFC4655, August 2006,
<https://www.rfc-editor.org/info/rfc4655>.
[RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of
BGP, LDP, PCEP, and MSDP Issues According to the Keying
and Authentication for Routing Protocols (KARP) Design
Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013,
<https://www.rfc-editor.org/info/rfc6952>.
[RFC7399] Farrel, A. and D. King, "Unanswered Questions in the Path
Computation Element Architecture", RFC 7399,
DOI 10.17487/RFC7399, October 2014,
<https://www.rfc-editor.org/info/rfc7399>.
Dhody, et al. Expires April 17, 2022 [Page 10]
Internet-Draft PCEP-L2-FlowSpec October 2021
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8283] Farrel, A., Ed., Zhao, Q., Ed., Li, Z., and C. Zhou, "An
Architecture for Use of PCE and the PCE Communication
Protocol (PCEP) in a Network with Central Control",
RFC 8283, DOI 10.17487/RFC8283, December 2017,
<https://www.rfc-editor.org/info/rfc8283>.
[RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W.,
and J. Hardwick, "Path Computation Element Communication
Protocol (PCEP) Extensions for Segment Routing", RFC 8664,
DOI 10.17487/RFC8664, December 2019,
<https://www.rfc-editor.org/info/rfc8664>.
Appendix A. Contributors
Shankara
Huawei Technologies
Divyashree Techno Park,
Whitefield Bangalore,
Karnataka
560066
India
Email: shankara@huawei.com
Qiandeng Liang
Huawei Technologies
101 Software Avenue,
Yuhuatai District
Nanjing
210012
China
Email: liangqiandeng@huawei.com
Cyril Margaria
Juniper Networks
200 Somerset Corporate Boulevard, Suite 4001
Dhody, et al. Expires April 17, 2022 [Page 11]
Internet-Draft PCEP-L2-FlowSpec October 2021
Bridgewater, NJ
08807
USA
Email: cmargaria@juniper.net
Colby Barth
Juniper Networks
200 Somerset Corporate Boulevard, Suite 4001
Bridgewater, NJ
08807
USA
Email: cbarth@juniper.net
Xia Chen
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China
Email: jescia.chenxia@huawei.com
Shunwan Zhuang
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing
100095
China
Email: zhuangshunwan@huawei.com
Cheng Li
Huawei Technologies
Huawei Campus, No. 156 Beiqing Rd.
Beijing 100095
China
Email: c.l@huawei.com
Authors' Addresses
Dhody, et al. Expires April 17, 2022 [Page 12]
Internet-Draft PCEP-L2-FlowSpec October 2021
Dhruv Dhody
Huawei Technologies
Divyashree Techno Park, Whitefield
Bangalore, Karnataka 560066
India
Email: dhruv.ietf@gmail.com
Adrian Farrel
Old Dog Consulting
Email: adrian@olddog.co.uk
Zhenbin Li
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 100095
China
Email: lizhenbin@huawei.com
Dhody, et al. Expires April 17, 2022 [Page 13]