PCE Working Group D. Dhody, Ed. Internet-Draft Huawei Technologies Intended status: Standards Track S. Sivabalan Expires: August 31, 2018 Cisco Systems, Inc. S. Litkowski Orange J. Tantsura Individual J. Hardwick Metaswitch Networks February 27, 2018 Path Computation Element communication Protocol extension for associating Policies and LSPs draft-ietf-pce-association-policy-02 Abstract This document introduces a simple mechanism to associate policies to a group of Label Switched Paths (LSPs) via an extension to the Path Computation Element (PCE) Communication Protocol (PCEP). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 31, 2018. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of Dhody, et al. Expires August 31, 2018 [Page 1] Internet-Draft ASSOC-POLICY February 2018 publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Policy based Constraints . . . . . . . . . . . . . . . . 5 4. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Policy Association Group . . . . . . . . . . . . . . . . . . 7 5.1. Policy Parameters TLV . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7.1. Association object Type Indicators . . . . . . . . . . . 9 7.2. PCEP TLV Type Indicators . . . . . . . . . . . . . . . . 9 8. Manageability Considerations . . . . . . . . . . . . . . . . 9 8.1. Control of Function and Policy . . . . . . . . . . . . . 9 8.2. Information and Data Models . . . . . . . . . . . . . . . 9 8.3. Liveness Detection and Monitoring . . . . . . . . . . . . 9 8.4. Verify Correct Operations . . . . . . . . . . . . . . . . 10 8.5. Requirements On Other Protocols . . . . . . . . . . . . . 10 8.6. Impact On Network Operations . . . . . . . . . . . . . . 10 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 10.1. Normative References . . . . . . . . . . . . . . . . . . 10 10.2. Informative References . . . . . . . . . . . . . . . . . 11 Appendix A. Contributor Addresses . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 1. Introduction [RFC5440] describes the Path Computation Element communication Protocol (PCEP) which enables the communication between a Path Computation Client (PCC) and a Path Control Element (PCE), or between two PCEs based on the PCE architecture [RFC4655]. [RFC5394] provides additional details on policy within the PCE architecture and also provides context for the support of PCE Policy. PCEP Extensions for Stateful PCE Model [RFC8231] describes a set of extensions to PCEP to enable active control of Multiprotocol Label Switching Traffic Engineering (MPLS-TE) and Generalzied MPLS (GMPLS) tunnels. [RFC8281] describes the setup and teardown of PCE-initiated Dhody, et al. Expires August 31, 2018 [Page 2] Internet-Draft ASSOC-POLICY February 2018 LSPs under the active stateful PCE model, without the need for local configuration on the PCC, thus allowing for a dynamic network. Currently, the LSPs can either be signaled via Resource Reservation Protocol Traffic Engineering (RSVP-TE) or can be segment routed as specified in [I-D.ietf-pce-segment-routing]. [I-D.ietf-pce-association-group] introduces a generic mechanism to create a grouping of LSPs which can then be used to define associations between a set of LSPs and a set of attributes (such as configuration parameters or behaviors) and is equally applicable to stateful PCE (active and passive modes) and stateless PCE. This document specifies a PCEP extension to associate one or more LSPs with policies using the generic association mechanism. A PCEP speaker may want to influence the PCEP peer with respect to path selection and other policies. This document describes a PCEP extension to associate policies by creating Policy Association Group (PAG) and encoding this association in PCEP messages. The specification is applicable to both stateful and stateless PCEP sessions. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Terminology The following terminology is used in this document. Association parameters: As described in [I-D.ietf-pce-association-group], the combination of the mandatory fields Association type, Association ID and Association Source in the ASSOCIATION object uniquely identify the association group. If the optional TLVs - Global Association Source or Extended Association ID are included, then they MUST be included in combination with mandatory fields to uniquely identifying the association group. Association information: As described in [I-D.ietf-pce-association-group], the ASSOCIATION object MAY include other optional TLVs based on the association types, that provides 'information' related to the association type. Dhody, et al. Expires August 31, 2018 [Page 3] Internet-Draft ASSOC-POLICY February 2018 LSR: Label Switch Router. LSR: Label Switch Router. MPLS: Multiprotocol Label Switching. PAG: Policy Association Group. PCC: Path Computation Client. Any client application requesting a path computation to be performed by a Path Computation Element. PCE: Path Computation Element. An entity (component, application, or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. PCEP: Path Computation Element Communication Protocol. 3. Motivation Paths computed using PCE MAY be subjected to various policies on both PCE and PCC. For example, in a centralized traffic engineering scenario, network operators may instantiate LSPs and specifies policies for traffic steering, path monitoring, etc., for some LSPs via the stateful PCE. Similarly, a PCC may request a user- or service-specific policy to be applied at the PCE, such as constraints relaxation to meet optimal QoS and resiliency. PCEP speaker can use the generic mechanism as per [I-D.ietf-pce-association-group] to associate a set of LSPs with policy, without the need to know the details of such policies, which simplifies network operations, avoids frequent software upgrades, as well provides an ability to introduce new policy faster. Dhody, et al. Expires August 31, 2018 [Page 4] Internet-Draft ASSOC-POLICY February 2018 PAG Y {Service-Specific Policy for constraint Initiate & Monitor LSP relaxation} | | | PAG X PCReq | V {Monitor LSP} {PAG Y} V +-----+ ----------------> +-----+ _ _ _ _ _ _| PCE | | | PCE | | +-----+ | ----------> +-----+ | PCEInitiate | | PCReq |{PAG X} | | {PAG Y} | | | | .-----. | | .-----. | ( ) | +----+ ( ) | .--( )--. | |PCC1|--.--( )--. V ( ) | +----+ ( ) +---+ ( ) | ( ) |PCC|----( (G)MPLS network ) +----+ ( (G)MPLS network ) +---+ ( ) |PCC2|------( ) PAG X ( ) +----+ ( ) {Monitor LSP} '--( )--' '--( )--' ( ) ( ) '-----' '-----' Case 1: Policy requested by PCE Case 2: Policy requested by and enforced by PCC PCC and enforced by PCE Figure 1: Sample use-cases for carrying policies over PCEP session 3.1. Policy based Constraints In the context of policy-enabled path computation [RFC5394], path computation policies may be applied at both a PCC and a PCE. Consider an Label Switch Router (LSR) with a policy enabled PCC, it receives a service request via signaling, including over a Network- Network Interface (NNI) or User Network Interface (UNI) reference point, or receives a configuration request over a management interface to establish a service. The PCC may also apply user- or service-specific policies to decide how the path selection process should be constrained, that is, which constraints, diversities, optimization criterion, and constraint relaxation strategies should be applied in order for the service LSP(s) to have a likelihood to be successfully established and provide necessary QoS and resilience against network failures. The user- or service-specific policies Dhody, et al. Expires August 31, 2018 [Page 5] Internet-Draft ASSOC-POLICY February 2018 applied to PCC and are then passed to the PCE along with the Path computation request, in the form of constraints [RFC5394]. PCEP speaker can use the generic mechanism as per [I-D.ietf-pce-association-group] to associate a set of LSPs with policy and its resulting path computation constraints. This would simplify the path computation message exchanges in PCEP. 4. Overview As per [I-D.ietf-pce-association-group], LSPs are associated with other LSPs with which they interact by adding them to a common association group. Grouping can also be used to define association between LSPs and policies associated to them. One new Association Type is defined in this document, based on the generic Association object - o Association type = TBD1 ("Policy Association Type") for Policy Association Group (PAG) This Association-Type is operator-configured association in nature and created by the operator manually on the PCEP peers. The LSP belonging to this associations is conveyed via PCEP messages to the PCEP peer. Operator-configured Association Range SHOULD NOT be set for this association-type, and MUST be ignored, so that the full range of association identifier can be utilized. A PAG can have one or more LSPs and its associated policy(s). The association parameters including association identifier, type (Policy), as well as the association source IP address is manually configured by the operator and is used to identify the PAG as described in [I-D.ietf-pce-association-group]. As per the processing rules specified in section 5.4 of [I-D.ietf-pce-association-group], if a PCEP speaker does not support this Policy association-type, it MUST return a PCErr message with Error-Type 26 (Early allocation by IANA) "Association Error" and Error-Value 1 "Association-type is not supported". Since the PAG is opaque in nature, the PAG and the policy MUST be configured on the PCEP peers as per the operator-configured association procedures. All processing is as per section 5.4 of [I-D.ietf-pce-association-group]. If a PCE speaker receives PAG in a PCEP message, and the association information is not configured, it MUST return a PCErr message with Error-Type TBD "Association Error" and Error- Value 4 "Association unknown". If some of the association information [I-D.ietf-pce-association-group] (the TLVs defined in this document) received from the peer does not match the local configured values, the PCEP speaker will reject the PCEP message and Dhody, et al. Expires August 31, 2018 [Page 6] Internet-Draft ASSOC-POLICY February 2018 send a PCErr message with Error-Type 26 (Early allocation by IANA) "Association Error" and Error-Value 5 "Operator-configured association information mismatch". 5. Policy Association Group Association groups and their memberships are defined using the ASSOCIATION object defined in [I-D.ietf-pce-association-group]. Two object types for IPv4 and IPv6 are defined. The ASSOCIATION object includes "Association type" indicating the type of the association group. This document add a new Association type - Association type = TBD1 ("Policy Association Type") for PAG. PAG may carry optional TLVs including but not limited to - o POLICY-PARAMETERS-TLV: Used to communicate opaque information useful to apply the policy, described in Section 5.1. o VENDOR-INFORMATION-TLV: Used to communicate arbitrary vendor specific behavioral information, described in [RFC7470]. 5.1. Policy Parameters TLV The POLICY-PARAMETERS-TLV is an optional TLV that can be carried in ASSOCIATION object (with "Policy Association Type") to carry opaque information needed to apply the policy at the PCEP peer. In some cases to apply a PCE policy successfully, it is required to also associate some policy parameters that needs to be evaluated to successfully apply the said policy. This TLV is used to carry those policy parameters. The TLV could include one or more policy related parameter. The encoding format and the order MUST be known to the PCEP peers, this could be done during configuration of policy and association parameters for the PAG. The TLV format is as per the format of all PCEP TLVs, as defined in [RFC5440], and shown in Figure 2. Only one POLICY-PARAMETERS-TLV can be carried and only the first occurrence is processed and any others MUST be ignored. Dhody, et al. Expires August 31, 2018 [Page 7] Internet-Draft ASSOC-POLICY February 2018 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=TBD2 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // Policy Parameters // +---------------------------------------------------------------+ Figure 2: The POLICY-PARAMETERS-TLV format The type of the POLICY-PARAMETERS-TLV is TBD2 and it has a variable length. The Value field is variable field padded to a 4-bytes alignment; padding is not included in 'Len' field. The 'Len' field is 1-byte followed by the opaque variable. The PCEP peer implementation need to be aware of the encoding format, order, and meaning of the 'Policy Parameters' well in advance based on the policy. Note that from the protocol point of view this data is opaque and can be used to carry parameters in any format understood by the PCEP peers and associated to the policy. The exact use of this TLV is beyond the scope of this document. If the PCEP peer is unaware of the policy parameters associated with the policy and it receives the POLICY-PARAMETERS-TLV, it MUST ignore the TLV and SHOULD log this event. Further, if one or more parameters received in the POLICY-PARAMETERS-TLV received by the PCEP speaker are considered as unacceptable in the context of the associated policy (e.g. out of range value, badly encoded value...), the PCEP speaker MUST NOT apply the received policy and SHOULD log this event. Note that, the vendor specific behavioral information is encoded in VENDOR-INFORMATION-TLV which can be used along with this TLV. 6. Security Considerations This document defines one new type for association, which do not add any new security concerns beyond those discussed in [RFC5440], [RFC8231] and [I-D.ietf-pce-association-group] in itself. Some deployments may find policy associations and their implications as extra sensitive and thus should employ suitable PCEP security mechanisms like [RFC8253]. Also extra care needs to be taken by the implementation with respect to POLICY-PARAMETERS-TLV while decoding, verifying and applying these policy variables. Dhody, et al. Expires August 31, 2018 [Page 8] Internet-Draft ASSOC-POLICY February 2018 7. IANA Considerations 7.1. Association object Type Indicators This document defines the following new association type originally defined in [I-D.ietf-pce-association-group]. Value Name Reference TBD1 Policy Association Type [This I.D.] 7.2. PCEP TLV Type Indicators The following TLV Type Indicator values are requested within the "PCEP TLV Type Indicators" subregistry of the "Path Computation Element Protocol (PCEP) Numbers" registry: Value Description Reference TBD2 POLICY-PARAMETERS-TLV [This I.D.] 8. Manageability Considerations 8.1. Control of Function and Policy An operator MUST be allowed to configure the policy associations at PCEP peers and associate it with the LSPs. They MAY also allow configuration to related policy parameters, in which case the an operator MUST also be allowed to set the encoding format and order to parse the associated policy parameters TLV. 8.2. Information and Data Models An implementation SHOULD allow the operator to view the PAG configured. Further implementation SHOULD allow to view the current set of LSPs in the PAG. To serve this purpose, the PCEP YANG module [I-D.ietf-pce-pcep-yang] includes association groups and can be used for PAG. 8.3. Liveness Detection and Monitoring Mechanisms defined in this document do not imply any new liveness detection and monitoring requirements in addition to those already listed in [RFC5440]. Dhody, et al. Expires August 31, 2018 [Page 9] Internet-Draft ASSOC-POLICY February 2018 8.4. Verify Correct Operations Mechanisms defined in this document do not imply any new operation verification requirements in addition to those already listed in [RFC5440]. 8.5. Requirements On Other Protocols Mechanisms defined in this document do not imply any new requirements on other protocols. 8.6. Impact On Network Operations Mechanisms defined in this document do not have any impact on network operations in addition to those already listed in [RFC5440]. 9. Acknowledgments A special thanks to author of [I-D.ietf-pce-association-group], this document borrow some of the text from it. 10. References 10.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation Element (PCE) Communication Protocol (PCEP)", RFC 5440, DOI 10.17487/RFC5440, March 2009, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path Computation Element Communication Protocol (PCEP) Extensions for Stateful PCE", RFC 8231, DOI 10.17487/RFC8231, September 2017, . Dhody, et al. Expires August 31, 2018 [Page 10] Internet-Draft ASSOC-POLICY February 2018 [I-D.ietf-pce-association-group] Minei, I., Crabbe, E., Sivabalan, S., Ananthakrishnan, H., Dhody, D., and Y. Tanaka, "PCEP Extensions for Establishing Relationships Between Sets of LSPs", draft- ietf-pce-association-group-04 (work in progress), August 2017. 10.2. Informative References [RFC4655] Farrel, A., Vasseur, J., and J. Ash, "A Path Computation Element (PCE)-Based Architecture", RFC 4655, DOI 10.17487/RFC4655, August 2006, . [RFC5394] Bryskin, I., Papadimitriou, D., Berger, L., and J. Ash, "Policy-Enabled Path Computation Framework", RFC 5394, DOI 10.17487/RFC5394, December 2008, . [RFC7470] Zhang, F. and A. Farrel, "Conveying Vendor-Specific Constraints in the Path Computation Element Communication Protocol", RFC 7470, DOI 10.17487/RFC7470, March 2015, . [RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)", RFC 8253, DOI 10.17487/RFC8253, October 2017, . [RFC8281] Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "Path Computation Element Communication Protocol (PCEP) Extensions for PCE-Initiated LSP Setup in a Stateful PCE Model", RFC 8281, DOI 10.17487/RFC8281, December 2017, . [I-D.ietf-pce-segment-routing] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., and J. Hardwick, "PCEP Extensions for Segment Routing", draft-ietf-pce-segment-routing-11 (work in progress), November 2017. [I-D.ietf-pce-pcep-yang] Dhody, D., Hardwick, J., Beeram, V., and J. Tantsura, "A YANG Data Model for Path Computation Element Communications Protocol (PCEP)", draft-ietf-pce-pcep- yang-06 (work in progress), January 2018. Dhody, et al. Expires August 31, 2018 [Page 11] Internet-Draft ASSOC-POLICY February 2018 Appendix A. Contributor Addresses Qin Wu Huawei Technologies 101 Software Avenue, Yuhua District Nanjing, Jiangsu 210012 China EMail: sunseawq@huawei.com Clarence Filsfils Cisco Systems, Inc. Pegasus Parc De kleetlaan 6a, DIEGEM BRABANT 1831 BELGIUM Email: cfilsfil@cisco.com Xian Zhang Huawei Technologies Bantian, Longgang District Shenzhen 518129 P.R.China EMail: zhang.xian@huawei.com Udayasree Palle Huawei Technologies Divyashree Techno Park, Whitefield Bangalore, Karnataka 560066 India EMail: udayasreereddy@gmail.com Authors' Addresses Dhruv Dhody (editor) Huawei Technologies Divyashree Techno Park, Whitefield Bangalore, Karnataka 560066 India EMail: dhruv.ietf@gmail.com Dhody, et al. Expires August 31, 2018 [Page 12] Internet-Draft ASSOC-POLICY February 2018 Siva Sivabalan Cisco Systems, Inc. 2000 Innovation Drive Kanata, Ontario K2K 3E8 Canada EMail: msiva@cisco.com Stephane Litkowski Orange EMail: stephane.litkowski@orange.com Jeff Tantsura Individual EMail: jefftant.ietf@gmail.com Jonathan Hardwick Metaswitch Networks 100 Church Street Enfield, Middlesex UK EMail: Jonathan.Hardwick@metaswitch.com Dhody, et al. Expires August 31, 2018 [Page 13]