draft-ietf-ccamp-path-key-ero-04.txt   rfc5553.txt 
Networking Working Group A. Farrel (Ed.) Network Working Group A. Farrel, Ed.
Internet-Draft Old Dog Consulting Request for Comments: 5553 Old Dog Consulting
Intended Status: Standards Track R. Bradford Category: Standards Track R. Bradford
Created: March 7, 2009 JP. Vasseur JP. Vasseur
Expires: September 7, 2009 Cisco Systems, Inc. Cisco Systems, Inc.
RSVP Extensions for Path Key Support
draft-ietf-ccamp-path-key-ero-04.txt Resource Reservation Protocol (RSVP) Extensions for Path Key Support
Status of this Memo Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with This document specifies an Internet standards track protocol for the
the provisions of BCP 78 and BCP 79. Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Internet-Drafts are working documents of the Internet Engineering Copyright Notice
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Copyright (c) 2009 IETF Trust and the persons identified as the
and may be updated, replaced, or obsoleted by other documents at any document authors. All rights reserved.
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This document is subject to BCP 78 and the IETF Trust's Legal
http://www.ietf.org/ietf/1id-abstracts.txt. Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
The list of Internet-Draft Shadow Directories can be accessed at This document may contain material from IETF Documents or IETF
http://www.ietf.org/shadow.html. Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Abstract Abstract
The paths taken by Multiprotocol Label Switching (MPLS) and The paths taken by Multiprotocol Label Switching (MPLS) and
Generalized MPLS (GMPLS) Traffic Engineering (TE) Label Switched Generalized MPLS (GMPLS) Traffic Engineering (TE) Label Switched
Paths (LSPs) may be computed by Path Computation Elements (PCEs). Paths (LSPs) may be computed by Path Computation Elements (PCEs).
Where the TE LSP crosses multiple domains, such as Autonomous Systems Where the TE LSP crosses multiple domains, such as Autonomous Systems
(ASes), the path may be computed by multiple PCEs that cooperate, (ASes), the path may be computed by multiple PCEs that cooperate,
with each responsible for computing a segment of the path. with each responsible for computing a segment of the path.
To preserve confidentiality of topology within each AS, the PCEs To preserve confidentiality of topology within each AS, the PCEs
support a mechanism to hide the contents of a segment of a path (such support a mechanism to hide the contents of a segment of a path (such
as the segment of the path that traverses an AS), called the as the segment of the path that traverses an AS), called the
Confidential Path Segment (CPS), by encoding the contents as a Path Confidential Path Segment (CPS), by encoding the contents as a Path
Key Subobject (PKS) and embedding this subobject within the result of Key Subobject (PKS) and embedding this subobject within the result of
its path computation. its path computation.
This document describes how to carry Path Key Subobjects in the This document describes how to carry Path Key Subobjects in the
Resource Reservation Protocol (RSVP) Explicit Route Objects (EROs) Resource Reservation Protocol (RSVP) Explicit Route Objects (EROs)
and Record Route Object (RROs) so as to facilitate confidentiality in and Record Route Objects (RROs) so as to facilitate confidentiality
the signaling of inter-domain TE LSPs. in the signaling of inter-domain TE LSPs.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
RFC-2119 [RFC2119].
1. Introduction 1. Introduction
Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS)
Traffic Engineering (TE) Label Switched Paths (LSPs) are signaled Traffic Engineering (TE) Label Switched Paths (LSPs) are signaled
using the TE extensions to the Resource Reservation Protocol using the TE extensions to the Resource Reservation Protocol (RSVP-
(RSVP-TE) [RFC3209], [RFC3473]. The routes followed by MPLS and TE) [RFC3209], [RFC3473]. The routes followed by MPLS and GMPLS TE
GMPLS TE LSPs may be computed by Path Computation Elements (PCEs) LSPs may be computed by Path Computation Elements (PCEs) [RFC4655].
[RFC4655].
Where the TE LSP crosses multiple domains [RFC4726], such as Where the TE LSP crosses multiple domains [RFC4726], such as
Autonomous Systems (ASes), the path may be computed by multiple PCEs Autonomous Systems (ASes), the path may be computed by multiple PCEs
that cooperate, with each responsible for computing a segment of the that cooperate, with each responsible for computing a segment of the
path. To preserve confidentiality of topology with each AS, the path. To preserve confidentiality of topology with each AS, the PCE
PCE Communications Protocol (PCEP) [RFC5440] supports a mechanism to Communications Protocol (PCEP) [RFC5440] supports a mechanism to hide
hide the contents of a segment of a path, called the Confidential the contents of a segment of a path, called the Confidential Path
Path Segment (CPS), by encoding the contents as a Path Key Segment (CPS), by encoding the contents as a Path Key Subobject (PKS)
Subobject (PKS) [PCE-PKS]. [RFC5520].
This document defines RSVP-TE protocol extensions necessary to This document defines RSVP-TE protocol extensions necessary to
support the use of Path Key Subobjects in MPLS and GMPLS signaling by support the use of Path Key Subobjects in MPLS and GMPLS signaling by
including them in Explicit Route Objects (EROs) and Record Route including them in Explicit Route Objects (EROs) and Record Route
Object (RROs) so as to facilitate confidentiality in the signaling of Object (RROs) so as to facilitate confidentiality in the signaling of
inter-domain TE LSPs. inter-domain TE LSPs.
1.1. Usage Scenario 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. Usage Scenario
Figure 1 shows a simple network constructed of two ASes. An LSP is Figure 1 shows a simple network constructed of two ASes. An LSP is
desired from the ingress in AS-1 to the egress in AS-2. As described desired from the ingress in AS-1 to the egress in AS-2. As described
in [RFC4655], the ingress Label Switching Router (LSR) acts as a Path in [RFC4655], the ingress Label Switching Router (LSR) acts as a Path
Computation Client (PCC) and sends a request to its PCE (PCE-1). Computation Client (PCC) and sends a request to its PCE (PCE-1).
PCE-1 can compute the path within AS-1, but has no visibility into PCE-1 can compute the path within AS-1 but has no visibility into
AS-2. So PCE-1 cooperates with PCE-2 to complete the path AS-2. So PCE-1 cooperates with PCE-2 to complete the path
computation. computation.
However, PCE-2 does not want to share the information about the However, PCE-2 does not want to share the information about the path
path across AS-2 with nodes outside the AS. So, as described in across AS-2 with nodes outside the AS. So, as described in
[PCE-PKS], PCE-2 reports the AS-2 path segment using a PKS rather [RFC5520], PCE-2 reports the AS-2 path segment using a PKS rather
than the explicit details of the path. than the explicit details of the path.
PCE-1 can now return the path to be signaled to the ingress LSR in a PCE-1 can now return the path to be signaled to the ingress LSR in a
path computation response with the AS-2 segment still hidden as a path computation response with the AS-2 segment still hidden as a
PKS. PKS.
In order to set up the LSP, the ingress LSR signals using RSVP-TE and In order to set up the LSP, the ingress LSR signals using RSVP-TE and
encodes the path reported by PCE-1 in the Explicit Route Object encodes the path reported by PCE-1 in the Explicit Route Object
(ERO). This process is as normal for RSVP-TE, but requires that the (ERO). This process is as normal for RSVP-TE but requires that the
PKS is also included in the ERO using the mechanisms defined in this PKS is also included in the ERO, using the mechanisms defined in this
document. document.
When the signaling message (the RSVP-TE Path message) reaches ASBR-2 When the signaling message (the RSVP-TE Path message) reaches ASBR-2
it consults PCE-2 to 'decode' the PKS and return the expanded (Autonomous System Border Router), it consults PCE-2 to 'decode' the
explicit path segment to ASBR-2. (The information that PCE-2 uses to PKS and return the expanded explicit path segment to ASBR-2. (The
decode the PKS is encoded within the PKS itself.) The PKS is replaced information that PCE-2 uses to decode the PKS is encoded within the
in the ERO with the expanded information about the path. PKS itself.) The PKS is replaced in the ERO with the expanded
information about the path.
----------------------------- ---------------------------- ----------------------------- ----------------------------
| AS-1 | | AS-2 | | AS-1 | | AS-2 |
| | | | | | | |
| ------- | | ------- | | ------- | | ------- |
| | PCE-1 |<---------------+--+-->| PCE-2 | | | | PCE-1 |<---------------+--+-->| PCE-2 | |
| ------- | | ------- | | ------- | | ------- |
| ^ | | ^ | | ^ | | ^ |
| | | | | | | | | | | |
| v | | v | | v | | v |
| ------- ---- | | ---- | | ------- ---- | | ---- |
| | PCC | - - |ASBR| | | |ASBR| - - ------ | | | PCC | - - |ASBR| | | |ASBR| - - ------ |
| |Ingress|--|A|--|B|--| 1 |-+--+-| 2 |--|C|--|D|--|Egress| | | |Ingress|--|A|--|B|--| 1 |-+--+-| 2 |--|C|--|D|--|Egress| |
| ------- - - ----- | | ---- - - ------ | | ------- - - ----- | | ---- - - ------ |
| | | | | | | |
----------------------------- ---------------------------- ----------------------------- ----------------------------
Figure 1 : A Simple network to demonstrate the use of the PKS Figure 1: A Simple Network to Demonstrate the Use of the PKS
Note that PCE-2 may in some case be co-located with ASBR-2.
2. Terminology 2. Terminology
CPS: Confidential Path Segment. A segment of a path that contains CPS: Confidential Path Segment. A segment of a path that contains
nodes and links that the AS policy requires to not be disclosed nodes and links that the AS policy requires to not be disclosed
outside the AS. outside the AS.
PCE: Path Computation Element: an entity (component, application PCE: Path Computation Element. An entity (component, application, or
or network node) that is capable of computing a network path or network node) that is capable of computing a network path or
route based on a network graph and applying computational route based on a network graph and applying computational
constraints. constraints.
PKS: Path Key Subobject. A subobject of an Explicit Route Object PKS: Path Key Subobject. A subobject of an Explicit Route Object
which encodes a CPS, so as to preserve confidentiality. that encodes a CPS so as to preserve confidentiality.
3. RSVP-TE Path Key Subobject 3. RSVP-TE Path Key Subobject
The Path Key Subobject (PKS) may be carried in the Explicit Route The Path Key Subobject (PKS) may be carried in the Explicit Route
Object (ERO) of a RSVP-TE Path message [RFC3209]. The PKS is a fixed- Object (ERO) of an RSVP-TE Path message [RFC3209]. The PKS is a
length subobject containing a Path Key and a PCE-ID. The Path Key is fixed-length subobject containing a Path Key and a PCE-ID. The Path
an identifier, or token used to represent the CPS within the context Key is an identifier or token used to represent the CPS within the
of the PCE identified by the PCE-ID. The PCE-ID identifies the PCE context of the PCE identified by the PCE-ID. The PCE-ID identifies
that can decode the Path Key using a reachable IPv4 or IPv6 address the PCE that can decode the Path Key using a reachable IPv4 or IPv6
of the PCE. In most cases, the decoding PCE is also the PCE that address of the PCE. In most cases, the decoding PCE is also the PCE
computed the Path Key and the associated path. Because of the IPv4 that computed the Path Key and the associated path. Because of the
and IPv6 variants, two subobjects are defined as follows. IPv4 and IPv6 variants, two subobjects are defined as follows.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|L| Type | Length | Path Key | |L| Type | Length | Path Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PCE ID (4 bytes) | | PCE-ID (4 bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: RSVP-TE Path Key Subobject using an
IPv4 address for the PCE-ID
L L
The L bit SHOULD NOT be set, so that the subobject represents a The L bit SHOULD NOT be set, so that the subobject represents a
strict hop in the explicit route. strict hop in the explicit route.
Type Type
Subobject Type for a Path Key with 32-bit PCE ID as assigned by Subobject Type for a Path Key with a 32-bit PCE-ID as assigned by
IANA. IANA.
Length Length
The Length contains the total length of the subobject in bytes, The Length contains the total length of the subobject in bytes,
including the Type and Length fields. The Length is always 8. including the Type and Length fields. The Length is always 8.
PCE ID PCE-ID
A 32-bit identifier of the PCE that can decode this key. The A 32-bit identifier of the PCE that can decode this key. The
identifier MUST be unique within the scope of the domain that the identifier MUST be unique within the scope of the domain that the
CPS crosses, and MUST be understood by the LSR that will act as CPS crosses and MUST be understood by the LSR that will act as
PCC for the expansion of the PKS. The interpretation of the PCC for the expansion of the PKS. The interpretation of the
PCE-ID is subject to domain-local policy. It MAY be an IPv4 PCE-ID is subject to domain-local policy. It MAY be an IPv4
address of the PCE that is always reachable, and MAY be an address of the PCE that is always reachable and MAY be an address
address that is restricted to the domain in which the LSR that is that is restricted to the domain in which the LSR that is called
called upon to expand the CPS lies. Other values that have no upon to expand the CPS lies. Other values that have no meaning
meaning outside the domain (for example, the Router ID of the outside the domain (for example, the Router ID of the PCE) MAY be
PCE) MAY be used to increase security or confidentiality. used to increase security or confidentiality.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|L| Type | Length | Path Key | |L| Type | Length | Path Key |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| PCE ID (16 bytes) | | PCE-ID (16 bytes) |
| | | |
| | | |
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: RSVP-TE Path Key Subobject using an
IPv6 address for the PCE-ID
L L
As above. As above.
Type Type
Subobject Type for a Path Key with 128-bit PCE ID as assigned by Subobject Type for a Path Key with a 128-bit PCE-ID as assigned
IANA. by IANA.
Length Length
The Length contains the total length of the subobject in bytes, The Length contains the total length of the subobject in bytes,
including the Type and Length fields. The Length is always 20. including the Type and Length fields. The Length is always 20.
PCE ID PCE-ID
A 128-bit identifier of the PCE that can decode this key. The A 128-bit identifier of the PCE that can decode this key. The
identifier MUST be unique within the scope of the domain that the identifier MUST be unique within the scope of the domain that the
CPS crosses, and MUST be understood by the LSR that will act as CPS crosses and MUST be understood by the LSR that will act as
PCC for the expansion of the PKS. The interpretation of the PCC for the expansion of the PKS. The interpretation of the
PCE-ID is subject to domain-local policy. It MAY be an IPv6 PCE-ID is subject to domain-local policy. It MAY be an IPv6
address of the PCE that is always reachable, but MAY be an address of the PCE that is always reachable, and MAY be an
address that is restricted to the domain in which the LSR that is address that is restricted to the domain in which the LSR that is
called upon to expand the CPS lies. Other values that have no called upon to expand the CPS lies. Other values that have no
meaning outside the domain (for example, the IPv6 TE Router ID) meaning outside the domain (for example, the IPv6 TE Router ID)
MAY be used to increase security (see Section 5). MAY be used to increase security (see Section 4).
Note: The twins of these sub-objects are carried in PCEP messages Note: The twins of these subobjects are carried in PCEP messages as
as defined in [PCE-PKS]. defined in [RFC5520].
3.1. Explicit Route Object Processing Rules 3.1. Explicit Route Object Processing Rules
The basic processing rules of an ERO are not altered. Refer to The basic processing rules of an ERO are not altered. Refer to
[RFC3209] for details. In particular, an LSR is not required to "look [RFC3209] for details. In particular, an LSR is not required to
ahead" in the ERO beyond the first subobject that is non-local. "look ahead" in the ERO beyond the first subobject that is non-local.
[PCE-PKS] requires that any path fragment generated by a PCE that [RFC5520] requires that any path fragment generated by a PCE that
contains a PKS is such that the PKS is immediately preceded by an contains a PKS be such that the PKS is immediately preceded by a
subobject that identifies the head end of the PKS (for example, an subobject that identifies the head end of the PKS (for example, an
incoming interface, or a node ID). This rule is extended to the PKS incoming interface or a node ID). This rule is extended to the PKS
in the ERO so that the following rules are defined. in the ERO so that the following rules are defined.
- If an LSR receives a Path message where the first subobject of the - If an LSR receives a Path message where the first subobject of the
ERO is a PKS, it MUST respond with a PathErr message carrying the ERO is a PKS, it MUST respond with a PathErr message carrying the
error code/value combination "Routing Problem"/"Bad initial error code/value combination "Routing Problem"/"Bad initial
subobject". subobject".
- If an LSR strips all local sub-objects from an ERO carried in a - If an LSR strips all local subobjects from an ERO carried in a Path
Path message (according to the procedures in [RFC3209]) and finds message (according to the procedures in [RFC3209]) and finds that
that the next subobject is a PKS it MUST attempt to resolve the PKS the next subobject is a PKS, it MUST attempt to resolve the PKS to
to a CPS. a CPS.
Resolution of the PKS MAY take any of the following forms or use Resolution of the PKS MAY take any of the following forms or use
some other technique subject to local policy and network some other technique subject to local policy and network
implementation. implementation.
- The LSR can use the PCE-ID contained in the PKS to contact the o The LSR can use the PCE-ID contained in the PKS to contact the
identified PCE using PCEP [RFC5440] and request that the PKS be identified PCE using PCEP [RFC5440] and request that the PKS be
expanded. expanded.
- The LSR can contact any PCE using PCEP [RFC5440] to request that o The LSR can contact any PCE using PCEP [RFC5440] to request that
the PKS be expanded relying on cooperation between the PCEs. the PKS be expanded, relying on cooperation between the PCEs.
- The LSR can use the information in the PKS to index a CPS o The LSR can use the information in the PKS to index a CPS
previously supplied to it by the PCE that originated the PKS. previously supplied to it by the PCE that originated the PKS.
If a CPS is derived, the path fragment SHOULD be inserted into the If a CPS is derived, the path fragment SHOULD be inserted into the
ERO of the Path message as a direct replacement for the PKS. Other ERO of the Path message as a direct replacement for the PKS. Other
processing of the CPS and ERO are permitted as described in processing of the CPS and ERO are permitted as described in
[RFC3209]. [RFC3209].
This processing can give rise to the following error cases: This processing can give rise to the following error cases:
- PCE-ID cannot be matched to a PCE to decode the PKS. o PCE-ID cannot be matched to a PCE to decode the PKS.
The LSR sends a PathErr message with the error code "Routing The LSR sends a PathErr message with the error code "Routing
Problem" and a new error value "Unknown PCE-ID for PKS expansion" Problem" and the new error value "Unknown PCE-ID for PKS
(see Section 6.3). expansion" (see Section 6.3).
- PCE identified by the PCE-ID cannot be reached. o PCE identified by the PCE-ID cannot be reached.
The LSR sends a PathErr message with the error code "Routing The LSR sends a PathErr message with the error code "Routing
Problem" and a new error value "Unreachable PCE for PKS Problem" and the new error value "Unreachable PCE for PKS
expansion" (see Section 6.3). expansion" (see Section 6.3).
- The PCE is unable to decode the PKS, perhaps because the Path Key o The PCE is unable to decode the PKS, perhaps because the Path Key
has expired. has expired.
The LSR sends a PathErr message with the error code "Routing The LSR sends a PathErr message with the error code "Routing
Problem" and a new error value "Unknown Path Key for PKS Problem" and the new error value "Unknown Path Key for PKS
expansion" (see Section 6.3). expansion" (see Section 6.3).
- PKS cannot be decoded for policy reasons. o PKS cannot be decoded for policy reasons.
The LSR sends a PathErr message with the error code "Policy The LSR sends a PathErr message with the error code "Policy
Control Failure" and the error value "Inter-domain policy Control Failure" and the error value "Inter-domain policy
failure". failure".
- Addition of CPS to ERO causes Path message to become too large. o Addition of CPS to ERO causes Path message to become too large.
The LSR MAY replace part of the ERO with loose hops [RFC3209] or The LSR MAY replace part of the ERO with loose hops [RFC3209] or
with a further PKS according to local policy if the loss in with a further PKS, according to local policy, if the loss of
specifics within the explicit path is acceptable. If the LSR is specifics within the explicit path is acceptable. If the LSR is
unable to take steps to reduce the size of the ERO it MUST send a unable to take steps to reduce the size of the ERO, it MUST send
PathErr message with the error code "Routing Problem" and a new a PathErr message with the error code "Routing Problem" and the
error value "ERO too large for MTU" (see Section 6.3). new error value "ERO too large for MTU" (see Section 6.3).
- An LSR that is called on to process a PKS within an ERO, but does - An LSR that is called on to process a PKS within an ERO but that
not recognize the subobject will react according to [RFC3209] and does not recognize the subobject, will react according to [RFC3209]
send a PathErr message with the error code/value combination and send a PathErr message with the error code/value combination
"Routing Problem"/"Bad Explicit Route Object". "Routing Problem"/"Bad Explicit Route Object".
3.2. Reporting Path Key Segments in Record Route Objects 3.2. Reporting Path Key Segments in Record Route Objects
The Record Route Object (RRO) is used in RSVP-TE to record the route The Record Route Object (RRO) is used in RSVP-TE to record the route
traversed by an LSP. The RRO may be present on a Path message and on traversed by an LSP. The RRO may be present on a Path message and on
a Resv message. The intention [RFC3209] is that an RRO on a Resv a Resv message. The intention of [RFC3209] is that an RRO on a Resv
message received by an ingress LSR is suitable for use as an ERO on a message that is received by an ingress LSR is suitable for use as an
Path message sent by that LSR to achieve an identical LSP. ERO on a Path message sent by that LSR to achieve an identical LSP.
The PKS offers an alternative that can be more useful to diagnostics. The PKS offers an alternative that can be more useful to diagnostics.
When the signaling message crosses a domain boundary, the path When the signaling message crosses a domain boundary, the path
segment that needs to be hidden (that is, a CPS) MAY be replaced in segment that needs to be hidden (that is, a CPS) MAY be replaced in
the RRO with a PKS. In the case of an RRO on a Resv message, the PKS the RRO with a PKS. In the case of an RRO on a Resv message, the PKS
used SHOULD be the one originally signaled in the ERO of the Path used SHOULD be the one originally signaled in the ERO of the Path
message. On a Path message, the PKS SHOULD identify the LSR replacing message. On a Path message, the PKS SHOULD identify the LSR
the CPS, and provide a Path Key that can be used to expand the path replacing the CPS and provide a Path Key that can be used to expand
segment. In the latter case, the Path Key and its expansion SHOULD be the path segment. In the latter case, the Path Key and its expansion
retained by the LSR that performs the substitution for at least the SHOULD be retained by the LSR that performs the substitution for at
lifetime of the LSP. In both cases, the expansion of the PKS SHOULD least the lifetime of the LSP. In both cases, the expansion of the
be made available to diagnostic tools under the control of local PKS SHOULD be made available to diagnostic tools under the control of
policy. local policy.
4. Security Considerations 4. Security Considerations
The protocol interactions required by the mechanisms described in The protocol interactions required by the mechanisms described in
this document are point to point and can be authenticated and made this document are point-to-point and can be authenticated and made
secure as described in [RFC5440] and [RFC3209]. The protocol secure as described in [RFC5440] and [RFC3209]. The protocol
interactions for PCEP are listed in [PCE-PKS], while general interactions for PCEP are listed in [RFC5520], while general
considerations for securing RSVP-TE in MPLS-TE and GMPLS networks can considerations for securing RSVP-TE in MPLS-TE and GMPLS networks can
be found in [MPLS-SEC]. be found in [MPLS-SEC].
Thus, the security issues can be dealt with using standard techniques Thus, security issues can be dealt with using standard techniques for
for securing and authenticating point-to-point communications. In securing and authenticating point-to-point communications. In
addition, it is RECOMMENDED that the PCE providing a PKS expansion addition, it is RECOMMENDED that the PCE providing a PKS expansion
checks that the LSR that issued the request for PKS expansion is the check that the LSR that issued the request for PKS expansion is the
head end of the resulting CPS. head end of the resulting CPS.
Further protection can be provided by using a PCE ID to identify Further protection can be provided by using a PCE-ID to identify the
the decoding PCE that is only meaningful within the domain that decoding PCE that is only meaningful within the domain that contains
contains the LSR at the head of the CPS. This may be an IP address the LSR at the head of the CPS. This may be either an IP address
that is only reachable from within the domain, or some non-address that is only reachable from within the domain or some non-address
value. The former requires configuration of policy on the PCEs, value. The former requires configuration of policy on the PCEs; the
the latter requires domain-wide policy. latter requires domain-wide policy.
The following specific security issues need to be considered. The following specific security issues need to be considered.
- Confidentiality of the CPS. The question to be answered is whether - Confidentiality of the CPS. The question to be answered is whether
other network elements can probe a PCE for the expansion of PKSs, other network elements can probe a PCE for the expansion of PKSs,
possibly generating path keys at random. This can be protected possibly generating Path Keys at random. This can be protected
against by only allowing PKS expansion to be successfully completed against by only allowing PKS expansion to be successfully completed
if requested by the LSR that is at the head end of the resulting if requested by the LSR that is at the head end of the resulting
CPS. Under specific circumstances, PKS expansion might also be CPS. Under specific circumstances, PKS expansion might also be
allowed by configured management stations. allowed by configured management stations.
The CPS itself may be kept confidential as it is exchanged in the The CPS itself may be kept confidential as it is exchanged in the
PCEP and RSVP-TE protocols using standard security mechanisms PCEP and RSVP-TE protocols using standard security mechanisms
defined for those protocols. defined for those protocols.
- Determination of information by probing. In addition to the probing - Determination of information by probing. In addition to the
described above, a node might deduce information from the error probing described above, a node might deduce information from the
responses generated when PKS expansion fails as described in error responses that are generated when PKS expansion fails as
Section 3.1. Any LSR that considers that supplying one of the described in Section 3.1. Any LSR that determines that supplying
detailed error codes described in Section 3.1 might provide too one of the detailed error codes described in Section 3.1 might
much information that could be used as part of a systematic attack, provide too much information that could be used as part of a
MAY simply use the error code/value "Policy Control Failure"/ systematic attack MAY simply use the error code/value "Policy
"Inter-domain policy failure" in all cases. Control Failure" / "Inter-domain policy failure" in all cases.
- Authenticity of the path key. A concern is that the path key in the - Authenticity of the Path Key. A concern is that the Path Key in
PKS will be altered or faked leading to erroneous path key the PKS will be altered or faked, leading to erroneous Path Key
expansion and the use of the wrong CPS. The consequence would be a expansion and use of the wrong CPS. The consequence would be a bad
bad ERO in a Path message causing the LSP to be set up incorrectly ERO in a Path message, causing the LSP to be set up incorrectly and
resulting in incorrect network resource usage, diversion of traffic resulting in incorrect network resource usage, diversion of traffic
to where it can be intercepted, or failure to set up the LSP. These to where it can be intercepted, or failure to set up the LSP.
problems can be prevented by protecting the protocol exchanges in These problems can be prevented by protecting the protocol
PCEP and RSVP-TE using the security techniques described in exchanges in PCEP and RSVP-TE using the security techniques
[RFC5440], [RFC3209], and [MPLS-SEC]. described in [RFC5440], [RFC3209], and [MPLS-SEC].
- Resilience to DoS attacks. A PCE can be attacked through a flood of - Resilience to denial-of-service (DoS) attacks. A PCE can be
path key expansion requests - this issue is addressed in [PCE-PKS] attacked through a flood of Path Key expansion requests -- this
and is out of scope for this document. A further attack might issue is addressed in [RFC5520] and is out of scope for this
consist of sending a flood of RSVP-TE Path messages with document. A further attack might consist of sending a flood of
deliberately spurious PKSs. This attack is prevented by ensuring RSVP-TE Path messages with deliberately spurious PKSs. This attack
the integrity of the Path messages using standard RSVP-TE security is prevented by ensuring the integrity of the Path messages using
mechanisms, and by enforcing the RSVP-TE chain of trust security standard RSVP-TE security mechanisms and by enforcing the RSVP-TE
model. chain-of-trust security model.
5. Manageability Considerations 5. Manageability Considerations
5.1. Control of Function Through Configuration and Policy 5.1. Control of Function through Configuration and Policy
Policy forms an important part of the use of PKSs in EROs and RROs. Policy forms an important part of the use of PKSs in EROs and RROs.
There are local and domain-wide policies that SHOULD be available for There are local and domain-wide policies that SHOULD be available for
configuration in an implementation. configuration in an implementation.
- Handling of an ERO containing a PKS. As described in Section 3.1 an - Handling of an ERO containing a PKS. As described in Section 3.1,
LSR that receives a Path message containing a PKS can be configured an LSR that receives a Path message containing a PKS can be
to reject the Path message according to policy. configured to reject the Path message according to policy.
- Handling of PKS requests at a PCE. As described in Section 3.1, in - Handling of PKS requests at a PCE. As described in Section 3.1, in
[PCE-PKS], and in [RFC5394] a PCE can be configured with policy [RFC5520], and in [RFC5394], a PCE can be configured with policy
about how it should handle requests for PKS expansion. regarding how it should handle requests for PKS expansion.
- PKS expansion. Section 3.1 explains that the PKS can be expanded by - PKS expansion. Section 3.1 explains that the PKS can be expanded
the local LSR, the specific PCE identified in the PKS, any PCE by the local LSR, the specific PCE identified in the PKS, any PCE
acting as a proxy, or by some other method. The behavior of the LSR acting as a proxy, or by some other method. The behavior of the
needs to be locally configurable, but is subject the domain-wide LSR needs to be locally configurable but is subject to the domain-
policy. wide policy.
- Interpretation of PCE-ID. The interpretation of the PCE-ID - Interpretation of PCE-ID. The interpretation of the PCE-ID
component of PKSs is subject to domain-local policy and needs to be component of PKSs is subject to domain-local policy and needs to be
configurable as such. See Section 3 and Section 4 for the options. configurable as such. See Section 3 and Section 4 for the options.
- ERO too large. The behavior of an LSR when it finds that adding a - ERO too large. The behavior of an LSR when it finds that adding a
CPS to the ERO causes the Path message to be too large, is an CPS to the ERO causes the Path message to be too large is an
implementation choice. However, implementations may choose to implementation choice. However, implementations may choose to
provide configuration of behavior as described in Section 3.1. provide configuration of behavior as described in Section 3.1.
- Masking of RRO. As described in Section 3.2, a border router can - Masking of RRO. As described in Section 3.2, a border router can
choose to mask segments of the path by replacing them with PKSs. choose to mask segments of the path by replacing them with PKSs.
This behavior needs to be configurable with the default being to This behavior needs to be configurable, with the default being to
not hide any part of the RRO. not hide any part of the RRO.
- Inspection / decode of PKS by diagnostic tools. A PCE can allow - Inspection / decoding of PKS by diagnostic tools. A PCE can allow
access from management or diagnostic tools to request the expansion access from management or diagnostic tools to request the expansion
of a PKS. Note that this must be regulated with the security and of a PKS. Note that this must be regulated with the security and
confidentiality behavior described in Section 4. confidentiality behavior described in Section 4.
- Hiding of reason codes. An LSR can support the configuration of - Hiding of reason codes. An LSR can support the configuration of
local policy to hide reason codes associated with the failure to local policy to hide reason codes associated with the failure to
expand a PKS, and as described in Section 4, report all errors as expand a PKS and, as described in Section 4, report all errors as
policy failures. policy failures.
The treatment of a path segment as a CPS, and its substitution in The treatment of a path segment as a CPS, and its substitution in a
a PCRep ERO with a PKS, is a PCE function and is described in PCRep ERO with a PKS, is a PCE function and is described in
[PCE-PKS]. [RFC5520].
6. IANA considerations 6. IANA Considerations
6.1. Explicit Route Object Subobjects 6.1. Explicit Route Object Subobjects
IANA maintains a registry called "Resource Reservation Protocol IANA maintains a registry called "Resource Reservation Protocol
(RSVP) Parameters" with a subregistry called "Class Names, Class (RSVP) Parameters" with a subregistry called "Class Names, Class
Numbers, and Class Types". Numbers, and Class Types".
Within this subregistry there is a definition of the EXPLICIT_ROUTE Within this subregistry, there is a definition of the EXPLICIT_ROUTE
object with Class Number 20. The object definition lists a number of object with Class Number 20. The object definition lists a number of
acceptable sub-objects for the Class Type 1. acceptable subobjects for the Class Type 1.
IANA is requested to allocate two further sub-objects as described in IANA has allocated two further subobjects as described in Section 3.
Section 3. The resulting entry in the registry should look as The resulting entry in the registry is as follows.
follows.
20 EXPLICIT_ROUTE [RFC3209] 20 EXPLICIT_ROUTE [RFC3209]
Class Types or C-Types: Class Types or C-Types:
1 Type 1 Explicit Route [RFC3209] 1 Type 1 Explicit Route [RFC3209]
Sub-object type Subobject type
64 Path Key with 32-bit PCE ID [This.I-D] 64 Path Key with 32-bit PCE-ID [RFC5553]
65 Path Key with 128-bit PCE ID [This.I-D] 65 Path Key with 128-bit PCE-ID [RFC5553]
Note well: [PCE-PKS] defines the PKS for use in PCEP. IANA is Note well: [RFC5520] defines the PKS for use in PCEP. IANA has
requested to assign the same sub-object numbers for use in RSVP-TE as assigned the same subobject numbers for use in RSVP-TE as are
are assigned for the PKS in PCEP. The numbers suggested above are the assigned for the PKS in PCEP. The numbers above are the same as in
same as are suggested in [PCE-PKS]. [RFC5520].
6.2. Record Route Objects Subobjects 6.2. Record Route Objects Subobjects
IANA maintains a registry called "Resource Reservation Protocol IANA maintains a registry called "Resource Reservation Protocol
(RSVP) Parameters" with a subregistry called "Class Names, Class (RSVP) Parameters" with a subregistry called "Class Names, Class
Numbers, and Class Types". Numbers, and Class Types".
Within this subregistry there is a definition of the ROUTE_RECORD Within this subregistry, there is a definition of the ROUTE_RECORD
object (also known as the RECORD_ROUTE object) with Class Number 21. object (also known as the RECORD_ROUTE object) with Class Number 21.
The object definition lists a number of acceptable sub-objects for The object definition lists a number of acceptable subobjects for the
the Class Type 1. Class Type 1.
IANA is requested to allocate two further sub-objects as described in IANA has allocated two further subobjects as described in Section 3.
Section 3. The resulting entry in the registry should look as The resulting entry in the registry is as follows.
follows.
21 ROUTE_RECORD [RFC3209] 21 ROUTE_RECORD [RFC3209]
(also known as RECORD_ROUTE) (also known as RECORD_ROUTE)
Class Types or C-Types: Class Types or C-Types:
1 Type 1 Route Record [RFC3209] 1 Type 1 Route Record [RFC3209]
Sub-object type Subobject type
64 Path Key with 32-bit PCE ID [This.I-D] 64 Path Key with 32-bit PCE-ID [RFC5553]
65 Path Key with 128-bit PCE ID [This.I-D] 65 Path Key with 128-bit PCE-ID [RFC5553]
Note well: IANA is requested to use the same sub-object numbers as Note well: IANA is requested to use the same subobject numbers as are
are defined for the EXPLICIT_ROUTE object in Section 6.1. defined for the EXPLICIT_ROUTE object in Section 6.1.
6.3. Error Codes and Error Values 6.3. Error Codes and Error Values
IANA maintains a registry called "Resource Reservation Protocol IANA maintains a registry called "Resource Reservation Protocol
(RSVP) Parameters" with a subregistry called "Error Codes and (RSVP) Parameters" with a subregistry called "Error Codes and
Globally-Defined Error Value Sub-Codes". Globally-Defined Error Value Sub-Codes".
Within this subregistry there is a definition of the "Routing Within this subregistry, there is a definition of the "Routing
Problem" error code with error code value 24. The definition lists a Problem" error code with error code value 24. The definition lists a
number of error values that may be used with this error code. number of error values that may be used with this error code.
IANA is requested to allocate further error values for use with this IANA has allocated further error values for use with this error code
error value as described in Section 3.1. The resulting entry in the as described in Section 3.1. The resulting entry in the registry is
registry should look as follows. as follows.
24 Routing Problem [RFC3209] 24 Routing Problem [RFC3209]
This Error Code has the following globally-defined Error This Error Code has the following globally defined Error
Value sub-codes: Value sub-codes:
31 = Unknown PCE-ID for PKS expansion [This.ID] 31 = Unknown PCE-ID for PKS expansion [RFC5553]
32 = Unreachable PCE for PKS expansion [This.ID] 32 = Unreachable PCE for PKS expansion [RFC5553]
33 = Unknown Path Key for PKS expansion [This.ID] 33 = Unknown Path Key for PKS expansion [RFC5553]
34 = ERO too large for MTU [This.ID] 34 = ERO too large for MTU [RFC5553]
The values shown above are suggested values.
7. References 7. References
7.1. Normative References 7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V. [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, December 2001. Tunnels", RFC 3209, December 2001.
[RFC3473] Berger, L., et al. "GMPLS Singaling RSVP-TE extensions", [RFC3473] Berger, L., Ed., "Generalized Multi-Protocol Label
RFC3473, January 2003. Switching (GMPLS) Signaling Resource ReserVation
Protocol-Traffic Engineering (RSVP-TE) Extensions", RFC
3473, January 2003.
7.2. Informational References 7.2. Informative References
[RFC4655] Farrel, A., Vasseur, J.P., and Ash, J., "Path Computation [RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path
Element (PCE) Architecture", RFC 4655, August 2006. Computation Element (PCE)-Based Architecture", RFC 4655,
August 2006.
[RFC4726] Farrel, A., Vasseur, J.P., and Ayyangar, A., "A Framework [RFC4726] Farrel, A., Vasseur, J.-P., and A. Ayyangar, "A Framework
for Inter-Domain Multiprotocol Label Switching Traffic for Inter-Domain Multiprotocol Label Switching Traffic
Engineering", RFC 4726, November 2006. Engineering", RFC 4726, November 2006.
[RFC5394] Bryskin, I., Papadimitriou, D., Berger, L. and Ash, J., [RFC5394] Bryskin, I., Papadimitriou, D., Berger, L., and J. Ash,
"Policy-Enabled Path Computation Framework", RFC 5394, "Policy-Enabled Path Computation Framework", RFC 5394,
December 2008. December 2008.
[RFC5440] J.P. Vasseur, et al., "Path Computation Element (PCE) [RFC5440] Vasseur, JP., Ed., and JL. Le Roux, Ed., "Path Computation
Communication Protocol (PCEP)", RFC 5440, March 2009. Element (PCE) Communication Protocol (PCEP)", RFC 5440,
March 2009.
[MPLS-SEC] Fang, L., et al., "Security Framework for MPLS and GMPLS [RFC5520] Bradford, R., Ed., Vasseur, JP., and A. Farrel,
Networks", draft-ietf-mpls-mpls-and-gmpls-security- "Preserving Topology Confidentiality in Inter-Domain Path
framework, work in progress. Computation Using a Path-Key-Based Mechanism", RFC 5520,
April 2009.
[PCE-PKS] Bradford, R., Vasseur, J.P., and Farrel, A., "Preserving [MPLS-SEC] Fang, L., Ed., "Security Framework for MPLS and GMPLS
Topology Confidentiality in Inter-Domain Path Computation Networks", Work in Progress, March 2009.
Using a Key-Based Mechanism", draft-ietf-pce-path-key,
work in progress.
8. Authors' Addresses: Authors' Addresses
Adrian Farrel Adrian Farrel
Old Dog Consulting Old Dog Consulting
EMail: adrian@olddog.co.uk EMail: adrian@olddog.co.uk
Rich Bradford Rich Bradford
Cisco Systems, Inc. Cisco Systems, Inc.
1414 Massachusetts Avenue 1414 Massachusetts Avenue
Boxborough, MA - 01719 Boxborough, MA - 01719
USA USA
Email: rbradfor@cisco.com EMail: rbradfor@cisco.com
Jean-Philippe Vasseur Jean-Philippe Vasseur
Cisco Systems, Inc. Cisco Systems, Inc
1414 Massachusetts Avenue 11, Rue Camille Desmoulins
Boxborough, MA - 01719 L'Atlantis
USA 92782 Issy Les Moulineaux
Email: jpv@cisco.com France
EMail: jpv@cisco.com
Intellectual Property
The IETF Trust takes no position regarding the validity or scope of
any Intellectual Property Rights or other rights that might be
claimed to pertain to the implementation or use of the technology
described in any IETF Document or the extent to which any license
under such rights might or might not be available; nor does it
represent that it has made any independent effort to identify any
such rights.
Copies of Intellectual Property disclosures made to the IETF
Secretariat and any assurances of licenses to be made available, or
the result of an attempt made to obtain a general license or
permission for the use of such proprietary rights by implementers or
users of this specification can be obtained from the IETF on-line IPR
repository at http://www.ietf.org/ipr
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
any standard or specification contained in an IETF Document. Please
address the information to the IETF at ietf-ipr@ietf.org.
The definitive version of an IETF Document is that published by, or
under the auspices of, the IETF. Versions of IETF Documents that are
published by third parties, including those that are translated into
other languages, should not be considered to be definitive versions
of IETF Documents. The definitive version of these Legal Provisions
is that published by, or under the auspices of, the IETF. Versions of
these Legal Provisions that are published by third parties, including
those that are translated into other languages, should not be
considered to be definitive versions of these Legal Provisions.
For the avoidance of doubt, each Contributor to the IETF Standards
Process licenses each Contribution that he or she makes as part of
the IETF Standards Process to the IETF Trust pursuant to the
provisions of RFC 5378. No language to the contrary, or terms,
conditions or rights that differ from or are inconsistent with the
rights and licenses granted under RFC 5378, shall have any effect and
shall be null and void, whether published or posted by such
Contributor, or included with or in such Contribution.
Disclaimer of Validity
All IETF Documents and the information contained therein are provided
on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE
ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
Full Copyright Statement
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your
rights and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s)
controlling the copyright in such materials, this document may not
be modified outside the IETF Standards Process, and derivative
works of it may not be created outside the IETF Standards Process,
except to format it for publication as an RFC or to translate it
into languages other than English.
 End of changes. 99 change blocks. 
229 lines changed or deleted 243 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/