| draft-ietf-pce-stateful-sync-optimizations-09.txt | draft-ietf-pce-stateful-sync-optimizations-10.txt | |||
|---|---|---|---|---|
| PCE Working Group E. Crabbe | PCE Working Group E. Crabbe | |||
| Internet-Draft Oracle | Internet-Draft Oracle | |||
| Intended status: Standards Track I. Minei | Intended status: Standards Track I. Minei | |||
| Expires: September 1, 2017 Google, Inc. | Expires: September 28, 2017 Google, Inc. | |||
| J. Medved | J. Medved | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| R. Varga | R. Varga | |||
| Pantheon Technologies SRO | Pantheon Technologies SRO | |||
| X. Zhang | X. Zhang | |||
| D. Dhody | D. Dhody | |||
| Huawei Technologies | Huawei Technologies | |||
| February 28, 2017 | March 27, 2017 | |||
| Optimizations of Label Switched Path State Synchronization Procedures | Optimizations of Label Switched Path State Synchronization Procedures | |||
| for a Stateful PCE | for a Stateful PCE | |||
| draft-ietf-pce-stateful-sync-optimizations-09 | draft-ietf-pce-stateful-sync-optimizations-10 | |||
| Abstract | Abstract | |||
| A stateful Path Computation Element (PCE) has access to not only the | A stateful Path Computation Element (PCE) has access to not only the | |||
| information disseminated by the network's Interior Gateway Protocol | information disseminated by the network's Interior Gateway Protocol | |||
| (IGP), but also the set of active paths and their reserved resources | (IGP), but also the set of active paths and their reserved resources | |||
| for its computation. The additional Label Switched Path (LSP) state | for its computation. The additional Label Switched Path (LSP) state | |||
| information allows the PCE to compute constrained paths while | information allows the PCE to compute constrained paths while | |||
| considering individual LSPs and their interactions. This requires a | considering individual LSPs and their interactions. This requires a | |||
| state synchronization mechanism between the PCE and the network, PCE | state synchronization mechanism between the PCE and the network, PCE | |||
| skipping to change at page 2, line 12 ¶ | skipping to change at page 2, line 12 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 1, 2017. | This Internet-Draft will expire on September 28, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 18 ¶ | skipping to change at page 3, line 18 ¶ | |||
| 9.2. Information and Data Models . . . . . . . . . . . . . . . 21 | 9.2. Information and Data Models . . . . . . . . . . . . . . . 21 | |||
| 9.3. Liveness Detection and Monitoring . . . . . . . . . . . . 22 | 9.3. Liveness Detection and Monitoring . . . . . . . . . . . . 22 | |||
| 9.4. Verify Correct Operations . . . . . . . . . . . . . . . . 22 | 9.4. Verify Correct Operations . . . . . . . . . . . . . . . . 22 | |||
| 9.5. Requirements On Other Protocols . . . . . . . . . . . . . 22 | 9.5. Requirements On Other Protocols . . . . . . . . . . . . . 22 | |||
| 9.6. Impact On Network Operations . . . . . . . . . . . . . . 22 | 9.6. Impact On Network Operations . . . . . . . . . . . . . . 22 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 23 | 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 | 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 | 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 23 | 13.2. Informative References . . . . . . . . . . . . . . . . . 24 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 1. Introduction | 1. Introduction | |||
| The Path Computation Element Communication Protocol (PCEP) provides | The Path Computation Element Communication Protocol (PCEP) provides | |||
| mechanisms for Path Computation Elements (PCEs) to perform path | mechanisms for Path Computation Elements (PCEs) to perform path | |||
| computations in response to Path Computation Clients (PCCs) requests. | computations in response to Path Computation Clients (PCCs) requests. | |||
| [I-D.ietf-pce-stateful-pce] describes a set of extensions to PCEP to | [I-D.ietf-pce-stateful-pce] describes a set of extensions to PCEP to | |||
| provide stateful control. A stateful PCE has access to not only the | provide stateful control. A stateful PCE has access to not only the | |||
| skipping to change at page 22, line 45 ¶ | skipping to change at page 22, line 45 ¶ | |||
| 10. Security Considerations | 10. Security Considerations | |||
| The security considerations listed in [I-D.ietf-pce-stateful-pce] | The security considerations listed in [I-D.ietf-pce-stateful-pce] | |||
| apply to this document as well. However, this document also | apply to this document as well. However, this document also | |||
| introduces some new attack vectors. An attacker could spoof the | introduces some new attack vectors. An attacker could spoof the | |||
| SPEAKER-ENTITY-ID and pretend to be another PCEP speaker. An | SPEAKER-ENTITY-ID and pretend to be another PCEP speaker. An | |||
| attacker may flood the PCC with triggered re-synchronization request | attacker may flood the PCC with triggered re-synchronization request | |||
| at a rate which exceeds the PCC's ability to process them, either by | at a rate which exceeds the PCC's ability to process them, either by | |||
| spoofing messages or by compromising the PCE itself. The PCC can | spoofing messages or by compromising the PCE itself. The PCC can | |||
| respond with PCErr message as described in Section 6.2 and terminate | respond with PCErr message as described in Section 6.2 and terminate | |||
| the session. Thus securing the PCEP session using mechanism like TCP | the session. Thus securing the PCEP session using Transport Layer | |||
| Authentication Option (TCP-AO) [RFC5925] or Transport Layer Security | Security (TLS) [I-D.ietf-pce-pceps], as per the recommendations and | |||
| (TLS) [I-D.ietf-pce-pceps] is RECOMMENDED. | best current practices in [RFC7525], is RECOMMENDED. An | |||
| administrator could also expose the speaker entity id as part of the | ||||
| certificate, for the peer identity verification. | ||||
| 11. Acknowledgments | 11. Acknowledgments | |||
| We would like to thank Young Lee, Sergio Belotti and Cyril Margaria | We would like to thank Young Lee, Sergio Belotti and Cyril Margaria | |||
| for their comments and discussions. | for their comments and discussions. | |||
| Thanks to Jonathan Hardwick for being the document shepherd and | Thanks to Jonathan Hardwick for being the document shepherd and | |||
| provide comments and guidance. | provide comments and guidance. | |||
| Thanks to Tomonori Takeda for Routing Area Directorate review. | Thanks to Tomonori Takeda for Routing Area Directorate review. | |||
| Thanks to Adrian Farrel for TSVART review and providing detailed | Thanks to Adrian Farrel for TSVART review and providing detailed | |||
| comments and suggestions. | comments and suggestions. | |||
| Thanks to Daniel Franke for SECDIR review. | ||||
| Thanks to Alvaro Retana, Kathleen Moriarty, and Stephen Farrell for | ||||
| comments during the IESG evaluation. | ||||
| Thanks to Deborah Brungard for being the responsible AD and guiding | ||||
| the authors as needed. | ||||
| 12. Contributors | 12. Contributors | |||
| Gang Xie | Gang Xie | |||
| Huawei Technologies | Huawei Technologies | |||
| F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District | F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District | |||
| Shenzhen, Guangdong, 518129 | Shenzhen, Guangdong, 518129 | |||
| P.R. China | P.R. China | |||
| Email: xiegang09@huawei.com | Email: xiegang09@huawei.com | |||
| 13. References | 13. References | |||
| skipping to change at page 23, line 48 ¶ | skipping to change at page 24, line 7 ¶ | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <http://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation | [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation | |||
| Element (PCE) Communication Protocol (PCEP)", RFC 5440, | Element (PCE) Communication Protocol (PCEP)", RFC 5440, | |||
| DOI 10.17487/RFC5440, March 2009, | DOI 10.17487/RFC5440, March 2009, | |||
| <http://www.rfc-editor.org/info/rfc5440>. | <http://www.rfc-editor.org/info/rfc5440>. | |||
| 13.2. Informative References | 13.2. Informative References | |||
| [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP | [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | |||
| Authentication Option", RFC 5925, DOI 10.17487/RFC5925, | "Recommendations for Secure Use of Transport Layer | |||
| June 2010, <http://www.rfc-editor.org/info/rfc5925>. | Security (TLS) and Datagram Transport Layer Security | |||
| (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | ||||
| 2015, <http://www.rfc-editor.org/info/rfc7525>. | ||||
| [RFC8051] Zhang, X., Ed. and I. Minei, Ed., "Applicability of a | [RFC8051] Zhang, X., Ed. and I. Minei, Ed., "Applicability of a | |||
| Stateful Path Computation Element (PCE)", RFC 8051, | Stateful Path Computation Element (PCE)", RFC 8051, | |||
| DOI 10.17487/RFC8051, January 2017, | DOI 10.17487/RFC8051, January 2017, | |||
| <http://www.rfc-editor.org/info/rfc8051>. | <http://www.rfc-editor.org/info/rfc8051>. | |||
| [I-D.ietf-pce-pcep-yang] | [I-D.ietf-pce-pcep-yang] | |||
| Dhody, D., Hardwick, J., Beeram, V., and j. | Dhody, D., Hardwick, J., Beeram, V., and j. | |||
| jefftant@gmail.com, "A YANG Data Model for Path | jefftant@gmail.com, "A YANG Data Model for Path | |||
| Computation Element Communications Protocol (PCEP)", | Computation Element Communications Protocol (PCEP)", | |||
| draft-ietf-pce-pcep-yang-01 (work in progress), October | draft-ietf-pce-pcep-yang-02 (work in progress), March | |||
| 2016. | 2017. | |||
| [I-D.ietf-pce-pceps] | [I-D.ietf-pce-pceps] | |||
| Lopez, D., Dios, O., Wu, W., and D. Dhody, "Secure | Lopez, D., Dios, O., Wu, W., and D. Dhody, "Secure | |||
| Transport for PCEP", draft-ietf-pce-pceps-11 (work in | Transport for PCEP", draft-ietf-pce-pceps-11 (work in | |||
| progress), January 2017. | progress), January 2017. | |||
| Authors' Addresses | Authors' Addresses | |||
| Edward Crabbe | Edward Crabbe | |||
| Oracle | Oracle | |||
| skipping to change at page 24, line 36 ¶ | skipping to change at page 25, line 4 ¶ | |||
| EMail: edward.crabbe@gmail.com | EMail: edward.crabbe@gmail.com | |||
| Ina Minei | Ina Minei | |||
| Google, Inc. | Google, Inc. | |||
| 1600 Amphitheatre Parkway | 1600 Amphitheatre Parkway | |||
| Mountain View, CA 94043 | Mountain View, CA 94043 | |||
| US | US | |||
| EMail: inaminei@google.com | EMail: inaminei@google.com | |||
| Jan Medved | Jan Medved | |||
| Cisco Systems, Inc. | Cisco Systems, Inc. | |||
| 170 West Tasman Dr. | 170 West Tasman Dr. | |||
| San Jose, CA 95134 | San Jose, CA 95134 | |||
| US | US | |||
| EMail: jmedved@cisco.com | EMail: jmedved@cisco.com | |||
| Robert Varga | Robert Varga | |||
| Pantheon Technologies SRO | Pantheon Technologies SRO | |||
| Mlynske Nivy 56 | Mlynske Nivy 56 | |||
| Bratislava 821 05 | Bratislava 821 05 | |||
| Slovakia | Slovakia | |||
| EMail: robert.varga@pantheon.sk | EMail: robert.varga@pantheon.tech | |||
| Xian Zhang | Xian Zhang | |||
| Huawei Technologies | Huawei Technologies | |||
| F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District | F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District | |||
| Shenzhen, Guangdong 518129 | Shenzhen, Guangdong 518129 | |||
| P.R.China | P.R.China | |||
| EMail: zhang.xian@huawei.com | EMail: zhang.xian@huawei.com | |||
| Dhruv Dhody | Dhruv Dhody | |||
| End of changes. 12 change blocks. | ||||
| 15 lines changed or deleted | 27 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||