--- 1/draft-ietf-pce-stateful-sync-optimizations-09.txt 2017-03-27 04:13:26.113172549 -0700 +++ 2/draft-ietf-pce-stateful-sync-optimizations-10.txt 2017-03-27 04:13:26.177174056 -0700 @@ -1,27 +1,27 @@ PCE Working Group E. Crabbe Internet-Draft Oracle Intended status: Standards Track I. Minei -Expires: September 1, 2017 Google, Inc. +Expires: September 28, 2017 Google, Inc. J. Medved Cisco Systems, Inc. R. Varga Pantheon Technologies SRO X. Zhang D. Dhody Huawei Technologies - February 28, 2017 + March 27, 2017 Optimizations of Label Switched Path State Synchronization Procedures for a Stateful PCE - draft-ietf-pce-stateful-sync-optimizations-09 + draft-ietf-pce-stateful-sync-optimizations-10 Abstract A stateful Path Computation Element (PCE) has access to not only the information disseminated by the network's Interior Gateway Protocol (IGP), but also the set of active paths and their reserved resources for its computation. The additional Label Switched Path (LSP) state information allows the PCE to compute constrained paths while considering individual LSPs and their interactions. This requires a state synchronization mechanism between the PCE and the network, PCE @@ -46,21 +46,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 1, 2017. + This Internet-Draft will expire on September 28, 2017. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -100,21 +100,21 @@ 9.2. Information and Data Models . . . . . . . . . . . . . . . 21 9.3. Liveness Detection and Monitoring . . . . . . . . . . . . 22 9.4. Verify Correct Operations . . . . . . . . . . . . . . . . 22 9.5. Requirements On Other Protocols . . . . . . . . . . . . . 22 9.6. Impact On Network Operations . . . . . . . . . . . . . . 22 10. Security Considerations . . . . . . . . . . . . . . . . . . . 22 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 23 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 23 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 - 13.2. Informative References . . . . . . . . . . . . . . . . . 23 + 13.2. Informative References . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. [I-D.ietf-pce-stateful-pce] describes a set of extensions to PCEP to provide stateful control. A stateful PCE has access to not only the @@ -938,37 +938,47 @@ 10. Security Considerations The security considerations listed in [I-D.ietf-pce-stateful-pce] apply to this document as well. However, this document also introduces some new attack vectors. An attacker could spoof the SPEAKER-ENTITY-ID and pretend to be another PCEP speaker. An attacker may flood the PCC with triggered re-synchronization request at a rate which exceeds the PCC's ability to process them, either by spoofing messages or by compromising the PCE itself. The PCC can respond with PCErr message as described in Section 6.2 and terminate - the session. Thus securing the PCEP session using mechanism like TCP - Authentication Option (TCP-AO) [RFC5925] or Transport Layer Security - (TLS) [I-D.ietf-pce-pceps] is RECOMMENDED. + the session. Thus securing the PCEP session using Transport Layer + Security (TLS) [I-D.ietf-pce-pceps], as per the recommendations and + best current practices in [RFC7525], is RECOMMENDED. An + administrator could also expose the speaker entity id as part of the + certificate, for the peer identity verification. 11. Acknowledgments We would like to thank Young Lee, Sergio Belotti and Cyril Margaria for their comments and discussions. Thanks to Jonathan Hardwick for being the document shepherd and provide comments and guidance. Thanks to Tomonori Takeda for Routing Area Directorate review. Thanks to Adrian Farrel for TSVART review and providing detailed comments and suggestions. + Thanks to Daniel Franke for SECDIR review. + + Thanks to Alvaro Retana, Kathleen Moriarty, and Stephen Farrell for + comments during the IESG evaluation. + + Thanks to Deborah Brungard for being the responsible AD and guiding + the authors as needed. + 12. Contributors Gang Xie Huawei Technologies F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District Shenzhen, Guangdong, 518129 P.R. China Email: xiegang09@huawei.com 13. References @@ -985,35 +995,37 @@ DOI 10.17487/RFC2119, March 1997, . [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation Element (PCE) Communication Protocol (PCEP)", RFC 5440, DOI 10.17487/RFC5440, March 2009, . 13.2. Informative References - [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP - Authentication Option", RFC 5925, DOI 10.17487/RFC5925, - June 2010, . + [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, + "Recommendations for Secure Use of Transport Layer + Security (TLS) and Datagram Transport Layer Security + (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May + 2015, . [RFC8051] Zhang, X., Ed. and I. Minei, Ed., "Applicability of a Stateful Path Computation Element (PCE)", RFC 8051, DOI 10.17487/RFC8051, January 2017, . [I-D.ietf-pce-pcep-yang] Dhody, D., Hardwick, J., Beeram, V., and j. jefftant@gmail.com, "A YANG Data Model for Path Computation Element Communications Protocol (PCEP)", - draft-ietf-pce-pcep-yang-01 (work in progress), October - 2016. + draft-ietf-pce-pcep-yang-02 (work in progress), March + 2017. [I-D.ietf-pce-pceps] Lopez, D., Dios, O., Wu, W., and D. Dhody, "Secure Transport for PCEP", draft-ietf-pce-pceps-11 (work in progress), January 2017. Authors' Addresses Edward Crabbe Oracle @@ -1020,35 +1032,35 @@ EMail: edward.crabbe@gmail.com Ina Minei Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 US EMail: inaminei@google.com - Jan Medved Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 US EMail: jmedved@cisco.com + Robert Varga Pantheon Technologies SRO Mlynske Nivy 56 Bratislava 821 05 Slovakia - EMail: robert.varga@pantheon.sk + EMail: robert.varga@pantheon.tech Xian Zhang Huawei Technologies F3-5-B R&D Center, Huawei Industrial Base, Bantian, Longgang District Shenzhen, Guangdong 518129 P.R.China EMail: zhang.xian@huawei.com Dhruv Dhody