idnits 2.17.00 (12 Aug 2021) /tmp/idnits32496/draft-ietf-pce-pcep-l2-flowspec-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document date (6 March 2022) is 69 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-19) exists of draft-ietf-idr-flowspec-l2vpn-18 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PCE Working Group D. Dhody 3 Internet-Draft Huawei Technologies 4 Intended status: Standards Track A. Farrel 5 Expires: 7 September 2022 Old Dog Consulting 6 Z. Li 7 Huawei Technologies 8 6 March 2022 10 PCEP Extension for L2 Flow Specification 11 draft-ietf-pce-pcep-l2-flowspec-01 13 Abstract 15 The Path Computation Element (PCE) is a functional component capable 16 of selecting paths through a traffic engineering (TE) network. These 17 paths may be supplied in response to requests for computation or may 18 be unsolicited requests issued by the PCE to network elements. Both 19 approaches use the PCE Communication Protocol (PCEP) to convey the 20 details of the computed path. 22 Traffic flows may be categorized and described using "Flow 23 Specifications". RFC 8955 defines the Flow Specification and 24 describes how Flow Specification components are used to describe 25 traffic flows. RFC 8955 also defines how Flow Specifications may be 26 distributed in BGP to allow specific traffic flows to be associated 27 with routes. 29 RFC 9168 specifies a set of extensions to PCEP to support 30 dissemination of Flow Specifications. This allows a PCE to indicate 31 what traffic should be placed on each path that it is aware of. 33 The extensions defined in this document extends the support for 34 Ethernet Layer 2 (L2) and Layer 2 Virtual Private Network (L2VPN) 35 traffic filtering rules either by themselves or in conjunction with 36 L3 flowspecs. 38 Status of This Memo 40 This Internet-Draft is submitted in full conformance with the 41 provisions of BCP 78 and BCP 79. 43 Internet-Drafts are working documents of the Internet Engineering 44 Task Force (IETF). Note that other groups may also distribute 45 working documents as Internet-Drafts. The list of current Internet- 46 Drafts is at https://datatracker.ietf.org/drafts/current/. 48 Internet-Drafts are draft documents valid for a maximum of six months 49 and may be updated, replaced, or obsoleted by other documents at any 50 time. It is inappropriate to use Internet-Drafts as reference 51 material or to cite them other than as "work in progress." 53 This Internet-Draft will expire on 7 September 2022. 55 Copyright Notice 57 Copyright (c) 2022 IETF Trust and the persons identified as the 58 document authors. All rights reserved. 60 This document is subject to BCP 78 and the IETF Trust's Legal 61 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 62 license-info) in effect on the date of publication of this document. 63 Please review these documents carefully, as they describe your rights 64 and restrictions with respect to this document. Code Components 65 extracted from this document must include Revised BSD License text as 66 described in Section 4.e of the Trust Legal Provisions and are 67 provided without warranty as described in the Revised BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 72 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 73 3. L2 Flow Specifications . . . . . . . . . . . . . . . . . . . 5 74 3.1. L2 Flow Specification TLVs . . . . . . . . . . . . . . . 6 75 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 76 4.1. PCEP TLV Type Indicators . . . . . . . . . . . . . . . . 7 77 4.2. L2 Flow Specification TLV Type Indicators . . . . . . . . 7 78 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 79 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 80 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9 81 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 82 8.1. Normative References . . . . . . . . . . . . . . . . . . 9 83 8.2. Informative References . . . . . . . . . . . . . . . . . 10 84 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 11 85 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 87 1. Introduction 89 [RFC4655] defines the Path Computation Element (PCE), a functional 90 component capable of computing paths for use in traffic engineering 91 networks. PCE was originally conceived for use in Multiprotocol 92 Label Switching (MPLS) for traffic engineering (TE) networks to 93 derive the routes of Label Switched Paths (LSPs). However, the scope 94 of PCE was quickly extended to make it applicable to networks 95 controlled by Generalized MPLS (GMPLS), and more recent work has 96 brought other traffic engineering technologies and planning 97 applications into scope (for example, Segment Routing (SR) 98 [RFC8664]). 100 [RFC5440] describes the PCE Communication Protocol (PCEP). PCEP 101 defines the communication between a Path Computation Client (PCC) and 102 a PCE, or between PCE and PCE, enabling computation of the path for 103 MPLS-TE LSPs. 105 Stateful PCE [RFC8231] specifies a set of extensions to PCEP to 106 enable control of TE-LSPs by a PCE that retains state about the LSPs 107 provisioned in the network (a stateful PCE). [RFC8281] describes the 108 setup, maintenance, and teardown of LSPs initiated by a stateful PCE 109 without the need for local configuration on the PCC, thus allowing 110 for a dynamic network that is centrally controlled. [RFC8283] 111 introduces the architecture for PCE as a central controller and 112 describes how PCE can be viewed as a component that performs 113 computation to place "flows" within the network and decide how these 114 flows are routed. 116 The description of traffic flows by the combination of multiple Flow 117 Specification components and their dissemination as traffic flow 118 specifications (Flow Specifications) is described for BGP in 119 [RFC8955]. In BGP, a Flow Specification is comprised of traffic 120 filtering rules and is associated with actions to perform on the 121 packets that match the Flow Specification. The BGP routers that 122 receive a Flow Specification can classify received packets according 123 to the traffic filtering rules and can direct packets based on the 124 associated actions. [I-D.hares-idr-flowspec-v2] specify the version 125 2 of the BGP flow specification protocol that resolves some of issues 126 with version 1. 128 When a PCE is used to initiate tunnels (such as TE-LSPs or SR paths) 129 using PCEP, it is important that the head end of the tunnels 130 understands what traffic to place on each tunnel. The data flows 131 intended for a tunnel can be described using Flow Specification 132 components. When PCEP is in use for tunnel initiation it makes sense 133 for that same protocol to be used to distribute the Flow 134 Specification components that describe what data is to flow on those 135 tunnels. 137 [RFC9168] specifies a set of extensions to PCEP to support 138 dissemination of Flow Specification components. It includes the 139 creation, update, and withdrawal of Flow Specifications via PCEP, and 140 can be applied to tunnels initiated by the PCE or to tunnels where 141 control is delegated to the PCE by the PCC. Furthermore, a PCC 142 requesting a new path can include Flow Specifications in the request 143 to indicate the purpose of the tunnel allowing the PCE to factor this 144 into the path computation. 146 [I-D.ietf-idr-flowspec-l2vpn] defines a BGP flowspec extension to 147 disseminate Ethernet Layer 2 (L2) and Layer 2 Virtual Private Network 148 (L2VPN) traffic filtering rules either by themselves or in 149 conjunction with L3 flowspecs as per [I-D.hares-idr-flowspec-v2]. 150 This document extends the same support for PCEP by defining a new L2 151 Flow Filter TLV to be carried within the FLOWSPEC object. The 152 context and the procedures for the use of Flow Specifications is as 153 per [RFC9168]. 155 2. Terminology 157 This document uses the following terms defined in [RFC5440]: PCC, 158 PCE, PCEP Peer. 160 The following term from [RFC8955] is used frequently throughout this 161 document: 163 A Flow Specification is an n-tuple consisting of several matching 164 criteria that can be applied to IP traffic. A given IP packet is 165 said to match the defined Flow Specification if it matches all the 166 specified criteria. 168 Its usage in PCEP is further clarified in [RFC9168]. 170 This document uses the terms "stateful PCE" and "active PCE" as 171 advocated in [RFC7399]. 173 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 174 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 175 "OPTIONAL" in this document are to be interpreted as described in BCP 176 14 [RFC2119] [RFC8174] when, and only when, they appear in all 177 capitals, as shown here. 179 3. L2 Flow Specifications 181 As per [RFC9168], to carry Flow Specifications in PCEP messages, a 182 PCEP object called the PCEP FLOWSPEC object is defined. To describe 183 a traffic flow, a PCEP TLV called the Flow Filter TLV is also 184 defined. This document extends the support for L2 flow 185 specifications by creating a new PCEP TLV called L2 Flow Filter TLV 186 and update the processing rules. 188 The PCEP FLOWSPEC object carries a FlowSpec filter rule encoded in a 189 TLV. To describe a traffic flow based on both L3 and L2 fields a new 190 L2 Flow Filter TLV is introduced by this document. The PCEP FLOWSPEC 191 object could carries one of the following combinations of TLVs: 193 * no TLV 195 * one Flow Filter TLV 197 * one L2 Flow Filter TLV 199 * both a Flow Filter TLV and an L2 Flow Filter TLV 201 At most one L2 Flow Filter TLV MAY be include in the the PCEP 202 FLOWSPEC object. The TLV is OPTIONAL when the R (remove) bit is set 203 in the object. At least one Flow Filter TLV or one L2 Flow Filter 204 TLV MUST be present when the R bit is clear. If both TLVs are 205 missing when the R bit is clear, the PCEP peer MUST respond with a 206 PCErr message with error-type TBD1 (FlowSpec Error) and error-value 2 207 (Malformed FlowSpec). A Flow Filter TLV and a L2 Flow Filter TLV MAY 208 both be present when filtering is based on both L3 and L2 fields. 210 The TLV follow the format of all PCEP TLVs as defined in [RFC5440]. 211 The Type field values come from the codepoint space for PCEP TLVs and 212 has the value TBD2. The value field of L2 Flow Filter TLV contain 213 one or more sub-TLVs (Section 3.1, and they represent the complete 214 definition of a Flow Specification for traffic to be placed on the 215 tunnel. The set of Flow Specification TLVs and L2 Flow Filter TLVs 216 in a single instance of a Flow Filter TLV are combined to indicate 217 the specific Flow Specification. Note that the PCEP FLOWSPEC object 218 can include just one Flow Filter TLV, just one L2 Flow Filter TLV, or 219 one of each TLV. 221 The rest of the procedures are same as [RFC9168]. 223 3.1. L2 Flow Specification TLVs 225 The L2 Flow Filter TLV carries one or more L2 Flow Specification TLV. 226 The L2 Flow Specification TLV follows the format of all PCEP TLVs as 227 defined in [RFC5440]. However, the Type values are selected from a 228 separate IANA registry (see Section 4.2) rather than from the common 229 PCEP TLV registry. 231 Type values are chosen so that there can be commonality with L2 Flow 232 Specifications defined for use with BGP 233 [I-D.ietf-idr-flowspec-l2vpn]. This is possible because the BGP Flow 234 Spec encoding uses a single octet to encode the type where as PCEP 235 uses two octets. Thus the space of values for the Type field is 236 partitioned as shown in Figure 1. 238 Range | 239 ---------------+------------------------------------------------- 240 0 .. 255 | Per BGP registry defined by 241 | [I-D.ietf-idr-flowspec-l2vpn]. 242 | Not to be allocated in this registry. 243 | 244 256 .. 65535 | New PCEP Flow Specifications allocated according 245 | to the registry defined in this document. 247 Figure 1: L2 Flow Specification TLV Type Ranges 249 [I-D.ietf-idr-flowspec-l2vpn] is the reference for the registry "L2 250 Flow Spec Component Types" and defines the allocations it contains. 252 The content of the Value field in each TLV is specific to the type 253 and describes the parameters of the Flow Specification. The 254 definition of the format of many of these Value fields is inherited 255 from BGP specifications. Specifically, the inheritance is from 256 [I-D.ietf-idr-flowspec-l2vpn], but may also be inherited from future 257 BGP specifications. 259 When multiple L2 Flow Specification TLVs are present in a single L2 260 Flow Filter TLV they are combined to produce a more detailed 261 specification of a flow. Similarly, when both Flow Filter TLV and L2 262 Flow Filter TLV are present, they are combined to produce a more 263 detailed specification of a flow. 265 An implementation that receives a PCEP message carrying a L2 Flow 266 Specification TLV with a type value that it does not recognize or 267 does not support MUST respond with a PCErr message with error-type 268 TBD1 (FlowSpec Error), error-value 1 (Unsupported FlowSpec) and MUST 269 NOT install the Flow Specification. 271 All L2 Flow Specification TLVs with Types in the range 0 to 255 have 272 their Values interpreted as defined for use in BGP (for example, in 273 [I-D.ietf-idr-flowspec-l2vpn]) and are set using the BGP encoding, 274 but without the type octet (the relevant information is in the Type 275 field of the TLV). The Value field is padded with trailing zeros to 276 achieve 4-byte alignment. 278 This document defines no new types. 280 4. IANA Considerations 282 IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" 283 registry. This document requests IANA actions to allocate code 284 points for the protocol elements defined in this document. 286 4.1. PCEP TLV Type Indicators 288 IANA maintains a subregistry called "PCEP TLV Type Indicators". IANA 289 is requested to make an assignment from this subregistry as follows: 291 Value | Meaning | Reference 292 --------+------------------------------+------------- 293 TBD2 | L2 FLOW FILTER TLV | [This.I-D] 295 4.2. L2 Flow Specification TLV Type Indicators 297 IANA is requested to create a new subregistry called the "PCEP L2 298 Flow Specification TLV Type Indicators" registry. 300 Allocations from this registry are to be made according to the 301 following assignment policies [RFC8126]: 303 Range | Assignment policy 304 ---------------+--------------------------------------------------- 305 0 .. 255 | Reserved - must not be allocated. 306 | Usage mirrors the BGP L2 FlowSpec registry 307 | [I-D.ietf-idr-flowspec-l2vpn]. 308 | 309 256 .. 64506 | Specification Required 310 | 311 64507 .. 65531 | First Come First Served 312 | 313 65532 .. 65535 | Experimental 315 This documents make no allocations in the newly created registry. 317 5. Implementation Status 319 [NOTE TO RFC EDITOR : This whole section and the reference to RFC 320 7942 is to be removed before publication as an RFC] 322 This section records the status of known implementations of the 323 protocol defined by this specification at the time of posting of this 324 Internet-Draft, and is based on a proposal described in [RFC7942]. 325 The description of implementations in this section is intended to 326 assist the IETF in its decision processes in progressing drafts to 327 RFCs. Please note that the listing of any individual implementation 328 here does not imply endorsement by the IETF. Furthermore, no effort 329 has been spent to verify the information presented here that was 330 supplied by IETF contributors. This is not intended as, and must not 331 be construed to be, a catalog of available implementations or their 332 features. Readers are advised to note that other implementations may 333 exist. 335 According to [RFC7942], "this will allow reviewers and working groups 336 to assign due consideration to documents that have the benefit of 337 running code, which may serve as evidence of valuable experimentation 338 and feedback that have made the implemented protocols more mature. 339 It is up to the individual working groups to use this information as 340 they see fit". 342 At the time of posting the -00 version of this document, there are no 343 known implementations of this mechanism. It is believed that two 344 vendors are considering prototype implementations, but these plans 345 are too vague to make any further assertions. 347 6. Security Considerations 349 We may assume that a system that utilizes a remote PCE is subject to 350 a number of vulnerabilities that could allow spurious LSPs or SR 351 paths to be established or that could result in existing paths being 352 modified or torn down. Such systems, therefore, apply security 353 considerations as described in [RFC5440], Section 2.5 of [RFC6952], 354 [RFC8253], and [RFC8955]. 356 As per [RFC9168], the description of Flow Specifications associated 357 with paths set up or controlled by a PCE add a further detail that 358 could be attacked without tearing down LSPs or SR paths, but causing 359 traffic to be misrouted within the network. Therefore, the use of 360 the security mechanisms for PCEP referenced above is important. It 361 further list the security considerations with respect to flow 362 specifications which are applicable to L2 flowspec as well. 364 7. Acknowledgements 366 Thanks to Susan Hares for discussion related to BGP Flowspec V2. 368 8. References 370 8.1. Normative References 372 [I-D.ietf-idr-flowspec-l2vpn] 373 Hao, W., Eastlake, D. E., Litkowski, S., and S. Zhuang, 374 "BGP Dissemination of L2 Flow Specification Rules", Work 375 in Progress, Internet-Draft, draft-ietf-idr-flowspec- 376 l2vpn-18, 24 October 2021, 377 . 380 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 381 Requirement Levels", BCP 14, RFC 2119, 382 DOI 10.17487/RFC2119, March 1997, 383 . 385 [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation 386 Element (PCE) Communication Protocol (PCEP)", RFC 5440, 387 DOI 10.17487/RFC5440, March 2009, 388 . 390 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 391 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 392 May 2017, . 394 [RFC8231] Crabbe, E., Minei, I., Medved, J., and R. Varga, "Path 395 Computation Element Communication Protocol (PCEP) 396 Extensions for Stateful PCE", RFC 8231, 397 DOI 10.17487/RFC8231, September 2017, 398 . 400 [RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, 401 "PCEPS: Usage of TLS to Provide a Secure Transport for the 402 Path Computation Element Communication Protocol (PCEP)", 403 RFC 8253, DOI 10.17487/RFC8253, October 2017, 404 . 406 [RFC8281] Crabbe, E., Minei, I., Sivabalan, S., and R. Varga, "Path 407 Computation Element Communication Protocol (PCEP) 408 Extensions for PCE-Initiated LSP Setup in a Stateful PCE 409 Model", RFC 8281, DOI 10.17487/RFC8281, December 2017, 410 . 412 [RFC8955] Loibl, C., Hares, S., Raszuk, R., McPherson, D., and M. 413 Bacher, "Dissemination of Flow Specification Rules", 414 RFC 8955, DOI 10.17487/RFC8955, December 2020, 415 . 417 [RFC9168] Dhody, D., Farrel, A., and Z. Li, "Path Computation 418 Element Communication Protocol (PCEP) Extension for Flow 419 Specification", RFC 9168, DOI 10.17487/RFC9168, January 420 2022, . 422 8.2. Informative References 424 [I-D.hares-idr-flowspec-v2] 425 Hares, S., Eastlake, D., Yadlapalli, C., and S. Maduschke, 426 "BGP Flow Specification Version 2", Work in Progress, 427 Internet-Draft, draft-hares-idr-flowspec-v2-05, 4 February 428 2022, . 431 [RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path 432 Computation Element (PCE)-Based Architecture", RFC 4655, 433 DOI 10.17487/RFC4655, August 2006, 434 . 436 [RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of 437 BGP, LDP, PCEP, and MSDP Issues According to the Keying 438 and Authentication for Routing Protocols (KARP) Design 439 Guide", RFC 6952, DOI 10.17487/RFC6952, May 2013, 440 . 442 [RFC7399] Farrel, A. and D. King, "Unanswered Questions in the Path 443 Computation Element Architecture", RFC 7399, 444 DOI 10.17487/RFC7399, October 2014, 445 . 447 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 448 Code: The Implementation Status Section", BCP 205, 449 RFC 7942, DOI 10.17487/RFC7942, July 2016, 450 . 452 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 453 Writing an IANA Considerations Section in RFCs", BCP 26, 454 RFC 8126, DOI 10.17487/RFC8126, June 2017, 455 . 457 [RFC8283] Farrel, A., Ed., Zhao, Q., Ed., Li, Z., and C. Zhou, "An 458 Architecture for Use of PCE and the PCE Communication 459 Protocol (PCEP) in a Network with Central Control", 460 RFC 8283, DOI 10.17487/RFC8283, December 2017, 461 . 463 [RFC8664] Sivabalan, S., Filsfils, C., Tantsura, J., Henderickx, W., 464 and J. Hardwick, "Path Computation Element Communication 465 Protocol (PCEP) Extensions for Segment Routing", RFC 8664, 466 DOI 10.17487/RFC8664, December 2019, 467 . 469 Appendix A. Contributors 471 Shankara 472 Huawei Technologies 473 Divyashree Techno Park, 474 Whitefield Bangalore, 475 Karnataka 476 560066 477 India 479 Email: shankara@huawei.com 481 Qiandeng Liang 482 Huawei Technologies 483 101 Software Avenue, 484 Yuhuatai District 485 Nanjing 486 210012 487 China 488 Email: liangqiandeng@huawei.com 490 Cyril Margaria 491 Juniper Networks 492 200 Somerset Corporate Boulevard, Suite 4001 493 Bridgewater, NJ 494 08807 495 USA 497 Email: cmargaria@juniper.net 499 Colby Barth 500 Juniper Networks 501 200 Somerset Corporate Boulevard, Suite 4001 502 Bridgewater, NJ 503 08807 504 USA 506 Email: cbarth@juniper.net 508 Xia Chen 509 Huawei Technologies 510 Huawei Bld., No.156 Beiqing Rd. 511 Beijing 512 100095 513 China 515 Email: jescia.chenxia@huawei.com 517 Shunwan Zhuang 518 Huawei Technologies 519 Huawei Bld., No.156 Beiqing Rd. 520 Beijing 521 100095 522 China 524 Email: zhuangshunwan@huawei.com 526 Cheng Li 527 Huawei Technologies 528 Huawei Campus, No. 156 Beiqing Rd. 529 Beijing 100095 530 China 532 Email: c.l@huawei.com 534 Authors' Addresses 536 Dhruv Dhody 537 Huawei Technologies 538 Divyashree Techno Park, Whitefield 539 Bangalore, Karnataka 560066 540 India 541 Email: dhruv.ietf@gmail.com 543 Adrian Farrel 544 Old Dog Consulting 545 Email: adrian@olddog.co.uk 547 Zhenbin Li 548 Huawei Technologies 549 Huawei Bld., No.156 Beiqing Rd. 550 Beijing 551 100095 552 China 553 Email: lizhenbin@huawei.com