Path Computation Element Communication Protocol (PCEP) extensions for Circuit Style Policies

Path Computation Element Communication Protocol (PCEP) extensions for Circuit Style Policies Cisco Systems, Inc.

Eurovea Central 3. Bratislava 811 09 Slovakia ssidor@cisco.com

Airtel India

Praveen.Maheshwari@airtel.com

Nokia

andrew.stone@nokia.com

Verizon

luay.jalil@verizon.com

Huawei Technologies

pengshuping@huawei.com

PCE Working Group Segment Routing (SR) enables a node to steer packet flows along a specified path without the need for intermediate per-path states, due to the utilization of source routing. An SR Policy can consist of one or a set of candidate paths, where each candidate path is represented by a segment list or a set of segment lists, which are essentially instructions that define a source-routed path. This document specifies a set of extensions to the Path Computation Element Communication Protocol (PCEP) for Segment Routing Policies that are designed to satisfy requirements for connection-oriented transport services (Circuit-Style SR policies). They include the ability to control path modification and the option to request a strict hop-by-hop path, being also applicable for generic SR policy use cases where controlling path modification or deterministic and persistent path requirements are applicable.

Introduction Segment Routing (SR) leverages source routing, where the sender of a packet defines the path that the packet takes through the network. This is achieved by encoding the path information as a sequence of segments within the packet header. A segment is an instruction defined in . SR can be applied to both MPLS and IPv6 data planes, providing a flexible and scalable method for traffic engineering. The Path Computation Element (PCE) is a network component, application, or node that is capable of computing a network path or route based on a network graph and applying computational constraints. The PCE Communication Protocol (PCEP) enables communication between a PCE and Path Computation Clients (PCCs), facilitating the computation of optimal paths for traffic flows. introduces the concept of Segment Routing Policy (SR Policy), which is one or a set of candidate paths that can be used to steer traffic through a network. Each candidate path is represented by a segment list or a set of segment lists, and the path can be dynamically adjusted based on network conditions and requirements. In connection-oriented transport services, such as those described in , there is a need for path persistency and per-hop behavior for PCE-computed paths. This ensures that the paths remain stable and predictable, which is crucial for services that require high reliability and performance guarantees. To support the requirements of connection-oriented transport services, this document specifies extensions to PCEP to enable the use of Circuit Style Policies . These extensions allow for the request of strict hop-by-hop paths from the PCE, the encoding of information to disable path modification for specific paths, and the clarification of the usage of existing flags within PCEP messages. The PCEP extensions described in this document are designed to be compatible with any Path Setup Type and are not limited to Circuit Style SR policies, ensuring broad applicability across different network environments and use cases.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Terminology This document uses the following term defined in :

Label Switched Path (LSP)

Note: The base PCEP specification originally defined the use of the PCE architecture for MPLS and GMPLS networks with LSPs instantiated using the RSVP-TE signaling protocol. Over time, support for additional path setup types such as SRv6 has been introduced . The term "LSP" is used extensively in PCEP specifications, and in the context of this document, refers to a Candidate Path within an SR Policy, which may be an SRv6 path (still represented using the LSP object as specified in ). This document uses the following terms defined in :

Path Computation State Report (PCRpt)
Path Computation Update (PCUpd)
Path Computation Initiate (PCInitiate)

This document uses the following terms defined in :

Explicit Route Object (ERO)
LSP Attributes (LSPA)
Path Computation Client (PCC)
Path Computation Element (PCE)
Path Computation Element Protocol (PCEP)
PCEP Peer
PCEP speaker

This document uses the following terms defined in :

Segment Routing (SR)
Segment Identifier (SID)

This document uses the following term defined in :

SR Policy

This document defines the following terms:

Circuit Style (CS) SR Policy: An SR Policy designed to satisfy requirements for connection-oriented transport services. CS SR Policies are characterized by path persistency (where the path should remain stable unless explicitly changed or becomes invalid) and may require strict hop-by-hop path construction. Further details on CS SR Policies are described in .
Path Modification: Refers to the PCE instructing the PCC, via a PCUpd message, to use a path whose set of traversed network hops differs from the current path. A PCUpd message that changes only the attributes or re-encodes the same hop sequence (e.g., alternative SID representation) is not considered a path modification.

PCEP Extensions This section specifies the PCEP extensions that enable a PCC and PCE to support CS SR policies. These extensions build on the base PCEP and the Stateful PCE extensions . The mechanisms defined here allow a PCC or PCE to:

Indicate the requirement for strict hop-by-hop paths,
Signal path persistency by disabling path modification for specific paths, and
Identify and control behavior specific to CS SR policies.

Unless explicitly stated, the procedures of existing PCEP messages and objects remain unchanged. The following subsections describe the specific object formats, TLVs, and flag definitions introduced to realize this functionality.

New Flags in STATEFUL-PCE-CAPABILITY TLV The STATEFUL-PCE-CAPABILITY TLV is an optional TLV introduced in in the OPEN object for stateful PCEP peer capability advertisement. Details on the IANA registry are listed in . This document defines the following new flags in that TLV:

STRICT-PATH-CAPABILITY - 1 bit (Bit Position 18) - If set to 1, it indicates support for the O-bit (Strict-Path) in LSP-EXTENDED-FLAG TLV. See for details.
PATH-MODIFICATION-CAPABILITY - 1 bit (Bit Position 19) - If set to 1, it indicates support for PATH-MODIFICATION TLV. See for details.

New Flag in the LSP-EXTENDED-FLAG TLV The LSP-EXTENDED-FLAG TLV was introduced in . Details on the IANA registry are listed in . This document defines the following new flag bit in the LSP-EXTENDED-FLAG TLV:

O-bit (Strict-Path) - 1 bit (Bit Position 4): If set to 1, this indicates to the PCE that a path exclusively made of strict hops is required. The strict hop definition is described in .

PATH-MODIFICATION TLV This document defines a new TLV for the LSPA Object for encoding information whether path modification is allowed for a delegated LSP. The PATH-MODIFICATION TLV is optional. If the TLV is included in the LSPA object, the PCE MUST NOT modify the path in the cases specified by flags in the TLV. Only the first instance of this TLV MUST be processed; subsequent instances MUST be ignored.

Type (16 bits): 72. Length (16 bits): 4.

Reserved (16 bits):

This field MUST be set to zero on transmission and MUST be ignored on receipt.

Flags (16 bits):

This document defines the following flag bits. The other bits MUST be set to zero by the sender and MUST be ignored by the receiver.

P-bit (Permanent): If set to 1, the PCE MUST NOT modify the path even if the current path does not satisfy path computation constraints. If this flag is cleared, then the PCE MAY modify the path according to local policy if the original path is invalidated. When the F-bit is set to 1, the P-bit value MUST be ignored.
F-bit (Force): If set to 1, the PCE MUST NOT modify the path (exceptions description in ). If the F-bit is cleared, the PCE MAY update the path based on an explicit request from the operator.

Operation

Strict Path Enforcement The STRICT-PATH-CAPABILITY flag in the STATEFUL-PCE-CAPABILITY TLV MUST be set to 1 by both PCEP speakers during the PCEP session establishment to support strict hop-by-hop path enforcement. The O-bit (defined in ) MUST NOT be set to 1 if the STRICT-PATH-CAPABILITY flag was not set to 1 by both PCEP speakers. If the PCEP peer received LSP-EXTENDED-FLAG TLV with the O-bit set to 1, but it does not support that capability, it MUST send PCErr with Error-Type = 2 (Capability not supported). To indicate that a path exclusively made of strict hops is required, the PCC sets the O-bit to 1 in the LSP-EXTENDED-FLAG TLV in a PCRpt message sent to the PCE. The O-bit set to 0 or LSP-EXTENDED-FLAG TLV not included indicates that a non-strictly hop-by-hop path is acceptable. For PCE-initiated LSPs, the PCE MAY set the O-bit to 1 in PCInitiate or PCUpd messages. If the PCE sets the O-bit to 1, the PCC MUST also set the O-bit to 1 in the LSP-EXTENDED-FLAG TLV in the corresponding PCRpt messages. For PCC-initiated LSPs, if the PCC requested a strict path (by setting the O-bit to 1 in the PCRpt message), the PCE MUST set the O-bit to 1 in the corresponding PCUpd message. Even if the PCC did not request a strict path, the PCE MAY set the O-bit to 1 in the PCUpd message if the computed path is a strict hop-by-hop path. The flag is applicable only for stateful messages. The existing O-bit in Request Parameters (RP) object can be used to indicate similar behavior in PCReq and PCRep messages as described in . For RSVP-TE, already defines the strict/loose indication for stateless PCEP; this document extends a corresponding indication to stateful messages via the LSP-EXTENDED-FLAG TLV. If the O-bit is set to 1 (either in the LSP-EXTENDED-FLAG TLV for stateful messages or in the RP object for stateless messages) for SR paths introduced in , the PCE MUST use only Segment Identifiers (SIDs) that explicitly specify adjacencies for packet forwarding. Adjacency SIDs SHOULD be used, but Prefix SIDs MUST NOT be used (even if there is only one adjacency).

Path Modification Control A PCC MAY set flags in PATH-MODIFICATION TLV to control path modification behavior on the PCE side. If the PATH-MODIFICATION TLV is not included, then the PCE MAY use local policy to trigger path computation or LSP path update. If a PCEP speaker does not recognize the PATH-MODIFICATION TLV, it MUST ignore the TLV based on . If a PCEP speaker recognizes the TLV but does not support the TLV, it MUST send PCErr with Error-Type = 2 (Capability not supported). The LSP path MAY be modified, if the change results in a semantically equivalent path representation (e.g., a different SID list) that preserves the exact sequence of traversed network links. If the same path can be encoded using Adjacency, Binding, Prefix, or other SIDs, then PCE MAY switch between various representations of the same path. The PATH-MODIFICATION TLV defines the path modification behavior for an LSP. It is important to note that regardless of the flag settings described below, a PCE can always initiate an update to tear down the LSP (e.g., by sending a PCUpd message with an empty ERO) or to bring it up again with the same path it had before being torn down. The P-bit and F-bit specifically restrict the PCE's ability to initiate a path modification:

TLV present, P=0, F=0:

The PCE MUST NOT modify the path in response to various triggers (E.g. topology updates, periodic reoptimization timers, or changes in the state of other LSPs) if the current path remains valid and meets all constraints (e.g. it is not the most optimal path, but it is still valid and satisfies all constraints including bounds). However, the PCE MAY modify the path if:

The current path is invalidated (e.g., due to a topology change that makes it non-compliant with LSP constraints).
An operator explicitly triggers a path modification via an implementation-specific mechanism (e.g., a Command Line Interface (CLI) or a dedicated Application Programming Interface (API) on the PCE).

P-bit set (P=1) and F-bit cleared (F=0):

The PCE MUST NOT modify the path due to network or optimization triggers, even if the path becomes invalidated or no longer satisfies its constraints. A path modification MAY be initiated if explicitly triggered by an operator.

F-bit set (F=1):

The PCE MUST NOT modify the path for any reason, including in response to an explicit operator trigger.

A PCE includes the PATH-MODIFICATION TLV in PCInitiate and PCUpd messages to define which triggers will be disabled for an LSP. When a PCC receives and applies behavior specified by flags in the TLV, it MUST reflect the active flag values in the PATH-MODIFICATION TLV of its PCRpt messages for that LSP. By including this TLV, the PCC ensures that the LSP's path modification policy is consistently communicated to all connected PCEs. When a PCC receives a PCUpd message with a path modification for an LSP, where such a modification is blocked by flags in the PATH-MODIFICATION TLV (e.g., the F-bit is set to 1), it MUST reject the update and maintain the existing path for the LSP.The PCC MUST also send a PCErr message to the PCE with Error-Type=19 ("Invalid Operation") and Error-Value=TBD1 ("Path modification is blocked by constraint").

All manageability requirements and considerations listed in , and apply to PCEP protocol extensions defined in this document. In addition, the requirements and considerations listed in this section apply.

A PCE or PCC implementation SHOULD allow the capability of supporting PCEP extensions introduced in this document to be enabled/disabled as part of the global configuration. When path modification is restricted (e.g., when the P-bit is set to 1 and F-bit is set to 0), the PCE relies on an explicit operator trigger to modify the path if it becomes invalid. Therefore, a PCE implementation SHOULD provide a mechanism to allow an operator to explicitly trigger path modification for a specific LSP.

An implementation SHOULD allow an operator to view the PCEP peer capability defined in this document. A YANG data model specification augmenting the model defined in Sections 4.1 and 4.1.1 of SHOULD include that capability for the PCEP peer. A YANG data model specification augmenting the module defined in SHOULD add a notification for blocked path modification that satisfies specified constraints if path modification is blocked using the PATH-MODIFICATION TLV.

Circuit-Style Policy describes connectivity verification and path validity considerations for Circuit Style Policies.

A PCE implementation SHOULD allow the operator to monitor LSPs for which the PCE has determined that the current path no longer satisfies the specified constraints but path modification is blocked by the PATH-MODIFICATION TLV, for example via YANG notifications or the YANG data model described in .

The PCEP extensions defined in this document do not imply any new requirements on other protocols. The overall concept of Circuit Style policies requires interaction with other protocols, but those requirements are described in .

The mechanisms defined in , , and also apply to the PCEP extensions defined in this document.

[Note to the RFC Editor - remove this section before publication, as well as remove the reference to RFC 7942.] This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in . The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. According to , "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

Organization: Cisco Systems
Implementation: IOS-XR PCC and PCE.
Description: PCEP extensions supported using VENDOR-INFORMATION Object.
Maturity Level: Production.
Coverage: Partial.
Contact: ssidor@cisco.com

The security considerations described in , , , and are applicable to this document. Note that this specification introduces the possibility to block path modification after various topology events. This creates an additional vulnerability if the security mechanisms of , , and are not used. If there is no integrity protection on the session, then an attacker could block path updates from PCE potentially resulting in a traffic drop. As per , it is RECOMMENDED that these PCEP extensions can only be activated on authenticated and encrypted sessions across PCEs and PCCs belonging to the same administrative authority, using Transport Layer Security (TLS) as per the recommendations and best current practices in . In particular, the integrity protection provided by TLS mitigates the attack described above where an attacker could manipulate path modification constraints to cause a traffic disruption.

IANA Considerations IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" registry at .

STATEFUL-PCE-CAPABILITY defines the STATEFUL-PCE-CAPABILITY. IANA is requested to confirm the following allocations within the "STATEFUL-PCE-CAPABILITY TLV Flag Field" registry () of the "Path Computation Element Protocol (PCEP) Numbers" registry group:

Bit	Description	Reference
18	STRICT-PATH-CAPABILITY	This document
19	PATH-MODIFICATION-CAPABILITY	This document

LSP-EXTENDED-FLAG TLV defines the LSP-EXTENDED-FLAG TLV. IANA is requested to confirm the following allocation within the "LSP-EXTENDED-FLAG TLV Flag Field" registry () of the "Path Computation Element Protocol (PCEP) Numbers" registry group:

Bit	Description	Reference
4	Strict-Path Flag (O)	This document

PATH-MODIFICATION TLV IANA is requested to confirm the following allocation within the "PCEP TLV Type Indicators" registry () of the "Path Computation Element Protocol (PCEP) Numbers" registry group:

TLV Type	TLV Name	Reference
72	PATH-MODIFICATION TLV	This document

PATH-MODIFICATION TLV Flag Field IANA is requested to create a new registry named "PATH-MODIFICATION TLV Flag Field" within the "Path Computation Element Protocol (PCEP) Numbers" registry group. Values are to be assigned by "IETF Review" . Each bit should be tracked with the following qualities:

Bit number (count from 0 as the most significant bit)
Description
Reference

The registry contains the following codepoints, with initial values, to be assigned by IANA with the reference set to this document:

Bit	Description	Reference
0-13	Unassigned
14	Permanent (P)	This document
15	Force (F)	This document

IANA is requested to allocate new error types and error values within the "PCEP-ERROR Object Error Types and Values" sub-registry () of the PCEP Numbers registry for the following errors.

Error-Type	Meaning	Error-Value	Reference
19	Invalid Operation	TBD1:Path modification is blocked by constraint	This Document

References Normative References Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are used to protect data exchanged over a wide range of application protocols and can also form the basis for secure transport protocols. Over the years, the industry has witnessed several serious attacks on TLS and DTLS, including attacks on the most commonly used cipher suites and their modes of operation. This document provides the latest recommendations for ensuring the security of deployed services that use TLS and DTLS. These recommendations are applicable to the majority of use cases. RFC 7525, an earlier version of the TLS recommendations, was published when the industry was transitioning to TLS 1.2. Years later, this transition is largely complete, and TLS 1.3 is widely available. This document updates the guidance given the new environment and obsoletes RFC 7525. In addition, this document updates RFCs 5288 and 6066 in view of recent attacks. Updates for PCEPS: TLS Connection Establishment Restrictions Huawei sn3rd Vigil Security, LLC Section 3.4 of RFC 8253 specifies TLS connection establishment restrictions for PCEPS; PCEPS refers to usage of TLS to provide a secure transport for PCEP (Path Computation Element Communication Protocol). This document adds restrictions to specify what PCEPS implementations do if they support more than one version of the TLS protocol and to restrict the use of TLS 1.3's early data. Informative References

Contributors Bell Canada

daniel.voyer@bell.ca

Ciena

rrokui@ciena.com

Cisco Systems, Inc.

tsaad.net@gmail.com

Cisco Systems, Inc.

zali@cisco.com

ZTE Corporation

chen.ran@zte.com.cn

ZTE Corporation

xiong.quan@zte.com.cn

Huawei

dhruv.ietf@gmail.com

Cisco Systems, Inc.

cschmutz@cisco.com

Acknowledgements The authors would like to thank Dhruv Dhody for shepherding this document, Ketan Talaulikar for the AD review, and Cheng Li, Luis Contreras, Mach Chen, and Mohamed Boucadair for their review comments.