A stateful Path Computation Element (PCE) retains information about the placement of Multiprotocol Label Switching (MPLS) Traffic Engineering Label Switched Paths (TE LSPs). When a PCE has stateful control over LSPs, it may send indications to LSP head-ends to modify the attributes (especially the paths) of the LSPs. A Path Computation Client (PCC) that has set up LSPs under local configuration may delegate control of those LSPs to a stateful PCE. There are use cases in which a stateful PCE may wish to obtain control of locally configured LSPs that it is aware of but have not been delegated to the PCE. This document describes an extension to the Path Computation Element Communication Protocol (PCEP) to enable a PCE to make requests for such control.

This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8741.

Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

"Path Computation Element Communication Protocol (PCEP) Extensions for Stateful PCE" [RFC 8231] specifies a set of extensions to PCEP [RFC 5440] to enable stateful control of Traffic Engineering Label Switched Paths (TE LSPs) between and across PCEP sessions in compliance with [RFC 4657]. It includes mechanisms to synchronize LSP state between Path Computation Clients (PCCs) and PCEs, delegate control of LSPs to PCEs, and allow PCEs to control the timing and sequence of path computations within and across PCEP sessions. The stateful PCEP defines the following two useful network operations:

Delegation:

As per [RFC 8051], an operation to grant a PCE temporary rights to modify a subset of LSP parameters on one or more LSPs of a PCC. LSPs are delegated from a PCC to a PCE and are referred to as "delegated" LSPs.

Revocation:

As per [RFC 8231], an operation performed by a PCC on a previously delegated LSP. Revocation revokes the rights granted to the PCE in the delegation operation.

For redundant stateful PCEs (Section 5.7.4 of RFC 8231), during a PCE failure, one of the redundant PCEs might want to request to take control over an LSP. The redundant PCEs may use a local policy or a proprietary election mechanism to decide which PCE would take control. In this case, a mechanism is needed for a stateful PCE to request control of one or more LSPs from a PCC so that a newly elected primary PCE can request to take over control. In case of virtualized PCEs (vPCEs) running in virtual network function (VNF) mode, as the computation load in the network increases, a new instance of vPCE could be instantiated to balance the current load. The PCEs could use a proprietary algorithm to decide which LSPs can be assigned to the new vPCE. Thus, having a mechanism for the PCE to request control of some LSPs is needed. In some deployments, the operator would like to use stateful PCE for global optimization algorithms but would still like to keep the control of the LSP at the PCC. In such cases, a stateful PCE could request to take control during the global optimization and return the delegation once done. Note that [RFC 8231] specifies a mechanism for a PCC to delegate an orphaned LSP to another PCE. The mechanism defined in this document can be used in conjunction with [RFC 8231]. Ultimately, it is the PCC that decides which PCE to delegate the orphaned LSP to. This specification provides a simple extension that allows a PCE to request control of one or more LSPs from any PCC over the stateful PCEP session. The procedures for granting and relinquishing control of the LSPs are specified in accordance with [RFC 8231] unless explicitly set aside in this document.

This document uses the following terms defined in [RFC 5440]:

PCC:

Path Computation Client

PCE:

Path Computation Element

PCEP:

Path Computation Element communication Protocol

This document uses the following terms defined in [RFC 8231]:

PCRpt:

Path Computation State Report message

PCUpd:

Path Computation Update Request message

PLSP-ID:

A PCEP-specific identifier for the LSP

SRP:

Stateful PCE Request Parameters

Readers of this document are expected to have some familiarity with [RFC 8231].

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC 2119] [RFC 8174] when, and only when, they appear in all capitals, as shown here.

The Stateful PCE Request Parameters (SRP) object is defined in Section 7.2 of RFC 8231 and includes a Flags field. A new "LSP Control Request" flag (30), also called the C flag, is introduced in the SRP object. In a PCUpd message, a PCE sets the C flag to 1 to indicate that it wishes to gain control of LSPs. The LSPs are identified by the PLSP-ID in the LSP object following the SRP object. A PLSP-ID value other than 0 and 0xFFFFF is used to identify the LSP for which the PCE requests control. A PLSP-ID value of 0 indicates that the PCE is requesting control of all LSPs originating from the PCC that it wishes to delegate. The C flag has no meaning in other PCEP messages that carry SRP objects and for which the C flag MUST be set to 0 on transmission and MUST be ignored on receipt. The C flag is ignored in case the R flag [RFC 8281] in the SRP object is set.

During normal operation, a PCC that wishes to delegate the control of an LSP sets the Delegate (D) flag (Section 7.3 of RFC 8231) to 1 in all PCRpt messages pertaining to the LSP. The PCE confirms the delegation by setting the D flag to 1 in all PCUpd messages pertaining to the LSP. The PCC revokes the control of the LSP from the PCE by setting the D flag to 0 in PCRpt messages pertaining to the LSP. If the PCE wishes to relinquish the control of the LSP, it sets the D flag to 0 in all PCUpd messages pertaining to the LSP. If a PCE wishes to gain control over an LSP, it sends a PCUpd message with the C flag set to 1 in the SRP object. The LSP for which the PCE requests control is identified by the PLSP-ID in the associated LSP object. A PLSP-ID value of 0 indicates that the PCE wants control over all LSPs originating from the PCC. An implementation of this feature needs to make sure to check for the LSP control feature (C flag set to 1) before any check for PLSP-ID (as per [RFC 8231]). The D flag and C flag are mutually exclusive in a PCUpd message. The PCE MUST NOT send a control request for the LSP that is already delegated to the PCE, i.e., if the D flag is set in the PCUpd message, then the C flag MUST NOT be set. If a PCC receives a PCUpd message with the D flag set in the LSP object (i.e., LSP is already delegated) and the C flag is also set (i.e., PCE is making a control request), the PCC MUST ignore the C flag. A PCC can decide to delegate the control of the LSP at its own discretion. If the PCC grants or denies the control, it sends a PCRpt message with the D flag set to 1 and 0, respectively, in accordance with stateful PCEP [RFC 8231]. If the PCC does not grant the control, it MAY choose to not respond, and the PCE MAY choose to retry requesting the control, preferably using an exponentially increasing timer. Note that, if the PCUpd message with the C flag set is received for a currently non-delegated LSP (for which the PCE is requesting delegation), this MUST NOT trigger the error handling as specified in [RFC 8231] (a PCErr with Error-type=19 (Invalid Operation) and error-value 1 (Attempted LSP Update Request for a non-delegated LSP)). As per [RFC 8231], a PCC cannot delegate an LSP to more than one PCE at any time. If a PCE requests control of an LSP that has already been delegated by the PCC to another PCE, the PCC MAY ignore the request or MAY revoke the delegation to the first PCE before delegating it to the second. This choice is a matter of local policy. It should be noted that a legacy implementation of PCC that does not support this extension may receive an LSP control request: a PCUpd message with the C flag set and the D flag unset. The legacy implementation would ignore the C flag and trigger the error condition for the D flag, as specified in [RFC 8231] (i.e., a PCErr with Error-type=19 (Invalid Operation) and error-value 1 (Attempted LSP Update Request for a non-delegated LSP)). Further, in case of a PLSP-ID value of 0, the error condition, as specified in [RFC 8231], (i.e., a PCErr with Error-type=19 (Invalid Operation) and error-value 3 (Attempted LSP Update Request for an LSP identified by an unknown PLSP-ID)) would be triggered. [RFC 8281] describes the setup, maintenance, and teardown of PCE-initiated LSPs under the stateful PCE model. It also specifies how a PCE may obtain control over an orphaned LSP that was PCE-initiated. A PCE implementation can apply the mechanism described in this document in conjunction with those in [RFC 8281].

The security considerations listed in [RFC 8231] and [RFC 8281] apply to this document as well. However, this document also introduces a new attack vector. An attacker may flood the PCC with requests to delegate all of its LSPs at a rate that exceeds the PCC's ability to process them, either by spoofing messages or by compromising the PCE itself. The PCC SHOULD be configured with a threshold rate for the delegation requests received from the PCE. If the threshold is reached, it is RECOMMENDED to log the issue. A PCC is the ultimate arbiter of delegation. As per [RFC 8231], a local policy at the PCC is used to influence the delegation. A PCC can also revoke the delegation at any time. A PCC need not blindly trust the control requests and SHOULD take local policy and other factors into consideration before honoring the request. Note that a PCE may not be sure if a PCC supports this feature. A PCE would try sending a control request to a 'legacy' PCC that would in turn respond with an error, as described in Section 4. So, a PCE would learn this fact only when it wants to take control over an LSP. A PCE might also be susceptible to downgrade attacks by falsifying the error condition. As per [RFC 8231], it is RECOMMENDED that these PCEP extensions only be activated on authenticated and encrypted sessions across PCEs and PCCs belonging to the same administrative authority, using Transport Layer Security (TLS) [RFC 8253], as per the recommendations and best current practices in BCP 195 [RFC 7525] (unless explicitly excluded in [RFC 8253]).

IANA has allocated the following code point in the "SRP Object Flag Field" subregistry in the "Path Computation Element Protocol (PCEP) Numbers" registry. Table 1

All manageability requirements and considerations listed in [RFC 5440] and [RFC 8231] apply to PCEP extensions defined in this document. In addition, requirements and considerations listed in this section apply.

A PCC implementation SHOULD allow the operator to configure the policy rules that specify the conditions under which it honors the request to control the LSPs. This includes the handling of the case where an LSP control request is received for an LSP that is currently delegated to some other PCE. A PCC implementation SHOULD also allow the operator to configure the threshold rate for the delegation requests received from the PCE. Further, the operator MAY be allowed to trigger the LSP control request for a particular LSP at the PCE. A PCE implementation SHOULD also allow the operator to configure an exponentially increasing timer to retry the control requests for which the PCE did not get a response.

The PCEP YANG module [PCEP-YANG] could be extended to include a mechanism to trigger the LSP control request.

Mechanisms defined in this document do not imply any new liveness detection and monitoring requirements in addition to those already listed in [RFC 5440].

Mechanisms defined in this document do not imply any new operation verification requirements in addition to those already listed in [RFC 5440] and [RFC 8231].

Mechanisms defined in this document do not imply any new requirements on other protocols.

Mechanisms defined in [RFC 5440] and [RFC 8231] also apply to PCEP extensions defined in this document. Further, the mechanism described in this document can help the operator to request control of the LSPs at a particular PCE.

[RFC2119]

S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.

[RFC5440]

JP. Vasseur, and JL. Le Roux, "Path Computation Element (PCE) Communication Protocol (PCEP)", RFC 5440, DOI 10.17487/RFC5440, March 2009,
<https://www.rfc-editor.org/info/rfc5440>.

[RFC8174]

B. Leiba, "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017,
<https://www.rfc-editor.org/info/rfc8174>.

[RFC8231]

E. Crabbe, I. Minei, J. Medved, and R. Varga, "Path Computation Element Communication Protocol (PCEP) Extensions for Stateful PCE", RFC 8231, DOI 10.17487/RFC8231, September 2017,
<https://www.rfc-editor.org/info/rfc8231>.

[RFC8281]

E. Crabbe, I. Minei, S. Sivabalan, and R. Varga, "Path Computation Element Communication Protocol (PCEP) Extensions for PCE-Initiated LSP Setup in a Stateful PCE Model", RFC 8281, DOI 10.17487/RFC8281, December 2017,
<https://www.rfc-editor.org/info/rfc8281>.

[PCEP-YANG]

D Dhody, J Hardwick, V Beeram, and J Tantsura, "A YANG Data Model for Path Computation Element Communications Protocol (PCEP)", Internet-Draft draft-ietf-pce-pcep-yang-13, October 2019,
<https://tools.ietf.org/html/draft-ietf-pce-pcep-yang-13>.

[RFC4657]

J. Ash, and J.L. Le Roux, "Path Computation Element (PCE) Communication Protocol Generic Requirements", RFC 4657, DOI 10.17487/RFC4657, September 2006,
<https://www.rfc-editor.org/info/rfc4657>.

[RFC7525]

Y. Sheffer, R. Holz, and P. Saint-Andre, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May 2015,
<https://www.rfc-editor.org/info/rfc7525>.

[RFC8051]

X. Zhang, and I. Minei, "Applicability of a Stateful Path Computation Element (PCE)", RFC 8051, DOI 10.17487/RFC8051, January 2017,
<https://www.rfc-editor.org/info/rfc8051>.

[RFC8253]

D. Lopez, O. Gonzalez de Dios, Q. Wu, and D. Dhody, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)", RFC 8253, DOI 10.17487/RFC8253, October 2017,
<https://www.rfc-editor.org/info/rfc8253>.

Thanks to Jonathan Hardwick for reminding the authors to not use suggested values in IANA section. Thanks to Adrian Farrel, Haomian Zheng, and Tomonori Takeda for their valuable comments. Thanks to Shawn M. Emery for his Security Directorate review. Thanks to Francesca Palombini for GENART review. Thanks to Benjamin Kaduk, Martin Vigoureux, Alvaro Retana, and Barry Leiba for IESG reviews.

The following people contributed substantially to the content of this document and should be considered coauthors:

Dhruv Dhody

Jon Parker

Chaitanya Yadlapalli

Aswatnarayan Raghuram

Al Goddard

Jay Karthik

Siva Sivabalan

Mahendra Singh Negi