Internet-Draft | PCECC-SRv6 | August 2023 |
Li, et al. | Expires 14 February 2024 | [Page] |
The PCE is a core component of Software-Defined Networking (SDN) systems. A PCE-based Central Controller (PCECC) can simplify the processing of a distributed control plane by blending it with elements of SDN without necessarily completely replacing it.¶
Segment Routing (SR) technology leverages the source routing and tunneling paradigms. Each path is specified as a set of "segments" encoded in the header of each packet as a list of Segment Identifiers (SIDs).¶
This document specifies the procedures and Path Computation Element Communication Protocol (PCEP) extensions when a PCE-based controller is also responsible for configuring the forwarding actions on the routers, in addition to computing the paths for packet flows in the SRv6 (SR in IPv6) network and telling the edge routers what instructions to attach to packets as they enter the network. PCECC is further enhanced for SRv6 SID allocation and distribution.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 14 February 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The PCE [RFC4655] was developed to offload the path computation function from routers in an MPLS traffic-engineered (TE) network. It can compute optimal paths for traffic across a network and can also update the paths to reflect changes in the network or traffic demands. Since then, the role and function of the PCE have grown to cover a number of other uses (such as GMPLS [RFC7025]) and to allow delegated control [RFC8231] and PCE-initiated use of network resources [RFC8281].¶
According to [RFC7399], Software-Defined Networking (SDN) refers to a separation between the control elements and the forwarding components so that software running in a centralized system, called a controller, can act to program the devices in the network to behave in specific ways. A required element in an SDN architecture is a component that plans how the network resources will be used and how the devices will be programmed. It is possible to view this component as performing specific computations to place traffic flows within the network given knowledge of the availability of network resources, how other forwarding devices are programmed, and the way that other flows are routed. This is the function and purpose of a PCE, and the way that a PCE integrates into a wider network control system (including an SDN system) is presented in [RFC7491].¶
In early PCE implementations, where the PCE was used to derive paths for MPLS Label Switched Paths (LSPs), paths were requested by network elements (known as Path Computation Clients (PCCs)), and the results of the path computations were supplied to network elements using the PCE Communication Protocol (PCEP) [RFC5440]. This protocol was later extended to allow a PCE to send unsolicited requests to the network for LSP establishment [RFC8281].¶
[RFC8283] introduces the architecture for PCE as a central controller (PCECC) as an extension of the architecture described in [RFC4655] and assumes the continued use of PCEP as the protocol used between PCE and PCC. [RFC8283] further examines the motivations and applicability for PCEP as a Southbound Interface (SBI), and introduces the implications for the protocol. [I-D.ietf-teas-pcecc-use-cases] describes the use cases for the PCECC architecture.¶
[RFC9050] specify the procedures and PCEP extensions for using the PCE as the central controller for static LSPs, where LSPs can be provisioned as explicit label instructions at each hop on the end-to-end path.¶
Segment Routing (SR) technology leverages the source routing and tunneling paradigms. A source node can choose a path without relying on hop-by-hop signaling protocols such as LDP or RSVP-TE. Each path is specified as a set of "segments" advertised by link-state routing protocols (IS-IS or OSPF). [RFC8402] provides an introduction to the SR architecture. The corresponding IS-IS and OSPF extensions are specified in [RFC8667] and [RFC8665], respectively. It relies on a series of forwarding instructions being placed in the header of a packet in the form of a list of segments forming the path, called the Segment List. Segment Routing can be applied to the IPv6 architecture with the Segment Routing Header (SRH) [RFC8754]. A segment is encoded as an IPv6 address. An ordered list of segments is encoded as an ordered list of IPv6 addresses in the routing header. The active segment is indicated by the Destination Address of the packet. Upon completion of a segment, a pointer in the new routing header is incremented and indicates the next segment. The segment routing architecture supports operations that can be used to steer packet flows in a network, thus providing a form of traffic engineering. [RFC8664] and [I-D.ietf-pce-segment-routing-ipv6] specify the SR specific PCEP extensions.¶
The PCECC may perform centralized allocation of SR Segment Identifiers (SIDs) and use PCEP to distribute them to the SR nodes. The SR nodes continue to rely on IGP for distributed computation (nexthop selection, protection etc) where PCE (and PCEP) does only the allocation and distribution of SRv6 SIDs in the network. Note that the topology at PCE is still learned via existing mechanisms.¶
A PCE-based central controller may be responsible for computing the paths for packet flows in an MPLS Segment Routing (SR-MPLS) network and for telling the edge routers what instructions to attach to packets as they enter the network. [I-D.ietf-pce-pcep-extension-pce-controller-sr] specifies the procedures and PCEP extensions when a PCE-based controller is additionally responsible for configuring the forwarding actions on routers in an SR-MPLS network (i.e., for SR- MPLS SID distribution). This document extends those procedures to include SRv6 SID distribution as well.¶
Terminologies used in this document is the same as described in [RFC8283] and [I-D.ietf-pce-segment-routing-ipv6].¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
[RFC8664] specifies extensions to PCEP that allow a stateful PCE to compute, update, or initiate SR-TE paths for MPLS dataplane. An ingress node of an SR-TE path includes a list of MPLS labels (SIDs) in all outgoing packets This is encoded in SR-ERO subobject, capable of carrying a label (SID) as well as the identity of the node/adjacency label (SID). [I-D.ietf-pce-segment-routing-ipv6] extends the procedure to include support for SRv6 paths.¶
As per [RFC8754], an SRv6 Segment is a 128-bit value. "SRv6 SID" or simply "SID" are often used as a shorter reference for "SRv6 Segment". Further details are in an illustration provided in [RFC8986]. SR is applied to the IPv6 data plane using the SRH. An SR path can be derived from an IGP Shortest Path Tree (SPT), but SR-TE paths might not follow the IGP SPT. Such paths may be chosen by a suitable network planning tool, or a PCE and provisioned on the ingress node. [I-D.ietf-pce-segment-routing-ipv6] specifies the SRv6-ERO subobject capable of carrying an SRv6 SID as well as the identity of the node/adjacency represented by the SID.¶
[RFC8283] examines the motivations and applicability for PCECC and use of PCEP as an SBI. Section 3.1.5. of [RFC8283] highlights the use of PCECC for configuring the forwarding actions on the routers and assuming responsibility for managing the identifier space. It simplifies the processing of a distributed control plane by blending it with elements of SDN and without necessarily completely replacing it. This allows the operator to introduce the advantages of SDN (such as programmability) into the network. Further, Section 3 of [I-D.ietf-teas-pcecc-use-cases] describes some of the scenarios where the PCECC technique could be useful. Section 4 of [RFC8283] also describes the implications on the protocol when used as an SDN SBI. The operator needs to evaluate the advantages offered by PCECC against the operational and scalability needs of the PCECC Section 9.¶
As per [RFC8283], PCECC can allocate the node/prefix/adjacency label (SID) and provision them via PCEP. As per [I-D.ietf-teas-pcecc-use-cases] this is also applicable to SRv6 SIDs.¶
The rest of the processing is similar to existing stateful PCE for SRv6 [I-D.ietf-pce-segment-routing-ipv6].¶
Following key requirements for PCECC-SRv6 should be considered when designing the PCECC-based solution:¶
Active stateful PCE is described in [RFC8231]. A PCE as a Central Controller (PCECC) reuses the existing active stateful PCE mechanism as much as possible to control the LSPs.¶
The PCEP messages PCRpt, PCInitiate, and PCUpd are used to send LSP reports, LSP setup, and LSP update respectively. [RFC9050] describes the use of the PCInitiate message with a new objects called the CCI for encoding the central controller instructions. [I-D.ietf-pce-pcep-extension-pce-controller-sr] defines a CCI object-type for SR-MPLS.¶
This document uses the same PCEP messages and their extensions as described in [RFC9050] and [I-D.ietf-pce-pcep-extension-pce-controller-sr]. It extends their use to PCECC-SRv6. In particular, this document defines a new CCI object-type for SRv6 with type=TBD3.¶
During the PCEP initialization phase, PCEP speakers (PCE or PCC) advertise their support of and willingness to use PCEP extensions for the PCECC. A PCEP speaker includes the PCECC-CAPABILITY sub-TLV in the PATH-SETUP-TYPE-CAPABILITY TLV as per [RFC9050].¶
[I-D.ietf-pce-pcep-extension-pce-controller-sr] defines the S bit in the PCECC-CAPABILITY sub-TLV to indicate support for PCECC-SR-MPLS. This document defines another bit (the I bit) to indicate PCECC support for SRv6. A PCC MUST set the I bit in the PCECC-CAPABILITY sub-TLV and include the SRv6-PCE-CAPABILITY sub-TLV ([I-D.ietf-pce-segment-routing-ipv6]) in the OPEN object (inside the PATH-SETUP-TYPE-CAPABILITY TLV) to support the PCECC SRv6 extensions defined in this document.¶
Implementations that are not aware of the meaning of the I bit will ignore it per Section 7.1.1 of [RFC9050]. Implementations that are not aware of the SRv6-PCE-CAPABILITY sub-TLV but receive one in the PATH-SETUP-TYPE-CAPABILITY TLV with the PST value of 3 set (per [I-D.ietf-pce-segment-routing-ipv6], will respond as described in Section 5 of [RFC8408].¶
If the I bit is set in PCECC-CAPABILITY sub-TLV and the SRv6-PCE-CAPABILITY sub-TLV is not advertised, or is advertised without the I bit set, in the OPEN object, a receiver that implements this specification MUST:¶
The rest of the processing is as per [RFC9050] and [I-D.ietf-pce-pcep-extension-pce-controller-sr].¶
As described in [I-D.ietf-pce-pcep-extension-pce-controller-sr], it is important to link the session IP address with the Router-ID in the Traffic Engineering Database (TED) for successful PCECC-SRv6 operations. Note that the session IP needs be different from the IPv6 address for the SID to avoid any impact on the PCEP session when the SRv6 SID is allocated. The Router-ID TLVs are specified in [I-D.ietf-pce-pcep-extension-pce-controller-sr] and are used to advertise the TE mapping information.¶
[RFC8664] specifies the PCEP extension to allow a stateful PCE to compute and initiate SR-TE paths, as well as a PCC to request a path subject to certain constraint(s) and optimization criteria in SR networks. [I-D.ietf-pce-segment-routing-ipv6] extends it to support SRv6.¶
The Path Setup Type for SRv6 (PST=3) is used on the PCEP session with the Ingress as per [I-D.ietf-pce-segment-routing-ipv6].¶
Segment Routing (SR) as described in [RFC8402] depends on "segments" that are advertised by Interior Gateway Protocols (IGPs). The SR-node allocates and advertises the SID (node, adj, etc) and floods them via the IGP. This document describes a new mechanism where PCE allocates the SRv6 SID centrally and uses PCEP to distribute them to all nodes. In some deployments, PCE (and PCEP) are better suited than IGP because of the centralized nature of PCE and direct TCP based PCEP sessions to the node. Note that only the SRv6 SID allocation and distribution is done by the PCEP, all other SRv6 operations (nexthop selection, protection, etc) are still done by the node (and the IGPs).¶
Each node (PCC) is allocated a node SRv6 SID by the PCECC. The PCECC sends the PCInitiate message to update the SRv6 SID table of each node. The TE Router-ID is determined from the TED or from "IPv4/IPv6 Router-ID" TLVs [I-D.ietf-pce-pcep-extension-pce-controller-sr], in the OPEN Object.¶
On receiving the SRv6 node SID allocation, each node (PCC) uses the local routing information to determine the next-hop and download the forwarding instructions accordingly. The PCInitiate message uses the FEC object [I-D.ietf-pce-pcep-extension-pce-controller-sr].¶
On receiving the SRv6 node SID allocation:¶
The forwarding behavior and the end result are similar to IGP based "Node-SID" in SRv6. Thus, from anywhere in the domain, it enforces the ECMP-aware shortest-path forwarding of the packet towards the related node as per [RFC8402].¶
PCE relies on the Node/Prefix SRv6 SID clean up using the same PCInitiate message as per [RFC8281].¶
For PCECC-SRv6, apart from node-SID, Adj-SID is used where each adjacency is allocated an Adj-SID by the PCECC. The PCECC sends PCInitiate message to update the SRv6 SID entry for each adjacency to all nodes in the domain. Each node (PCC) download the SRv6 SID instructions accordingly. Similar to SRv6 Node/Prefix Label allocation, the PCInitiate message in this case uses the FEC object.¶
The forwarding behavior and the end result is similar to IGP based "Adj-SID" in SRv6 as per [RFC8402].¶
The handling of adjacencies on the LAN subnetworks is specified in [RFC8402]. PCECC MUST assign Adj-SID for every pair of routers in the LAN. The rest of the protocol mechanism remains the same.¶
PCE relies on the Adj label clean up using the same PCInitiate message as per [RFC8281].¶
[I-D.ietf-pce-state-sync] describes the synchronization mechanism between the stateful PCEs. The SRv6 SIDs allocated by a PCE MUST also be synchronized among PCEs for PCECC-SRv6 state synchronization. Note that the SRv6 SIDs are independent of the SRv6 paths, and remain intact until any topology change. The redundant PCEs MUST have a common view of all SRv6 SIDs allocated in the domain.¶
[RFC9050] describes the action needed for CCIs for the static LSPs on a terminated session. Same holds true for the CCI for SRv6 SID as well.¶
[RFC9050] describes the synchronization of CCIs via the LSP state synchronization as described in [RFC8231] and [RFC8232]. Same procedures are applied for the SRv6 SID CCIs.¶
Another SID called binding SID is described in [I-D.ietf-pce-binding-label-sid]. The PCECC mechanism can also be used to allocate the binding SID for SRv6.¶
A procedure for binding label/SID allocation is described in [I-D.ietf-pce-binding-label-sid] and is applicable for all path setup types (including SRv6 paths).¶
As per [RFC8402], an anycast segment or Anycast-SID enforces the ECMP-aware shortest-path forwarding towards the closest node of the anycast set. Note that the SRv6 anycast prefix segments can also be allocated and distributed in the same way as described in Section 5.5.1.1.¶
The PCEP messages are as per [I-D.ietf-pce-pcep-extension-pce-controller-sr].¶
[RFC9050] defined the PCECC-CAPABILITY sub-TLV.¶
A new I-bit is defined in PCECC-CAPABILITY sub-TLV for PCECC-SRv6:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=1 | Length=4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |I|S|L| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
[Editor's Note - The above figure is included for ease of the reader but should be removed before publication.]¶
I (PCECC-SRv6-CAPABILITY - 1 bit - TBD1): If set to 1 by a PCEP speaker, it indicates that the PCEP speaker is capable of PCECC-SRv6 capability and the PCE allocates the Node and Adj SRv6 SID on this session.¶
The PATH-SETUP-TYPE TLV is defined in [RFC8408]. A PST value of 3 is used when Path is setup via SRv6 mode as per [I-D.ietf-pce-segment-routing-ipv6]. The procedure for SRv6 path setup as specified in [I-D.ietf-pce-segment-routing-ipv6] remains unchanged.¶
The Central Control Instructions (CCI) Object is used by the PCE to specify the controller instructions is defined in [RFC9050]. This document defines another object-type for SRv6 purpose.¶
CCI Object-Type is TBD3 for SRv6 as below -¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | CC-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MT-ID | Algorithm | Flags |B|P|G|C|N|E|V|L| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved | SRv6 Endpoint Function | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | SRv6 Identifier | | (128-bit) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | SID | | Structure | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // Optional TLV // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
The field CC-ID is as described in [RFC9050]. The field MT-ID, Algorithm, Flags are defined in [I-D.ietf-pce-pcep-extension-pce-controller-sr].¶
Reserved: MUST be set to 0 while sending and ignored on receipt.¶
SRv6 Endpoint Function: 16-bit field representing supported functions associated with SRv6 SIDs.¶
SRv6 Identifier: 128-bit IPv6 addresses representing SRv6 segment.¶
SID Structure: 64-bit field formatted as per "SID Structure" in [I-D.ietf-pce-segment-routing-ipv6]. The sum of all four sizes in the SID Structure must be lower or equal to 128 bits. According to [I-D.ietf-pce-segment-routing-ipv6], if the sum of all four sizes advertised in the SID Structure is larger than 128 bits, the corresponding SRv6 SID is considered invalid and a PCErr message with Error-Type = 10 ("Reception of an invalid object") and Error-Value = 37 ("Invalid SRv6 SID Structure") is returned.¶
The FEC Object is used to specify the FEC information and MAY be carried within PCInitiate or PCRpt message.¶
FEC Object (and various Object-Types) are described in [I-D.ietf-pce-pcep-extension-pce-controller-sr]. SRv6 Node SID MUST includes the FEC Object-Type 2 for IPv6 Node. SRv6 Adjacency SID MUST include the FEC Object-Type=4 or 6 for IPv6 adjacency. Further FEC object types could be added in future extensions.¶
As per [RFC8283], the security considerations for a PCE-based controller are a little different from those for any other PCE system. That is, the operation relies heavily on the use and security of PCEP, so consideration should be given to the security features discussed in [RFC5440] and the additional mechanisms described in [RFC8253]. It further lists the vulnerability of a central controller architecture, such as a central point of failure, denial of service, and a focus for interception and modification of messages sent to individual Network Elements (NEs).¶
The PCECC extension builds on the existing PCEP messages; thus, the security considerations described in [RFC5440], [RFC8231], [RFC8281], [RFC9050], and [I-D.ietf-pce-pcep-extension-pce-controller-sr] continue to apply.¶
As per [RFC8231], it is RECOMMENDED that these PCEP extensions only be activated on mutually-authenticated and encrypted sessions across PCEs and PCCs belonging to the same administrative authority, using Transport Layer Security (TLS) [RFC8253] as per the recommendations and best current practices in [RFC9325] (unless explicitly set aside in [RFC8253]).¶
A PCE or PCC implementation SHOULD allow to configure to enable/disable PCECC SRv6 capability as a global configuration. The implementation SHOULD also allow setting the local IP address used by the PCEP session.¶
[RFC7420] describes the PCEP MIB, this MIB can be extended to get the PCECC SRv6 capability status.¶
The PCEP YANG module [I-D.ietf-pce-pcep-yang] could be extended to enable/disable PCECC SRv6 capability.¶
Mechanisms defined in this document do not imply any new liveness detection and monitoring requirements in addition to those already listed in [RFC5440].¶
Mechanisms defined in this document do not imply any new operation verification requirements in addition to those already listed in [RFC5440] and [RFC8231].¶
PCEP extensions defined in this document do not put new requirements on other protocols. It is expected that PCECC based mechanisms described in this document are not used in conjunction with the IGP based mechanism, though different SID allocated and distributed via both mechanisms can coexist.¶
PCEP implementation SHOULD allow a limit to be placed on the rate of PCInitiate/PCUpd messages (as per [RFC8231]) sent by PCE and processed by PCC. It SHOULD also allow sending a notification when a rate threshold is reached.¶
[RFC9050] defines the PCECC-CAPABILITY sub-TLV and requests that IANA creates a registry to manage the value of the PCECC-CAPABILITY sub-TLV's Flag field. IANA is requested to allocate a new bit in the PCECC-CAPABILITY sub-TLV Flag Field registry, as follows:¶
Bit | Description | Reference |
---|---|---|
TBD1 | SRv6 (I-bit) | This document |
IANA is requested to allocate a new code-point for the new CCI object-type in "PCEP Objects" sub-registry as follows:¶
IANA is requested to allocate new error types and error values within the "PCEP-ERROR Object Error Types and Values" sub-registry of the PCEP Numbers registry for the following errors:¶
Error-Type | Meaning | Reference |
---|---|---|
19 | Invalid Operation | |
Error-value = TBD4: SRv6 capability was not advertised | This document |
Thanks to Adrian Farrel for review and suggested text.¶
Dhruv Dhody Huawei India EMail: dhruv.ietf@gmail.com¶