<?xml version="1.0"encoding="iso-8859-1"?> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <?rfc strict="no" ?> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes" ?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>encoding="utf-8"?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"[ <!ENTITYRFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">nbsp " "> <!ENTITYRFC4364 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4364.xml">zwsp "​"> <!ENTITYRFC4655 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4655.xml">nbhy "‑"> <!ENTITYRFC4657 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4657.xml"> <!ENTITY RFC4760 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4760.xml"> <!ENTITY RFC5088 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5088.xml"> <!ENTITY RFC5089 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5089.xml"> <!ENTITY RFC5440 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5440.xml"> <!ENTITY RFC5511 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5511.xml"> <!ENTITY RFC5886 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5886.xml"> <!ENTITY RFC6123 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6123.xml"> <!ENTITY RFC6952 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6952.xml"> <!ENTITY RFC7399 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7399.xml"> <!ENTITY RFC7942 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7942.xml"> <!ENTITY RFC8126 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml"> <!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC8231 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8231.xml"> <!ENTITY RFC8232 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8232.xml"> <!ENTITY RFC8253 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8253.xml"> <!ENTITY RFC8281 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8281.xml"> <!ENTITY RFC8283 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8283.xml"> <!ENTITY RFC8664 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8664.xml">wj "⁠"> ]> <rfccategory="std"xmlns:xi="http://www.w3.org/2001/XInclude" docName="draft-ietf-pce-pcep-flowspec-12"ipr="trust200902">number="9168" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" category="std" consensus="true" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" version="3"> <front> <titleabbrev="PCEP-FlowSpec">PCEPabbrev="PCEP Flow Spec">Path Computation Element Communication Protocol (PCEP) Extension for Flow Specification</title> <seriesInfo name="RFC" value="9168"/> <author surname="Dhody" initials="D." fullname="Dhruv Dhody"> <organization>Huawei Technologies</organization> <address> <postal> <street>Divyashree Techno Park, Whitefield</street><city>Bangalore, Karnataka</city><city>Bangalore</city> <region>Karnataka</region> <code>560066</code> <country>India</country> </postal> <email>dhruv.ietf@gmail.com</email> </address> </author> <author surname="Farrel" initials="A." fullname="Adrian Farrel"> <organization>Old Dog Consulting</organization> <address> <email>adrian@olddog.co.uk</email> </address> </author> <author surname="Li" initials="Z." fullname="Zhenbin Li"> <organization>Huawei Technologies</organization> <address> <postal> <street>HuaweiBld., No.156Bldg., No. 156 Beiqing Rd.</street> <city>Beijing</city> <code>100095</code> <country>China</country> </postal> <email>lizhenbin@huawei.com</email> </address> </author> <date year="2022" month="January" /> <keyword>PCE</keyword> <keyword>FlowSpec</keyword> <keyword>Flow Spec</keyword> <abstract> <t>The Path Computation Element (PCE) is a functional component capable of selecting paths through a traffic engineering (TE) network. These paths may be supplied in response to requests forcomputation,computation or may be unsolicited requests issued by the PCE to network elements. Both approaches use the PCE Communication Protocol (PCEP) to convey the details of the computed path.</t> <t>Traffic flows may be categorized and described using "Flow Specifications". RFCXXXX8955 defines the Flow Specification and describes how Flow SpecificationComponentscomponents are used to describe traffic flows. RFCXXXX8955 also defines how Flow Specifications may be distributed in BGP to allow specific traffic flows to be associated with routes.</t> <t>This document specifies a set of extensions to PCEP to support dissemination of Flow Specifications. This allows a PCE to indicate what traffic should be placed on each path that it is aware of.</t> <t>The extensions defined in this document include the creation, update, and withdrawal of Flow Specifications viaPCEP,PCEP and can be applied to tunnels initiated by the PCE or to tunnels where control is delegated to the PCE by thePCC.Path Computation Client (PCC). Furthermore, a PCC requesting a new path can include Flow Specifications in the request to indicate the purpose of the tunnel allowing the PCE to factor this into the path computation.</t><t>RFC Editor Note: Please replace XXXX in the Abstract with the RFC number assigned to draft-ietf-idr-rfc5575bis when it is published. Please remove this note.</t></abstract> </front> <middle> <section anchor="Intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t><xreftarget="RFC4655"/>target="RFC4655" format="default"/> defines the Path Computation Element (PCE), a functional component capable of computing paths for use in traffic engineering networks. PCE was originally conceived for use in Multiprotocol Label Switching (MPLS) forTraffic Engineeringtraffic engineering (TE) networks to derive the routes of Label Switched Paths (LSPs). However, the scope of PCE was quickly extended to make it applicable to networks controlled by Generalized MPLS(GMPLS)-controlled networks,(GMPLS), and more recent work has brought other traffic engineering technologies and planning applications into scope (for example, Segment Routing (SR) <xref target="RFC8664"/>).</t>format="default"/>).</t> <t><xreftarget="RFC5440"/>target="RFC5440" format="default"/> describes thePath Computation ElementPCE Communication Protocol (PCEP). PCEP defines the communication between a Path Computation Client (PCC) and a PCE, or between PCE and PCE, enabling computation of the path for MPLS-TE LSPs.</t> <t>Stateful PCE <xreftarget="RFC8231"/>target="RFC8231" format="default"/> specifies a set of extensions to PCEP to enable control of TE-LSPs by a PCE that retains state about the LSPs provisioned in the network (a stateful PCE). <xreftarget="RFC8281"/>target="RFC8281" format="default"/> describes the setup, maintenance, and teardown of LSPs initiated by a stateful PCE without the need for local configuration on the PCC, thus allowing for a dynamic network that is centrally controlled. <xreftarget="RFC8283"/>target="RFC8283" format="default"/> introduces the architecture for PCE as a central controller and describes how PCE can be viewed as a component that performs computation to place'flows'"flows" within the network and decide how these flows are routed.</t> <t>The description of traffic flows by the combination of multiple Flow SpecificationComponentscomponents and their dissemination as traffic flow specifications (Flow Specifications) is described for BGP in <xreftarget="I-D.ietf-idr-rfc5575bis" />.target="RFC8955" format="default"/>. In BGP, a Flow Specification is comprised of traffic filtering rules and is associated with actions to perform on the packets that match the Flow Specification. The BGP routers that receive a Flow Specification can classify received packets according to the traffic filtering rules and can direct packets based on the associated actions.</t> <t>When a PCE is used to initiate tunnels (such as TE-LSPs or SR paths) using PCEP, it is important that the head end of the tunnels understands what traffic to place on each tunnel. The data flows intended for a tunnel can be described using Flow SpecificationComponents.components. When PCEP is in use for tunnelinitiationinitiation, it makes sense for that same protocol to be used to distribute the Flow SpecificationComponentscomponents that describe what data is to flow on those tunnels.</t> <t>This document specifies a set of extensions to PCEP to support dissemination of Flow SpecificationComponents.components. We term the description of a traffic flow using Flow SpecificationComponentscomponents as a "Flow Specification". This term is conceptually the same as the term used in <xreftarget="I-D.ietf-idr-rfc5575bis" />,target="RFC8955" format="default"/>; however, no mechanism is provided to distribute an action associated with the Flow Specification because there is only one action that is applicable in the PCEP context (that is, directing the matching traffic to the identified LSP).</t> <t>The extensions defined in this document include the creation, update, and withdrawal of Flow Specifications viaPCEP,PCEP and can be applied to tunnels initiated by the PCE or to tunnels where control is delegated to the PCE by the PCC. Furthermore, a PCC requesting a new path can include Flow Specifications in the request to indicate the purpose of the tunnel allowing the PCE to factor this into the path computation.</t> <t>Flow Specifications are carried in TLVs within a new object called the FLOWSPEC object defined in this document. The flow filtering rules indicated by the Flow Specifications are mainly defined by BGP Flow Specifications.</t> <t>Note that PCEP-installed Flow Specifications are intended to be installed only at thehead-endhead end of the LSP to which they direct traffic. It is acceptable (and potentially desirable) that other routers in the network have Flow Specifications installed that match the sametraffic,traffic but direct it onto different routes or to different LSPs. Those other Flow Specifications may be installed using the PCEP extensions defined in this document,may bedistributed using BGP per <xreftarget="I-D.ietf-idr-rfc5575bis" />,target="RFC8955" format="default"/>, ormay beconfigured using manual operations. Since this document is about PCEP-installed Flow Specifications, those other Flow Specifications at other routers are out of scope. In this context, however, it is worth noting that changes to the wider routing system (such as the distribution and installation of BGP Flow Specifications, or fluctuations in the IGP link state database) might mean that traffic matching the PCEP Flow Specification never reaches the head end of the LSP at which the PCEP Flow Specification has been installed. This may or may not be desirable according to theoperator'soperator's traffic engineering and routingpolicies,policies and is particularly applicable at LSPs that do not have their head ends at theingress-edgeingress edge of the network, but it is not an effect that this document seeks to address.</t> </section> <sectiontitle="Terminology">numbered="true" toc="default"> <name>Terminology</name> <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here.</t> <t>This document uses the following terms defined in <xreftarget="RFC5440"/>:target="RFC5440" format="default"/>: PCC, PCE, and PCEP Peer.</t> <t>The following term from <xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/> is used frequently throughout this document:<list style="empty"> <t>A</t> <blockquote>A Flow Specification is an n-tuple consisting of several matching criteria that can be applied to IP traffic. A given IP packet is said to match the defined Flow Specification if it matches all the specifiedcriteria.</t> </list></t>criteria.</blockquote> <t><xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/> also states that"A"[a] given Flow Specification may be associated with a set ofattributes,"attributes" andthat,that "...attributes can be used to encode a set of predetermined actions." However, in the context of this document, no action is explicitly specified as associated with the Flow Specification since the action"forwardof forwarding all matching traffic onto the associatedpath"path is implicit.</t> <t>How an implementation decideshowto filter traffic that matches a Flow Specification does not form part of this specification, but a flag is provided to indicate whether the sender of a PCEP message that includes a Flow Specification intends it to be installed as a Longest Prefix Match (LPM) route or as a Flow Specification policy.</t> <t>This document uses the terms "stateful PCE" and "active PCE" as advocated in <xref target="RFC7399"/>.</t> <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119" /> <xref target="RFC8174" /> when, and only when, they appear in all capitals, as shown here.</t>format="default"/>.</t> </section> <sectiontitle="Proceduresnumbered="true" toc="default"> <name>Procedures for PCE Use of FlowSpecifications">Specifications</name> <sectiontitle="Contextnumbered="true" toc="default"> <name>Context for PCE Use of FlowSpecifications">Specifications</name> <t>In the PCEarchitecturearchitecture, there are five steps in the setup and use of LSPs:<list style="numbers"> <t>Decide</t> <ol spacing="normal" type="1"><li>Decide which LSPs to set up. The decision may be made by a user, by a PCC, or by the PCE. There can be a number of triggers forthisthis, including user intervention and dynamic response to changes in trafficdemands.</t> <t>Decidedemands.</li> <li>Decide what properties to assign to an LSP. This can include bandwidth reservations, priorities, andDSCPthe Differentiated Services Code Point (DSCP) (i.e., MPLS Traffic Class field). This function is also determined by user configuration or in response to predicted or observed trafficdemands.</t> <t>Decidedemands.</li> <li>Decide what traffic to put on the LSP. This is effectively determining which traffic flows to assign to whichLSPs, andLSPs; practically, this is closely linked to the first two decisions listedabove.</t> <t>Causeabove.</li> <li>Cause the LSP to be set up and modified to have the right characteristics. This will usually involve the PCE advising or instructing the PCC at the head end of the LSP, and the PCC will then signal the LSP across thenetwork.</t> <t>Tellnetwork.</li> <li>Tell the head end of the LSP what traffic to put on the LSP. This may happen after or at the same time as the LSP is set up. This step is the subject of thisdocument.</t> </list></t>document.</li> </ol> </section> <sectiontitle="Elementsnumbered="true" toc="default"> <name>Elements ofProcedure">the Procedure</name> <t>There are three elementsofin the procedure:<list style="symbols"> <t>A</t> <ol spacing="normal"> <li>A PCE and a PCC must be able to indicate whether or not they support the use of FlowSpecifications.</t> <t>ASpecifications.</li> <li>A PCE or PCC must be able to include Flow Specifications in PCEP messages with a clear understanding of the applicability of those Flow Specifications in each case. This includes whether the use of such information is mandatory, constrained, oroptional,optional and how overlapping Flow Specifications will beresolved.</t> <t>Flowresolved.</li> <li>Flow Specification information/state must be synchronized between PCEP peers so that, on recovery, the peers have the same understanding of which Flow Specifications apply just as is required in the case of stateful PCE and LSP delegation (seeSection 5.6 of<xref section="5.6" target="RFC8231"/>).</t> </list></t>sectionFormat="of"/>).</li> </ol> <t>The following subsections describe these points.</t> <sectiontitle="Capability Advertisement">numbered="true" toc="default"> <name>Capability Advertisement</name> <t>As with most PCEP capability advertisements, the ability to support Flow Specifications can be indicated in the PCEPOPENOpen message or in IGP PCE capability advertisements.</t> <sectiontitle="PCEP OPEN Message" anchor="open">anchor="open" numbered="true" toc="default"> <name>PCEP Open Message</name> <t>During PCEP session establishment, a PCC or PCE that supports the procedures described in this document announces this fact by including the"PCEPCE FlowSpecCapability"Capability TLV (described in <xreftarget="cap"/>)target="cap" format="default"/>) in the OPENObjectobject carried in the PCEP Open message.</t> <t>The presence of the PCE FlowSpec Capability TLV in the OPENObjectobject in aPCE's OPENPCE's Open message indicates that the PCE can distribute FlowSpecs to PCCs and can receive FlowSpecs in messages from PCCs.</t> <t>The presence of the PCE FlowSpec Capability TLV in the OPENObjectobject in aPCC's OPENPCC's Open message indicates that the PCC supports the FlowSpec functionality described in this document.</t> <t>If either one of a pair of PCEP peers does not include the PCE FlowSpec Capability TLV in the OPENObjectobject in itsOPENOpen message, then the other peerMUST NOT<bcp14>MUST NOT</bcp14> include a FLOWSPEC object in any PCEP message sent to the peer. If a FLOWSPEC object is received when support has not been indicated, the receiver will respond with a PCErr message reporting the objects containing the FlowSpec as described in <xref target="RFC5440"/>:format="default"/>: that is, it will use'Unknown Object'"Unknown Object" if it does not support thisspecification,specification and'Not"Not supportedobject'object" if it supports this specification but has not chosen to support FLOWSPEC objects on this PCEP session.</t> </section> <sectiontitle="IGPnumbered="true" toc="default"> <name>IGP PCE CapabilitiesAdvertisement">Advertisement</name> <t>The ability to advertise support for PCEP and PCE features in IGP advertisements is provided for OSPF in <xref target="RFC5088"/>format="default"/> and for IS-IS in <xref target="RFC5089"/>.format="default"/>. The mechanism uses the PCE DiscoveryTLVTLV, which has a PCE-CAP-FLAGS sub-TLV containingbit-flagsbit flags, each of which indicates support for a different feature.</t> <t>This document defines a new PCE-CAP-FLAGS sub-TLV bit, the FlowSpec Capable flag (bit numberTBD1).16). Setting the bit indicates that an advertising PCE supports the procedures defined in this document.</t> <t>Note that while PCE FlowSpecCapabilitycapability may be advertised during discovery, PCEP speakers that wish to use Flow Specification in PCEPMUST<bcp14>MUST</bcp14> negotiate PCE FlowSpecCapabilitycapability during PCEP session setup, as specified in <xref target="open"/>.format="default"/>. A PCCMAY<bcp14>MAY</bcp14> initiate PCE FlowSpecCapabilitycapability negotiation at PCEP session setup even if it did not receive any IGP PCE capability advertisement, and a PCEP peer that advertised support for FlowSpec in the IGP is not obliged to support these procedures on any given PCEP session.</t> </section> </section> <sectiontitle="Dissemination Procedures">numbered="true" toc="default"> <name>Dissemination Procedures</name> <t>This section describes the procedures to support Flow Specifications in PCEP messages.</t> <t>The primary purpose of distributing Flow Specification information is to allow a PCE to indicate to a PCC what traffic it should place on a path (such as an LSP or an SR path). This means that the Flow Specification may be included in:<list style="symbols"> <t>PCInitiate</t> <ul spacing="normal"> <li>PCInitiate messages so that an active PCE can indicate the traffic to place on a path at the time that the PCE instantiates thepath.</t> <t>PCUpdpath.</li> <li>PCUpd messages so that an active PCE can indicate or change the traffic to place on a path that has already been setup.</t> <t>PCRptup.</li> <li>PCRpt messages so that a PCC can report the traffic that the PCC will place on thepath.</t> <t>PCReqpath.</li> <li>PCReq messages so that a PCC can indicate what traffic it plans to place on a pathat the timewhen it requests that the PCEtoperform a computation in case that information aids the PCE in itswork.</t> <t>PCRepwork.</li> <li>PCRep messages so that a PCE that has been asked to compute a path can suggest which traffic could be placed on a path that a PCC may be about to setup.</t> <t>PCErrup.</li> <li>PCErr messages so that issues related to paths and the traffic they carry can be reported to the PCE by thePCC,PCC andso thatproblems with other PCEP messages that carry Flow Specifications can bereported.</t> </list></t>reported.</li> </ul> <t>To carry Flow Specifications in PCEP messages, this document defines a new PCEP object called thePCEP"PCEP FLOWSPECobject.object". The object isOPTIONAL<bcp14>OPTIONAL</bcp14> in the messages described above andMAY<bcp14>MAY</bcp14> appear more than once in each message.</t> <t>To describe a traffic flow, the PCEP FLOWSPEC object carriesone of the following combinations of TLVs: <list style="symbols"> <t>zero or one Flow Filter TLV</t> <t>one L2 Flow Filter TLV</t> <t>botha Flow FilterTLV and an L2 Flow Filter TLV</t> </list></t>TLV.</t> <t>The inclusion of multiple PCEP FLOWSPEC objects allows multiple traffic flows to be placed on a single path.</t> <t>Once a PCE and PCC have established that they can both support the use of Flow Specifications in PCEP messages, such information may be exchanged at any time for new or existing paths.</t> <t>The application and prioritization of Flow Specificationsisare described in <xref target="priorities"/>.</t>format="default"/>.</t> <t>As per <xref target="RFC8231"/>,format="default"/>, any attributes of the path received from a PCE are subject toPCC'sthe PCC's local policy. This holdsgoodtrue for the Flow Specifications as well.</t> </section> <sectiontitle="Flownumbered="true" toc="default"> <name>Flow SpecificationSynchronization">Synchronization</name> <t>The Flow Specifications are carried along with the LSPStatestate information as per <xref target="RFC8231"/>format="default"/>, making the Flow Specifications part of the LSP database (LSP-DB). Thus, the synchronization of the Flow Specification information is done as part of LSP-DB synchronization. This may be achieved using normal state synchronization procedures as described in <xref target="RFC8231"/>format="default"/> or enhanced state synchronization procedures as defined in <xref target="RFC8232"/>.</t>format="default"/>.</t> <t>The approach selected will be implementation and deployment specific and will depend on issues such as how the databases are constructed and what level of synchronization support is needed.</t> </section> </section> </section> <sectiontitle="PCEanchor="cap" numbered="true" toc="default"> <name>PCE FlowSpec CapabilityTLV" anchor="cap">TLV</name> <t>The PCE-FLOWSPEC-CAPABILITY TLV is an optional TLV that can be carried in the OPENObjectobject <xreftarget="RFC5440"/>target="RFC5440" format="default"/> to exchange the PCE FlowSpec capabilities of the PCEP speakers.</t> <t>The format of the PCE-FLOWSPEC-CAPABILITY TLV follows the format of all PCEP TLVs as defined in <xref target="RFC5440"/>format="default"/> and is shown in <xref target="capfig"/>.</t>format="default"/>.</t> <figuretitle="PCE-FLOWSPEC-CAPABILITY TLV format"anchor="capfig"><artwork> <![CDATA[<name>PCE-FLOWSPEC-CAPABILITY TLV Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=TBD2Type=51 | Length=2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value=0 | Padding | +---------------------------------------------------------------+]]> </artwork>]]></artwork> </figure> <t>The type of the PCE-FLOWSPEC-CAPABILITY TLV isTBD251, and it has a fixed length of 2 octets. The Value fieldMUST<bcp14>MUST</bcp14> be set to 0 andMUST<bcp14>MUST</bcp14> be ignored on receipt. The two bytes of paddingMUST<bcp14>MUST</bcp14> be set to zero and ignored on receipt.</t> <t>The inclusion of this TLV in an OPEN object indicates that the sender can perform FlowSpec handling as defined in this document.</t> </section> <sectiontitle="PCEPnumbered="true" toc="default"> <name>PCEP FLOWSPECObject">Object</name> <t>The PCEP FLOWSPEC object defined in this document is compliant with the PCEP object format defined in <xreftarget="RFC5440"/>.target="RFC5440" format="default"/>. It isOPTIONAL<bcp14>OPTIONAL</bcp14> in the PCReq, PCRep, PCErr, PCInitiate, PCRpt, and PCUpd messages andMAY<bcp14>MAY</bcp14> be present zero, one, or more times. Each instance of the object specifies a separate traffic flow.</t> <t>The PCEP FLOWSPEC objectcarries<bcp14>MAY</bcp14> carry a FlowSpec filter rule encoded in aTLV (a Flow Filter TLV, a single L2Flow FilterTLV, or both)TLV as defined in <xref target="tlv"/>).</t>format="default"/>.</t> <t>The FLOWSPEC Object-Class isTBD343 (to be assigned by IANA).</t> <t>The FLOWSPEC Object-Type is 1.</t> <t>The format of the body of the PCEP FLOWSPEC object is shown in <xref target="FlowSpecFig"/></t>format="default"/>.</t> <figuretitle="PCEPanchor="FlowSpecFig"> <name>PCEP FLOWSPEC Object BodyFormat" anchor="FlowSpecFig"> <artwork> <![CDATA[Format</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FS-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AFI | Reserved | Flags |L|R| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // TLVs // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]> </artwork>]]></artwork> </figure><t>FS-ID (32-bits):<dl> <dt>FS-ID (32 bits):</dt> <dd> A PCEP-specific identifier for the FlowSpec information. A PCE or PCC creates an FS-ID for each FlowSpec that it originates, and the value is unique within the scope of that PCE or PCC and is constant for the lifetime of a PCEP session. All subsequent PCEP messages can identify the FlowSpec using the FS-ID. The values 0 and 0xFFFFFFFF are reserved andMUST NOT<bcp14>MUST NOT</bcp14> be used. Note that <xref target="I-D.gont-numeric-ids-sec-considerations"/>format="default"/> gives advice on assigning transient numeric identifiers such as the FS-ID so as tominimiseminimize securityrisks.</t> <t>AFI (16-bits):risks.</dd> <dt>AFI (16 bits):</dt> <dd> Address Family Identifier as used in BGP <xreftarget="RFC4760"/>target="RFC4760" format="default"/> (AFI=1 for IPv4 or VPNv4, AFI=2 for IPv6 and VPNv6 as peras per<xreftarget="I-D.ietf-idr-flow-spec-v6"/>).</t> <t>Reserved (8-bits): MUSTtarget="RFC8956" format="default"/>).</dd> <dt>Reserved (8 bits):</dt> <dd> <bcp14>MUST</bcp14> be set to zero on transmission and ignored onreceipt.</t> <t>Flags (8-bits): Tworeceipt.</dd> <dt>Flags (8 bits):</dt> <dd><t>Two flags are currentlyassigned - <list style="empty"> <t>R bit: Theassigned: </t> <dl> <dt>R bit:</dt> <dd>The Remove bit is set when a PCEP FLOWSPEC object is included in a PCEP message to indicate removal of the Flow Specification from the associated tunnel. If the bit is clear, the Flow Specification is being added ormodified.</t> <t>L bit: Themodified.</dd> <dt>L bit:</dt> <dd>The Longest Prefix Match (LPM) bit is set to indicate that the Flow Specification is to be installed as a route subject tolongest prefix matchLPM forwarding. If the bit is clear, the Flow Specification described by the Flow Filter TLV (see <xref target="tlv"/>)format="default"/>) is to be installed as a Flow Specification. If the bit is set, only Flow Specifications that describe IPv4 or IPv6 destinations are meaningful in the Flow FilterTLVTLV, and others are ignored. If the L is set and the receiver does not support the use of Flow Specifications that are present in the Flow Filter TLV for the installation of a route subject tolongest prefix matchLPM forwarding, then the PCEP peerMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpec Error) anderror-valueError-value 5 (Unsupported LPMRoute).</t>Route).</dd> </dl> </dd> </dl> <t>Unassigned bitsMUST<bcp14>MUST</bcp14> be set to zero on transmission and ignored onreceipt.</t> </list></t>receipt. </t> <t>If the PCEP speaker receives a message with the R bit set in the FLOWSPEC object and the Flow Specification identified withaan FS-ID does not exist, itMUST<bcp14>MUST</bcp14> generate a PCErr withError-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 4 (Unknown FlowSpec). </t> <t>If the PCEP speaker does not understand or support the AFI in the FLOWSPEC message, the PCEP peerMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 2 (Malformed FlowSpec).</t> <t>The following TLVs can be used in the FLOWSPEC object:<list style="symbols"> <t>Speaker</t> <dl> <dt>Speaker Entity IdentifierTLV:TLV:</dt> <dd> As specified in <xreftarget="RFC8232"/>,target="RFC8232" format="default"/>, the SPEAKER-ENTITY-ID TLV encodes a unique identifier for the node that does not change during the lifetime of the PCEP speaker. This is used to uniquely identify the FlowSpec originator and thus is used in conjunction with the FS-ID to uniquely identify the FlowSpec information. This TLVMUST<bcp14>MUST</bcp14> be included. If the TLV is missing, the PCEP peerMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 2 (Malformed FlowSpec). If more than one instance of this TLV is present, the firstMUST<bcp14>MUST</bcp14> beprocessedprocessed, andsubsequencesubsequent instancesMUST<bcp14>MUST</bcp14> beignored.</t> <t>Flowignored.</dd> <dt>Flow Filter TLV(variable):(variable):</dt> <dd> One TLVMAY<bcp14>MAY</bcp14> be included. The Flow Filter TLV isOPTIONAL<bcp14>OPTIONAL</bcp14> when the R bit isset.</t> <t>L2 Flow Filter TLV (variable): One TLV MAY be included. The L2 Flow Filter TLV is OPTIONAL when the R bit is set.</t> </list></t> <t>At least one Flow Filter TLV or one L2set.</dd> </dl> <t>The Flow Filter TLVMUST<bcp14>MUST</bcp14> be present when the R bit is clear. Ifboth TLVs arethe TLV is missing when the R bit is clear, the PCEP peerMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpec Error) anderror-valueError-value 2 (MalformedFlowSpec). A Flow Filter TLV and a L2 Flow Filter TLV MAY both be present when filtering isFlowSpec).</t> <t>Filtering based onboth L3 andthe L2fields.</t>fields is out of scope of this document.</t> </section> <sectiontitle="Flow Filter TLV and L2 Flowanchor="tlv" numbered="true" toc="default"> <name>Flow FilterTLV" anchor="tlv"> <t>TwoTLV</name> <t>One new PCEPTLVs areTLV is defined to convey Flow Specification filtering rules that specify what traffic is carried on a path. TheTLVs followTLV follows the format of all PCEP TLVs as defined in <xref target="RFC5440"/>.format="default"/>. The Type field values come from thecodepointcode point space for PCEP TLVs and has the valueTBD4 for Flow Filter TLV and TBD952 forL2Flow Filter TLV.</t> <t>The Valuefieldsfield of theTLVs containTLV contains one or more sub-TLVs (the Flow SpecificationTLVs or L2 Flow SpecificationTLVs) as defined in <xref target="subtlv"/>,format="default"/>, and they represent the complete definition of a Flow Specification for traffic to be placed on the tunnel. This tunnel is indicated by the PCEP message in which the PCEP FLOWSPEC object is carried. The set of Flow Specification TLVsand L2 Flow Filter TLVsin a single instance of a Flow Filter TLVareis combined to indicate the specific Flow Specification. Note that the PCEP FLOWSPEC object can include just one Flow FilterTLV, just one L2 Flow Filter TLV, or one of eachTLV.</t> <t>Further Flow Specifications can be included in a PCEP message by including additional FLOWSPECobjects.</t>objects.</t><t> In the future, there may be a desire to add support for L2 Flow Specifications (such as described in <xref target="I-D.ietf-idr-flowspec-l2vpn"/>).</t> </section> <sectiontitle="Flowanchor="subtlv" numbered="true" toc="default"> <name>Flow SpecificationTLVs" anchor="subtlv">TLVs</name> <t>The Flow Filter TLV carries one or more Flow Specification TLVs. The Flow Specification TLV follows the format of all PCEP TLVs as defined in <xref target="RFC5440"/>.format="default"/>. However, the Type values are selected from a separate IANA registry (see <xref target="iana"/>)format="default"/>) rather than from the common PCEP TLV registry.</t> <t>Type values are chosen so that there can be commonality with Flow Specifications defined for use with BGP <xreftarget="I-D.ietf-idr-rfc5575bis"/> andtarget="RFC8955" format="default"/> <xreftarget="I-D.ietf-idr-flow-spec-v6" />.target="RFC8956" format="default"/>. This is possible because the BGP Flow Spec encoding uses a single octet to encode thetype where astype, whereas PCEP usestwo2 octets.ThusThus, the space of values for the Type field is partitioned as shown in <xref target="fspectlvs"/>.</t> <figure title="Flowformat="default"/>.</t> <table anchor="fspectlvs"> <name>Flow Specification TLV TypeRanges" anchor="fspectlvs"> <artwork> <![CDATA[ Range | ---------------+--------------------------------------------------- 0 .. 255 | PerRanges</name> <thead> <tr> <th>Range</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td>0-255</td> <td><t>Per BGP Flow Spec registry defined by| [I-D.ietf-idr-rfc5575bis]<xref target="RFC8955"/> and| [I-D.ietf-idr-flow-spec-v6]. |<xref target="RFC8956"/>.</t> <t> Not to be allocated in thisregistry. | 256 .. 65535 | Newregistry.</t></td> </tr> <tr> <td>256-65535</td> <td>New PCEP Flow Specifications allocated according|to the registry defined in thisdocument. ]]> </artwork> </figure>document.</td> </tr> </tbody> </table> <t><xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/> is the reference for theregistry"Flow Spec Component Types" registry and defines the allocations it contains. <xreftarget="I-D.ietf-idr-flow-spec-v6"/>target="RFC8956" format="default"/> requestedfor another registrythe creation of the "Flow Spec IPv6 Component Types"and requestedregistry, as well as its initialallocations in it.allocations. If the AFI (in the FLOWSPEC object) is set to IPv4, the range 0..255 is as per "Flow Spec Component Types" <xreftarget="I-D.ietf-idr-rfc5575bis"/>;target="RFC8955" format="default"/>; if the AFI is set to IPv6, the range 0..255 is as per "Flow Spec IPv6 Component Types" <xreftarget="I-D.ietf-idr-flow-spec-v6"/>.</t>target="RFC8956" format="default"/>.</t> <t>The content of the Value field in each TLV is specific to the type/AFI and describes the parameters of the Flow Specification. The definition of the format of many of these Value fields is inherited from BGP specifications. Specifically, the inheritance is from <xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/> and <xreftarget="I-D.ietf-idr-flow-spec-v6"/>,target="RFC8956" format="default"/>, but it may also be inherited from future BGP specifications.</t> <t>When multiple Flow Specification TLVs are present in a single Flow FilterTLVTLV, they are combined to produce a more detailed specification of a flow. For examples and rules about how this is achieved, see <xreftarget="I-D.ietf-idr-rfc5575bis"/>.target="RFC8955" format="default"/>. As described in <xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/>, where it says "A given component typeMAY<bcp14>MAY</bcp14> (exactly once) be present in the FlowSpecification,"Specification", a Flow Filter TLVMUST NOT<bcp14>MUST NOT</bcp14> contain more than one Flow Specification TLV of the same type: an implementation that receives a PCEP message with a FlowFlterFilter TLV that contains more than one Flow Specification TLV of the same typeMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 2 (Malformed FlowSpec) andMUST NOT<bcp14>MUST NOT</bcp14> install the Flow Specification.</t> <t>An implementation that receives a PCEP message carrying a Flow Specification TLV with a type value that it does not recognize ordoes notsupportMUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 1 (Unsupported FlowSpec) andMUST NOT<bcp14>MUST NOT</bcp14> install the Flow Specification.</t> <t>When used in other protocols (such as BGP), these Flow Specifications are also associated with actions to indicate how traffic matching the Flow Specification should be treated. In PCEP, however, the only action is to associate the traffic with a tunnel and to forward matching traffic onto that path, so no encoding of an action is needed.</t> <t><xref target="priorities"/>format="default"/> describes how overlapping Flow Specifications are prioritized and handled.</t> <t>All Flow Specification TLVs with Types in the range 0 to 255 haveValuesvalues defined for use in BGP (for example, in <xreftarget="I-D.ietf-idr-rfc5575bis"/>target="RFC8955" format="default"/> and <xreftarget="I-D.ietf-idr-flow-spec-v6"/>)target="RFC8956" format="default"/>) and are set using the BGPencoding,encoding but without the type octet (the relevant information is in the Type field of the TLV). The Value field is padded with trailing zeros to achieve 4-byte alignment.</t> <t>This document defines the following new types:<figure title="Table of Flow</t> <table align="left" anchor="tlvFigthis"> <name>Flow Specification TLV TypesdefinedDefined in thisdocument" anchor="tlvFigthis"> <artwork> <![CDATA[ +-------+-------------------------+-----------------------------+ |Document</name> <thead> <tr> <th> Type| Description |</th> <th> Description</th> <th> Valuedefined in | | | | | +-------+-------------------------+-----------------------------+ | TBD5 | Route Distinguisher | [This.I-D] | +-------+-------------------------+-----------------------------+ | TBD6 | IPv4Defined In</th> </tr> </thead> <tbody> <tr> <td>256</td> <td>Route Distinguisher</td> <td>RFC 9168</td> </tr> <tr> <td>257</td> <td>IPv4 MulticastFlow | [This.I-D] | +-------+-------------------------+-----------------------------+ | TBD7 | IPv6Flow</td> <td>RFC 9168</td> </tr> <tr> <td>258</td> <td>IPv6 MulticastFlow | [This.I-D] | +-------+-------------------------+-----------------------------+ ]]> </artwork> </figure></t>Flow</td> <td>RFC 9168</td> </tr> </tbody> </table> <t>To allow identification of a VPN in PCEP via a Route Distinguisher (RD) <xreftarget="RFC4364"/>,target="RFC4364" format="default"/>, a newTLV -TLV, ROUTE-DISTINGUISHERTLVTLV, is defined in this document. A Flow Specification TLV with TypeTBD5256 (ROUTE-DISTINGUISHER TLV) carries an RDValue,value, which is used to identify that other flow filter information (for example, an IPv4 destination prefix) is associated with a specific VPN identified by the RD. See <xref target="vpn-id"/>format="default"/> for further discussion of VPN identification.</t> <figuretitle="Theanchor="rdtlv"> <name>The Format of the ROUTE-DISTINGUISHERTLV" anchor="rdtlv"> <artwork> <![CDATA[TLV</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Type=[TBD5]Type=256 | Length=8 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Route Distinguisher | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]> </artwork>]]></artwork> </figure> <t>The format of the RD is as per <xreftarget="RFC4364"/>.</t>target="RFC4364" format="default"/>.</t> <t>Although it may be possible to describe a multicast Flow Specification from the combination of other Flow Specification TLVs with specific values, it is more convenient to use a dedicated Flow Specification TLV. Flow Specification TLVs with Type valuesTBD6257 andTBD7258 are used to identify a multicast flow for IPv4 andIPv6IPv6, respectively. The Value field is encoded as shown in <xref target="mcastfig"/>.</t>format="default"/>.</t> <figuretitle="Multicastanchor="mcastfig"> <name>Multicast Flow Specification TLVEncoding" anchor="mcastfig"> <artwork> <![CDATA[Encoding</name> <artwork name="" type="" align="left" alt=""><![CDATA[ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved |S|G| Src Mask Len | Grp Mask Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Source Address ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ Group multicast Address ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+]]> </artwork>]]></artwork> </figure> <t>The address fields and address mask lengths of the two Multicast Flow Specification TLVs contain source and group prefixes for matching against packetflows notingflows. Note that the two address fields are 32 bits for an IPv4 Multicast Flow and 128 bits for an IPv6 Multicast Flow.</t> <t>The Reserved fieldMUST<bcp14>MUST</bcp14> be set to zero and ignored on receipt.</t> <t>Two bit flags (S and G) are defined to describe the multicast wildcarding in use. If the S bit is set, then source wildcarding is inuseuse, and the values in the Source Mask Length and Source Address fieldsMUST<bcp14>MUST</bcp14> be ignored. If the G bit is set, then group wildcarding is inuseuse, and the values in the Group Mask Length and Group multicast Address fieldsMUST<bcp14>MUST</bcp14> be ignored. The G bitMUST NOT<bcp14>MUST NOT</bcp14> be set unless the S bit is also set: if a Multicast Flow Specification TLV is received with S bit = 0 and G bit =11, the receiverMUST<bcp14>MUST</bcp14> respond with a PCErr withError-type TBD8Error-Type 30 (FlowSpec Error) anderror-valueError-value 2 (Malformed FlowSpec).</t> <t>The three multicast mappings may be achieved as follows:<list style="empty"> <t>(S,</t> <ul empty="true"> <li>(S, G) - S bit = 0, G bit = 0, the Source Address and Group multicast Address prefixes are both used to define the multicastflow.</t> <t>(*,flow.</li> <li>(*, G) - S bit = 1, G bit = 0, the Group multicast Address prefix is used to define the multicast flow, but the Source Address prefix isignored.</t> <t>(*,ignored.</li> <li>(*, *)=- S bit = 1, G bit = 1, the Source Address and Group multicast Address prefixes are bothignored.</t> </list></t> <section title="L2 Flow Specification TLVs" anchor="L2-subtlv"> <t>The L2 Flow Filter TLV carries one or more L2 Flow Specification TLV. The L2 Flow Specification TLV follows the format of all PCEP TLVs as defined in <xref target="RFC5440" />. However, the Type values are selected from a separate IANA registry (see <xref target="iana-2" />) rather than from the common PCEP TLV registry.</t> <t>Type values are chosen so that there can be commonality with L2 Flow Specifications defined for use with BGP <xref target="I-D.ietf-idr-flowspec-l2vpn"/>. This is possible because the BGP Flow Spec encoding uses a single octet to encode the type where as PCEP uses two octets. Thus the space of values for the Type field is partitioned as shown in <xref target="L2-fspectlvs" />.</t> <figure title="L2 Flow Specification TLV Type Ranges" anchor="L2-fspectlvs"> <artwork> <![CDATA[ Range | ---------------+------------------------------------------------- 0 .. 255 | Per BGP registry defined by | [I-D.ietf-idr-flowspec-l2vpn]. | Not to be allocated in this registry. | 256 .. 65535 | New PCEP Flow Specifications allocated according | to the registry defined in this document. ]]> </artwork> </figure> <t><xref target="I-D.ietf-idr-flowspec-l2vpn"/> is the reference for the registry "L2 Flow Spec Component Types" and defines the allocations it contains.</t> <t>The content of the Value field in each TLV is specific to the type and describes the parameters of the Flow Specification. The definition of the format of many of these Value fields is inherited from BGP specifications. Specifically, the inheritance is from <xref target="I-D.ietf-idr-flowspec-l2vpn"/>, but may also be inherited from future BGP specifications.</t> <t>When multiple L2 Flow Specification TLVs are present in a single L2 Flow Filter TLV they are combined to produce a more detailed specification of a flow. Similarly, when both Flow Filter TLV and L2 Flow Filter TLV are present, they are combined to produce a more detailed specification of a flow.</t> <t>An implementation that receives a PCEP message carrying a L2 Flow Specification TLV with a type value that it does not recognize or does not support MUST respond with a PCErr message with error-type TBD8 (FlowSpec Error), error-value 1 (Unsupported FlowSpec) and MUST NOT install the Flow Specification.</t> <t>All L2 Flow Specification TLVs with Types in the range 0 to 255 have their Values interpretted as defined for use in BGP (for example, in <xref target="I-D.ietf-idr-flowspec-l2vpn"/>) and are set using the BGP encoding, but without the type octet (the relevant information is in the Type field of the TLV). The Value field is padded with trailing zeros to achieve 4-byte alignment.</t> <t>This document defines no new types.</t> <t>In the rest of the document when the Flow Specification is mentioned, it includes the L2 Flow Specifications as well.</t> </section>ignored.</li> </ul> </section> <sectiontitle="Detailed Procedures" anchor="detailed">anchor="detailed" numbered="true" toc="default"> <name>Detailed Procedures</name> <t>This section outlines some specific detailed procedures for using the protocol extensions defined in this document.</t> <sectiontitle="Defaultanchor="default" numbered="true" toc="default"> <name>Default Behavior and BackwardCompatibility" anchor="default">Compatibility</name> <t>The default behavior is that no Flow Specification is applied to a tunnel. That is, the default is that the FLOWSPEC object is notusedused, as is the case in all systems before the implementation of this specification.</t> <t>In this case, it is a local matter (such as through configuration) how tunnel head ends are instructed in terms of what traffic to place on a tunnel.</t> <t><xreftarget="RFC5440"/>target="RFC5440" format="default"/> describes how receivers respond when they see unknown PCEP objects.</t> </section> <sectiontitle="Compositeanchor="composite" numbered="true" toc="default"> <name>Composite FlowSpecifications" anchor="composite">Specifications</name> <t>Flow Specifications may be represented by a single Flow Specification TLV or may require a more complex description using multiple Flow Specification TLVs. For example, a flow indicated by a source-destination pair of IPv6 addresses would be described by the combination of Destination IPv6 Prefix and Source IPv6 Prefix Flow Specification TLVs.</t> </section> <sectiontitle="Modifyinganchor="modify" numbered="true" toc="default"> <name>Modifying FlowSpecifications" anchor="modify">Specifications</name> <t>A PCE may want to modify a Flow Specification associated with a tunnel, or a PCC may want to report a change to the Flow Specification it is using with a tunnel.</t> <t>It is importantthatto identify the specific Flow Specificationis identifiedsothatit is clear that this is a modification of an existing flow and not the addition of a new flow as described in <xref target="multiple"/>.format="default"/>. The FS-ID field of the PCEP FLOWSPEC object is used to identify a specific Flow Specification in the context of the content of the Speaker Entity Identifier TLV.</t> <t>When modifying a Flow Specification, all Flow Specification TLVs for the intended specification of the flowMUST<bcp14>MUST</bcp14> be included in the PCEP FLOWSPEC object.theThe FS-IDMUST<bcp14>MUST</bcp14> be retained from the previous description of the flow, and the same Speaker EntityIdentityIdentifier TLVMUST<bcp14>MUST</bcp14> be used.</t> </section> <sectiontitle="Multipleanchor="multiple" numbered="true" toc="default"> <name>Multiple FlowSpecifications" anchor="multiple">Specifications</name> <t>It is possible that traffic from multiple flows will be placed on a single tunnel. In somecasescases, it is possible to define these within a single PCEP FLOWSPEC object by widening the scope of a Flow Specification TLV: for example, traffic to two destination IPv4 prefixes might be captured by a single Flow Specification TLV with type'Destination'"Destination" with a suitably adjusted prefix. However, this is unlikely to be possible in most scenarios, and it must be recalled that it is not permitted to include two Flow Specification TLVs of the same type within one Flow Filter TLV.</t> <t>The normal procedure, therefore, is to carry each Flow Specification in its own PCEP FLOWSPEC object. Multiple objects may be present on a single PCEP message, or multiple PCEP messages may be used.</t> </section> <sectiontitle="Addinganchor="addremove" numbered="true" toc="default"> <name>Adding and Removing FlowSpecifications" anchor="addremove">Specifications</name> <t>The Remove bit in the PCEP FLOWSPEC object is left clear when a Flow Specification is being added or modified.</t> <t>To remove a Flow Specification, a PCEP FLOWSPEC object is included with the FS-ID matching the one being removed, and the R bit is set to indicate removal. In thiscasecase, it is not necessary to include any Flow Specification TLVs.</t> <t>If the R bit is set and Flow Specification TLVs are present, an implementationMAY<bcp14>MAY</bcp14> ignore them. If the implementation checks the Flow Specification TLVs against those recorded for the FS-ID and Speaker EntityIdentityIdentifier of the Flow Specification being removed and finds a mismatch, the Flow Specification matching the FS-IDMUST<bcp14>MUST</bcp14> still beremovedremoved, and the implementationSHOULD<bcp14>SHOULD</bcp14> record a local exception or log.</t> </section> <sectiontitle="VPN Identifiers" anchor="vpn-id">anchor="vpn-id" numbered="true" toc="default"> <name>VPN Identifiers</name> <t>VPN instances are identified in BGP usingRoute Distinguishers (RDs)RDs <xreftarget="RFC4364"/>.target="RFC4364" format="default"/>. These values are not normally considered to have any meaning outside of the network, and they are not encoded in data packets belonging to the VPNs. However, RDs provide a useful way of identifying VPN instances and are often manually or automatically assigned to VPNs as they are provisioned.</t><t>Thus<t>Thus, the RD provides a useful way to indicate that traffic for a particular VPN should be placed on a given tunnel. The tunnel head end will need to interpret this Flow Specification not as a filter on the fields of datapackets,packets but rather using the other mechanisms that it already uses to identify VPN traffic.ThisThese mechanisms could be based on the incoming port (for port-based VPNs) or may leverage knowledge of theVRFVPN Routing and Forwarding (VRF) that is in use for the traffic.</t> </section> <sectiontitle="Prioritiesanchor="priorities" numbered="true" toc="default"> <name>Priorities and Overlapping FlowSpecifications" anchor="priorities">Specifications</name> <t>FlowspecificationsSpecifications can overlap. For example, two differentflow specificationsFlow Specifications may be identical except for the length of the prefix in the destination address. In thesecasescases, the PCC must determine how to prioritize theflow specificationsFlow Specifications so as to knowtowhich path to assign packets that match bothflow specifications.Flow Specifications. That is, the PCC must assign a precedence to theflow specificationsFlow Specifications so that it checks each incoming packet for a match in a predictable order.</t> <t>The processing of BGP Flow Specifications is described in <xreftarget="I-D.ietf-idr-rfc5575bis"/>.target="RFC8955" format="default"/>. Section5.1<xref target="RFC8955" section="5.1" sectionFormat="bare"/> of that document explains the order of traffic filtering rules to be executed by an implementation of that specification.</t> <t>PCCsMUST<bcp14>MUST</bcp14> apply the same ordering rules as defined in <xreftarget="I-D.ietf-idr-rfc5575bis"/>.</t>target="RFC8955" format="default"/>.</t> <t>Furthermore, it is possible that Flow Specifications will be distributed by BGP as well as by PCEP as described in this document. In suchcasescases, implementations supporting both approachesMUST<bcp14>MUST</bcp14> apply the prioritization and ordering rules as set out in <xreftarget="I-D.ietf-idr-rfc5575bis" />target="RFC8955" format="default"/> regardless of which protocol distributed the Flow Specifications. However, implementationsMAY<bcp14>MAY</bcp14> provide a configuration control to allow one protocol to take precedence over theother asother; this may be particularly useful if the Flow Specifications make identical matches ontraffic,traffic but have different actions. It isRECOMMENDED<bcp14>RECOMMENDED</bcp14> that a message be logged for the operator to understand the behavior when two Flow Specifications distributed by different protocols overlap,andespecially when one acts to replaceanother, that a message be logged for the operator to understand the behaviour.</t>another.</t> <t><xreftarget="mg-mxfspec"/>target="mg-mxfspec" format="default"/> of this document covers manageability considerations relevant to the prioritized ordering offlow specifications.</t>Flow Specifications.</t> <t>An implementation that receives a PCEP message carrying a Flow Specification that it cannot resolve against other Flow Specifications already installed (for example, because the new Flow Specification has irresolvable conflicts with other Flow Specifications that are already installed)MUST<bcp14>MUST</bcp14> respond with a PCErr message witherror-type TBD8Error-Type 30 (FlowSpecError), error-valueError) and Error-value 3 (Unresolvable Conflict) andMUST NOT<bcp14>MUST NOT</bcp14> install the Flow Specification.</t> </section> </section> <sectiontitle="PCEP Messages" anchor="messages">anchor="messages" numbered="true" toc="default"> <name>PCEP Messages</name> <t>This section describes the format of messages that contain FLOWSPEC objects. The only differencetofrom previous message formats is the inclusion of that object.</t> <t>The figures in this section use the notation defined in <xref target="RFC5511"/>.</t>format="default"/>.</t> <t>The FLOWSPEC object isOPTIONAL<bcp14>OPTIONAL</bcp14> andMAY<bcp14>MAY</bcp14> be carried in the PCEP messages.</t> <t>The PCInitiate message is defined in <xref target="RFC8281"/>format="default"/> and updated as below:</t><figure> <artwork> <![CDATA[<sourcecode type="rbnf"><![CDATA[ <PCInitiate Message> ::= <Common Header> <PCE-initiated-lsp-list> Where: <PCE-initiated-lsp-list> ::= <PCE-initiated-lsp-request> [<PCE-initiated-lsp-list>] <PCE-initiated-lsp-request> ::= ( <PCE-initiated-lsp-instantiation>| <PCE-initiated-lsp-deletion> ) <PCE-initiated-lsp-instantiation> ::= <SRP> <LSP> [<END-POINTS>] <ERO> [<attribute-list>] [<flowspec-list>] Where: <flowspec-list> ::= <FLOWSPEC> [<flowspec-list>]]]> </artwork> </figure>]]></sourcecode> <t>The PCUpd message is defined in <xref target="RFC8231"/>format="default"/> and updated as below:</t><figure> <artwork> <![CDATA[<sourcecode type="rbnf"><![CDATA[ <PCUpd Message> ::= <Common Header> <update-request-list> Where: <update-request-list> ::= <update-request> [<update-request-list>] <update-request> ::= <SRP> <LSP> <path> [<flowspec-list>] Where: <path>::= <intended-path><intended-attribute-list> <flowspec-list> ::= <FLOWSPEC> [<flowspec-list>]]]> </artwork> </figure>]]></sourcecode> <t>The PCRpt message is defined in <xreftarget="RFC8231"/>target="RFC8231" format="default"/> and updated as below:</t><figure> <artwork> <![CDATA[<sourcecode type="rbnf"><![CDATA[ <PCRpt Message> ::= <Common Header> <state-report-list> Where: <state-report-list> ::= <state-report>[<state-report-list>] <state-report> ::= [<SRP>] <LSP> <path> [<flowspec-list>] Where: <path>::= <intended-path> [<actual-attribute-list><actual-path>] <intended-attribute-list> <flowspec-list> ::= <FLOWSPEC> [<flowspec-list>]]]> </artwork> </figure>]]></sourcecode> <t>The PCReq message is defined in <xreftarget="RFC5440"/>target="RFC5440" format="default"/> and updated in <xreftarget="RFC8231"/>,target="RFC8231" format="default"/>; it is further updated below forflow specification:</t> <figure> <artwork> <![CDATA[a Flow Specification:</t> <sourcecode type="rbnf"><![CDATA[ <PCReq Message>::= <Common Header> [<svec-list>] <request-list> Where: <svec-list>::= <SVEC>[<svec-list>] <request-list>::= <request>[<request-list>] <request>::= <RP> <END-POINTS> [<LSP>] [<LSPA>] [<BANDWIDTH>] [<metric-list>] [<RRO>[<BANDWIDTH>]] [<IRO>] [<LOAD-BALANCING>] [<flowspec-list>] Where: <flowspec-list> ::= <FLOWSPEC> [<flowspec-list>]]]> </artwork> </figure>]]></sourcecode> <t>The PCRep message is defined in <xref target="RFC5440"/>format="default"/> and updated in <xref target="RFC8231"/>,format="default"/>; it is further updated below forflow specification:</t> <figure> <artwork> <![CDATA[a Flow Specification:</t> <sourcecode type="rbnf"><![CDATA[ <PCRep Message> ::= <Common Header> <response-list> Where: <response-list>::=<response>[<response-list>] <response>::=<RP> [<LSP>] [<NO-PATH>] [<attribute-list>] [<path-list>] [<flowspec-list>] Where: <flowspec-list> ::= <FLOWSPEC> [<flowspec-list>]]]> </artwork> </figure>]]></sourcecode> </section> <sectiontitle="IANA Considerations"> <t>IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" registry. Thisnumbered="true" toc="default"> <name>IANA Considerations</name> <t>This document requests that IANAactions toallocate code points for the protocol elements defined in this document.</t> <sectiontitle="PCEP Objects"> <t>Eachnumbered="true" toc="default"> <name>PCEP Objects</name> <t>IANA maintains a subregistry called "PCEP Objects" within the "Path Computation Element Protocol (PCEP) Numbers" registry. Each PCEP object has an Object-Class and anObject-Type. IANA maintains a subregistry called "PCEP Objects".Object-Type, and IANAis requested to make an assignment fromhas allocated new code points in this subregistry as follows:</t><figure> <artwork> <![CDATA[ Object-Class | Value Name | Object-Type | Reference -------------+-------------+------------------------+---------------- TBD3 | FLOWSPEC | 0: Reserved | [This.I-D] | | 1: Flow Specification | [This.I-D] ]]> </artwork> </figure><table align="left"> <name>PCEP Objects Subregistry Additions</name> <thead> <tr> <th>Object-Class Value</th> <th>Name</th> <th>Object-Type</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td rowspan="2">43</td> <td rowspan="2">FLOWSPEC</td> <td>0: Reserved</td> <td>RFC 9168</td> </tr> <tr> <td>1: Flow Specification</td> <td>RFC 9168</td> </tr> </tbody> </table> <sectiontitle="PCEPnumbered="true" toc="default"> <name>PCEP FLOWSPEC Object FlagField">Field</name> <t>This document requests that a newsub-registry, namedsubregistry, "FLOWSPEC Object Flag Field",isbe created within the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field of the FLOWSPEC object. New values are to be assigned by Standards Action <xreftarget="RFC8126"/>.target="RFC8126" format="default"/>. Each bit should be tracked with the following qualities:<list style="symbols"> <t>Bit</t> <ul spacing="normal"> <li>Bit number (counting from bit 0 as the most significantbit)</t> <t>Capability description</t> <t>Defining RFC</t> </list></t>bit)</li> <li>Capability description</li> <li>Defining RFC</li> </ul> <t>The initial population of this registry is as follows:</t><figure> <artwork> <![CDATA[ Bit | Description | Reference -----+--------------------+------------- 0-5 | Unnassigned | 6 | LPM<table align="left"> <name>Initial Contents of the FLOWSPEC Object Flag Field Registry</name> <thead> <tr> <th>Bit</th> <th>Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>0-5</td> <td>Unassigned</td> <td></td> </tr> <tr> <td>6</td> <td>LPM (Lbit) | [This.I-D] 7 |bit)</td> <td>RFC 9168</td> </tr> <tr> <td>7</td> <td> Remove (Rbit) | [This.I-D] ]]> </artwork> </figure>bit)</td> <td>RFC 9168</td> </tr> </tbody> </table> </section> </section> <sectiontitle="PCEPnumbered="true" toc="default"> <name>PCEP TLV TypeIndicators">Indicators</name> <t>IANA maintains a subregistry called "PCEP TLV TypeIndicators".Indicators" within the "Path Computation Element Protocol (PCEP) Numbers" registry. IANAis requested to make an assignment fromhas made the following allocations in thissubregistry as follows:</t> <figure> <artwork> <![CDATA[ Value | Meaning | Reference --------+------------------------------+------------- TBD2 | PCE-FLOWSPEC-CAPABILITY TLV | [This.I-D] TBD4 | FLOW FILTERsubregistry:</t> <table align="left"> <name>PCEP TLV| [This.I-D] TBD9 | L2 FLOWType Indicators Subregistry Additions</name> <thead> <tr> <th>Value</th> <th>Description</th> <th> Reference</th> </tr> </thead> <tbody> <tr> <td>51</td> <td>PCE-FLOWSPEC-CAPABILITY TLV</td> <td>RFC 9168</td> </tr> <tr> <td>52</td> <td>FLOW FILTERTLV | [This.I-D] ]]> </artwork> </figure>TLV</td> <td>RFC 9168</td> </tr> </tbody> </table> </section> <sectiontitle="Flowanchor="iana" numbered="true" toc="default"> <name>Flow Specification TLV TypeIndicators" anchor="iana">Indicators</name> <t>IANAis requested to createhas created a new subregistrycall thecalled "PCEP Flow Specification TLV Type Indicators" within the "Path Computation Element Protocol (PCEP) Numbers" registry.</t> <t>Allocations from this registry are to be made according to the following assignment policies <xref target="RFC8126"/>:</t> <figure> <artwork> <![CDATA[ Range | Assignment policy ---------------+--------------------------------------------------- 0 .. 255 | Reservedformat="default"/>:</t> <table align="left"> <name>Registration Procedures for the PCEP Flow Specification TLV Type Indicators Subregistry</name> <thead> <tr> <th>Range</th> <th>Registration Procedures</th> </tr> </thead> <tbody> <tr> <td>0-255</td> <td><t>Reserved - must not beallocated. | Usageallocated.</t> <t>Usage mirrors the BGPFlowSpecFlow Spec registry| [I-D.ietf-idr-rfc5575bis] and | [I-D.ietf-idr-flow-spec-v6]. | 256 .. 64506 | Specification Required | 64507 .. 65531 | First<xref target="RFC8955"/> <xref target="RFC8956"/>.</t></td> </tr> <tr> <td>256-64506</td> <td>Specification Required</td> </tr> <tr> <td>64507-65531</td> <td>First Come FirstServed | 65532 .. 65535 | Experimental ]]> </artwork> </figure>Served</td> </tr> <tr> <td>65532-65535</td> <td>Experimental Use</td> </tr> </tbody> </table> <t>IANAis requested to pre-populatehas populated this registry with values defined in this document as follows, taking the new values from the range 256 to 64506:</t><figure> <artwork> <![CDATA[ Value | Meaning -------+------------------------ TBD5 | Route Distinguisher TBD6 | IPv4 Multicast TBD7 | IPv6 Multicast ]]> </artwork> </figure> </section> <section title="L2 Flow Specification TLV Type Indicators" anchor="iana-2"> <t>IANA is requested to create a new subregistry called<table align="left"> <name>Initial Contents of the"PCEP L2PCEP Flow Specification TLV TypeIndicators" registry.</t> <t>Allocations from this registry are to be made according to the following assignment policies <xref target="RFC8126" />:</t> <figure> <artwork> <![CDATA[ Range | Assignment policy ---------------+--------------------------------------------------- 0 .. 255 | Reserved - must not be allocated. | Usage mirrors the BGP L2 FlowSpec registry | [I-D.ietf-idr-flowspec-l2vpn]. | 256 .. 64506 | Specification Required | 64507 .. 65531 | First Come First Served | 65532 .. 65535 | Experimental ]]> </artwork> </figure>Indicators Subregistry</name> <thead> <tr> <th>Value</th> <th>Meaning</th> </tr> </thead> <tbody> <tr> <td>256</td> <td>Route Distinguisher</td> </tr> <tr> <td>257</td> <td> IPv4 Multicast</td> </tr> <tr> <td>258</td> <td>IPv6 Multicast</td> </tr> </tbody> </table> </section> <sectiontitle="PCEPnumbered="true" toc="default"> <name>PCEP ErrorCodes">Codes</name> <t>IANA maintains a subregistry called "PCEP-ERROR Object Error Types andValues".Values" within the "Path Computation Element Protocol (PCEP) Numbers" registry. Entries in this subregistry are described by Error-Type and Error-value. IANAis requested to makehas added the following assignmentfromto this subregistry:</t><figure> <artwork> <![CDATA[ Error-| Meaning | Error-value | Reference Type | | | -------+--------------------+----------------------------+----------- TBD8 | FlowSpec error | 0: Unassigned | [This.I-D] | | 1:<table align="left"> <name>PCEP-ERROR Object Error Types and Values Subregistry Additions</name> <thead> <tr> <th>Error-Type</th> <th>Meaning</th> <th>Error-value</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td rowspan="7">30</td> <td rowspan="7">FlowSpec error</td> <td>0: Unassigned</td> <td>RFC 9168</td> </tr> <tr> <td>1: UnsupportedFlowSpec | [This.I-D] | | 2:FlowSpec</td> <td>RFC 9168</td> </tr> <tr> <td>2: MalformedFlowSpec | [This.I-D] | | 3:FlowSpec</td> <td>RFC 9168</td> </tr> <tr> <td>3: UnresolvableConflict | [This.I-D] | | 4:Conflict</td> <td>RFC 9168</td> </tr> <tr> <td>4: UnknownFlowSpec | [This.I-D] | | 5:FlowSpec</td> <td>RFC 9168</td> </tr> <tr> <td>5: Unsupported LPMRoute | [This.I-D] | | 6-255: Unassigned | [This.I-D] ]]> </artwork> </figure>Route</td> <td>RFC 9168</td> </tr> <tr> <td>6-255: Unassigned</td> <td>RFC 9168</td> </tr> </tbody> </table> </section> <sectiontitle="PCEnumbered="true" toc="default"> <name>PCE CapabilityFlag">Flag</name> <t>IANAmaintains a subregistry called "Open Shortest Path First v2 (OSPFv2) Parameters" withhas registered asub-registry callednew capability bit in the OSPF Parameters "Path Computation Element (PCE) CapabilityFlags". IANA is requested to assign a new capability bit from thisFlags" registry as follows:</t><figure> <artwork> <![CDATA[ Bit |<table align="left"> <name>Path Computation Element (PCE) CapabilityDescription | Reference -------+-------------------------------+------------ TBD1 | FlowSpec | [This.I-D] ]]> </artwork> </figure>Flags Registry Additions</name> <thead> <tr> <th>Bit</th> <th>Capability Description</th> <th>Reference</th> </tr> </thead> <tbody> <tr> <td>16</td> <td>FlowSpec</td> <td>RFC 9168</td> </tr> </tbody> </table> </section> </section> <sectiontitle="Implementation Status" anchor="imps"> <t>[NOTE TO RFC EDITOR : This whole section and the reference to RFC 7942 is to be removed before publication as an RFC]</t> <t>This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in <xref target="RFC7942"/>. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.</t> <t>According to <xref target="RFC7942"/>, "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".</t> <t>At the time of posting the -12 version of this document, there are no known implementations of this mechanism. It is believed that two vendors are considering prototype implementations, but these plans are too vague to make any further assertions.</t> </section> <section title="Security Considerations" anchor="Security">anchor="Security" numbered="true" toc="default"> <name>Security Considerations</name> <t>We may assume that a system that utilizes a remote PCE is subject to a number of vulnerabilities that could allow spurious LSPs or SR paths to be established or that could result in existing paths being modified or torn down. Such systems, therefore, apply security considerations as described in <xref target="RFC5440"/>, Section 2.5 offormat="default"/>, <xref target="RFC6952"/>,section="2.5" sectionFormat="of"/>, <xref target="RFC8253"/>,format="default"/>, and <xreftarget="I-D.ietf-idr-rfc5575bis" />.</t>target="RFC8955" format="default"/>.</t> <t>The description of Flow Specifications associated with paths set up or controlled by a PCEaddadds a further detail that could be attacked without tearing down LSPs or SRpaths,paths butcausingcauses traffic to be misrouted within the network. Therefore, the use of the security mechanisms for PCEP referenced above is important.</t> <t>Visibility into the information carried in PCEP does not have direct privacy concerns forend-users' data,end users' data; however, knowledge of how data is routed in a network may make that data more vulnerable. Of course, the ability to interfere with the way data is routed also makes the data more vulnerable. Furthermore, knowledge of the connectedend-pointsendpoints (such as multicast receivers or VPN sites) is usually considered private customer information. Therefore, implementations or deployments concerned with protecting privacyMUST<bcp14>MUST</bcp14> apply the mechanisms described in the documents referencedabove:above, inparticularparticular, to secure the PCEP session usingIPSecIPsec per Sections10.4<xref target="RFC5440" section="10.4" sectionFormat="bare"/> to10.6 of<xref target="RFC5440"/>section="10.6" sectionFormat="bare"/> of <xref target="RFC5440"/> or TLS per <xref target="RFC8253"/>.format="default"/>. Note that TCP-MD5 security as originally suggested in <xref target="RFC5440"/>format="default"/> does not provide sufficient security or privacyguarantees,guarantees andSHOULD NOT<bcp14>SHOULD NOT</bcp14> be relied upon.</t> <t>Experience with Flow Specifications in BGP systems indicates that they can become complex and that the overlap of Flow Specifications installed in different orders can lead to unexpected results. Although this is not directly a security issue per se, the confusion and unexpected forwarding behavior may be engineered or exploited by an attacker. Furthermore, this complexity might give rise to a situation where the forwarding behaviors might create gaps in the monitoring and inspection of particular traffic or provide a path that avoids expected mitigations. Therefore, implementers and operatorsSHOULD<bcp14>SHOULD</bcp14> pay careful attention to theManageability Considerationsmanageability considerations described in <xref target="Manage"/>format="default"/> and familiarize themselves with the careful explanations in <xreftarget="I-D.ietf-idr-rfc5575bis" />.</t>target="RFC8955" format="default"/>.</t> </section> <sectiontitle="Manageability Considerations" anchor="Manage">anchor="Manage" numbered="true" toc="default"> <name>Manageability Considerations</name> <t>The feature introduced by this document enables operational manageability of networks operated in conjunction with a PCE and using PCEP.Without this feature, but inIn the case of a stateful active PCE or with PCE-initiated services, in the absence of this feature, additional manual configuration is needed to tell thehead-endshead ends what traffic to place on the network services (LSPs, SR paths, etc.).</t> <t>This section follows the advice and guidance of <xref target="RFC6123"/>.</t>format="default"/>.</t> <sectiontitle="Managementanchor="mg-mxfspec" numbered="true" toc="default"> <name>Management of Multiple FlowSpecifications" anchor="mg-mxfspec">Specifications</name> <t>Experience withflow specificationFlow Specification in BGP suggests that there can be a lot of complexity when two or moreflow specificationsFlow Specifications overlap. This can arise, for example, with addresses indicated usingprefixes,prefixes and could cause confusion about what traffic should be placed on which path. Unlike the behavior in a distributed routing system, it is not important to the routingstablitystability and consistency of the network that each head-end implementation applies the same rules to disambiguate overlapping Flow Specifications, but it is important that:<list style="symbols"> <t>A</t> <ul spacing="normal"> <li>a network operator can easily find out what traffic is being placed on which path and why. This will facilitate analysis of the network and diagnosis offaults.</t> <t>Afaults.</li> <li>a PCEisbe able to correctly predict the effect of instructions it gives to a PCC. This will ensure that traffic is correctly placed on the network without causing congestion or other networkinefficiencies,inefficiencies and that traffic is correctlydelivered.</t> </list></t>delivered.</li> </ul> <t>To that end, a PCCMUST<bcp14>MUST</bcp14> enable an operator to view thetheFlow Specifications that it has installed, and theseMUST<bcp14>MUST</bcp14> be presented in order of precedence such that when two Flow Specifications overlap, the one that will be serviced with higher precedence is presented to the operator first.</t> <t>A discussion of precedence ordering forflow specificationsFlow Specifications is found in <xreftarget="priorities"/>.</t>target="priorities" format="default"/>.</t> </section> <sectiontitle="Controlanchor="mg-control" numbered="true" toc="default"> <name>Control of Function through Configuration andPolicy" anchor="mg-control">Policy</name> <t>Support for the function described in this document implies that a functional element that is capable of requesting that a PCEtocompute and control a path is also able to configure the specification of what traffic should be placed on that path. Where there is a human involved in this action, configuration of the Flow Specification must be available through an interface (such as a graphical user interface or acommand line interface).Command Line Interface). Where a distinct software component (i.e., one not co-implemented with the PCE) is used, a protocol mechanism will be required that could be PCEP itself orcould bea datamodelmodel, such as extensions to the YANG model for requesting path computation <xref target="I-D.ietf-teas-yang-path-computation"/>.</t>format="default"/>.</t> <t>ImplementationsMAY<bcp14>MAY</bcp14> be constructed with a configurable switch tosayindicate whether they support the functions defined in this document. Otherwise, such implementationsMUST<bcp14>MUST</bcp14> indicate that they support the function as described in <xref target="cap"/>.format="default"/>. If an implementationsupportsallows configurable support of this function, that supportMAY<bcp14>MAY</bcp14> be configurable per peer or once for the whole implementation.</t> <t>As mentioned in <xref target="mg-mxfspec"/>,format="default"/>, a PCE implementationSHOULD<bcp14>SHOULD</bcp14> provide a mechanism to configure variations in the precedence ordering of Flow Specifications per PCC.</t> </section> <sectiontitle="Informationanchor="mg-model" numbered="true" toc="default"> <name>Information and DataModels" anchor="mg-model">Models</name> <t>The YANG model in <xref target="I-D.ietf-pce-pcep-yang"/>format="default"/> can be used to model and monitor PCEP states and messages. To make that YANG model useful for the extensions described in this document, it would need to be augmented to cover the new protocol elements.</t> <t>Similarly, as noted in <xref target="mg-control"/>,format="default"/>, the YANG model defined in <xref target="I-D.ietf-teas-yang-path-computation"/>format="default"/> could be extended to allow the specification of Flow Specifications.</t> <t>Finally, as mentioned in <xref target="mg-mxfspec"/>,format="default"/>, a PCC implementationSHOULD<bcp14>SHOULD</bcp14> provide a mechanism to allow an operator to read the Flow Specifications from a PCC and to understand in what order they will be executed. This could be achieved using a new YANG model.</t> </section> <sectiontitle="Livenessanchor="mg-monitor" numbered="true" toc="default"> <name>Liveness Detection andMonitoring" anchor="mg-monitor">Monitoring</name> <t>The extensions defined in this document do not require any additional liveness detection and monitoring support. See <xref target="RFC5440"/>format="default"/> and <xref target="RFC5886"/>format="default"/> for more information.</t> </section> <sectiontitle="Verifyinganchor="mg-verify" numbered="true" toc="default"> <name>Verifying CorrectOperation" anchor="mg-verify">Operation</name> <t>The chief element of operation that needs to be verified (in addition to the operation of the protocol elements as described in <xref target="RFC5440"/>)format="default"/>) is the installation, precedence, and correct operation of the Flow Specifications at a PCC.</t> <t>In addition to the YANGmodelmodel, for reading Flow Specifications described in <xref target="mg-model"/>,format="default"/>, tools may be needed to inject Operations and Management (OAM) traffic at the PCC that matches specific criteria so that it can be monitoredaswhile traveling along the desired path. Such tools are outside the scope of this document.</t> </section> <sectiontitle="Requirements onanchor="mg-reqs" numbered="true" toc="default"> <name>Requirements for Other Protocols and FunctionalComponents" anchor="mg-reqs">Components</name> <t>This document places no requirements on other protocols or components.</t> </section> <sectiontitle="Impactanchor="mg-impact" numbered="true" toc="default"> <name>Impact on NetworkOperation" anchor="mg-impact">Operation</name> <t>The use of the features described in this document clearly have an important impact on network traffic since they cause traffic to be routed on specific paths in the network. However, in practice, these changes make no direct changes to the network operation because traffic is already placed on those paths using some pre-existing configuration mechanism. Thus, the significant change is the reduction in mechanisms that have to beapplied,applied rather than a change to how the traffic is passed through the network.</t> </section><!--<section title="Other Considerations" anchor="mg-other"> <t>No other manageability considerations are known at this time.</t> </section>--></section> </middle> <back> <displayreference target="I-D.ietf-idr-flowspec-l2vpn" to="BGP-L2VPN"/> <displayreference target="I-D.gont-numeric-ids-sec-considerations" to="NUMERIC-IDS-SEC"/> <displayreference target="I-D.ietf-pce-pcep-yang" to="PCE-PCEP-YANG"/> <displayreference target="I-D.ietf-teas-yang-path-computation" to="TEAS-YANG-PATH"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4364.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4760.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5440.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5511.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8231.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8232.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8253.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8281.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8955.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8956.xml"/> </references> <references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4655.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5088.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5089.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5886.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6123.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6952.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7399.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8126.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8283.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8664.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.gont-numeric-ids-sec-considerations.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-pce-pcep-yang.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-teas-yang-path-computation.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.ietf-idr-flowspec-l2vpn.xml"/> </references> </references> <sectiontitle="Acknowledgements">numbered="false" toc="default"> <name>Acknowledgements</name> <t>Thanks toJulian Lucek, Sudhir Cheruathur, Olivier Dugeon, Jayant Agarwal, Jeffrey Zhang, Acee Lindem, Vishnu<contact fullname="Julian Lucek"/>, <contact fullname="Sudhir Cheruathur"/>, <contact fullname="Olivier Dugeon"/>, <contact fullname="Jayant Agarwal"/>, <contact fullname="Jeffrey Zhang"/>, <contact fullname="Acee Lindem"/>, <contact fullname="Vishnu PavanBeeram, Julien Meuric, Deborah Brungard, Eric Vyncke, Erik Kline, Benjamin Kaduk, Martin Duke, Roman Danyliw, and Alvaro RetanaBeeram"/>, <contact fullname="Julien Meuric"/>, <contact fullname="Deborah Brungard"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Erik Kline"/>, <contact fullname="Benjamin Kaduk"/>, <contact fullname="Martin Duke"/>, <contact fullname="Roman Danyliw"/>, and <contact fullname="Alvaro Retana"/> for useful discussions and comments.</t> </section></middle> <back> <references title="Normative References"> &RFC2119; &RFC4364; &RFC4760; &RFC5440; &RFC5511; &RFC8174; &RFC8231; &RFC8232; &RFC8253; &RFC8281; <?rfc include='reference.I-D.ietf-idr-rfc5575bis'?> <?rfc include='reference.I-D.ietf-idr-flow-spec-v6'?> <?rfc include='reference.I-D.ietf-idr-flowspec-l2vpn'?> </references> <references title="Informative References"> &RFC4655; &RFC5088; &RFC5089; &RFC5886; &RFC6123; &RFC6952; &RFC7399; &RFC7942; &RFC8126; &RFC8283; &RFC8664; <?rfc include='reference.I-D.gont-numeric-ids-sec-considerations'?> <?rfc include='reference.I-D.ietf-pce-pcep-yang'?> <?rfc include='reference.I-D.ietf-teas-yang-path-computation'?> </references><sectiontitle="Contributors" toc="default"> <figure title="" align="left" height="" width="" alt="" suppress-title="false"> <artwork> <![CDATA[ Shankara Huawei Technologies Divyashreetoc="default" numbered="false"> <name>Contributors</name> <contact fullname="Shankara"> <organization>Huawei Technologies</organization> <address> <postal> <street>Divyashree Techno Park,Whitefield Bangalore, Karnataka 560066 India Email: shankara@huawei.com Qiandeng Liang Huawei Technologies 101Whitefield</street> <extaddr></extaddr> <city>Bangalore</city> <region>Karnataka</region> <code>560066</code> <country>India</country> </postal> <email>shankara@huawei.com</email> </address> </contact> <contact fullname="Qiandeng Liang"> <organization>Huawei Technologies</organization> <address> <postal> <street>101 SoftwareAvenue, Yuhuatai District Nanjing 210012 China Email: liangqiandeng@huawei.com Cyril Margaria Juniper Networks 200Avenue,</street> <extaddr>Yuhuatai District</extaddr> <region>Nanjing</region><code>210012</code> <country>China</country> </postal> <email>liangqiandeng@huawei.com</email> </address> </contact> <contact fullname="Cyril Margaria"> <organization>Juniper Networks</organization> <address> <postal> <street>200 Somerset Corporate Boulevard, Suite4001 Bridgewater, NJ 08807 USA Email: cmargaria@juniper.net Colby Barth Juniper Networks 2004001</street> <region>Bridgewater, NJ</region><code>08807</code> <country>USA</country> </postal> <email>cmargaria@juniper.net</email> </address> </contact> <contact fullname="Colby Barth"> <organization>Juniper Networks</organization> <address> <postal> <street>200 Somerset Corporate Boulevard, Suite4001 Bridgewater, NJ 08807 USA Email: cbarth@juniper.net Xia Chen Huawei Technologies Huawei4001</street> <region>Bridgewater, NJ</region> <code>08807</code> <country>USA</country> </postal> <email>cbarth@juniper.net</email> </address> </contact> <contact fullname="Xia Chen"> <organization>Huawei Technologies</organization> <address> <postal> <street>Huawei Bld.,No.156No. 156 BeiqingRd. Beijing 100095 China Email: jescia.chenxia@huawei.com Shunwan Zhuang Huawei Technologies HuaweiRd.</street> <region>Beijing</region> <code>100095</code> <country>China</country> </postal> <email>jescia.chenxia@huawei.com</email> </address> </contact> <contact fullname="Shunwan Zhuang"> <organization>Huawei Technologies</organization> <address> <postal> <street>Huawei Bld.,No.156No. 156 BeiqingRd. Beijing 100095 China Email: zhuangshunwan@huawei.com Cheng Li Huawei Technologies HuaweiRd.</street> <region>Beijing</region> <code>100095</code> <country>China</country> </postal> <email>zhuangshunwan@huawei.com</email> </address> </contact> <contact fullname="Cheng Li"> <organization>Huawei Technologies</organization> <address> <postal> <street>Huawei Campus, No. 156 BeiqingRd. Beijing 100095 China Email: c.l@huawei.com ]]> </artwork> </figure>Rd.</street> <region>Beijing</region><code>100095</code> <country>China</country> </postal> <email>c.l@huawei.com</email> </address> </contact> </section> </back> </rfc>