Internet Engineering Task Force (IETF) F. Zhang Request for Comments: 8685 Q. Zhao Category: Standards Track Huawei ISSN: 2070-1721 O. Gonzalez de Dios Telefonica I+D R. Casellas CTTC D. King Old Dog Consulting December 2019 Path Computation Element Communication Protocol (PCEP) Extensions for the Hierarchical Path Computation Element (H-PCE) Architecture Abstract The Hierarchical Path Computation Element (H-PCE) architecture is defined in RFC 6805. It provides a mechanism to derive an optimum end-to-end path in a multi-domain environment by using a hierarchical relationship between domains to select the optimum sequence of domains and optimum paths across those domains. This document defines extensions to the Path Computation Element Communication Protocol (PCEP) to support H-PCE procedures. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8685. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 1.1. Scope 1.2. Terminology 1.3. Requirements Language 2. Requirements for the H-PCE Architecture 2.1. Path Computation Requests 2.1.1. Qualification of PCEP Requests 2.1.2. Multi-domain Objective Functions 2.1.3. Multi-domain Metrics 2.2. Parent PCE Capability Advertisement 2.3. PCE Domain Identification 2.4. Domain Diversity 3. PCEP Extensions 3.1. Applicability to PCC-PCE Communications 3.2. OPEN Object 3.2.1. H-PCE-CAPABILITY TLV 3.2.1.1. Backwards Compatibility 3.2.2. Domain-ID TLV 3.3. RP Object 3.3.1. H-PCE-FLAG TLV 3.3.2. Domain-ID TLV 3.4. Objective Functions 3.4.1. OF Codes 3.4.2. OF Object 3.5. METRIC Object 3.6. SVEC Object 3.7. PCEP-ERROR Object 3.7.1. Hierarchical PCE Error-Type 3.8. NO-PATH Object 4. H-PCE Procedures 4.1. OPEN Procedure between Child PCE and Parent PCE 4.2. Procedure for Obtaining the Domain Sequence 5. Error Handling 6. Manageability Considerations 6.1. Control of Function and Policy 6.1.1. Child PCE 6.1.2. Parent PCE 6.1.3. Policy Control 6.2. Information and Data Models 6.3. Liveness Detection and Monitoring 6.4. Verifying Correct Operations 6.5. Requirements on Other Protocols 6.6. Impact on Network Operations 7. IANA Considerations 7.1. PCEP TLV Type Indicators 7.2. H-PCE-CAPABILITY TLV Flags 7.3. Domain-ID TLV Domain Type 7.4. H-PCE-FLAG TLV Flags 7.5. OF Codes 7.6. METRIC Object Types 7.7. New PCEP Error-Types and Values 7.8. New NO-PATH-VECTOR TLV Bit Flag 7.9. SVEC Flag 8. Security Considerations 9. References 9.1. Normative References 9.2. Informative References Acknowledgements Contributors Authors' Addresses 1. Introduction The Path Computation Element Communication Protocol (PCEP) provides a mechanism for Path Computation Elements (PCEs) and Path Computation Clients (PCCs) to exchange requests for path computation and responses that provide computed paths. The capability to compute the routes of end-to-end inter-domain MPLS Traffic Engineering (MPLS-TE) and GMPLS Label Switched Paths (LSPs) is expressed as requirements in [RFC4105] and [RFC4216]. This capability may be realized by a PCE [RFC4655]. The methods for establishing and controlling inter-domain MPLS-TE and GMPLS LSPs are documented in [RFC4726]. [RFC6805] describes a Hierarchical Path Computation Element (H-PCE) architecture that can be used for computing end-to-end paths for inter-domain MPLS-TE and GMPLS LSPs. In the H-PCE architecture, the parent PCE is used to compute a multi- domain path based on the domain connectivity information. A child PCE may be responsible for single or multiple domains and is used to compute the intra-domain path based on its own domain topology information. The H-PCE end-to-end domain path computation procedure is described below: * A PCC sends the inter-domain Path Computation Request (PCReq) messages [RFC5440] to the child PCE responsible for its domain. * The child PCE forwards the request to the parent PCE. * The parent PCE computes the likely domain paths from the ingress domain to the egress domain. * The parent PCE sends the intra-domain PCReq messages (between the domain border nodes) to the child PCEs that are responsible for the domains along the domain path. * The child PCEs return the intra-domain paths to the parent PCE. * The parent PCE constructs the end-to-end inter-domain path based on the intra-domain paths. * The parent PCE returns the inter-domain path to the child PCE. * The child PCE forwards the inter-domain path to the PCC. The parent PCE may be requested to provide only the sequence of domains to a child PCE so that alternative inter-domain path computation procedures, including per-domain (PD) path computation [RFC5152] and Backward-Recursive PCE-Based Computation (BRPC) [RFC5441], may be used. This document defines the PCEP extensions for the purpose of implementing H-PCE procedures, which are described in [RFC6805]. 1.1. Scope The following functions are out of scope for this document: * Determination of the destination domain (Section 4.5 of [RFC6805]): - via a collection of reachability information from child domains, - via requests to the child PCEs to discover if they contain the destination node, or - via any other methods. * Parent Traffic Engineering Database (TED) methods (Section 4.4 of [RFC6805]), although suitable mechanisms include: - YANG-based management interfaces. - BGP - Link State (BGP-LS) [RFC7752]. - Future extensions to PCEP (for example, see [PCEP-LS]). * Learning of domain connectivity and border node addresses. Methods to achieve this function include: - YANG-based management interfaces. - BGP-LS [RFC7752]. - Future extensions to PCEP (for example, see [PCEP-LS]). * Stateful PCE operations. (Refer to [STATEFUL-HPCE].) * Applicability of the H-PCE model to large multi-domain environments. - The hierarchical relationship model is described in [RFC6805]. It is applicable to environments with small groups of domains where visibility from the ingress Label Switching Routers (LSRs) is limited. As highlighted in [RFC7399], applying the H-PCE model to very large groups of domains, such as the Internet, is not considered feasible or desirable. 1.2. Terminology This document uses the terminology defined in [RFC4655] and [RFC5440], and the additional terms defined in Section 1.4 of [RFC6805]. 1.3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Requirements for the H-PCE Architecture This section compiles the set of requirements for the PCEP extensions to support the H-PCE architecture and procedures. [RFC6805] identifies high-level requirements for PCEP extensions that are required for supporting the H-PCE model. 2.1. Path Computation Requests The PCReq messages [RFC5440] are used by a PCC or a PCE to make a path computation request to a PCE. In order to achieve the full functionality of the H-PCE procedures, the PCReq message needs to include: * Qualification of PCE requests (Section 4.8.1 of [RFC6805]). * Multi-domain Objective Functions (OFs). * Multi-domain metrics. 2.1.1. Qualification of PCEP Requests As described in Section 4.8.1 of [RFC6805], the H-PCE architecture introduces new request qualifications, which are as follows: * The ability for a child PCE to indicate that a PCReq message sent to a parent PCE should be satisfied by a domain sequence only -- that is, not by a full end-to-end path. This allows the child PCE to initiate a PD path computation per [RFC5152] or a BRPC procedure [RFC5441]. * As stated in [RFC6805], Section 4.5, if a PCC knows the egress domain, it can supply this information as part of the PCReq message. The PCC may also want to specify the destination domain information in a PCEP request, if it is known. * An inter-domain path computed by a parent PCE should be capable of disallowing re-entry into a specified domain. 2.1.2. Multi-domain Objective Functions For H-PCE inter-domain path computation, there are three new OFs defined in this document: * Minimize the number of Transit Domains (MTD) * Minimize the number of Border Nodes (MBN) * Minimize the number of Common Transit Domains (MCTD) The PCC may specify the multi-domain OF code to use when requesting inter-domain path computation. It may also include intra-domain OFs, such as Minimum Cost Path (MCP) [RFC5541], which must be considered by participating child PCEs. 2.1.3. Multi-domain Metrics For inter-domain path computation, there are two path metrics of interest. * Domain Count (number of domains crossed). * Border Node Count. A PCC may be able to limit the number of domains crossed by applying a limit on these metrics. See Section 3.4 for details. 2.2. Parent PCE Capability Advertisement A PCEP speaker (parent PCE or child PCE) that supports and wishes to use the procedures described in this document must advertise this fact and negotiate its role with its PCEP peers. It does this using the "H-PCE Capability" TLV, as described in Section 3.2.1, in the OPEN object [RFC5440] to advertise its support for PCEP extensions for the H-PCE capability. During the PCEP session establishment procedure, the child PCE needs to be capable of indicating to the parent PCE whether it requests the parent PCE capability or not. 2.3. PCE Domain Identification A PCE domain is a single domain with an associated PCE, although it is possible for a PCE to manage multiple domains simultaneously. The PCE domain could be an IGP area or Autonomous System (AS). The PCE domain identifiers MAY be provided during the PCEP session establishment procedure. 2.4. Domain Diversity "Domain diversity" in the context of a multi-domain environment is defined in [RFC6805] and described as follows: | A pair of paths are domain-diverse if they do not transit any of | the same domains. A pair of paths that share a common ingress and | egress are domain-diverse if they only share the same domains at | the ingress and egress (the ingress and egress domains). Domain | diversity may be maximized for a pair of paths by selecting paths | that have the smallest number of shared domains. The main motivation behind domain diversity is to avoid fate-sharing. However, domain diversity may also be requested to avoid specific transit domains due to security, geopolitical, and commercial reasons. For example, a pair of paths should choose different transit ASes because of certain policy considerations. In the case when full domain diversity could not be achieved, it is helpful to minimize the commonly shared domains. Also, it is interesting to note that other domain-diversity techniques (node, link, Shared Risk Link Group (SRLG), etc.) can still be applied inside the commonly shared domains. 3. PCEP Extensions This section defines extensions to PCEP [RFC5440] to support the H-PCE procedures. 3.1. Applicability to PCC-PCE Communications Although the extensions defined in this document are intended primarily for use between a child PCE and a parent PCE, they are also applicable for communications between a PCC and its PCE. Thus, the information that may be encoded in a PCReq can be sent from a PCC towards the child PCE. This includes the Request Parameters (RP) object ([RFC5440] and Section 3.3), the OF codes (Section 3.4.1), and the OF object (Section 3.4.2). A PCC and a child PCE could also exchange the H-PCE capability (Section 3.2.1) during its session. This allows a PCC to request paths that transit multiple domains utilizing the capabilities defined in this document. 3.2. OPEN Object This document defines two new TLVs to be carried in an OPEN object. This way, during the PCEP session establishment, the H-PCE capability and domain information can be advertised. 3.2.1. H-PCE-CAPABILITY TLV The H-PCE-CAPABILITY TLV is an optional TLV associated with the OPEN object [RFC5440] to exchange the H-PCE capability of PCEP speakers. Its format is shown in the following figure: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=13 | Length=4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |P| +---------------------------------------------------------------+ Figure 1: H-PCE-CAPABILITY TLV Format The type of the TLV is 13, and it has a fixed length of 4 octets. The value comprises a single field -- Flags (32 bits): P (Parent PCE Request bit): If set, will signal that the child PCE wishes to use the peer PCE as a parent PCE. Unassigned bits MUST be set to 0 on transmission and MUST be ignored on receipt. The inclusion of this TLV in an OPEN object indicates that the H-PCE extensions are supported by the PCEP speaker. The child PCE MUST include this TLV and set the P-flag. The parent PCE MUST include this TLV and unset the P-flag. The setting of the P-flag (Parent PCE Request bit) would mean that the PCEP speaker wants the peer to be a parent PCE, so in the case of a PCC-to-child-PCE relationship, neither entity would set the P-flag. If both peers attempt to set the P-flag, then the session establishment MUST fail, and the PCEP speaker MUST respond with a PCErr message using Error-Type 1 (PCEP session establishment failure) as per [RFC5440]. If the PCE understands the H-PCE PCReq message but did not advertise its H-PCE capability, it MUST send a PCErr message with Error-Type=28 (H-PCE Error) and Error-Value=1 (H-PCE Capability not advertised). 3.2.1.1. Backwards Compatibility Section 7.1 of [RFC5440] specifies the following requirement: "Unrecognized TLVs MUST be ignored." The OPEN object [RFC5440] contains the necessary PCEP information between the PCE entities, including session information and PCE capabilities via TLVs (including if H-PCE is supported). If the PCE does not support this document but receives an Open message containing an OPEN object that includes an H-PCE-CAPABILITY TLV, it will ignore that TLV and continue to attempt to establish a PCEP session. However, it will not include the TLV in the Open message that it sends, so the H-PCE relationship will not be created. If a PCE does not support the extensions defined in this document but receives them in a PCEP message (notwithstanding the fact that the session was not established as supporting an H-PCE relationship), the receiving PCE will ignore the H-PCE related parameters because they are all encoded in TLVs in standard PCEP objects. 3.2.2. Domain-ID TLV The Domain-ID TLV, when used in the OPEN object, identifies the domains served by the PCE. The child PCE uses this mechanism to provide the domain information to the parent PCE. The Domain-ID TLV is defined below: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=14 | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Domain Type | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // Domain ID // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: Domain-ID TLV Format The type of the TLV is 14, and it has a variable Length of the value portion. The value part comprises the following: Domain Type (8 bits): Indicates the domain type. Four types of domains are currently defined: Type=1: The Domain ID field carries a 2-byte AS number. Padded with trailing zeros to a 4-byte boundary. Type=2: The Domain ID field carries a 4-byte AS number. Type=3: The Domain ID field carries a 4-byte OSPF area ID. Type=4: The Domain ID field carries a 2-byte Area-Len and a variable-length IS-IS area ID. Padded with trailing zeros to a 4-byte boundary. Reserved: Zero at transmission; ignored on receipt. Domain ID (variable): Indicates an IGP area ID or AS number as per the Domain Type field. It can be 2 bytes, 4 bytes, or variable length, depending on the domain identifier used. It is padded with trailing zeros to a 4-byte boundary. In the case of IS-IS, it includes the Area-Len as well. In the case where a PCE serves more than one domain, multiple Domain- ID TLVs are included for each domain it serves. 3.3. RP Object 3.3.1. H-PCE-FLAG TLV The H-PCE-FLAG TLV is an optional TLV associated with the RP object [RFC5440] to indicate the H-PCE PCReq message and options. Its format is shown in the following figure: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type=15 | Length=4 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Flags |D|S| +---------------------------------------------------------------+ Figure 3: H-PCE-FLAG TLV Format The type of the TLV is 15, and it has a fixed length of 4 octets. The value comprises a single field -- Flags (32 bits): D (Disallow Domain Re-entry bit): If set, will signal that the computed path does not enter a domain more than once. S (Domain Sequence bit): If set, will signal that the child PCE wishes to get only the domain sequence in the Path Computation Reply (PCRep) message [RFC5440]. Refer to Section 3.7 of [RFC7897] for details. Unassigned bits MUST be set to 0 on transmission and MUST be ignored on receipt. The presence of the TLV indicates that the H-PCE-based path computation is requested as per this document. 3.3.2. Domain-ID TLV The Domain-ID TLV, carried in an OPEN object, is used to indicate a managed domain (or a list of managed domains) and is described in Section 3.2.2. This TLV, when carried in an RP object, indicates the destination domain ID. If a PCC knows the egress domain, it can supply this information in the PCReq message. Section 3.2.2 also defines the format for this TLV and the procedure for using it. If a Domain-ID TLV is used in the RP object and the destination is not actually in the indicated domain, then the parent PCE should respond with a NO-PATH object and the NO-PATH-VECTOR TLV should be used. A new bit number is assigned to indicate "Destination is not found in the indicated domain" (see Section 3.8). 3.4. Objective Functions 3.4.1. OF Codes [RFC5541] defines a mechanism to specify an OF that is used by a PCE when it computes a path. Three new OFs are defined for the H-PCE model; these are: * MTD Name: Minimize the number of Transit Domains (MTD) OF code: 12 Description: Find a path P such that it passes through the least number of transit domains. - OFs are formulated using the following terminology: o A network comprises a set of N domains {Di, (i=1...N)}. o A path P passes through K unique domains {Dpi, (i=1...K)}. o Find a path P such that the value of K is minimized. * MBN Name: Minimize the number of Border Nodes (MBN) OF code: 13 Description: Find a path P such that it passes through the least number of border nodes. - OFs are formulated using the following terminology: o A network comprises a set of N links {Li, (i=1...N)}. o A path P is a list of K links {Lpi, (i=1...K)}. o D(Lpi) is a function that determines if the links Lpi and Lpi+1 belong to different domains. D(Li) = 1 if link Li and Li+1 belong to different domains; D(Lk) = 0 if link Lk and Lk+1 belong to the same domain. o The number of border nodes in a path P is denoted by B(P), where B(P) = sum{D(Lpi), (i=1...K-1)}. o Find a path P such that B(P) is minimized. There is one OF that applies to a set of synchronized PCReq messages to increase the domain diversity: * MCTD Name: Minimize the number of Common Transit Domains (MCTD) OF code: 14 Description: Find a set of paths such that it passes through the least number of common transit domains. - A network comprises a set of N domains {Di, (i=1...N)}. - A path P passes through K unique domains {Dpi, (i=1...K)}. - A set of paths {P1...Pm} has L transit domains that are common to more than one path {Dpi, (i=1...L)}. - Find a set of paths such that the value of L is minimized. 3.4.2. OF Object The OF object [RFC5541] is carried in a PCReq message so as to indicate the desired/required OF to be applied by the PCE during path computation. As per Section 3.2 of [RFC5541], a single OF object may be included in a PCReq message. The new OF codes described in Section 3.4.1 are applicable to the inter-domain path computation performed by the parent PCE. It is also necessary to specify the OF code that may be applied for the intra-domain path computation performed by the child PCE. To accommodate this, the OF-List TLV (described in Section 2.1 of [RFC5541]) is included in the OF object as an optional TLV. The OF-List TLV allows the encoding of multiple OF codes. When this TLV is included inside the OF object, only the first OF code in the OF-List TLV is considered. The parent PCE MUST use this OF code in the OF object when sending the intra-domain PCReq message to the child PCE. If the OF-List TLV is included in the OF object, the OF code inside the OF object MUST include one of the H-PCE OFs defined in this document. The OF code inside the OF-List TLV MUST NOT include an H-PCE OF. If this condition is not met, the PCEP speaker MUST respond with a PCErr message with Error-Type=10 (Reception of an invalid object) and Error-Value=23 (Incompatible OF codes in H-PCE). If the OFs defined in this document are unknown or unsupported by a PCE, then the procedure as defined in [RFC5440] is followed. 3.5. METRIC Object The METRIC object is defined in Section 7.8 of [RFC5440] and is comprised of the metric-value field, the metric type (the T field), and flags (the Flags field). This document defines the following types for the METRIC object for the H-PCE model: T=20: Domain Count metric (number of domains crossed). T=21: Border Node Count metric (number of border nodes crossed). The Domain Count metric type of the METRIC object encodes the number of domains crossed in the path. The Border Node Count metric type of the METRIC object encodes the number of border nodes in the path. If a domain is re-entered, then the domain should be double counted. A PCC or child PCE MAY use the metric in a PCReq message for an inter-domain path computation, meeting the requirement for the number of domains or border nodes being crossed. As per [RFC5440], in this case, the B-bit is set to suggest a bound (a maximum) for the metric that must not be exceeded for the PCC to consider the computed path acceptable. A PCC or child PCE MAY also use this metric to ask the PCE to optimize the metric during inter-domain path computation. In this case, the B-flag is cleared, and the C-flag is set. The parent PCE MAY use the metric in a PCRep message along with a NO- PATH object in the case where the PCE cannot compute a path that meets this constraint. A PCE MAY also use this metric to send the computed end-to-end metric value in a reply message. 3.6. SVEC Object [RFC5440] defines the Synchronization Vector (SVEC) object, which includes flags for the potential dependency between the set of PCReq messages (Link, Node, and SRLG diverse). This document defines a new flag (the O-bit) for domain diversity. The following new bit is added to the Flags field: Domain Diverse O-bit - 18: When set, this indicates that the computed paths corresponding to the requests specified by any RP objects that might be provided MUST NOT have any transit domains in common. The Domain Diverse O-bit can be used in H-PCE path computation to compute synchronized domain-diverse end-to-end paths or diverse domain sequences. When the Domain Diverse O-bit is set, it is applied to the transit domains. The other bit in SVEC object L (Link diverse), N (Node diverse), S (SRLG diverse), etc. MAY be set and MUST still be applied in the ingress and egress shared domain. 3.7. PCEP-ERROR Object 3.7.1. Hierarchical PCE Error-Type A new PCEP Error-Type [RFC5440] is used for the H-PCE extension as defined below: +------------+------------------------------------------------------+ | Error-Type | Meaning | +============+======================================================+ | 28 | H-PCE Error | | | | | | Error-Value=1: H-PCE Capability not | | | advertised | | | | | | Error-Value=2: Parent PCE Capability cannot | | | be provided | +------------+------------------------------------------------------+ Table 1: H-PCE Error 3.8. NO-PATH Object To communicate the reason(s) for not being able to find a multi- domain path or domain sequence, the NO-PATH object can be used in the PCRep message. [RFC5440] defines the format of the NO-PATH object. The object may contain a NO-PATH-VECTOR TLV to provide additional information about why a path computation has failed. This document defines four new bit flags in the "NO-PATH-VECTOR TLV Flag Field" subregistry. These flags are to be carried in the Flags field in the NO-PATH-VECTOR TLV carried in the NO-PATH object. Bit number 22: When set, the parent PCE indicates that the destination domain is unknown. Bit number 21: When set, the parent PCE indicates that one or more child PCEs are unresponsive. Bit number 20: When set, the parent PCE indicates that no resources are available in one or more domains. Bit number 19: When set, the parent PCE indicates that the destination is not found in the indicated domain. 4. H-PCE Procedures The H-PCE path computation procedure is described in [RFC6805]. 4.1. OPEN Procedure between Child PCE and Parent PCE If a child PCE wants to use the peer PCE as a parent, it MUST set the P-flag (Parent PCE Request flag) in the H-PCE-CAPABILITY TLV inside the OPEN object carried in the Open message during the PCEP session initialization procedure. The child PCE MAY also report its list of domain IDs to the parent PCE by specifying them in the Domain-ID TLVs in the OPEN object. This object is carried in the Open message during the PCEP session initialization procedure. The OF codes defined in this document can be carried in the OF-List TLV of the OPEN object. If the OF-List TLV carries the OF codes, it means that the PCE is capable of implementing the corresponding OFs. This information can be used for selecting a proper parent PCE when a child PCE wants to get a path that satisfies a certain OF. When a child PCE sends a PCReq to a peer PCE that requires parental activity and the H-PCE-CAPABILITY TLV but these items were not taken into account in the session establishment procedure described above, the peer PCE SHOULD send a PCErr message to the child PCE and MUST specify Error-Type=28 (H-PCE Error) and Error-Value=1 (H-PCE Capability not advertised) in the PCEP-ERROR object. When a specific child PCE sends a PCReq to a peer PCE that requires parental activity and the peer PCE does not want to act as the parent for it, the peer PCE SHOULD send a PCErr message to the child PCE and MUST specify Error-Type=28 (H-PCE Error) and Error-Value=2 (Parent PCE Capability cannot be provided) in the PCEP-ERROR object. 4.2. Procedure for Obtaining the Domain Sequence If a child PCE only wants to get the domain sequence for a multi- domain path computation from a parent PCE, it can set the Domain Path Request bit in the H-PCE-FLAG TLV in the RP object carried in a PCReq message. The parent PCE that receives the PCReq message tries to compute a domain sequence for it (instead of the end-to-end path). If the domain path computation succeeds, the parent PCE sends a PCRep message that carries the domain sequence in the Explicit Route Object (ERO) to the child PCE. Refer to [RFC7897] for more details about domain subobjects in the ERO. Otherwise, it sends a PCReq message that carries the NO-PATH object to the child PCE. 5. Error Handling A PCE that is capable of acting as a parent PCE might not be configured or willing to act as the parent for a specific child PCE. When the child PCE sends a PCReq that requires parental activity, a negative response in the form of a PCEP Error (PCErr) message that includes H-PCE Error-Type=28 (H-PCE Error) and an applicable Error- Value (Section 3.7) might result. Additionally, the parent PCE may fail to find the multi-domain path or domain sequence for one or more of the following reasons: * A child PCE cannot find a suitable path to the egress. * The parent PCE does not hear from a child PCE for a specified time. * The OFs specified in the path request cannot be met. In this case, the parent PCE MAY need to send a negative PCRep message specifying the reason for the failure. This can be achieved by including the NO-PATH object in the PCRep message. An extension to the NO-PATH object is needed in order to include the reasons defined in Section 3.8. 6. Manageability Considerations General PCE and PCEP management/manageability considerations are discussed in [RFC4655] and [RFC5440]. There are additional management considerations for the H-PCE model; these are described in [RFC6805] and repeated in this section. The administrative entity responsible for the management of the parent PCEs must be determined for the following cases: * Multiple domains (e.g., IGP areas or multiple ASes) in a single service provider network. The management responsibility for the parent PCE would most likely be handled by the service provider. * Multiple ASes in different service provider networks. It may be necessary for a third party to manage the parent PCEs according to commercial and policy agreements from each of the participating service providers. 6.1. Control of Function and Policy Control of H-PCE function will need to be carefully managed via configuration and interaction policies, which may be controlled via a policy module on the H-PCE. A child PCE will need to be configured with the address of its parent PCE. It is expected that there will only be one or two parents of any child. The parent PCE also needs to be aware of the child PCEs for all child domains that it can see. This information is most likely to be configured (as part of the administrative definition of each domain). Discovery of the relationships between parent PCEs and child PCEs does not form part of the H-PCE architecture. Mechanisms that rely on advertising or querying PCE locations across domain or provider boundaries are undesirable for security, scaling, commercial, and confidentiality reasons. The specific behavior of the child and parent PCEs is described in the following subsections. 6.1.1. Child PCE Support of the hierarchical procedure will be controlled by the management organization responsible for each child PCE. A child PCE must be configured with the address of its parent PCE in order for it to interact with its parent PCE. The child PCE must also be authorized to peer with the parent PCE. 6.1.2. Parent PCE The parent PCE MUST only accept PCReq messages from authorized child PCEs. If a parent PCE receives requests from an unauthorized child PCE, the request SHOULD be dropped. This means that a parent PCE MUST be able to cryptographically authenticate requests from child PCEs. Multi-party shared key authentication schemes are not recommended for inter-domain relationships because of (1) the potential for impersonation and repudiation and (2) operational difficulties should revocation be required. The choice of authentication schemes to employ may be left to implementers of the H-PCE architecture and are not discussed further in this document. 6.1.3. Policy Control It may be necessary to maintain H-PCE policy [RFC5394] via a policy control module on the parent PCE. This would allow the parent PCE to apply commercially relevant constraints such as SLAs, security, peering preferences, and monetary costs. It may also be necessary for the parent PCE to limit the end-to-end path selection by including or excluding specific domains based on commercial relationships, security implications, and reliability. 6.2. Information and Data Models [RFC7420] provides a MIB module for PCEP and describes managed objects for the modeling of PCEP communication. A YANG module for PCEP has also been proposed [PCEP-YANG]. An H-PCE MIB module or an additional data model will also be required for reporting parent PCE and child PCE information, including: * parent PCE configuration and status, * child PCE configuration and information, * notifications to indicate session changes between parent PCEs and child PCEs, and * notification of parent PCE TED updates and changes. 6.3. Liveness Detection and Monitoring The hierarchical procedure requires interaction with multiple PCEs. Once a child PCE requests an end-to-end path, a sequence of events occurs that requires interaction between the parent PCE and each child PCE. If a child PCE is not operational and an alternate transit domain is not available, then the failure must be reported. 6.4. Verifying Correct Operations Verifying the correct operation of a parent PCE can be performed by monitoring a set of parameters. The parent PCE implementation should provide the following parameters monitored at the parent PCE: * number of child PCE requests, * number of successful H-PCE procedure completions on a per-PCE-peer basis, * number of H-PCE procedure-completion failures on a per-PCE-peer basis, and * number of H-PCE procedure requests from unauthorized child PCEs. 6.5. Requirements on Other Protocols Mechanisms defined in this document do not imply any new requirements on other protocols. 6.6. Impact on Network Operations The H-PCE procedure is a multiple-PCE path computation scheme. Subsequent requests to and from the child and parent PCEs do not differ from other path computation requests and should not have any significant impact on network operations. 7. IANA Considerations IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA has allocated code points for the protocol elements defined in this document. 7.1. PCEP TLV Type Indicators IANA maintains the "PCEP TLV Type Indicators" subregistry (see [RFC5440]) within the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA has allocated the following three new PCEP TLVs: +------+------------------+-----------+ | Type | TLV Name | Reference | +======+==================+===========+ | 13 | H-PCE-CAPABILITY | RFC 8685 | +------+------------------+-----------+ | 14 | Domain-ID | RFC 8685 | +------+------------------+-----------+ | 15 | H-PCE-FLAG | RFC 8685 | +------+------------------+-----------+ Table 2: New PCEP TLVs 7.2. H-PCE-CAPABILITY TLV Flags IANA has created the "H-PCE-CAPABILITY TLV Flag Field" subregistry within the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field in the H-PCE-CAPABILITY TLV of the PCEP OPEN object. New values are assigned by Standards Action [RFC8126]. Each registered bit should include the following information: * Bit number (counting from bit 0 as the most significant bit) * Capability description * Defining RFC The following value is defined in this document: +-----+----------------------------+-----------+ | Bit | Description | Reference | +=====+============================+===========+ | 31 | P (Parent PCE Request bit) | RFC 8685 | +-----+----------------------------+-----------+ Table 3: Parent PCE Request Bit 7.3. Domain-ID TLV Domain Type IANA has created the "Domain-ID TLV Domain Type" subregistry within the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Domain Type field of the Domain-ID TLV. The allocation policy for this new subregistry is IETF Review [RFC8126]. The following values are defined in this document: +-------+-------------------------------+ | Value | Meaning | +=======+===============================+ | 0 | Reserved | +-------+-------------------------------+ | 1 | 2-byte AS number | +-------+-------------------------------+ | 2 | 4-byte AS number | +-------+-------------------------------+ | 3 | 4-byte OSPF area ID | +-------+-------------------------------+ | 4 | Variable-length IS-IS area ID | +-------+-------------------------------+ | 5-255 | Unassigned | +-------+-------------------------------+ Table 4: Parameters for Domain-ID TLV Domain Type 7.4. H-PCE-FLAG TLV Flags IANA has created the "H-PCE-FLAG TLV Flag Field" subregistry within the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field in the H-PCE-FLAG TLV of the PCEP RP object. New values are to be assigned by Standards Action [RFC8126]. Each registered bit should include the following information: * Bit number (counting from bit 0 as the most significant bit) * Capability description * Defining RFC The following values are defined in this document: +-----+----------------------------------+-----------+ | Bit | Description | Reference | +=====+==================================+===========+ | 30 | D (Disallow Domain Re-entry bit) | RFC 8685 | +-----+----------------------------------+-----------+ | 31 | S (Domain Sequence bit) | RFC 8685 | +-----+----------------------------------+-----------+ Table 5: New H-PCE-FLAG TLV Flag Field Entries 7.5. OF Codes IANA maintains a list of OFs (described in [RFC5541]) in the "Objective Function" subregistry within the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA has allocated the following OFs: +------------+-------------------------------+-----------+ | Code Point | Name | Reference | +============+===============================+===========+ | 12 | Minimize the number of | RFC 8685 | | | Transit Domains (MTD) | | +------------+-------------------------------+-----------+ | 13 | Minimize the number of Border | RFC 8685 | | | Nodes (MBN) | | +------------+-------------------------------+-----------+ | 14 | Minimize the number of Common | RFC 8685 | | | Transit Domains (MCTD) | | +------------+-------------------------------+-----------+ Table 6: New OF Codes 7.6. METRIC Object Types IANA maintains the "METRIC Object T Field" subregistry [RFC5440] within the "Path Computation Element Protocol (PCEP) Numbers" registry. The following two new metric types for the METRIC object are defined in this document: +-------+--------------------------+-----------+ | Value | Description | Reference | +=======+==========================+===========+ | 20 | Domain Count metric | RFC 8685 | +-------+--------------------------+-----------+ | 21 | Border Node Count metric | RFC 8685 | +-------+--------------------------+-----------+ Table 7: New METRIC Object Types 7.7. New PCEP Error-Types and Values IANA maintains a list of Error-Types and Error-Values for use in PCEP messages. This list is maintained in the "PCEP-ERROR Object Error Types and Values" subregistry within the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA has allocated the following: +------------+------------------------------------------+-----------+ | Error-Type | Meaning and Error Values | Reference | +============+==========================================+===========+ | 28 | H-PCE Error | RFC 8685 | | | | | | | Error-Value=1: H-PCE Capability | | | | not advertised | | | | | | | | Error-Value=2: Parent PCE | | | | Capability cannot be provided | | +------------+------------------------------------------+-----------+ | 10 | Reception of an invalid object | RFC 5440 | | | | | | | Error-Value=23: Incompatible OF | RFC 8685 | | | codes in H-PCE | | +------------+------------------------------------------+-----------+ Table 8: New PCEP Error-Types and Values 7.8. New NO-PATH-VECTOR TLV Bit Flag IANA maintains the "NO-PATH-VECTOR TLV Flag Field" subregistry, which contains a list of bit flags carried in the PCEP NO-PATH-VECTOR TLV in the PCEP NO-PATH object as defined in [RFC5440]. IANA has allocated the following four new bit flags: +------------+----------------------------+-----------+ | Bit Number | Description | Reference | +============+============================+===========+ | 22 | Destination domain unknown | RFC 8685 | +------------+----------------------------+-----------+ | 21 | Unresponsive child PCE(s) | RFC 8685 | +------------+----------------------------+-----------+ | 20 | No available resource in | RFC 8685 | | | one or more domains | | +------------+----------------------------+-----------+ | 19 | Destination is not found | RFC 8685 | | | in the indicated domain | | +------------+----------------------------+-----------+ Table 9: PCEP NO-PATH Object Flags 7.9. SVEC Flag IANA maintains the "SVEC Object Flag Field" subregistry, which contains a list of bit flags carried in the PCEP SVEC object as defined in [RFC5440]. IANA has allocated the following new bit flag: +------------+----------------------+-----------+ | Bit Number | Description | Reference | +============+======================+===========+ | 18 | Domain Diverse O-bit | RFC 8685 | +------------+----------------------+-----------+ Table 10: Domain Diverse O-Bit 8. Security Considerations The H-PCE procedure relies on PCEP and inherits the security considerations defined in [RFC5440]. As PCEP operates over TCP, it may also make use of TCP security mechanisms, such as the TCP Authentication Option (TCP-AO) [RFC5925] or Transport Layer Security (TLS) [RFC8253] [RFC8446]. Any multi-domain operation necessarily involves the exchange of information across domain boundaries. This may represent a significant security and confidentiality risk, especially when the child domains are controlled by different commercial concerns. PCEP allows individual PCEs to maintain the confidentiality of their domain path information using path-keys [RFC5520], and the H-PCE architecture is specifically designed to enable as much isolation of information related to domain topology and capabilities as possible. For further considerations regarding the security issues related to inter-AS path computation, see [RFC5376]. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5440] Vasseur, JP., Ed. and JL. Le Roux, Ed., "Path Computation Element (PCE) Communication Protocol (PCEP)", RFC 5440, DOI 10.17487/RFC5440, March 2009, . [RFC5541] Le Roux, JL., Vasseur, JP., and Y. Lee, "Encoding of Objective Functions in the Path Computation Element Communication Protocol (PCEP)", RFC 5541, DOI 10.17487/RFC5541, June 2009, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 9.2. Informative References [RFC4105] Le Roux, J.-L., Ed., Vasseur, J.-P., Ed., and J. Boyle, Ed., "Requirements for Inter-Area MPLS Traffic Engineering", RFC 4105, DOI 10.17487/RFC4105, June 2005, . [RFC4216] Zhang, R., Ed. and J.-P. Vasseur, Ed., "MPLS Inter- Autonomous System (AS) Traffic Engineering (TE) Requirements", RFC 4216, DOI 10.17487/RFC4216, November 2005, . [RFC4655] Farrel, A., Vasseur, J.-P., and J. Ash, "A Path Computation Element (PCE)-Based Architecture", RFC 4655, DOI 10.17487/RFC4655, August 2006, . [RFC4726] Farrel, A., Vasseur, J.-P., and A. Ayyangar, "A Framework for Inter-Domain Multiprotocol Label Switching Traffic Engineering", RFC 4726, DOI 10.17487/RFC4726, November 2006, . [RFC5152] Vasseur, JP., Ed., Ayyangar, A., Ed., and R. Zhang, "A Per-Domain Path Computation Method for Establishing Inter- Domain Traffic Engineering (TE) Label Switched Paths (LSPs)", RFC 5152, DOI 10.17487/RFC5152, February 2008, . [RFC5376] Bitar, N., Zhang, R., and K. Kumaki, "Inter-AS Requirements for the Path Computation Element Communication Protocol (PCECP)", RFC 5376, DOI 10.17487/RFC5376, November 2008, . [RFC5394] Bryskin, I., Papadimitriou, D., Berger, L., and J. Ash, "Policy-Enabled Path Computation Framework", RFC 5394, DOI 10.17487/RFC5394, December 2008, . [RFC5520] Bradford, R., Ed., Vasseur, JP., and A. Farrel, "Preserving Topology Confidentiality in Inter-Domain Path Computation Using a Path-Key-Based Mechanism", RFC 5520, DOI 10.17487/RFC5520, April 2009, . [RFC5441] Vasseur, JP., Ed., Zhang, R., Bitar, N., and JL. Le Roux, "A Backward-Recursive PCE-Based Computation (BRPC) Procedure to Compute Shortest Constrained Inter-Domain Traffic Engineering Label Switched Paths", RFC 5441, DOI 10.17487/RFC5441, April 2009, . [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, . [RFC6805] King, D., Ed. and A. Farrel, Ed., "The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS and GMPLS", RFC 6805, DOI 10.17487/RFC6805, November 2012, . [RFC7399] Farrel, A. and D. King, "Unanswered Questions in the Path Computation Element Architecture", RFC 7399, DOI 10.17487/RFC7399, October 2014, . [RFC7420] Koushik, A., Stephan, E., Zhao, Q., King, D., and J. Hardwick, "Path Computation Element Communication Protocol (PCEP) Management Information Base (MIB) Module", RFC 7420, DOI 10.17487/RFC7420, December 2014, . [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and S. Ray, "North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP", RFC 7752, DOI 10.17487/RFC7752, March 2016, . [RFC7897] Dhody, D., Palle, U., and R. Casellas, "Domain Subobjects for the Path Computation Element Communication Protocol (PCEP)", RFC 7897, DOI 10.17487/RFC7897, June 2016, . [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 8126, DOI 10.17487/RFC8126, June 2017, . [RFC8253] Lopez, D., Gonzalez de Dios, O., Wu, Q., and D. Dhody, "PCEPS: Usage of TLS to Provide a Secure Transport for the Path Computation Element Communication Protocol (PCEP)", RFC 8253, DOI 10.17487/RFC8253, October 2017, . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [PCEP-YANG] Dhody, D., Ed., Hardwick, J., Beeram, V., and J. Tantsura, "A YANG Data Model for Path Computation Element Communications Protocol (PCEP)", Work in Progress, Internet-Draft, draft-ietf-pce-pcep-yang-13, 31 October 2019, . [STATEFUL-HPCE] Dhody, D., Lee, Y., Ceccarelli, D., Shin, J., and D. King, "Hierarchical Stateful Path Computation Element (PCE)", Work in Progress, Internet-Draft, draft-ietf-pce-stateful- hpce-15, 20 October 2019, . [PCEP-LS] Dhody, D., Lee, Y., and D. Ceccarelli, "PCEP Extension for Distribution of Link-State and TE Information.", Work in Progress, Internet-Draft, draft-dhodylee-pce-pcep-ls-14, 21 October 2019, . Acknowledgements The authors would like to thank Mike McBride, Kyle Rose, and Roni Even for their detailed review, comments, and suggestions, which helped improve this document. Contributors The following people contributed substantially to the content of this document and should be considered coauthors: Xian Zhang Huawei Email: zhang.xian@huawei.com Dhruv Dhody Huawei Technologies Divyashree Techno Park, Whitefield Bangalore 560066 Karnataka India Email: dhruv.ietf@gmail.com Authors' Addresses Fatai Zhang Huawei Huawei Base, Bantian, Longgang District Shenzhen, 518129 China Email: zhangfatai@huawei.com Quintin Zhao Huawei 125 Nagog Technology Park Acton, MA 01719 United States of America Email: quintinzhao@gmail.com Oscar Gonzalez de Dios Telefonica I+D Don Ramon de la Cruz 82-84 28045 Madrid Spain Email: oscar.gonzalezdedios@telefonica.com Ramon Casellas CTTC Av. Carl Friedrich Gauss n.7 Castelldefels Barcelona Spain Email: ramon.casellas@cttc.es Daniel King Old Dog Consulting United Kingdom Email: daniel@olddog.co.uk