Huawei

Huawei Base, Bantian, Longgang District Shenzhen 518129 China zhangfatai@huawei.com

Huawei

125 Nagog Technology Park Acton MA 01719 United States of America quintinzhao@gmail.com

Telefonica I+D

Don Ramon de la Cruz 82-84 Madrid 28045 Spain oscar.gonzalezdedios@telefonica.com

CTTC

Av. Carl Friedrich Gauss n.7 Castelldefels Barcelona Spain ramon.casellas@cttc.es

Old Dog Consulting

United Kingdom daniel@olddog.co.uk

The Hierarchical Path Computation Element (H-PCE) architecture is defined in RFC 6805. It provides a mechanism to derive an optimum end-to-end path in a multi-domain environment by using a hierarchical relationship between domains to select the optimum sequence of domains and optimum paths across those domains. This document defines extensions to the Path Computation Element Communication Protocol (PCEP) to support H-PCE procedures.

Introduction The Path Computation Element Communication Protocol (PCEP) provides a mechanism for Path Computation Elements (PCEs) and Path Computation Clients (PCCs) to exchange requests for path computation and responses that provide computed paths. The capability to compute the routes of end-to-end inter-domain MPLS Traffic Engineering (MPLS-TE) and GMPLS Label Switched Paths (LSPs) is expressed as requirements in and . This capability may be realized by a PCE . The methods for establishing and controlling inter-domain MPLS-TE and GMPLS LSPs are documented in . describes a Hierarchical Path Computation Element (H-PCE) architecture that can be used for computing end-to-end paths for inter-domain MPLS-TE and GMPLS LSPs. In the H-PCE architecture, the parent PCE is used to compute a multi-domain path based on the domain connectivity information. A child PCE may be responsible for single or multiple domains and is used to compute the intra-domain path based on its own domain topology information. The H-PCE end-to-end domain path computation procedure is described below:

• A PCC sends the inter-domain Path Computation Request (PCReq) messages to the child PCE responsible for its domain.
• The child PCE forwards the request to the parent PCE.
• The parent PCE computes the likely domain paths from the ingress domain to the egress domain.
• The parent PCE sends the intra-domain PCReq messages (between the domain border nodes) to the child PCEs that are responsible for the domains along the domain path.
• The child PCEs return the intra-domain paths to the parent PCE.
• The parent PCE constructs the end-to-end inter-domain path based on the intra-domain paths.
• The parent PCE returns the inter-domain path to the child PCE.
• The child PCE forwards the inter-domain path to the PCC.

The parent PCE may be requested to provide only the sequence of domains to a child PCE so that alternative inter-domain path computation procedures, including per-domain (PD) path computation and Backward-Recursive PCE-Based Computation (BRPC) , may be used. This document defines the PCEP extensions for the purpose of implementing H-PCE procedures, which are described in .

Scope The following functions are out of scope for this document:

• Determination of the destination domain (Section 4.5 of ):
  • via a collection of reachability information from child domains,
  • via requests to the child PCEs to discover if they contain the destination node, or
  • via any other methods.
• Parent Traffic Engineering Database (TED) methods (Section 4.4 of ), although suitable mechanisms include:
  • YANG-based management interfaces.
  • BGP - Link State (BGP-LS) .
  • Future extensions to PCEP (for example, see ).
• Learning of domain connectivity and border node addresses. Methods to achieve this function include:
  • YANG-based management interfaces.
  • BGP-LS .
  • Future extensions to PCEP (for example, see ).
• Stateful PCE operations. (Refer to .)
• Applicability of the H-PCE model to large multi-domain environments.
  • The hierarchical relationship model is described in . It is applicable to environments with small groups of domains where visibility from the ingress Label Switching Routers (LSRs) is limited. As highlighted in , applying the H-PCE model to very large groups of domains, such as the Internet, is not considered feasible or desirable.

Terminology This document uses the terminology defined in and , and the additional terms defined in Section 1.4 of .

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Requirements for the H-PCE Architecture This section compiles the set of requirements for the PCEP extensions to support the H-PCE architecture and procedures. identifies high-level requirements for PCEP extensions that are required for supporting the H-PCE model.

Path Computation Requests The PCReq messages are used by a PCC or a PCE to make a path computation request to a PCE. In order to achieve the full functionality of the H-PCE procedures, the PCReq message needs to include:

• Qualification of PCE requests (Section 4.8.1 of ).
• Multi-domain Objective Functions (OFs).
• Multi-domain metrics.

Qualification of PCEP Requests As described in Section 4.8.1 of , the H-PCE architecture introduces new request qualifications, which are as follows:

• The ability for a child PCE to indicate that a PCReq message sent to a parent PCE should be satisfied by a domain sequence only -- that is, not by a full end-to-end path. This allows the child PCE to initiate a PD path computation per or a BRPC procedure .
• As stated in , Section 4.5, if a PCC knows the egress domain, it can supply this information as part of the PCReq message. The PCC may also want to specify the destination domain information in a PCEP request, if it is known.
• An inter-domain path computed by a parent PCE should be capable of disallowing re-entry into a specified domain.

Multi-domain Objective Functions For H-PCE inter-domain path computation, there are three new OFs defined in this document:

• Minimize the number of Transit Domains (MTD).
• Minimize the number of Border Nodes (MBN).
• Minimize the number of Common Transit Domains (MCTD).

The PCC may specify the multi-domain OF code to use when requesting inter-domain path computation. It may also include intra-domain OFs, such as Minimum Cost Path (MCP) , which must be considered by participating child PCEs.

Multi-domain Metrics For inter-domain path computation, there are two path metrics of interest.

• Domain Count (number of domains crossed).
• Border Node Count.

A PCC may be able to limit the number of domains crossed by applying a limit on these metrics. See for details.

Parent PCE Capability Advertisement A PCEP speaker (parent PCE or child PCE) that supports and wishes to use the procedures described in this document must advertise this fact and negotiate its role with its PCEP peers. It does this using the "H-PCE Capability" TLV, as described in , in the OPEN object to advertise its support for PCEP extensions for the H-PCE capability. During the PCEP session establishment procedure, the child PCE needs to be capable of indicating to the parent PCE whether it requests the parent PCE capability or not.

PCE Domain Identification A PCE domain is a single domain with an associated PCE, although it is possible for a PCE to manage multiple domains simultaneously. The PCE domain could be an IGP area or Autonomous System (AS). The PCE domain identifiers MAY be provided during the PCEP session establishment procedure.

Domain Diversity "Domain diversity" in the context of a multi-domain environment is defined in and described as follows:

• A pair of paths are domain-diverse if they do not transit any of the same domains. A pair of paths that share a common ingress and egress are domain-diverse if they only share the same domains at the ingress and egress (the ingress and egress domains). Domain diversity may be maximized for a pair of paths by selecting paths that have the smallest number of shared domains.

The main motivation behind domain diversity is to avoid fate-sharing, but it can also be used for geopolitical reasons and because of commercial relationships that would require domain diversity. For example, a pair of paths should choose different transit ASes because of certain policy considerations. In the case when full domain diversity could not be achieved, it is helpful to minimize the commonly shared domains. Also, it is interesting to note that other domain-diversity techniques (node, link, Shared Risk Link Group (SRLG), etc.) can still be applied inside the commonly shared domains.

PCEP Extensions This section defines extensions to PCEP to support the H-PCE procedures.

Applicability to PCC-PCE Communications Although the extensions defined in this document are intended primarily for use between a child PCE and a parent PCE, they are also applicable for communications between a PCC and its PCE. Thus, the information that may be encoded in a PCReq can be sent from a PCC towards the child PCE. This includes the Request Parameters (RP) object ( and ), the OF codes (), and the OF object (). A PCC and a child PCE could also exchange the H-PCE capability () during its session. This allows a PCC to request paths that transit multiple domains utilizing the capabilities defined in this document.

OPEN Object This document defines two new TLVs to be carried in an OPEN object. This way, during the PCEP session establishment, the H-PCE capability and domain information can be advertised.

H-PCE-CAPABILITY TLV The H-PCE-CAPABILITY TLV is an optional TLV associated with the OPEN object to exchange the H-PCE capability of PCEP speakers. Its format is shown in the following figure:

H-PCE-CAPABILITY TLV Format

The type of the TLV is TBD1, and it has a fixed length of 4 octets. The value comprises a single field -- Flags (32 bits):

• P (Parent PCE Request bit): If set, will signal that the child PCE wishes to use the peer PCE as a parent PCE.

Unassigned bits MUST be set to 0 on transmission and MUST be ignored on receipt. The inclusion of this TLV in an OPEN object indicates that the H-PCE extensions are supported by the PCEP speaker. The child PCE MUST include this TLV and set the P-flag. The parent PCE MUST include this TLV and unset the P-flag. The setting of the P-flag (Parent PCE Request bit) would mean that the PCEP speaker wants the peer to be a parent PCE, so in the case of a PCC-to-child-PCE relationship, neither entity would set the P-flag. If both peers attempt to set the P-flag, then the session establishment MUST fail, and the PCEP speaker MUST respond with a PCErr message using Error-Type 1 ("PCEP session establishment failure") as per . If the PCE understands the H-PCE PCReq message but did not advertise its H-PCE capability, it MUST send a PCErr message with Error-Type=TBD8 ("H-PCE Error") and Error-Value=1 ("H-PCE Capability not advertised").

Backwards Compatibility Section 7.1 of specifies the following requirement: "Unrecognized TLVs MUST be ignored." The OPEN object contains the necessary PCEP information between the PCE entities, including session information and PCE capabilities via TLVs (including if H-PCE is supported). If the PCE does not support this document but receives an Open message containing an OPEN object that includes an H-PCE-CAPABILITY TLV, it will ignore that TLV and continue to attempt to establish a PCEP session. However, it will not include the TLV in the Open message that it sends, so the H-PCE relationship will not be created. If a PCE does not support the extensions defined in this document but receives them in a PCEP message (notwithstanding the fact that the session was not established as supporting an H-PCE relationship), the receiving PCE will ignore the H-PCE related parameters because they are all encoded in TLVs in standard PCEP objects.

Domain-ID TLV The Domain-ID TLV, when used in the OPEN object, identifies the domains served by the PCE. The child PCE uses this mechanism to provide the domain information to the parent PCE. The Domain-ID TLV is defined below:

Domain-ID TLV Format

The type of the TLV is TBD2, and it has a variable Length of the value portion. The value part comprises the following:

• Domain Type (8 bits): Indicates the domain type. Four types of domains are currently defined:
  • Type=1: The Domain ID field carries a 2-byte AS number. Padded with trailing zeros to a 4-byte boundary.
  • Type=2: The Domain ID field carries a 4-byte AS number.
  • Type=3: The Domain ID field carries a 4-byte OSPF area ID.
  • Type=4: The Domain ID field carries a 2-byte Area-Len and a variable-length IS-IS area ID. Padded with trailing zeros to a 4-byte boundary.
• Reserved: Zero at transmission; ignored on receipt.
• Domain ID (variable): Indicates an IGP area ID or AS number as per the Domain Type field. It can be 2 bytes, 4 bytes, or variable length, depending on the domain identifier used. It is padded with trailing zeros to a 4-byte boundary. In the case of IS-IS, it includes the Area-Len as well.

In the case where a PCE serves more than one domain, multiple Domain-ID TLVs are included for each domain it serves.

RP Object

H-PCE-FLAG TLV The H-PCE-FLAG TLV is an optional TLV associated with the RP object to indicate the H-PCE PCReq message and options. Its format is shown in the following figure:

H-PCE-FLAG TLV Format

The type of the TLV is TBD3, and it has a fixed length of 4 octets. The value comprises a single field -- Flags (32 bits):

• D (Disallow Domain Re-entry bit): If set, will signal that the computed path does not enter a domain more than once.
• S (Domain Sequence bit): If set, will signal that the child PCE wishes to get only the domain sequence in the Path Computation Reply (PCRep) message . Refer to Section 3.7 of for details.

Unassigned bits MUST be set to 0 on transmission and MUST be ignored on receipt. The presence of the TLV indicates that the H-PCE-based path computation is requested as per this document.

Domain-ID TLV The Domain-ID TLV, carried in an OPEN object, is used to indicate a managed domain (or a list of managed domains) and is described in . This TLV, when carried in an RP object, indicates the destination domain ID. If a PCC knows the egress domain, it can supply this information in the PCReq message. also defines the format for this TLV and the procedure for using it. If a Domain-ID TLV is used in the RP object and the destination is not actually in the indicated domain, then the parent PCE should respond with a NO-PATH object and the NO-PATH-VECTOR TLV should be used. A new bit number is assigned to indicate "Destination is not found in the indicated domain" (see ).

Objective Functions

OF Codes defines a mechanism to specify an OF that is used by a PCE when it computes a path. Three new OFs are defined for the H-PCE model; these are:

• MTD
  • Name: Minimize the number of Transit Domains (MTD).
  • OF code - TBD4.
  • Description: Find a path P such that it passes through the least number of transit domains.
  • OFs are formulated using the following terminology:
    • A network comprises a set of N domains {Di, (i=1...N)}.
    • A path P passes through K unique domains {Dpi, (i=1...K)}.
    • Find a path P such that the value of K is minimized.
• MBN
  • Name: Minimize the number of Border Nodes.
  • OF code - TBD5.
  • Description: Find a path P such that it passes through the least number of border nodes.
  • OFs are formulated using the following terminology:
    • A network comprises a set of N links {Li, (i=1...N)}.
    • A path P is a list of K links {Lpi, (i=1...K)}.
    • D(Lpi) is a function that determines if the links Lpi and Lpi+1 belong to different domains. D(Li) = 1 if link Li and Li+1 belong to different domains; D(Lk) = 0 if link Lk and Lk+1 belong to the same domain.
    • The number of border nodes in a path P is denoted by B(P), where B(P) = sum{D(Lpi), (i=1...K-1)}.
    • Find a path P such that B(P) is minimized.

There is one OF that applies to a set of synchronized PCReq messages to increase the domain diversity:

• MCTD
  • Name: Minimize the number of Common Transit Domains.
  • OF code - TBD13.
  • Description: Find a set of paths such that it passes through the least number of common transit domains.
    • A network comprises a set of N domains {Di, (i=1...N)}.
    • A path P passes through K unique domains {Dpi, (i=1...K)}.
    • A set of paths {P1...Pm} has L transit domains that are common to more than one path {Dpi, (i=1...L)}.
    • Find a set of paths such that the value of L is minimized.

OF Object The OF object is carried in a PCReq message so as to indicate the desired/required OF to be applied by the PCE during path computation. As per Section 3.2 of , a single OF object may be included in a PCReq message. The new OF codes described in are applicable to the inter-domain path computation performed by the parent PCE. It is also necessary to specify the OF code that may be applied for the intra-domain path computation performed by the child PCE. To accommodate this, the OF-List TLV (described in Section 2.1 of ) is included in the OF object as an optional TLV. The OF-List TLV allows the encoding of multiple OF codes. When this TLV is included inside the OF object, only the first OF code in the OF-List TLV is considered. The parent PCE MUST use this OF code in the OF object when sending the intra-domain PCReq message to the child PCE. If the OF-List TLV is included in the OF object, the OF code inside the OF object MUST include one of the H-PCE OFs defined in this document. The OF code inside the OF-List TLV MUST NOT include an H-PCE OF. If this condition is not met, the PCEP speaker MUST respond with a PCErr message with Error-Type=10 ("Reception of an invalid object") and Error-Value=TBD15 ("Incompatible OF codes in H-PCE"). If the OFs defined in this document are unknown or unsupported by a PCE, then the procedure as defined in is followed.

METRIC Object The METRIC object is defined in Section 7.8 of and is comprised of the metric-value field, the metric type (the T field), and flags (the Flags field). This document defines the following types for the METRIC object for the H-PCE model:

• T=TBD6: Domain Count metric (number of domains crossed).
• T=TBD7: Border Node Count metric (number of border nodes crossed).

The Domain Count metric type of the METRIC object encodes the number of domains crossed in the path. The Border Node Count metric type of the METRIC object encodes the number of border nodes in the path. If a domain is re-entered, then the domain should be double counted. A PCC or child PCE MAY use the metric in a PCReq message for an inter-domain path computation, meeting the requirement for the number of domains or border nodes being crossed. As per , in this case, the B-bit is set to suggest a bound (a maximum) for the metric that must not be exceeded for the PCC to consider the computed path acceptable. A PCC or child PCE MAY also use this metric to ask the PCE to optimize the metric during inter-domain path computation. In this case, the B-flag is cleared, and the C-flag is set. The parent PCE MAY use the metric in a PCRep message along with a NO-PATH object in the case where the PCE cannot compute a path that meets this constraint. A PCE MAY also use this metric to send the computed end-to-end metric value in a reply message.

SVEC Object defines the Synchronization Vector (SVEC) object, which includes flags for the potential dependency between the set of PCReq messages (Link, Node, and SRLG diverse). This document defines a new flag (the O-bit) for domain diversity. The following new bit is added to the Flags field:

• Domain Diverse O-bit - TBD14: When set, this indicates that the computed paths corresponding to the requests specified by any RP objects that might be provided MUST NOT have any transit domains in common.

The Domain Diverse O-bit can be used in H-PCE path computation to compute synchronized domain-diverse end-to-end paths or diverse domain sequences. When the Domain Diverse O-bit is set, it is applied to the transit domains. The other bit in SVEC object L (Link diverse), N (Node diverse), S (SRLG diverse), etc. MAY be set and MUST still be applied in the ingress and egress shared domain.

PCEP-ERROR Object

Hierarchical PCE Error-Type A new PCEP Error-Type is used for the H-PCE extension as defined below: H-PCE Error

Error-Type	Meaning
TBD8	H-PCE Error Error-Value=1: H-PCE Capability not advertised Error-Value=2: Parent PCE Capability cannot be provided

NO-PATH Object To communicate the reason(s) for not being able to find a multi-domain path or domain sequence, the NO-PATH object can be used in the PCRep message. defines the format of the NO-PATH object. The object may contain a NO-PATH-VECTOR TLV to provide additional information about why a path computation has failed. This document defines four new bit flags to be carried in the Flags field in the NO-PATH-VECTOR TLV carried in the NO-PATH object.

• Bit number TBD9: When set, the parent PCE indicates that the destination domain is unknown.
• Bit number TBD10: When set, the parent PCE indicates that one or more child PCEs are unresponsive.
• Bit number TBD11: When set, the parent PCE indicates that no resources are available in one or more domains.
• Bit number TBD12: When set, the parent PCE indicates that the destination is not found in the indicated domain.

H-PCE Procedures The H-PCE path computation procedure is described in .

OPEN Procedure between Child PCE and Parent PCE If a child PCE wants to use the peer PCE as a parent, it MUST set the P-flag (Parent PCE Request flag) in the H-PCE-CAPABILITY TLV inside the OPEN object carried in the Open message during the PCEP session initialization procedure. The child PCE MAY also report its list of domain IDs to the parent PCE by specifying them in the Domain-ID TLVs in the OPEN object. This object is carried in the Open message during the PCEP session initialization procedure. The OF codes defined in this document can be carried in the OF-List TLV of the OPEN object. If the OF-List TLV carries the OF codes, it means that the PCE is capable of implementing the corresponding OFs. This information can be used for selecting a proper parent PCE when a child PCE wants to get a path that satisfies a certain OF. When a child PCE sends a PCReq to a peer PCE that requires parental activity and the H-PCE-CAPABILITY TLV but these items were not taken into account in the session establishment procedure described above, the peer PCE SHOULD send a PCErr message to the child PCE and MUST specify Error-Type=TBD8 ("H-PCE Error") and Error-Value=1 ("H-PCE Capability not advertised") in the PCEP-ERROR object. When a specific child PCE sends a PCReq to a peer PCE that requires parental activity and the peer PCE does not want to act as the parent for it, the peer PCE SHOULD send a PCErr message to the child PCE and MUST specify Error-Type=TBD8 ("H-PCE Error") and Error-Value=2 ("Parent PCE Capability cannot be provided") in the PCEP-ERROR object.

Procedure for Obtaining the Domain Sequence If a child PCE only wants to get the domain sequence for a multi-domain path computation from a parent PCE, it can set the Domain Path Request bit in the H-PCE-FLAG TLV in the RP object carried in a PCReq message. The parent PCE that receives the PCReq message tries to compute a domain sequence for it (instead of the end-to-end path). If the domain path computation succeeds, the parent PCE sends a PCRep message that carries the domain sequence in the Explicit Route Object (ERO) to the child PCE. Refer to for more details about domain subobjects in the ERO. Otherwise, it sends a PCReq message that carries the NO-PATH object to the child PCE.

Error Handling A PCE that is capable of acting as a parent PCE might not be configured or willing to act as the parent for a specific child PCE. When the child PCE sends a PCReq that requires parental activity, a negative response in the form of a PCEP Error (PCErr) message that includes H-PCE Error-Type=TBD8 ("H-PCE Error") and an applicable Error-Value () might result. Additionally, the parent PCE may fail to find the multi-domain path or domain sequence for one or more of the following reasons:

• A child PCE cannot find a suitable path to the egress.
• The parent PCE does not hear from a child PCE for a specified time.
• The OFs specified in the path request cannot be met.

In this case, the parent PCE MAY need to send a negative PCRep message specifying the reason for the failure. This can be achieved by including the NO-PATH object in the PCRep message. An extension to the NO-PATH object is needed in order to include the reasons defined in .

Manageability Considerations General PCE and PCEP management/manageability considerations are discussed in and . There are additional management considerations for the H-PCE model; these are described in and repeated in this section. The administrative entity responsible for the management of the parent PCEs must be determined for the following cases:

• Multiple domains (e.g., IGP areas or multiple ASes) in a single service provider network. The management responsibility for the parent PCE would most likely be handled by the service provider.
• Multiple ASes in different service provider networks. It may be necessary for a third party to manage the parent PCEs according to commercial and policy agreements from each of the participating service providers.

Control of Function and Policy Control of H-PCE function will need to be carefully managed via configuration and interaction policies, which may be controlled via a policy module on the H-PCE. A child PCE will need to be configured with the address of its parent PCE. It is expected that there will only be one or two parents of any child. The parent PCE also needs to be aware of the child PCEs for all child domains that it can see. This information is most likely to be configured (as part of the administrative definition of each domain). Discovery of the relationships between parent PCEs and child PCEs does not form part of the H-PCE architecture. Mechanisms that rely on advertising or querying PCE locations across domain or provider boundaries are undesirable for security, scaling, commercial, and confidentiality reasons. The specific behavior of the child and parent PCEs is described in the following subsections.

Child PCE Support of the hierarchical procedure will be controlled by the management organization responsible for each child PCE. A child PCE must be configured with the address of its parent PCE in order for it to interact with its parent PCE. The child PCE must also be authorized to peer with the parent PCE.

Parent PCE The parent PCE MUST only accept PCReq messages from authorized child PCEs. If a parent PCE receives requests from an unauthorized child PCE, the request SHOULD be dropped. This means that a parent PCE MUST be able to cryptographically authenticate requests from child PCEs. Multi-party shared key authentication schemes are not recommended for inter-domain relationships because of (1) the potential for impersonation and repudiation and (2) operational difficulties should revocation be required. The choice of authentication schemes to employ may be left to implementers of the H-PCE architecture and are not discussed further in this document.

Policy Control It may be necessary to maintain H-PCE policy via a policy control module on the parent PCE. This would allow the parent PCE to apply commercially relevant constraints such as SLAs, security, peering preferences, and monetary costs. It may also be necessary for the parent PCE to limit the end-to-end path selection by including or excluding specific domains based on commercial relationships, security implications, and reliability.

Information and Data Models provides a MIB module for PCEP and describes managed objects for the modeling of PCEP communication. A YANG module for PCEP has also been proposed . An H-PCE MIB module or an additional data model will also be required for reporting parent PCE and child PCE information, including:

• parent PCE configuration and status,
• child PCE configuration and information,
• notifications to indicate session changes between parent PCEs and child PCEs, and
• notification of parent PCE TED updates and changes.

Liveness Detection and Monitoring The hierarchical procedure requires interaction with multiple PCEs. Once a child PCE requests an end-to-end path, a sequence of events occurs that requires interaction between the parent PCE and each child PCE. If a child PCE is not operational and an alternate transit domain is not available, then the failure must be reported.

Verifying Correct Operations Verifying the correct operation of a parent PCE can be performed by monitoring a set of parameters. The parent PCE implementation should provide the following parameters monitored at the parent PCE:

• number of child PCE requests,
• number of successful H-PCE procedure completions on a per-PCE-peer basis,
• number of H-PCE procedure-completion failures on a per-PCE-peer basis, and
• number of H-PCE procedure requests from unauthorized child PCEs.

Requirements on Other Protocols Mechanisms defined in this document do not imply any new requirements on other protocols.

Impact on Network Operations The H-PCE procedure is a multiple-PCE path computation scheme. Subsequent requests to and from the child and parent PCEs do not differ from other path computation requests and should not have any significant impact on network operations.

IANA Considerations IANA maintains the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA has allocated code points for the protocol elements defined in this document.

PCEP TLV Type Indicators IANA manages the PCEP TLV code point registry (see ). This is maintained as the "PCEP TLV Type Indicators" subregistry of the "Path Computation Element Protocol (PCEP) Numbers" registry. This document defines three new PCEP TLVs. IANA is requested to make the following allocations: New PCEP TLVs

Type	TLV Name	Reference
TBD1	H-PCE-CAPABILITY	RFC 0000
TBD2	Domain-ID	RFC 0000
TBD3	H-PCE-FLAG	RFC 0000

H-PCE-CAPABILITY TLV Flags This document requests that a new subregistry, "H-PCE-CAPABILITY TLV Flag Field", is created in the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field in the H-PCE-CAPABILITY TLV of the PCEP OPEN object. New values are to be assigned by Standards Action . Each bit should be tracked with the following qualities:

• Bit number (counting from bit 0 as the most significant bit)
• Capability description
• Defining RFC

The following value is defined in this document: Parent PCE Request Bit

Bit	Description	Reference
31	P (Parent PCE Request bit)	RFC 0000

Domain-ID TLV Domain Type This document requests that a new subregistry, "Domain-ID TLV Domain Type", is created in the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Domain Type field of the Domain-ID TLV. The allocation policy for this new subregistry is IETF Review . Parameters for Domain-ID TLV Domain Type

Value	Meaning
0	Reserved
1	2-byte AS number
2	4-byte AS number
3	4-byte OSPF area ID
4	Variable-length IS-IS area ID

H-PCE-FLAG TLV Flags This document requests that a new subregistry, "H-PCE-FLAG TLV Flag Field", is created in the "Path Computation Element Protocol (PCEP) Numbers" registry to manage the Flag field in the H-PCE-FLAG TLV of the PCEP RP object. New values are to be assigned by Standards Action . Each bit should be tracked with the following qualities:

• Bit number (counting from bit 0 as the most significant bit)
• Capability description
• Defining RFC

The following values are defined in this document: New H-PCE-FLAG TLV Flag Field Entries

Bit	Description	Reference
30	D (Disallow Domain Re-entry bit)	RFC 0000
31	S (Domain Sequence bit)	RFC 0000

OF Codes IANA maintains a list of OFs (described in ) in the "Objective Function" subregistry. Three new OFs have been defined in this document. IANA is requested to make the following allocations: New OF Codes

Code Point	Name	Reference
TBD4	Minimize the number of Transit Domains (MTD)	RFC 0000
TBD5	Minimize the number of Border Nodes (MBN)	RFC 0000
TBD13	Minimize the number of Common Transit Domains (MCTD)	RFC 0000

METRIC Object Types IANA maintains the "METRIC Object T Field" subregistry. Two new metric types are defined in this document for the METRIC object (specified in ). IANA is requested to make the following allocations:

New PCEP Error-Types and Values IANA maintains a list of Error-Types and Error-Values for use in PCEP messages. This list is maintained in the "PCEP-ERROR Object Error Types and Values" subregistry of the "Path Computation Element Protocol (PCEP) Numbers" registry. IANA is requested to make the following allocations:

New NO-PATH-VECTOR TLV Bit Flag IANA maintains the "NO-PATH-VECTOR TLV Flag Field" subregistry, which contains a list of bit flags carried in the PCEP NO-PATH-VECTOR TLV in the PCEP NO-PATH object as defined in . IANA is requested to assign four new bit flags as follows:

SVEC Flag IANA maintains the "SVEC Object Flag Field" subregistry, which contains a list of bit flags carried in the PCEP SVEC object as defined in . IANA is requested to assign one new bit flag as follows:

Security Considerations The H-PCE procedure relies on PCEP and inherits the security considerations defined in . As PCEP operates over TCP, it may also make use of TCP security mechanisms, such as the TCP Authentication Option (TCP-AO) or Transport Layer Security (TLS) . Any multi-domain operation necessarily involves the exchange of information across domain boundaries. This may represent a significant security and confidentiality risk, especially when the child domains are controlled by different commercial concerns. PCEP allows individual PCEs to maintain the confidentiality of their domain path information using path-keys , and the H-PCE architecture is specifically designed to enable as much isolation of information related to domain topology and capabilities as possible. For further considerations regarding the security issues related to inter-AS path computation, see .

References Normative References In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document specifies the Path Computation Element (PCE) Communication Protocol (PCEP) for communications between a Path Computation Client (PCC) and a PCE, or between two PCEs. Such interactions include path computation requests and path computation replies as well as notifications of specific states related to the use of a PCE in the context of Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering. PCEP is designed to be flexible and extensible so as to easily allow for the addition of further messages and objects, should further requirements be expressed in the future. [STANDARDS-TRACK] The computation of one or a set of Traffic Engineering Label Switched Paths (TE LSPs) in MultiProtocol Label Switching (MPLS) and Generalized MPLS (GMPLS) networks is subject to a set of one or more specific optimization criteria, referred to as objective functions (e.g., minimum cost path, widest path, etc.). In the Path Computation Element (PCE) architecture, a Path Computation Client (PCC) may want a path to be computed for one or more TE LSPs according to a specific objective function. Thus, the PCC needs to instruct the PCE to use the correct objective function. Furthermore, it is possible that not all PCEs support the same set of objective functions; therefore, it is useful for the PCC to be able to automatically discover the set of objective functions supported by each PCE. This document defines extensions to the PCE communication Protocol (PCEP) to allow a PCE to indicate the set of objective functions it supports. Extensions are also defined so that a PCC can indicate in a path computation request the required objective function, and a PCE can report in a path computation reply the objective function that was used for path computation. This document defines objective function code types for six objective functions previously listed in the PCE requirements work, and provides the definition of four new metric types that apply to a set of synchronized requests. [STANDARDS-TRACK] RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Informative References This document lists a detailed set of functional requirements for the support of inter-area MPLS Traffic Engineering (inter-area MPLS TE). It is intended that solutions that specify procedures and protocol extensions for inter-area MPLS TE satisfy these requirements. This memo provides information for the Internet community. This document discusses requirements for the support of inter-AS MPLS Traffic Engineering (MPLS TE). Its main objective is to present a set of requirements and scenarios which would result in general guidelines for the definition, selection, and specification development for any technical solution(s) meeting these requirements and supporting the scenarios. This memo provides information for the Internet community. Constraint-based path computation is a fundamental building block for traffic engineering systems such as Multiprotocol Label Switching (MPLS) and Generalized Multiprotocol Label Switching (GMPLS) networks. Path computation in large, multi-domain, multi-region, or multi-layer networks is complex and may require special computational components and cooperation between the different network domains. This document specifies the architecture for a Path Computation Element (PCE)-based model to address this problem space. This document does not attempt to provide a detailed description of all the architectural components, but rather it describes a set of building blocks for the PCE architecture from which solutions may be constructed. This memo provides information for the Internet community. This document provides a framework for establishing and controlling Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineered (TE) Label Switched Paths (LSPs) in multi-domain networks. For the purposes of this document, a domain is considered to be any collection of network elements within a common sphere of address management or path computational responsibility. Examples of such domains include Interior Gateway Protocol (IGP) areas and Autonomous Systems (ASes). This memo provides information for the Internet community. This document specifies a per-domain path computation technique for establishing inter-domain Traffic Engineering (TE) Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Label Switched Paths (LSPs). In this document, a domain refers to a collection of network elements within a common sphere of address management or path computational responsibility such as Interior Gateway Protocol (IGP) areas and Autonomous Systems. Per-domain computation applies where the full path of an inter-domain TE LSP cannot be or is not determined at the ingress node of the TE LSP, and is not signaled across domain boundaries. This is most likely to arise owing to TE visibility limitations. The signaling message indicates the destination and nodes up to the next domain boundary. It may also indicate further domain boundaries or domain identifiers. The path through each domain, possibly including the choice of exit point from the domain, must be determined within the domain. [STANDARDS-TRACK] Multiprotocol Label Switching Traffic Engineered (MPLS TE) Label Switched Paths (LSPs) may be established wholly within an Autonomous System (AS) or may cross AS boundaries. The Path Computation Element (PCE) is a component that is capable of computing constrained paths for (G)MPLS TE LSPs. The PCE Communication Protocol (PCECP) is defined to allow communication between Path Computation Clients (PCCs) and PCEs, as well as between PCEs. The PCECP is used to request constrained paths and to supply computed paths in response. Generic requirements for the PCECP are set out in "Path Computation Element (PCE) Communication Protocol Generic Requirements", RFC 4657. This document extends those requirements to cover the use of PCECP in support of inter-AS MPLS TE. This memo provides information for the Internet community. The Path Computation Element (PCE) architecture introduces the concept of policy in the context of path computation. This document provides additional details on policy within the PCE architecture and also provides context for the support of PCE Policy. This document introduces the use of the Policy Core Information Model (PCIM) as a framework for supporting path computation policy. This document also provides representative scenarios for the support of PCE Policy. This memo provides information for the Internet community. Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering (TE) Label Switched Paths (LSPs) may be computed by Path Computation Elements (PCEs). Where the TE LSP crosses multiple domains, such as Autonomous Systems (ASes), the path may be computed by multiple PCEs that cooperate, with each responsible for computing a segment of the path. However, in some cases (e.g., when ASes are administered by separate Service Providers), it would break confidentiality rules for a PCE to supply a path segment to a PCE in another domain, thus disclosing AS-internal topology information. This issue may be circumvented by returning a loose hop and by invoking a new path computation from the domain boundary Label Switching Router (LSR) during TE LSP setup as the signaling message enters the second domain, but this technique has several issues including the problem of maintaining path diversity. This document defines a mechanism to hide the contents of a segment of a path, called the Confidential Path Segment (CPS). The CPS may be replaced by a path-key that can be conveyed in the PCE Communication Protocol (PCEP) and signaled within in a Resource Reservation Protocol TE (RSVP-TE) explicit route object. [STANDARDS-TRACK] The ability to compute shortest constrained Traffic Engineering Label Switched Paths (TE LSPs) in Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) networks across multiple domains has been identified as a key requirement. In this context, a domain is a collection of network elements within a common sphere of address management or path computational responsibility such as an IGP area or an Autonomous Systems. This document specifies a procedure relying on the use of multiple Path Computation Elements (PCEs) to compute such inter-domain shortest constrained paths across a predetermined sequence of domains, using a backward-recursive path computation technique. This technique preserves confidentiality across domains, which is sometimes required when domains are managed by different service providers. [STANDARDS-TRACK] This document specifies the TCP Authentication Option (TCP-AO), which obsoletes the TCP MD5 Signature option of RFC 2385 (TCP MD5). TCP-AO specifies the use of stronger Message Authentication Codes (MACs), protects against replays even for long-lived TCP connections, and provides more details on the association of security with TCP connections than TCP MD5. TCP-AO is compatible with either a static Master Key Tuple (MKT) configuration or an external, out-of-band MKT management mechanism; in either case, TCP-AO also protects connections when using the same MKT across repeated instances of a connection, using traffic keys derived from the MKT, and coordinates MKT changes between endpoints. The result is intended to support current infrastructure uses of TCP MD5, such as to protect long-lived connections (as used, e.g., in BGP and LDP), and to support a larger set of MACs with minimal other system and operational changes. TCP-AO uses a different option identifier than TCP MD5, even though TCP-AO and TCP MD5 are never permitted to be used simultaneously. TCP-AO supports IPv6, and is fully compatible with the proposed requirements for the replacement of TCP MD5. [STANDARDS-TRACK] Computing optimum routes for Label Switched Paths (LSPs) across multiple domains in MPLS Traffic Engineering (MPLS-TE) and GMPLS networks presents a problem because no single point of path computation is aware of all of the links and resources in each domain. A solution may be achieved using the Path Computation Element (PCE) architecture. Where the sequence of domains is known a priori, various techniques can be employed to derive an optimum path. If the domains are simply connected, or if the preferred points of interconnection are also known, the Per-Domain Path Computation technique can be used. Where there are multiple connections between domains and there is no preference for the choice of points of interconnection, the Backward-Recursive PCE-based Computation (BRPC) procedure can be used to derive an optimal path. This document examines techniques to establish the optimum path when the sequence of domains is not known in advance. The document shows how the PCE architecture can be extended to allow the optimum sequence of domains to be selected, and the optimum end-to-end path to be derived through the use of a hierarchical relationship between domains. This document is not an Internet Standards Track specification; it is published for informational purposes. The Path Computation Element (PCE) architecture is set out in RFC 4655. The architecture is extended for multi-layer networking with the introduction of the Virtual Network Topology Manager (VNTM) in RFC 5623 and generalized to Hierarchical PCE (H-PCE) in RFC 6805. These three architectural views of PCE deliberately leave some key questions unanswered, especially with respect to the interactions between architectural components. This document draws out those questions and discusses them in an architectural context with reference to other architectural components, existing protocols, and recent IETF efforts. This document does not update the architecture documents and does not define how protocols or components must be used. It does, however, suggest how the architectural components might be combined to provide advanced PCE function. This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for modeling of the Path Computation Element Communication Protocol (PCEP) for communications between a Path Computation Client (PCC) and a Path Computation Element (PCE), or between two PCEs. In a number of environments, a component external to a network is called upon to perform computations based on the network topology and current state of the connections within the network, including Traffic Engineering (TE) information. This is information typically distributed by IGP routing protocols within the network. This document describes a mechanism by which link-state and TE information can be collected from networks and shared with external components using the BGP routing protocol. This is achieved using a new BGP Network Layer Reachability Information (NLRI) encoding format. The mechanism is applicable to physical and virtual IGP links. The mechanism described is subject to policy control. Applications of this technique include Application-Layer Traffic Optimization (ALTO) servers and Path Computation Elements (PCEs). The ability to compute shortest constrained Traffic Engineering Label Switched Paths (TE LSPs) in Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) networks across multiple domains has been identified as a key requirement. In this context, a domain is a collection of network elements within a common sphere of address management or path computational responsibility such as an Interior Gateway Protocol (IGP) area or an Autonomous System (AS). This document specifies a representation and encoding of a domain sequence, which is defined as an ordered sequence of domains traversed to reach the destination domain to be used by Path Computation Elements (PCEs) to compute inter-domain constrained shortest paths across a predetermined sequence of domains. This document also defines new subobjects to be used to encode domain identifiers. Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA). To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry. This is the third edition of this document; it obsoletes RFC 5226. The Path Computation Element Communication Protocol (PCEP) defines the mechanisms for the communication between a Path Computation Client (PCC) and a Path Computation Element (PCE), or among PCEs. This document describes PCEPS -- the usage of Transport Layer Security (TLS) to provide a secure transport for PCEP. The additional security mechanisms are provided by the transport protocol supporting PCEP; therefore, they do not affect the flexibility and extensibility of PCEP. This document updates RFC 5440 in regards to the PCEP initialization phase procedures. This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.

Acknowledgements The authors would like to thank Mike McBride, Kyle Rose, and Roni Even for their detailed review, comments, and suggestions, which helped improve this document.

Contributors