Networking Working Group Rich Bradford (Ed) IETF Internet Draft JP Vasseur Cisco Systems, Inc. Adrian Farrel Old Dog Consulting Proposed Status: Standard Expires: April 2007 October 2006 draft-bradford-ccamp-path-key-ero-00.txt RSVP Extensions for Path Key Support Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Bradford, Vasseur and Farrel 1 draft-bradford-ccamp-path-key-ero-00.txt September 2006 Abstract Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Label Switched Paths (LSPs) may be computed by Path Computation Elements (PCEs). Where the TE LSP crosses multiple domains, such as Autonomous Systems (ASs), the path may be computed by multiple PCEs that cooperate, with each responsible for computing a segment of the path. To preserve confidentiality of topology with each AS, the PCE supports a mechanism to hide the contents of a segment of a path, called the Confidential Path Segment (CPS), by encoding the contents as a Path Key Sub-object (PKS). This draft describes the addition of this object to the Explicit Route Object. Table of contents To be Added Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. 1. Introduction This document proposes RSVP-TE protocol extensions necessary to support the protocol extensions called out in [PCE-PKS]. 2. Terminology CPS: Confidential Path Segment. A segment of a path that contains nodes and links that the AS policy requires to not be disclosed outside the AS. PCE: Path Computation Element: an entity (component, application or network node) that is capable of computing a network path or route based on a network graph and applying computational constraints. PKS: Path Key Sub-object. A sub-object of an Explicit Route Object which encodes a CPS, so as to preserve confidentiality. 3. RSVP-TE Path Key Sub-object The Path Key sub-object (PKS) may be carried in the Explicit Route Object (ERO) of a RSVP-TE Path message [RFC3209]. The PKS is a Bradford, Vasseur, and Farrel 2 draft-bradford-ccamp-path-key-ero-00.txt September 2006 fixed-length sub-object containing a Path-Key and a PCE-ID. The Path Key is an identifier, or token used to represent the CPS within the context of the PCE identified by the PCE-ID. The PCE-ID identifies the PCE that can decode the Path Key using a reachable IPv4 or IPv6 address of the PCE. Because of the IPv4 and IPv6 variants, two subobjects are defined as follows. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |L| Type | Length | Path Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv4 address (4 bytes) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L The L bit SHOULD NOT be set, so that the sub-object represents a strict hop in the explicit route. Type TBD Path Key with IPv4 address Length The Length contains the total length of the subobject in bytes, including the Type and Length fields. The Length is always 8. IPv4 address An IPv4 address of the PCE that can decode this key. The address used SHOULD be an address of the PCE that is always reachable, and MAY be an address that is restricted to the domain in which the LSR that is called upon to expand the CPS lies. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |L| Type | Length | Path Key | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 address (16 bytes) | | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ L Bradford, Vasseur, and Farrel 3 draft-bradford-ccamp-path-key-ero-00.txt September 2006 As above. Type TBD Path Key with IPv6 address Length The Length contains the total length of the subobject in bytes, including the Type and Length fields. The Length is always 20. IPv6 address An IPv6 address of the PCE that can decode this key. The address used SHOULD be an address of the PCE that is always reachable, but MAY be an address that is restricted to the domain in which the LSR that is called upon to expand the CPS lies. Note: The twins of these sub-objects will be carried in a PCEP PCRep message as defined in [PCE-PKS]. Ideally, IANA assignment of the sub-object types will be identical. 4. Security Considerations This document proposes tunneling secure topology information across an untrusted AS, so the security considerations are many and apply to PCEP and RSVP-TE. Issues include: - Security of the CPS (can other network elements probe for expansion of path-keys, possibly at random?). - Authenticity of the path-key (resilience to alteration by intermediaries, resilience to fake expansion of path-keys). - Resilience from DNS attacks (insertion of spurious path-keys; flooding of bogus path-key expansion requests). 5. Manageability Considerations TBD 6. IANA considerations The IANA section will be detailed in further revision of this document. For RSVP, it will include code point requests for the three new ERO sub-objects, and a new ErrorSpec Error Code. Bradford, Vasseur, and Farrel 4 draft-bradford-ccamp-path-key-ero-00.txt September 2006 For PCEP, it will include code point requests for the three new computed path sub-objects. 7. Intellectual Property Considerations The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V. and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP Tunnels", RFC 3209, December 2001. [PCEP] Vasseur, J.P., Le Roux, J.L., Ayyangar, A., Oki, E., Ikejiri, A., Atlas, A., Dolganow, A., "Path Computation Element (PCE) communication Protocol (PCEP)", draft-vasseur-pce-pcep, work in progress. [PCE-PKS] Bradford, R., Vasseur, J.P., Farrel, A., "Preserving Topology Confidentiality in Inter-Domain Path Computation and Signaling", draft-bradford-pce-path-key, work in progress. Bradford, Vasseur, and Farrel 5 draft-bradford-ccamp-path-key-ero-00.txt September 2006 8.2. Informational References [PCE-ARCH] Farrel, A., Vasseur, J.P., Ash, J., "Path Computation Element (PCE) Architecture", draft-ietf-pce-architecture, work in progress. [PD-PATH-COMP] Vasseur, J., et al "A Per-domain path computation method for establishing Inter-domain Traffic Engineering (TE) Label Switched Paths (LSPs)", draft-ietf-ccamp-inter-domain-pd- path-comp, work in progress. [BRPC] Vasseur, J., et al "A Backward Recursive PCE-based Computation (BRPC) procedure to compute shortest inter-domain Traffic Engineering Label Switched Path", draft-vasseur-pce-brpc, work in progress. [RFC4105] Le Roux, J., Vasseur, JP, Boyle, J., "Requirements for Support of Inter-Area and Inter-AS MPLS Traffic Engineering", RFC 4105, June 2005. [RFC4216] Zhang, R., Vasseur, JP., et. al., "MPLS Inter-AS Traffic Engineering requirements", RFC 4216, November 2005. 9. Authors' Addresses: Rich Bradford (Editor) Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough , MA - 01719 USA Email: rbradfor@cisco.com J.-P Vasseur Cisco Systems, Inc. 1414 Massachusetts Avenue Boxborough , MA - 01719 USA Email: jpv@cisco.com Adrian Farrel Old Dog Consulting EMail: adrian@olddog.co.uk Bradford, Vasseur, and Farrel 6 draft-bradford-ccamp-path-key-ero-00.txt September 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Bradford, Vasseur, and Farrel 7