Network Working Group Eiji Oki Internet Draft NTT Category: Informational Jean-Louis Le Roux Expires: September 2007 France Telecom Adrian Farrel Old Dog Consulting March 2007 Framework for PCE-Based Inter-Layer MPLS and GMPLS Traffic Engineering draft-ietf-pce-inter-layer-frwk-03.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract A network may comprise multiple layers. It is important to globally optimize network resource utilization, taking into account all layers, rather than optimizing resource utilization at each layer independently. This allows better network efficiency to be achieved through a process that we call inter-layer traffic engineering. The Path Computation Element (PCE) can be a powerful tool to achieve inter-layer traffic engineering. This document describes a framework for applying the PCE-based architecture to inter-layer Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) traffic engineering. It provides suggestions for the deployment of PCE in support of multi-layer networks. This document also describes network models where PCE performs inter-layer traffic engineering, and the relationship between PCE and a functional component called the Virtual Network Topology Manager (VNTM). Table of Contents 1. Terminology.....................................................2 2. Introduction....................................................2 Oki et al. Expires September 2007 [Page 1] draft-ietf-pce-inter-layer-frwk-03.txt March 2007 3. Inter-Layer Path Computation....................................3 4. Inter-layer Path Computation Models.............................5 4.1. Single PCE Inter-Layer Path Computation......................5 4.2. Multiple PCE Inter-Layer Path Computation....................5 4.3. General Observations.........................................6 5. Inter-Layer Path Control........................................7 5.1. VNT Management...............................................7 5.2. Inter-Layer Path Control Models..............................7 5.2.1. Cooperation Model Between PCE and VNTM.....................7 5.2.2. Higher-Layer Signaling Trigger Model.......................9 5.2.3. Examples of Multi-Layer ERO...............................11 6. Choosing Between Inter-Layer Path Control Models...............11 6.1. VNTM Functions:.............................................11 6.2. Border LSR Functions:.......................................12 6.3. Complete Inter-Layer LSP Setup Time:........................12 6.4. Network Complexity..........................................12 6.5. Separation of Layer Management..............................13 7. Security Considerations........................................13 8. Acknowledgment.................................................14 9. References.....................................................14 9.1. Normative Reference.........................................14 9.2. Informative Reference.......................................14 10. Authors' Addresses...........................................15 11. Intellectual Property Statement..............................15 1. Terminology This document uses terminology from the PCE-based path computation architecture [RFC4655] and also common terminology from Multi Protocol Label Switching (MPLS) [RFC3031], Generalized MPLS (GMPLS) [RFC3945] and Multi-Layer Networks [MLN-REQ]. 2. Introduction A network may comprise multiple layers. These layers may represent separations of technologies (e.g., packet switch capable (PSC), time division multiplex (TDM), or lambda switch capable (LSC)) [RFC3945], separation of data plane switching granularity levels (e.g., PSC-1, PSC-2, VC4, or VC12) [MLN-REQ], or a distinction between client and server networking roles. In this multi-layer network, Label Switched Paths (LSPs) in a lower layer are used to carry higher-layer LSPs across the lower-layer network. The network topology formed by lower-layer LSPs and advertised to the higher layer is called a Virtual Network Topology (VNT) [MLN-REQ]. It may be effective to optimize network resource utilization globally, i.e., taking into account all layers, rather than optimizing resource utilization at each layer independently. This allows better network efficiency to be achieved and is what we call inter-layer traffic engineering. This includes mechanisms allowing the computation of end-to-end paths across layers (known as inter- layer path computation), and mechanisms for control and management of the Virtual Network Topology (VNT) by setting up and releasing LSPs in the lower layers [MLN-REQ]. Oki et al Expires September 2007 2 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Inter-layer traffic engineering is included in the scope of the Path Computation Element (PCE)-based architecture [RFC4655], and PCE can provide a suitable mechanism for resolving inter-layer path computation issues. PCE Communication Protocol requirements for inter-layer traffic engineering are set forth in [PCE-INTER-LAYER-REQ]. This document describes a framework for applying the PCE-based architecture to inter-layer traffic engineering. It provides suggestions for the deployment of PCE in support of multi-layer networks. This document also describes network models where PCE performs inter-layer traffic engineering, and the relationship between PCE and a functional component in charge of the control and management of the VNT, and called the Virtual Network Topology Manager (VNTM). 3. Inter-Layer Path Computation This section describes key topics of inter-layer path computation in MPLS and GMPLS networks. [RFC4206] defines a way to signal a higher-layer LSP, whose explicit route includes hops traversed by LSPs in lower layers. The computation of end-to-end paths across layers is called Inter-Layer Path Computation. A Label Switching Router (LSR) in the higher-layer might not have information on the topology of the lower-layer, particularly in an overlay or augmented model deployment, and hence may not be able to compute an end-to-end path across layers. PCE-based inter-layer path computation, consists of using one or more PCEs to compute an end-to-end path across layers. This could be achieved by a single PCE path computation where the PCE has topology information about multiple layers and can directly compute an end- to-end path across layers considering the topology of all of the layers. Alternatively, the inter-layer path computation could be performed as a multiple PCE computation where each member of a set of PCEs has information about the topology of one or more layers (but not all layers), and the PCEs collaborate to compute an end-to- end path. Consider, for instance, a two-layer network where the higher-layer network is a packet-based IP/MPLS or GMPLS network, and the lower- layer network is a GMPLS optical network. An ingress LSR in the higher-layer network tries to set up an LSP to an egress LSR also in the higher-layer network across the lower-layer network, and needs a path in the higher-layer network. However, suppose that there is no Traffic Engineering (TE) link in the higher-layer network between border LSRs, which are located on the boundary between the higher- layer and lower-layer networks, and that the ingress LSR does not have topology visibility into the lower layer. If a single-layer path computation is applied for the higher-layer, the path computation fails because of the missing TE link. On the other hand, inter-layer path computation is able to provide a route in the higher-layer and a suggestion that a lower-layer LSP be set up between border LSRs. Oki et al Expires September 2007 3 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Lower-layer LSPs that are advertised as TE links into the higher- layer network form a Virtual Network Topology (VNT), which can be used for routing higher-layer LSPs. Inter-layer path computation for end-to-end LSPs in the higher-layer network that span the lower- layer network may utilize the VNT, and PCE is a candidate for computing the paths of such higher-layer LSPs within the higher- layer network. Alternatively, the PCE-based path computation model can: - Perform a single computation on behalf of the ingress LSR using information gathered from more than one layer. This mode is referred to as Single PCE Computation in [RFC4655]. - Compute a path on behalf of the ingress LSR through cooperation with PCEs responsible for each layer. This mode is referred to as Multiple PCE Computation with inter-PCE communication in [RFC4655]. - Perform separate path computations on behalf of the TE-LSP head- end and each transit border LSR that is the entry point to a new layer. This mode is referred to as Multiple PCE Computation (without inter-PCE communication) in [RFC4655]. This option utilizes per- layer path computation performed independently by successive PCEs. The PCE invoked by the head-end LSR computes a path that the LSR can use to signal an MPLS-TE or GMPLS LSP once the path information has been converted to an Explicit Route Object (ERO) for use in RSVP-TE signaling. There are two options. - Option 1: Mono-layer path. The PCE computes a "mono-layer" path, i.e., a path that includes only TE links from the same layer. There are two cases for this option. In the first case the PCE computes a path that includes already established lower-layer LSPs or lower-layer LSPs to be established on demand. That is, the resulting ERO includes sub- object(s) corresponding to lower-layer hierarchical LSPs expressed as the TE link identifiers of the hierarchical LSPs when advertised as TE links in the higher-layer network. The TE link may be a regular TE link that is actually established, or a virtual TE link that is not established yet (see [MLN-REQ]). If it is a virtual TE link, this triggers a setup attempt for a new lower-layer LSP when signaling reaches the head-end of the lower-layer LSP. Note that the path of a virtual TE link is not necessarily known in advance, and this may require a further (lower-layer) path computation. The second case is that the PCE computes a path that includes a loose hop that spans the lower-layer network. The higher layer path computation selects which lower layer network to use, and selects the entry and exit points from that lower-layer network, but does not select the path across the lower-layer network. A transit LSR that is the entry point to the lower-layer network is expected to expand the loose hop (either itself or relying on the services of a PCE). The path expansion process on the border LSR may result either in the selection of an existing lower-layer LSP, or in the computation and setup of a new lower-layer LSP. - Option 2: Multi-layer path. The PCE computes a "multi-layer" path, i.e., a path that includes TE links from distinct layers [RFC4206]. Such a path can include the complete path of one or more lower-layer LSPs that already exist or are not yet established. In the latter Oki et al Expires September 2007 4 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 case, the signaling of the higher-layer LSP will trigger the establishment of the lower-layer LSPs. 4. Inter-layer Path Computation Models As stated in Section 3, two PCE modes defined in the PCE architecture can be used to perform inter-layer path computation. They are discussed below. 4.1. Single PCE Inter-Layer Path Computation In this model Inter-layer path computation is performed by a single PCE that has topology visibility into all layers. Such a PCE is called a multi-layer PCE. In Figure 1, the network is comprised of two layers. LSRs H1, H2, H3, and H4 belong to the higher layer, and LSRs H2, H3, L1, and L2 belong to the lower layer. The PCE is a multi-layer PCE that has visibility into both layers. It can perform end-to-end path computation across layers (single PCE path computation). For instance, it can compute an optimal path H1-H2-L1-L2-H3-H4, for a higher layer LSP from H1 to H4. This path includes the path of a lower layer LSP from H2 to H3, already in existence or not yet established. ----- | PCE | ----- ----- ----- ----- ----- | LSR |--| LSR |................| LSR |--| LSR | | H1 | | H2 | | H3 | | H4 | ----- -----\ /----- ----- \----- -----/ | LSR |--| LSR | | L1 | | L2 | ----- ----- Figure 1 : Multi-Layer PCE - - A single PCE with multi-layer visibility 4.2. Multiple PCE Inter-Layer Path Computation In this model there is at least one PCE per layer, and each PCE has topology visibility restricted to its own layer. Some providers may want to keep the layer boundaries due to factors such as organizational and/or service management issues. The choice for multiple PCE computation instead of single PCE computation may also be driven by scalability considerations, as in this mode a PCE only needs to maintain topology information for one layer (resulting in a size reduction for the Traffic Engineering Database (TED)). These PCEs are called mono-layer PCEs. Mono-layer PCEs collaborate to compute an end-to-end optimal path across layers. Oki et al Expires September 2007 5 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 In Figure 2, there is one PCE in each layer. The PCEs from each layer collaborate to compute an end-to-end path across layers. PCE Hi is responsible for computations in the higher layer and may "consult" with PCE Lo to compute paths across the lower layer. PCE Lo is responsible for path computation in the lower layer. A simple example of cooperation between the PCEs could be as follows: - LSR H1 sends a request for a path H1-H4 to PCE Hi - PCE Hi selects H2 as the entry point to the lower layer, and H3 as the exit point. - PCE Hi requests a path H2-H3 from PCE Lo. - PCE Lo returns H2-L1-L2-H3 to PCE Hi. - PEC Hi is able to compute the full path (H1-H2-L1-L2-H3-H4) and return it to H1. Of course more complex cooperation may be required if an optimal end-to-end path is desired. ----- | PCE | | Hi | --+-- | ----- ----- | ----- ----- | LSR |--| LSR |............|...........| LSR |--| LSR | | H1 | | H2 | | | H3 | | H4 | ----- -----\ --+-- /----- ----- \ | PCE | / \ | Lo | / \ ----- / \ / \----- -----/ | LSR |--| LSR | | L1 | | L2 | ----- ----- Figure 2 : Cooperating Mono-Layer PCEs - Multiple PCEs with single- layer visibility 4.3. General Observations - Depending on implementation details, inter-layer path computation time in the Single PCE inter-layer path computation model may be Oki et al Expires September 2007 6 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 less than that of the Multiple PCE model with cooperating mono-layer PCEs, because there is no requirement to exchange messages between cooperating PCEs. - When TE topology for all layer networks is visible within one routing domain, the single PCE inter-layer path computation model may be adopted because a PCE is able to collect all layers' TE topologies by participating in only one routing domain. - As the single PCE inter-layer path computation model uses more TE topology information than is used by PCEs in the Multiple PCE path computation model, it requires more computation power and memory. When there are multiple candidate layer border nodes (we may say that the higher layer is multi-homed), optimal path computation requires that all the possible paths transiting different layer border nodes or links be examined. This is relatively simple in the single PCE inter-layer path computation model because the PCE has full visibility - - the computation is similar to the computation within a single domain of a single layer. In the multiple PCE inter- layer path computation model, backward recursive techniques described in [BRPC] could be used, by considering layers as separate domains. 5. Inter-Layer Path Control 5.1. VNT Management As a result of inter-layer path computation, a PCE may determine that there is insufficient bandwidth available in the higher-layer network to support this or future higher-layer LSPs. The problem might be resolved if new LSPs were provisioned across the lower- layer network. Further, the modification, re-organization and new provisioning of lower-layer LSPs may enable better utilization of lower-layer network resources given the demands of the higher-layer network. In other words, the VNT needs to be controlled or managed in cooperation with inter-layer path computation. A VNT Manager (VNTM) is defined as a network element that manages and controls the VNT. PCE and VNT Managemer are distinct functional elements that may or may not be co-located. 5.2. Inter-Layer Path Control Models 5.2.1. Cooperation Model Between PCE and VNTM ----- ------ | PCE |--->| VNTM | ----- ------ ^ : : : : : v V ----- ----- ----- ----- | LSR |----| LSR |................| LSR |----| LSR | | H1 | | H2 | | H3 | | H4 | ----- -----\ /----- ----- \----- -----/ | LSR |--| LSR | | L1 | | L2 | Oki et al Expires September 2007 7 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 ----- ----- Figure 3: Cooperation Model Between PCE and VNTM A multi-layer network consists of higher-layer and lower-layer networks. LSRs H1, H2, H3, and H4 belong to the higher-layer network, LSRs H2, L1, L2, and H3 belong to the lower-layer network, as shown in Figure 3. Consider that H1 requests PCE to compute an inter-layer path between H1 and H4. There is no TE link in the higher-layer between H2 and H3 before the path computation request fails. But the PCE may provide information to the VNT Manager responsible for the lower layer network that may help resolve the situation for future higher-layer LSP setup. The roles of PCE and VNTM are as follows. PCE performs inter-layer path computation and is unable to supply a path because there is no TE link between H2 and H3. The computation fails, but PCE suggests to VNTM that a lower-layer LSP (H2-H3) could be established to support future LSP requests. Messages from PCE to VNTM contain information about the higher-layer demand (from H2 to H3). VNTM uses local policy and possibly management/configuration input to determine how to process the suggestion from PCE, and may request an ingress LSR (e.g. H2) to establish a lower-layer LSP. VNTM or the ingress LSR (H2) may themselves use a PCE with visibility into the lower layer to compute the path of this new LSP. When the higher-layer PCE fails to compute a path and notifies VNTM, it may wait for the lower-layer LSP to be set up and advertised as a TE link. It could then compute the complete end-to-end path for the higher-layer LSP and return the result to the PCC. In this case, the PCC may be kept waiting for some time, and it is important that the PCC understands this. It is also important that the PCE and VNTM have an agreement that the lower-layer LSP will be set up in a timely manner, or that the PCE will be notified by VNTM that no new LSP will become available. In any case, if the PCE decides to wait, it must operates a timeout. An example of such a cooperative procedure between PCE and VNTM is as follows using the exmaple network in Figure 3. Step 1: H1 (PCC) requests PCE to compute a path between H1 and H4. Step 2: The path computation fails because there is no TE link across the lower-layer network. Step 3: PCE suggests to VNTM that a new TE link connecting H2 and H3 would be useful. VNTM considers whether lower-layer LSPs should be established if necessary and if acceptable within VNTM's policy constraints. The PCE notifies VNTM that it will be waiting for the TE link to be created. Step 4: VNTM requests an ingress LSR in the lower-layer network (e.g., H2) to establish a lower-layer LSP. The request message may include a lower-layer LSP route obtained from the PCE responsible for the lower-layer network. Step 5: The ingress LSR signals to establish the lower-layer LSP. Step 6: If the lower-layer LSP setup is successful, the ingress LSR notifies VNTM that the LSP is complete and supplies the tunnel information. Oki et al Expires September 2007 8 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Step 7: The ingress LSR (H2) advertises the new LSP as a TE link in the higher-layer network routing instance. Step 8: PCE notices the new TE link advertisement and recomputes the requested path. Step 9: PCE replies to H1 (PCC) with a computed higher-layer LSP route. The computed path is categorized as a mono-layer path that includes the already-established lower layer-LSP as a single hop in the higher layer. The higher-layer route is specified as H1-H2-H3-H4, where all hops are strict. Step 9: H1 initiates signaling with the computed path H2-H3-H4 to establish the higher-layer LSP. 5.2.2. Higher-Layer Signaling Trigger Model ----- | PCE | ----- ^ : : v ----- ----- ----- ----- | LSR |----| LSR |................| LSR |--| LSR | | H1 | | H2 | | H3 | | H4 | ----- -----\ /----- ----- \----- -----/ | LSR |--| LSR | | L1 | | L2 | ----- ----- Figure 4: Higher-layer Signaling Trigger Model Figure 4 shows the higher-layer signaling trigger model. As in the case described in Section 5.2.1, consider that H1 requests PCE to compute a path between H1 and H4. There is no TE link in the higher- layer between H2 and H3 before the path computation request. PCE is unable to compute a mono-layer path, but may judge that the establishment of a lower-layer LSP between H2 and H3 would provide adequate connectivity. If the PCE has inter-layer visibility it may return a path that includes hops in the lower layer (H1-H2-L1-L2-H3- H4), but if it has no visiblity into the lower layer, it may return a path with a loose hop from H2 to H3 (H1-H2-H3(loose)-H4). The former is a multi-layer path, and the latter a mono-layer path that includes loose hops. In the higher-layer signaling trigger model with a multi-layer path, the LSP route supplied by the PCE includes the route of a lower- layer LSP that is not yet established. A border LSR that is located at the boundary between the higher-layer and lower-layer networks (H2 in this example) receives a higher-layer signaling message, notices that the next hop is in the lower-layer network, starts to setup the lower-layer LSP as described in [RFC4206]. Note that these actions depends on a policy at the border LSR. An example procedure of the signaling trigger model with a multi-layer path is as follows. Oki et al Expires September 2007 9 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Step 1: H1 (PCC) requests PCE to compute a path between H1 and H4. The request indicates that inter-layer path computation is allowed. Step 2: As a result of the inter-layer path computation, PCE judges that a new lower-layer LSP needs to be established. Step 3: PCE replies to H1 (PCC) with a computed multi-layer route including higher-layer and lower-layer LSP routes. The route may be specified as H1-H2-L1-L2-H3-H4, where all hops are strict. Step 4: H1 initiates higher-layer signaling using the computed explicit router of H2-L1-L2-H3-H4. Step 5: The border LSR (H2) that receives the higher-layer signaling message starts lower-layer signaling to establish a lower-layer LSP along the specified lower-layer route of H2-L1-L2-H3. That is, the border LSR recognizes the hops within the explicit route that apply to the lower-layer network, verifies with local policy that a new LSP is acceptable, and establishes the required lower-layer LSP. Note that it is possible that a suitable lower-layer LSP has already been established (or become available) between the time that the computation was performed and the moment when the higher-layer signaling message reached the border LSR. In this case, the border LSR may select such a lower-layer LSP without the need to signal a new LSP provided that the lower-layer LSP satisfies the explicit route in the higher-layer signaling request. Step 6: After the lower-layer LSP is established, the higher-layer signaling continues along the specified higher-layer route of H2-H3- H4 using hierarchical signaling [RFC4206]. On the other hand, in the signaling trigger model with a mono-layer path, a higher-layer LSP route includes a loose hop to traverse the lower-layer network between the two border LSRs. A border LSR that receives a higher-layer signaling message needs to determine a path for a new lower-layer LSP. It applies local policy to verify that a new LSP is acceptable and then either consults a PCE with responsibility for the lower-layer network or computes the path by itself, and initiates signaling to establish the lower-layer LSP. Again, it is possible that a suitable lower-layer LSP has already been established (or become available). In this case, the border LSR may select such a lower-layer LSP without the need to signal a new LSP provided that the lower-layer LSP satisfies the explicit route in the higher-layer signaling request. Since the higher-layer signaling request used a loose hop without specifying any specifics of the path within the lower-layer network, the border LSR has greater freedom to choose a lower-layer LSP than in the previous example. The difference between procedures of the signaling trigger model with a multi-layer path and a mono-layer path is Step 5. Step 5 of the signaling trigger model with a mono layer path is as follows: Step 5': The border LSR (H2) that receives the higher-layer signaling message applies local policy to verify that a new LSP is acceptable and then initiates establishment of a lower-layer LSP. It either consults a PCE with responsibility for the lower-layer network or computes the route by itself to expand the loose hop route in the higher-layer path. Oki et al Expires September 2007 10 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Finally, note that a virtual TE link may have been advertised into the higher-layer network. This causes the PCE to return a path H1- H2-H3-H4 where all the hops are strict. But when the higher-layer signaling message reaches the layer border node H2 (that was responsible for advertising the virtual TE link) it realizes that the TE link does not exist yet, and signals the necessary LSP across the lower-layer network using its own path determination (just as for a loose hop in the higher layer) before continuing with the higher-layer signaling. 5.2.3. Examples of Multi-Layer ERO PCE ^ : : V H1--H2 H3--H4 \ / L1==L2==L3--L4--L5 | | L6--L7 \ H5--H6 Figure 5: Example of a Multi-Layer Network This section describes how lower-layer LSP setup is performed in the higher-layer signaling trigger model using an ERO that can include subobjects in both the higher and lower layers. It gives rise to several options for the ERO when it reaches the last LSR in the higher layer network (H2). 1. The next subobject is a loose hop to H3 (mono layer ERO). 2. The next subobject is a strict hop to L1 followed by a loose hop to H3. 3. The next subobjects are a series of hops (strict or loose) in the lower-layer network followed by H3. For example, {L1(strict), L3(loose), L5(loose), H3(strict)} In the first example, the lower layer can utilize any LSP tunnel that will deliver the end-to-end LSP to H3. In the third case, the lower layer must select an LSP tunnel that traverses L3 and L5. However, this does not mean that the lower layer can or should use an LSP from L1 to L3 and another from L3 to L5. 6. Choosing Between Inter-Layer Path Control Models This section compares the cooperation model between PCE and VNTM, and the higher-layer signaling trigger model, in terms of VNTM functions, border LSR functions, higher-layer signaling time, and complexity (in terms of number of states and messages). An appropriate model may be chosen by a network operator in different deployment scenarios taking all these considerations into account. 6.1. VNTM Functions: In the cooperation model, VNTM functions are required. In this model, communications are required between PCE and VNTM, and between VNTM and a border LSR. VNTM-LSR communication can rely on existing GMPLS-TE MIB modules. PCE-VNTM communication will be detailed in further revisions of this document. Oki et al Expires September 2007 11 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 In the higher-layer signaling trigger model, no VNTM functions are required, and no such communications are required. If VNTM functions are not supported in a multi-layer network, the higher-layer signaling trigger model has to be chosen. The inclusion of VNTM functionality allows better coordination of cross-network LSP tunnels and application of network-wide policy that is far harder to apply in the trigger model since it requires the coordination of policy between multiple border LSRs. 6.2. Border LSR Functions: In the higher-layer signaling trigger model, a border LSR must have some additional functions. It needs to trigger lower-layer signaling when a higher-layer path message suggests that lower-layer LSP setup is necessary. Note that, if virtual TE links are used, the border LSRs must be capable of triggered signaling. If the ERO in the higher-layer Path message uses a mono-layer path or specifies a loose hop, the border LSR receiving the Path message must obtain a lower-layer route either by consulting a PCE or by using its own computation engine. If the ERO in the higher-layer Path message uses a multi-layer path, the border LSR must judge whether lower-layer signaling is needed. In the cooperation model, no additional function for triggered signaling is required in border LSRs except when virtual TE links are used. Therefore, if these additional functions are not supported in border LSRs, where a border LSR is controlled by VNTM to set up a lower-layer LSP, the cooperation model has to be chosen. 6.3. Complete Inter-Layer LSP Setup Time: Complete inter-layer LSP setup time includes inter-layer path computation, signaling, and communication time between PCC and PCE, PCE and VNTM, and VNTM and LSR. In the cooperation model, the additional communication steps are required compared with the higher-layer signaling trigger model. On the other hand, the cooperation model provides better control at the cost of a longer service setup time. Note that, in terms of higher-layer signaling time, in the higher- layer signaling trigger model, the required time from when higher- layer signaling starts to when it is completed, is more than that of the cooperation model except when a virtual TE link is included. This is because the former model requires lower-layer signaling to take place during the higher-layer signaling. A higher-layer ingress LSR has to wait for more time until the higher-layer signaling is completed. A higher-layer ingress LSR is required to be tolerant of longer path setup times. 6.4. Network Complexity If the higher and lower layer networks have multiple interconnects then optimal path computation for end-to-end LSPs that cross the layer boundaries is non-trivial. The higher layer LSP must be routed to the correct layer border nodes to achieve optimality in both layers. Oki et al Expires September 2007 12 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 Where the lower layer LSPs are advertised into the higher layer network as TE links, the computation can be resolved in the higher layer network. Care needs to be taken in the allocation of TE metrics (i.e., costs) to the lower layer LSPs as they are advertised as TE links into the higher layer network, and this might be a function for a VNT Manager component. Similarly, attention should be given to the fact that the LSPs crossing the lower-layer network might share points of common failure (e.g., they might traverse the same link in the lower-layer network) and the shared risk link groups (SRLGs) for the TE links advertised in the higher-layer must be set accordingly. In the single PCE model an end-to-end path can be found in a single computation because there is full visibility into both layers and all possible paths through all layer interconnects can be considered. Where PCEs cooperate to determine a path, an iterative computation model such as [BRPC] can be used to select an optimal path across layers. When non-cooperating mono-layer PCEs, each of which is in a separate layer, are used with the triggered LSP model, it is not possible to determine the best border LSRs, and connectivity cannot even be guaranteed. In this case, signaling crankback techniques [CRANK] can be used to eventually achieve connectivity, but optimality is far harder to achieve. In this model, a PCE that is requested by an ingress LSR to compute a path expects a border LSR to setup a lower- layer path triggered by high-layer signaling when there is no TE link between border LSRs. 6.5. Separation of Layer Management Many network operators may want to provide a clear separation between the management of the different layer networks. In some cases, the lower layer network may come from a separate commercial arm of an organization or from a different corporate body entirely. In these cases, the policy applied to the establishment of LSPs in the lower-layer network and to the advertisement of these LSPs as TE links in the higher-layer network will reflect commercial agreements and security concerns (see next section). Since the capacity of the LSPs in the lower-layer network are likely to be significantly larger than those in the client higher-layer network (multiplex- server model), the administrator of the lower-layer network may want to exercise caution before allowing a single small demand in the higher layer to tie up valuable resources in the lower layer. The necessary policy points for this separation of administration and management are more easily achieved through the VNTM approach than by using triggered signaling. In effect, the VNTM is the coordination point for all lower layer LSPs and can be closely tied to a human operator as well as to policy and billing. Such a model can also be achieved using triggered signaling. 7. Security Considerations Inter-layer traffic engineering with PCE raises new security issues in both inter-layer path control models. Oki et al Expires September 2007 13 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 In the cooperation model between PCE and VNTM, when the PCE judges a new lower-layer LSP, communications between PCE and VNTM and between VNTM and a border LSR are needed. In this case, there are some security concerns that need to be addressed for these communications. These communications should have some security mechanisms to ensure authenticity, privacy and integrity. In particular, it is important to protect against false triggers for LSP setup in the lower-layer network. In the higher-layer signaling trigger model, there are several security concerns. First, PCE may inform PCC, which is located in the higher-layer network, of multi-layer path information that includes an ERO in the lower-layer network, while the PCC may not have TE topology visibility into the lower-layer network. This raises a security concern, where lower-layer hop information is known to transit LSRs supporting a higher-layer LSP. Some security mechanisms to ensure authenticity, privacy and integrity may be used. Security issues may also exist when a single PCE is granted full visibility of TE information that applies to multiple layers. 8. Acknowledgment We would like to thank Kohei Shiomoto, Ichiro Inoue, Julien Meuric, Jean-Francois Peltier, Young Lee, and Ina Minei for their useful comments. 9. References 9.1. Normative Reference [RFC3031] Rosen, E., Viswanathan, A., and R. Callon, "Multiprotocol Label Switching Architecture", RFC 3031, January 2001. [RFC3945] Mannie, E., "Generalized Multi-Protocol Label Switching Architecture", RFC 3945, October 2004. [RFC4206] Kompella, K., and Rekhter, Y., "Label Switched Paths (LSP) Hierarchy with Generalized Multi-Protocol Label Switching (GMPLS) Traffic Engineering (TE)", RFC 4206, October 2005. [RFC4655] A. Farrel, JP. Vasseur and J. Ash, "A Path Computation Element (PCE)-Based Architecture", RFC 4655, August 2006. 9.2. Informative Reference [MLN-REQ] K. Shiomoto et al., "Requirements for GMPLS-based multi- region networks (MRN)", draft-ietf-ccamp-gmpls-mln-reqs (work in progress). [PCE-INTER-LAYER-REQ] E. Oki et al., "PCC-PCE Communication Requirements for Inter-Layer Traffic Engineering", draft-ietf-pce- inter-layer-req (work in progress). [BRPC] JP. Vasseur et al., "A Backward Recursive PCE-based Computation (BRPC) procedure to compute shortest inter-domain Traffic Engineering Label Switched Paths", draft-ietf-pce-brpc (work in progress). [CRANK] A. Farrel et al., "Crankback Signaling Extensions for MPLS and GMPLS RSVP-TE", draft-ietf-ccamp-crankback (work in progress). Oki et al Expires September 2007 14 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 10. Authors' Addresses Eiji Oki NTT 3-9-11 Midori-cho, Musashino-shi, Tokyo 180-8585, Japan Email: oki.eiji@lab.ntt.co.jp Jean-Louis Le Roux France Telecom R&D, Av Pierre Marzin, 22300 Lannion, France Email: jeanlouis.leroux@orange-ftgroup.com Adrian Farrel Old Dog Consulting Email: adrian@olddog.co.uk 11. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The IETF Trust (2007). Oki et al Expires September 2007 15 draft-ietf-pce-inter-layer-frwk-03.txt March 2007 This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Oki et al Expires September 2007 16