-----Message d'origine-----
De : pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org] De la part de Gray, Eric
Envoyé : jeudi 30 juin 2005 17:27
À : 'JP Vasseur'
Cc : pce <at> ietf.org
Objet : RE: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

JP,

 

    I believe this draft needs more work - particularly in the area of establishing

"security requirements" (as opposed to simple inclusion of a security section)

- before it is ready to be adopted as a WG document.
[JLLR]  

 

    Implicit in the PCE concept is the inherently undefined nature of the trust

model that may apply in any given deployment. Consequently it MUST be a

requirement that any PCE discovery mechanism explicitly supports a specific

set of trust models and that the complete set of possible solutions (assuming

the _possibility_ that one solution may not satisfy all requirements) supports

every reasonable combination of security trust models.

 

    It is imperative that this is established as a "requirement" of PCE discovery

solutions because this requirement will have a very definite effect on choices

the WG might make right away in seeking a solution.

 

    For example, assuming that we need to support a model where we assume

that it is possible for a foreign agency to mimic a valid PCE, this assumption

will severely limit the approaches that might be used - as long as it is also a

requirement to avoid approaches that require extensive manual configuration.

 

    To further illustrate this example, this requirement would make a choice of

discovery based on broadcast/multicast announcement mechanisms much

less workable - possibly directing us more toward an authenticated directory

service approach.

 

    To accept this document as a WG document without first nailing down the

specific security requirements that we want to apply would potentially send

the wrong message to the authors, the WG, the Internet community and -

possibly - the IESG.

 

    It is far more important to ensure that the work has started in the right

direction than it is to drive the work to conform more closely to a time table.

 

--

Eric

-----Original Message-----
From: pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org]On Behalf Of JP Vasseur
Sent: Thursday, June 30, 2005 9:53 AM
To: pce <at> ietf.org
Subject: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

Dear WG,

draft-leroux-discovery-reqs has just been re-published, addressing several of comments received during the last meeting and on the list (very few remaining open items).

Could you provide us your feed-back on adopting draft-leroux-discovery-reqs-01.txt as a WG document ?

JP and Adrian.

-----Message d'origine-----
De : Dimitri.Papadimitriou <at> alcatel.be [mailto:Dimitri.Papadimitriou <at> alcatel.be]
Envoyé : samedi 2 juillet 2005 16:26
À : LE ROUX Jean-Louis RD-CORE-LAN
Cc : pce <at> ietf.org
Objet : Re: [Pce] PCE Disco Reqs v01

hi jean-louis

thanks for the update, i have the following comments/feedback

1. in the introduction you refer to "some relevant PCE" and it is important to be more accurate since this plays a specific role in the discovery context of this document
[JLLR]  Yes, it means PCE for inter-domain path computation, we will clarify in next revision 

2. in the same section the document mentions MPLS-TE and GMPLS capable PCEs, i wonder whether you not simply mean here path computed such as to be subsequently used by RSVP-TE and GMPLS RSVP-TE taking into accound specific set of constraints that can be used by such PCEs;
[JLLR] Yes, I think that this is clear for everyone isn't it?

 also i think there is an inclusion relationship that should be pointed out here as the latter (a GMPLS-capable PCE) is by definition an MPLS- capable PCE
[JLLR] Agree 

3. section 5.1.2 it is unclear from this section whether the proposed discovery mechanism still allows for having multiple PCEs scoping a set of overlapping domains;
[JLLR] The answer is yes, 
[JLLR] But actually this is a question more related to the PCE architecture itself. It depends on what you mean by overlapping. In the inter-area context for instance there is some overlapping between domains as ABRs belong to two or more domains.

 and in particular when X PCEs scope a single domain how it is possible to target a given PCE if there scope in terms of reachable prefixes is non-overlapping
 
[JLLR] You raise a good point, we should add discovery of domain(s) towards which a PCE can compute a path

For instance in the example of section 4, R9 is a composite PCE that can take part in inter-AS path 
computation, responsible for path computation in AS1 towards AS2. PCCs has to dynamically discover R9 as a PCE for inter-AS path computation as well as its path computation domain: AS1, and the domain towards which it can compute paths: AS2 

This will be added in next revision.

4. section 5.1.3 refers to the capability to handle "request prioritization" but it is unclear to which priority you are referring is this a specific and explicit information element as part of the request itself ?
[JLLR] Yes it is

Note that actually capability description is out of the scope of this document, and should be addressed in a separate doc

 or an implicit prioritization mechanism based on the requestor identity, the type of request it initiates, etc
 

5. section 4 refers to the PCE liveness detection, there are two issues here where this 60s come from - why is there a need for emitting such liveness information every 60s ?
[JLLR] I agree that the requirement has to be reformulated. Actually what we want is a way to discover that a PCE is no longer alive under 60s, and this does not necessarily require emitting such information every 60s, this could be event driven by the way.

  beside the overhead such mechanism would generate it is rather unclear why a discovery mechanism has to ensure such keep-alive mechanism even for PCCs that do not make any use of the PCE(s) issuing this information

6. section 5.8 is simply outside of the scope of the present document, PCE selection is decoupled from their discovery
[JLLR] OK, this will be removed

By the way do you have any feedback on section 5.5?

Again thanks for these useful comments

Best Regards

JL 

thanks,

- dimitri.

"LE ROUX Jean-Louis RD-CORE-LAN" <jeanlouis.leroux <at> francetelecom.com>
Sent by: pce-bounces <at> lists.ietf.org
06/29/2005 14:00 ZE2

To: <pce <at> ietf.org>
cc:
bcc:
Subject: [Pce] PCE Disco Reqs v01

Hi all,

Version 01 of the PCE discovery reqs ID has just been published
http://www.ietf.org/internet-drafts/draft-leroux-pce-discovery-reqs-01.txt

This version takes into account comments received during Minneapolis session and on the list.

Here are the major changes since 00:
-Added multi-area network case in the problem statement
-Added application scenario (section 4)
-Section 5.1 on capability discovery modified as per discussions on the list:
        -Discovery of PCE location, PCE scopes and domain(s) under control is mandatory
        -Capability discovery is no longer a MUST
       The list of capabilities is now out of the scope and should be addressed in a
       separate document.
      
-Added section 5.6 on extensibility
-Added Security section

Section 5.5 (Discovery of PCE capacity and congestion) requires WG feedback:
-Is there a need for the discovery of PCE capacity in terms of computation power? This static parameter could be used to ensure weighted load balancing of requests in case PCEs do not have the same capacity.

-Would it be useful that a PCE report its status as "congested" in case it is too busy? PCCs may then use this dynamic information to prefer a different PCE.

Your comments/feedback would be highly welcome, especially on the above point

Best Regards,

JL

_______________________________________________
Pce mailing list
Pce <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/pce

-----Original Message-----
From: LE ROUX Jean-Louis RD-CORE-LAN [mailto:jeanlouis.leroux <at> francetelecom.com]
Sent: Tuesday, July 05, 2005 2:37 AM
To: Gray, Eric; JP Vasseur
Cc: pce <at> ietf.org
Subject: RE : [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

Hi Eric

 

We have a security section that is IMHO quite clear in terms of masquerade, forgery...

and indirectly addresses trust models you refer to.

But I agree with you that security requirements of a PCE discovery solution would better

be addressed in a dedicated section "PCE Discovery security requirements"  rather than in the default security section.

What about the following:

 

"5.9 PCE Discovery Security Requirements

 

The PCE Discovery mechanism MUST address security issues across multiple ASes.

Key consideration MUST be given in terms of how to establish a trusted model for PCE discovery.

The PCE discovery mechanism MUST explicitly support a specific set of trust models.

 

Particularly, mechanisms MUST be defined to avoid PCE masquerade and forgery.

It MUST be possible for PCEs to authenticate PCCs and for PCCs to authenticate PCEs.

 

Also, the PCE discovery mechanism MUST be able to restrict the scope of 
discovery to a set of authorized PCCs. The identity of any PCE MUST only be learnt by authorized PCCs.

It MUST be possible to encrypt  discovery information." 

Note that this requirement also implies the PCC-PCE communication protocol.

 

Is it fine with you if we add this section for next revision?

 

Best Regards

 

JL

 

 

 

 

-----Message d'origine-----
De : pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org] De la part de Gray, Eric
Envoyé : jeudi 30 juin 2005 17:27
À : 'JP Vasseur'
Cc : pce <at> ietf.org
Objet : RE: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

JP,

 

    I believe this draft needs more work - particularly in the area of establishing

"security requirements" (as opposed to simple inclusion of a security section)

- before it is ready to be adopted as a WG document.
[JLLR]  

 

    Implicit in the PCE concept is the inherently undefined nature of the trust

model that may apply in any given deployment. Consequently it MUST be a

requirement that any PCE discovery mechanism explicitly supports a specific

set of trust models and that the complete set of possible solutions (assuming

the _possibility_ that one solution may not satisfy all requirements) supports

every reasonable combination of security trust models.

 

    It is imperative that this is established as a "requirement" of PCE discovery

solutions because this requirement will have a very definite effect on choices

the WG might make right away in seeking a solution.

 

    For example, assuming that we need to support a model where we assume

that it is possible for a foreign agency to mimic a valid PCE, this assumption

will severely limit the approaches that might be used - as long as it is also a

requirement to avoid approaches that require extensive manual configuration.

 

    To further illustrate this example, this requirement would make a choice of

discovery based on broadcast/multicast announcement mechanisms much

less workable - possibly directing us more toward an authenticated directory

service approach.

 

    To accept this document as a WG document without first nailing down the

specific security requirements that we want to apply would potentially send

the wrong message to the authors, the WG, the Internet community and -

possibly - the IESG.

 

    It is far more important to ensure that the work has started in the right

direction than it is to drive the work to conform more closely to a time table.

 

--

Eric

-----Original Message-----
From: pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org]On Behalf Of JP Vasseur
Sent: Thursday, June 30, 2005 9:53 AM
To: pce <at> ietf.org
Subject: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

Dear WG,

draft-leroux-discovery-reqs has just been re-published, addressing several of comments received during the last meeting and on the list (very few remaining open items).

Could you provide us your feed-back on adopting draft-leroux-discovery-reqs-01.txt as a WG document ?

JP and Adrian.

-----Message d'origine-----
De : Gray, Eric [mailto:Eric.Gray <at> marconi.com]
Envoyé : mardi 5 juillet 2005 13:37
À : LE ROUX Jean-Louis RD-CORE-LAN
Cc : pce <at> ietf.org; JP Vasseur
Objet : RE: RE : [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

JL,

 

    As long as we include explicit security requirements, and define some trust models

that we expect to support, then we are definitely moving in the right direction. We can

figure out wording details as we go along.  In other words, I do not know that the text

you propose is what the WG is looking for, but including your proposed text gives the

WG something to respond to.

 

    One relatviely small point is that there is a list of high-level requirements in section

3.2 (Requirements Overview) that should include some mention of security requirements.

 

--

Eric

-----Original Message-----
From: LE ROUX Jean-Louis RD-CORE-LAN [mailto:jeanlouis.leroux <at> francetelecom.com]
Sent: Tuesday, July 05, 2005 2:37 AM
To: Gray, Eric; JP Vasseur
Cc: pce <at> ietf.org
Subject: RE : [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

Hi Eric

 

We have a security section that is IMHO quite clear in terms of masquerade, forgery...

and indirectly addresses trust models you refer to.

But I agree with you that security requirements of a PCE discovery solution would better

be addressed in a dedicated section "PCE Discovery security requirements"  rather than in the default security section.

What about the following:

 

"5.9 PCE Discovery Security Requirements

 

The PCE Discovery mechanism MUST address security issues across multiple ASes.

Key consideration MUST be given in terms of how to establish a trusted model for PCE discovery.

The PCE discovery mechanism MUST explicitly support a specific set of trust models.

 

Particularly, mechanisms MUST be defined to avoid PCE masquerade and forgery.

It MUST be possible for PCEs to authenticate PCCs and for PCCs to authenticate PCEs.

 

Also, the PCE discovery mechanism MUST be able to restrict the scope of 
discovery to a set of authorized PCCs. The identity of any PCE MUST only be learnt by authorized PCCs.

It MUST be possible to encrypt  discovery information." 

Note that this requirement also implies the PCC-PCE communication protocol.

 

Is it fine with you if we add this section for next revision?

 

Best Regards

 

JL

 

 

 

 

-----Message d'origine-----
De : pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org] De la part de Gray, Eric
Envoyé : jeudi 30 juin 2005 17:27
À : 'JP Vasseur'
Cc : pce <at> ietf.org
Objet : RE: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

JP,

 

    I believe this draft needs more work - particularly in the area of establishing

"security requirements" (as opposed to simple inclusion of a security section)

- before it is ready to be adopted as a WG document.
[JLLR]  

 

    Implicit in the PCE concept is the inherently undefined nature of the trust

model that may apply in any given deployment. Consequently it MUST be a

requirement that any PCE discovery mechanism explicitly supports a specific

set of trust models and that the complete set of possible solutions (assuming

the _possibility_ that one solution may not satisfy all requirements) supports

every reasonable combination of security trust models.

 

    It is imperative that this is established as a "requirement" of PCE discovery

solutions because this requirement will have a very definite effect on choices

the WG might make right away in seeking a solution.

 

    For example, assuming that we need to support a model where we assume

that it is possible for a foreign agency to mimic a valid PCE, this assumption

will severely limit the approaches that might be used - as long as it is also a

requirement to avoid approaches that require extensive manual configuration.

 

    To further illustrate this example, this requirement would make a choice of

discovery based on broadcast/multicast announcement mechanisms much

less workable - possibly directing us more toward an authenticated directory

service approach.

 

    To accept this document as a WG document without first nailing down the

specific security requirements that we want to apply would potentially send

the wrong message to the authors, the WG, the Internet community and -

possibly - the IESG.

 

    It is far more important to ensure that the work has started in the right

direction than it is to drive the work to conform more closely to a time table.

 

--

Eric

-----Original Message-----
From: pce-bounces <at> lists.ietf.org [mailto:pce-bounces <at> lists.ietf.org]On Behalf Of JP Vasseur
Sent: Thursday, June 30, 2005 9:53 AM
To: pce <at> ietf.org
Subject: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WG document ?

Dear WG,

draft-leroux-discovery-reqs has just been re-published, addressing several of comments received during the last meeting and on the list (very few remaining open items).

Could you provide us your feed-back on adopting draft-leroux-discovery-reqs-01.txt as a WG document ?

JP and Adrian.

----- Original Message -----

From: LE ROUX Jean-Louis RD-CORE-LAN

To: pce <at> ietf.org

Sent: Wednesday, June 29, 2005 8:00 AM

Subject: [Pce] PCE Disco Reqs v01

Hi all,

Version 01 of the PCE discovery reqs ID has just been published
http://www.ietf.org/internet-drafts/draft-leroux-pce-discovery-reqs-01.txt

This version takes into account comments received during Minneapolis session and on the list.

Here are the major changes since 00:
-Added multi-area network case in the problem statement
-Added application scenario (section 4)
-Section 5.1 on capability discovery modified as per discussions on the list:
        -Discovery of PCE location, PCE scopes and domain(s) under control is mandatory
        -Capability discovery is no longer a MUST
       The list of capabilities is now out of the scope and should be addressed in a
       separate document.
      
-Added section 5.6 on extensibility
-Added Security section

Section 5.5 (Discovery of PCE capacity and congestion) requires WG feedback:
-Is there a need for the discovery of PCE capacity in terms of computation power? This static parameter could be used to ensure weighted load balancing of requests in case PCEs do not have the same capacity.

-Would it be useful that a PCE report its status as "congested" in case it is too busy? PCCs may then use this dynamic information to prefer a different PCE.

Your comments/feedback would be highly welcome, especially on the above point

Best Regards,

JL

_______________________________________________
Pce mailing list
Pce <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/pce

----- Original Message -----

From: JP Vasseur

To: pce <at> ietf.org

Sent: Thursday, June 30, 2005 9:53 AM

Subject: [Pce] Adoption of draft-leroux-pce-discovery-reqs-01.txt as WGdocument ?

Dear WG,

draft-leroux-discovery-reqs has just been re-published, addressing several of comments received during the last meeting and on the list (very few remaining open items).

Could you provide us your feed-back on adopting draft-leroux-discovery-reqs-01.txt as a WG document ?

JP and Adrian.

_______________________________________________
Pce mailing list
Pce <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/pce

----- Original Message -----

From: Dimitri.Papadimitriou <at> alcatel.be

To: Igor Bryskin

Cc: LE ROUX Jean-Louis RD-CORE-LAN ; pce <at> ietf.org

Sent: Wednesday, July 06, 2005 12:08 PM

Subject: Re: [Pce] PCE Disco Reqs v01

igor, JL - a couple of comments:

1. On more than one occasions you use the term "TE-LSP path computation request". This sounds like an assumption that paths are computed separately for each TE-LSP. In reality, though, a single path computation request for a protected service is expected to determine paths for multiple LSPs (working and protecting). Furthermore, a single path computation may be performed for multiple services to make them possible sharing protection resources. I would suggest dropping the "TE-LSP" from the "TE-LSP path computation" combination;

2. In section 5.1.3 you mentioned among GMPLS capabilities a capability to compute multi-layer paths. This sounds inaccurate: paths are always computed in one network layer, however, a capable PCE may determine/suggest necessary reconfigurations in lower layer(s) in order to satisfy a particular path computation request;

[dp] i would like to know how you have come to the second sentence statement - now more specifically, and in the context of the PCE discovery document, per [LSP-HIER] an incoming ERO may include the path to the lower SC, procedure is described in section 8.2 of that document so there is nothing wrong in that sentence it just need a clarification, that the sequence of hops resulting from this computation may be covering multiple LSP regions

IB>> Come on, we had this argument many times already. Note, first, that neither me nor the document mentioned the term "region". Furthermore, a PSC LSP does not "go" through a lambda layer, rather, it uses H-LSPs created in the lambda layer as PSC data links. These links are no different from statically provisioned PSC links with an exception that the former could be installed and removed by the control plane. This is what I meant by the "lower layer re-configuration". The ERO subobjects associated with lambda switching capability is just one (and not the smartest IMO) way to control such re-configuration. An alternative way, for instance, would be for a PCE to assume the VNT manager role and request the lambda H-LSP provisioning *before* responding to the path computation request.

3. I believe it should be stated more clearly that 2 stages of PCE discovery are needed: basic stage and detailed stage. During the basic stage PCE publishes some basic information about itself (presence, computation scope, etc.) on the network independently from PCCs. Interested PCCs should be able to participate in the detailed discovery stage, that is, to establish communication sessions (via PCC-PCE or a separate protocol) with the PCE to request/subscribe on the PCE detailed information (capability, CPU power, capacity, status, etc.). This would be good IMO both from the scalability and security points of view.

[dp] not sure to understand why an "interested" PCC needs detailed information on the CPU and memory utilisation at the end why more classical "admission control" and "back pressure" mechanism can not be used here ?

IB>> In this clause I didn't mean CPU or memory utilisation, rather, things like PCE sets of constraints that it can honor, optimization functions, diversity types, etc. 

4. Responding to your questions:
        -Is there a need for the discovery of PCE capacity in terms of 
         computation power? This static parameter could be used to 
         ensure weighted load balancing of requests in case PCEs do not 
         have the same capacity.
Yes. It could be achieved by a direct request from a PCC during the detailed discovery stage (see above).

[dp] this is not the issue, even if the PCC knows the detailed computation power utilisation the significance of this information for the PCC itself can not tell to this PCC more than a "don't use" if it crosses a given threshold since the PCC does not know how much the request the PCC is going to initiate will consume on the PCE itself - there is an issue of the significance of the information that needs to be discussed first before requiring its initial or later stage discovery

        -Would it be useful that a PCE report its status as "congested" 
         in case it is too busy? PCCs may then use this dynamic 
         information to prefer a different PCE. 
Yes. It could be achieved by a subscription of a PCC on the PCE's status change (also during the detailed discovery stage ).

[dp] as also proposed by JL an event driven mechanism would be advisable

IB>> As the document states this information would help a PCC to choose most suitable PCE.

 

Igor

----- Original Message -----
From: LE ROUX Jean-Louis RD-CORE-LAN
To: pce <at> ietf.org
Sent: Wednesday, June 29, 2005 8:00 AM
Subject: [Pce] PCE Disco Reqs v01

Hi all,

Version 01 of the PCE discovery reqs ID has just been published
http://www.ietf.org/internet-drafts/draft-leroux-pce-discovery-reqs-01.txt

This version takes into account comments received during Minneapolis session and on the list.

Here are the major changes since 00:
-Added multi-area network case in the problem statement
-Added application scenario (section 4)
-Section 5.1 on capability discovery modified as per discussions on the list:
        -Discovery of PCE location, PCE scopes and domain(s) under control is mandatory
        -Capability discovery is no longer a MUST
       The list of capabilities is now out of the scope and should be addressed in a
       separate document.
      
-Added section 5.6 on extensibility
-Added Security section

Section 5.5 (Discovery of PCE capacity and congestion) requires WG feedback:
-Is there a need for the discovery of PCE capacity in terms of computation power? This static parameter could be used to ensure weighted load balancing of requests in case PCEs do not have the same capacity.

-Would it be useful that a PCE report its status as "congested" in case it is too busy? PCCs may then use this dynamic information to prefer a different PCE.

Your comments/feedback would be highly welcome, especially on the above point

Best Regards,

JL

_______________________________________________
Pce mailing list
Pce <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/pce

_______________________________________________
Pce mailing list
Pce <at> lists.ietf.org
https://www1.ietf.org/mailman/listinfo/pce