CCAMP Working Group                                  J. Drake (Calient)
Internet Draft                               D. Papadimitriou (Alcatel)
Category: Standard Track                 A. Farrel (Old Dog Consulting)
                                                      D. Brungard (ATT)
                                                         Z. Ali (Cisco)

Expiration Date: April 2004                                October 2003


                Generalized MPLS (GMPLS) RSVP-TE Signalling
        in support of Automatically Switched Optical Network (ASON)

               draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that
   other groups may also distribute working documents as Internet-
   Drafts. Internet-Drafts are draft documents valid for a maximum of
   six months and may be updated, replaced, or obsoleted by other
   documents at any time. It is inappropriate to use Internet- Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

1. Abstract

   This document specifies how Generalized MPLS (GMPLS) RSVP-TE
   signaling may be used and extended to satisfy the requirements of
   the Automatically Switched Optical Network (ASON) architecture
   specified by the ITU-T. The requirements are in a companion document
   "Requirements for Generalized MPLS (GMPLS) Usage and Extensions for
   Automatically Switched Optical Network (ASON)."

   In particular, this document details the mechanisms for setting up
   Soft Permanent Connections (SPC), the necessary extensions in
   delivering full and logical call/connection separation support, the
   extended restart capabilities during control plane failures,
   extended label usage and crankback signalling capability.

   The mechanisms proposed in the present document are applicable to
   any environment (including multi-area) and for any type of
   interface: packet, layer-2, time-division multiplexed, lambda or
   fiber switching.

D.Papadimitriou et al. - Expires April 2004                          1

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


2. Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in
   this document are to be interpreted as described in [RFC2119].

   In addition, the reader is assumed to be familiar with the
   terminology used in [RFC3471] and [RFC3473].

3. Introduction

   This document describes how GMPLS RSVP-TE signaling [RFC-3473] can
   be used and extended in support of Automatically Optical Switched
   Networks (ASON) as specified in the ITU-T G.8080 recommendation
   [G.8080]. Note, however, that the mechanisms that it describes and
   references have a larger scope than the one described in this
   document.

   [ASON-REQ] identifies the requirements to be covered by the
   extensions to the GMPLS signaling protocols to support the
   capabilities of an ASON network.

   The following are expected from the GMPLS protocol suite to realize
   the needed ASON functionality:
   a) support for soft permanent connection functionality
   b) support for call and connection separation
   c) support for call segments
   d) support for extended restart capabilities during control plane
      failures
   e) support for extended label association
   f) support for crankback capability.

   This document is aligned with the [RSVP-CHANGE] process, which
   requires evaluation of the existing protocol functionality for
   achieving the requested functionality and justification for any
   requested changes or new extensions. In this context, the following
   summarizes the evaluation and assumptions made:

   1. The requirements for LSP setup can be achieved using the peer
      model described in [RFC3473] or the overlay model described in
      [GMPLS-OVERLAY]. Thus, the processing of standard objects and
      functions (such as Explicit Route object and Record Route object)
      are exactly as described in those documents.

   2. The second is that any GMPLS RSVP object, message or procedure
      not defined in this document or in a directly referenced document
      is handled exactly as described in [RFC3473], [RFC3209] and
      [RFC2205]. An important consideration is that the procedures
      introduced by this document do not introduce any forward or
      backward compatibility issue.

   3. The mechanisms proposed in this document are not restricted to
      LSC or TDM capable interfaces, but are equally applicable to any

D.Papadimitriou et al. - Expires March 2004                          2

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


      packet or layer-2 interfaces. As a consequence, the present
      document proposes ubiquitously applicable RSVP extensions.

3.1 Comparison with Previous Work

   Informational RFCs [RFC3474] and [RFC3476] document extensions to
   and uses of GMPLS signaling to meet the requirements of ASON
   Distributed Call and Connection Management (DCM) as specified in
   [G.7713] and [OIF-UNI] implementation agreement, respectively.

   While both RFCs make use of GMPLS RSVP-TE signaling, there are key
   differences from the problem statement in [ASON-REQ] and the
   solution provided by these Informational RFCs. These differences
   result from the development of a fuller and clearer set of
   requirements in [G.8080] after the time that [RFC3474] was published
   and [ASON-REQ] considerations for compatibility aspects with GMPLS
   [RFC3473]. These differences are enumerated below and detailed in
   Appendix 1.

   1. As described in [G.8080], there are various models and multiple
   methods of achieving connections across multiple domains. [RFC3474]
   is similar to a cooperative connection model between domains, that
   is, there is no overall coordination, and it uses point-to-point E-
   NNI signaling between inter-domain border controllers (i.e. single-
   hop LSP). Additionally, it requires address resolution at both
   border controllers regardless of the address space used. Recent
   enhancements to [G.8080] include end-to-end network capabilities
   based on flexible path selection (end-to-end) to support optimal
   route selection i.e. source-based rerouting and crankback.
   To provide for these enhancements and future capabilities (e.g.,
   VPNs), [ASON-REQ] is based on an inter-domain model using an end to
   end call model, modeling multiple domains as one virtual network and
   optional one-time (ingress) address resolution (optional, if
   multiple address families are needed). Note that this model is same
   model used by [RFC3471] and [RFC3473].

   2. [RFC3474] distinguishes between use of [RFC3474] for ASON
   networks and use of [RFC3473] for GMPLS networks; no compatibility
   aspects are addressed, whereas, [ASON-REQ] addresses ASON
   requirements for GMPLS networks. Backward compatibility allows for a
   migration or coexistence with GMPLS RSVP-TE [RFC3473] use. [ASON-
   REQ] requires that for any new and existing GMPLS features,
   [RFC3473] transit nodes do not need to be updated and do not need to
   modify their behavior to support the end-to-end features of ASON.
   The solution provided by [RFC3474] is not backward compatible with
   [RFC3473], and [RFC3474] can not be used in a network with
   [RFC3473], as incorrect network behavior will result.

   3. While existing GMPLS signalling [RFC3473] supports Soft Permanent
   Connections (SPCs), [RFC3474] defines a new mechanism to support
   SPCs, and this new mechanism is incompatible with [RFC3473].



D.Papadimitriou et al. - Expires March 2004                          3

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   4. [RFC3474] does not support full call and connection separation,
   multiple connections per call, or ingress/egress node capability
   negotiation prior to connection establishment.

   5. [RFC3474] does not support call segment signaling mechanisms, as
   required in [G.8080] and [G.7713].

   6. [RFC3474] defines control plane restart capabilities that are
   incompatible with those described in [RFC3473].

   7. [RFC3474] does not support crankback signaling mechanisms [GMPLS-
   CRANK], as required in [G.8080] and [G.7713].

3.2 Applicability

   The requirements placed on the signaling plane of an optical network
   to support the capabilities of an Automatically Switched Optical
   Network (see [ASON-REQ]) can be met by both the peer model and the
   overlay model as described below.

   Some extensions to the core signaling features (see [RFC3473]) are
   required in support of some of the requirements. [GMPLS-OVERLAY]
   defines a common set of standard procedures for the overlay model.
   Other documents referenced in specific subsections of this document
   define specific protocol extensions in support of specific ASON
   requirements.

3.2.1 Peer Model

   In the peer model, the ingress and egress nodes play a full part in
   the GMPLS network from a signaling point of view. Routing
   information may be fully or partially distributed to the ingress and
   egress nodes. This behavior is described [RFC3471] and [RFC3473].

   Note that this model supports a User to Network Interface (UNI)
   separation. The ingress node may make an LSP setup request to the
   network using standard GMPLS procedures.

3.2.2 Overlay Model

   In the overlay model, the ingress and/or the egress nodes are not
   full players in the GMPLS network. Routing information leaked to the
   edge nodes is very limited. Signaling information may be filtered
   and substituted by the network. This process is described in [GMPLS-
   OVERLAY].

   Note that this model supports a UNI separation. The ingress node may
   initiate an LSP setup request to the network using standard GMPLS
   procedures. The modifications to behavior described in [GMPLS-
   OVERLAY] apply to the nodes within the network and not ingress or
   egress nodes.

4. Soft Permanent Connection (SPC)

D.Papadimitriou et al. - Expires March 2004                          4

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003



   A Soft Permanent Connection (SPC) is defined as a permanent
   connection at the network edges and as a switched connection within
   the network.

   SPC setup is provided using Explicit Label Control as specified in
   [RFC3473]. This solution is applicable in both the peer and overlay
   models. For the overlay model, [GMPLS-OVERLAY] describes the
   procedure for unambiguous identification of both the egress link and
   label.

5. Call/Connection Separation

   The call concept for optical networks is defined in [G.8080] where
   it is used to deliver the following capabilities:

   - Verification and identification of the call initiator (prior to
     LSP setup)

   - Support of virtual concatenation with diverse path component LSPs

   - Multiple LSP association with a single call (note aspects related
     to recovery are covered in [GMPLS-FUNCT] and [GMPLS-E2E])

   - Facilitate control plane operations by allowing operational status
     change of the associated LSP.

   Procedures and protocol extensions to support Call setup, and the
   association of Calls with Connections are described in sections 10
   and onwards of this document.

6. Control Plane Restart Capabilities

   Restart capabilities are provided by GMPLS RSVP-TE signaling in case
   of control plane failure including nodal and control channel faults.
   The handling of node and control channels faults is described in
   [RFC3473] Section 9. No additional RSVP mechanisms or objects are
   required to fulfill the ASON control plane restart capabilities.

   However, it should be noted that restart considerations must form
   part of each of the procedures referenced from or described in this
   document.

7. Extended Label Association

   Dynamic discovery of label associations as described in [ASON-REQ]
   can be either performed through manual provisioning or using the
   Link Management Protocol [LMP] capabilities.

8. Crankback Signaling

   Crankback signaling allows a connection setup request to be retried
   on an alternate path that detours around a blocked link or node upon

D.Papadimitriou et al. - Expires March 2004                          5

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   a setup failure, for instance, because a link or a node along the
   selected path has insufficient resources. Crankback mechanisms may
   also be applied during connection recovery by indicating the
   location of the failed link or node. This would significantly
   improve the successful recovery ratio for failed connections,
   especially in situations where a large number of setup requests are
   simultaneously triggered.

   Crankback mechanisms for (GMPLS) RSVP-TE signaling are covered in a
   dedicated companion document [GMPLS-CRANK]. That document is
   intended to fulfill all the corresponding ASON requirements as well
   as satisfying any other crankback needs.

9. Call Segments

   Call segments capabilities MUST be supported by both independent
   call setup and simultaneous call/connection setup.

   Procedures and (GMPLS) RSVP-TE signaling protocol extensions to
   support call segments are described in sections 13.4.1 of this
   document.

10. Concepts and Terms

   The concept of a Call and a Connection are discussed in the ASON
   architecture [G.8080]. This section is not intended as a substitute
   for that document, but is a brief summary of the key terms and
   concepts.

10.1 What is a Call?

   A Call is an agreement between endpoints possibly in cooperation
   with the nodes that provide access to the network. Call setup may
   include capability exchange, policy, authorization and security.

   A Call is used to facilitate and manage a set of Connections that
   provide end to end data services. While Connections require state to
   be maintained at nodes along the data path within the network, Calls
   do not involve the participation of transit nodes except to forward
   the Call management requests as transparent messages.

   A Call may be established and maintained independently of the
   Connections that it supports.

10.2 A Hierarchy of Calls, Connections, Tunnels and LSPs

   Clearly there is a hierarchical relationship between Calls and
   Connections. One or more Connections may be associated to a Call. A
   Connection may not be part of more than one call. A Connection may,
   however, exist without a Call.

   In GMPLS, a Connection is identified with a GMPLS TE Tunnel.
   Commonly a Tunnel is identified with a single LSP, but it should be

D.Papadimitriou et al. - Expires March 2004                          6

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   noted that for protection, load balancing and many other functions,
   a Tunnel may be supported by multiple parallel LSPs. The following
   identification reproduces this hierarchy:

   Call IDs are unique within the context of the pair of addresses that
   are the source and destination of the Call.

   Tunnel IDs are unique within the context of the Session (that is the
   destination of the Tunnel). Applications may also find it convenient
   to keep the Tunnel ID unique within the context of a Call.

   LSP IDs are unique within the context of a Tunnel.

   Note that the Call_ID value of zero is reserved and MUST NOT be used
   during LSP-independent call establishment.

   Throughout the remainder of this document, the terms LSP and Tunnel
   are used interchangeably with the term Connection. The case of a
   Tunnel that is supported by more than one LSP is covered implicitly.

10.3 Exchanging Access Link Capabilities

   It is useful for the ingress node of an LSP to know the link
   capabilities of the link between the network and the egress node.
   This information may allow the ingress node to tailor its LSP
   request to fit those capabilities and to better utilize network
   resources with regard to those capabilities.

   In particular, this may be used to achieve end-to-end spectral
   routing attribute negotiation for signal quality negotiation (such
   as BER) in photonic environments where network edges are signal
   regeneration capable. Similarly, it may be used to provide end-to-
   end spatial routing attribute negotiation in multi-area routing
   environments, in particular, when TE links have been bundled based
   on technology specific attributes.

   Call setup may provide a suitable mechanism to exchange information
   for this purpose, although several other possibilities exist.

10.3.1 Peer Networks

   In peer networks, there may be no need to distribute additional link
   capability information over and above the information distributed by
   the TE and GMPLS extensions to the IGP. Further, it is possible that
   future extensions to these IGPs will allow the distribution of more
   detailed information including optical impairments.

10.3.2 Overlay Networks

   In overlay networks, edge link information may not be visible within
   the core network, nor (and specifically) at other edge nodes. This
   may prevent an ingress from requesting suitable LSP characteristics
   to ensure successful LSP setup.

D.Papadimitriou et al. - Expires March 2004                          7

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003



   Various solutions to this problem exist including the definition of
   static TE links (that is, not advertised by a routing protocol)
   between the core network and the edge nodes. Nevertheless, special
   procedures may be necessary to advertise edge TE link information to
   the edge nodes outside of the network without advertising the
   information specific to the contents of the network.

   In the future, when the requirements are understood on the
   information that needs to be supported, TE extensions to EGPs may be
   defined that provide this function.

10.3.3 Utilizing Call Setup

   In the event that IGP and EGP solutions are not available in overlay
   networks, there is still a requirement to advertise edge link
   capabilities.

   The Call setup procedure provides an opportunity to discover edge
   link capabilities of remote edge nodes before LSP setup is
   attempted. The LINK CAPABILITY object is defined to allow this
   information to be exchanged. The information that is included in
   this object is similar to that distributed by GMPLS-capable IGPs
   (see [GMPLS-RTG]).

11. Protocol Extensions for Calls and Connections

   This section describes the protocol extensions needed in support of
   Call identification and management of Calls and Connections.
   Procedures for the use of these protocol extensions are described in
   section 12.

11.1 Call Identification

   As soon as the concept of a call is introduced, it is necessary to
   support some means of identifying the call. This becomes
   particularly important when calls and connections are separated and
   connections must contain some reference to the call.

   According to [ASON-REQ], a call may be identified by a sequence of
   bytes that may have considerable (but not arbitrary) length. A Call
   ID of 40 bytes would not be unreasonable. It is not the place of
   this document to supply rules for encoding or parsing Call IDs, but
   it must provide a suitable means to communicate Call IDs within the
   protocol. The full call identification as required by ASON is
   referred to as the long Call ID.

   The Call_ID is only relevant at the sender and receiver nodes.
   Maintenance of this information in the signaling state is not
   mandated at any intermediate node. Thus no change in [RFC3473]
   transit implementations is required and there are no backward
   compatibility issues. Forward compatibility is maintained by using


D.Papadimitriou et al. - Expires March 2004                          8

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   the existing default values to indicate that no Call processing is
   required.

11.1.1 Long Form Call Identification

   The "Session Name" attribute of the SESSION_ATTRIBUTE Object is used
   to carry the long form of the Call ID.

   A unique value per call is inserted in the "Session Name" field by
   the initiator of the call. Subsequent network nodes MAY inspect this
   object and MUST forward this object transparently across network
   interfaces until reaching the egress node. Note that the structure
   of this field MAY be the object of further formatting depending on
   the naming convention(s). However, [RFC3209] defines the "Session
   Name" field as a Null padded display string, and that any formatting
   conventions for the Call ID must be limited to this scope.

11.1.2 Short Form Call Identification

   The connections (LSPs) associated with a call need to carry a
   reference to the call - the Call ID. Each LSP MAY carry the full
   long Call ID in the "Session Name" of the SESSION ATTRIBUTE object
   to achieve this purpose. However, existing (and future)
   implementations may need to place other strings in this field (in
   particular, the field is currently intended to provide the Session
   Name). To allow for this possibility a new field is added to the
   signaling protocol to identify an individual LSP with the Call to
   which it belongs.

   The new field is a 16-bit identifier (unique within the context of
   the address pairing provided by the Tunnel_End_Point_Address and the
   Sender_Address) that MUST be exchanged during Call initialization
   and is used on all subsequent LSP setups that are associated with
   the Call. This identifier is known as the short Call ID and is
   encoded as described in Section 11.1.3. When relevant, the Call Id
   MUST NOT be used as part of the processing to determine the session
   to which an RSVP signaling message applies. This does not generate
   any backward compatibility issue since the reserved field of the
   SESSION object defined in [RFC3209] MUST NOT be examined on receipt.

   In the unlikely case of short Call_ID exhaustion, local node policy
   decides upon specific actions to be taken. Local policy details are
   outside of the scope of this document.

11.1.3 Short Form Call ID Encoding

   The short Call ID is carried in a 16-bit field in the SESSION Object
   used during Call and LSP setup. The field used was previously
   reserved (MUST be set to zero on transmission and ignored on
   receipt). This ensures backward compatibility with nodes that do not
   utilize calls.

   The figure below shows the new version of the object.

D.Papadimitriou et al. - Expires March 2004                          9

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003



   Class = SESSION, Class-Num = 1, C-Type = 7(IPv4)/8(IPv6)

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |               IPv4/IPv6 Tunnel end point address              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |            Call_ID            |           Tunnel ID           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       Extended Tunnel ID                      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IPv4/IPv6 Tunnel End Point Address: 32 bits/128 bits - see [RFC3209]

   Call_ID: 16 bits

        A 16-bit identifier used in the SESSION object that remains
        constant over the life of the call. The Call_ID value MUST be
        set to zero when there is no corresponding call.

   Tunnel ID: 16 bits - see [RFC3209]

   Extended Tunnel ID: 32 bits/128 bits - see [RFC3209]

11.2 LINK_CAPABILITY object

   The LINK CAPABILITY object is introduced to support link capability
   exchange during Call setup. The object includes the bundled link
   local capabilities of the call initiating node (or terminating node)
   indicated by the source address of the Notify message.

   The Class Number is selected so that the nodes that do not recognize
   this object drop it silently. That is, the top bit is set and the
   next bit is clear.

   This object has the following format:

   Class-Num = TBA (form 10bbbbbb), C_Type = 1

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     //                        (Subobjects)                          //
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The contents of the LINK_CAPABILITY object is defined as series of
   variable-length data items called subobjects. The subobject format
   is defined in [RFC3209].

   The following subobjects are currently defined:

D.Papadimitriou et al. - Expires March 2004                         10

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   - Type 1: the link local IPv4 address (numbered bundle) using the
     format defined in [RFC3209]
   - Type 2: the link local IPv6 address (numbered bundle) using the
     format defined in [RFC3209]
   - Type 4: the link local identifier (unnumbered links and bundles)
     using the format defined in [RFC3477]
   - Type 64: the Maximum Reservable Bandwidth corresponding to this
     bundle (see [BUNDLE])
   - Type 65: the Interface Switching Capability Descriptor (see
     [GMPLS-RTG]) corresponding to this bundle (see also [BUNDLE]).

   Note: future revisions of this document may extend the above list.

   This object MAY also be used to exchange more than one bundled link
   capability. In this case, the following ordering MUST be followed:
   one identifier subobject (Type 1, 2 or 4) MUST be inserted before
   any capability subobject (Type 64 or 65) to which it refers.

11.3 Revised Message Formats

   One message (the Notify message) is enhanced to support Call
   establishment and teardown of Calls that operate independent of
   LSPs. See section 12 for a description of the procedures.

11.3.1 Notify Message

   The Notify message is modified in support of Call establishment by
   the optional addition of the LINK CAPABILTY object. Further, the
   SESSION ATTRIBUTE object is added to the <notify session> sequence
   to carry the long Call ID. The presence of the SESSION ATTIBUTE
   object may be used to distinguish a Notify message used for Call
   management

   The format of the Notify Message is as follows:

   <Notify message>  ::= <Common Header> [ <INTEGRITY> ]
                         [[ <MESSAGE_ID_ACK> | <MESSAGE_ID_NACK>]...]
                         [ <MESSAGE_ID> ]
                         <ERROR_SPEC>
                         <notify session list>

   <notify session list> ::= [ <notify session list> ] <notify session>

   <notify session>  ::= <SESSION> [ <ADMIN_STATUS> ]
                         [ <POLICY_DATA>...]
                         [ <LINK_CAPABILITY> ]
                         | <SESSION_ATTRIBUTE> ]
                         [ <sender descriptor> | <flow descriptor> ]

   <sender descriptor> ::= see [RFC3473]

   <flow descriptor> ::= see [RFC3473]


D.Papadimitriou et al. - Expires March 2004                         11

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


11.4 Administrative Status Object

   Messages (such as Notifys, Paths, etc.) exchanged for Call control
   and management purposes carry a specific new bit (the Call
   Management or C bit) in the ADMIN STATUS object.

   The format of the contents of the ADMIN_STATUS object are both
   dictated by [RFC3473] in favor of [RFC3471]. The new 'C' bit is
   added as shown below.

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |R|                        Reserved                     |C|T|A|D|
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

        Reflect (R): 1 bit - see [RFC3471]
        Testing (T): 1 bit - see [RFC3471]
        Administratively down (A): 1 bit - see [RFC3471]
        Deletion in progress (D): 1 bit - see [RFC3471]

        Call Management (C): 1 bit
            This bit is set when the message is being used to control
            and manage a Call.

   The procedures for the use of the C bit are described in section 12.

   Note that the use of the C bit may appear as redundant since Call
   setup can be distinguished by the presence of the SESSION ATTRIBUTE
   object in a Notify message or an non-zero short Call Id in a Path
   message. However, in the case of lost messages and node restart,
   this further distinction is useful to distinguish Path messages that
   set up Calls from Path messages that belong to calls.

12. Procedures in Support of Calls and Connections

12.1 Call/Connection Setup Procedures

   This section describes the processing steps for call and connection
   setup. There are four cases considered:

   - A Call and Connection may be established simultaneously. That is,
     a Connection may be established and designated as belonging to a
     new Call. It is an implementation decision how the work a the
     ingress and egress points is split and whether the qualities of
     the Call are policed before, after or at the same time as those of
     the Connection. In the event that the establishment of either the
     Call or the Connection fails, an error is returned as described in
     section 12.4.2 and neither is set up.

   - A Call can be set up on its own. That is, without any associated
     Connection. It is assumed that Connections will be added to the
     Call at a later time, but this is neither a requirement nor

D.Papadimitriou et al. - Expires March 2004                         12

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


     a constraint.

   - A Connection may be added to an existing Call. This may happen if
     the Call was set up without any associated Connections, or if a
     further Connection is added to a Call that already has one or more
     associated Connections.

   - A Connection may be established without any reference to a Call.
     This encompasses the previous LSP setup procedure.

   Note that a Call MAY NOT be imposed upon a Connection that is
   already established. To do so would require changing the short Call
   Id in the Session Object of the existing LSPs and this would
   constitute a change in the Session Identifier. This is not allowed
   by existing protocol specifications.

   Call and Connection teardown procedures are described later in
   Section 12.7.

12.2 Independent Call Setup

   It is possible to set up a Call before, and independent of, LSP
   setup. A Call setup without LSPs MUST follow the procedure described
   in this section.

   Prior to the LSP establishment, Call setup MAY necessitate
   verification of the link status and link capability negotiation
   between the Call ingress node and the Call egress node. The
   procedure described below is applied only once for a Call and hence
   only once for the set of LSPs associated with a Call.

   The Notify message (see [RFC3473]) is used to signal the Call setup
   request and response. The new Call Management (C) bit is used to
   indicate that this Notify is managing a Call. The Notify message is
   sent with source and destination IPv4/IPv6 address set to any of the
   routable ingress/egress node addresses respectively.

   At least one session MUST be listed in the <notify session list> of
   the Notify message. In order to allow for long identification of the
   Call the SESSION_ATTRIBUTE object is added as part of the <notify
   session list>. Note that the ERROR SPEC object is not relevant in
   Call setup and MUST carry the Error Code zero ('Confirmation') to
   indicate that there is no error.

   During Call setup, the ADMIN STATUS object is sent with the
   following bits set. Bits not listed MUST be set to zero.

   R - to cause the egress to respond
   C - to indicate that this message is managing a Call.

   The SESSION, SESSION ATTRIBUTE, SENDER_TEMPLATE, SENDER_TSPEC
   objects included in the <notify session> of the Notify message are
   built as follows:

D.Papadimitriou et al. - Expires March 2004                         13

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003



   - The SESSION object includes as Tunnel_End_Point_Address any of the
     call terminating (egress) node's IPv4/IPv6 routable addresses. The
     Call_ID is set to a non-zero value unique within the context of
     the address pairing provided by the Tunnel_End_Point_Address and
     the Sender_Address from the SENDER TEMPLATE object (see below).
     Note that the Call_ID value of zero is reserved and MUST NOT be
     used during LSP-independent call establishment. The Tunnel_ID of
     the SESSION object is not relevant for this procedure and SHOULD
     be set to zero. The Extended_Tunnel_ID of the SESSION object is
     not relevant for this procedure and MAY be set to zero or to an
     address of the ingress node.

   - The SESSION ATTRIBUTE object contains priority flags. Currently no
     use of these flags is envisioned, however, future work may
     identify value is assigning priorities to Calls; accordingly the
     Priority fields MAY be set to non-zero values. None of the Flags
     in the SESSION ATTRIBUTE object are relevant to this process and
     this field SHOULD be set to zero. The Session Name field is used
     to carry the long Call Id as described in Section 11.

   - The SENDER_TEMPLATE object includes as Sender Address any of the
     call initiating (ingress) node's IPv4/IPv6 routable addresses. The
     LSP_ID is not relevant and SHOULD be set to zero.

   - The bandwidth value inserted in the SENDER_TSPEC and FLOWSPEC
     objects MUST be ignored upon receipt and SHOULD be set to zero
     when sent.

   Additionally, ingress/egress nodes that need to communicate their
   respective link local capabilities may include a LINK_CAPABILITY
   object in the Notify message.

   The receiver of a Notify message may identify whether it is part of
   Call management or reporting an error by the presence or absence of
   the SESSION ATTRIUBTE object in the <notify session list>. Full
   clarity, however, may be achieved by inspection of the new Call
   Management (C) bit in the ADMIN STATUS object.

   Note that the POLICY_DATA object may be included in the <notify
   session list> and may be used to identify requestor credentials,
   account numbers, limits, quotas, etc. This object is opaque to RSVP,
   which simply passes it to policy control when required.

   Message IDs MUST be used during independent Call setup.

12.2.1 Accepting Independent Call Setup

   A node that receives a Notify message carrying the ADMIN STATUS
   object with the R and C bits set is being requested to set up a
   Call. The receiver may perform authorization and policy according to
   local requirements.


D.Papadimitriou et al. - Expires March 2004                         14

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   If the Call is acceptable, the receiver responds with a Notify
   message reflecting the information from the Call request with two
   exceptions.

   - The responder removes any LINK CAPABLITY object that was received
     and MAY insert a LINK CAPABILITY object that describes its own
     access link.

   - The ADMIN STATUS object is sent with only the C bit set. All other
     bits MUST be set to zero.

   The responder MAY use the Message ID object to ensure reliable
   delivery of the response. If no Message ID Acknowledgement is
   received after the configured number of retries, the responder
   should continue to assume that the Call was successfully
   established. Call liveliness procedures are covered in section 12.8.

12.2.2 Rejecting Independent Call Setup

   Call setup may fail or be rejected.

   If the Notify message can not be delivered, no Message ID
   acknowledgement will be received by the sender. In the event that
   the sender has retransmitted the Notify message a configurable
   number of times without receiving a Message ID Acknowledgement (as
   described in [RFC3473]), the initiator SHOULD declare the Call
   failed and SHOULD send a Call teardown request (see section 12.7).

   It is also possible that a Message ID Acknowledgement is received
   but no Call response Notify message is received. In this case, the
   initiator MAY re-send the Call setup request a configurable number
   of times (see Section 12.8) before declaring the Call has failed. At
   this point the initiator MUST send a Call teardown request (see
   Section 12.7).

   If the Notify message cannot be parsed or is in error it MAY be
   responded to with a Notify message carrying the error code 13
   ('Unknown object class') or 14 ('Unknown object C-Type').

   The Call setup may be rejected by the receiver because of security,
   authorization or policy reasons. Suitable error codes already exist
   and can be used in the ERROR SPEC object included in the Notify
   message sent in response.

   Error response Notify messages SHOULD also use the Message ID object
   to achieve reliable delivery. No action should be taken on the
   failure to receive a Message ID Acknowledgement after the configured
   number of retries.

12.3 Adding a Connections to a Call

   Once a Call has been established, LSPs can be added to the Call.
   Since the short Call ID is part of the SESSION Object, any LSP that

D.Papadimitriou et al. - Expires March 2004                         15

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   has the same Call ID value in the SESSION Object belongs to the same
   Call. There will be no confusion between LSPs that are associated
   with a Call and those which are not since the Call ID value MUST be
   equal to zero for LSPs which are not associated with a Call.

   LSPs for different Calls can be distinguished because the Call ID is
   unique within the context of the source address (in the SENDER
   TEMPLATE) and the destination address (in the SESSION).

   Ingress and egress nodes may group together LSPs associated with the
   same call and process them as a group according to implementation
   requirements. Transit nodes need not be aware of the association of
   multiple LSPs with the same Call.

   The ingress node MAY choose to set the "Session Name" of an LSP to
   match the long Call ID of the associated Call and the "Session Name"
   MAY still be used to distinguish between virtually concatenated LSPs
   belonging to the same Call. Thus, there is not necessarily a one-to-
   one mapping between the "Session Name" of an LSP and the short
   Call_ID.

   The C bit of the ADMIN STATUS object MUST NOT be set on LSP
   messages.

12.3.1 Adding a Reverse Direction LSP to a Call

   Note that once a Call has been established it is symmetric. That is,
   either end of the Call may add LSPs to the Call.

   Special care is needed when managing LSPs in the reverse direction
   since the addresses in the SESSION and SENDER TEMPLATE are reversed.
   However, since the short Call ID is unique in the context of a given
   ingress-egress address pair it may safely be used to associate the
   LSP with the Call.

12.4 Simultaneous Call/Connection Setup

   It is not always necessary to establish a Call before adding
   Connections to the Call. Where the features made available by
   independent Call setup are not required, a simplification can be
   made by establish a Call at the same time as the first Connection
   associated to the Call.

   Simultaneous Call and LSP setup requires the usage of Call
   identification and an indication that a Call is being managed. No
   other protocol mechanisms beyond those described in [RFC3473] are
   needed. Normal RSVP-TE GMPLS processing takes place.

   The Path message used to simultaneously set up the Call and LSP MUST
   carry the ADMIN STATUS object with the R and C bits set. Other bits
   may be set or cleared according to the requirements of LSP setup.
   The D bit MUST NOT be set.


D.Papadimitriou et al. - Expires March 2004                         16

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   The Path message MUST also carry the long Call ID in the Session
   Name field of the SESSION ATTRIBUTE Object as described above. This
   field is not available to contain a Session Name distinct from the
   Call ID.

   A non-zero short Call ID MUST be placed in the new Call ID field of
   the SESSION Object as described above. The reserved value of zero is
   used when the LSP is being set up with no association to a Call.

12.4.1 Accepting Simultaneous Call/Connection Setup

   A Path message that requests simultaneous Call and Connection setup
   is subject to local authorization and policy procedures applicable
   to Call establishment in addition to the standard procedures
   associated with LSP setup described in [RFC3473].

   If the Call and LSP setup is to be accepted, a Resv message is
   returned. The Resv message MUST carry the ADMIN STATUS object with
   the R bit clear and the C bit set. Other bits may be set or cleared
   according to the requirements of LSP setup. The D bit MUST NOT be
   set.

   The Call ID must be reflected in the SESSION object.

12.4.2 Rejecting Simultaneous Call/Connection Setup

   The Path message that is sent to set up a Call and Connection
   simultaneously may fail or be rejected.

   Failures may include all those reasons described in [RFC3473].
   Additionally, policy and authorization reasons specifically
   associated with Call setup may cause the Path message to be
   rejected.

   The PathErr message is issued to signal such failures and no new
   error codes are required. It is RECOMMENDED that the procedures for
   PathErr with state removal described in [RFC3473] is used during
   Call setup failure processing.

12.5 Call-Free Connection Setup

   It continues to be possible to set up LSPs as per [RFC3473] without
   associating them with a Call. If the short Call ID in the SESSION
   Object is set to zero, there is no associated Call and the Session
   Name field in the SESSION ATTRIBUTE Object SHOULD be interpreted
   simply as the name of the session (see [RFC3209]).

   The new C bit in the ADMIN STATUS SHOULD be set to zero in such
   messages and MUST be ignored if the Call ID is zero.

12.6 Call Collision



D.Papadimitriou et al. - Expires March 2004                         17

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   Since Calls are symmetrical, it is possible that both ends of a call
   will attempt to establish a Call with the same long Call ID at the
   same time. This is only an issue if the source and destination
   address pair matches. This situation can be avoided by applying some
   rules to the contents of the long Call ID, but that is outside the
   scope of this document.

   If a node that has sent a Call setup request and has not yet
   received a response, itself receives a Call setup request with the
   same long Call ID and matching source/destination addresses it
   should process as follows.

   - If its source address is numerically greater than the remote
     source address, it MUST discard the received message and continue
     to wait for a response to its setup request.

   - If its source address is numerically smaller than the remote
     source address, it MUST discard state associated with the Call
     setup that it initiated, and MUST respond to the received Call
     setup.

   In the second case, special processing is necessary if simultaneous
   Call and Connection establishment was being used. Firstly, the node
   that is discarding the Call that it initiated MUST send a PathTear
   message to remove state from transit nodes. Secondly, this node may
   want to hold onto the Connection request and establish an LSP once
   the Call is in place since only the Call that it was trying to
   establish has been set up by the destination - the Connection may
   still be required.

   A further possibility for contention arises when Call IDs are
   assigned by a pair of nodes for two distinct Calls that are set up
   simultaneously. In this event a node receives a Call setup request
   carrying a short Call ID that matches one that it previously sent
   for the same address pair. The following processing MUST be
   followed.

   - If the receiver's source address is numerically greater than the
     remote source address, the receiver returns an error (Notify
     message or PathErr as appropriate) with the new Error Code 'Call
     Management' (TBD) and the new Error Value 'Call ID Contention'
     (TBD).

   - If the receiver's source address is numerically less than the
     remote source address, the receiver accepts and processes the Call
     request. It will receive an error message sent as described above,
     and at that point it selects a new short Call ID and re-sends the
     Call setup request.

12.7 Call/Connection Teardown

   As with Call/Connection setup, there are several cases to consider.


D.Papadimitriou et al. - Expires March 2004                         18

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   - Removal of a Connection from a Call
   - Removal of the last Connection from a Call
   - Teardown of an 'empty' Call

   The case of tearing down an LSP that is not associated with a Call
   does not need to be examined as it follows exactly the procedures
   described in [RFC3473].

12.7.1 Removal of a Connection from a Call

   An LSP that is associated with a Call may be deleted using the
   standard procedures described in [RFC3743]. No special procedures
   are required.

   Note that it is not possible to remove an LSP from a Call without
   deleting the LSP. It is not valid to change the short Call ID from
   non-zero to zero since this involves a change to the SESSION object,
   which is not allowed.

12.7.2 Removal of the Last Connection from a Call

   When the last LSP associated with a Call is deleted the question
   arises as to what happens to the Call. Since a Call may exist
   independently of Connections, it is not always acceptable to say
   that the removal of the last LSP from a Call removes the Call.

   If the Call was set up using independent Call setup (that is, using
   a Notify message) the removal of the last LSP does not remove the
   Call and the procedures described in the next section MUST be used
   to delete the Call.

   If the Call was set up using simultaneous Call/Connection
   establishment, the removal of the last LSP does remove the Call and
   the Call ID becomes invalid.

12.7.3 Teardown of an 'Empty' Call

   When all LSPs have been removed from a Call that was set up
   independent of Connections, the Call may be torn down or left for
   use by future LSPs.

   Deletion of such Calls is achieved by sending a Notify message just
   as for Call setup, but the ADMIN STATUS object carries the R, D and
   C bits on the teardown request and the D and C bits on the teardown
   response. Other bits MUST be set to zero.

   When a Notify message is sent for deleting a call and the initiator
   does not receive the corresponding reflected Notify message (or
   possibly even the Message ID Ack), the initiator MAY retry the
   deletion request using the same retry procedures as used during Call
   establishment. If no response is received after full retry, the node
   deleting the Call MAY declare the Call deleted, but under such


D.Papadimitriou et al. - Expires March 2004                         19

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   circumstances the node SHOULD avoid re-using the long or short Call
   IDs for at least the five times the Notify refresh period.

12.7.4 Tearing a Call with Existing Connections

   If a Notify request with the D bit of the ADMIN STATUS object set is
   received for a Call for which LSPs still exist, the request MUST be
   rejected with the Error Code 'Call Management' (TBD) and Error Value
   'Connection Still Exists' (TBD).

12.7.5 Tearing a Call from the Egress

   Since Calls are symmetric they may be torn down from the ingress or
   egress.

   If the Call was established using simultaneous Call/Connection setup
   the removal of the last LSP deletes the Call. This, regardless of
   whether the LSP is torn down by using a PathTear message (for an
   egress-initiated LSP) or by using a PathErr message with the
   Path_State_Removed flag set (for an ingress-initiated LSP).

   If the Call was established using independent Call/Connection setup
   and the Call is 'empty' it may be deleted by the egress sending a
   Notify message just as described above.

   Note that there is still a possibility that both ends of a Call
   initiate a simultaneous Call deletion. In this case, the Notify
   message acting as teardown request is interpreted by its recipient
   as a teardown response. Since the Notify messages carry the R bit in
   the ADMIN STATUS object, they are responded to anyway. If a teardown
   request Notify message is received for an unknown Call ID it is,
   nevertheless, responded to in the affirmative.

12.8 Control Plane Survivability

   Delivery of Notify messages is secured using message ID
   acknowledgements as described in previous sections.

   Notify messages provide end-to-end communication that does not rely
   on constant paths through the network but are routed according to
   IGP routing information. No consideration is, therefore, required
   for network resilience (for example, make-before-break, protection,
   fast re-route), although end-to-end resilience is of interest for
   node restart and completely disjoint networks.

   Periodic Notify messages SHOULD be sent by the initiator and
   terminator of the Call to keep the Call alive and to handle ingress
   or egress node restart. The time period for these retransmissions is
   a local matter, but it is RECOMMENDED that this period should be
   twice the refresh period of the LSPs associated with the Call. The
   Notify messages are identical to those sent as if establishing the
   Call for the first time. A node that receives a refresh Notify
   message MUST respond with a Notify response. A node that receives a

D.Papadimitriou et al. - Expires March 2004                         20

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   refresh Notify message (response or request) MAY reset its timer -
   thus, in normal processing, Notify refreshes involve a single
   exchange once per time period.

   A node that is unsure of the status of a Call MAY immediately send a
   Notify message as if establishing the Call for the first time.

   Failure to receive a refresh Notify request has no meaning. If it
   receives no response to a refresh Notify request (including no
   Message ID Acknowledgement) a node MAY assume that the remote node
   is unreachable or unavailable. It is a local policy matter whether
   this causes the local node to teardown associated LSPs and delete
   the Call.

   In the event that an edge node restarts without preserved state, it
   MAY relearn LSP state from adjacent nodes and Call state from remote
   nodes. If a Path or Resv message is received with a non-zero Call ID
   but without the C bit in the ADMIN STATUS, and for a Call ID that is
   not recognized, the receiver is RECOMMENDED to assume that the Call
   establishment is delayed and ignore the received message. If the
   Call setup never materializes the failure by the restarting node to
   refresh state will cause the LSPs to be torn down. Optionally, the
   receiver of such an LSP message for an unknown Call ID may return an
   error (PathErr or ResvErr) with the error code 'Call Management'
   (TBD) and Error Value 'Unknown Call ID' (TBD).

13. Applicability of Call and Connection Procedures

   This section considers the applicability of the different Call
   establishment procedures to different network models. This section
   is informative and is not intended to prescribe or prevent other
   options.

13.1 Peer Model

   Both independent and simultaneous Call/Connection setup are
   appropriate in this model.

   Since the access link properties and other traffic-engineering
   attributes are likely known through the IGP, the LINK CAPABILITY
   object is not usually required.

13.2 Multi-Area Networks

   Both independent and simultaneous Call/Connection setup are
   appropriate in this model.

   Possibly, access link properties and other traffic-engineering
   attributes are not known since the areas do not leak this sort of
   information. In this case, the independent Call setup mechanism may
   be preferred to allow the inclusion of the LINK CAPABILITY object.



D.Papadimitriou et al. - Expires March 2004                         21

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


13.3 Overlay Model

   Both independent and simultaneous Call/Connection setup are
   appropriate in this model.

   It is possible in this model that access link properties and other
   traffic-engineering attributes are not shared across the core
   network. In this case, the independent Call setup mechanism may be
   preferred to allow the inclusion of the LINK CAPABILITY object.

   Further, the first node in the network may be responsible for
   managing the Call. In this case, the Notify message that is used to
   set up the Call is addressed to the first node of the core network.
   Moreover, neither the long Call ID nor the short Call ID is supplied
   (the Session Name Length is set to zero and the Call ID value is set
   to zero). The Notify message is passed to the first network node
   which is responsible for generating the long and short Call IDs
   before dispatching the message to the remote Call end point (which
   is known from the SESSION object). Similarly, the first network node
   may be responsible for generating the long and short Call IDs for
   inclusion in Path messages that have the C bit set in the ADMIN
   STATUS object.

   Further, when used in an overlay context, the first core node is
   allowed (see [GMPLS-OVERLAY]) to replace the Session Name assigned
   by the ingress node and passed in the Path message. In the case of
   Call management, the first network node MUST in addition 1) be aware
   that the name it inserts MUST be a long Call ID and 2) replace the
   long Call ID when it returns the Resv message to the ingress node.

13.4 External Call Managers

   Third party Call management agents may be used to apply policy and
   authorization at a point that is neither the initiator nor
   terminator of the Call. The previous example in the overlay model is
   a special example of this, but the process and procedures are
   identical.


13.4.1 Call Segments


   Call segments exist between a set of default and configured External
   Call Managers along a path between the ingress and egress nodes, and
   use the protocols described in this document.

   The techniques that are used by a given service provider to identify
   which External Call Managers within its network should process a
   given call are beyond the scope of this document.

   For independent call setup, an External Call manager uses normal IP
   routing to route the Notify message to the next External Call
   Manager. For simultaneous call/connection setup, an External Call



D.Papadimitriou et al. - Expires March 2004                         22

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   Manager expands the EXPLICIT_ROUTE Object to route the Path message
   to the next External Call Manager.

14. Non-support of Call ID

   It is important that the procedures described above operate as
   seamlessly as possible with legacy nodes that do not support the
   extensions described.

   Clearly there is no need to consider the case where the Call
   initiator does not support Call setup initiation.

14.1 Non-Support by External Call Managers

   It is unlikely that a Call initiator will be configured to send Call
   establishment Notify requests to an external Call manager including
   the first network node, if that node does not support Call setup.

   A node that receives an unexpected Call setup request will fall into
   one of the following categories.

   - Node does not support RSVP. The message will fail to be delivered
     or responded. No Message ID Acknowledgement will be sent. The
     initiator will retry and then give up.

   - Node supports RSVP or RSVP-TE but not GMPLS. The message will be
     delivered but not understood. It will be discarded. No Message ID
     Acknowledgement will be sent. The initiator will retry and then
     give up.

   - Node supports GMPLS but not Call management. The message will be
     delivered, but parsing will fail because of the presence of the
     SESSION ATTRIBUTE object. A Message ID Acknowledgement may be sent
     before the parse fails. When the parse fails the Notify message
     may be discarded in which case the initiator will retry and then
     give up, alternatively a parse error may be generated and returned
     in a Notify message which will indicate to the initiator that Call
     management is not set up.

14.2 Non-Support by Transit Node

   Transit nodes SHOULD not examine Notify messages that are not
   addressed to them. However, they will see short Call IDs in all LSPs
   associated with Calls. Further, they will see the C bit in the ADMIN
   STATUS object of Path and Resv messages that are used to establish
   Calls.

   Previous specifications state that these fields SHOULD be ignored on
   receipt and MUST be transmitted as zero. This is interpreted by some
   implementations as meaning that the fields should be zeroed before
   the objects are forwarded. If this happens, LSP setup (and so
   possibly Call setup if simultaneous establishment is used) will not
   be possible. If either of the fields is zeroed either on the Path or

D.Papadimitriou et al. - Expires March 2004                         23

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   the Resv message, the Resv will reach the initiator with the field
   set to zero - this is indication to the initiator that some node in
   the network is preventing Call management. Use of Explicit Routes
   may help to mitigate this issue by avoiding such nodes. The use of
   independent Call setup may also help since it removes the need for
   the C bit in the Path and Resv messages. Ultimately, however, it may
   be necessary to upgrade the offending nodes to handle these protocol
   extensions.

14.3 Non-Support by Egress Node

   It is unlikely that an attempt will be made to set up a Call to
   remote node that does not support Calls.

   If the egress node does not support Call management through the
   Notify message it will react (as described in Section 14.1) in the
   same way as an external Call manager.

   If the egress node does not support the use of the C bit in the
   ADMIN STATUS object or the Call ID in the SESSION object, it MAY
   respond with the fields zeroed in which case the initiator will know
   that the Call setup has failed.

   On the other hand, it is possible that the egress will respond
   copying the fields from the Path message without understanding or
   acting on the fields. In this case the initiator will believe that
   the Call has been set up when it has not. This occurrence can be
   prevented using the independent Call setup procedures, but is, in
   any case, detected when a Notify message is sent to keep the Call
   alive.

15. Security Considerations

   Please refer to each of the referenced documents for a description
   of the security considerations applicable to the features that they
   provide.

15.1 Call and Connection Security Considerations

   Call setup is vulnerable to attacks both of spoofing and denial of
   service. Since Call setup uses either Path messages or Notify
   messages, the process can be protected by the measures applicable to
   securing those messages as described in [RFC3471], [RFC3209] and
   [RFC2205].

   Note, additionally, that the process of Call establishment
   independent of LSP setup may be used to apply an extra level of
   authentication and policy to hop-by-hop LSP setup. It may be
   possible to protect the Call setup exchange using end-to-end
   security mechanisms such as those provided by Insect (see [RFC2402]
   and [RFC2406]).



D.Papadimitriou et al. - Expires March 2004                         24

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


16. IANA Considerations

   A new RSVP object is introduced:

   o  LINK CAPABILITY object

      Class-Num = TBA (form 10bbbbbb)

      The Class Number is selected so that nodes not recognizing
      this object fail drop it silently. That is, the top bit is set
      and the next bit is clear.

      C-Type = 1 (TE Link Capabilities)

   New RSVP Error Codes and Error Values are introduced

   o  Error Codes:

      - 'Call Management' (TBD)

   o  Error Values:

      - 'Call Management/Call ID Contention' (TBD)
      - 'Call Management/Connections Still Exist' (TBD)
      - 'Call Management/Unknown Call ID' (TBD)

17. Acknowledgements

   The authors would like to thank George Swallow, Yakov Rekhter, Lou
   Berger and Jerry Ash for their very useful input and comments to
   this document.

18. Intellectual Property Considerations

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights. Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11. Copies of
   claims of rights made available for publication and any assurances
   of licenses to be made available, or the result of an attempt made
   to obtain a general license or permission for the use of such
   proprietary rights by implementers or users of this specification
   can be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard. Please address the information to the IETF Executive
   Director.

D.Papadimitriou et al. - Expires March 2004                         25

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


19. References

19.1 Normative References

   [ASON-REQ]      D.Papadimitriou, et al., "Requirements for
                   Generalized MPLS (GMPLS) Usage and Extensions for
                   Automatically Switched Optical Network (ASON)," Work
                   in progress, Oct'03.

   [BUNDLE]        K.Kompella, Y.Rekhter and L.Berger, "Link Bundling
                   in MPLS Traffic Engineering," Work in Progress.

   [GMPLS-CRANK]   A.Farrel (Editor) et al., "Crankback Routing
                   Extensions for MPLS Signaling," Work in progress,
                   Jun'03.

   [GMPLS-FUNCT]   J.P.Lang and B.Rajagopalan (Editors) et al.,
                   "Generalized MPLS Recovery Functional
                   Specification," Work in Progress, Sep'03.

   [GMPLS-OVERLAY] G.Swallow et al., "GMPLS RSVP Support for the
                   Overlay Model," Work in Progress, Feb'03.

   [GMPLS-ROUTING] K.Kompella and Y.Rekhter (Editors) et al., "Routing
                   Extensions in Support of Generalized MPLS," Work in
                   Progress, Oct'03.

   [LMP]           J.P.Lang (Editor) et al. "Link Management Protocol
                   (LMP) - Version 1," Work in progress, Oct'03.

   [RFC2026]       S.Bradner, "The Internet Standards Process --
                   Revision 3," BCP 9, RFC 2026, Oct'96.

   [RFC2119]       S.Bradner, "Key words for use in RFCs to Indicate
                   Requirement Levels," BCP 14, RFC 2119, Mar'97.

   [RFC2205]       R.Braden et al., "Resource ReSerVation Protocol
                   (RSVP)- Version 1 Functional Specification,"
                   RFC 2205, Sep'97

   [RFC2402]       S.Kent and R.Atkinson, "IP Authentication Header,"
                   RFC 2402, Nov'98.

   [RFC2406]       S.Kent and R.Atkinson, "IP Encapsulating Payload
                   (ESP)," RFC 2406, Nov'98.

   [RFC3209]       D.Awduche et al., "RSVP-TE: Extensions to RSVP for
                   LSP Tunnels," RFC 3209, Dec'01.

   [RFC3471]       L.Berger (Editor) et al., "Generalized MPLS -
                   Signaling Functional Description," RFC 3471, Jan'03.

   [RFC3473]       L.Berger (Editor) et al., "Generalized MPLS

D.Papadimitriou et al. - Expires March 2004                         26

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


                   Signaling - RSVP-TE Extensions," RFC 3473, Jan'03.

   [RFC3477]       K.Kompella and Y.Rekhter, "Signalling Unnumbered
                   Links in Resource ReSerVation Protocol - Traffic
                   Engineering (RSVP-TE)," RFC 3477, Jan'03.

   [RSVP-CHANGE]   K.Kompella and J.P.Lang, "Procedures for Modifying
                   RSVP," Work in Progress, draft-kompella-rsvp-change-
                   01.txt, Jun'03.

19.2 Informative References

   [RFC3474]       Z.Lin (Editor), " Documentation of IANA assignments
                   for Generalized MultiProtocol Label Switching
                   (GMPLS) Resource Reservation Protocol - Traffic
                   Engineering (RSVP-TE) Usage and Extensions for
                   Automatically Switched Optical Network (ASON)," RFC
                   3474, Mar'03.

   [RFC3476]       B.Rajagopalan (Editor), "Documentation of IANA
                   Assignments for Label Distribution Protocol
                   (LDP), Resource ReSerVation Protocol (RSVP), and
                   Resource ReSerVation Protocol-Traffic Engineering
                   (RSVP-TE) Extensions for Optical UNI Signaling," RFC
                   3476, Mar'03.

   [G.7713]        ITU-T, "Distributed Call and Connection Management,"
                   Recommendation G.7713/Y.1304, Nov'01.

   [G.8080]        ITU-T, "Architecture for the Automatically Switched
                   Optical Network (ASON)," Recommendation G.8080/
                   Y.1304, Nov'01 (and Revision, Jan'03).

20. Author's Addresses

   Dimitri Papadimitriou (Alcatel)
   Fr. Wellesplein 1,
   B-2018 Antwerpen, Belgium
   Phone: +32 3 240-8491
   EMail: dimitri.papadimitriou@alcatel.be

   John Drake (Calient)
   5853 Rue Ferrari,
   San Jose, CA 95138, USA
   Phone: +1 408 972-3720
   EMail: jdrake@calient.net

   Adrian Farrel
   Old Dog Consulting
   Phone: +44 (0) 1978 860944
   EMail: adrian@olddog.co.uk

   Deborah Brungard (AT&T)

D.Papadimitriou et al. - Expires March 2004                         27

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   Rm. D1-3C22 - 200 S. Laurel Ave.
   Middletown, NJ 07748, USA
   EMail: dbrungard@att.com

   Zafar Ali (Cisco)
   100 South Main St. #200
   Ann Arbor, MI 48104, USA
   EMail: zali@cisco.com














































D.Papadimitriou et al. - Expires March 2004                         28

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


Appendix 1: Analysis of RFC 3474 (and RFC 3476) against GMPLS RSVP-TE
Signaling Requirements in support of ASON

   This appendix analyzes the rationale and the relevance of the
   informational IANA code-point assignments RFCs [RFC3474] and
   [RFC3476] against the ASON/GMPLS requirements specified in [ASON-
   REQ]. [ASON-REQ] identifies the requirements to be covered by the
   extensions to the GMPLS signaling protocols (see [RFC3471] and
   [RFC3473]) to support the capabilities of an ASON network. The
   following are expected from the GMPLS protocol suite to realize the
   needed ASON functionality:
    o soft permanent connection capability
    o call and connection separation
    o call segments
    o extended restart capabilities during control plane failures
    o extended label usage
    o crankback capability

   Informational RFCs [RFC3474] and [RFC3476] document extensions to
   and uses of GMPLS signaling to meet the requirements of ASON
   Distributed Call and Connection Management (DCM) as specified in
   [G.7713] and [OIF-UNI] implementation agreement, respectively. Both
   RFCs make use of GMPLS RSVP-TE signaling. However, there are key
   differences from the problem statement in [ASON-REQ] and the
   solution provided by these Informational RFCs. These differences
   result from the development of a fuller and clearer set of
   requirements in [G.8080] after the time that [RFC3474] was published
   and [ASON-REQ] considerations for compatibility issues with GMPLS
   [RFC3473] (see also [RSVP-CHANGE]). These differences lead to a
   substantially different protocol solution and implementation.

1. Support for UNI and E-NNI Signaling Session

   In GMPLS (see [RFC3473] and related), a connection is identified
   with a GMPLS tunnel. A tunnel is generally identified with a single
   LSP but may be supported by multiple LSPs.

   LSP tunnels are identified by a combination of the SESSION and
   SENDER_TEMPLATE objects. The relevant fields are as follows.

   IPv4 (or IPv6) tunnel end point address

        IPv4 (or IPv6) address of the egress node for the tunnel.

   Tunnel ID

        A 16-bit identifier used in the SESSION that remains constant
        over the life of the tunnel.

   Extended Tunnel ID

        A 32-bit (IPv4) or 128-bit (IPv6) identifier used in the
        SESSION that remains constant over the life of the tunnel.

D.Papadimitriou et al. - Expires March 2004                         29

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


        Normally set to all zeros. Ingress nodes that wish to narrow
        the scope of a SESSION to the ingress-egress pair may place
        their IP address here as a globally unique identifier.

   IPv4 (or IPv6) tunnel sender address

        IPv4 (or IPv6) address for a sender node

   LSP ID

        A 16-bit identifier used in the SENDER_TEMPLATE and the
        FILTER_SPEC that can be changed to allow a sender to share
        resources with itself.

   The first three of these are in the SESSION object and are the basic
   identification of the tunnel. The "Extended Tunnel ID" MAY be set to
   an IP address of the head-end LSR allowing the scope of the SESSION
   to be narrowed to only LSPs sent by that node. The last two are in
   the SENDER_TEMPLATE. Multiple LSPs may belong to the same tunnel
   (and thus SESSION) and in this case they are uniquely identified by
   their LSP IDs.

   In contrast, [RFC3474] (and [RFC3476]) define an E-NNI IPv4 and IPv6
   SESSION object (UNI IPv4 and IPv6 SESSION object, respectively).
   [RFC3474] mandates the use of these objects to support the E-NNI
   (UNI, respectively) signaling session when IPv4 and IPv6 addressing
   is used. The "Tunnel End-point Address" field contains the IPv4 or
   IPv6 address of the downstream controller. In addition, [RFC3476]
   mandates that the "Extended Tunnel ID" field to be set to the IPv4
   or IPv6 of the upstream controller. It also mandates that the tunnel
   sender address field of the SENDER_TEMPLATE be set to the IPv4 or
   the IPv6 address of the upstream controller.

   Thus, these RFCs define a point-to-point signaling interface
   allowing for LSP tunnel provisioning between adjacent controllers
   only. This approach mandates the introduction of an additional
   object and sub-objects for connection identification purposes (see
   [RFC3476]): the GENERALIZED_UNI object and its connection end-point
   address sub-objects (IPv4/IPv6/NSAP) referred to as "TNA or
   Transport Network Address" as defined by the [OIF-UNI]
   implementation agreement.

   The situation is summarized in the following table, using the
   following example and a connection set from node A to Z:

      UNI                E-NNI              E-NNI                UNI
   A ----- B -- ... -- I ----- J -- .. -- M ----- N -- ... -- Y ----- Z

   At node I, the GMPLS compliant [RFC3473] Path message would include
   the following information in the IP header, the SESSION and
   SENDER_TEMPLATE objects:

   Source IP address (Header):  Node I IP Controller Address

D.Papadimitriou et al. - Expires March 2004                         30

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   Dest. IP address (Header):   Node J IP Controller Address
   Tunnel End-point Address:    Routable Node Z IP Address
   Tunnel ID:                   16 bit (selected by the sender)
   Extended Tunnel ID:          optionally set to Node A IP Address
   Tunnel Sender Address:       Routable Node A IP Address
   LSP ID:                      16 bit (selected by the sender)

   At node I, the [RFC3474] Path message would include the following:

   Source IP address (Header):  Node I IP Controller Address
   Dest. IP address (Header):   Node J IP Controller Address
   Tunnel End-point Address:    Node J IP Controller Address
   Tunnel ID:                   16 bit (selected by the sender)
   Extended Tunnel ID:          Node I IP Controller Address
   Tunnel Sender Address:       Node I IP Controller Address
   LSP ID:                      16 bit (selected by the sender)
   GENERALIZED_UNI object:
   - Source Address (Connection): End-point A Address (IPv4/IPv6/etc.)
   - Dest. Address (Connection):  End-point Z Address (IPv4/IPv6/etc.)

   The same observation would apply at node M, by replacing I by M and
   J by N.

   The following can be thus deduced from the above example:

   1. For a given connection, the [RFC3474] point-to-point signaling
      interface leads to a sequence of at least N different
      identifications of the same connection when crossing N
      signaling interfaces (due to the setup and maintenance of N
      distinct LSP tunnels).

   2. The information included in the RSVP message header and in the
      SESSION/SENDER_TEMPLATE objects, is redundant in [RFC3474].

   3. [RFC3474] allows only for single-hop LSP tunnels and mandates the
      processing of a new object (i.e. the GENERALIZED_UNI object) for
      the definition of the source and destination connection end-point
      addresses (A and Z in the above example).

   4. The processing of the signaling Path message (in particular, the
      EXPLICIT ROUTE object) mandates the processing of the
      GENERALIZED_UNI object at E-NNI reference points and at UNI
      reference points, for the connection end-point addresses (A and
      Z, in the above example).

   5. Connection end-point addresses A and Z are allowed by [RFC3474]
      and [RFC3476] to be from different address spaces (for instance,
      IPv4 source and IPv6 destination or an IPv4 source and NSAP
      destination). Address resolution, management of addresses (e.g.
      for uniqueness), and impact evaluation on processing performance,
      are not provided in these RFCs (considered out of scope).

      Note: the [ASON-REQ] addressing model of supporting only IP

D.Papadimitriou et al. - Expires March 2004                         31

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


      addressing is aligned with ITU-T G.7713.1 (PNNI) which only uses
      NSAP addresses, multiple address families are not supported.

   Conclusion: The solution proposed by [RFC3474] and [RFC3476] is not
   backward compatible with [RFC3473]. A GMPLS-compliant node [RFC3473]
   is not interoperable with a [RFC3474] or [RFC3476] node. Also, the
   "RSVP paradigm" is broken because the solution requires that all the
   UNI reference points (A, B and Y, Z, in the above example) and the
   E-NNI reference points (I, J and M, N, in the above example) support
   the GENERALIZED_UNI object. Additionally, the management of the
   network requires maintaining multiple LSP tunnels per single
   connection, with no end-to-end view provided for expedient fault
   notification or recovery operations.

   The solution also introduces processing overhead for address
   resolution that during time critical operations (such as recovery)
   will severely impact performance and scalability. Whereas the ITU-T
   G.7713.1 (PNNI) and [ASON-REQ] by using a single address family
   (with address mapping provided at edge nodes if needed) supports a
   scalable model for inter-domain interworking applications.

2. Support for Soft Permanent Connections (SPC)

   A Soft Permanent Connection (SPC) is defined as a permanent
   connection at the network edges and as a switched connection within
   the network.

   [RFC3474] mandates the use of the GENERALIZED_UNI subobjects (End-
   point Connection Address and SPC_LABEL) to support SPC capability.
   Thus, in addition to suffering from the problem described in Section
   4, it mandates the processing of an object where it should never
   occur. This is because SPCs do not assume the existence of a UNI
   signaling interface between the source and the destination user-to-
   network interface. Note also that the SPC_LABEL as defined in
   [RFC3474] does not comply with the generalized label C-Type
   definition of [RFC3473] meaning that an implementation adhering to
   [RFC3473] cannot be the "soft" side of the connection.

   This requires the mandatory usage of dedicated connection end-point
   addresses by the ingress and egress nodes for SPC capability
   support. The existing RECORD_ROUTE object and its capabilities get
   corrupted by the use of the dedicated end-point address subobjects
   falling outside of the corresponding EXPLICIT_ROUTE object.

   SPC support is already provided by [RFC3473] using Explicit Label
   Control and its application to the overlay model in [GMPLS-OVERLAY].
   Therefore, [RFC3474] defines a new method for an existing capability
   of GMPLS signaling.

3. Call/Connection Separation

   The call concept for optical networks is defined in [G.8080]. It is
   used to deliver the following capabilities:

D.Papadimitriou et al. - Expires March 2004                         32

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   - Verification and identification of the call initiator (prior to
     LSP setup) including negotiation between call ingress/egress nodes
   - Support of multiple connections can be associated with a single
     call.
   - Facilitate control plane operations by allowing operational status
     change of the associated LSP.

   A call is an agreement between end-points (possibly in cooperation
   with the nodes that provide access to the network) used to manage a
   set of connections that provide end to end services. While
   connections require state to be maintained at nodes along the data
   path within the network, *** calls do not involve the participation
   of transit nodes except to forward the call management requests as
   transparent messages ***. Moreover, a call may be established and
   maintained independently of the connections that it supports.

   Also, there is a hierarchical relationship between calls and
   connections. One or more (or even no) connections may be associated
   with a given call but a connection can not be part of more than one
   call. A connection may, however, exist without a call. Moreover, the
   establishment of a call can be independent ("full call/connection
   separation") or simultaneous ("logical call/connection separation")
   from the connection setup (i.e. establishing a call before adding
   connections to the call or perform these operations simultaneously).

   Thus, with the introduction of the call concept, it is necessary to
   support a means of identifying the call. This becomes important when
   calls and connections are separated and a connection must contain a
   reference to its associated call. The following identification
   enables this hierarchy:
   - Call IDs are unique within the context of the pair of addresses
     that are the source and destination of the call.
   - Tunnel IDs are unique within the context of the Session (that is
     the destination of the Tunnel) and Tunnel IDs may be unique within
     the context of a Call.
   - LSP IDs are unique within the context of a Tunnel.

   For this purpose, [RFC3474] introduces two new objects: a CALL_ID
   and a CALL_OPS object to be used in the Path, Resv, PathTear,
   PathErr, and Notify messages (note: additional requirements for
   ResvErr and ResvTear messages' support are not addressed). The
   CALL_OPS object is also referred to as a "call capability" object,
   since it specifies the capability of the call. These objects belongs
   to the range 224-255 defined as "RSVP will silently ignore, but
   FORWARD an object with a Class Number in this range that it does not
   understand."

   However, the solution described in [RFC3474]:

   - Does not provide backward compatible extensions in support of full
     call/connection separation and thus only supports logical call/
     connection separation (i.e. a call with zero connections is not
     supported). This because node that does not implement [RFC3474],

D.Papadimitriou et al. - Expires March 2004                         33

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


     will not process the CALL_OPS object, though it will establish the
     *connection* (while forwarding the "Call Setup" message), i.e.
     allocating labels and possibly attempting to reserve bandwidth.
     [RFC3474] forbids this behavior by a transit node, but only a node
     implementing [RFC3474] will know the difference between a call and
     a connection.

     In turn, the required signaling protocol independence between
     intra- and inter-domain reference points is broken: an operator
     does not have the possibility to use GMPLS [RFC3473] and must
     exclusively use [RFC3474].

   - Does not describe how to support multiple connections per call but
     limits the description to a single connection per call. Further,
     in the case of complete call/connection separation, it does not
     describe how to add the first connection to the call.

   - Does not describe how to support multiple connections per call and
     limits the description to a single connection per call. Further,
     it does not describe how to add the first connection to the call
     when to support call/connection separation.

   - Does not specify any procedure for negotiating call ingress/egress
     node capabilities during call setup.

   - Does not allow for call support *independently* of the initiating/
     terminating nodes (the CALL_ID is attached to the ingress node)
     thus restricting the flexibility in terms of call identifiers.

   - Requires the inclusion of the CALL ID and CALL OPS objects in
     PathErr messages that may be generated at transit nodes, which do
     not implement [RFC3474] and so do not support these objects.

4. Call Segments

   The RFCs [RFC3474] and [RFC3476] cannot, by definition, support call
   segments signaling mechanisms, as required in [G.8080] and [G.7713],
   since [RFC3474] does not support full call/connection separation.

5. Control Plane Restart Capabilities

   Restart capabilities are provided by GMPLS RSVP-TE signaling in case
   of control plane failure including nodal and control channel faults.
   The handling of node and control channels faults is described in
   [RFC3473] Section 9. No additional RSVP mechanisms or objects are
   required to fulfill the ASON control plane restart capabilities.

   However, [RFC3474] defines additional procedures for control plane
   recovery, three of them being considered in the context of an
   interaction with the management plane and thus outside the scope of
   the present document. The last one expects persistent state storage
   and the restart mechanism defined in [RFC3473] is to be used for
   verification of neighbor states, while the persistent storage

D.Papadimitriou et al. - Expires March 2004                         34

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


   provides the local recovery of lost state. However, per [RFC3473],
   if during the Hello synchronization the restarting node determines
   that a neighbor does not support state recovery and the restarting
   node maintains its local state on a per neighbor basis, the
   restarting node should immediately consider the Recovery as
   completed. Therefore, the procedure described in [RFC3474] requires
   disabling state recovery on each neighboring node leading also to an
   unspecified verification procedure.

6. Extended Label Usage

   No specific GMPLS RSVP-TE extensions have been proposed in [RFC3474]
   for extended label usage.

7. Crankback Signaling

   The RFCs [RFC3474] and [RFC3476] do not support crankback signaling
   mechanisms, as required in [G.8080] and [G.7713].

8. Security Considerations

   This is an informational draft and does not introduce any new
   security considerations.

   Please refer to each of the referenced documents for a description
   of the security considerations applicable to the features that they
   provide.

   Note that although [RFC3474] is an informational RFC it does
   document new protocol elements and functional behavior and as such
   introduces new security considerations. In particular, the ability
   to place authentication and policy details within the context of
   Call establishment may strengthen the options for security and may
   weaken the security of subsequent Connection establishment. Also the
   potential to subvert accidentally or deliberately a soft permanent
   connection by establishing the soft part of the connection from a
   false remote node needs to be examined. However, [RFC3474] has a
   minimal security considerations section.
















D.Papadimitriou et al. - Expires March 2004                         35

draft-dimitri-ccamp-gmpls-rsvp-te-ason-01.txt             October 2003


Full Copyright Statement

   "Copyright (C) The Internet Society 2003. All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph
   are included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.



























D.Papadimitriou et al. - Expires March 2004                         36