| Internet-Draft | PCEP Tunnel Flow Spec | February 2026 |
| Liu | Expires 5 August 2026 | [Page] |
Traffic flows may be categorized and described using "Flow Specifications". RFC8955 defines the Flow Specification and describes how Flow Specification components are used to describe traffic flows. RFC8955 also defines how Flow Specifications may be distributed in BGP to allow specific traffic flows to be associated with routes. The flow specification protocol defined in RFC8955, RFC8956, RFC9117 is called BGP flow specification version 1 (BGP FSv1).¶
RFC9168 specifies a set of extensions to PCEP to support the dissemination of Flow Specifications. This allows a PCE to indicate what traffic should be placed on each path that it is aware of. RFC9168 inherits the BGP Flow Spec registry and ordering rules as well as the limitations in BGP FSv1.¶
This document proposes extensions to PCEP to add the support of Flow Specification v2 to allow the user to order the flow specification rules.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
BGP flow specification as defined by [RFC8955], [RFC8956], [RFC9117] specifies the distribution of traffic filter policy (traffic filters and actions) via BGP to a mesh of BGP peers. The traffic filter policy is applied when packets are received on a router with the flow specification function turned on. The flow specification protocol defined in [RFC8955], [RFC8956], [RFC9117] is called BGP flow specification version 1 (BGP FSv1).¶
To address the limitations of BGP FSv1, [I-D.ietf-idr-flowspec-v2] specifies version 2 of the BGP flow specification protocol (BGP FSv2). [I-D.ietf-idr-fsv2-ip-basic] provides the basic FSv2 framework specification for transmitting user-ordered IP filters in the FSv2 NLRI with Extended Community to specify actions.¶
[RFC9168] specifies a set of extensions to PCEP to support dissemination of Flow Specifications. This allows a PCE to indicate what traffic should be placed on each path that it is aware of. [I-D.ietf-pce-pcep-l2-flowspec] further extends the support for Ethernet Layer 2 (L2) and Layer 2 Virtual Private Network (L2VPN) traffic filtering rules in PCEP Flow Specifications.¶
The current PCEP Extensions for Flow Specification [RFC9168] [I-D.ietf-pce-pcep-l2-flowspec] inherit the BGP Flow Spec registry and ordering rules in BGP FSv1 [RFC8955] [RFC8956], so it has the same limitations as BGP FSv1 in the aspect of flow filtering as analyzed in [I-D.ietf-idr-flowspec-v2], that is, lack of consistent TLV encoding prevented extension of encodings and inability to allow user defined order for filtering rules. In terms of the action associated with the Flow Specification, PCEP Flow Specification is not affected by shortcoming of inability to order actions to provide deterministic interactions or to allow users to define order for actions in BGPv1, since there is only one action that is applicable in the PCEP context (that is, directing the matching traffic to the identified LSP).¶
This document proposes extensions to PCEP to add the support of Flow Specification v2 to allow the user to order the flow specification rules.¶
Currently, only the IP Basic Filters are considered in this document. Future version may add the support of MPLS/L2/SFC/Tunneled Flow Specifications with the development of BGP FSv2 [I-D.ietf-idr-flowspec-v2].¶
A new object called the FLOWSPECv2 object is defined in this document. The flow filtering rules indicated by the Flow Specifications are mainly defined by BGP Flow version 2 Specifications in in [I-D.ietf-idr-flowspec-v2] and [I-D.ietf-idr-fsv2-ip-basic]. And the coexistence of FLOWSPEC object defined in [RFC9168] and FLOWSPECv2 object are also considered.¶
This document uses the following terms defined in [RFC5440]: PCC, PCE, PCEP Peer.¶
The following term from [RFC8955] is used frequently throughout this document:¶
A Flow Specification is an n-tuple consisting of several matching criteria that can be applied to IP traffic. A given IP packet is said to match the defined Flow Specification if it matches all the specified criteria.¶
This document uses the following terms defined in [I-D.ietf-idr-flowspec-v2]: BGP FSv1, BGP FSv2.¶
The term "PCEP FSv1" is used to refer to the PCEP flow specification defined in [RFC9168], and "PCEP FSv2" is used to indicate the PCEP flow specification extensions proposed in this document.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The steps in the setup and use of LSPs section 3 of [RFC9168] defines the procedures for PCE use of Flow Specifications. For PCEP Flow Specification v2, the steps in the setup and use of LSPs follow the same specification defined in section 3.1 of [RFC9168] respectively.¶
As for the elements of the procedure, this document also follows the specification in section 3.2 of [RFC9168] except that:¶
The following sections describe these points.¶
The PCE-FLOWSPECv2-CAPABILITY TLV is an optional TLV that can be carried in the OPEN object [RFC5440] to exchange the PCE FlowSpecv2 capabilities of the PCEP speakers.¶
The format of the PCE-FLOWSPECv2-CAPABILITY TLV follows the format of all PCEP TLVs as defined in [RFC5440] and is shown in Figure 1.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length=2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Value=0 | Padding | +---------------------------------------------------------------+
The type of the PCE-FLOWSPECv2-CAPABILITY TLV is TBD1, and it has a fixed length of 2 octets. The Value field MUST be set to 0 and MUST be ignored on receipt. The two bytes of padding MUST be set to zero and ignored on receipt.¶
The inclusion of this TLV in an OPEN object indicates that the sender can perform FlowSpecv2 handling as defined in this document.¶
The PCEP FLOWSPECv2 object defined in this document is compliant with the PCEP object format defined in [RFC5440]. It is OPTIONAL in the PCReq, PCRep, PCErr, PCInitiate, PCRpt, and PCUpd messages and MAY be present zero, one, or more times. Each instance of the object specifies a separate traffic flow.¶
The PCEP FLOWSPECv2 object MAY carry FlowSpecv2 filter rules encoded in a Flow Filter TLV as defined in Section 6.¶
The FLOWSPECv2 Object-Class is TBD2.¶
The FLOWSPECv2 Object-Type is TBD3.¶
The format of the body of the PCEP FLOWSPECv2 object is shown in Figure 2.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | FS-ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | AFI | Reserved | Flags |L|R| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // TLVs // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Two flags are currently assigned:¶
Unassigned bits MUST be set to zero on transmission and ignored on receipt.¶
If the PCEP speaker receives a message with the R bit set in the FLOWSPECv2 object and the Flow Specification identified with an FS-ID does not exist, it MUST generate a PCErr with Error-Type 30 (FlowSpec Error) and Error-value 4 (Unknown FlowSpec).¶
If the PCEP speaker does not understand or support the AFI in the FLOWSPEC message, the PCEP peer MUST respond with a PCErr message with Error-Type 30 (FlowSpec Error) and Error-value 2 (Malformed FlowSpec).¶
The following TLVs can be used in the FLOWSPEC object:¶
The IP Basic Flow Filter TLV MUST be present when the R bit is clear. If the TLV is missing when the R bit is clear, the PCEP peer MUST respond with a PCErr message with Error-Type 30 (FlowSpec Error) and Error-value 2 (Malformed FlowSpec).¶
One new PCEP TLV is defined to convey Flow Specification version 2 filtering rules that specify what traffic is carried on a path. The TLV follows the format of all PCEP TLVs as defined in [RFC5440].¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Order | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | // sub-TLVs // | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Type field values come from the code point space for PCEP TLVs and has the value TBB4 for IP Basic Flow Filter TLV.¶
The value field contains an order field, it is a 4-octet field with a value 1-N following the semantic . The value 0 (zero) is invalid, if the value 0 is received, the PCEP peer MUST respond with a PCErr message with Error-Type 30 (FlowSpec Error) and Error-value 2 (Malformed FlowSpec).¶
(Currently, the dependency filter chain field in the IP Basic TLV [I-D.ietf-idr-fsv2-ip-basic] is not carried in IP Basic Flow Filter TLV defined in this document since this field is set all zero for the IP Basic Filter rules in [I-D.ietf-idr-fsv2-ip-basic])¶
The Value field of the TLV contains one or more sub-TLVs (the Flow Specification TLVs) as defined in Section 7, and they represent the complete definition of a IP Flow Specification for traffic to be placed on the tunnel. This tunnel is indicated by the PCEP message in which the PCEP FLOWSPECV2 object is carried. The set of Flow Specification TLVs in a single instance of a Flow Filter TLV is combined to indicate the specific Flow Specification.¶
The IP Basic Flow Filter TLV carries one or more IP Basic Flow Specification TLVs. IP Basic Flow Specification TLV follows the format of all PCEP TLVs as defined in [RFC5440]. However, the Type values are selected from a separate IANA registry rather than from the common PCEP TLV registry.¶
Type values are chosen so that there can be commonality with Flow Specifications defined for use with BGP [I-D.ietf-idr-fsv2-ip-basic]. This is possible because the BGP Flow Spec version 2 encoding uses a single octet to encode the type, whereas PCEP uses 2 octets. Thus, the space of values for the Type field is partitioned as shown in Table 1.¶
| Range | Description |
|---|---|
| 0-255 |
Per BGP Flow Spec registry defined by [I-D.ietf-idr-fsv2-ip-basic].¶ Not to be allocated in this registry.¶ |
| 256-65535 | New PCEP Flow Specifications allocated according to the registry defined in this document. |
[I-D.ietf-idr-fsv2-ip-basic] is the reference for the "BGP FSv2 Component Types" registry and defines the allocations it contains.¶
The content of the Value field in each TLV is specific to the type/AFI and describes the parameters of the Flow Specification. The definition of the format of many of these Value fields is inherited from BGP FSv2 specifications for basic IP[I-D.ietf-idr-fsv2-ip-basic], but it may also be inherited from future BGP specifications.¶
When used in other protocols (such as BGP), these Flow Specifications are also associated with actions to indicate how traffic matching the Flow Specification should be treated. In PCEP, however, the only action is to associate the traffic with a tunnel and to forward matching traffic onto that path, so no encoding of an action is needed.¶
When using the protocol extensions defined in this document, the following produres of PCEP FSv1 defined in [RFC5440] apply as well.¶
Besides, the following subsections outline some additional procedures for using the protocol extensions defined in this document.¶
Flow Specifications can overlap. For example, two different Flow Specifications may be identical except for the length of the prefix in the destination address. In these cases, the PCC must determine how to prioritize the Flow Specifications so as to know which path to assign packets that match both Flow Specifications. That is, the PCC must assign a precedence to the Flow Specifications so that it checks each incoming packet for a match in a predictable order.¶
[I-D.ietf-idr-flowspec-v2] specifies the ordering of FSv2 Filters and it provides rules and features to keep filters in a deterministic order between FSv1 and FSv2. PCCs MUST apply the same ordering rules as defined in [I-D.ietf-idr-flowspec-v2].¶
When the PCC receives both the PCEP FLOWSPEC object and PCEP FLOWSPECv2 object, the FSv1 rules are added after FSv2 rules¶
FSv2 rules are ordered based on user-specified order. The user-specified order is carried in the FSv2 NLRI and a numerical lower value takes precedence over a numerically higher value. For rules received with the same order value, the FSv1 rules apply (order by component type and then by value of the components).¶
An implementation that receives a PCEP message carrying a Flow Specification that it cannot resolve against other Flow Specifications already installed (for example, because the new Flow Specification has irresolvable conflicts with other Flow Specifications that are already installed) MUST respond with a PCErr message with Error-Type 30 (FlowSpec Error) and Error-value 3 (Unresolvable Conflict) and MUST NOT install the Flow Specification.¶
This document requests that IANA allocate code points for the protocol elements defined in this document.¶
Each PCEP object has an Object-Class and an Object-Type. IANA maintains a subregistry called "PCEP Objects". IANA is requested to make an assignment from this subregistry as follows:¶
| Object-Class Value | Name | Object-Type | Reference |
|---|---|---|---|
| TBD5 | FLOWSPEC | 0: Reserved | [This.I-D] |
| 1: Flow Specification version 2 | [This.I-D] |
This document requests that a new subregistry, "FLOWSPEC Object Flag Field", be created within the "Path Computation Element Protocol(PCEP) Numbers" registry to manage the Flag field of the FLOWSPECv2 object. New values are to be assigned by Standards Action [RFC8126]. Each bit should be tracked with the following qualities:¶
The initial population of this registry is as follows:¶
| Bit | Description | Reference |
|---|---|---|
| 0-5 | Unassigned | |
| 6 | LPM (L bit) | [This.I-D] |
| 7 | Remove (R bit) | [This.I-D] |
IANA maintains a subregistry called "PCEP TLV Type Indicators". IANA is requested to make an assignment from this subregistry as follows:¶
| Value | Description | Reference |
|---|---|---|
| TBD1 | PCE-FLOWSPECv2-CAPABILITY TLV | [This.I-D] |
| TBD4 | IP Basic FLOW FILTER TLV | [This.I-D] |
IANA is requested to create a new subregistry called the "PCEP Flow Specification TLV Type Indicators" registry.¶
Allocations from this registry are to be made according to the following assignment policies [RFC8126]:¶
| Range | Registration Procedures |
|---|---|
| 0-255 |
Reserved - must not be allocated.¶ Usage mirrors the BGP Flow Spec registry [RFC8955] [RFC8956].¶ |
| 256-64506 | Specification Required |
| 64507-65531 | First Come First Served |
| 65532-65535 | Experimental Use |
[RFC9168] describe the management of multiple flowspecs as well as control via configurations and policies. This is applicable to the Tunneled flowspec defined in this document.¶
The PCEP YANG module [RFC9826] would need to be augmented to cover tunneled flowspec.¶
Mechanisms defined in this document do not imply any new liveness detection and monitoring requirements in addition to those already listed in [RFC5440].¶
Mechanisms defined in this document do not imply any new operation verification requirements in addition to those already listed in [RFC9168].¶
Mechanisms defined in this document do not imply any new requirements on other protocols.¶
Mechanisms defined in this document do not have any new impact on network operations in addition to those already listed in [RFC9168].¶