Impact Of Client-Side Pce Implementation On Network Performance - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide
706
For secure PCEP sessions to be established successfully, the MD5 authentication should
be configured with the pre-shared authentication key on both the PCE server and the
PCC. The PCE and PCC use the same key to verify the authenticity of each segment sent
on the TCP connection of the PCEP session.
NOTE:
Junos OS Release 16.1 supports only TCP-MD5 authentication for PCEP
sessions, without extending support for TLS and TCP-AO, such as protection
against eavesdropping, tampering, and message forgery.
Initial application of security mechanism to a PCEP session causes the
session to reset.
If MD5 is misconfigured or not configured on one side of the PCEP session,
the session does not get established. Verify that the configurations on the
PCC and PCE are matching.
This feature does not provide support for any session authentication
mechanism.
To view the authentication keychain used by the PCEP session, use the
show path-computation-client status
outputs.
Use the
show system statistics tcp | match auth
number of packets that get dropped by TCP because of authentication
errors.
Operation of the keychain can be verified by using the
command output.
detail

Impact of Client-Side PCE Implementation on Network Performance

The maintenance of a stateful database can be non-trivial. In a single centralized PCE
environment, a stateful PCE simply needs to remember all the TE LSPs that the PCE has
computed, the TE LSPs that were actually set up (if this can be known), and when the
TE LSPs were torn down. However, these requirements cause substantial control protocol
overhead in terms of state, network usage and processing, and optimizing links globally
across the network. Thus, the concerns of a stateful PCE implementation include:
Any reliable synchronization mechanism results in significant control plane overhead.
PCEs might synchronize state by communicating with each other, but when TE LSPs
are set up using distributed computation performed among several PCEs, the problems
of synchronization and race condition avoidance become larger and more complex.
Out-of-band traffic engineering database synchronization can be complex with multiple
PCEs set up in a distributed PCE computation model, and can be prone to race
conditions, scalability concerns, and so on.
Path calculations incorporating total network state is highly complex, even if the PCE
has detailed information on all paths, priorities, and layers.
and show protocols pcep command
command to view the
show security keychain
Copyright © 2017, Juniper Networks, Inc.