| < draft-ietf-bess-evpn-optimized-ir-10.txt | draft-ietf-bess-evpn-optimized-ir-11.txt > | |||
|---|---|---|---|---|
| BESS Workgroup J. Rabadan, Ed. | BESS Workgroup J. Rabadan, Ed. | |||
| Internet-Draft S. Sathappan | Internet-Draft S. Sathappan | |||
| Intended status: Standards Track Nokia | Intended status: Standards Track Nokia | |||
| Expires: May 12, 2022 W. Lin | Expires: May 21, 2022 W. Lin | |||
| Juniper Networks | Juniper Networks | |||
| M. Katiyar | M. Katiyar | |||
| Versa Networks | Versa Networks | |||
| A. Sajassi | A. Sajassi | |||
| Cisco Systems | Cisco Systems | |||
| November 8, 2021 | November 17, 2021 | |||
| Optimized Ingress Replication solution for Ethernet VPN (EVPN) | Optimized Ingress Replication Solution for Ethernet VPN (EVPN) | |||
| draft-ietf-bess-evpn-optimized-ir-10 | draft-ietf-bess-evpn-optimized-ir-11 | |||
| Abstract | Abstract | |||
| Network Virtualization Overlay networks using Ethernet VPN (EVPN) as | Network Virtualization Overlay networks using Ethernet VPN (EVPN) as | |||
| control plane may use Ingress Replication or PIM (Protocol | control plane may use Ingress Replication or PIM (Protocol | |||
| Independent Multicast)-based trees to convey the overlay Broadcast, | Independent Multicast)-based trees to convey the overlay Broadcast, | |||
| Unknown unicast and Multicast (BUM) traffic. PIM provides an | Unknown unicast and Multicast (BUM) traffic. PIM provides an | |||
| efficient solution to avoid sending multiple copies of the same | efficient solution to avoid sending multiple copies of the same | |||
| packet over the same physical link, however it may not always be | packet over the same physical link, however it may not always be | |||
| deployed in the Network Virtualization Overlay core network. Ingress | deployed in the Network Virtualization Overlay core network. Ingress | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 48 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 12, 2022. | This Internet-Draft will expire on May 21, 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 28 ¶ | skipping to change at page 2, line 28 ¶ | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology and Conventions . . . . . . . . . . . . . . . . . 6 | 2. Terminology and Conventions . . . . . . . . . . . . . . . . . 6 | |||
| 3. Solution Requirements . . . . . . . . . . . . . . . . . . . . 8 | 3. Solution Requirements . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4. EVPN BGP Attributes for Optimized Ingress Replication . . . . 9 | 4. EVPN BGP Attributes for Optimized Ingress Replication . . . . 9 | |||
| 5. Non-Selective Assisted-Replication (AR) Solution Description 13 | 5. Non-Selective Assisted-Replication (AR) Solution Description 13 | |||
| 5.1. Non-selective AR-REPLICATOR Procedures . . . . . . . . . 14 | 5.1. Non-selective AR-REPLICATOR Procedures . . . . . . . . . 14 | |||
| 5.2. Non-Selective AR-LEAF Procedures . . . . . . . . . . . . 16 | 5.2. Non-Selective AR-LEAF Procedures . . . . . . . . . . . . 17 | |||
| 5.3. RNVE Procedures . . . . . . . . . . . . . . . . . . . . . 19 | 5.3. RNVE Procedures . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 6. Selective Assisted-Replication (AR) Solution Description . . 19 | 6. Selective Assisted-Replication (AR) Solution Description . . 20 | |||
| 6.1. Selective AR-REPLICATOR Procedures . . . . . . . . . . . 21 | 6.1. Selective AR-REPLICATOR Procedures . . . . . . . . . . . 21 | |||
| 6.2. Selective AR-LEAF Procedures . . . . . . . . . . . . . . 23 | 6.2. Selective AR-LEAF Procedures . . . . . . . . . . . . . . 23 | |||
| 7. Pruned-Flood-Lists (PFL) . . . . . . . . . . . . . . . . . . 25 | 7. Pruned-Flood-Lists (PFL) . . . . . . . . . . . . . . . . . . 26 | |||
| 7.1. A Pruned-Flood-List Example . . . . . . . . . . . . . . . 26 | 7.1. A Pruned-Flood-List Example . . . . . . . . . . . . . . . 26 | |||
| 8. AR Procedures for Single-IP AR-REPLICATORS . . . . . . . . . 27 | 8. AR Procedures for Single-IP AR-REPLICATORS . . . . . . . . . 28 | |||
| 9. AR Procedures and EVPN All-Active Multi-homing Split-Horizon 28 | 9. AR Procedures and EVPN All-Active Multi-homing Split-Horizon 28 | |||
| 9.1. Ethernet Segments on AR-LEAF Nodes . . . . . . . . . . . 28 | 9.1. Ethernet Segments on AR-LEAF Nodes . . . . . . . . . . . 29 | |||
| 9.2. Ethernet Segments on AR-REPLICATOR nodes . . . . . . . . 29 | 9.2. Ethernet Segments on AR-REPLICATOR nodes . . . . . . . . 29 | |||
| 10. Security Considerations . . . . . . . . . . . . . . . . . . . 30 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 30 | |||
| 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 | |||
| 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 | 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 | 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| 14.1. Normative References . . . . . . . . . . . . . . . . . . 32 | 14.1. Normative References . . . . . . . . . . . . . . . . . . 32 | |||
| 14.2. Informative References . . . . . . . . . . . . . . . . . 32 | 14.2. Informative References . . . . . . . . . . . . . . . . . 33 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 34 | |||
| 1. Introduction | 1. Introduction | |||
| Ethernet Virtual Private Networks (EVPN) may be used as the control | Ethernet Virtual Private Networks (EVPN) may be used as the control | |||
| plane for a Network Virtualization Overlay network [RFC8365]. | plane for a Network Virtualization Overlay network [RFC8365]. | |||
| Network Virtualization Edge (NVE) and Provider Edges (PE) devices | Network Virtualization Edge (NVE) and Provider Edges (PE) devices | |||
| that are part of the same EVPN Broadcast Domain (BD) use Ingress | that are part of the same EVPN Broadcast Domain (BD) use Ingress | |||
| Replication or PIM-based trees to transport the tenant's Broadcast, | Replication or PIM-based trees to transport the tenant's Broadcast, | |||
| Unknown unicast and Multicast (BUM) traffic. | Unknown unicast and Multicast (BUM) traffic. | |||
| skipping to change at page 5, line 34 ¶ | skipping to change at page 5, line 34 ¶ | |||
| the need for PIM in the underlay. Assisted Replication defines the | the need for PIM in the underlay. Assisted Replication defines the | |||
| roles of AR-REPLICATOR and AR-LEAF routers. The AR-LEAF is the | roles of AR-REPLICATOR and AR-LEAF routers. The AR-LEAF is the | |||
| ingress NVE/PE attached to the Tenant System. The AR-LEAF sends a | ingress NVE/PE attached to the Tenant System. The AR-LEAF sends a | |||
| single copy of a Broadcast or Multicast packet to a selected AR- | single copy of a Broadcast or Multicast packet to a selected AR- | |||
| REPLICATOR that replicates the packet mutiple times to remote AR-LEAF | REPLICATOR that replicates the packet mutiple times to remote AR-LEAF | |||
| or AR-REPLICATOR routers, and therefore "assisting" the ingress AR- | or AR-REPLICATOR routers, and therefore "assisting" the ingress AR- | |||
| LEAF in delivering the Broadcast or Multicast traffic to the remote | LEAF in delivering the Broadcast or Multicast traffic to the remote | |||
| NVEs/PEs attached to the same Broadcast Domain. Assisted-Replication | NVEs/PEs attached to the same Broadcast Domain. Assisted-Replication | |||
| can use a single AR-REPLICATOR or two AR-REPLICATOR routers in the | can use a single AR-REPLICATOR or two AR-REPLICATOR routers in the | |||
| path between the ingress AR-LEAF and the remote destination NVE/PEs. | path between the ingress AR-LEAF and the remote destination NVE/PEs. | |||
| The procedures that use a single AR-REPLICATOR are specified in | The procedures that use a single AR-REPLICATOR (Non-Selective | |||
| Section 5, whereas Section 6 describes how multi-staged replication, | Assisted-Replication Solution) are specified in Section 5, whereas | |||
| i.e., two AR-REPLICATOR routers in the path between the ingress AR- | Section 6 describes how multi-staged replication, i.e., two AR- | |||
| LEAF and destination NVEs/PEs, is accomplished. | REPLICATOR routers in the path between the ingress AR-LEAF and | |||
| destination NVEs/PEs, is accomplished (Selective Assisted-Replication | ||||
| Solution). The Assisted-Replication procedures do not impact unknown | ||||
| unicast traffic, which follows the same forwarding procedures as | ||||
| known unicast traffic so that packet re-ordering does not occur. | ||||
| Pruned-Flood-Lists is a method for the ingress NVE/PE to prune or | Pruned-Flood-Lists is a method for the ingress NVE/PE to prune or | |||
| remove certain destination NVEs/PEs from a flood-list, depending on | remove certain destination NVEs/PEs from a flood-list, depending on | |||
| the interest of those NVEs/PEs in receiving Broadcast, Multicast or | the interest of those NVEs/PEs in receiving Broadcast, Multicast or | |||
| Unknown unicast. As specfied in [RFC8365], an NVE/PE builds a flood- | Unknown unicast. As specfied in [RFC8365], an NVE/PE builds a flood- | |||
| list for BUM traffic based on the Next-Hops of the received EVPN | list for BUM traffic based on the Next-Hops of the received EVPN | |||
| Inclusive Multicast Ethernet Tag routes for the Broadcast Domain. | Inclusive Multicast Ethernet Tag routes for the Broadcast Domain. | |||
| While [RFC8365] states that the flood-list is used for all BUM | While [RFC8365] states that the flood-list is used for all BUM | |||
| traffic, this document allows pruning certain Next-Hops from the | traffic, this document allows pruning certain Next-Hops from the | |||
| list. As an example, suppose an ingress NVE creates a flood-list | list. As an example, suppose an ingress NVE creates a flood-list | |||
| skipping to change at page 6, line 22 ¶ | skipping to change at page 6, line 26 ¶ | |||
| [RFC7432], and they are described in Section 4. | [RFC7432], and they are described in Section 4. | |||
| The Assisted-Replication solution described in this document is | The Assisted-Replication solution described in this document is | |||
| focused on Network Virtualization Overlay networks (hence it uses IP | focused on Network Virtualization Overlay networks (hence it uses IP | |||
| tunnels) and MPLS transport networks are out of scope. The Pruned- | tunnels) and MPLS transport networks are out of scope. The Pruned- | |||
| Flood-Lists solution MAY be used in Network Virtualization Overlay | Flood-Lists solution MAY be used in Network Virtualization Overlay | |||
| and MPLS transport networks. | and MPLS transport networks. | |||
| Section 3 lists the requirements of the combined optimized Ingress | Section 3 lists the requirements of the combined optimized Ingress | |||
| Replication solution, whereas Section 5 and Section 6 describe the | Replication solution, whereas Section 5 and Section 6 describe the | |||
| Assisted-Replication solution, and Section 7 the Pruned-Flood-Lists | Assisted-Replication solution (for Non-Selective and Selective | |||
| procedures, respectively), and Section 7 the Pruned-Flood-Lists | ||||
| solution. | solution. | |||
| 2. Terminology and Conventions | 2. Terminology and Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in BCP | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| skipping to change at page 7, line 29 ¶ | skipping to change at page 7, line 33 ¶ | |||
| - BD: Broadcast Domain, as defined in [RFC7432]. | - BD: Broadcast Domain, as defined in [RFC7432]. | |||
| - DF and NDF: Designated Forwarder and Non-Designated Forwarder, are | - DF and NDF: Designated Forwarder and Non-Designated Forwarder, are | |||
| roles defined in NVE/PEs attached to Multi-Homed Tenant Systems, | roles defined in NVE/PEs attached to Multi-Homed Tenant Systems, | |||
| as per [RFC7432] and [RFC8365]. | as per [RFC7432] and [RFC8365]. | |||
| - ES and ESI: Ethernet Segment and Ethernet Segment Identifier, as | - ES and ESI: Ethernet Segment and Ethernet Segment Identifier, as | |||
| EVPN Multi-Homing concepts specified in [RFC7432]. | EVPN Multi-Homing concepts specified in [RFC7432]. | |||
| - EVI: EVPN Instance. An EVPN instance spanning the Provider Edge | - EVI: EVPN Instance. A group of Provider Edge (PE) devices | |||
| (PE) devices participating in that EVPN, as specified in | participating in the same EVPN service, as specified in [RFC7432]. | |||
| [RFC7432]. | ||||
| - GRE: Generic Routing Encapsulation [RFC4023]. | - GRE: Generic Routing Encapsulation [RFC4023]. | |||
| - Ingress Replication forwarding mode: it refers to the Ingress | - Ingress Replication forwarding mode: it refers to the Ingress | |||
| Replication behavior explained in [RFC7432]. It means sending an | Replication behavior explained in [RFC7432]. It means sending an | |||
| Attachment Circuit BM packet copy to each remote PE/NVE in the BD | Attachment Circuit BM packet copy to each remote PE/NVE in the BD | |||
| and sending an overlay BM packet only to the Attachment Circuits | and sending an overlay BM packet only to the Attachment Circuits | |||
| and not other overlay tunnels. | and not other overlay tunnels. | |||
| - IR-IP: local IP address of an NVE/PE that is used for the Ingress | - IR-IP: local IP address of an NVE/PE that is used for the Ingress | |||
| skipping to change at page 9, line 10 ¶ | skipping to change at page 9, line 12 ¶ | |||
| Multicast traffic without the need for PIM, while preserving the | Multicast traffic without the need for PIM, while preserving the | |||
| packet order for unicast applications, i.e., unknown unicast | packet order for unicast applications, i.e., unknown unicast | |||
| traffic should follow the same path as known unicast traffic. | traffic should follow the same path as known unicast traffic. | |||
| This optimization is required in low-performance NVEs. | This optimization is required in low-performance NVEs. | |||
| b. It reduces the flooded traffic in Network Virtualization Overlay | b. It reduces the flooded traffic in Network Virtualization Overlay | |||
| networks where some NVEs do not need broadcast/multicast and/or | networks where some NVEs do not need broadcast/multicast and/or | |||
| unknown unicast traffic. | unknown unicast traffic. | |||
| c. The solution is compatible with [RFC7432] and [RFC8365] and has | c. The solution is compatible with [RFC7432] and [RFC8365] and has | |||
| no impact on the EVPN procedures for BM traffic. In particular, | no impact on the CE procedures for BM traffic. In particular, | |||
| the solution supports the following EVPN functions: | the solution supports the following EVPN functions: | |||
| o All-active multi-homing, including the split-horizon and | o All-active multi-homing, including the split-horizon and | |||
| Designated Forwarder (DF) functions. | Designated Forwarder (DF) functions. | |||
| o Single-active multi-homing, including the DF function. | o Single-active multi-homing, including the DF function. | |||
| o Handling of multi-destination traffic and processing of | o Handling of multi-destination traffic and processing of | |||
| broadcast and multicast as per [RFC7432]. | broadcast and multicast as per [RFC7432]. | |||
| skipping to change at page 9, line 37 ¶ | skipping to change at page 9, line 39 ¶ | |||
| specific data plane encapsulation and the virtual identifiers | specific data plane encapsulation and the virtual identifiers | |||
| being used, e.g.: VXLAN VNIs, NVGRE VSIDs or MPLS labels, as long | being used, e.g.: VXLAN VNIs, NVGRE VSIDs or MPLS labels, as long | |||
| as the tunnel is IP-based. | as the tunnel is IP-based. | |||
| 4. EVPN BGP Attributes for Optimized Ingress Replication | 4. EVPN BGP Attributes for Optimized Ingress Replication | |||
| This solution extends the [RFC7432] Inclusive Multicast Ethernet Tag | This solution extends the [RFC7432] Inclusive Multicast Ethernet Tag | |||
| routes and attributes so that an NVE/PE can signal its optimized | routes and attributes so that an NVE/PE can signal its optimized | |||
| Ingress Replication capabilities. | Ingress Replication capabilities. | |||
| The Inclusive Multicast Ethernet Tag route as in [RFC7432] is shown | The NLRI of the Inclusive Multicast Ethernet Tag route as in | |||
| in Figure 2 and it is used in this document without any modifications | [RFC7432] is shown in Figure 2 and it is used in this document | |||
| to its format. The PMSI Tunnel Attribute's general format as in | without any modifications to its format. The PMSI Tunnel Attribute's | |||
| [RFC7432] is used in this document, only a new Tunnel Type and new | general format as in [RFC7432] (which takes it from [RFC6514]) is | |||
| flags are specified, as shown in Figure 3: | used in this document, only a new Tunnel Type and new flags are | |||
| specified, as shown in Figure 3: | ||||
| +---------------------------------+ | +---------------------------------+ | |||
| | RD (8 octets) | | | RD (8 octets) | | |||
| +---------------------------------+ | +---------------------------------+ | |||
| | Ethernet Tag ID (4 octets) | | | Ethernet Tag ID (4 octets) | | |||
| +---------------------------------+ | +---------------------------------+ | |||
| | IP Address Length (1 octet) | | | IP Address Length (1 octet) | | |||
| +---------------------------------+ | +---------------------------------+ | |||
| | Originating Router's IP Addr | | | Originating Router's IP Addr | | |||
| | (4 or 16 octets) | | | (4 or 16 octets) | | |||
| +---------------------------------+ | +---------------------------------+ | |||
| Figure 2: EVPN Inclusive Multicast Tag route | Figure 2: EVPN Inclusive Multicast Tag route's NLRI | |||
| 0 1 2 3 4 5 6 7 | 0 1 2 3 4 5 6 7 | |||
| +---------------------------------+ +--+--+--+--+--+--+--+--+ | +---------------------------------+ +--+--+--+--+--+--+--+--+ | |||
| | Flags (1 octet) | -> |x |E |x | T |BM|U |L | | | Flags (1 octet) | -> |x |E |x | T |BM|U |L | | |||
| +---------------------------------+ +--+--+--+--+--+--+--+--+ | +---------------------------------+ +--+--+--+--+--+--+--+--+ | |||
| | Tunnel Type (1 octets) | T = Assisted-Replication Type | | Tunnel Type (1 octets) | T = Assisted-Replication Type | |||
| +---------------------------------+ BM = Broadcast and Multicast | +---------------------------------+ BM = Broadcast and Multicast | |||
| | MPLS Label (3 octets) | U = Unknown unicast | | MPLS Label (3 octets) | U = Unknown unicast | |||
| +---------------------------------+ x = unassigned | +---------------------------------+ x = unassigned | |||
| | Tunnel Identifier (variable) | | | Tunnel Identifier (variable) | | |||
| skipping to change at page 11, line 36 ¶ | skipping to change at page 11, line 36 ¶ | |||
| In this document, the above Inclusive Multicast Ethernet Tag route | In this document, the above Inclusive Multicast Ethernet Tag route | |||
| Figure 2 and PMSI Tunnel Attribute Figure 3 can be used in two | Figure 2 and PMSI Tunnel Attribute Figure 3 can be used in two | |||
| different modes for the same BD: | different modes for the same BD: | |||
| - Regular-IR route: in this route, Originating Router's IP Address, | - Regular-IR route: in this route, Originating Router's IP Address, | |||
| Tunnel Type (0x06), MPLS Label and Tunnel Identifier MUST be used | Tunnel Type (0x06), MPLS Label and Tunnel Identifier MUST be used | |||
| as described in [RFC7432] when Ingress Replication is in use. The | as described in [RFC7432] when Ingress Replication is in use. The | |||
| NVE/PE that advertises the route will set the Next-Hop to an IP | NVE/PE that advertises the route will set the Next-Hop to an IP | |||
| address that we denominate IR-IP in this document. When | address that we denominate IR-IP in this document. When | |||
| advertised by an AR-LEAF node, the Regular-IR route MUST be | advertised by an AR-LEAF node, the Regular-IR route MUST be | |||
| advertised with type T= AR-LEAF. | advertised with type T set to 10 (AR-LEAF). | |||
| - Replicator-AR route: this route is used by the AR-REPLICATOR to | - Replicator-AR route: this route is used by the AR-REPLICATOR to | |||
| advertise its AR capabilities, with the fields set as follows: | advertise its AR capabilities, with the fields set as follows: | |||
| o Originating Router's IP Address MUST be set to an IP address of | o Originating Router's IP Address MUST be set to an IP address of | |||
| the advertising router that is common to all the EVIs on the PE | the advertising router that is common to all the EVIs on the PE | |||
| (usually this is a loopback address of the PE). | (usually this is a loopback address of the PE). | |||
| + The Tunnel Identifier and Next-Hop SHOULD be set to the same | + The Tunnel Identifier and Next-Hop SHOULD be set to the same | |||
| IP address as the Originating Router's IP address when the | IP address as the Originating Router's IP address when the | |||
| skipping to change at page 12, line 11 ¶ | skipping to change at page 12, line 11 ¶ | |||
| the values in the Tunnel Identifier and Originating Router's | the values in the Tunnel Identifier and Originating Router's | |||
| IP Address fields, the ingress NVE/PE will process the | IP Address fields, the ingress NVE/PE will process the | |||
| received Replicator-AR route and will use the IP Address in | received Replicator-AR route and will use the IP Address in | |||
| the Next-Hop field to create IP tunnels to the AR- | the Next-Hop field to create IP tunnels to the AR- | |||
| REPLICATOR. | REPLICATOR. | |||
| + The Next-Hop address is referred to as the AR-IP and MUST be | + The Next-Hop address is referred to as the AR-IP and MUST be | |||
| different from the IR-IP for a given PE/NVE, unless the | different from the IR-IP for a given PE/NVE, unless the | |||
| procedures in Section 8 are followed. | procedures in Section 8 are followed. | |||
| o Tunnel Type = Assisted-Replication Tunnel. Section 11 provides | o Tunnel Type MUST be set to Assisted-Replication Tunnel. | |||
| the allocated type value. | Section 11 provides the allocated type value. | |||
| o T (AR role type) = 01 (AR-REPLICATOR). | o T (AR role type) MUST be set to 01 (AR-REPLICATOR). | |||
| o L (Leaf Information Required) = 0 (for non-selective AR) or 1 | o L (Leaf Information Required) MUST be set to 0 (for non- | |||
| (for selective AR). | selective AR), and MUST be set to 1 (for selective AR). | |||
| An NVE/PE configured as AR-REPLICATOR for a BD MUST advertise a | An NVE/PE configured as AR-REPLICATOR for a BD MUST advertise a | |||
| Replicator-AR route for the BD and MAY advertise a Regular-IR route. | Replicator-AR route for the BD and MAY advertise a Regular-IR route. | |||
| The advertisement of the Replicator-AR route will indicate the AR- | The advertisement of the Replicator-AR route will indicate the AR- | |||
| LEAFs what outer IP DA, i.e., the AR-IP, they need to use for IP | LEAFs what outer IP DA, i.e., the AR-IP, they need to use for IP | |||
| encapsulated BM frames that use Assisted Replication forwarding mode. | encapsulated BM frames that use Assisted Replication forwarding mode. | |||
| The AR-REPLICATOR will forward an IP encapsulated BM frame in | The AR-REPLICATOR will forward an IP encapsulated BM frame in | |||
| Assisted Replication forwarding mode if the outer IP DA matches its | Assisted Replication forwarding mode if the outer IP DA matches its | |||
| AR-IP, but will forward in Ingress Replication forwarding mode if the | AR-IP, but will forward in Ingress Replication forwarding mode if the | |||
| outer IP DA matches its IR-IP. | outer IP DA matches its IR-IP. | |||
| In addition, this document also uses the Leaf Auto-Discovery route | In addition, this document also uses the Leaf Auto-Discovery route | |||
| defined in [I-D.ietf-bess-evpn-bum-procedure-updates] in case the | defined in [I-D.ietf-bess-evpn-bum-procedure-updates] in case the | |||
| selective AR mode is used. An AR-LEAF MAY send a Leaf A-D route in | selective AR mode is used. An AR-LEAF MAY send a Leaf A-D route in | |||
| response to reception of a Replicator-AR route whose L flag is set. | response to reception of a Replicator-AR route whose L flag is set. | |||
| It is only used for selective AR and its fields are set as follows: | The Leaf Auto-Discovery route is only used for selective AR and the | |||
| fields of such route are set as follows: | ||||
| o Originating Router's IP Address is set to the advertising | o Originating Router's IP Address is set to the advertising | |||
| router's IP address (same IP used by the AR-LEAF in regular-IR | router's IP address (same IP used by the AR-LEAF in regular-IR | |||
| routes). The Next-Hop address is set to the IR-IP, which | routes). The Next-Hop address is set to the IR-IP, which | |||
| SHOULD be the same IP address as the advertising router's IP | SHOULD be the same IP address as the advertising router's IP | |||
| address, when the NVE/PE originates the route, i.e., when the | address, when the NVE/PE originates the route, i.e., when the | |||
| NVE/PE is not an ASBR as in section 10.2 of [RFC8365]. | NVE/PE is not an ASBR as in section 10.2 of [RFC8365]. | |||
| o Route Key is the "Route Type Specific" NLRI of the Replicator- | o Route Key is the "Route Type Specific" NLRI of the Replicator- | |||
| AR route for which this Leaf Auto-Discovery route is generated. | AR route for which this Leaf Auto-Discovery route is generated. | |||
| o The AR-LEAF constructs an IP-address-specific route-target as | o The AR-LEAF constructs an IP-address-specific route-target, | |||
| indicated in [I-D.ietf-bess-evpn-bum-procedure-updates], by | analogously to [I-D.ietf-bess-evpn-bum-procedure-updates], by | |||
| placing the IP address carried in the Next-Hop field of the | placing the IP address carried in the Next-Hop field of the | |||
| received Replicator-AR route in the Global Administrator field | received Replicator-AR route in the Global Administrator field | |||
| of the Community, with the Local Administrator field of this | of the Community, with the Local Administrator field of this | |||
| Community set to 0. Note that the same IP-address-specific | Community set to 0, and setting the Extended Communities | |||
| import route-target is auto-configured by the AR-REPLICATOR | attribute of the Leaf Auto-Discovery route to that Community. | |||
| that sent the Replicator-AR, in order to control the acceptance | The same IP-address-specific import route-target is auto- | |||
| of the Leaf Auto-Discovery routes. | configured by the AR-REPLICATOR that sent the Replicator-AR | |||
| route, in order to control the acceptance of the Leaf Auto- | ||||
| Discovery routes. | ||||
| o The Leaf Auto-Discovery route MUST include the PMSI Tunnel | o The Leaf Auto-Discovery route MUST include the PMSI Tunnel | |||
| attribute with the Tunnel Type set to AR, type set to AR-LEAF | attribute with the Tunnel Type set to AR (Section 11), T (AR | |||
| and the Tunnel Identifier set to the IP address of the | role type) set to AR-LEAF and the Tunnel Identifier set to the | |||
| advertising AR-LEAF. The PMSI Tunnel attribute MUST carry a | IP address of the advertising AR-LEAF. The PMSI Tunnel | |||
| downstream-assigned MPLS label or VNI that is used by the AR- | attribute MUST carry a downstream-assigned MPLS label or VNI | |||
| REPLICATOR to send traffic to the AR-LEAF. | that is used by the AR-REPLICATOR to send traffic to the AR- | |||
| LEAF. | ||||
| Each AR-enabled node MUST understand and process the AR type field in | Each AR-enabled node understands and process the T (Assisted- | |||
| the PMSI Tunnel Attribute (Flags field) of the routes, and MUST | Replication type) field in the PMSI Tunnel Attribute (Flags field) of | |||
| signal the corresponding type (AR-REPLICATOR or AR-LEAF type) | the routes, and MUST signal the corresponding type (AR-REPLICATOR or | |||
| according to its administrative choice. | AR-LEAF type) according to its administrative choice. An NVE/PE | |||
| following this specification is not expected to set the AR type field | ||||
| to decimal 3 (which is a RESERVED value). If a route with the AR | ||||
| type field set to decimal 3 is received by an AR-REPLICATOR or AR- | ||||
| LEAF, the router will process the route as a Regular-IR route | ||||
| advertised by an RNVE. | ||||
| Each node attached to the BD may understand and process the BM/U | Each node attached to the BD may understand and process the BM/U | |||
| flags (Pruned-Flood-Lists flags). Note that these BM/U flags may be | flags (Pruned-Flood-Lists flags). Note that these BM/U flags may be | |||
| used to optimize the delivery of multi-destination traffic and their | used to optimize the delivery of multi-destination traffic and their | |||
| use SHOULD be an administrative choice, and independent of the AR | use SHOULD be an administrative choice, and independent of the AR | |||
| role. When the Pruned-Flood-List capability is enabled, the BM/U | role. When the Pruned-Flood-List capability is enabled, the BM/U | |||
| flags can be used with the Regular-IR, Replicator-AR and Leaf Auto- | flags can be used with the Regular-IR, Replicator-AR and Leaf Auto- | |||
| Discovery routes. | Discovery routes. | |||
| Non-optimized Ingress Replication NVEs/PEs will be unaware of the new | Non-optimized Ingress Replication NVEs/PEs will be unaware of the new | |||
| skipping to change at page 14, line 46 ¶ | skipping to change at page 14, line 51 ¶ | |||
| directly from the source node to the destination node without being | directly from the source node to the destination node without being | |||
| replicated by any intermediate node. | replicated by any intermediate node. | |||
| Note that known unicast forwarding is not impacted by this solution, | Note that known unicast forwarding is not impacted by this solution, | |||
| i.e., unknown unicast SHALL follow the same path as known unicast | i.e., unknown unicast SHALL follow the same path as known unicast | |||
| traffic. | traffic. | |||
| 5.1. Non-selective AR-REPLICATOR Procedures | 5.1. Non-selective AR-REPLICATOR Procedures | |||
| An AR-REPLICATOR is defined as an NVE/PE capable of replicating | An AR-REPLICATOR is defined as an NVE/PE capable of replicating | |||
| incoming BM (Broadcast and Multicast) traffic received on an overlay | incoming BM traffic received on an overlay tunnel to other overlay | |||
| tunnel to other overlay tunnels and local Attachment Circuits. The | tunnels and local Attachment Circuits. The AR-REPLICATOR signals its | |||
| AR-REPLICATOR signals its role in the control plane and understands | role in the control plane and understands where the other roles (AR- | |||
| where the other roles (AR-LEAF nodes, RNVEs and other AR-REPLICATORs) | LEAF nodes, RNVEs and other AR-REPLICATORs) are located. A given AR- | |||
| are located. A given AR-enabled BD service may have zero, one or | enabled BD service may have zero, one or more AR-REPLICATORs. In our | |||
| more AR-REPLICATORs. In our example in Figure 4, PE1 and PE2 are | example in Figure 4, PE1 and PE2 are defined as AR-REPLICATORs. The | |||
| defined as AR-REPLICATORs. The following considerations apply to the | following considerations apply to the AR-REPLICATOR role: | |||
| AR-REPLICATOR role: | ||||
| a. The AR-REPLICATOR role SHOULD be an administrative choice in any | a. The AR-REPLICATOR role SHOULD be an administrative choice in any | |||
| NVE/PE that is part of an AR-enabled BD. This administrative | NVE/PE that is part of an AR-enabled BD. This administrative | |||
| option to enable AR-REPLICATOR capabilities MAY be implemented as | option to enable AR-REPLICATOR capabilities MAY be implemented as | |||
| a system level option as opposed to as a per-BD option. | a system level option as opposed to as a per-BD option. | |||
| b. An AR-REPLICATOR MUST advertise a Replicator-AR route and MAY | b. An AR-REPLICATOR MUST advertise a Replicator-AR route and MAY | |||
| advertise a Regular-IR route. The AR-REPLICATOR MUST NOT | advertise a Regular-IR route. The AR-REPLICATOR MUST NOT | |||
| generate a Regular-IR route if it does not have local attachment | generate a Regular-IR route if it does not have local attachment | |||
| circuits (AC). If the Regular-IR route is advertised, the | circuits (AC). If the Regular-IR route is advertised, the | |||
| skipping to change at page 16, line 26 ¶ | skipping to change at page 16, line 29 ¶ | |||
| o If the destination IP address matches its AR-IP, the AR- | o If the destination IP address matches its AR-IP, the AR- | |||
| REPLICATOR MUST forward the BM packet to its flooding list (ACs | REPLICATOR MUST forward the BM packet to its flooding list (ACs | |||
| and overlay tunnels) excluding the non-BM overlay tunnels. The | and overlay tunnels) excluding the non-BM overlay tunnels. The | |||
| AR-REPLICATOR will ensure the traffic is not sent back to the | AR-REPLICATOR will ensure the traffic is not sent back to the | |||
| originating AR-LEAF. | originating AR-LEAF. | |||
| o If the encapsulation is MPLSoGRE or MPLSoUDP and the received | o If the encapsulation is MPLSoGRE or MPLSoUDP and the received | |||
| BD label (or label that the AR-REPLICATOR advertised in the | BD label (or label that the AR-REPLICATOR advertised in the | |||
| Replicator-AR route) is not the bottom of the stack, the AR- | Replicator-AR route) is not the bottom of the stack, the AR- | |||
| REPLICATOR MUST copy the rest of the labels when forwarding | REPLICATOR MUST copy the all the labels below the BD label and | |||
| them to the egress overlay tunnels. | propagate them when forwarding the packet to the egress overlay | |||
| tunnels. | ||||
| - The AR-REPLICATOR/LEAF nodes will build an Unknown unicast flood- | - The AR-REPLICATOR/LEAF nodes will build an Unknown unicast flood- | |||
| list composed of Attachment Circuits and overlay tunnels to the | list composed of Attachment Circuits and overlay tunnels to the | |||
| IR-IP Addresses of the remote nodes in the BD. Some of those | IR-IP Addresses of the remote nodes in the BD. Some of those | |||
| overlay tunnels MAY be flagged as non-U (Unknown unicast) | overlay tunnels MAY be flagged as non-U (Unknown unicast) | |||
| receivers based on the U flag received from the remote nodes in | receivers based on the U flag received from the remote nodes in | |||
| the BD. | the BD. | |||
| o When an AR-REPLICATOR/LEAF receives an unknown unicast packet | o When an AR-REPLICATOR/LEAF receives an unknown unicast packet | |||
| on an Attachment Circuit, it will forward the unknown unicast | on an Attachment Circuit, it will forward the unknown unicast | |||
| skipping to change at page 17, line 18 ¶ | skipping to change at page 17, line 25 ¶ | |||
| a. The AR-LEAF role SHOULD be an administrative choice in any NVE/PE | a. The AR-LEAF role SHOULD be an administrative choice in any NVE/PE | |||
| that is part of an AR-enabled BD. This administrative option to | that is part of an AR-enabled BD. This administrative option to | |||
| enable AR-LEAF capabilities MAY be implemented as a system level | enable AR-LEAF capabilities MAY be implemented as a system level | |||
| option as opposed to as per-BD option. | option as opposed to as per-BD option. | |||
| b. In this non-selective AR solution, the AR-LEAF MUST advertise a | b. In this non-selective AR solution, the AR-LEAF MUST advertise a | |||
| single Regular-IR inclusive multicast route as in [RFC7432]. The | single Regular-IR inclusive multicast route as in [RFC7432]. The | |||
| AR-LEAF SHOULD set the Assisted-Replication Type field to AR- | AR-LEAF SHOULD set the Assisted-Replication Type field to AR- | |||
| LEAF. Note that although this field does not make any difference | LEAF. Note that although this field does not make any difference | |||
| for the egress nodes when creating an EVPN destination to the AR- | for the remote nodes when creating an EVPN destination to the AR- | |||
| LEAF, this field is useful for an easy operation and | LEAF, this field is useful for an easy operation and | |||
| troubleshooting of the BD. | troubleshooting of the BD. | |||
| c. In a BD where there are no AR-REPLICATORs due to the AR- | c. In a BD where there are no AR-REPLICATORs due to the AR- | |||
| REPLICATORs being down or reconfigured, the AR-LEAF MUST use | REPLICATORs being down or reconfigured, the AR-LEAF MUST use | |||
| regular Ingress Replication, based on the remote Regular-IR | regular Ingress Replication, based on the remote Regular-IR | |||
| Inclusive Multicast Routes as described in [RFC7432]. This may | Inclusive Multicast Routes as described in [RFC7432]. This may | |||
| happen in the following cases: | happen in the following cases: | |||
| o The AR-LEAF has a list of AR-REPLICATORs for the BD, but it | o The AR-LEAF has a list of AR-REPLICATORs for the BD, but it | |||
| skipping to change at page 18, line 6 ¶ | skipping to change at page 18, line 11 ¶ | |||
| o A single AR-REPLICATOR MAY be selected for all the BM packets | o A single AR-REPLICATOR MAY be selected for all the BM packets | |||
| received on the AR-LEAF attachment circuits (ACs) for a given | received on the AR-LEAF attachment circuits (ACs) for a given | |||
| BD. This selection is a local decision and it does not have | BD. This selection is a local decision and it does not have | |||
| to match other AR-LEAF's selections within the same BD. | to match other AR-LEAF's selections within the same BD. | |||
| o An AR-LEAF MAY select more than one AR-REPLICATOR and do | o An AR-LEAF MAY select more than one AR-REPLICATOR and do | |||
| either per-flow or per-BD load balancing. | either per-flow or per-BD load balancing. | |||
| o In case of a failure of the selected AR-REPLICATOR, another | o In case of a failure of the selected AR-REPLICATOR, another | |||
| AR-REPLICATOR SHOULD be selected. | AR-REPLICATOR SHOULD be selected by the AR-LEAF. | |||
| o When an AR-REPLICATOR is selected for a given flow or BD, the | o When an AR-REPLICATOR is selected for a given flow or BD, the | |||
| AR-LEAF MUST send all the BM packets targeted to that AR- | AR-LEAF MUST send all the BM packets targeted to that AR- | |||
| REPLICATOR using the forwarding information given by the | REPLICATOR using the forwarding information given by the | |||
| Replicator-AR route for the chosen AR-REPLICATOR, with tunnel | Replicator-AR route for the chosen AR-REPLICATOR, with tunnel | |||
| type = 0x0A (AR tunnel). The underlay destination IP address | type = 0x0A (AR tunnel). The underlay destination IP address | |||
| MUST be the AR-IP advertised by the AR-REPLICATOR in the | MUST be the AR-IP advertised by the AR-REPLICATOR in the | |||
| Replicator-AR route. | Replicator-AR route. | |||
| o An AR-LEAF MAY change the AR-REPLICATOR(s) selection | o An AR-LEAF MAY change the AR-REPLICATOR(s) selection | |||
| skipping to change at page 20, line 34 ¶ | skipping to change at page 20, line 38 ¶ | |||
| | (BD-1) | | (BD-1) | | (BD-1) | | | (BD-1) | | (BD-1) | | (BD-1) | | |||
| | LEAF-set1 | |LEAF-set-1 | |LEAF-set-2 | | | LEAF-set1 | |LEAF-set-1 | |LEAF-set-2 | | |||
| +--+-----+--+ +--+-----+--+ +--+-----+--+ | +--+-----+--+ +--+-----+--+ +--+-----+--+ | |||
| | | | | | | | | | | | | | | |||
| VM11 VM12 TS3 TS4 VM31 VM32 | VM11 VM12 TS3 TS4 VM31 VM32 | |||
| Figure 5: Selective AR scenario | Figure 5: Selective AR scenario | |||
| The solution is called "selective" because a given AR-REPLICATOR MUST | The solution is called "selective" because a given AR-REPLICATOR MUST | |||
| replicate the BM traffic to only the AR-LEAFs that requested the | replicate the BM traffic to only the AR-LEAFs that requested the | |||
| replication (as opposed to all the AR-LEAF nodes) and MAY replicate | replication (as opposed to all the AR-LEAF nodes) and MUST replicate | |||
| the BM traffic to the RNVEs. The same AR roles defined in Section 4 | the BM traffic to the RNVEs (if there are any). The same AR roles | |||
| are used here, however the procedures are different. | defined in Section 4 are used here, however the procedures are | |||
| different. | ||||
| The Selective AR procedures create multiple AR-LEAF-sets in the EVPN | The Selective AR procedures create multiple AR-LEAF-sets in the EVPN | |||
| BD, and builds single-hop trees among AR-LEAFs of the same set (AR- | BD, and builds single-hop trees among AR-LEAFs of the same set (AR- | |||
| LEAF->AR-REPLICATOR->AR-LEAF), and two-hop trees among AR-LEAFs of | LEAF->AR-REPLICATOR->AR-LEAF), and two-hop trees among AR-LEAFs of | |||
| different sets (AR-LEAF->AR-REPLICATOR->AR-REPLICATOR->AR-LEAF). | different sets (AR-LEAF->AR-REPLICATOR->AR-REPLICATOR->AR-LEAF). | |||
| Compared to the Selective solution, the Non-Selective AR method | Compared to the Selective solution, the Non-Selective AR method | |||
| assumes that all the AR-LEAFs of the BD are in the same set and | assumes that all the AR-LEAFs of the BD are in the same set and | |||
| always create two-hop trees among AR-LEAFs. While the Selective | always create two-hop trees among AR-LEAFs. While the Selective | |||
| solution is more efficient than the Non-Selective solution in multi- | solution is more efficient than the Non-Selective solution in multi- | |||
| stage IP fabrics, the trade-off is additional signaling and an | stage IP fabrics, the trade-off is additional signaling and an | |||
| skipping to change at page 22, line 4 ¶ | skipping to change at page 22, line 8 ¶ | |||
| Likewise, PE2 will only add NVE3 to its selective AR-LEAF-set | Likewise, PE2 will only add NVE3 to its selective AR-LEAF-set | |||
| for BD-1, and exclude NVE1/NVE2. | for BD-1, and exclude NVE1/NVE2. | |||
| o When a node defined and operating as a Selective AR-REPLICATOR | o When a node defined and operating as a Selective AR-REPLICATOR | |||
| receives a packet on an overlay tunnel, it will do a tunnel | receives a packet on an overlay tunnel, it will do a tunnel | |||
| destination IP lookup and if the destination IP address is the | destination IP lookup and if the destination IP address is the | |||
| AR-REPLICATOR AR-IP Address, the node MUST replicate the | AR-REPLICATOR AR-IP Address, the node MUST replicate the | |||
| packet to: | packet to: | |||
| + local Attachment Circuits | + local Attachment Circuits | |||
| + overlay tunnels in the Selective AR-LEAF-set, excluding the | + overlay tunnels in the Selective AR-LEAF-set, excluding the | |||
| overlay tunnel to the source AR-LEAF. | overlay tunnel to the source AR-LEAF. | |||
| + overlay tunnels to the RNVEs if the tunnel source IP | + overlay tunnels to the RNVEs if the tunnel source IP | |||
| address is the IR-IP of an AR-LEAF. In any other case, the | address is the IR-IP of an AR-LEAF. In any other case, the | |||
| AR-REPLICATOR MUST NOT replicate the BM traffic to remote | AR-REPLICATOR MUST NOT replicate the BM traffic to remote | |||
| RNVEs. In other words, only the first-hop selective AR- | RNVEs. In other words, only the first-hop selective AR- | |||
| REPLICATOR will replicate to all the RNVEs. | REPLICATOR will replicate to all the RNVEs. | |||
| + overlay tunnels to the remote Selective AR-REPLICATORs if | + overlay tunnels to the remote Selective AR-REPLICATORs if | |||
| the tunnel source IP address is an IR-IP of its own AR- | the tunnel source IP address (of the encapsulated packet | |||
| LEAF-set. In any other case, the AR-REPLICATOR MUST NOT | that arrived on the overlay tunnel) is an IR-IP of its own | |||
| AR-LEAF-set. In any other case, the AR-REPLICATOR MUST NOT | ||||
| replicate the BM traffic to remote AR-REPLICATORs. When | replicate the BM traffic to remote AR-REPLICATORs. When | |||
| doing this replication, the tunnel destination IP address | doing this replication, the tunnel destination IP address | |||
| is the AR-IP of the remote Selective AR-REPLICATOR. The | is the AR-IP of the remote Selective AR-REPLICATOR. The | |||
| tunnel destination IP AR-IP will be an indication for the | tunnel destination IP AR-IP will be an indication for the | |||
| remote Selective AR-REPLICATOR that the packet needs | remote Selective AR-REPLICATOR that the packet needs | |||
| further replication to its AR-LEAFs. | further replication to its AR-LEAFs. | |||
| A Selective AR-REPLICATOR data path implementation MUST be compatible | A Selective AR-REPLICATOR data path implementation MUST be compatible | |||
| with the following rules: | with the following rules: | |||
| skipping to change at page 28, line 34 ¶ | skipping to change at page 28, line 47 ¶ | |||
| The rest of the procedures will follow what is described in sections | The rest of the procedures will follow what is described in sections | |||
| Section 5 and Section 6. | Section 5 and Section 6. | |||
| 9. AR Procedures and EVPN All-Active Multi-homing Split-Horizon | 9. AR Procedures and EVPN All-Active Multi-homing Split-Horizon | |||
| This section extends the procedures for the cases where two or more | This section extends the procedures for the cases where two or more | |||
| AR-LEAF nodes are attached to the same Ethernet Segment, and two or | AR-LEAF nodes are attached to the same Ethernet Segment, and two or | |||
| more AR-REPLICATOR nodes are attached to the same Ethernet Segment in | more AR-REPLICATOR nodes are attached to the same Ethernet Segment in | |||
| the BD. The mixed case, that is, an AR-LEAF node and an AR- | the BD. The mixed case, that is, an AR-LEAF node and an AR- | |||
| REPLICATOR node are attached to the same Ethernet Segment, is out of | REPLICATOR node are attached to the same Ethernet Segment, would | |||
| scope. | require extended procedures and it is out of scope. | |||
| 9.1. Ethernet Segments on AR-LEAF Nodes | 9.1. Ethernet Segments on AR-LEAF Nodes | |||
| If VXLAN or NVGRE are used, and if the Split-horizon is based on the | If VXLAN or NVGRE are used, and if the Split-horizon is based on the | |||
| tunnel IP SA and "Local-Bias" as described in [RFC8365], the Split- | tunnel IP Source Address and "Local-Bias" as described in [RFC8365], | |||
| horizon check will not work if there is an Ethernet-Segment shared | the Split-horizon check will not work if there is an Ethernet-Segment | |||
| between two AR-LEAF nodes, and the AR-REPLICATOR replaces the tunnel | shared between two AR-LEAF nodes, and the AR-REPLICATOR replaces the | |||
| IP Source Address of the packets with its own AR-IP. | tunnel IP Source Address of the packets with its own AR-IP. | |||
| In order to be compatible with the IP Source Address split-horizon | In order to be compatible with the IP Source Address split-horizon | |||
| check, the AR-REPLICATOR MAY keep the original received tunnel IP | check, the AR-REPLICATOR MAY keep the original received tunnel IP | |||
| Source Address when replicating packets to a remote AR-LEAF or RNVE. | Source Address when replicating packets to a remote AR-LEAF or RNVE. | |||
| This will allow AR-LEAF nodes to apply Split-horizon check procedures | This will allow AR-LEAF nodes to apply Split-horizon check procedures | |||
| for BM packets, before sending them to the local Ethernet-Segment. | for BM packets, before sending them to the local Ethernet-Segment. | |||
| Even if the AR-LEAF's IP Source Address is preserved when replicating | Even if the AR-LEAF's IP Source Address is preserved when replicating | |||
| to AR-LEAFs or RNVEs, the AR-REPLICATOR MUST always use its IR-IP as | to AR-LEAFs or RNVEs, the AR-REPLICATOR MUST always use its IR-IP as | |||
| the IP Source Address when replicating to other AR-REPLICATORs. | the IP Source Address when replicating to other AR-REPLICATORs. | |||
| skipping to change at page 29, line 22 ¶ | skipping to change at page 29, line 37 ¶ | |||
| mechanisms provide the required split-horizon behavior in non- | mechanisms provide the required split-horizon behavior in non- | |||
| selective or selective AR. | selective or selective AR. | |||
| Note that if the AR-REPLICATOR implementation keeps the received | Note that if the AR-REPLICATOR implementation keeps the received | |||
| tunnel IP Source Address, the use of uRPF (unicast Reverse Path | tunnel IP Source Address, the use of uRPF (unicast Reverse Path | |||
| Forwarding) checks in the IP fabric based on the tunnel IP Source | Forwarding) checks in the IP fabric based on the tunnel IP Source | |||
| Address MUST be disabled. | Address MUST be disabled. | |||
| 9.2. Ethernet Segments on AR-REPLICATOR nodes | 9.2. Ethernet Segments on AR-REPLICATOR nodes | |||
| Ethernet Segments associated with one or more AR-REPLICATOR nodes | AR-REPLICATOR nodes attached to the same all-active Ethernet Segment | |||
| SHOULD follow "Local-Bias" procedures for EVPN all-active multi- | will follow "Local-Bias" procedures [RFC8365], as follows: | |||
| homing, as follows: | ||||
| a. For BUM traffic received on a local AR-REPLICATOR's Attachment | a. For BUM traffic received on a local AR-REPLICATOR's Attachment | |||
| Circuit, "Local-Bias" procedures as in [RFC8365] SHOULD be | Circuit, "Local-Bias" procedures as in [RFC8365] MUST be | |||
| followed. | followed. | |||
| b. For BUM traffic received on an AR-REPLICATOR overlay tunnel with | b. For BUM traffic received on an AR-REPLICATOR overlay tunnel with | |||
| AR-IP as the IP Destination Address, "Local-Bias" SHOULD also be | AR-IP as the IP Destination Address, "Local-Bias" MUST also be | |||
| followed. That is, traffic received with AR-IP as IP Destination | followed. That is, traffic received with AR-IP as IP Destination | |||
| Address will be treated as though it had been received on a local | Address will be treated as though it had been received on a local | |||
| Attachment Circuit that is part of the Ethernet Segment and will | Attachment Circuit that is part of the Ethernet Segment and will | |||
| be forwarded to all local Ethernet Segments, irrespective of | be forwarded to all local Ethernet Segments, irrespective of | |||
| their DF or NDF state. | their DF or NDF state. | |||
| c. BUM traffic received on an AR-REPLICATOR overlay tunnel with IR- | c. BUM traffic received on an AR-REPLICATOR overlay tunnel with IR- | |||
| IP as the IP Destination Address, will follow regular [RFC8365] | IP as the IP Destination Address, will follow regular [RFC8365] | |||
| "Local-Bias" rules and will not be forwarded to local Ethernet | "Local-Bias" rules and will not be forwarded to local Ethernet | |||
| Segments that are shared with the AR-LEAF or AR-REPLICATOR | Segments that are shared with the AR-LEAF or AR-REPLICATOR | |||
| skipping to change at page 30, line 8 ¶ | skipping to change at page 30, line 20 ¶ | |||
| d. In cases where the AR-REPLICATOR supports a single IP address, | d. In cases where the AR-REPLICATOR supports a single IP address, | |||
| the IR-IP and the AR-IP are the same IP address, as discussed in | the IR-IP and the AR-IP are the same IP address, as discussed in | |||
| Section 8. The received BUM traffic will be treated as in 'b' | Section 8. The received BUM traffic will be treated as in 'b' | |||
| above if the received VNI is the AR-VNI, and as in 'c' if the VNI | above if the received VNI is the AR-VNI, and as in 'c' if the VNI | |||
| is the IR-VNI. | is the IR-VNI. | |||
| 10. Security Considerations | 10. Security Considerations | |||
| The Security Considerations in [RFC7432] and [RFC8365] apply to this | The Security Considerations in [RFC7432] and [RFC8365] apply to this | |||
| document. | document. The Security Considerations related to the Leaf Auto- | |||
| Discovery route in [I-D.ietf-bess-evpn-bum-procedure-updates] apply | ||||
| too. | ||||
| In addition, the Assisted-Replication method introduced by this | In addition, the Assisted-Replication method introduced by this | |||
| document may bring some new risks for the successful delivery of BM | document may bring some new risks for the successful delivery of BM | |||
| traffic. Unicast traffic is not affected by Assisted-Replication | traffic. Unicast traffic is not affected by Assisted-Replication | |||
| (although Unknown unicast traffic is affected by the Pruned-Flood- | (although Unknown unicast traffic is affected by the Pruned-Flood- | |||
| Lists procedures). The forwarding of Broadcast and Multicast (BM) | Lists procedures). The forwarding of Broadcast and Multicast (BM) | |||
| traffic is modified; and BM traffic from the AR-LEAF nodes will be | traffic is modified; and BM traffic from the AR-LEAF nodes will be | |||
| attracted by the existence of AR-REPLICATORs in the BD. An AR-LEAF | attracted by the existence of AR-REPLICATORs in the BD. An AR-LEAF | |||
| will forward BM traffic to its selected AR-REPLICATOR, therefore an | will forward BM traffic to its selected AR-REPLICATOR, therefore an | |||
| attack on the AR-REPLICATOR could impact the delivery of the BM | attack on the AR-REPLICATOR could impact the delivery of the BM | |||
| traffic using that node. | traffic using that node. Also, an attack on the AR-REPLICATOR and | |||
| change of the advertised AR type will modify the selection on the AR- | ||||
| LEAF nodes. If no other AR-REPLICATOR is selected, the AR-LEAF nodes | ||||
| will be forced to use Ingress Replication forwarding mode, which will | ||||
| impact on their performance, since the AR-LEAF nodes are usually | ||||
| NVEs/PEs with poor replication performance. | ||||
| This document introduces the ability for the AR-REPLICATOR to forward | This document introduces the ability for the AR-REPLICATOR to forward | |||
| traffic received on an overlay tunnel to another overlay tunnel. The | traffic received on an overlay tunnel to another overlay tunnel. The | |||
| reader may interpret that this introduces the risk of BM loops. That | reader may interpret that this introduces the risk of BM loops. That | |||
| is, an AR-LEAF receiving a BM encapsulated packet that the AR-LEAF | is, an AR-LEAF receiving a BM encapsulated packet that the AR-LEAF | |||
| originated in the first place, due to one or two AR-REPLICATORs | originated in the first place, due to one or two AR-REPLICATORs | |||
| "looping" the BM traffic back to the AR-LEAF. The procedures in this | "looping" the BM traffic back to the AR-LEAF. The procedures in this | |||
| document prevent these BM loops, since the AR-REPLICATOR will always | document prevent these BM loops, since the AR-REPLICATOR will always | |||
| forward the BM traffic using the correct tunnel IP Destination | forward the BM traffic using the correct tunnel IP Destination | |||
| Address that instructs the remote nodes how to forward the traffic. | Address (or correct VNI in case of single-IP AR-REPLICATORs) that | |||
| This is true in both the Non-Selective and Selective modes defined in | instructs the remote nodes how to forward the traffic. This is true | |||
| this document. However, a wrong implementation of the procedures in | in both the Non-Selective and Selective modes defined in this | |||
| this document may lead to those unexpected BM loops. | document. However, a wrong implementation of the procedures in this | |||
| document may lead to those unexpected BM loops. | ||||
| The Selective mode provides a multi-staged replication solution, | The Selective mode provides a multi-staged replication solution, | |||
| where a proper configuration of all the AR-REPLICATORs will avoid any | where a proper configuration of all the AR-REPLICATORs will avoid any | |||
| issues. A mix of mistakenly configured Selective and Non-Selective | issues. A mix of mistakenly configured Selective and Non-Selective | |||
| AR-REPLICATORs in the same BD could theoretically create packet | AR-REPLICATORs in the same BD could theoretically create packet | |||
| duplication in some AR-LEAFs, however this document specifies a fall | duplication in some AR-LEAFs, however this document specifies a fall | |||
| back solution to Non-Selective mode in case the AR-REPLICATORs | back solution to Non-Selective mode in case the AR-REPLICATORs | |||
| advertised an inconsistent AR Replication mode. | advertised an inconsistent AR Replication mode. | |||
| This document allows the AR-REPLICATOR to preserve the tunnel IP | ||||
| Source Address of the AR-LEAF (as an option) when forwarding BM | ||||
| packets from an overlay tunnel to another overlay tunnel. Preserving | ||||
| the AR-LEAF IP Source Address makes the "Local Bias" filtering | ||||
| procedures possible for AR-LEAF nodes that are attached to the same | ||||
| Ethernet Segment. If the AR-REPLICATOR does not preserve the AR-LEAF | ||||
| IP Source Address, AR-LEAF nodes attached to all-active Ethernet | ||||
| Segments will cause packet duplication on the multi-homed CE. | ||||
| The AR-REPLICATOR nodes are, by design, using more bandwidth than | ||||
| [RFC7432] PEs or [RFC8365] NVEs would use. Certain network events or | ||||
| unexpected low performance may exceed the AR-REPLICATOR local | ||||
| bandwidth and cause service disruption. | ||||
| Finally, the use of PFL as in Section 7, should be handled with care. | Finally, the use of PFL as in Section 7, should be handled with care. | |||
| An intentional or unintentional misconfiguration of the BDs on a | An intentional or unintentional misconfiguration of the BDs on a | |||
| given leaf node may result in the leaf not receiving the required BM | given leaf node may result in the leaf not receiving the required BM | |||
| or Unknown unicast traffic. | or Unknown unicast traffic. | |||
| 11. IANA Considerations | 11. IANA Considerations | |||
| IANA has allocated the following Border Gateway Protocol (BGP) | IANA has allocated the following Border Gateway Protocol (BGP) | |||
| Parameters: | Parameters: | |||
| End of changes. 42 change blocks. | ||||
| 87 lines changed or deleted | 125 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||