| < draft-ietf-bess-evpn-overlay-11.txt | draft-ietf-bess-evpn-overlay-12.txt > | |||
|---|---|---|---|---|
| skipping to change at page 1, line 16 ¶ | skipping to change at page 1, line 16 ¶ | |||
| Juniper | Juniper | |||
| N. Bitar | N. Bitar | |||
| Nokia | Nokia | |||
| R. Shekhar | R. Shekhar | |||
| Juniper | Juniper | |||
| J. Uttaro | J. Uttaro | |||
| AT&T | AT&T | |||
| W. Henderickx | W. Henderickx | |||
| Nokia | Nokia | |||
| Expires: July 12, 2018 January 12, 2018 | Expires: August 9, 2018 February 9, 2018 | |||
| A Network Virtualization Overlay Solution using EVPN | A Network Virtualization Overlay Solution using EVPN | |||
| draft-ietf-bess-evpn-overlay-11 | draft-ietf-bess-evpn-overlay-12 | |||
| Abstract | Abstract | |||
| This document specifies how Ethernet VPN (EVPN) can be used as a | This document specifies how Ethernet VPN (EVPN) can be used as a | |||
| Network Virtualization Overlay (NVO) solution and explores the | Network Virtualization Overlay (NVO) solution and explores the | |||
| various tunnel encapsulation options over IP and their impact on the | various tunnel encapsulation options over IP and their impact on the | |||
| EVPN control-plane and procedures. In particular, the following | EVPN control-plane and procedures. In particular, the following | |||
| encapsulation options are analyzed: Virtual Extensible LAN (VXLAN), | encapsulation options are analyzed: Virtual Extensible LAN (VXLAN), | |||
| Network Virtualization using Generic Routing Encapsulation (NVGRE), | Network Virtualization using Generic Routing Encapsulation (NVGRE), | |||
| and MPLS over Generic Routing Encapsulation (GRE). This specification | and MPLS over Generic Routing Encapsulation (GRE). This specification | |||
| skipping to change at page 3, line 30 ¶ | skipping to change at page 3, line 30 ¶ | |||
| 10.1 DCI using GWs . . . . . . . . . . . . . . . . . . . . . . . 23 | 10.1 DCI using GWs . . . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 10.2 DCI using ASBRs . . . . . . . . . . . . . . . . . . . . . . 24 | 10.2 DCI using ASBRs . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 10.2.1 ASBR Functionality with Single-Homing NVEs . . . . . . 25 | 10.2.1 ASBR Functionality with Single-Homing NVEs . . . . . . 25 | |||
| 10.2.2 ASBR Functionality with Multi-Homing NVEs . . . . . . . 25 | 10.2.2 ASBR Functionality with Multi-Homing NVEs . . . . . . . 25 | |||
| 11 Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 27 | 11 Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 12 Security Considerations . . . . . . . . . . . . . . . . . . . 27 | 12 Security Considerations . . . . . . . . . . . . . . . . . . . 27 | |||
| 13 IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 | 13 IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 14 References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | 14 References . . . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
| 14.1 Normative References . . . . . . . . . . . . . . . . . . . 28 | 14.1 Normative References . . . . . . . . . . . . . . . . . . . 28 | |||
| 14.2 Informative References . . . . . . . . . . . . . . . . . . 29 | 14.2 Informative References . . . . . . . . . . . . . . . . . . 29 | |||
| Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 | Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 1 Introduction | 1 Introduction | |||
| This document specifies how Ethernet VPN (EVPN) [RFC7432] can be used | This document specifies how Ethernet VPN (EVPN) [RFC7432] can be used | |||
| as a Network Virtualization Overlay (NVO) solution and explores the | as a Network Virtualization Overlay (NVO) solution and explores the | |||
| various tunnel encapsulation options over IP and their impact on the | various tunnel encapsulation options over IP and their impact on the | |||
| EVPN control-plane and procedures. In particular, the following | EVPN control-plane and procedures. In particular, the following | |||
| encapsulation options are analyzed: Virtual Extensible LAN (VXLAN) | encapsulation options are analyzed: Virtual Extensible LAN (VXLAN) | |||
| [RFC7348], Network Virtualization using Generic Routing Encapsulation | [RFC7348], Network Virtualization using Generic Routing Encapsulation | |||
| skipping to change at page 14, line 5 ¶ | skipping to change at page 14, line 5 ¶ | |||
| bundle service in [RFC7432]. Such setting must be done consistently | bundle service in [RFC7432]. Such setting must be done consistently | |||
| on all PE devices participating in that EVI within a given domain. | on all PE devices participating in that EVI within a given domain. | |||
| For global VNIs, the value advertised in the Ethernet Tag field | For global VNIs, the value advertised in the Ethernet Tag field | |||
| SHOULD be set to a VNI as long as it matches the existing semantics | SHOULD be set to a VNI as long as it matches the existing semantics | |||
| of the Ethernet Tag, i.e., it identifies a bridge table within a MAC- | of the Ethernet Tag, i.e., it identifies a bridge table within a MAC- | |||
| VRF and the set of VNIs are configured consistently on each PE in | VRF and the set of VNIs are configured consistently on each PE in | |||
| that EVI. | that EVI. | |||
| In order to indicate which type of data plane encapsulation (i.e., | In order to indicate which type of data plane encapsulation (i.e., | |||
| VXLAN, NVGRE, MPLS, or MPLS in GRE) is to be used, the BGP | VXLAN, NVGRE, MPLS, or MPLS in GRE) is to be used, the BGP | |||
| Encapsulation extended community defined in [TUNNEL-ENCAP] is | Encapsulation extended community defined in [RFC5512] is included | |||
| included with all EVPN routes (i.e. MAC Advertisement, Ethernet AD | with all EVPN routes (i.e. MAC Advertisement, Ethernet AD per EVI, | |||
| per EVI, Ethernet AD per ESI, Inclusive Multicast Ethernet Tag, and | Ethernet AD per ESI, Inclusive Multicast Ethernet Tag, and Ethernet | |||
| Ethernet Segment) advertised by an egress PE. Five new values have | Segment) advertised by an egress PE. Five new values have been | |||
| been assigned by IANA to extend the list of encapsulation types | assigned by IANA to extend the list of encapsulation types defined in | |||
| defined in [TUNNEL-ENCAP] and they are listed in section 13. | [RFC5512] and they are listed in section 13. | |||
| The MPLS encapsulation tunnel type, listed in section 13, is needed | The MPLS encapsulation tunnel type, listed in section 13, is needed | |||
| in order to distinguish between an advertising node that only | in order to distinguish between an advertising node that only | |||
| supports non-MPLS encapsulations and one that supports MPLS and non- | supports non-MPLS encapsulations and one that supports MPLS and non- | |||
| MPLS encapsulations. An advertising node that only supports MPLS | MPLS encapsulations. An advertising node that only supports MPLS | |||
| encapsulation does not need to advertise any encapsulation tunnel | encapsulation does not need to advertise any encapsulation tunnel | |||
| types; i.e., if the BGP Encapsulation extended community is not | types; i.e., if the BGP Encapsulation extended community is not | |||
| present, then either MPLS encapsulation or a statically configured | present, then either MPLS encapsulation or a statically configured | |||
| encapsulation is assumed. | encapsulation is assumed. | |||
| skipping to change at page 15, line 8 ¶ | skipping to change at page 15, line 8 ¶ | |||
| GRE key; otherwise, the GRE header SHOULD NOT include the GRE key. | GRE key; otherwise, the GRE header SHOULD NOT include the GRE key. | |||
| The Checksum and Sequence Number fields MUST NOT be included and the | The Checksum and Sequence Number fields MUST NOT be included and the | |||
| corresponding C and S bits in the GRE Packet Header MUST be set to | corresponding C and S bits in the GRE Packet Header MUST be set to | |||
| zero. A PE capable of supporting this encapsulation, SHOULD advertise | zero. A PE capable of supporting this encapsulation, SHOULD advertise | |||
| its EVPN routes along with the Tunnel Encapsulation extended | its EVPN routes along with the Tunnel Encapsulation extended | |||
| community indicating MPLS over GRE encapsulation as described in | community indicating MPLS over GRE encapsulation as described in | |||
| previous section. | previous section. | |||
| 6 EVPN with Multiple Data Plane Encapsulations | 6 EVPN with Multiple Data Plane Encapsulations | |||
| The use of the BGP Encapsulation extended community per [TUNNEL- | The use of the BGP Encapsulation extended community per [RFC5512] | |||
| ENCAP] allows each NVE in a given EVI to know each of the | allows each NVE in a given EVI to know each of the encapsulations | |||
| encapsulations supported by each of the other NVEs in that EVI. | supported by each of the other NVEs in that EVI. i.e., each of the | |||
| i.e., each of the NVEs in a given EVI may support multiple data plane | NVEs in a given EVI may support multiple data plane encapsulations. | |||
| encapsulations. An ingress NVE can send a frame to an egress NVE | An ingress NVE can send a frame to an egress NVE only if the set of | |||
| only if the set of encapsulations advertised by the egress NVE forms | encapsulations advertised by the egress NVE forms a non-empty | |||
| a non-empty intersection with the set of encapsulations supported by | intersection with the set of encapsulations supported by the ingress | |||
| the ingress NVE, and it is at the discretion of the ingress NVE which | NVE, and it is at the discretion of the ingress NVE which | |||
| encapsulation to choose from this intersection. (As noted in | encapsulation to choose from this intersection. (As noted in | |||
| section 5.1.3, if the BGP Encapsulation extended community is not | section 5.1.3, if the BGP Encapsulation extended community is not | |||
| present, then the default MPLS encapsulation or a locally configured | present, then the default MPLS encapsulation or a locally configured | |||
| encapsulation is assumed.) | encapsulation is assumed.) | |||
| When a PE advertises multiple supported encapsulations, it MUST | When a PE advertises multiple supported encapsulations, it MUST | |||
| advertise encapsulations that use the same EVPN procedures including | advertise encapsulations that use the same EVPN procedures including | |||
| procedures associated with split-horizon filtering described in | procedures associated with split-horizon filtering described in | |||
| section 8.3.1. For example, VXLAN and NVGRE (or MPLS and MPLS over | section 8.3.1. For example, VXLAN and NVGRE (or MPLS and MPLS over | |||
| GRE) encapsulations use the same EVPN procedures and thus a PE can | GRE) encapsulations use the same EVPN procedures and thus a PE can | |||
| skipping to change at page 28, line 11 ¶ | skipping to change at page 28, line 11 ¶ | |||
| Jakob Heitz for his contribution on section 10.2. | Jakob Heitz for his contribution on section 10.2. | |||
| 12 Security Considerations | 12 Security Considerations | |||
| This document uses IP-based tunnel technologies to support data | This document uses IP-based tunnel technologies to support data | |||
| plane transport. Consequently, the security considerations of those | plane transport. Consequently, the security considerations of those | |||
| tunnel technologies apply. This document defines support for VXLAN | tunnel technologies apply. This document defines support for VXLAN | |||
| [RFC7348] and NVGRE [RFC7637] encapsulations. The security | [RFC7348] and NVGRE [RFC7637] encapsulations. The security | |||
| considerations from those RFCs apply to the data plane aspects of | considerations from those RFCs apply to the data plane aspects of | |||
| this document. | this document. | |||
| As with [TUNNEL-ENCAP], any modification of the information that is | As with [RFC5512], any modification of the information that is used | |||
| used to form encapsulation headers, to choose a tunnel type, or to | to form encapsulation headers, to choose a tunnel type, or to choose | |||
| choose a particular tunnel for a particular payload type may lead to | a particular tunnel for a particular payload type may lead to user | |||
| user data packets getting misrouted, misdelivered, and/or dropped. | data packets getting misrouted, misdelivered, and/or dropped. | |||
| More broadly, the security considerations for the transport of IP | More broadly, the security considerations for the transport of IP | |||
| reachability information using BGP are discussed in [RFC4271] and | reachability information using BGP are discussed in [RFC4271] and | |||
| [RFC4272], and are equally applicable for the extensions described | [RFC4272], and are equally applicable for the extensions described | |||
| in this document. | in this document. | |||
| 13 IANA Considerations | 13 IANA Considerations | |||
| This document requests the following BGP Tunnel Encapsulation | This document requests the following BGP Tunnel Encapsulation | |||
| Attribute Tunnel Types from IANA and they have already been | Attribute Tunnel Types from IANA and they have already been | |||
| skipping to change at page 29, line 8 ¶ | skipping to change at page 29, line 8 ¶ | |||
| [RFC7432] Sajassi et al., "BGP MPLS Based Ethernet VPN", RFC 7432, | [RFC7432] Sajassi et al., "BGP MPLS Based Ethernet VPN", RFC 7432, | |||
| February 2014 | February 2014 | |||
| [RFC7348] Mahalingam, M., et al, "VXLAN: A Framework for Overlaying | [RFC7348] Mahalingam, M., et al, "VXLAN: A Framework for Overlaying | |||
| Virtualized Layer 2 Networks over Layer 3 Networks", RFC 7348, August | Virtualized Layer 2 Networks over Layer 3 Networks", RFC 7348, August | |||
| 2014 | 2014 | |||
| [RFC7637] Garg, P., et al., "NVGRE: Network Virtualization using | [RFC7637] Garg, P., et al., "NVGRE: Network Virtualization using | |||
| Generic Routing Encapsulation", RFC 7637, September, 2015 | Generic Routing Encapsulation", RFC 7637, September, 2015 | |||
| [TUNNEL-ENCAP] Rosen et al., "The BGP Tunnel Encapsulation | [RFC5512] Mohapatra, P. and E. Rosen, "The BGP Encapsulation | |||
| Attribute", draft-ietf-idr-tunnel-encaps-08, work in progress, | Subsequent Address Family Identifier (SAFI) and the BGP Tunnel | |||
| January 11, 2018. | Encapsulation Attribute", RFC 5512, April 2009. | |||
| [RFC4023] T. Worster et al., "Encapsulating MPLS in IP or Generic | [RFC4023] T. Worster et al., "Encapsulating MPLS in IP or Generic | |||
| Routing Encapsulation (GRE)", RFC 4023, March 2005 | Routing Encapsulation (GRE)", RFC 4023, March 2005 | |||
| 14.2 Informative References | 14.2 Informative References | |||
| [RFC7209] Sajassi et al., "Requirements for Ethernet VPN (EVPN)", RFC | [RFC7209] Sajassi et al., "Requirements for Ethernet VPN (EVPN)", RFC | |||
| 7209, May 2014 | 7209, May 2014 | |||
| [RFC4272] S. Murphy, "BGP Security Vulnerabilities Analysis.", | [RFC4272] S. Murphy, "BGP Security Vulnerabilities Analysis.", | |||
| January 2006. | January 2006. | |||
| [RFC7364] Narten et al., "Problem Statement: Overlays for Network | [RFC7364] Narten et al., "Problem Statement: Overlays for Network | |||
| Virtualization", RFC 7364, October 2014. | Virtualization", RFC 7364, October 2014. | |||
| [RFC7365] Lasserre et al., "Framework for DC Network Virtualization", | [RFC7365] Lasserre et al., "Framework for DC Network Virtualization", | |||
| RFC 7365, October 2014. | RFC 7365, October 2014. | |||
| [DCI-EVPN-OVERLAY] Rabadan et al., "Interconnect Solution for EVPN | [DCI-EVPN-OVERLAY] Rabadan et al., "Interconnect Solution for EVPN | |||
| Overlay networks", draft-ietf-bess-dci-evpn-overlay-05, work in | Overlay networks", draft-ietf-bess-dci-evpn-overlay-08, work in | |||
| progress, July 18, 2017. | progress, February 8, 2018. | |||
| [RFC4271] Y. Rekhter, Ed., T. Li, Ed., S. Hares, Ed., "A Border | [RFC4271] Y. Rekhter, Ed., T. Li, Ed., S. Hares, Ed., "A Border | |||
| Gateway Protocol 4 (BGP-4)", January 2006. | Gateway Protocol 4 (BGP-4)", January 2006. | |||
| [RFC4364] Rosen, E., et al, "BGP/MPLS IP Virtual Private Networks | [RFC4364] Rosen, E., et al, "BGP/MPLS IP Virtual Private Networks | |||
| (VPNs)", RFC 4364, February 2006. | (VPNs)", RFC 4364, February 2006. | |||
| [TUNNEL-ENCAP] Rosen et al., "The BGP Tunnel Encapsulation | ||||
| Attribute", draft-ietf-idr-tunnel-encaps-08, work in progress, | ||||
| January 11, 2018. | ||||
| [RFC6514] R. Aggarwal et al., "BGP Encodings and Procedures for | [RFC6514] R. Aggarwal et al., "BGP Encodings and Procedures for | |||
| Multicast in MPLS/BGP IP VPNs", RFC 6514, February 2012 | Multicast in MPLS/BGP IP VPNs", RFC 6514, February 2012 | |||
| [VXLAN-GPE] Maino et al., "Generic Protocol Extension for VXLAN", | [VXLAN-GPE] Maino et al., "Generic Protocol Extension for VXLAN", | |||
| draft-ietf-nvo3-vxlan-gpe-05, work in progress October 30, 2017. | draft-ietf-nvo3-vxlan-gpe-05, work in progress October 30, 2017. | |||
| [GENEVE] J. Gross et al., "Geneve: Generic Network Virtualization | [GENEVE] J. Gross et al., "Geneve: Generic Network Virtualization | |||
| Encapsulation", draft-ietf-nvo3-geneve-05, September 2017 | Encapsulation", draft-ietf-nvo3-geneve-05, September 2017 | |||
| [EVPN-GENEVE] S. Boutros et al., "EVPN control plane for Geneve", | [EVPN-GENEVE] S. Boutros et al., "EVPN control plane for Geneve", | |||
| End of changes. 9 change blocks. | ||||
| 26 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||