< draft-ietf-l2vpn-evpn-00.txt   draft-ietf-l2vpn-evpn-01.txt >
Network Working Group R. Aggarwal Network Working Group A. Sajassi
INTERNET-DRAFT Arktan INTERNET-DRAFT Cisco
Category: Standards Track Category: Standards Track
Expires: August 25, 2012 A. Sajassi R. Aggarwal
Cisco N. Bitar Arktan
Verizon
J. Uttaro W. Henderickx W. Henderickx
AT&T Alcatel-Lucent S. Boutros F. Balus
K. Patel Alcatel-Lucent
A. Isaac N. Bitar S. Salam
Bloomberg Verizon Cisco Aldrin Isaac
Bloomberg
J. Drake
R. Shekhar J. Uttaro
Juniper Networks AT&T
F. Balus R. Shekhar Expires: January 14, 2012 July 14, 2012
Alcatel-Lucent J. Drake
Juniper Networks
S. Boutros
K. Patel
Cisco February 24, 2012
BGP MPLS Based Ethernet VPN BGP MPLS Based Ethernet VPN
draft-ietf-l2vpn-evpn-00 draft-ietf-l2vpn-evpn-01
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 2, line 23 skipping to change at page 2, line 22
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Abstract Abstract
This document describes procedures for BGP MPLS based Ethernet VPNs This document describes procedures for BGP MPLS based Ethernet VPNs
(E-VPN). (E-VPN).
Table of Contents Table of Contents
1. Specification of requirements . . . . . . . . . . . . . . . . . 4 1. Specification of requirements . . . . . . . . . . . . . . . . . 5
2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. BGP MPLS Based E-VPN Overview . . . . . . . . . . . . . . . . . 4 5. BGP MPLS Based E-VPN Overview . . . . . . . . . . . . . . . . . 6
6. Ethernet Segment Identifier . . . . . . . . . . . . . . . . . . 6 6. Ethernet Segment . . . . . . . . . . . . . . . . . . . . . . . 7
7. BGP E-VPN NLRI . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Ethernet Tag . . . . . . . . . . . . . . . . . . . . . . . . . 8
7.1. Ethernet Auto-Discovery Route . . . . . . . . . . . . . . . 8 7.1 VLAN Based Service Interface . . . . . . . . . . . . . . . . 9
7.2. MAC Advertisement Route . . . . . . . . . . . . . . . . . 8 7.2 VLAN Bundle Service Interface . . . . . . . . . . . . . . . 9
7.3. Inclusive Multicast Ethernet Tag Route . . . . . . . . . . 9 7.2.1 Port Based Service Interface . . . . . . . . . . . . . . 9
8. ESI MPLS Label Extended Community . . . . . . . . . . . . . . . 9 7.3 VLAN Aware Bundle Service Interface . . . . . . . . . . . . 9
9. Auto-Discovery . . . . . . . . . . . . . . . . . . . . . . . . 9 8. BGP E-VPN NLRI . . . . . . . . . . . . . . . . . . . . . . . . 10
10. Auto-Discovery of Ethernet Tags on Ethernet Segments . . . . . 10 8.1. Ethernet Auto-Discovery Route . . . . . . . . . . . . . . . 10
10.1. Constructing the Ethernet A-D Route . . . . . . . . . . . 10 8.2. MAC Advertisement Route . . . . . . . . . . . . . . . . . 11
10.1.1. Ethernet A-D Route per E-VPN . . . . . . . . . . . . . 11 8.3. Inclusive Multicast Ethernet Tag Route . . . . . . . . . . 11
10.1.1.1. Ethernet A-D Route Targets . . . . . . . . . . . . 12 8.4 Ethernet Segment Route . . . . . . . . . . . . . . . . . . . 12
10.1.2. Ethernet A-D Route per Ethernet Segment . . . . . . . 12 8.5 ESI MPLS Label Extended Community . . . . . . . . . . . . . 12
10.1.2.1. Ethernet A-D Route Targets . . . . . . . . . . . . 13 8.6 ES-Import Extended Community . . . . . . . . . . . . . . . . 13
10.2. Motivations for Ethernet A-D Route per Ethernet Segment . 13 8.7 MAC Mobility Extended Community . . . . . . . . . . . . . . 13
10.2.1. Multi-Homing . . . . . . . . . . . . . . . . . . . . . 14 9. Multi-homing Functions . . . . . . . . . . . . . . . . . . . . 13
10.2.2. Optimizing Control Plane Convergence . . . . . . . . . 14 9.1 Multi-homed Ethernet Segment Auto-Discovery . . . . . . . . 13
10.2.3. Reducing Number of Ethernet A-D Routes . . . . . . . . 14 9.1.1 Constructing the Ethernet Segment Route . . . . . . . . 14
11. Determining Reachability to Unicast MAC Addresses . . . . . . 14 9.2 Fast Convergence . . . . . . . . . . . . . . . . . . . . . . 14
11.1. Local Learning . . . . . . . . . . . . . . . . . . . . . . 15 9.2.1 Constructing the Ethernet A-D Route per Ethernet
11.2. Remote learning . . . . . . . . . . . . . . . . . . . . . 15 Segment . . . . . . . . . . . . . . . . . . . . . . . . 15
11.2.1. Constructing the BGP E-VPN MAC Address Advertisement . 15 9.2.1.1. Ethernet A-D Route Targets . . . . . . . . . . . . 15
12. Optimizing ARP . . . . . . . . . . . . . . . . . . . . . . . . 17 9.3 Split Horizon . . . . . . . . . . . . . . . . . . . . . . . 16
13. Designated Forwarder Election . . . . . . . . . . . . . . . . 18 9.3.1 ESI MPLS Label Assignment . . . . . . . . . . . . . . . 16
13.1. DF Election Performed by All MESes . . . . . . . . . . . . 19 9.3.1.1 Ingress Replication . . . . . . . . . . . . . . . . 16
13.2. DF Election Performed Only on Multi-Homed MESes . . . . . 20 9.3.1.2. P2MP MPLS LSPs . . . . . . . . . . . . . . . . . . 17
14. Handling of Multi-Destination Traffic . . . . . . . . . . . . 21 9.3.1.3. MP2MP LSPs . . . . . . . . . . . . . . . . . . . . 18
14.1. Construction of the Inclusive Multicast Ethernet Tag
Route . . . . . . . . . . . . . . . . . . . . . . . . . . 21 9.4 Aliasing . . . . . . . . . . . . . . . . . . . . . . . . . . 18
14.2. P-Tunnel Identification . . . . . . . . . . . . . . . . . 22 9.4.1 Constructing the Ethernet A-D Route per EVI . . . . . . 18
14.3. Ethernet Segment Identifier and Ethernet Tag . . . . . . . 22 9.4.1.1 Ethernet A-D Route Targets . . . . . . . . . . . . . 19
15. Processing of Unknown Unicast Packets . . . . . . . . . . . . 23 9.5 Designated Forwarder Election . . . . . . . . . . . . . . . 20
15.1. Ingress Replication . . . . . . . . . . . . . . . . . . . 24 9.5.1 Default DF Election Procedure . . . . . . . . . . . . . 21
15.2. P2MP MPLS LSPs . . . . . . . . . . . . . . . . . . . . . . 24 9.5.2 DF Election with Service Carving . . . . . . . . . . . . 21
16. Forwarding Unicast Packets . . . . . . . . . . . . . . . . . . 24 10. Determining Reachability to Unicast MAC Addresses . . . . . . 22
16.1. Forwarding packets received from a CE . . . . . . . . . . 24 10.1. Local Learning . . . . . . . . . . . . . . . . . . . . . . 23
16.2. Forwarding packets received from a remote MES . . . . . . 25 10.2. Remote learning . . . . . . . . . . . . . . . . . . . . . 23
16.2.1. Unknown Unicast Forwarding . . . . . . . . . . . . . . 25 10.2.1. Constructing the BGP E-VPN MAC Address Advertisement . 23
16.2.2. Known Unicast Forwarding . . . . . . . . . . . . . . . 26 11. ARP and ND . . . . . . . . . . . . . . . . . . . . . . . . . . 25
17. Split Horizon . . . . . . . . . . . . . . . . . . . . . . . . 26 12. Handling of Multi-Destination Traffic . . . . . . . . . . . . 26
17.1. ESI MPLS Label: Ingress Replication . . . . . . . . . . . 26 12.1. Construction of the Inclusive Multicast Ethernet Tag
17.2. ESI MPLS Label: P2MP MPLS LSPs . . . . . . . . . . . . . . 27 Route . . . . . . . . . . . . . . . . . . . . . . . . . . 26
17.3. ESI MPLS Label: MP2MP LSPs . . . . . . . . . . . . . . . . 28 12.2. P-Tunnel Identification . . . . . . . . . . . . . . . . . 27
18. Load Balancing of Unicast Packets . . . . . . . . . . . . . . 28 13. Processing of Unknown Unicast Packets . . . . . . . . . . . . 28
18.1. Load balancing of traffic from an MES to remote CEs . . . 28 13.1. Ingress Replication . . . . . . . . . . . . . . . . . . . 28
18.2. Load balancing of traffic between an MES and a local CE . 30 13.2. P2MP MPLS LSPs . . . . . . . . . . . . . . . . . . . . . . 29
18.2.1. Data plane learning . . . . . . . . . . . . . . . . . 31 14. Forwarding Unicast Packets . . . . . . . . . . . . . . . . . . 29
18.2.2. Control plane learning . . . . . . . . . . . . . . . . 31 14.1. Forwarding packets received from a CE . . . . . . . . . . 29
19. MAC Moves . . . . . . . . . . . . . . . . . . . . . . . . . . 31 14.2. Forwarding packets received from a remote PE . . . . . . . 30
20. Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . 32 14.2.1. Unknown Unicast Forwarding . . . . . . . . . . . . . . 30
20.1. Ingress Replication . . . . . . . . . . . . . . . . . . . 32 14.2.2. Known Unicast Forwarding . . . . . . . . . . . . . . . 31
20.2. P2MP LSPs . . . . . . . . . . . . . . . . . . . . . . . . 32 15. Load Balancing of Unicast Frames . . . . . . . . . . . . . . . 31
20.3. MP2MP LSPs . . . . . . . . . . . . . . . . . . . . . . . . 32 15.1. Load balancing of traffic from an PE to remote CEs . . . . 31
20.3.1. Inclusive Trees . . . . . . . . . . . . . . . . . . . 33 15.1.1 Active-Standby Redundancy Mode . . . . . . . . . . . . 31
20.3.2. Selective Trees . . . . . . . . . . . . . . . . . . . 33 15.1.2 All-Active Redundancy Mode . . . . . . . . . . . . . . 32
20.4. Explicit Tracking . . . . . . . . . . . . . . . . . . . . 34 15.2. Load balancing of traffic between an PE and a local CE . . 33
21. Convergence . . . . . . . . . . . . . . . . . . . . . . . . . 34 15.2.1. Data plane learning . . . . . . . . . . . . . . . . . 34
21.1. Transit Link and Node Failures between MESes . . . . . . . 34 15.2.2. Control plane learning . . . . . . . . . . . . . . . . 34
21.2. MES Failures . . . . . . . . . . . . . . . . . . . . . . . 34 16. MAC Mobility . . . . . . . . . . . . . . . . . . . . . . . . . 34
21.2.1. Local Repair . . . . . . . . . . . . . . . . . . . . . 35 17. Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . 36
21.3. MES to CE Network Failures . . . . . . . . . . . . . . . . 35 17.1. Ingress Replication . . . . . . . . . . . . . . . . . . . 36
22. LACP State Synchronization . . . . . . . . . . . . . . . . . . 35 17.2. P2MP LSPs . . . . . . . . . . . . . . . . . . . . . . . . 36
23. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 36 17.3. MP2MP LSPs . . . . . . . . . . . . . . . . . . . . . . . . 36
24. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 17.3.1. Inclusive Trees . . . . . . . . . . . . . . . . . . . 36
25. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 37 17.3.2. Selective Trees . . . . . . . . . . . . . . . . . . . 37
17.4. Explicit Tracking . . . . . . . . . . . . . . . . . . . . 38
18. Convergence . . . . . . . . . . . . . . . . . . . . . . . . . 38
18.1. Transit Link and Node Failures between PEs . . . . . . . . 38
18.2. PE Failures . . . . . . . . . . . . . . . . . . . . . . . 38
18.2.1. Local Repair . . . . . . . . . . . . . . . . . . . . . 38
18.3. PE to CE Network Failures . . . . . . . . . . . . . . . . 39
19. LACP State Synchronization . . . . . . . . . . . . . . . . . . 39
20. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 40
21. References . . . . . . . . . . . . . . . . . . . . . . . . . . 40
21. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 41
1. Specification of requirements 1. Specification of requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Contributors 2. Contributors
In addition to the authors listed above, the following individuals In addition to the authors listed above, the following individuals
skipping to change at page 4, line 15 skipping to change at page 5, line 15
1. Specification of requirements 1. Specification of requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2. Contributors 2. Contributors
In addition to the authors listed above, the following individuals In addition to the authors listed above, the following individuals
also contributed to this document: also contributed to this document:
Quaizar Vohra Quaizar Vohra
Kireeti Kompella Kireeti Kompella
Apurva Mehta Apurva Mehta
Nadeem Mohammad
Juniper Networks Juniper Networks
Samer Salam Clarence Filsfils
Dennis Cai
Cisco Cisco
3. Introduction 3. Introduction
This document describes procedures for BGP MPLS based Ethernet VPNs This document describes procedures for BGP MPLS based Ethernet VPNs
(E-VPN). The procedures described here are intended to meet the (E-VPN). The procedures described here are intended to meet the
requirements specified in [E-VPN-REQ]. Please refer to [E-VPN-REQ] requirements specified in [E-VPN-REQ]. Please refer to [E-VPN-REQ]
for the detailed requirements and motivation. for the detailed requirements and motivation. E-VPN requires
extensions to existing IP/MPLS protocols as described in this
This document proposes an MPLS based technology, referred to as MPLS- document. In addition to these extensions E-VPN uses several building
based E-VPN (E-VPN). E-VPN requires extensions to existing IP/MPLS blocks from existing MPLS technologies.
protocols as described in this document. In addition to these
extensions E-VPN uses several building blocks from existing MPLS
technologies.
4. Terminology 4. Terminology
CE: Customer Edge device e.g., host or router or switch CE: Customer Edge device e.g., host or router or switch
MES: MPLS Edge Switch
EVI: E-VPN Instance E-VPN Instance (EVI): An E-VPN routing and forwarding instance on a
ESI: Ethernet segment identifier PE.
LACP: Link Aggregation Control Protocol
MP2MP: Multipoint to Multipoint Ethernet segment identifier (ESI): If a CE is multi-homed to two or
P2MP: Point to Multipoint more PEs, the set of Ethernet links that attaches the CE to the PEs
P2P: Point to Point is an 'Ethernet segment'. Ethernet segments MUST have a unique non-
zero identifier, the 'Ethernet Segment Identifier'.
Ethernet Tag: An Ethernet Tag identifies a particular broadcast
domain, e.g., a VLAN. An E-VPN instance consists of one or more
broadcast domains. Ethernet tag(s) are assigned to the broadcast
domains of a given E-VPN instance by the provider of that E-VPN, and
each PE in that E-VPN instance performs a mapping between broadcast
domain identifier(s) understood by each of its attached CEs and the
corresponding Ethernet tag.
Link Aggregation Control Protocol (LACP):
Multipoint to Multipoint (MP2MP):
Point to Multipoint (P2MP):
Point to Point (P2P):
5. BGP MPLS Based E-VPN Overview 5. BGP MPLS Based E-VPN Overview
This section provides an overview of E-VPN. This section provides an overview of E-VPN.
An E-VPN comprises CEs that are connected to PEs, or MPLS Edge An E-VPN comprises CEs that are connected to PEs that form the edge
Switches (MES), that form the edge of the MPLS infrastructure. A CE of the MPLS infrastructure. A CE may be a host, a router or a switch.
may be a host, a router or a switch. The MPLS Edge Switches provide The PEs provide virtual Layer 2 bridged connectivity between the CEs.
layer 2 virtual bridge connectivity between the CEs. There may be There may be multiple E-VPNs in the provider's network.
multiple E-VPNs in the provider's network. An E-VPN routing and
forwarding instance on an MES is referred to as an E-VPN Instance
(EVI).
The MESes maybe connected by an MPLS LSP infrastructure which The PEs may be connected by an MPLS LSP infrastructure which provides
provides the benefits of MPLS LSP technology such as fast-reroute, the benefits of MPLS technology such as fast-reroute, resiliency,
resiliency, etc. The MESes may also be connected by an IP etc. The PEs may also be connected by an IP infrastructure in which
infrastructure in which case IP/GRE tunneling is used between the case IP/GRE tunneling or other IP tunneling can be used between the
MESes. The detailed procedures in this version of this document are PEs. The detailed procedures in this version of this document are
specified only for MPLS LSPs as the tunneling technology. However specified only for MPLS LSPs as the tunneling technology. However
these procedures are designed to be extensible to IP/GRE as the these procedures are designed to be extensible to IP tunneling as the
tunneling technology. PSN tunneling technology.
In an E-VPN, MAC learning between MESes occurs not in the data plane In an E-VPN, MAC learning between PEs occurs not in the data plane
(as happens with traditional bridging) but in the control plane. (as happens with traditional bridging) but in the control plane.
Control plane learning offers greater control over the MAC learning Control plane learning offers greater control over the MAC learning
process, such as restricting who learns what, and the ability to process, such as restricting who learns what, and the ability to
apply policies. Furthermore, the control plane chosen for apply policies. Furthermore, the control plane chosen for
advertising MAC reachability information is multi-protocol (MP) BGP advertising MAC reachability information is multi-protocol (MP) BGP
(very similar to IP VPNs (RFC 4364)), providing greater scale, and (similar to IP VPNs (RFC 4364)). This provides greater scalability
the ability to preserve the "virtualization" or isolation of groups and the ability to preserve the "virtualization" or isolation of
of interacting agents (hosts, servers, Virtual Machines) from each groups of interacting agents (hosts, servers, virtual machines) from
other. In E-VPNs MESes advertise the MAC addresses learned from the each other. In E-VPN, PEs advertise the MAC addresses learned from
CEs that are connected to them, along with an MPLS label, to other the CEs that are connected to them, along with an MPLS label, to
MESes in the control plane using MP-BGP. Control plane learning other PEs in the control plane using MP-BGP. Control plane learning
enables load balancing of traffic to and from CEs that are multi- enables load balancing of traffic to and from CEs that are multi-
homed to multiple MESes. This is in addition to load balancing across homed to multiple PEs. This is in addition to load balancing across
the MPLS core via multiple LSPs betwen the same pair of MESes. In the MPLS core via multiple LSPs between the same pair of PEs. In
other words it allows CEs to connect to multiple active points of other words it allows CEs to connect to multiple active points of
attachment. It also improves convergence times in the event of attachment. It also improves convergence times in the event of
certain network failures. certain network failures.
However, learning between MESes and CEs is done by the method best However, learning between PEs and CEs is done by the method best
suited to the CE: data plane learning, IEEE 802.1x, LLDP, 802.1aq, suited to the CE: data plane learning, IEEE 802.1x, LLDP, 802.1aq,
ARP, management plane or other protocols. ARP, management plane or other protocols.
It is a local decision as to whether the Layer 2 forwarding table on It is a local decision as to whether the Layer 2 forwarding table on
a MES is populated with all the MAC destinations known to the control an PE is populated with all the MAC destination addresses known to
plane or whether the MES implements a cache based scheme. For the control plane, or whether the PE implements a cache based scheme.
instance the MAC forwarding table may be populated only with the MAC For instance the MAC forwarding table may be populated only with the
destinations of the active flows transiting a specific MES. MAC destinations of the active flows transiting a specific PE.
The policy attributes of an E-VPN are very similar to those of an IP The policy attributes of E-VPN are very similar to those of IP-VPN.
VPN. An E-VPN instance requires a Route-Distinguisher (RD) and an E- An EVI requires a Route-Distinguisher (RD) and one or more Route-
VPN requires one or more Route-Targets (RTs). A CE attaches to an E- Targets (RTs). A CE attaches to an E-VPN instance (EVI) on an PE, on
VPN instance (EVI) on an MES, on an Ethernet interface which may be an Ethernet interface which may be configured for one or more
configured for one or more Ethernet Tags, e.g., VLANs. Some Ethernet Tags, e.g., VLANs. Some deployment scenarios guarantee
deployment scenarios guarantee uniqueness of VLANs across E-VPNs: all uniqueness of VLANs across E-VPNs: all points of attachment of a
points of attachment of a given E-VPN use the same VLAN, and no other given EVI use the same VLAN, and no other EVI uses this VLAN. This
E-VPN uses this VLAN. This document refers to this case as a "Unique document refers to this case as a "Unique VLAN E-VPN" and describes
Single VLAN E-VPN" and describes simplified procedures to optimize simplified procedures to optimize for it.
for it.
6. Ethernet Segment Identifier 6. Ethernet Segment
If a CE is multi-homed to two or more MESes, the set of Ethernet If a CE is multi-homed to two or more PEs, the set of Ethernet links
links constitutes an "Ethernet segment". An Ethernet segment may constitutes an "Ethernet Segment". An Ethernet segment may appear to
appear to the CE as a Link Aggregation Group (LAG). Ethernet the CE as a Link Aggregation Group (LAG). Ethernet segments have an
segments have an identifier, called the "Ethernet Segment Identifier" identifier, called the "Ethernet Segment Identifier" (ESI) which is
(ESI) which is encoded as a ten octets integer. A single-homed CE is encoded as a ten octets integer. A single-homed CE is considered to
considered to be attached to an Ethernet segment with ESI 0. be attached to an Ethernet segment with ESI 0. Otherwise, an Ethernet
Otherwise, an Ethernet segment MUST have a unique non-zero ESI. The segment MUST have a unique non-zero ESI. The ESI can be assigned
ESI can be assigned using various mechanisms: using various mechanisms:
1. The ESI may be configured. For instance when E-VPNs are used to 1. The ESI may be configured. For instance when E-VPNs are used to
provide a VPLS service the ESI is fairly analogous to the Multi- provide a VPLS service the ESI is fairly analogous to the Multi-
homing site ID in [BGP-VPLS-MH]. homing site ID in [BGP-VPLS-MH].
2. If IEEE 802.1AX LACP is used, between the MESes and CEs, then 2. If IEEE 802.1AX LACP is used between the PEs and CEs, then
the ESI is determined from LACP by concatenating the following the ESI is determined from LACP by concatenating the following
parameters: parameters:
+ CE LACP System Identifier comprised of two bytes of System + CE LACP System Identifier comprised of two octets of System
Priority and six bytes of System MAC address, where the System Priority and six octets of System MAC address, where the
Priority is encoded in the most significant two bytes. The CE System Priority is encoded in the most significant two octets.
LACP identifier MUST be encoded in the high order eight bytes The CE LACP identifier MUST be encoded in the high order eight
of the ESI. octets of the ESI.
+ CE LACP two byte Port Key. The CE LACP port key MUST be + CE LACP two octets Port Key. The CE LACP port key MUST be
encoded in the low order two bytes of the ESI encoded in the low order two octets of the ESI.
As far as the CE is concerned it would treat the multiple MESes As far as the CE is concerned, it would treat the multiple PEs
that it is connected to as the same switch. This allows the CE that it is connected to as the same switch. This allows the CE
to aggregate links that are attached to different MESes in the to aggregate links that are attached to different PEs in the
same bundle. same bundle.
3. If LLDP is used, between the MESes and CEs that are hosts, then 3. If LLDP is used between the PEs and CEs that are hosts, then
the ESI is determined by LLDP. The ESI will be specified in a the ESI is determined by LLDP. The ESI will be specified in a
following version. following version.
4. In the case of indirectly connected hosts via a bridged LAN 4. In the case of indirectly connected hosts via a bridged LAN
between the CEs and the MESes, the ESI is determined based on the between the CEs and the PEs, the ESI is determined based on the
Layer 2 bridge protocol as follows: If STP is used in the bridged Layer 2 bridge protocol as follows: If MST is used in the bridged
LAN then the value of the ESI is derived by listening to BPDUs on LAN then the value of the ESI is derived by listening to BPDUs on
the Ethernet segment. To achieve this the MES is not required to the Ethernet segment. To achieve this the PE is not required to
run STP. However the MES must learn the Switch ID, MSTP ID and run MST. However the PE must learn the Root Bridge MAC address
Root Bridge ID by listening to STP BPDUs. The ESI is constructed and Bridge Priority of the root of the Internal Spanning Tree
as follows: (IST) by listening to the BPDUs. The ESI is constructed as
follows:
{Switch ID (6 bits), MSTP ID (6 bits), Root Bridge ID (48 bits)} {Bridge Priority (16 bits) , Root Bridge MAC Address (48 bits)}
7. BGP E-VPN NLRI 7. Ethernet Tag
An Ethernet Tag identifies a particular broadcast domain, e.g. a
VLAN, in an EVI. An EVI consists of one or more broadcast domains.
Ethernet Tags are assigned to the broadcast domains of a given EVI by
the provider of the E-VPN service. Each PE, in a given EVI, performs
a mapping between the Ethernet Tag and the corresponding broadcast
domain identifier(s) understood by each of its attached CEs (e.g. CE
VLAN Identifiers or CE-VIDs).
If the broadcast domain identifiers(s) are understood consistently by
all of the CEs in an EVI, the broadcast domain identifier(s) MAY be
used as the corresponding Ethernet Tag(s). In other words, the
Ethernet Tag ID assigned by the provider is numerically equal to the
broadcast domain identifier (e.g., CE-VID = Ethernet Tag).
Further, some deployment scenarios guarantee uniqueness of broadcast
domain identifiers across all EVIs; all points of attachment of a
given EVI use the same broadcast domain identifier(s) and no other
EVI uses these broadcast domain identifier(s). This allows the RT(s)
for each EVI to be derived automatically, as described in section
9.4.1.1.1 "Auto-Derivation from the Ethernet Tag ID".
The following subsections discuss the relationship between Ethernet
Tags, EVIs and broadcast domain identifiers as well as the setting of
the Ethernet Tag Identifier, in the various E-VPN BGP routes (defined
in section 8), for the different types of service interfaces
described in [EVPN-REQ].
7.1 VLAN Based Service Interface
With this service interface, there is a one-to-one mapping between
the broadcast domain identifier understood by a CE on a port (e.g.
CE-VID) and an EVI. Furthermore, there is a single bridge domain per
PE for the EVI. Different CEs connected to different PE ports MAY use
different broadcast domain identifiers (e.g. CE-VIDs) for the same
EVI. If said identifiers are different, the frames SHOULD remain
tagged with the originating CE's broadcast domain identifier (e.g.
CE-VID). When the CE broadcast domain identifiers are not consistent,
a tag translation function MUST be supported in the data path and
MUST be performed on the disposition PE. The Ethernet Tag Identifier
in all E-VPN routes MUST be set to 0.
7.2 VLAN Bundle Service Interface
With this service interface, there is a many-to-one mapping between
the broadcast domain identifier understood by a CE on a port (e.g.
CE-VID) and an EVI. Furthermore, there is a single bridge domain per
PE for the EVI. Different CEs connected to different PE ports MUST
use the same broadcast domain identifiers (e.g. CE-VIDs) for the same
EVI. The MPLS encapsulated frames MUST remain tagged with the
originating CE's broadcast domain identifier (e.g. CE-VID). Tag
translation is NOT permitted. The Ethernet Tag Identifier in all E-
VPN routes MUST be set to 0.
7.2.1 Port Based Service Interface
This service interface is a special case of the VLAN Bundle service
interface, where all of the VLANs on the port are part of the same
service and map to the same bundle. The procedures are identical to
those described in section 7.2.
7.3 VLAN Aware Bundle Service Interface
With this service interface, there is a many-to-one mapping between
the broadcast domain identifier understood by a CE on a port (e.g.
CE-VID) and an EVI. Furthermore, there are multiple bridge domains
per PE for the EVI: one broadcast domain per CE broadcast domain
identifier. In the case where the CE broadcast domain identifiers are
not consistent for different CEs, a normalized Ethernet Tag MUST be
carried in the MPLS encapsulated frames and a tag translation
function MUST be supported in the data path. This translation MUST be
performed on both the imposition as well as the disposition PEs. The
Ethernet Tag Identifier in all E-VPN routes MUST be set to the
normalized Ethernet Tag assigned by the E-VPN provider.
8. BGP E-VPN NLRI
This document defines a new BGP NLRI, called the E-VPN NLRI. This document defines a new BGP NLRI, called the E-VPN NLRI.
Following is the format of the E-VPN NLRI: Following is the format of the E-VPN NLRI:
+-----------------------------------+ +-----------------------------------+
| Route Type (1 octet) | | Route Type (1 octet) |
+-----------------------------------+ +-----------------------------------+
| Length (1 octet) | | Length (1 octet) |
+-----------------------------------+ +-----------------------------------+
| Route Type specific (variable) | | Route Type specific (variable) |
+-----------------------------------+ +-----------------------------------+
The Route Type field defines encoding of the rest of E-VPN NLRI The Route Type field defines encoding of the rest of the E-VPN NLRI
(Route Type specific E-VPN NLRI). (Route Type specific E-VPN NLRI).
The Length field indicates the length in octets of the Route Type The Length field indicates the length in octets of the Route Type
specific field of E-VPN NLRI. specific field of E-VPN NLRI.
This document defines the following Route Types: This document defines the following Route Types:
+ 1 - Ethernet Auto-Discovery (A-D) route + 1 - Ethernet Auto-Discovery (A-D) route
+ 2 - MAC advertisement route + 2 - MAC advertisement route
+ 3 - Inclusive Multicast Route + 3 - Inclusive Multicast Route
+ 5 - Selective Multicast Auto-Discovery (A-D) Route + 4 - Ethernet Segment Route
+ 6 - Leaf Auto-Discovery (A-D) Route
The detailed encoding and procedures for these route types are The detailed encoding and procedures for these route types are
described in subsequent sections. described in subsequent sections.
The E-VPN NLRI is carried in BGP [RFC4271] using BGP Multiprotocol The E-VPN NLRI is carried in BGP [RFC4271] using BGP Multiprotocol
Extensions [RFC4760] with an AFI of TBD and an SAFI of E-VPN (To be Extensions [RFC4760] with an AFI of TBD and an SAFI of E-VPN (To be
assigned by IANA). The NLRI field in the assigned by IANA). The NLRI field in the
MP_REACH_NLRI/MP_UNREACH_NLRI attribute contains the E-VPN NLRI MP_REACH_NLRI/MP_UNREACH_NLRI attribute contains the E-VPN NLRI
(encoded as specified above). (encoded as specified above).
In order for two BGP speakers to exchange labeled E-VPN NLRI, they In order for two BGP speakers to exchange labeled E-VPN NLRI, they
must use BGP Capabilities Advertisement to ensure that they both are must use BGP Capabilities Advertisement to ensure that they both are
capable of properly processing such NLRI. This is done as specified capable of properly processing such NLRI. This is done as specified
in [RFC4760], by using capability code 1 (multiprotocol BGP) with an in [RFC4760], by using capability code 1 (multiprotocol BGP) with an
AFI of TBD and an SAFI of E-VPN. AFI of TBD and an SAFI of E-VPN.
7.1. Ethernet Auto-Discovery Route 8.1. Ethernet Auto-Discovery Route
A Ethernet A-D route type specific E-VPN NLRI consists of the A Ethernet A-D route type specific E-VPN NLRI consists of the
following: following:
+---------------------------------------+ +---------------------------------------+
| RD (8 octets) | | RD (8 octets) |
+---------------------------------------+ +---------------------------------------+
|Ethernet Segment Identifier (10 octets)| |Ethernet Segment Identifier (10 octets)|
+---------------------------------------+ +---------------------------------------+
| Ethernet Tag ID (4 octets) | | Ethernet Tag ID (4 octets) |
+---------------------------------------+ +---------------------------------------+
| MPLS Label (3 octets) | | MPLS Label (3 octets) |
+---------------------------------------+ +---------------------------------------+
For procedures and usage of this route please see the sections on For procedures and usage of this route please see section 9.2 "Fast
"Auto-Discovery of Ethernet Tags on Ethernet Segments", "Designated Convergence" and section 9.4 "Aliasing".
Forwarder Election" and "Load Balancing".
7.2. MAC Advertisement Route 8.2. MAC Advertisement Route
A MAC advertisement route type specific E-VPN NLRI consists of the A MAC advertisement route type specific E-VPN NLRI consists of the
following: following:
+---------------------------------------+ +---------------------------------------+
| RD (8 octets) | | RD (8 octets) |
+---------------------------------------+ +---------------------------------------+
|Ethernet Segment Identifier (10 octets)| |Ethernet Segment Identifier (10 octets)|
+---------------------------------------+ +---------------------------------------+
| Ethernet Tag ID (4 octets) | | Ethernet Tag ID (4 octets) |
skipping to change at page 8, line 48 skipping to change at page 11, line 41
+---------------------------------------+ +---------------------------------------+
| MAC Address (6 octets) | | MAC Address (6 octets) |
+---------------------------------------+ +---------------------------------------+
| IP Address Length (1 octet) | | IP Address Length (1 octet) |
+---------------------------------------+ +---------------------------------------+
| IP Address (4 or 16 octets) | | IP Address (4 or 16 octets) |
+---------------------------------------+ +---------------------------------------+
| MPLS Label (n * 3 octets) | | MPLS Label (n * 3 octets) |
+---------------------------------------+ +---------------------------------------+
For procedures and usage of this route please see the sections on For procedures and usage of this route please see section 10
"Determining Reachability to Unicast MAC Addresses" and "Load "Determining Reachability to Unicast MAC Addresses" and section 15
Balancing of Unicast Packets". "Load Balancing of Unicast Packets".
7.3. Inclusive Multicast Ethernet Tag Route 8.3. Inclusive Multicast Ethernet Tag Route
An Inclusive Multicast Ethernet Tag route type specific E-VPN NLRI An Inclusive Multicast Ethernet Tag route type specific E-VPN NLRI
consists of the following: consists of the following:
+---------------------------------------+ +---------------------------------------+
| RD (8 octets) | | RD (8 octets) |
+---------------------------------------+ +---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) | | Ethernet Tag ID (4 octets) |
+---------------------------------------+ +---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| Originating Router's IP Addr | | Originating Router's IP Addr |
| (4 or 16 octets) | | (4 or 16 octets) |
+---------------------------------------+ +---------------------------------------+
For procedures and usage of this route please see the sections on For procedures and usage of this route please see section 12
"Handling of Multi-Destination Traffic", "Unknown Unicast Traffic" "Handling of Multi-Destination Traffic", section 13 "Processing of
and "Multicast". Unknown Unicast Traffic" and section 17 "Multicast".
8. ESI MPLS Label Extended Community 8.4 Ethernet Segment Route
The Ethernet Segment Route is encoded in the E-VPN NLRI using the
Route Type value of 4. The Route Type Specific field of the NLRI is
formatted as follows:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
For procedures and usage of this route please see section 9.5
"Designated Forwarder Election".
8.5 ESI MPLS Label Extended Community
This extended community is a new transitive extended community. It This extended community is a new transitive extended community. It
may be advertised along with Ethernet Auto-Discovery routes. When may be advertised along with Ethernet Auto-Discovery routes and it
used it carries properties associated with the ESI. Specifically it enables split-horizon procedures for multi-homed sites as described
enables split horizon procedures for multi-homed sites. The in section 9.3 "Split Horizon".
procedures for using this Extended Community are described in
following sections.
Each ESI MPLS Label Extended Community is encoded as a 8-octet value Each ESI MPLS Label Extended Community is encoded as a 8-octet value
as follows: as follows:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 0x44 | Sub-Type | Flags (One Octet) |Reserved=0 | | 0x44 | Sub-Type | Flags (One Octet) |Reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved = 0| ESI MPLS label | | Reserved = 0| ESI MPLS label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The low order bit of the flags octet is defined as the "Active- The low order bit of the flags octet is defined as the "Active-
Standby" bit and may be set to 1. The other bits must be set to 0. Standby" bit and may be set to 1. The other bits must be set to 0.
9. Auto-Discovery 8.6 ES-Import Extended Community
E-VPN requires the following types of auto-discovery procedures: This is a new transitive extended community carried with the Ethernet
+ E-VPN Auto-Discovery, which allows an MES to discover the other Segment route. When used, it enables all the PEs connected to the
MESes in the E-VPN. Each MES advertises one or more "Inclusive same multi-homed site to import the Ethernet Segment routes. The
Multicast Tag Routes". The procedures for advertising these value is derived automatically from the ESI by encoding the 6-byte
routes are described in the section on "Handling of Multi- MAC address portion of the ESI in the ES-Import Extended Community.
Destination Traffic". The format of this extended community is as follows:
+ Auto-Discovery of Ethernet Tags on Ethernet Segments, in a 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
particular E-VPN. The procedures are described in section +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
"Auto-Discovery of Ethernet Tags on Ethernet Segments". | 0x44 | Sub-Type | ES-Import |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ES-Import Cont'd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ Ethernet Segment Auto-Discovery used for auto-discovery of MESes For procedures and usage of this attribute, please see section 9.1
that are multi-homed to the same Ethernet segment. The "Redundancy Group Discovery".
procedures are described in section "Auto-Discovery of Ethernet
Tags on Ethernet Segments".
10. Auto-Discovery of Ethernet Tags on Ethernet Segments 8.7 MAC Mobility Extended Community
If a CE is multi-homed to two or more MESes on a particular Ethernet This extended community is a new transitive extended community. It
segment, each MES MUST advertise, to other MESes in the E-VPN, the may be advertised along with MAC Advertisement routes. The procedures
information about the Ethernet Tags that are associated with that for using this Extended Community are described in section 16 "MAC
Ethernet segment. An Ethernet Tag identifies a particular broadcast Mobility".
domain. An example of an Ethernet Tag is a VLAN ID. The MES MAY
advertise each Ethernet Tag associated with the Ethernet Segment, or
it may advertise a wildcard to cover all the Ethernet Tags enabled on
the segment. If a CE is single-homed, then the MES that it is
attached to MAY advertise the information about Ethernet Tags
(e.g.,VLANs) on the Ethernet segment connected to the CE.
The information about an Ethernet Tag on a particular Ethernet The MAC Mobility Extended Community is encoded as a 8-octet value as
segment is advertised using an "Ethernet Auto-Discovery route follows:
(Ethernet A-D route)". This route is advertised using the E-VPN NLRI.
The Ethernet Tag Auto-discovery information SHOULD be used to enable 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
active-active load-balancing among MESes as described in section +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
"Load Balancing of Unicast Packets". In the case of a multi-homed CE | 0x44 | Sub-Type | Reserved=0 |
this route MUST also carry the "ESI Label Extended Community" to +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
enable split horizon as described in section "Split Horizon". Also, | Sequence Number |
the route can be used for Designated Forwarder (DF) election as +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
described in section "Designated Forwarder Election". Further,it MAY
be used to optimize the withdrawal of MAC addresses upon failure as
described in section "Convergence".
This section describes procedures for advertising one or more 9. Multi-homing Functions
Ethernet A-D routes per Ethernet tag per E-VPN. We will call this as
"Ethernet A-D route per E-VPN". This section also describes
procedures to advertise and withdraw a single Ethernet A-D route per
Ethernet Segment. We will call this as "Ethernet A-D route per
Segment".
10.1. Constructing the Ethernet A-D Route This section discusses the functions, procedures and associated BGP
The format of the Ethernet A-D NLRI is specified in section "BGP E- routes used to support multi-homing in E-VPN. This covers both multi-
VPN NLRI". homed device (MHD) as well as multi-homed network (MHN) scenarios.
10.1.1. Ethernet A-D Route per E-VPN 9.1 Multi-homed Ethernet Segment Auto-Discovery
PEs connected to the same Ethernet segment can automatically discover
each other with minimal to no configuration through the exchange of
the Ethernet Segment route.
9.1.1 Constructing the Ethernet Segment Route
The Route-Distinguisher (RD) MUST be a Type 1 RD [RFC4364]. The value
field comprises an IP address of the MES (typically, the loopback
address) followed by 0's.
The Ethernet Segment Identifier MUST be set to the ten octet ESI
identifier described in section 6.
The BGP advertisement that advertises the Ethernet Segment route MUST
also carry an ES-Import extended community attribute, as defined in
section 8.6.
The Ethernet Segment Route filtering MUST be done such that the
Ethernet Segment Route is imported only by the PEs that are multi-
homed to the same Ethernet Segment. To that end, each PE that is
connected to a particular Ethernet segment constructs an import
filtering rule to import a route that carries the ES-Import extended
community, constructed from the ESI.
Note that the new ES-Import extended community is not the same as the
Route Target Extended Community. The Ethernet Segment route carries
this new ES-Import extended community. The PEs apply filtering on
this new extended community. As a result the Ethernet Segment route
is imported only by the PEs that are connected to the same Ethernet
segment.
9.2 Fast Convergence
In E-VPN, MAC address reachability is learnt via the BGP control-
plane over the MPLS network. As such, in the absence of any fast
protection mechanism, the network convergence time is a function of
the number of MAC Advertisement routes that must be withdrawn by the
PE encountering a failure. For highly scaled environments, this
scheme yields slow convergence.
To alleviate this, E-VPN defines a mechanism to efficiently and
quickly signal, to remote PE nodes, the need to update their
forwarding tables upon the occurrence of a failure in connectivity to
an Ethernet segment. This is done by having each PE advertise an
Ethernet A-D Route per Ethernet segment for each locally attached
segment (refer to section 9.2.1 below for details on how this route
is constructed). Upon a failure in connectivity to the attached
segment, the PE withdraws the corresponding Ethernet A-D route. This
triggers all PEs that receive the withdrawal to update their next-hop
adjacencies for all MAC addresses associated with the Ethernet
segment in question. If no other PE had advertised an Ethernet A-D
route for the same segment, then the PE that received the withdrawal
simply invalidates the MAC entries for that segment. Otherwise, the
PE updates the next-hop adjacencies to point to the backup PE(s).
9.2.1 Constructing the Ethernet A-D Route per Ethernet Segment
This section describes procedures to construct the Ethernet A-D route This section describes procedures to construct the Ethernet A-D route
when one or more such routes are advertised by an MES for a given E- when a single such route is advertised by an PE for a given Ethernet
VPN instance. Segment. This flavor of the Ethernet A-D route is used for fast
convergence (as discussed above) as well as for advertising the ESI
MPLS label used for split-horizon filtering (as discussed in section
9.2). Support of this route flavor is MANDATORY.
Route-Distinguisher (RD) MUST be set to the RD of the E-VPN instance Route-Distinguisher (RD) MUST be a Type 1 RD [RFC4364]. The value
that is advertising the NLRI. A RD MUST be assigned for a given E-VPN field comprises an IP address of the PE (typically, the loopback
instance on an MES. This RD MUST be unique across all E-VPN instances address) followed by 0. The reason for such encoding is that the RD
on an MES. It is RECOMMENDED to use the Type 1 RD [RFC4364]. The cannot be that of a given EVI since the ESI can span across one or
value field comprises an IP address of the MES (typically, the more EVIs.
loopback address) followed by a number unique to the MES. This
number may be generated by the MES. Or in the Unique Single VLAN E-
VPN case, the low order 12 bits may be the 12 bit VLAN ID, with the
remaining high order 4 bits set to 0.
Ethernet Segment Identifier MAY be set to 0. When it is not zero the The Ethernet Segment Identifier MUST be a ten octet entity as
Ethernet Segment Identifier MUST be a ten octet entity as described described in section "Ethernet Segment". This document does not
in section "Ethernet Segment Identifier". specify the use of the Ethernet A-D route when the Segment Identifier
is set to 0.
The Ethernet Tag ID MUST be set to 0.
The MPLS label in the NLRI MUST be set to 0.
The "ESI MPLS Label Extended Community" MUST be included in the
route. If all-active multi-homing is desired, then the "Active-
Standby" bit in the flags of the ESI MPLS Label Extended Community
MUST be set to 0 and the MPLS label in that extended community MUST
be set to a valid MPLS label value. The MPLS label in this Extended
Community is referred to as an "ESI label". This label MUST be a
downstream assigned MPLS label if the advertising PE is using ingress
replication for receiving multicast, broadcast or unknown unicast
traffic from other PEs. If the advertising PE is using P2MP MPLS LSPs
for sending multicast, broadcast or unknown unicast traffic, then
this label MUST be an upstream assigned MPLS label. The usage of this
label is described in section 9.2.
If the Ethernet Segment is connected to more than one PE and active-
standby multi-homing is desired, then the "Active-Standby" bit in the
flags of the ESI MPLS Label Extended Community MUST be set to 1.
9.2.1.1. Ethernet A-D Route Targets
The Ethernet A-D route MUST carry one or more Route Target (RT)
attributes. These RTs MUST be the set of RTs associated with all the
EVIs to which the Ethernet Segment, corresponding to the Ethernet A-D
route, belongs.
9.3 Split Horizon
Consider a CE that is multi-homed to two or more PEs on an Ethernet
segment ES1. If the CE sends a multicast, broadcast or unknown
unicast packet to a particular PE, say PE1, then PE1 will forward
that packet to all or subset of the other PEs in the EVI. In this
case the PEs, other than PE1, that the CE is multi-homed to MUST drop
the packet and not forward back to the CE. This is referred to as
"split horizon" filtering in this document.
In order to achieve this split horizon function, every multicast,
broadcast or unknown unicast packet is encapsulated with an MPLS
label that identifies the Ethernet segment of origin (i.e. the
segment from which the frame entered the E-VPN network). This label
is referred to as the ESI MPLS label, and is distributed using the
"Ethernet A-D route per Ethernet Segment" as per the procedures in
section 9.1.1 above. This route is imported by the PEs connected to
the Ethernet Segment and also by the PEs that have at least one EVI
in common with the Ethernet Segment in the route. As described in
section 9.1.1, the route MUST carry an ESI MPLS Label Extended
Community with a valid ESI MPLS label. The disposition PEs rely on
the value of the ESI MPLS label to determine whether or not a flooded
frame is allowed to egress a specific Ethernet segment.
9.3.1 ESI MPLS Label Assignment
The following subsections describe the assignment procedures for the
ESI MPLS label, which differ depending on the type of tunnels being
used to deliver multi-destination packets in the E-VPN network.
9.3.1.1 Ingress Replication
An PE that is using ingress replication for sending broadcast,
multicast or unknown unicast traffic, distributes to other PEs, that
belong to the Ethernet segment, a downstream assigned "ESI MPLS
label" in the Ethernet A-D route. This label MUST be programmed in
the platform label space by the advertising PE. Further the
forwarding entry for this label must result in NOT forwarding packets
received with this label onto the Ethernet segment that the label was
distributed for.
Consider PE1 and PE2 that are multi-homed to CE1 on ES1. Further
consider that PE1 is using P2P or MP2P LSPs to send packets to PE2.
Consider that PE1 receives a multicast, broadcast or unknown unicast
packet from CE1 on VLAN1 on ESI1. In this scenario, PE2 distributes
an Inclusive Multicast Ethernet Tag route for VLAN1 in the associated
EVI. So, when PE1 sends a multicast, broadcast or unknown unicast
packet, that it receives from CE1, it MUST first push onto the MPLS
label stack the ESI label that PE2 has distributed for ESI1. It MUST
then push on the MPLS label distributed by PE2 in the Inclusive
Multicast Ethernet Tag route for VLAN1. The resulting packet is
further encapsulated in the P2P or MP2P LSP label stack required to
transmit the packet to PE2. When PE2 receives this packet it
determines the set of ESIs to replicate the packet to from the top
MPLS label, after any P2P or MP2P LSP labels have been removed. If
the next label is the ESI label assigned by PE2 for ESI1, then PE2
MUST NOT forward the packet onto ESI1.
9.3.1.2. P2MP MPLS LSPs
An PE that is using P2MP LSPs for sending broadcast, multicast or
unknown unicast traffic, distributes to other PEs, that belong to the
Ethernet segment or have an E-VPN in common with the Ethernet
Segment, an upstream assigned "ESI MPLS label" in the Ethernet A-D
route. This label is upstream assigned by the PE that advertises the
route. This label MUST be programmed by the other PEs, that are
connected to the ESI advertised in the route, in the context label
space for the advertising PE. Further the forwarding entry for this
label must result in NOT forwarding packets received with this label
onto the Ethernet segment that the label was distributed for. This
label MUST also be programmed by the other PEs, that import the route
but are not connected to the ESI advertised in the route, in the
context label space for the advertising PE. Further the forwarding
entry for this label must be a POP with no other associated action.
Consider PE1 and PE2 that are multi-homed to CE1 on ES1. Also
consider PE3 that is in the same EVI as one of the EVIs to which ES1
belongs. Further, assume that PE1 is using P2MP MPLS LSPs to send
broadcast, multicast or uknown unicast packets. When PE1 sends a
multicast, broadcast or unknown unicast packet, that it receives from
CE1, it MUST first push onto the MPLS label stack the ESI label that
it has assigned for the ESI that the packet was received on. The
resulting packet is further encapsulated in the P2MP MPLS label stack
necessary to transmit the packet to the other PEs. Penultimate hop
popping MUST be disabled on the P2MP LSPs used in the MPLS transport
infrastructure for E-VPN. When PE2 receives this packet, it de-
capsulates the top MPLS label and forwards the packet using the
context label space determined by the top label. If the next label is
the ESI label assigned by PE1 to ESI1, then PE2 MUST NOT forward the
packet onto ESI1. When PE3 receives this packet, it de-capsulates the
top MPLS label and forwards the packet using the context label space
determined by the top label. If the next label is the ESI label
assigned by PE1 to ESI1 and PE3 is not connected to ESI1, then PE3
MUST pop the label and flood the packet over all local ESIs in the
EVI.
9.3.1.3. MP2MP LSPs
The procedures for ESI MPLS Label assignment and usage for MP2MP LSPs
will be described in a future version.
9.4 Aliasing
In the case where a CE is multi-homed to multiple PE nodes, using a
LAG with all-active redundancy, it is possible that only a single PE
learns a set of the MAC addresses associated with traffic transmitted
by the CE. This leads to a situation where remote PE nodes receive
MAC advertisement routes, for these addresses, from a single PE even
though multiple PEs are connected to the multi-homed segment. As a
result, the remote PEs are not able to effectively load-balance
traffic among the PE nodes connected to the multi-homed Ethernet
segment. This could be the case, for e.g. when the PEs perform data-
path learning on the access, and the load-balancing function on the
CE hashes traffic from a given source MAC address to a single PE.
Another scenario where this occurs is when the PEs rely on control
plane learning on the access (e.g. using ARP), since ARP traffic will
be hashed to a single link in the LAG.
To alleviate this issue, E-VPN introduces the concept of 'Aliasing'.
Aliasing refers to the ability of an PE to signal that it has
reachability to a given locally attached Ethernet segment, even when
it has learnt no MAC addresses from that segment. The Ethernet A-D
route per EVI is used to that end. Remote PEs which receive MAC
advertisement routes with non-zero ESI SHOULD consider the advertised
MAC address as reachable via all PEs which have advertised
reachability to the relevant Segment using Ethernet A-D routes with
the same ESI (and Ethernet Tag if applicable).
9.4.1 Constructing the Ethernet A-D Route per EVI
This section describes procedures to construct the Ethernet A-D route
when one or more such routes are advertised by an PE for a given EVI.
This flavor of the Ethernet A-D route is used for aliasing, and
support of this route flavor is OPTIONAL.
Route-Distinguisher (RD) MUST be set to the RD of the EVI that is
advertising the NLRI. An RD MUST be assigned for a given EVI on an
PE. This RD MUST be unique across all EVIs on an PE. It is
RECOMMENDED to use the Type 1 RD [RFC4364]. The value field comprises
an IP address of the PE (typically, the loopback address) followed by
a number unique to the PE. This number may be generated by the PE.
Or in the Unique VLAN E-VPN case, the low order 12 bits may be the 12
bit VLAN ID, with the remaining high order 4 bits set to 0.
The Ethernet Segment Identifier MUST be a ten octet entity as
described in section "Ethernet Segment Identifier". This document
does not specify the use of the Ethernet A-D route when the Segment
Identifier is set to 0.
The Ethernet Tag ID is the identifier of an Ethernet Tag on the The Ethernet Tag ID is the identifier of an Ethernet Tag on the
Ethernet segment. This value may be a 12 bit VLAN ID, in which case Ethernet segment. This value may be a 12 bit VLAN ID, in which case
the low order 12 bits are set to the VLAN ID and the high order 20 the low order 12 bits are set to the VLAN ID and the high order 20
bits are set to 0. Or it may be another Ethernet Tag used by the E- bits are set to 0. Or it may be another Ethernet Tag used by the E-
VPN. It MAY be set to the default Ethernet Tag on the Ethernet VPN. It MAY be set to the default Ethernet Tag on the Ethernet
segment or 0. segment or to the value 0.
Note that the above allows the Ethernet A-D route to be advertised Note that the above allows the Ethernet A-D route to be advertised
with one of the following granularities: with one of the following granularities:
+ One Ethernet A-D route for a given <ESI, Ethernet Tag ID> tuple + One Ethernet A-D route for a given <ESI, Ethernet Tag ID> tuple
per E-VPN per EVI. This is applicable when the PE uses MPLS-based
disposition.
+ One Ethernet A-D route for a given <Ethernet Tag ID> in a given
E-VPN, for all associated Ethernet segments, where the ESI is
set to 0.
+ One Ethernet A-D route for the E-VPN where both ESI and Ethernet + One Ethernet A-D route per <ESI, EVI> (where the Ethernet
Tag ID are set to 0. Tag ID is set to 0). This is applicable when the PE uses
MAC-based disposition, or when the PE uses MPLS-based
disposition when no VLAN translation is required.
E-VPN supports both the non-qualified and qualified learning models. The usage of the MPLS label is described in the section on "Load
When non-qualified learning is used, the Ethernet Tag Identifier Balancing of Unicast Packets".
specified in this section and in other places in this document MUST
be set to the default Ethernet Tag, e.g., VLAN ID. When qualified
learning is used, and the Ethernet Tags between MESes and CEs in the
E-VPN are consistently assigned for a given broadcast domain, the
Ethernet Tag Identifier MUST be set to the Ethernet Tag, e.g., VLAN
ID for the concerned broadcast domain between the advertising MES and
the CE. When qualified learning is used, and the Ethernet Tags,
e.g., VLAN IDs between MESes and CEs in the E-VPN are not
consistently assigned for a given broadcast domain, the Ethernet Tag
Identifier, e.g., VLAN ID MUST be set to a common E-VPN provider
assigned tag that maps locally on the advertising MES to an Ethernet
broadcast domain identifier such as a VLAN ID. The usage of the MPLS
label is described in section on "Load Balancing of Unicast Packets".
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST The Next Hop field of the MP_REACH_NLRI attribute of the route MUST
be set to the IPv4 or IPv6 address of the advertising MES. be set to the IPv4 or IPv6 address of the advertising PE.
10.1.1.1. Ethernet A-D Route Targets 9.4.1.1 Ethernet A-D Route Targets
The Ethernet A-D route MUST carry one or more Route Target (RT) The Ethernet A-D route MUST carry one or more Route Target (RT)
attributes. RTs may be configured (as in IP VPNs), or may be derived attributes. RTs may be configured (as in IP VPNs), or may be derived
automatically. automatically.
If an MES uses Route Target Constrain [RT-CONSTRAIN], the MES SHOULD If an PE uses Route Target Constrain [RT-CONSTRAIN], the PE SHOULD
advertise all such RTs using Route Target Constrains. The use of RT advertise all such RTs using Route Target Constrains. The use of RT
Constrains allows each Ethernet A-D route to reach only those MESes Constrains allows each Ethernet A-D route to reach only those PEs
that are configured to import at least one RT from the set of RTs that are configured to import at least one RT from the set of RTs
carried in the Ethernet A-D route. carried in the Ethernet A-D route.
10.1.1.1.1. Auto-Derivation from the Ethernet Tag ID 9.4.1.1.1 Auto-Derivation from the Ethernet Tag ID
The following is the procedure for deriving the RT attribute The following is the procedure for deriving the RT attribute
automatically from the Ethernet Tag ID associated with the automatically from the Ethernet Tag ID associated with the
advertisement: advertisement:
+ The Global Administrator field of the RT MUST + The Global Administrator field of the RT MUST
be set to the Autonomous System (AS) number that the MES be set to the Autonomous System (AS) number that the PE
belongs to. belongs to.
+ The Local Administrator field of the RT contains a 4 + The Local Administrator field of the RT contains a 4
octets long number that encodes the Ethernet Tag-ID. If the octets long number that encodes the Ethernet Tag-ID. If the
Ethernet Tag-ID is a two octet VLAN ID then it MUST be Ethernet Tag-ID is a two octet VLAN ID then it MUST be
encoded in the lower two octets of the Local Administrator encoded in the lower two octets of the Local Administrator
field and the higher two octets MUST be set to zero. field and the higher two octets MUST be set to zero.
For the "Unique Single VLAN E-VPN" this results in auto-deriving the For the "Unique VLAN E-VPN" this results in auto-deriving the RT from
RT from the Ethernet Tag, e.g., VLAN ID for that E-VPN. the Ethernet Tag, e.g., VLAN ID for that E-VPN.
10.1.2. Ethernet A-D Route per Ethernet Segment 9.5 Designated Forwarder Election
This section describes procedures to construct the Ethernet A-D route Consider a CE that is a host or a router that is multi-homed directly
when a single such route is advertised by an MES for a given Ethernet to more than one PE in an E-VPN on a given Ethernet segment. One or
Segment. more Ethernet Tags may be configured on the Ethernet segment. In this
scenario only one of the PEs, referred to as the Designated Forwarder
(DF), is responsible for certain actions:
Route-Distinguisher (RD) MUST be a Type 1 RD [RFC4364]. The value - Sending multicast and broadcast traffic, on a given Ethernet
field comprises an IP address of the MES (typically, the loopback Tag on a particular Ethernet segment, to the CE.
address) followed by 0. The reason for such encoding is that the RD
cannot be that of a given E-VPN since the ESI can span across one or
more E-VPNs.
Ethernet Segment Identifier MUST be a non-zero ten octet entity as - Flooding unknown unicast traffic (i.e. traffic for
described in section "Ethernet Segment Identifier". which an PE does not know the destination MAC address),
on a given Ethernet Tag on a particular Ethernet segment
to the CE, if the environment requires flooding of
unknown unicast traffic.
Note that this behavior, which allows selecting a DF at the
granularity of <ESI, EVI> for multicast, broadcast and unknown
unicast traffic, is the default behavior in this specification.
Optional mechanisms, which will be specified in the future, will
allow selecting a DF at the granularity of <ESI, EVI, S, G>.
The Ethernet Tag ID MUST be set to 0. Note that a CE always sends packets belonging to a specific flow
using a single link towards an PE. For instance, if the CE is a host
then, as mentioned earlier, the host treats the multiple links that
it uses to reach the PEs as a Link Aggregation Group (LAG). The CE
employs a local hashing function to map traffic flows onto links in
the LAG.
If the Ethernet Segment is connected to more than one MES then the If a bridged network is multi-homed to more than one PE in an E-VPN
"ESI MPLS Label Extended Community" MUST be included in the route. If via switches, then the support of all-active points of attachments,
the Ethernet Segment is connected to more than one MES and active- as described in this specification, requires the bridge network to be
active multi-homing is desired then the MPLS label in the ESI MPLS connected to two or more PEs using a LAG. In this case the reasons
Label Extended Community MUST be set to a valid MPLS label value. The for doing DF election are the same as those described above when a CE
MPLS label in this Extended Community is referred to as an "ESI is a host or a router.
label". This label MUST be a downstream assigned MPLS label if the
advertising MES is using ingress replication for receiving multicast,
broadcast or unknown unicast traffic, from other MESes. If the
advertising MES is using P2MP MPLS LSPs for sending multicast,
broadcast or unknown unicast traffic, then this label MUST be an
upstream assigned MPLS label. The usage of this label is described in
section "Split Horizon".
If the Ethernet Segment is connected to more than one MES and active- If a bridged network does not connect to the PEs using LAG, then only
standby multi-homing is desired then the "Active-Standby" bit in the one of the links between the switched bridged network and the PEs
flags of the ESI MPLS Label Extended Community MUST be set to 1. must be the active link for a given Ethernet Tag. In this case, the
Ethernet A-D route per Ethernet segment MUST be advertised with the
"Active-Standby" flag set to one. Procedures for supporting all-
active points of attachments, when a bridge network connects to the
PEs using LAG, are for further study.
If the per Ethernet Segment Ethernet A-D route is used in conjunction The granularity of the DF election MUST be at least the Ethernet
with the per {ESI, VLAN} Ethernet A-D route, for reasons described segment via which the CE is multi-homed to the PEs. If the DF
below, then the MPLS label in the NLRI MUST be set to 0. election is done at the Ethernet segment granularity then a single PE
MUST be elected as the DF on the Ethernet segment.
10.1.2.1. Ethernet A-D Route Targets If there are one or more EVIs enabled on the Ethernet segment, then
the granularity of the DF election SHOULD be the combination of the
Ethernet segment and EVI on that Ethernet segment. In this case a
single PE MUST be elected as the DF for a particular EVI on that
Ethernet segment.
The Ethernet A-D route MUST carry one or more Route Target (RT) The detailed procedures for DF election are described next.
attributes. These RTs MUST be the set of RTs associated with all the
E-VPN instances to which the Ethernet Segment, corresponding to the
Ethernet A-D route, belongs.
10.2. Motivations for Ethernet A-D Route per Ethernet Segment 9.5.1 Default DF Election Procedure
This section describes various scenarios in which the Ethernet A-D As a PE discovers the other PEs that are connected to the same
route should be advertised per Ethernet Segment. Ethernet Segment, using the Ethernet Segment routes, it starts
building an ordered list based on the originating PE IP addresses.
This list is used to select a DF and a backup DF (BDF) on a per
Ethernet Segment basis. By default, the PE with the numerically
highest IP address is considered the DF for that Ethernet Segment and
the next PE in the list is considered the BDF.
10.2.1. Multi-Homing If the Ethernet Segment is a multi-homed device, then the elected DF
is the only PE that must forward flooded multi-destination packets
towards the segment. All other PE nodes must not permit multi-
destination packets to egress to the segment. In the case where the
DF fails, the BDF takes over its functionality.
The per Ethernet Segment Ethernet A-D route MUST be advertised when This procedure enables the election of a single DF per Ethernet
the Ethernet Segment is multi-homed. This allows Multi-Homed Ethernet Segment, for all EVIs enabled on the segment. It is possible to
Segment Auto-Discovery. It allows the set of MESes connected to the achieve more granular load-balancing of traffic among the PE nodes by
same customer site i.e., CE, to discover each other automatically employing Service Carving, as discussed in the next section.
with minimal to no configuration. It also allows other MESes that
have at least one E-VPN in common with the multi-homed Ethernet
Segment to discover the properties of the multi-homed Ethernet
Segment.
For active-active multi-homing this route is required for split 9.5.2 DF Election with Service Carving
horizon procedures as described in section "Split Horizon" and MUST With service carving, it is possible to elect multiple DFs per
carry the ESI MPLS Label Extended Community with a valid ESI MPLS Ethernet Segment (one per EVI) in order to perform load-balancing of
label. For active-standby multi-homing this route is required to multi-destination traffic destined to a given Segment. The load-
indicate that active-standby multi-homing and not active-active balancing procedures carve up the EVI space among the PE nodes
multi-homing is desired. evenly, in such a way that every PE is the DF for a disjoint set of
EVIs. The procedure for service carving is as follows:
This route will be enhanced to carry LAG specific information such as 1. When a PE discovers the ESI of the attached Ethernet Segment, it
LACP parameters, which will be encoded as new BGP attributes or advertises an Ethernet Segment route with the associated ES-Import
communities, in the future. Note that this information will be extended community attribute.
propagated to all MESes that have one or more sites in the VLANs
connected to the Ethernet Segment. All the MESes other than the ones
that are connected to the MESes will discard this information.
10.2.2. Optimizing Control Plane Convergence 2. The PE then starts a timer to allow the reception of Ethernet
Segment routes from other PE nodes connected to the same Ethernet
Segment.
Ethernet A-D route per Ethernet Segment should be advertised when it 3. When the timer expires, each PE builds an ordered list of the IP
is desired to optimize the control plane convergence of the addresses of all the PE nodes connected to the Ethernet Segment
withdrawal of the Ethernet A-D routes. If this is done then when an (including itself), in increasing numeric value. Every PE is then
Ethernet segment fails, the single Ethernet A-D route corresponding given an ordinal indicating its position in the ordered list,
to the segment can be withdrawn first. This allows all MESes that starting with 0 as the ordinal for the PE with the numerically lowest
receive this withdrawal to invalidate the MAC routes learned from the IP address. The ordinals are used to determine which PE node will be
Ethernet segment. the DF for a given EVI on the Ethernet Segment using the following
rule: Assuming a redundancy group of N PE nodes, the PE with ordinal
i is the DF for EVI V when (V mod N) = i.
Note that the Ethernet A-D route per Ethernet Segment, when used to The above procedure results in the entire EVI range being divided up
optimize control plane convergence, MAY be advertised in addition to among the PEs in the RG, regardless of whether a given EVI is
the Ethernet Tag A-D routes per E-VPN or MAY be advertised on its configured/enabled on the associated Ethernet Segment or not.
own.
10.2.3. Reducing Number of Ethernet A-D Routes 4. The PE that is elected as a DF for a given EVI will unblock
traffic for that EVI only if the EVI is configured/enabled on the
Segment. Note that the DF PE unblocks multi-destination traffic in
the egress direction towards the Segment. All non-DF PEs continue to
drop multi-destination traffic (for the associated EVIs) in the
egress direction towards the Segment.
In certain scenarios advertising Ethernet A-D routes per Ethernet In the case of link or port failure, the affected PE withdraws its
segment, instead of per E-VPN, may reduce the number of Ethernet A-D Ethernet Segment route. This will re-trigger the service carving
routes in the network. In these scenarios Ethernet A-D routes may be procedures on all the PEs in the RG. For PE node failure, or upon PE
advertised per Ethernet segment instead of per E-VPN. commissioning or decommissioning, the PEs re-trigger the service
carving. When a service moves from one PE in the RG to another PE as
a result of re-carving, the PE, which ends up being the elected DF
for the service, must trigger a MAC address flush notification
towards the associated Ethernet Segment. This can be done, for e.g.
using IEEE 802.1ak MVRP 'new' declaration.
11. Determining Reachability to Unicast MAC Addresses 10. Determining Reachability to Unicast MAC Addresses
MESes forward packets that they receive based on the destination MAC PEs forward packets that they receive based on the destination MAC
address. This implies that MESes must be able to learn how to reach a address. This implies that PEs must be able to learn how to reach a
given destination unicast MAC address. given destination unicast MAC address.
There are two components to MAC address learning, "local learning" There are two components to MAC address learning, "local learning"
and "remote learning": and "remote learning":
11.1. Local Learning 10.1. Local Learning
A particular MES must be able to learn the MAC addresses from the CEs A particular PE must be able to learn the MAC addresses from the CEs
that are connected to it. This is referred to as local learning. that are connected to it. This is referred to as local learning.
The MESes in a particular E-VPN MUST support local data plane The PEs in a particular E-VPN MUST support local data plane learning
learning using standard IEEE Ethernet learning procedures. An MES using standard IEEE Ethernet learning procedures. An PE must be
must be capable of learning MAC addresses in the data plane when it capable of learning MAC addresses in the data plane when it receives
receives packets such as the following from the CE network: packets such as the following from the CE network:
- DHCP requests - DHCP requests
- gratuitous ARP request for its own MAC. - ARP request for its own MAC.
- ARP request for a peer. - ARP request for a peer.
Alternatively MESes MAY learn the MAC addresses of the CEs in the Alternatively PEs MAY learn the MAC addresses of the CEs in the
control plane or via management plane integration between the MESes control plane or via management plane integration between the PEs and
and the CEs. the CEs.
There are applications where a MAC address that is reachable via a There are applications where a MAC address that is reachable via a
given MES on a locally attached Segment (e.g. with ESI X) may move given PE on a locally attached Segment (e.g. with ESI X) may move
such that it becomes reachable via the same MES or another MES on such that it becomes reachable via the same PE or another PE on
another Segment (e.g. with ESI Y). This is referred to as a "MAC another Segment (e.g. with ESI Y). This is referred to as a "MAC
Move". Procedures to support this are described in section "MAC Mobility". Procedures to support this are described in section "MAC
Moves". Mobility".
11.2. Remote learning 10.2. Remote learning
A particular MES must be able to determine how to send traffic to MAC A particular PE must be able to determine how to send traffic to MAC
addresses that belong to or are behind CEs connected to other MESes addresses that belong to or are behind CEs connected to other PEs
i.e. to remote CEs or hosts behind remote CEs. We call such MAC i.e. to remote CEs or hosts behind remote CEs. We call such MAC
addresses as "remote" MAC addresses. addresses as "remote" MAC addresses.
This document requires an MES to learn remote MAC addresses in the This document requires an PE to learn remote MAC addresses in the
control plane. In order to achieve this each MES advertises the MAC control plane. In order to achieve this, each PE advertises the MAC
addresses it learns from its locally attached CEs in the control addresses it learns from its locally attached CEs in the control
plane, to all the other MESes in the E-VPN, using MP-BGP and the MAC plane, to all the other PEs in the EVI, using MP-BGP and specifically
address advertisement route. the MAC Advertisement route.
11.2.1. Constructing the BGP E-VPN MAC Address Advertisement 10.2.1. Constructing the BGP E-VPN MAC Address Advertisement
BGP is extended to advertise these MAC addresses using the MAC BGP is extended to advertise these MAC addresses using the MAC
advertisement route type in the E-VPN-NLRI. Advertisement route type in the E-VPN NLRI.
The RD MUST be the RD of the E-VPN instance that is advertising the The RD MUST be the RD of the EVI that is advertising the NLRI. The
NLRI. The procedures for setting the RD for a given E-VPN are procedures for setting the RD for a given EVI are described in
described in section "Ethernet A-D Route per E-VPN". section 9.4.1.
The Ethernet Segment Identifier is set to the ten octet ESI The Ethernet Segment Identifier is set to the ten octet ESI described
identifier described in section "Ethernet Segment Identifier". in section "Ethernet Segment".
The Ethernet Tag ID may be zero or may represent a valid Ethernet Tag The Ethernet Tag ID may be zero or may represent a valid Ethernet Tag
ID. This field may be non-zero when there are multiple bridge ID. This field may be non-zero when there are multiple bridge
domains in the E-VPN instance (e.g., the MES needs to perform domains in the EVI (e.g., the PE needs to perform qualified learning
qualified learning for the VLANs in that EVPN instance). for the VLANs in that EVI).
When the the Ethernet Tag ID in the NLRI is set to a non-zero value, When the the Ethernet Tag ID in the NLRI is set to a non-zero value,
for a particular bridge domain, then this Ethernet Tag may either be for a particular bridge domain, then this Ethernet Tag may either be
the Ethernet tag value associated with the CE, e.g., VLAN ID, or it the Ethernet tag value associated with the CE, e.g., VLAN ID, or it
may be the Ethernet Tag Identifier, e.g., VLAN ID assigned by the E- may be the Ethernet Tag Identifier, e.g., VLAN ID assigned by the E-
VPN provider and mapped to the CE's Ethernet tag. The latter would be VPN provider and mapped to the CE's Ethernet tag. The latter would be
the case if the CE Ethernet tags, e.g., VLAN ID, for a particular the case if the CE Ethernet tags, e.g., VLAN ID, for a particular
bridge domain are different on different CEs. bridge domain are different on different CEs.
The MAC address length field is typically set to 48. However this The MAC address length field is typically set to 48. However this
specification enables specifying the MAC address as a prefix in which specification enables specifying the MAC address as a prefix; in
case the MAC address length field is set to the length of the prefix. which case, the MAC address length field is set to the length of the
This provides the ability to aggregate MAC addresses if the prefix. This provides the ability to aggregate MAC addresses if the
deployment environment supports that. The encoding of a MAC address deployment environment supports that. The encoding of a MAC address
MUST be the 6-octet MAC address specified by IEEE 802 documents MUST be the 6-octet MAC address specified by [802.1D-ORIG] [802.1D-
[802.1D-ORIG] [802.1D-REV]. If the MAC address is advertised as a REV]. If the MAC address is advertised as a prefix then the trailing
prefix then the trailing bits of the prefix MUST be set to 0 to bits of the prefix MUST be set to 0 to ensure that the entire prefix
ensure that the entire prefix is encoded as 6 octets. is encoded as 6 octets.
The MPLS Label Length field value is set to the number of octets in The IP Address Length field value is set to the number of octets in
the MPLS Label field. The MPLS label field carries one or more labels the IP Address field.
(that corresponds to the stack of labels [MPLS-ENCAPS]). Each label
is encoded as 3 octets, where the high-order 20 bits contain the
label value, and the low order bit contains "Bottom of Stack" (as
defined in [MPLS-ENCAPS]).
The MPLS label stack MUST be the downstream assigned E-VPN MPLS label The IP Address field is optional. By default, the IP Address Length
stack that is used by the MES to forward MPLS encapsulated Ethernet field is set to 0 and the IP address field is omitted from the route.
packets received from remote MESes, where the destination MAC address When a valid IP address is included, it is encoded as specified in
in the Ethernet packet is the MAC address advertised in the above section 12.
NLRI. The forwarding procedures are specified in section "Forwarding
Unicast Packets" and "Load Balancing of Unicast Packets".
An MES may advertise the same single E-VPN label for all MAC The MPLS label field carries one or more labels (that corresponds to
addresses in a given E-VPN instance. This label assignment the stack of labels [MPLS-ENCAPS]). Each label is encoded as 3
methodology is referred to as a per EVI label assigment. octets, where the high-order 20 bits contain the label value, and the
Alternatively an MES may advertise a unique E-VPN label per <ESI, low order bit contains "Bottom of Stack" (as defined in [MPLS-
Ethernet Tag> combination. This label assignment methodology is ENCAPS]). The MPLS label stack MUST be the downstream assigned E-VPN
referred to as a per <ESI, Ethernet Tag> label assignment. Or an MES MPLS label stack that is used by the PE to forward MPLS-encapsulated
may advertise a unique E-VPN label per MAC address. All of these Ethernet frames received from remote PEs, where the destination MAC
methodologies have their tradeoffs. address in the Ethernet frame is the MAC address advertised in the
above NLRI. The forwarding procedures are specified in section
"Forwarding Unicast Packets" and "Load Balancing of Unicast Packets".
An PE may advertise the same single E-VPN label for all MAC addresses
in a given EVI. This label assignment methodology is referred to as a
per EVI label assignment. Alternatively, an PE may advertise a unique
E-VPN label per <ESI, Ethernet Tag> combination. This label
assignment methodology is referred to as a per <ESI, Ethernet Tag>
label assignment. As a third option, an PE may advertise a unique E-
VPN label per MAC address. All of these methodologies have their
tradeoffs.
Per EVI label assignment requires the least number of E-VPN labels, Per EVI label assignment requires the least number of E-VPN labels,
but requires a MAC lookup in addition to an MPLS lookup on an egress but requires a MAC lookup in addition to an MPLS lookup on an egress
MES for forwarding. On the other hand a unique label per <ESI, PE for forwarding. On the other hand, a unique label per <ESI,
Ethernet Tag> or a unique label per MAC allows an egress MES to Ethernet Tag> or a unique label per MAC allows an egress PE to
forward a packet that it receives from another MES, to the connected forward a packet that it receives from another PE, to the connected
CE, after looking up only the MPLS labels and not having to do a MAC CE, after looking up only the MPLS labels without having to perform a
lookup. MAC lookup. This includes the capability to perform appropriate VLAN
ID translation on egress to the CE.
As well as to insert the appropriate VLAN ID on egress to the CE A
MES may also advertise more than one label for a given MAC address.
For instance an MES may advertise two labels, one of which is for the
ESI corresponding to the MAC address and the second is for the
Ethernet Tag on the ESI that the MAC address is learnt on.
The IP Address field is optional. By default the IP Address length is
set to 0 and the IP address is excluded. When a valid IP address is
included it is encoded as specified in the section "Optimizing ARP".
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST The Next Hop field of the MP_REACH_NLRI attribute of the route MUST
be set to the IPv4 or IPv6 address of the advertising MES. be set to the IPv4 or IPv6 address of the advertising PE.
The BGP advertisement that advertises the MAC advertisement route
MUST also carry one or more Route Target (RT) attributes. RTs may be
configured (as in IP VPNs), or may be derived automatically from the
Ethernet Tag ID, in the Unique Single VLAN case as described in The BGP advertisement for the MAC advertisement route MUST also carry
section "Ethernet A-D Route per E-VPN". one or more Route Target (RT) attributes. RTs may be configured (as
in IP VPNs), or may be derived automatically from the Ethernet Tag
ID, in the Unique VLAN case, as described in section "Ethernet A-D
Route per E-VPN".
It is to be noted that this document does not require MESes to create It is to be noted that this document does not require PEs to create
forwarding state for remote MACs when they are learnt in the control forwarding state for remote MACs when they are learnt in the control
plane. When this forwarding state is actually created is a local plane. When this forwarding state is actually created is a local
implementation matter. implementation matter.
12. Optimizing ARP 11. ARP and ND
The IP address field in the MAC advertisement route may optionally The IP address field in the MAC advertisement route may optionally
carry one of the IP addresses associated with the MAC address. This carry one of the IP addresses associated with the MAC address. This
provides an option which can be used to minimize the flooding of ARP provides an option which can be used to minimize the flooding of ARP
messages to MAC VPN CEs and to MESes. This option also minimizes ARP or Neighbor Discovery (ND) messages over the MPLS network and to
message processing on MAC VPN CEs. A MES may learn the IP address remote CEs. This option also minimizes ARP (or ND) message processing
associated with a MAC address in the control or management plane on end-stations/hosts connected to the E-VPN network. An PE may learn
between the CE and the MES. Or it may learn this binding by snooping the IP address associated with a MAC address in the control or
certain messages to or from a CE. When a MES learns the IP address management plane between the CE and the PE. Or, it may learn this
associated with a MAC address, of a locally connected CE, it may binding by snooping certain messages to or from a CE. When an PE
advertise it to other MESes by including it in the MAC route learns the IP address associated with a MAC address, of a locally
advertisement. The IP Address may be an IPv4, encoded using four connected CE, it may advertise this address to other PEs by including
octets or an IPv6 address encoded using sixteen octets. The IP it in the MAC Advertisement route. The IP Address may be an IPv4
Address length field MUST be set to 32 for an IPv4 address and 128 address encoded using four octets, or an IPv6 address encoded using
for an IPv6 address. sixteen octets. The IP Address length field MUST be set to 32 for an
IPv4 address or to 128 for an IPv6 address.
If there are multiple IP addresses associated with a MAC address then If there are multiple IP addresses associated with a MAC address,
multiple MAC advertisement routes MUST be generated, one for each IP then multiple MAC advertisement routes MUST be generated, one for
address. For instance this may be the case when there is both an IPv4 each IP address. For instance, this may be the case when there are
and an IPv6 address associated with the MAC address. When the IP both an IPv4 and an IPv6 address associated with the MAC address.
address is dis-associated with the MAC address then the MAC When the IP address is dissociated with the MAC address, then the MAC
advertisement route with that particular IP address MUST be advertisement route with that particular IP address MUST be
withdrawn. withdrawn.
When an MES receives an ARP request for an IP address from a CE, and When an PE receives an ARP request for an IP address from a CE, and
if the MES has the MAC address binding for that IP address, the MES if the PE has the MAC address binding for that IP address, the PE
should perform ARP proxy and respond to the ARP request. SHOULD perform ARP proxy and respond to the ARP request.
Further detailed procedures will be specified in a later version. Further detailed procedures will be specified in a later version.
13. Designated Forwarder Election 12. Handling of Multi-Destination Traffic
Consider a CE that is a host or a router that is multi-homed directly
to more than one MES in an E-VPN on a given Ethernet segment. One or
more Ethernet Tags may be configured on the Ethernet segment. In this
scenario only one of the MESes, referred to as the Designated
Forwarder (DF), is responsible for certain actions:
- Sending multicast and broadcast traffic, on a given Ethernet
Tag on a particular Ethernet segment, to the CE. Note that
this behavior, which allows selecting a DF at the
granularity of <ESI, Ethernet Tag> for multicast and
broadcast traffic is the default behavior in this
specification. Optional mechanisms, which will be
specified in the future, will allow selecting a DF
at the granularity of <ESI, Ethernet Tag, S, G>.
- Flooding unknown unicast traffic (i.e. traffic for
which an MES does not know the destination MAC address),
on a given Ethernet Tag on a particular Ethernet segment
to the CE, if the environment requires flooding of
unknown unicast traffic.
Note that a CE always sends packets belonging to a specific flow
using a single link towards an MES. For instance, if the CE is a host
then, as mentioned earlier, the host treats the multiple links that
it uses to reach the MESes as a Link Aggregation Group (LAG). The CE
employs a local hashing function to map traffic flows onto links in
the LAG.
If a bridge network is multi-homed to more than one MES in an E-VPN
via switches, then the support of active-active points of attachments
as described in this specification requires the bridge network to be
connected to two or more MESes using a LAG. In this case the reasons
for doing DF election are the same as those described above when a CE
is a host or a router.
If a bridge network does not connect to the MESes using LAG, then
only one of the links between the switched bridged network and the
MESes must be the active link. In this case the per Ethernet Segment
Ethernet Tag routes MUST be advertised with the "Active-Standby" flag
set to one. Procedures for supporting active-active points of
attachments, when a bridge network does not connect to the MESes
using LAG, are for further study.
The granularity of the DF election MUST be at least the Ethernet
segment via which the CE is multi-homed to the MESes. If the DF
election is done at the Ethernet segment granularity then a single
MES MUST be elected as the DF on the Ethernet segment.
If there are one or more Ethernet Tags (e.g., VLANs) on the Ethernet
segment then the granularity of the DF election SHOULD be the
combination of the Ethernet segment and Ethernet Tag on that Ethernet
segment. In this case a single MES MUST be elected as the DF for a
particular Ethernet Tag on that Ethernet segment.
There are two specified mechanisms for performing DF election.
13.1. DF Election Performed by All MESes
The MESes perform a designated forwarder (DF) election, for an
Ethernet segment, or <ESI, Ethernet Tag> combination using the
Ethernet Tag A-D BGP route described in section "Auto-Discovery of
Ethernet Tags on Ethernet Segments".
The DF election for a particular ESI or a particular <ESI, Ethernet
Tag> combination proceeds as follows. First an MES constructs a
candidate list of MESes. This comprises all the Ethernet A-D routes
with that particular ESI or <ESI, Ethernet Tag> tuple that an MES
imports in an E-VPN instance, including the Ethernet A-D route(s)
generated by the MES itself, if any. The DF MES is chosen from this
candidate list. Note that DF election is carried out by all the MESes
that import the DF route.
The default procedure for choosing the DF is the MES with the highest
IP address, of all the MESes in the candidate list. This procedure
MUST be implemented. It ensures that, except during routing
transients each MES chooses the same DF MES for a given ESI and
Ethernet Tag combination.
Other alternative procedures for performing DF election are possible
and will be described in the future.
13.2. DF Election Performed Only on Multi-Homed MESes
As an MES discovers other MESs that are members of the same multi-
homed segment, using per Ethernet Segment Ethernet A-D Routes, it
starts building an ordered list based on the originating MES IP
addresses. This list is used to select a DF and a backup DF (BDF) on
a per group of Ethernet Tag basis. For example, the MES with the
numerically highest IP address is considered the DF for a given group
of VLANs for that Ethernet segment and the next MES in the list is
considered the BDF. To that end, the range of Ethernet Tags
associated with the CE must be partitioned into disjoint sets. The
size of each set is a function of the total number of CE Ethernet
Tags and the total number of MESs that the Ethernet segment is multi-
homed to. The DF can employ any distribution function that achieves
an even distribution of Ethernet Tags across the MESes that are
multi-homed to the Ethernet segment. The DF takes over the Ethernet
Tag set of any MES encountering either a node failure or a
link/Ethernet segment failure causing that MES to be isolated from
the multi-homed segment. In case of a failure that is affecting the
DF, then the BDF takes over the DF VLAN set.
It should be noted that once all the MESs participating in an
Ethernet segment have the same ordered list for that site, then
Ethernet Tag groups can be assigned to each member of that list
deterministically without any need to explicitly distribute Ethernet
Tags among the member MESs of that list. In other words, the DF
election for a group of Ethernet Tags is a local matter and can be
done deterministically. As an example, consider, that the ordered
list consists of m MESes: (MES1, MES2,., MESm), and there are n
Ethernet Tags for that site (V0, V1, V2, ., Vn-1). Then MES1 and MES2
can be the DF and the BDF respectively for all the Ethernet Tags
corresponding to (i mod m) for i:0 to n-1. MES2 and MES3 can be the
DF and the BDF respectively for all the Ethernet Tags corresponding
to (i mod m) + 1 and so on till the last MES in the order list is
reached. As a result MESm and MES1 is the DF and the BDF respectively
for the all the VLANs corresponding to (i mod m) + m-1.
14. Handling of Multi-Destination Traffic
Procedures are required for a given MES to send broadcast or
multicast traffic, received from a CE encapsulated in a given
Ethernet Tag in an E-VPN, to all the other MESes that span that
Ethernet Tag in the E-VPN. In certain scenarios, described in section
"Processing of Unknown Unicast Packets", a given MES may also need to
flood unknown unicast traffic to other MESes.
The MESes in a particular E-VPN may use ingress replication or P2MP Procedures are required for a given PE to send broadcast or multicast
LSPs or MP2MP LSPs to send unknown unicast, broadcast or multicast traffic, received from a CE encapsulated in a given Ethernet Tag in
traffic to other MESes. an EVI, to all the other PEs that span that Ethernet Tag in the EVI.
In certain scenarios, described in section "Processing of Unknown
Unicast Packets", a given PE may also need to flood unknown unicast
traffic to other PEs.
Each MES MUST advertise an "Inclusive Multicast Ethernet Tag Route" The PEs in a particular E-VPN may use ingress replication, P2MP LSPs
to enable the above. Next section provides procedures to construct or MP2MP LSPs to send unknown unicast, broadcast or multicast traffic
the Inclusive Multicast Ethernet Tag route. Subsequent sections to other PEs.
describe in further detail its usage.
14.1. Construction of the Inclusive Multicast Ethernet Tag Route Each PE MUST advertise an "Inclusive Multicast Ethernet Tag Route" to
enable the above. The following subsection provides the procedures to
construct the Inclusive Multicast Ethernet Tag route. Subsequent
subsections describe in further detail its usage.
The RD MUST be the RD of the E-VPN instance that is advertising the 12.1. Construction of the Inclusive Multicast Ethernet Tag Route
NLRI. The procedures for setting the RD for a given E-VPN are
described in section "Ethernet A-D Route per E-VPN".
The Ethernet Segment Identifier MAY be set to the ten octet ESI The RD MUST be the RD of the EVI that is advertising the NLRI. The
identifier described in section "Ethernet Segment Identifier". Or it procedures for setting the RD for a given E-VPN are described in
MAY be set to 0. It MUST be set to 0 if the Ethernet Tag is set to section 9.4.1.
0.
The Ethernet Tag ID is the identifier of the Ethernet Tag. It MAY be The Ethernet Tag ID is the identifier of the Ethernet Tag. It MAY be
set to 0 in which case an egress MES MUST perform a MAC lookup to set to 0 or to a valid Ethernet Tag value.
forward the packet.
The Originating Router's IP address MUST be set to an IP address of The Originating Router's IP address MUST be set to an IP address of
the PE. This address SHOULD be common for all the EVIs on the PE the PE. This address SHOULD be common for all the EVIs on the PE
(e.,g., this address may be PE's loopback address). (e.,g., this address may be PE's loopback address).
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST The Next Hop field of the MP_REACH_NLRI attribute of the route MUST
be set to the same IP address as the one carried in the Originating be set to the same IP address as the one carried in the Originating
Router's IP Address field. Router's IP Address field.
The BGP advertisement that advertises the Inclusive Multicast The BGP advertisement for the Inclusive Multicast Ethernet Tag route
Ethernet Tag route MUST also carry one or more Route Target (RT) MUST also carry one or more Route Target (RT) attributes. The
attributes. The assignment of RTs described in the section on assignment of RTs described in the section on "Constructing the BGP
"Constructing the BGP E-VPN MAC Address Advertisement" MUST be E-VPN MAC Address Advertisement" MUST be followed.
followed.
14.2. P-Tunnel Identification 12.2. P-Tunnel Identification
In order to identify the P-Tunnel used for sending broadcast, unknown In order to identify the P-Tunnel used for sending broadcast, unknown
unicast or multicast traffic, the Inclusive Multicast Ethernet Tag unicast or multicast traffic, the Inclusive Multicast Ethernet Tag
route MUST carry a "PMSI Tunnel Attribute" specified in [BGP MVPN]. route MUST carry a "PMSI Tunnel Attribute" as specified in [BGP
MVPN].
Depending on the technology used for the P-tunnel for the E-VPN on Depending on the technology used for the P-tunnel for the E-VPN on
the PE, the PMSI Tunnel attribute of the Inclusive Multicast Ethernet the PE, the PMSI Tunnel attribute of the Inclusive Multicast Ethernet
Tag route is constructed as follows. Tag route is constructed as follows.
+ If the PE that originates the advertisement uses a P-Multicast + If the PE that originates the advertisement uses a
tree for the P-tunnel for the E-VPN, the PMSI Tunnel attribute P-Multicast tree for the P-tunnel for E-VPN, the PMSI
MUST contain the identity of the tree (note that the PE could Tunnel attribute MUST contain the identity of the tree
create the identity of the tree prior to the actual (note that the PE could create the identity of the
instantiation of the tree). tree prior to the actual instantiation of the tree).
+ A PE that uses a P-Multicast tree for the P-tunnel MAY + An PE that uses a P-Multicast tree for the P-tunnel MAY
aggregate two or more Ethernet Tags in the same or different aggregate two or more Ethernet Tags in the same or different
E-VPNs present on the PE onto the same tree. In this case in EVIs present on the PE onto the same tree. In this case, in
addition to carrying the identity of the tree, the PMSI Tunnel addition to carrying the identity of the tree, the PMSI Tunnel
attribute MUST carry an MPLS upstream assigned label which attribute MUST carry an MPLS upstream assigned label which
the PE has bound uniquely to the <ESI, Ethernet Tag> for the PE has bound uniquely to the Ethernet Tag for the EVI
E-VPN associated with this update (as determined by its RTs). associated with this update (as determined by its RTs).
If the PE has already advertised Inclusive Multicast Ethernet If the PE has already advertised Inclusive Multicast
Tag routes for two or more Ethernet Tags that it now desires Ethernet Tag routes for two or more Ethernet Tags that it
to aggregate, then the PE MUST re-advertise those routes. now desires to aggregate, then the PE MUST re-advertise
The re-advertised routes MUST be the same as the original those routes. The re-advertised routes MUST be the same
ones, except for the PMSI Tunnel attribute and the label as the original ones, except for the PMSI Tunnel attribute
carried in that attribute. and the label carried in that attribute.
+ If the PE that originates the advertisement uses ingress + If the PE that originates the advertisement uses ingress
replication for the P-tunnel for the E-VPN, the route MUST replication for the P-tunnel for E-VPN, the route MUST
include the PMSI Tunnel attribute with the Tunnel Type set to include the PMSI Tunnel attribute with the Tunnel Type set to
Ingress Replication and Tunnel Identifier set to a routable Ingress Replication and Tunnel Identifier set to a routable
address of the PE. The PMSI Tunnel attribute MUST carry a address of the PE. The PMSI Tunnel attribute MUST carry a
downstream assigned MPLS label. This label is used to downstream assigned MPLS label. This label is used to
demultiplex the broadcast, multicast or unknown unicast E-VPN demultiplex the broadcast, multicast or unknown unicast E-VPN
traffic received over a unicast tunnel by the PE. traffic received over a MP2P tunnel by the PE.
+ The Leaf Information Required flag of the PMSI Tunnel + The Leaf Information Required flag of the PMSI Tunnel
attribute MUST be set to zero, and MUST be ignored on receipt. attribute MUST be set to zero, and MUST be ignored on receipt.
14.3. Ethernet Segment Identifier and Ethernet Tag 13. Processing of Unknown Unicast Packets
As described above the encoding rules allow setting the Ethernet
Segment Identifier and Ethernet Tag to either non-zero valid values
or to 0. If the Ethernet Tag is set to a non-zero valid value, then
an egress MES can forward the packet to the set of egress ESIs in the
Ethernet Tag, in the E-VPN, by performing an MPLS lookup only.
Further if the ESI is also set to non zero then the egress MES does
not need to replicate the packet as it is destined for a given
Ethernet segment. If both Ethernet Tag and ESI are set to 0 then an
egress MES MUST perform a MAC lookup in the EVI determined by the
MPLS label, after the MPLS lookup, to forward the packet.
If an MES advertises multiple Inclusive Ethernet Tag routes for a
given E-VPN then the PMSI Tunnel Attributes for these routes MUST be
distinct.
15. Processing of Unknown Unicast Packets
The procedures in this document do not require MESes to flood unknown The procedures in this document do not require the PEs to flood
unicast traffic to other MESes. If MESes learn CE MAC addresses via a unknown unicast traffic to other PEs. If PEs learn CE MAC addresses
control plane, the MESes can then distribute MAC addresses via BGP, via a control plane protocol, the PEs can then distribute MAC
and all unicast MAC addresses will be learnt prior to traffic to addresses via BGP, and all unicast MAC addresses will be learnt prior
those destinations. to traffic to those destinations.
However, if a destination MAC address of a received packet is not However, if a destination MAC address of a received packet is not
known by the MES, the MES may have to flood the packet. Flooding must known by the PE, the PE may have to flood the packet. Flooding must
take into account "split horizon forwarding" as follows. The take into account "split horizon forwarding" as follows: The
principles behind the following procedures are borrowed from the principles behind the following procedures are borrowed from the
split horizon forwarding rules in VPLS solutions [RFC 4761, RFC split horizon forwarding rules in VPLS solutions [RFC 4761, RFC
4762]. When an MES capable of flooding (say MESx) receives a 4762]. When an PE capable of flooding (say PEx) receives a broadcast
broadcast Ethernet frame, or one with an unknown destination MAC or multicast Ethernet frame, or one with an unknown destination MAC
address, it must flood the frame. If the frame arrived from an address, it must flood the frame. If the frame arrived from an
attached CE, MESx must send a copy of the frame to every other attached CE, PEx must send a copy of the frame to every other
attached CE, on a different ESI than the one it received the frame attached CE participating in the EVI, on a different ESI than the one
on, as well as to all other MESs participating in the E-VPN. If, on it received the frame on, as long as the PE is the DF for the egress
the other hand, the frame arrived from another MES (say MESy), MESx ESI. In addition, the PE must flood the frame to all other PEs
must send a copy of the packet only to attached CEs. MESx MUST NOT participating in the EVI. If, on the other hand, the frame arrived
send the frame to other MESs, since MESy would have already done so. from another PE (say PEy), PEx must send a copy of the packet only to
attached CEs as long as it is the DF for the egress ESI. PEx MUST NOT
send the frame to other PEs, since PEy would have already done so.
Split horizon forwarding rules apply to broadcast and multicast Split horizon forwarding rules apply to broadcast and multicast
packets, as well as packets to an unknown MAC address. packets, as well as packets to an unknown MAC address.
Whether or not to flood packets to unknown destination MAC addresses Whether or not to flood packets to unknown destination MAC addresses
should be an administrative choice, depending on how learning happens should be an administrative choice, depending on how learning happens
between CEs and MESes. between CEs and PEs.
The MESes in a particular E-VPN may use ingress replication using The PEs in a particular E-VPN may use ingress replication using RSVP-
RSVP-TE P2P LSPs or LDP MP2P LSPs for sending broadcast, multicast TE P2P LSPs or LDP MP2P LSPs for sending broadcast, multicast and
and unknown unicast traffic to other MESes. Or they may use RSVP-TE unknown unicast traffic to other PEs. Or they may use RSVP-TE P2MP or
P2MP or LDP P2MP or LDP MP2MP LSPs for sending such traffic to other LDP P2MP or LDP MP2MP LSPs for sending such traffic to other PEs.
MESes.
15.1. Ingress Replication 13.1. Ingress Replication
If ingress replication is in use, the P-Tunnel attribute, carried in If ingress replication is in use, the P-Tunnel attribute, carried in
the Inclusive Multicast Ethernet Tag routes for the E-VPN, specifies the Inclusive Multicast Ethernet Tag routes for the EVI, specifies
the downstream label that the other MESes can use to send unknown the downstream label that the other PEs can use to send unknown
unicast, multicast or broadcast traffic for the E-VPN to this unicast, multicast or broadcast traffic for the EVI to this
particular MES. particular PE.
The MES that receives a packet with this particular MPLS label MUST The PE that receives a packet with this particular MPLS label MUST
treat the packet as a broadcast, multicast or unknown unicast packet. treat the packet as a broadcast, multicast or unknown unicast packet.
Further if the MAC address is a unicast MAC address, the MES MUST Further if the MAC address is a unicast MAC address, the PE MUST
treat the packet as an unknown unicast packet. treat the packet as an unknown unicast packet.
15.2. P2MP MPLS LSPs 13.2. P2MP MPLS LSPs
The procedures for using P2MP LSPs are very similar to VPLS The procedures for using P2MP LSPs are very similar to VPLS
procedures [VPLS-MCAST]. The P-Tunnel attribute used by an MES for procedures [VPLS-MCAST]. The P-Tunnel attribute used by an PE for
sending unknown unicast, broadcast or multicast traffic for a sending unknown unicast, broadcast or multicast traffic for a
particular Ethernet segment, is advertised in the Inclusive Ethernet particular EVI is advertised in the Inclusive Ethernet Tag Multicast
Tag Multicast route as described in section "Handling of Multi- route as described in section "Handling of Multi-Destination
Destination Traffic". Traffic".
The P-Tunnel attribute specifies the P2MP LSP identifier. This is the The P-Tunnel attribute specifies the P2MP LSP identifier. This is the
equivalent of an Inclusive tree in [VPLS-MCAST]. Note that multiple equivalent of an Inclusive tree in [VPLS-MCAST]. Note that multiple
Ethernet Tags, which may be in different E-VPNs, may use the same Ethernet Tags, which may be in different EVIs, may use the same P2MP
P2MP LSP, using upstream labels [VPLS-MCAST]. When P2MP LSPs are used LSP, using upstream labels [VPLS-MCAST]. This is the equivalent of an
for flooding unknown unicast traffic, packet re-ordering is possible. Aggregate Inclusive tree in [VPLS-MCAST]. When P2MP LSPs are used for
flooding unknown unicast traffic, packet re-ordering is possible.
The MES that receives a packet on the P2MP LSP specified in the PMSI The PE that receives a packet on the P2MP LSP specified in the PMSI
Tunnel Attribute MUST treat the packet as a broadcast, multicast or Tunnel Attribute MUST treat the packet as a broadcast, multicast or
unknown unicast packet. Further if the MAC address is a unicast MAC unknown unicast packet. Further if the MAC address is a unicast MAC
address, the MES MUST treat the packet as an unknown unicast packet. address, the PE MUST treat the packet as an unknown unicast packet.
16. Forwarding Unicast Packets 14. Forwarding Unicast Packets
16.1. Forwarding packets received from a CE 14.1. Forwarding packets received from a CE
When an MES receives a packet from a CE, on a given Ethernet Tag, it When an PE receives a packet from a CE, on a given Ethernet Tag, it
must first look up the source MAC address of the packet. In certain must first look up the source MAC address of the packet. In certain
environments the source MAC address MAY be used to authenticate the environments the source MAC address MAY be used to authenticate the
CE and determine that traffic from the host can be allowed into the CE and determine that traffic from the host can be allowed into the
network. Source MAC lookup MAY also used for local MAC address network. Source MAC lookup MAY also be used for local MAC address
learning. learning.
If the MES decides to forward the packet the destination MAC address If the PE decides to forward the packet, the destination MAC address
of the packet must be looked up. If the MES has received MAC address of the packet must be looked up. If the PE has received MAC address
advertisements for this destination MAC address from one or more advertisements for this destination MAC address from one or more
other MESes or learned it from locally connected CEs, it is other PEs or learned it from locally connected CEs, it is considered
considered as a known MAC address. Else the MAC address is considered as a known MAC address. Otherwise, the MAC address is considered as
as an unknown MAC address. an unknown MAC address.
For known MAC addresses the MES forwards this packet to one of the For known MAC addresses the PE forwards this packet to one of the
remote MESes or to a locally attached CEs. When forwarding to remote remote PEs or to a locally attached CE. When forwarding to a remote
MESes, the packet is encapsulated in the E-VPN MPLS label advertised PE, the packet is encapsulated in the E-VPN MPLS label advertised by
by the remote MES, for that MAC address, and in the MPLS LSP label the remote PE, for that MAC address, and in the MPLS LSP label stack
stack to reach the remote MES. to reach the remote PE.
If the MAC address is unknown then, if the administrative policy on If the MAC address is unknown and if the administrative policy on the
the MES requires flooding of unknown unicast traffic: PE requires flooding of unknown unicast traffic then:
- The MES MUST flood the packet to other MESes. If the ESI - The PE MUST flood the packet to other PEs. The
over which the MES receives the packet is multi-homed, then PE MUST first encapsulate the packet in the ESI MPLS
the MES MUST first encapsulate the packet in the ESI MPLS label as described in section 9.3.
label as described in section "Split Horizon". If ingress replication is used, the packet MUST be replicated
If ingress replication is used the packet MUST be replicated one or more times to each remote PE with the outermost
one or more times to each remote MES with the bottom label label being an MPLS label determined as follows: This
of the stack being an MPLS label determined as follows. This is the MPLS label advertised by the remote PE in a PMSI
is the MPLS label advertised by the remote MES in a PMSI
Tunnel Attribute in the Inclusive Multicast Ethernet Tag Tunnel Attribute in the Inclusive Multicast Ethernet Tag
route for an <ESI, Ethernet Tag> combination. The Ethernet route for an <EVI, Ethernet Tag> combination. The Ethernet
Tag in the route must be the same as the Ethernet Tag Tag in the route must be the same as the Ethernet Tag
advertised by the ingress MES in its Ethernet Tag A-D route associated with the interface on which the ingress PE
associated with the interface on which the ingress MES
receives the packet. If P2MP LSPs are being used the packet receives the packet. If P2MP LSPs are being used the packet
MUST be sent on the P2MP LSP that the MES is the root of for MUST be sent on the P2MP LSP that the PE is the root of for
the Ethernet Tag in the E-VPN. If the same P2MP LSP is used the Ethernet Tag in the EVI. If the same P2MP LSP is used
for all Ethernet Tags then all the MESes in the E-VPN MUST for all Ethernet Tags, then all the PEs in the EVI MUST
be the leaves of the P2MP LSP. If a distinct P2MP LSP is be the leaves of the P2MP LSP. If a distinct P2MP LSP is
used for a given Ethernet Tag in the E-VPN then only the used for a given Ethernet Tag in the EVI, then only the
MESes in the Ethernet Tag MUST be the leaves of the P2MP PEs in the Ethernet Tag MUST be the leaves of the P2MP
LSP. The packet MUST be encapsulated in the P2MP LSP label LSP. The packet MUST be encapsulated in the P2MP LSP label
stack. stack.
If the MAC address is unknown then, if the admnistrative policy on If the MAC address is unknown then, if the administrative policy on
the MES does not allow flooding of unknown unicast traffic: the PE does not allow flooding of unknown unicast traffic:
- The MES MUST drop the packet. - The PE MUST drop the packet.
16.2. Forwarding packets received from a remote MES 14.2. Forwarding packets received from a remote PE
16.2.1. Unknown Unicast Forwarding 14.2.1. Unknown Unicast Forwarding
When an MES receives an MPLS packet from a remote MES then, after When an PE receives an MPLS packet from a remote PE then, after
processing the MPLS label stack, if the top MPLS label ends up being processing the MPLS label stack, if the top MPLS label ends up being
a P2MP LSP label associated with an E-VPN or the downstream label a P2MP LSP label associated with an EVI or the downstream label
advertised in the P-Tunnel attribute and after performing the split advertised in the P-Tunnel attribute, and after performing the split
horizon procedures described in section "Split Horizon": horizon procedures described in section "Split Horizon":
- If the MES is the designated forwarder of unknown unicast, - If the PE is the designated forwarder of unknown unicast, broadcast
broadcast or multicast traffic, on a particular set of ESIs for the or multicast traffic, on a particular set of ESIs for the Ethernet
Ethernet Tag, the default behavior is for the MES to flood the packet Tag, the default behavior is for the PE to flood the packet on these
on the ESIs. In other words the default behavior is for the MES to ESIs. In other words, the default behavior is for the PE to assume
assume that the destination MAC address is unknown unicast, broadcast that the destination MAC address is unknown unicast, broadcast or
or multicast and it is not required to do a destination MAC address multicast and it is not required to perform a destination MAC address
lookup, as long as the granularity of the MPLS label included the lookup. As an option, the PE may perform a destination MAC lookup to
Ethernet Tag. As an option the MES may do a destination MAC lookup to
flood the packet to only a subset of the CE interfaces in the flood the packet to only a subset of the CE interfaces in the
Ethernet Tag. For instance the MES may decide to not flood an unknown Ethernet Tag. For instance the PE may decide to not flood an unknown
unicast packet on certain Ethernet segments even if it is the DF on unicast packet on certain Ethernet segments even if it is the DF on
the Ethernet segment, based on administrative policy. the Ethernet segment, based on administrative policy.
- If the MES is not the designated forwarder on any of the ESIs for - If the PE is not the designated forwarder on any of the ESIs for
the Ethernet Tag, the default behavior is for it to drop the packet. the Ethernet Tag, the default behavior is for it to drop the packet.
16.2.2. Known Unicast Forwarding 14.2.2. Known Unicast Forwarding
If the top MPLS label ends up being an E-VPN label that was If the top MPLS label ends up being an E-VPN label that was
advertised in the unicast MAC advertisements, then the MES either advertised in the unicast MAC advertisements, then the PE either
forwards the packet based on CE next-hop forwarding information forwards the packet based on CE next-hop forwarding information
associated with the label or does a destination MAC address lookup to associated with the label or does a destination MAC address lookup to
forward the packet to a CE. forward the packet to a CE.
17. Split Horizon 15. Load Balancing of Unicast Frames
Consider a CE that is multi-homed to two or more MESes on an Ethernet
segment ES1. If the CE sends a multicast, broadcast or unknown
unicast packet to a particular MES, say MES1, then MES1 will forward
that packet to all or subset of the other MESes in the E-VPN. In this
case the MESes, other than MES1, that the CE is multi-homed to MUST
drop the packet and not forward back to the CE. This is referred to
as "split horizon" in this document.
In order to accomplish this each MES distributes to other MESes the
"per Ethernet Segment Ethernet A-D route" as per the procedures in
the section "Ethernet A-D Route per Ethernet Segment". This route is
imported by the MESes connected to the Ethernet Segment and also by
the MESes that have at least one E-VPN in common with the Ethernet
Segment in the route. As described in the section "Ethernet A-D Route
per Ethernet Segment", the route MUST carry an ESI MPLS Label
Extended Community with a valid ESI MPLS label.
17.1. ESI MPLS Label: Ingress Replication
An MES that is using ingress replication for sending broadcast,
multicast or unknown unicast traffic, distributes to other MESes,
that belong to the Ethernet segment, a downstream assigned "ESI MPLS
label" in the Ethernet A-D route. This label MUST be programmed in
the platform label space by the advertising MES. Further the
forwarding entry for this label must result in NOT forwarding packets
received with this label onto the Ethernet segment that the label was
distributed for.
Consider MES1 and MES2 that are multi-homed to CE1 on ES1. Further
consider that MES1 is using P2P or MP2P LSPs to send packets to MES2.
Consider that MES1 receives a multicast, broadcast or unknown unicast
packet from CE1 on VLAN1 on ESI1.
First consider the case where MES2 distributes an unique Inclusive
Multicast Ethernet Tag route for VLAN1, for each Ethernet segment on
MES2. In this case MES1 MUST NOT replicate the packet to MES2 for
<ESI1, VLAN1>.
Next consider the case where MES2 distributes a single Inclusive
Multicast Ethernet Tag route for VLAN1 for all Ethernet segments on
MES2. In this case when MES1 sends a multicast, broadcast or unknown
unicast packet, that it receives from CE1, it MUST first push onto
the MPLS label stack the ESI label that MES2 has distributed for
ESI1. It MUST then push on the MPLS label distributed by MES2 in the
Inclusive Ethernet Tag Multicast route for Ethernet Tag1. The
resulting packet is further encapsulated in the P2P or MP2P LSP label
stack required to transmit the packet to MES2. When MES2 receives
this packet it determines the set of ESIs to replicate the packet to
from the top MPLS label, after any P2P or MP2P LSP labels have been
removed. If the next label is the ESI label assigned by MES2 then
MES2 MUST NOT forward the packet onto ESI1.
17.2. ESI MPLS Label: P2MP MPLS LSPs
An MES that is using P2MP LSPs for sending broadcast, multicast or
unknown unicast traffic, distributes to other MESes, that belong to
the Ethernet segment or have an E-VPN in common with the Ethernet
Segment, an upstream assigned "ESI MPLS label" in the Ethernet A-D
route. This label is upstream assigned by the MES that advertises the
route. This label MUST be programmed by the other MESes, that are
connected to the ESI advertised in the route, in the context label
space for the advertising MES. Further the forwarding entry for this
label must result in NOT forwarding packets received with this label
onto the Ethernet segment that the label was distributed for. This
label MUST also be programmed by the other MESes, that import the
route but are not connected to the ESI advertised in the route, in
the context label space for the advertising MES. Further the
forwarding entry for this label must be a POP with no other
associated action.
Consider MES1 and MES2 that are multi-homed to CE1 on ES1. Also
consider MES3 that is in the same E-VPN as one of the E-VPNs to which
ES1 belongs. Further assume that MES1 is using P2MP MPLS LSPs to
send broadcast, multicast or uknown unicast packets. When MES1 sends
a multicast, broadcast or unknown unicast packet, that it receives
from CE1, it MUST first push onto the MPLS label stack the ESI label
that it has assigned for the ESI that the packet was received on. The
resulting packet is further encapsulated in the P2MP MPLS label stack
necessary to transmit the packet to the other MESes. Penultimate hop
popping MUST be disabled on the P2MP LSPs used in the MPLS transport
infrastructure for E-VPN. When MES2 receives this packet it
decapsulates the top MPLS label and forwards the packet using the
context label space determined by the top label. If the next label is
the ESI label assigned by MES1 then MES2 MUST NOT forward the packet
onto ESI1. When MES3 receives this packet it decapsulates the top
MPLS label and forwards the packet using the context label space
determined by the top label. If the next label is the ESI label
assigned by MES1 then MES3 MUST pop the label.
17.3. ESI MPLS Label: MP2MP LSPs This section specifies the load balancing procedures for sending
known unicast frames to a multi-homed CE.
The procedures for ESI MPLS Label assignment and usage for MP2MP LSPs 15.1. Load balancing of traffic from an PE to remote CEs
will be described in a future version.
18. Load Balancing of Unicast Packets Whenever a remote PE imports a MAC advertisement for a given <ESI,
Ethernet Tag> in an EVI, it MUST examine all imported Ethernet A-D
routes for that ESI in order to determine the load-balancing
characteristics of the Ethernet segment.
This section specifies how load balancing is achieved to/from a CE 15.1.1 Active-Standby Redundancy Mode
that has more than one interface that is directly connected to one or
more MESes. The CE may be a host or a router or it may be a switched
network that is connected via LAG to the MESes.
18.1. Load balancing of traffic from an MES to remote CEs For a given ESI, if the remote PE has imported an Ethernet A-D route
per Ethernet Segment from at least one PE, where the "Active-Standby"
flag in the ESI MPLS Label Extended Community is set, then the remote
PE MUST deduce that the Ethernet segment is operating in Active-
Standby redundancy mode. As such, the MAC address will be reachable
only via the PE announcing the associated MAC Advertisement route -
this is referred to as the primary PE. The set of other PE nodes
advertising Ethernet A-D routes per Ethernet Segment for the same ESI
serve as backup paths, in case the active PE encounters a failure.
These are referred to as the backup PEs.
Whenever a remote MES imports a MAC advertisement for a given <ESI, If the primary PE encounters a failure, it MAY withdraw its Ethernet
Ethernet Tag> in an E-VPN instance, it MUST consider the MAC as A-D route for the affected segment prior to withdrawing the entire
reachahable via all the MESes from which it has imported Ethernet A-D set of MAC Advertisement routes. In the case where only a single
routes for that <ESI, Ethernet Tag>. Let us call this the initial other backup PE in the network had advertised an Ethernet A-D route
Ethernet A-D route set for the given ESI. for the same ESI, the remote PE can then use the Ethernet A-D route
withdrawal as a trigger to update its forwarding entries, for the
associated MAC addresses, to point towards the backup PE. As the
backup PE starts learning the MAC addresses over its attached
Ethernet segment, it will start sending MAC Advertisement routes
while the failed PE withdraws its own. This mechanism minimizes the
flooding of traffic during fail-over events.
For the given ESI the remote MES has imported a per Ethernet Segment 15.1.2 All-Active Redundancy Mode
Ethernet A-D route, from at least one MES, where the "Active-Standby"
flag in the ESI MPLS Label Extended Community is set, then the remote
MES MUST first use the procedures in the section "Designated
Forwarder Election" to pick a Designated Forwarder. The eligible set
of Ethernet A-D routes used in the procedures below must comprise
this single Ethernet A-D route from the DF.
If for the given ESI none of the per Ethernet Segment Ethernet A-D If for the given ESI, none of the Ethernet A-D routes per Ethernet
routse, imported by the remote MES, have the "Active-Standby" flag Segment imported by the remote PE have the "Active-Standby" flag set
set in the ESI MPLS Label Extended Community, then the eligble set of in the ESI MPLS Label Extended Community, then the remote PE MUST
Ethernet A-D routes is set to the initial Ethernet A-D route set. treat the Ethernet segment as operating in all-active redundancy
mode. The remote PE would then treat the MAC address as reachable via
all of the PE nodes from which it has received both an Ethernet A-D
route per Ethernet Segment as well as an Ethernet A-D route per EVI
for the ESI in question. The remote PE MUST use the MAC advertisement
and eligible Ethernet A-D routes to construct the set of next-hops
that it can use to send the packet to the destination MAC. Each next-
hop comprises an MPLS label stack that is to be used by the egress PE
to forward the packet. This label stack is determined as follows:
The remote MES MUST use the MAC advertisement and eligible Ethernet -If the next-hop is constructed as a result of a MAC route then this
A-D routes to constuct the set of next-hops that it can use to send label stack MUST be used. However, if the MAC route doesn't exist,
the packet to the destination MAC. Each next-hop comprises an MPLS then the next-hop and MPLS label stack is constructed as a result of
label stack, that is to be used by the egress MES to forward the the Ethernet A-D routes. Note that the following description applies
packet. This label stack is determined as follows. If the next-hop is to determining the label stack for a particular next-hop to reach a
constructed as a result of a MAC route which has a valid MPLS label given PE, from which the remote PE has received and imported Ethernet
stack, then this label stack MUST be used. However if the MAC route A-D routes that have the matching ESI and Ethernet Tag as the one
doesn't exist or if it doesn't have a valid MPLS label stack then the present in the MAC advertisement. The Ethernet A-D routes mentioned
next-hop and MPLS label stack is constructed as a result of one or in the following description refer to the ones imported from this
more corresponding Ethernet A-D routes as follows. Note that the given PE.
following description applies to determining the label stack for a
particular next-hop to reach a given MES, from which the remote MES
has received and imported one or more Ethernet A-D routes that have
the matching ESI and Ethernet Tag as the one present in the MAC
advertisement. The Ethernet A-D routes mentioned in the following
description refer to the ones imported from this given MES.
If there is a corresponding Ethernet A-D route for that <ESI, -If an Ethernet A-D route per Ethernet Segment for that ESI exists,
Ethernet Tag> then that label stack MUST be used. If such an Ethernet together with an Ethernet A-D route per EVI, then the label from that
Tag A-D route doesn't exist but Ethernet A-D routes exist for <ESI, latter route must be used.
Ethernet Tag = 0> and <ESI = 0, Ethernet Tag> then the label stack
must be constructed by using the labels from these two routes. If
this is not the case but an Ethernet A-D route exists for <ESI,
Ethernet Tag = 0> then the label from that route must be used.
Finally if this is also not the case but an Ethernet A-D route exists
for <ESI = 0, Ethernet Tag = 0> then the label from that route must
be used.
The following example explains the above when Ethernet A-D routes are The following example explains the above.
advertised per <ESI, Ethernet Tag>.
Consider a CE, CE1, that is dual homed to two MESes, MES1 and MES2 on Consider a CE (CE1) that is dual-homed to two PEs (PE1 and PE2) on a
a LAG interface, ES1, and is sending packets with MAC address MAC1 on LAG interface (ES1), and is sending packets with MAC address MAC1 on
VLAN1. Based on E-VPN extensions described in sections "Determining VLAN1. A remote PE, say PE3, is able to learn that MAC1 is reachable
Reachability of Unicast Addresses" and "Auto-Discovery of Ethernet via PE1 and PE2. Both PE1 and PE2 may advertise MAC1 in BGP if they
Tags on Ethernet Segments", a remote MES say MES3 is able to learn receive packets with MAC1 from CE1. If this is not the case, and if
that a MAC1 is reachable via MES1 and MES2. Both MES1 and MES2 may MAC1 is advertised only by PE1, PE3 still considers MAC1 as reachable
advertise MAC1 in BGP if they receive packets with MAC1 from CE1. If via both PE1 and PE2 as both PE1 and PE2 advertise a Ethernet A-D
this is not the case and if MAC1 is advertised only by MES1, MES3 route per ESI for ESI1 as well as an Ethernet A-D route per EVI for
still considers MAC1 as reachable via both MES1 and MES2 as both MES1 <ESI1, VLAN1>.
and MES2 advertise a Ethernet A-D route for <ESI1, VLAN1>.
The MPLS label stack to send the packets to MES1 is the MPLS LSP The MPLS label stack to send the packets to PE1 is the MPLS LSP stack
stack to get to MES1 and the E-VPN label advertised by MES1 for CE1's to get to PE1 and the E-VPN label advertised by PE1 for CE1's MAC.
MAC.
The MPLS label stack to send packets to MES2 is the MPLS LSP stack to The MPLS label stack to send packets to PE2 is the MPLS LSP stack to
get to MES2 and the MPLS label in the Ethernet A-D route advertised get to PE2 and the MPLS label in the Ethernet A-D route advertised by
by MES2 for <ES1, VLAN1>, if MES2 has not advertised MAC1 in BGP. PE2 for <ES1, VLAN1>, if PE2 has not advertised MAC1 in BGP.
We will refer to these label stacks as MPLS next-hops. We will refer to these label stacks as MPLS next-hops.
The remote MES, MES3, can now load balance the traffic it receives The remote PE (PE3) can now load balance the traffic it receives from
from its CEs, destined for CE1, between MES1 and MES2. MES3 may use its CEs, destined for CE1, between PE1 and PE2. PE3 may use N-Tuple
the IP flow information for it to hash into one of the MPLS next-hops flow information to hash traffic into one of the MPLS next-hops for
for load balancing for IP traffic. Or MES3 may rely on the source and load balancing of IP traffic. Alternatively PE3 may rely on the
destination MAC addresses for load balancing. source MAC addresses for load balancing.
Note that once MES3 decides to send a particular packet to MES1 or Note that once PE3 decides to send a particular packet to PE1 or PE2
MES2 it can pick from more than path to reach the particular remote it can pick one out of multiple possible paths to reach the
MES using regular MPLS procedures. For instance if the tunneling particular remote PE using regular MPLS procedures. For instance, if
technology is based on RSVP-TE LSPs, and MES3 decides to send a the tunneling technology is based on RSVP-TE LSPs, and PE3 decides to
particular packet to MES1 then MES3 can choose from multiple RSVP-TE send a particular packet to PE1, then PE3 can choose from multiple
LSPs that have MES1 as their destination. RSVP-TE LSPs that have PE1 as their destination.
When MES1 or MES2 receive the packet destined for CE1 from MES3, if When PE1 or PE2 receive the packet destined for CE1 from PE3, if the
the packet is a unicast MAC packet it is forwarded to CE1. If it is packet is a unicast MAC packet it is forwarded to CE1. If it is a
a multicast or broadcast MAC packet then only one of MES1 or MES2 multicast or broadcast MAC packet then only one of PE1 or PE2 must
must forward the packet to the CE. Which of MES1 or MES2 forward this forward the packet to the CE. Which of PE1 or PE2 forward this packet
packet to the CE is determined by default based on which of the two to the CE is determined based on which of the two is the DF.
is the DF. An alternate procedure to load balance multicast packets
will be described in the future.
If the connectivity between the multi-homed CE and one of the MESes If the connectivity between the multi-homed CE and one of the PEs
that it is multi-homed to fails, the MES MUST withdraw the MAC that it is attached to fails, the PE MUST withdraw the Ethernet Tag
address from BGP. In addition the MES MUST withdraw the Ethernet Tag
A-D routes, that had been previously advertised, for the Ethernet A-D routes, that had been previously advertised, for the Ethernet
Segment to the CE. Note that to aid convergence the Ethernet Tag A-D Segment to the CE. When the MAC entry on the PE ages out, the PE MUST
routes MAY be withdrawn before the MAC routes. This enables the withdraw the MAC address from BGP. Note that to aid convergence, the
remote MESes to remove the MPLS next-hop to this particular MES from Ethernet Tag A-D routes MAY be withdrawn before the MAC routes. This
the set of MPLS next-hops that can be used to forward traffic to the enables the remote PEs to remove the MPLS next-hop to this particular
CE. For further details and procedures on withdrawal of E-VPN route PE from the set of MPLS next-hops that can be used to forward traffic
types in the event of MES to CE failures please section "MES to CE to the CE. For further details and procedures on withdrawal of E-VPN
Network Failures". route types in the event of PE to CE failures please section "PE to
CE Network Failures".
18.2. Load balancing of traffic between an MES and a local CE 15.2. Load balancing of traffic between an PE and a local CE
A CE may be configured with more than one interface connected to A CE may be configured with more than one interface connected to
different MESes or the same MES for load balancing, using a different PEs or the same PE for load balancing, using a technology
technology such as LAG. The MES(s) and the CE can load balance such as LAG. The PE(s) and the CE can load balance traffic onto these
traffic onto these interfaces using one of the following mechanisms. interfaces using one of the following mechanisms.
18.2.1. Data plane learning 15.2.1. Data plane learning
Consider that the MESes perform data plane learning for local MAC Consider that the PEs perform data plane learning for local MAC
addresses learned from local CEs. This enables the MES(s) to learn a addresses learned from local CEs. This enables the PE(s) to learn a
particular MAC address and associate it with one or more interfaces, particular MAC address and associate it with one or more interfaces,
if the technology between the MES and the CE supports multi-pathing. if the technology between the PE and the CE supports multi-pathing.
The MESes can now load balance traffic destined to that MAC address The PEs can now load balance traffic destined to that MAC address on
on the multiple interfaces. the multiple interfaces.
Whether the CE can load balance traffic that it generates on the Whether the CE can load balance traffic that it generates on the
multiple interfaces is dependent on the CE implementation. multiple interfaces is dependent on the CE implementation.
18.2.2. Control plane learning 15.2.2. Control plane learning
The CE can be a host that advertises the same MAC address using a The CE can be a host that advertises the same MAC address using a
control protocol on both interfaces. This enables the MES(s) to learn control protocol on both interfaces. This enables the PE(s) to learn
the host's MAC address and associate it with one or more interfaces. the host's MAC address and associate it with one or more interfaces.
The MESes can now load balance traffic destined to the host on the The PEs can now load balance traffic destined to the host on the
multiple interfaces. The host can also load balance the traffic it multiple interfaces. The host can also load balance the traffic it
generates onto these interfaces and the MES that receives the traffic generates onto these interfaces and the PE that receives the traffic
employs E-VPN forwarding procedures to forward the traffic. employs E-VPN forwarding procedures to forward the traffic.
19. MAC Moves 16. MAC Mobility
In the case where a CE is a host or a switched network connected to It is possible for a given host or end-station (as defined by its MAC
hosts, the MAC address that is reachable via a given MES on a address) to move from one Ethernet segment to another; this is
particular ESI may move such that it becomes reachable via another referred to as 'MAC Mobility' or 'MAC move' and it is different from
MES on another ESI. This is referred to as a "MAC Move". the multi-homing situation in which a given MAC address is reachable
via multiple PEs for the same Ethernet segment. In a MAC move, there
would be two sets of MAC Advertisement routes, one set with the new
Ethernet segment and one set with the previous Ethernet segment, and
the MAC address would appear to be reachable via each of these
segments.
Remote MESes must be able to distinguish a MAC move from the case In order to allow all of the PEs in the E-VPN to correctly determine
where a MAC address on an ESI is reachable via two different MESes the current location of the MAC address, all advertisements of it
and load balancing is performed as described in section "Load being reachable via the previous Ethernet segment MUST be withdrawn
Balancing of Unicast Packets". This distinction can be made as by the PEs, for the previous Ethernet segment, that had advertised
follows. If a MAC is learned by a particular MES from multiple MESes, it.
then the MES performs load balancing only amongst the set of MESes
that advertised the MAC with the same ESI. If this is not the case
then the MES chooses only one of the advertising MESes to reach the
MAC as per BGP path selection.
There can be traffic loss during a MAC move. Consider MAC1 that is If local learning is performed using the data plane, these PEs will
advertised by MES1 and learned from CE1 on ESI1. If MAC1 now moves not be able to detect that the MAC address has moved to another
behind MES2, on ESI2, MES2 advertises the MAC in BGP. Until a remote Ethernet segment and the receipt of MAC Advertisement routes, with
MES, MES3, determines that the best path is via MES2, it will the MAC Mobility extended community attribute, from other PEs serves
continue to send traffic destined for MAC1 to MES1. This will not as the trigger for these PEs to withdraw their advertisements. If
occur deterministially until MES1 withdraws the advertisement for local learning is performed using the control or management planes,
MAC1. these interactions serve as the trigger for these PEs to withdraw
their advertisements.
One recommended optimization to reduce the traffic loss during MAC In a situation where there are multiple moves of a given MAC,
moves is the following option. When an MES sees a MAC update from a possibly between the same two Ethernet segments, there may be
locally attached CE on an ESI, which is different from the ESI on multiple withdrawals and re-advertisements. In order to ensure that
which the MES has currently learned the MAC, the corresponding entry all PEs in the E-VPN receive all of these correctly through the
in the local bridge forwarding table SHOULD be immediately purged intervening BGP infrastructure, it is necessary to introduce a
causing the MES to withdraw its own E-VPN MAC advertisement route and sequence number into the MAC Mobility extended community attribute.
replace it with the update.
A future version of this specification will describe other optimized Since the sequence number is an unsigned 32 bit integer, all sequence
procedures to minimize traffic loss during MAC moves. number comparisons must be performed modulo 2**32. This unsigned
arithmetic preserves the relationship of sequence numbers as they
cycle from 2**32 - 1 to 0.
20. Multicast Every MAC mobility event for a given MAC address will contain a
sequence number that is set using the following rules:
The MESes in a particular E-VPN may use ingress replication or P2MP - A PE advertising a MAC address for the first time advertises it
LSPs to send multicast traffic to other MESes. with no MAC Mobility extended community attribute.
20.1. Ingress Replication - A PE detecting a locally attached MAC address for which it had
previously received a MAC Advertisement route with a different
Ethernet segment identifier advertises the MAC address in a MAC
Advertisement route tagged with a MAC Mobility extended community
attribute with a sequence number one greater than the sequence number
in the MAC mobility attribute of the received MAC Advertisement
route. In the case of the first mobility event for a given MAC
address, where the received MAC Advertisement route does not carry a
MAC Mobility attribute, the value of the sequence number in the
received route is assumed to be 0 for purpose of this processing.
The MESes may use ingress replication for flooding unknown unicast, - A PE detecting a locally attached MAC address for which it had
previously received a MAC Advertisement route with the same Ethernet
segment identifier advertises it with:
i. no MAC Mobility extended community attribute, if the received
route did not carry said attribute.
ii. a MAC Mobility extended community attribute with the sequence
number equal to the sequence number in the received MAC
Advertisement route, if the received route is tagged with a MAC
Mobility extended community attribute.
A PE receiving a MAC Advertisement route for a MAC address with a
different Ethernet segment identifier and a higher sequence number
than that which it had previously advertised, withdraws its MAC
Advertisement route. If two (or more) PEs advertise the same MAC
address with same sequence number but different Ethernet segment
identifiers, a PE that receives these routes selects the route
advertised by the PE with lowest IP address as the best route.
17. Multicast
The PEs in a particular E-VPN may use ingress replication or P2MP
LSPs to send multicast traffic to other PEs.
17.1. Ingress Replication
The PEs may use ingress replication for flooding unknown unicast,
multicast or broadcast traffic as described in section "Handling of multicast or broadcast traffic as described in section "Handling of
Multi-Destination Traffic". A given unknown unicast or broadcast Multi-Destination Traffic". A given unknown unicast or broadcast
packet must be sent to all the remote MESes. However a given packet must be sent to all the remote PEs. However a given multicast
multicast packet for a multicast flow may be sent to only a subset of packet for a multicast flow may be sent to only a subset of the PEs.
the MESes. Specifically a given multicast flow may be sent to only Specifically a given multicast flow may be sent to only those PEs
those MESes that have receivers that are interested in the multicast that have receivers that are interested in the multicast flow.
flow. Determining which of the MESes have receivers for a given Determining which of the PEs have receivers for a given multicast
multicast flow is done using explicit tracking described below. flow is done using explicit tracking described below.
20.2. P2MP LSPs 17.2. P2MP LSPs
A MES may use an "Inclusive" tree for sending an unknown unicast, An PE may use an "Inclusive" tree for sending an unknown unicast,
broadcast or multicast packet or a "Selective" tree. This terminology broadcast or multicast packet or a "Selective" tree. This terminology
is borrowed from [VPLS-MCAST]. is borrowed from [VPLS-MCAST].
A variety of transport technologies may be used in the SP network. A variety of transport technologies may be used in the SP network.
For inclusive P-Multicast trees, these transport technologies include For inclusive P-Multicast trees, these transport technologies include
point-to-multipoint LSPs created by RSVP-TE or mLDP. For selective P- point-to-multipoint LSPs created by RSVP-TE or mLDP. For selective P-
Multicast trees, only unicast MES-MES tunnels (using MPLS or IP/GRE Multicast trees, only unicast PE-PE tunnels (using MPLS or IP/GRE
encapsulation) and P2MP LSPs are supported, and the supported P2MP encapsulation) and P2MP LSPs are supported, and the supported P2MP
LSP signaling protocols are RSVP-TE, and mLDP. LSP signaling protocols are RSVP-TE, and mLDP.
20.3. MP2MP LSPs 17.3. MP2MP LSPs
The root of the MP2MP LDP LSP advertises the Inclusive Multicast Tag The root of the MP2MP LDP LSP advertises the Inclusive Multicast Tag
route with the PMSI Tunnel attribute set to the MP2MP Tunnel route with the PMSI Tunnel attribute set to the MP2MP Tunnel
identifier. This advertisement is then sent to all MESes in the E- identifier. This advertisement is then sent to all PEs in the E-VPN.
VPN. Upon receiving the Inclusive Multicast Tag routes with a PMSI Upon receiving the Inclusive Multicast Tag routes with a PMSI Tunnel
Tunnel attribute that contains the MP2MP Tunnel identifier, the attribute that contains the MP2MP Tunnel identifier, the receiving
receiving MESes initiate the setup of the MP2MP tunnel towards the PEs initiate the setup of the MP2MP tunnel towards the root using the
root using the procedures in [MLDP]. procedures in [MLDP].
20.3.1. Inclusive Trees 17.3.1. Inclusive Trees
An Inclusive Tree allows the use of a single multicast distribution An Inclusive Tree allows the use of a single multicast distribution
tree, referred to as an Inclusive P-Multicast tree, in the SP network tree, referred to as an Inclusive P-Multicast tree, in the SP network
to carry all the multicast traffic from a specified set of E-VPN to carry all the multicast traffic from a specified set of EVIs on a
instances on a given MES. A particular P-Multicast tree can be set up given PE. A particular P-Multicast tree can be set up to carry the
to carry the traffic originated by sites belonging to a single E-VPN, traffic originated by sites belonging to a single E-VPN, or to carry
or to carry the traffic originated by sites belonging to different E- the traffic originated by sites belonging to different E-VPNs. The
VPNs. The ability to carry the traffic of more than one E-VPN on the ability to carry the traffic of more than one E-VPN on the same tree
same tree is termed 'Aggregation'. The tree needs to include every is termed 'Aggregation'. The tree needs to include every PE that is a
MES that is a member of any of the E-VPNs that are using the tree. member of any of the E-VPNs that are using the tree. This implies
This implies that an MES may receive multicast traffic for a that an PE may receive multicast traffic for a multicast stream even
multicast stream even if it doesn't have any receivers that are if it doesn't have any receivers that are interested in receiving
interested in receiving traffic for that stream. traffic for that stream.
An Inclusive P-Multicast tree as defined in this document is a P2MP An Inclusive P-Multicast tree as defined in this document is a P2MP
tree. A P2MP tree is used to carry traffic only for E-VPN CEs that tree. A P2MP tree is used to carry traffic only for E-VPN CEs that
are connected to the MES that is the root of the tree. are connected to the PE that is the root of the tree.
The procedures for signaling an Inclusive Tree are the same as those The procedures for signaling an Inclusive Tree are the same as those
in [VPLS-MCAST] with the VPLS-AD route replaced with the Inclusive in [VPLS-MCAST] with the VPLS-AD route replaced with the Inclusive
Multicast Ethernet Tag route. The P-Tunnel attribute [VPLS-MCAST] for Multicast Ethernet Tag route. The P-Tunnel attribute [VPLS-MCAST] for
an Inclusive tree is advertised in the Inclusive Ethernet A-D route an Inclusive tree is advertised in the Inclusive Multicast route as
as described in section "Handling of Multi-Destination Traffic". Note described in section "Handling of Multi-Destination Traffic". Note
that an MES can "aggregate" multiple inclusive trees for different E- that an PE can "aggregate" multiple inclusive trees for different
VPNs on the same P2MP LSP using upstream labels. The procedures for EVIs on the same P2MP LSP using upstream labels. The procedures for
aggregation are the same as those described in [VPLS-MCAST], with aggregation are the same as those described in [VPLS-MCAST], with
VPLS A-D routes replaced by E-VPN Inclusive Multicast Ethernet A-D VPLS A-D routes replaced by E-VPN Inclusive Multicast routes.
routes.
20.3.2. Selective Trees 17.3.2. Selective Trees
A Selective P-Multicast tree is used by an MES to send IP multicast A Selective P-Multicast tree is used by an PE to send IP multicast
traffic for one or more specific IP multicast streams, originated by traffic for one or more specific IP multicast streams, originated by
CEs connected to the MES, that belong to the same or different E- CEs connected to the PE, that belong to the same or different E-VPNs,
VPNs, to a subset of the MESs that belong to those E-VPNs. Each of to a subset of the PEs that belong to those E-VPNs. Each of the PEs
the MESs in the subset should be on the path to a receiver of one or in the subset should be on the path to a receiver of one or more
more multicast streams that are mapped onto the tree. The ability to multicast streams that are mapped onto the tree. The ability to use
use the same tree for multicast streams that belong to different E- the same tree for multicast streams that belong to different E-VPNs
VPNs is termed an MES the ability to create separate SP multicast is termed an PE the ability to create separate SP multicast trees for
trees for specific multicast streams, e.g. high bandwidth multicast specific multicast streams, e.g. high bandwidth multicast streams.
streams. This allows traffic for these multicast streams to reach This allows traffic for these multicast streams to reach only those
only those MES routers that have receivers in these streams. This PE routers that have receivers in these streams. This avoids flooding
avoids flooding other MES routers in the E-VPN. other PE routers in the E-VPN.
A SP can use both Inclusive P-Multicast trees and Selective P- An SP can use both Inclusive P-Multicast trees and Selective P-
Multicast trees or either of them for a given E-VPN on an MES, based Multicast trees or either of them for a given E-VPN on an PE, based
on local configuration. on local configuration.
The granularity of a selective tree is <RD, MES, S, G> where S is an The granularity of a selective tree is <RD, PE, S, G> where S is an
IP multicast source address and G is an IP multicast group address or IP multicast source address and G is an IP multicast group address or
G is a multicast MAC address. Wildcard sources and wildcard groups G is a multicast MAC address. Wildcard sources and wildcard groups
are supported. Selective trees require explicit tracking as described are supported. Selective trees require explicit tracking as described
below. below.
A E-VPN MES advertises a selective tree using a E-VPN selective A-D A E-VPN PE advertises a selective tree using a E-VPN selective A-D
route. The procedures are the same as those in [VPLS-MCAST] with S- route. The procedures are the same as those in [VPLS-MCAST] with S-
PMSI A-D routes in [VPLS-MCAST] replaced by E-VPN Selective A-D PMSI A-D routes in [VPLS-MCAST] replaced by E-VPN Selective A-D
routes. The information elements of the E-VPN selective A-D route routes. The information elements of the E-VPN selective A-D route
are similar to those of the VPLS S-PMSI A-D route with the following are similar to those of the VPLS S-PMSI A-D route with the following
differences. A E-VPN Selective A-D route includes an optional differences. A E-VPN Selective A-D route includes an optional
Ethernet Tag field. Also an E-VPN selective A-D route may encode a Ethernet Tag field. Also an E-VPN selective A-D route may encode a
MAC address in the Group field. The encoding details of the E-VPN MAC address in the Group field. The encoding details of the E-VPN
selective A-D route will be described in the next revision. selective A-D route will be described in the next revision.
Selective trees can also be aggregated on the same P2MP LSP using Selective trees can also be aggregated on the same P2MP LSP using
aggregation as described in [VPLS-MCAST]. aggregation as described in [VPLS-MCAST].
20.4. Explicit Tracking 17.4. Explicit Tracking
[VPLS-MCAST] describes procedures for explicit tracking that rely on [VPLS-MCAST] describes procedures for explicit tracking that rely on
Leaf A-D routes. The same procedures are used for explicit tracking Leaf A-D routes. The same procedures are used for explicit tracking
in this specification with VPLS Leaf A-D routes replaced with E-VPN in this specification with VPLS Leaf A-D routes replaced with E-VPN
Leaf A-D routes. These procedures allow a root MES to request Leaf A-D routes. These procedures allow a root PE to request
multicast membership information for a given (S, G), from leaf MESs. multicast membership information for a given (S, G), from leaf PEs.
Leaf MESs rely on IGMP snooping or PIM snooping between the MES and Leaf PEs rely on IGMP snooping or PIM snooping between the PE and the
the CE to determine the multicast membership information. Note that CE to determine the multicast membership information. Note that the
the procedures in [VPLS-MCAST] do not describe how explicit tracking procedures in [VPLS-MCAST] do not describe how explicit tracking is
is performed if the CEs are enabled with join suppression. The performed if the CEs are enabled with join suppression. The
procedures for this case will be described in a future version. procedures for this case will be described in a future version.
21. Convergence 18. Convergence
This section describes failure recovery from different types of This section describes failure recovery from different types of
network failures. network failures.
21.1. Transit Link and Node Failures between MESes 18.1. Transit Link and Node Failures between PEs
The use of existing MPLS Fast-Reroute mechanisms can provide failure The use of existing MPLS Fast-Reroute mechanisms can provide failure
recovery in the order of 50ms, in the event of transit link and node recovery in the order of 50ms, in the event of transit link and node
failures in the infrastructure that connects the MESes. failures in the infrastructure that connects the PEs.
21.2. MES Failures 18.2. PE Failures
Consider a host host1 that is dual homed to MES1 and MES2. If MES1
fails, a remote MES, MES3, can discover this based on the failure of Consider a host host1 that is dual homed to PE1 and PE2. If PE1
fails, a remote PE, PE3, can discover this based on the failure of
the BGP session. This failure detection can be in the sub-second the BGP session. This failure detection can be in the sub-second
range if BFD is used to detect BGP session failure. MES3 can update range if BFD is used to detect BGP session failure. PE3 can update
its forwarding state to start sending all traffic for host1 to only its forwarding state to start sending all traffic for host1 to only
MES2. It is to be noted that this failure recovery is potentially PE2. It is to be noted that this failure recovery is potentially
faster than what would be possible if data plane learning were to be faster than what would be possible if data plane learning were to be
used. As in that case MES3 would have to rely on re-learning of MAC used. As in that case PE3 would have to rely on re-learning of MAC
addresses via MES2. addresses via PE2.
21.2.1. Local Repair
It is possible to perform local repair in the case of MES failures. 18.2.1. Local Repair
It is possible to perform local repair in the case of PE failures.
Details will be specified in the future. Details will be specified in the future.
21.3. MES to CE Network Failures 18.3. PE to CE Network Failures
When an Ethernet segment connected to an MES fails or when a Ethernet When an Ethernet segment connected to an PE fails or when a Ethernet
Tag is deconfigured on an Ethernet segment, then the MES MUST Tag is decommissioned on an Ethernet segment, then the PE MUST
withdraw the Ethernet A-D route(s) announced for the <ESI, Ethernet withdraw the Ethernet A-D route(s) announced for the <ESI, Ethernet
Tags> that are impacted by the failure or de-configuration. In Tags> that are impacted by the failure or decommissioning. In
addition the MES MUST also withdraw the MAC advertisement routes that addition, the PE MUST also withdraw the MAC advertisement routes that
are impacted by the failure or de-configuration. are impacted by the failure or decommissioning.
The Ethernet A-D routes should be used by an implementation to The Ethernet A-D routes should be used by an implementation to
optimize the withdrawal of MAC advertisement routes. When an MES optimize the withdrawal of MAC advertisement routes. When an PE
receives a withdrawal of a particular Ethernet A-D route from an MES receives a withdrawal of a particular Ethernet A-D route from an PE
it SHOULD consider all the MAC advertisement routes, that are learned it SHOULD consider all the MAC advertisement routes, that are learned
from the same <ESI, Ethernet Tag> as in the Ethernet A-D route, from from the same <ESI, Ethernet Tag> as in the Ethernet A-D route, from
the advertising MES, as having been withdrawn. This optimizes the the advertising PE, as having been withdrawn. This optimizes the
network convergence times in the event of MES to CE failures. network convergence times in the event of PE to CE failures.
22. LACP State Synchronization 19. LACP State Synchronization
This section requires review and discussion amongst the authors and This section requires review and discussion amongst the authors and
will be revised in the next version. will be revised in the next version.
To support CE multi-homing with multi-chassis Ethernet bundles, the To support CE multi-homing with multi-chassis Ethernet bundles, the
MESes connected to a given CE should synchronize [802.1AX] LACP state PEs connected to a given CE should synchronize [802.1AX] LACP state
amongst each other. This ensures that the MESes can present a single amongst each other. This ensures that the PEs can present a single
LACP bundle to the CE. This is required for initial system bring-up LACP bundle to the CE. This is required for initial system bring-up
and upon any configuration change. and upon any configuration change.
This includes at least the following LACP specific configuration This includes at least the following LACP specific configuration
parameters: parameters:
- System Identifier (MAC Address): uniquely identifies a LACP - System Identifier (MAC Address): uniquely identifies a LACP
speaker. speaker.
- System Priority: determines which LACP speaker's port - System Priority: determines which LACP speaker's port
priorities are used in the Selection logic. priorities are used in the Selection logic.
- Aggregator Identifier: uniquely identifies a bundle within - Aggregator Identifier: uniquely identifies a bundle within
a LACP speaker. a LACP speaker.
- Aggregator MAC Address: identifies the MAC address of the - Aggregator MAC Address: identifies the MAC address of the
bundle. bundle.
- Aggregator Key: used to determine which ports can join an - Aggregator Key: used to determine which ports can join an
Aggregator. Aggregator.
- Port Number: uniquely identifies an interface within a LACP - Port Number: uniquely identifies an interface within a LACP
speaker. speaker.
- Port Key: determines the set of ports that can be bundled. - Port Key: determines the set of ports that can be bundled.
- Port Priority: determines a port's precedence level to join - Port Priority: determines a port's precedence level to join
a bundle in case the number of eligible ports exceeds the a bundle in case the number of eligible ports exceeds the
maximum number of links allowed in a bundle. maximum number of links allowed in a bundle.
Furthermore, the MESes should also synchronize operational (run-time) Furthermore, the PEs should also synchronize operational (run-time)
data, in order for the LACP Selection logic state-machines to data, in order for the LACP Selection logic state-machines to
execute. This operational data includes the following LACP execute. This operational data includes the following LACP
operational parameters, on a per port basis: operational parameters, on a per port basis:
- Partner System Identifier: this is the CE System MAC address. - Partner System Identifier: this is the CE System MAC address.
- Partner System Priority: the CE LACP System Priority - Partner System Priority: the CE LACP System Priority
- Partner Port Number: CE's AC port number. - Partner Port Number: CE's AC port number.
- Partner Port Priority: CE's AC Port Priority. - Partner Port Priority: CE's AC Port Priority.
- Partner Key: CE's key for this AC. - Partner Key: CE's key for this AC.
- Partner State: CE's LACP State for the AC. - Partner State: CE's LACP State for the AC.
- Actor State: PE's LACP State for the AC. - Actor State: PE's LACP State for the AC.
- Port State: PE's AC port status. - Port State: PE's AC port status.
The above state needs to be communicated between MESes forming a The above state needs to be communicated between PEs forming a multi-
multi-chassis bundle during LACP initial bringup, upon any chassis bundle during LACP initial bringup, upon any configuration
configuration change and upon the occurrence of a failure. change and upon the occurrence of a failure.
It should be noted that the above configuration and operational state It should be noted that the above configuration and operational state
is localized in scope and is only relevant to MESes which connect to is localized in scope and is only relevant to PEs which connect to
the same multi-homed CE over a given Ethernet bundle. the same multi-homed CE over a given Ethernet bundle.
Furthermore, the communication of state changes, upon failures, must Furthermore, the communication of state changes, upon failures, must
occur with minimal latency, in order to minimize the switchover time occur with minimal latency, in order to minimize the switchover time
and consequent service disruption. The protocol details for and consequent service disruption. The protocol details for
synchronizing the LACP state will be described in the following synchronizing the LACP state will be described in the following
version. version.
23. Acknowledgements 20. Acknowledgements
We would like to thank Yakov Rekhter, Pedro Marques, Kaushik Ghosh, We would like to thank Yakov Rekhter, Pedro Marques, Kaushik Ghosh,
Nischal Sheth, Robert Raszuk and Amit Shukla for discussions that Nischal Sheth, Robert Raszuk, Amit Shukla and Nadeem Mohammed for
helped shape this document. We would also like to thank Han Nguyen discussions that helped shape this document. We would also like to
for his comments and support of this work. We would also like to thank Han Nguyen for his comments and support of this work. We would
thank Steve Kensil for his review. also like to thank Steve Kensil for his review.
24. References 21. References
[E-VPN-REQ] A. Sajassi, R. Aggarwal et. al., "Requirements for [E-VPN-REQ] A. Sajassi, R. Aggarwal et. al., "Requirements for
Ethernet VPN", draft-sajassi-raggarwa-l2vpn-evpn-req- Ethernet VPN", draft-sajassi-raggarwa-l2vpn-evpn-req-
00.txt 00.txt
[RFC4364] "BGP/MPLS IP VPNs", Rosen, Rekhter, et. al., February 2006 [RFC4364] "BGP/MPLS IP VPNs", Rosen, Rekhter, et. al., February 2006
[VPLS-MCAST] "Multicast in VPLS". R. Aggarwal et.al., draft-ietf- [VPLS-MCAST] "Multicast in VPLS". R. Aggarwal et.al., draft-ietf-
l2vpn-vpls-mcast-04.txt l2vpn-vpls-mcast-04.txt
[RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service
skipping to change at page 37, line 42 skipping to change at page 41, line 30
[IGMP-SNOOPING] "Considerations for Internet Group Management [IGMP-SNOOPING] "Considerations for Internet Group Management
Protocol (IGMP) and Multicast Listener Discovery (MLD) Protocol (IGMP) and Multicast Listener Discovery (MLD)
Snooping Switches", M. Christensen et. al., RFC4541, Snooping Switches", M. Christensen et. al., RFC4541,
[RT-CONSTRAIN] P. Marques et. al., "Constrained Route Distribution [RT-CONSTRAIN] P. Marques et. al., "Constrained Route Distribution
for Border Gateway Protocol/MultiProtocol Label Switching for Border Gateway Protocol/MultiProtocol Label Switching
(BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks
(VPNs)", RFC 4684, November 2006 (VPNs)", RFC 4684, November 2006
25. Author's Address [EVPN-SEGMENT-ROUTE] A. Sajassi et. al., "E-VPN Ethernet Segment
Route", draft-sajassi-l2vpn-evpn-segment-route-00.txt,
work in progress.
21. Author's Address
Rahul Aggarwal Rahul Aggarwal
Email: raggarwa_1@yahoo.com Email: raggarwa_1@yahoo.com
Ali Sajassi Ali Sajassi
Cisco Cisco
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134, US San Jose, CA 95134, US
Email: sajassi@cisco.com Email: sajassi@cisco.com
skipping to change at page 38, line 31 skipping to change at page 42, line 25
Nabil Bitar Nabil Bitar
Verizon Communications Verizon Communications
Email : nabil.n.bitar@verizon.com Email : nabil.n.bitar@verizon.com
Ravi Shekhar Ravi Shekhar
Juniper Networks Juniper Networks
1194 N. Mathilda Ave. 1194 N. Mathilda Ave.
Sunnyvale, CA 94089 US Sunnyvale, CA 94089 US
Email: rshekhar@juniper.net Email: rshekhar@juniper.net
John Drake
Juniper Networks
1194 N. Mathilda Ave.
Sunnyvale, CA 94089 US
Email: jdrake@juniper.net
Florin Balus Florin Balus
Alcatel-Lucent Alcatel-Lucent
e-mail: Florin.Balus@alcatel-lucent.com e-mail: Florin.Balus@alcatel-lucent.com
Keyur Patel Keyur Patel
Cisco Cisco
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134, US San Jose, CA 95134, US
Email: keyupate@cisco.com Email: keyupate@cisco.com
Sami Boutros Sami Boutros
Cisco Cisco
170 West Tasman Drive 170 West Tasman Drive
San Jose, CA 95134, US San Jose, CA 95134, US
Email: sboutros@cisco.com Email: sboutros@cisco.com
Samer Salam
Cisco
595 Burrard Street, Suite 2123
Vancouver, BC V7X 1J1, Canada
Email: ssalam@cisco.com
 End of changes. 259 change blocks. 
1078 lines changed or deleted 1217 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/