| < draft-ietf-l2vpn-vpls-inter-domain-redundancy-06.txt | draft-ietf-l2vpn-vpls-inter-domain-redundancy-07.txt > | |||
|---|---|---|---|---|
| Networking Working Group Z. Liu | Networking Working Group Z. Liu | |||
| Internet-Draft China Telecom | Internet-Draft China Telecom | |||
| Intended status: Standards Track L. Jin | Intended status: Standards Track L. Jin | |||
| Expires: October 26, 2014 | Expires: November 17, 2014 | |||
| R. Chen | R. Chen | |||
| ZTE Corporation | ZTE Corporation | |||
| D. Cai | D. Cai | |||
| S. Salam | S. Salam | |||
| Cisco | Cisco | |||
| April 24, 2014 | May 16, 2014 | |||
| Redundancy Mechanism for Inter-domain VPLS Service | Redundancy Mechanism for Inter-domain VPLS Service | |||
| draft-ietf-l2vpn-vpls-inter-domain-redundancy-06 | draft-ietf-l2vpn-vpls-inter-domain-redundancy-07 | |||
| Abstract | Abstract | |||
| In many existing Virtual Private LAN Service (VPLS) inter-domain | In many existing Virtual Private LAN Service (VPLS) inter-domain | |||
| deployments (based on RFC 4762), pseudowire (PW) connectivity offers | deployments (based on RFC 4762), pseudowire (PW) connectivity offers | |||
| no node redundancy, or offers node redundancy only with a single | no Provider Edge (PE) node redundancy, or offers PE node redundancy | |||
| domain. This deployment approach incurs a high risk of service | only with a single domain. This deployment approach incurs a high | |||
| interruption, since at least one domain will not offer PW node | risk of service interruption, since at least one domain will not | |||
| redundancy. This document describes an inter-domain VPLS solution | offer PE node redundancy. This document describes an inter-domain | |||
| that provides PW node redundancy across domains. | VPLS solution that provides PE node redundancy across domains. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 26, 2014. | This Internet-Draft will expire on November 17, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 25 ¶ | skipping to change at page 2, line 25 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Conventions used in this document . . . . . . . . . . . . . . 3 | 2. Conventions used in this document . . . . . . . . . . . . . . 3 | |||
| 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 4. Network Use Case . . . . . . . . . . . . . . . . . . . . . . . 4 | 4. Network Use Case . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. PW redundancy application procedure for inter-domain | 5. PW redundancy application procedure for inter-domain | |||
| redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. ICCP switchover condition . . . . . . . . . . . . . . . . 6 | 5.1. ICCP switchover condition . . . . . . . . . . . . . . . . 6 | |||
| 5.1.1. Inter-domain PW failure . . . . . . . . . . . . . . . 6 | 5.1.1. Inter-domain PW failure . . . . . . . . . . . . . . . 6 | |||
| 5.1.2. PE node isolation . . . . . . . . . . . . . . . . . . 6 | 5.1.2. PE node isolation . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1.3. PE node failure . . . . . . . . . . . . . . . . . . . 6 | 5.1.3. PE node failure . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.2. Inter-domain redundancy with two-PWs . . . . . . . . . . . 6 | 5.2. Inter-domain redundancy with two-PWs . . . . . . . . . . . 7 | |||
| 5.3. Inter-domain redundancy with four-PWs . . . . . . . . . . 7 | 5.3. Inter-domain redundancy with four-PWs . . . . . . . . . . 7 | |||
| 6. Management Considerations . . . . . . . . . . . . . . . . . . 9 | 6. Management Considerations . . . . . . . . . . . . . . . . . . 9 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 9 | 8. IANA Consideration . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 11.1. Normative references . . . . . . . . . . . . . . . . . . . 10 | 11.1. Normative references . . . . . . . . . . . . . . . . . . . 10 | |||
| 11.2. Informative references . . . . . . . . . . . . . . . . . . 10 | 11.2. Informative references . . . . . . . . . . . . . . . . . . 10 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 1. Introduction | 1. Introduction | |||
| In many existing Virtual Private LAN Service (VPLS) deployments based | In many existing Virtual Private LAN Service (VPLS) deployments based | |||
| on [RFC4762], pseudowire (PW) connectivity offers no node redundancy, | on [RFC4762], pseudowire (PW) connectivity offers no Provider Edge | |||
| or offers node redundancy only with a single domain. This deployment | (PE) node redundancy, or offers PE node redundancy only with a single | |||
| approach incurs a high risk of service interruption, since at least | domain. This deployment approach incurs a high risk of service | |||
| one domain will not offer PW node redundancy. This document | interruption, since at least one domain will not offer PE node | |||
| describes an inter-domain VPLS solution that provides PW node | redundancy. This document describes an inter-domain VPLS solution | |||
| redundancy across domains. The redundancy mechanism will provide | that provides PE node redundancy across domains. The redundancy | |||
| node redundancy and link redundancy in both domains. The domain in | mechanism will provide PE node redundancy and link redundancy in both | |||
| domains. The PE throughout the document refers to a routing and | ||||
| bridging capable PE defined in [RFC4762] section 10. The domain in | ||||
| this document refers to autonomous system (AS), or other | this document refers to autonomous system (AS), or other | |||
| administrative domains. | administrative domains. | |||
| The solution relies on the use of Inter-Chassis Communication | The solution relies on the use of Inter-Chassis Communication | |||
| Protocol (ICCP) [I-D.ietf-pwe3-iccp] to coordinate between the two | Protocol (ICCP) [I-D.ietf-pwe3-iccp] to coordinate between the two | |||
| redundant edge nodes, and use of PW Preferential Forwarding Status | redundant edge nodes, and use of PW Preferential Forwarding Status | |||
| Bit [RFC6870] to negotiate the PW status. There is no change to any | Bit [RFC6870] to negotiate the PW status. There is no change to any | |||
| protocol message formats and no new protocol options are introduced. | protocol message formats and no new protocol options are introduced. | |||
| This solution is a description of reusing existing protocol building | This solution is a description of reusing existing protocol building | |||
| blocks to achieve the desired function, but also defines | blocks to achieve the desired function, but also defines | |||
| skipping to change at page 3, line 38 ¶ | skipping to change at page 3, line 40 ¶ | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 3. Motivation | 3. Motivation | |||
| Inter-AS VPLS offerings are widely deployed in service provider | Inter-AS VPLS offerings are widely deployed in service provider | |||
| networks today. Typically, the Autonomous System Border Router | networks today. Typically, the Autonomous System Border Router | |||
| (ASBR) and associated physical links that connect the domains carry a | (ASBR) and associated physical links that connect the domains carry a | |||
| multitude of services. As such, it is important to provide link and | multitude of services. As such, it is important to provide PE node | |||
| node redundancy, to ensure service high availability and meet the end | and link redundancy, to ensure service high availability and meet the | |||
| customer service level agreements (SLAs). | end customer service level agreements (SLAs). | |||
| Several current deployments of inter-AS VPLS are implemented like | Several current deployments of inter-AS VPLS are implemented like | |||
| inter-AS option A in [RFC4364] section 10, where Virtual Local Area | inter-AS option A in [RFC4364] section 10, where Virtual Local Area | |||
| Network (VLAN) is used to hand-off the services between two domains. | Network (VLAN) is used to hand-off the services between two domains. | |||
| In these deployments, link/node redundancy is achieved using Multi- | In these deployments, PE node/link redundancy is achieved using | |||
| Chassis Link Aggregation (MC-LAG) and ICCP [I-D.ietf-pwe3-iccp]. | Multi-Chassis Link Aggregation (MC-LAG) and ICCP | |||
| This, however, places two restrictions on the interconnection: the | [I-D.ietf-pwe3-iccp]. This, however, places two restrictions on the | |||
| two domains must be interconnected using Ethernet links, and the | interconnection: the two domains must be interconnected using | |||
| links must be homogeneous, i.e. of the same speed, in order to be | Ethernet links, and the links must be homogeneous, i.e. of the same | |||
| aggregated. These two conditions can not always be guaranteed in | speed, in order to be aggregated. These two conditions can not | |||
| live deployments. For instance, there are many scenarios where the | always be guaranteed in live deployments. For instance, there are | |||
| interconnection between the domains uses Packet over Synchronous | many scenarios where the interconnection between the domains uses | |||
| Optical Networking (SONET) / Synchronous Digital Hierarchy (SDH), | Packet over Synchronous Optical Networking (SONET) / Synchronous | |||
| thereby ruling out the applicability of MC-LAG as a redundancy | Digital Hierarchy (SDH), thereby ruling out the applicability of MC- | |||
| mechanism. As such, from a technical point of view, it is desirable | LAG as a redundancy mechanism. As such, from a technical point of | |||
| to use PWs to interconnect the VPLS domains, and to offer resiliency | view, it is desirable to use PWs to interconnect the VPLS domains, | |||
| using PW redundancy mechanisms. | and to offer resiliency using PW redundancy mechanisms. | |||
| Multiprotocol Border Gateway Protocol (MP-BGP) can be used for VPLS | Multiprotocol Border Gateway Protocol (MP-BGP) can be used for VPLS | |||
| inter-domain protection, as described in [RFC6074], using either | inter-domain protection, as described in [RFC6074], using either | |||
| option B or option C inter-AS models. However, with this solution, | option B or option C inter-AS models. However, with this solution, | |||
| the protection time relies on BGP control plane convergence. In | the protection time relies on BGP control plane convergence. In | |||
| certain deployments, with tight SLA requirements on availability, | certain deployments, with tight SLA requirements on availability, | |||
| this mechanism may not provide the desired failover time | this mechanism may not provide the desired failover time | |||
| characteristics. Furthermore, in certain situations MP-BGP is not | characteristics. Furthermore, in certain situations MP-BGP is not | |||
| deployed for VPLS. The redundancy solution described in this | deployed for VPLS. The redundancy solution described in this | |||
| document reuses ICCP [I-D.ietf-pwe3-iccp] and PW redundancy [RFC6718] | document reuses ICCP [I-D.ietf-pwe3-iccp] and PW redundancy [RFC6718] | |||
| to provide fast convergence. | to provide fast convergence. | |||
| Furthermore, in the case where Label Switched Multicast is not used | Furthermore, in the case where Label Switched Multicast is not used | |||
| for VPLS multicast [RFC7117], the solution described here provides a | for VPLS multicast [RFC7117], the solution described here provides a | |||
| better behavior compared to inter-AS option B: with option B, each | better behavior compared to inter-AS option B: with option B, each PE | |||
| Provider Edge (PE) must perform ingress replication to all other PEs | must perform ingress replication to all other PEs in its local as | |||
| in its local as well as the remote domain. Whereas, with the ICCP | well as the remote domain. Whereas, with the ICCP solution, the PE | |||
| solution, the PE only replicates to local PEs and to the ASBR. The | only replicates to local PEs and to the ASBR. The ASBR then sends | |||
| ASBR then sends traffic point-to-point to the remote ASBR, and the | traffic point-to-point to the remote ASBR, and the remote ASBR | |||
| remote ASBR replicates to its local PEs. As a result, the load of | replicates to its local PEs. As a result, the load of replication is | |||
| replication is distributed and is more efficient than option B. | distributed and is more efficient than option B. | |||
| Two PW redundancy modes defined in [RFC6718], namely independent mode | Two PW redundancy modes defined in [RFC6718], namely independent mode | |||
| and master/slave mode, are applicable in this solution. In order to | and master/slave mode, are applicable in this solution. In order to | |||
| maintain control plane separation between two domains, the | maintain control plane separation between two domains, the | |||
| independent mode is preferred by operators. The master/slave mode | independent mode is preferred by operators. The master/slave mode | |||
| provides some enhanced capabilities and, hence, is included in this | provides some enhanced capabilities and, hence, is included in this | |||
| document. | document. | |||
| 4. Network Use Case | 4. Network Use Case | |||
| skipping to change at page 8, line 32 ¶ | skipping to change at page 8, line 36 ¶ | |||
| remote peer. The PE with a higher IP address SHOULD ignore the | remote peer. The PE with a higher IP address SHOULD ignore the | |||
| request and continue to wait for the acknowledgement from its peer | request and continue to wait for the acknowledgement from its peer | |||
| in the remote domain. The PE with the lower IP address SHOULD | in the remote domain. The PE with the lower IP address SHOULD | |||
| clear 'request switchover' bit and set 'Preferential Forwarding' | clear 'request switchover' bit and set 'Preferential Forwarding' | |||
| local status bit, and update the PW status to ICCP peer. | local status bit, and update the PW status to ICCP peer. | |||
| o The remote PE receiving 'request switchover' bit SHOULD | o The remote PE receiving 'request switchover' bit SHOULD | |||
| acknowledge the request and activate the PW only when it is ready | acknowledge the request and activate the PW only when it is ready | |||
| to take over as described in section 5.1, otherwise, it SHOULD | to take over as described in section 5.1, otherwise, it SHOULD | |||
| ignore the request. | ignore the request. | |||
| The node isolation failure and node failure is described in section | The PE node isolation failure and PE node failure is described in | |||
| 5.1. | section 5.1. | |||
| For option B of 3:1 protection model, master/slave mode support is | For option B of 3:1 protection model, master/slave mode support is | |||
| required, and should be as follows: | required, and should be as follows: | |||
| o ICCP deployment option: ICCP is deployed on VPLS edge nodes in | o ICCP deployment option: ICCP is deployed on VPLS edge nodes in | |||
| only one domain; | only one domain; | |||
| o PW redundancy mode: master/slave only; | o PW redundancy mode: master/slave only; | |||
| o Protection architectures: 3:1 (3 standby, 1 active). | o Protection architectures: 3:1 (3 standby, 1 active). | |||
| When master/slave PW redundancy mode is employed, the network | When master/slave PW redundancy mode is employed, the network | |||
| operators of two domains must agree on which domain PEs will be | operators of two domains must agree on which domain PEs will be | |||
| skipping to change at page 8, line 48 ¶ | skipping to change at page 9, line 4 ¶ | |||
| only one domain; | only one domain; | |||
| o PW redundancy mode: master/slave only; | o PW redundancy mode: master/slave only; | |||
| o Protection architectures: 3:1 (3 standby, 1 active). | o Protection architectures: 3:1 (3 standby, 1 active). | |||
| When master/slave PW redundancy mode is employed, the network | When master/slave PW redundancy mode is employed, the network | |||
| operators of two domains must agree on which domain PEs will be | operators of two domains must agree on which domain PEs will be | |||
| master, and configure the devices accordingly. The inter-domain PWs | master, and configure the devices accordingly. The inter-domain PWs | |||
| that connect to one PE should have higher PW priority than the PWs on | that connect to one PE should have higher PW priority than the PWs on | |||
| the other PE in the same RG. The procedure on the PE for PW failure | the other PE in the same RG. The procedure on the PE for PW failure | |||
| is as follows: | is as follows: | |||
| o The PE with higher PW priority should only enable one PW active, | o The PE with higher PW priority should only enable one PW active, | |||
| and the other PWs standby. | and the other PWs standby. | |||
| o When the PE detects active PW DOWN, it SHOULD enable the other | o When the PE detects active PW DOWN, it SHOULD enable the other | |||
| local standby PW to be active with preference. Only when two | local standby PW to be active with preference. Only when two | |||
| inter-domain PWs connect to the PE are DOWN, the ICCP peer PE in | inter-domain PWs connect to the PE are DOWN, the ICCP peer PE in | |||
| the same RG SHOULD switchover as described in section 5.1. | the same RG SHOULD switchover as described in section 5.1. | |||
| The node isolation failure and node failure is described in section | The PE node isolation failure and PE node failure is described in | |||
| 5.1. | section 5.1. | |||
| 6. Management Considerations | 6. Management Considerations | |||
| When deploying the inter-domain redundancy mechanism described in | When deploying the inter-domain redundancy mechanism described in | |||
| this document, consistent provisioning is required for proper | this document, consistent provisioning is required for proper | |||
| operation. The two domains must both use the same use case (section | operation. The two domains must both use the same use case (section | |||
| 5.2 or section 5.3). Within each section, all of the described modes | 5.2 or section 5.3). Within each section, all of the described modes | |||
| and options must be provisioned identically both within each RG and | and options must be provisioned identically both within each RG and | |||
| between the RGs. Additionally, for the two-PWs redundancy options | between the RGs. Additionally, for the two-PWs redundancy options | |||
| defined in section 5.2, the two operators must also negotiate to | defined in section 5.2, the two operators must also negotiate to | |||
| skipping to change at page 9, line 30 ¶ | skipping to change at page 9, line 36 ¶ | |||
| mechanism may not work properly. | mechanism may not work properly. | |||
| 7. Security Considerations | 7. Security Considerations | |||
| Besides the security properties of [I-D.ietf-pwe3-iccp] for ICCP | Besides the security properties of [I-D.ietf-pwe3-iccp] for ICCP | |||
| control plane, [RFC4762] and [RFC6870] for PW control plane, this | control plane, [RFC4762] and [RFC6870] for PW control plane, this | |||
| document has additional security consideration for ICCP control | document has additional security consideration for ICCP control | |||
| plane. | plane. | |||
| In this document, ICCP protocol is deployed between two PEs or ASBRs. | In this document, ICCP protocol is deployed between two PEs or ASBRs. | |||
| The two PEs or ASBRs should only be connected by a well managed and | The two PEs or ASBRs should only be connected by a network that is | |||
| highly monitored network. This should be ensured by the operator. | well managed and whose service levels and availability are highly | |||
| monitored. This should be ensured by the operator. | ||||
| The state flapping on the inter-domain and intra-domain PW may cause | The state flapping on the inter-domain and intra-domain PW may cause | |||
| security threats or be exploited to create denial of service attacks. | security threats or be exploited to create denial of service attacks. | |||
| For example, excessive PW state flapping (e.g., by malicious peer | For example, excessive PW state flapping (e.g., by malicious peer | |||
| PE's implementation) may lead to excessive ICCP exchanges. | PE's implementation) may lead to excessive ICCP exchanges. | |||
| Implementations SHOULD provide mechanisms to perform control-plane | Implementations SHOULD provide mechanisms to perform control-plane | |||
| policing and mitigate such types of attacks. | policing and mitigate such types of attacks. | |||
| 8. IANA Consideration | 8. IANA Consideration | |||
| No IANA allocation is required in this document. | No IANA allocation is required in this document. | |||
| 9. Acknowledgements | 9. Acknowledgements | |||
| The author would like to thank Sami Boutros, Giles Heron, Adrian | The authors would like to thank Sami Boutros, Giles Heron, Adrian | |||
| Farrel, Andrew G. Malis and Stephen Kent for their valuable comments. | Farrel, Andrew G. Malis and Stephen Kent for their valuable comments. | |||
| 10. Contributors | 10. Contributors | |||
| Daniel Cohn | Daniel Cohn | |||
| Email:daniel.cohn.ietf@gmail.com | Email:daniel.cohn.ietf@gmail.com | |||
| Yubao Wang | Yubao Wang | |||
| ZTE Corporation | ZTE Corporation | |||
| End of changes. 16 change blocks. | ||||
| 48 lines changed or deleted | 52 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||