idnits 2.17.1 draft-ietf-bess-virtual-subnet-fib-reduction-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 30 instances of too long lines in the document, the longest one being 21 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 3, 2016) is 2816 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group X. Xu 3 Internet-Draft Huawei 4 Intended status: Informational C. Jacquenet 5 Expires: February 4, 2017 Orange 6 T. Boyes 7 Bloomberg LP 8 B. Fee 9 Extreme Networks 10 W. Henderickx 11 Alcatel-Lucent 12 August 3, 2016 14 FIB Reduction in Virtual Subnet 15 draft-ietf-bess-virtual-subnet-fib-reduction-03 17 Abstract 19 Virtual Subnet is a BGP/MPLS IP VPN-based subnet extension solution 20 which is intended for building Layer3 network virtualization overlays 21 within and/or between data centers. This document describes a 22 mechanism for reducing the FIB size of PE routers in the Virtual 23 Subnet context. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at http://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on February 4, 2017. 42 Copyright Notice 44 Copyright (c) 2016 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents 49 (http://trustee.ietf.org/license-info) in effect on the date of 50 publication of this document. Please review these documents 51 carefully, as they describe your rights and restrictions with respect 52 to this document. Code Components extracted from this document must 53 include Simplified BSD License text as described in Section 4.e of 54 the Trust Legal Provisions and are provided without warranty as 55 described in the Simplified BSD License. 57 Table of Contents 59 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 60 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 2 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 62 3. Solution Description . . . . . . . . . . . . . . . . . . . . 3 63 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 64 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 65 6. Security Considerations . . . . . . . . . . . . . . . . . . . 6 66 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 67 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 68 7.2. Informative References . . . . . . . . . . . . . . . . . 6 69 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 6 71 1. Introduction 73 Virtual Subnet [RFC7814] is a BGP/MPLS IP VPN [RFC4364] -based subnet 74 extension solution which is intended for building Layer3 network 75 virtualization overlays within and/or across data centers. In the 76 Virtual Subnet context, since CE host routes of a given VPN instance 77 need to be exchanged among PE routers participating in that VPN 78 instance, the resulting forwarding table (a.k.a. FIB) size of PE 79 routers may become a big concern in large-scale data center 80 environment where they may need to install a huge amount of host 81 routes into their forwarding tables. In some cases where host routes 82 need to be maintained on the control plane, it needs a method to 83 reduce the FIB size of PE routers without any change to the RIB and 84 the routing table. Therefore, this document proposes a very simple 85 mechanism for reducing the FIB size of PE routers. The basic idea of 86 this mechanism is: Those host routes learnt from remote PE routers 87 are selectively installed into the FIB while the remaining routes 88 including local CE host routes are installed into the FIB by default 89 as before. 91 1.1. Requirements Language 93 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 94 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 95 document are to be interpreted as described in RFC 2119 [RFC2119]. 97 2. Terminology 99 This memo makes use of the terms defined in [RFC4364]. 101 3. Solution Description 103 +----------+ 104 +----+PE/RR(APR)+----+ 105 +------------------+ | +----------+ | +------------------+ 106 |VPN_A:192.0.2.1/24| | | |VPN_A:192.0.2.1/24| 107 | \ | | | | / | 108 | +------+ \ ++---+-+ +-+---++/ +------+ | 109 | |Host A+------_+ PE-1 | | PE-2 +------+Host B| | 110 | +------+\ ++-+-+-+ +-+-+-++ /+------+ | 111 | 192.0.2.2/24 | | | | | | 192.0.2.3/24 | 112 | | | | | | | | 113 | DC West | | | IP/MPLS Backbone | | | DC East | 114 +------------------+ | | | | +------------------+ 115 | +--------------------+ | 116 | | 117 VRF: V VRF:V 118 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 119 | Prefix | Nexthop |Protocol|In_FIB| | Prefix | Nexthop |Protocol|In_FIB| 120 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 121 |192.0.2.1/32 |127.0.0.1| Direct | Yes | |192.0.2.1/32 |127.0.0.1| Direct | Yes | 122 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 123 |192.0.2.2/32 |192.0.2.2| Direct | Yes | |192.0.2.2/32 | PE-1 | IBGP | No | 124 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 125 |192.0.2.3/32 | PE-2 | IBGP | No | |192.0.2.3/32 |192.0.2.3| Direct | Yes | 126 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 127 |192.0.2.0/25 | APR | IBGP | Yes | |192.0.2.0/25 | APR | IBGP | Yes | 128 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 129 |192.0.2.128/25| APR | IBGP | Yes | |192.0.2.128/25| APR | IBGP | Yes | 130 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 131 |192.0.2.0/24 |192.0.2.1| Direct | Yes | |192.0.2.0/24 |192.0.2.1| Direct | Yes | 132 +--------------+---------+--------+------+ +--------------+---------+--------+------+ 134 Figure 1: Selective IPv4 FIB Installation Example 135 +----------+ 136 +----+PE/RR(APR)+----+ 137 +--------------------+ | +----------+ | +----------------+ 138 |VPN_A: | | | |VPN_A: | 139 |2001:db8::1/64 | | | |2001:db8::1/64 | 140 | \ | | | | / | 141 | +------+ \ ++---+-+ +-+---++/ +------+ | 142 | |Host A+------_+ PE-1 | | PE-2 +------+Host B| | 143 | +------+\ ++-+-+-+ +-+-+-++ /+------+ | 144 | 2001:db8::2/64 | | | | | | 2001:db8::3/64 | 145 | | | | | | | | 146 | DC West | | | IP/MPLS Backbone | | | DC East | 147 +------------------+ | | | | +------------------+ 148 | +--------------------+ | 149 | | 150 VRF: V VRF:V 151 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 152 | Prefix | Nexthop |Protocol|In_FIB| | Prefix | Nexthop |Protocol|In_FIB| 153 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 154 |2001:db8::1/64 | ::1 | Direct | Yes | |2001:db8::1/64 | ::1 | Direct | Yes | 155 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 156 |2001:db8::2/64 |2001:db8::2| Direct | Yes | |2001:db8::2/64 | PE-1 | IBGP | No | 157 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 158 |2001:db8::3/64 | PE-2 | IBGP | No | |2001:db8::3/64 |2001:db8::3| Direct | Yes | 159 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 160 |2001:db8::0/63 | APR | IBGP | Yes | |2001:db8::0/63 | APR | IBGP | Yes | 161 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 162 |2001:db8::128/63| APR | IBGP | Yes | |2001:db8::128/63| APR | IBGP | Yes | 163 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 164 |2001:db8::0/64 |2001:db8::1| Direct | Yes | |2001:db8::0/64 |2001:db8::1| Direct | Yes | 165 +----------------+-----------+--------+------+ +----------------+-----------+--------+------+ 167 Figure 2: Selective IPv6 FIB Installation Example 169 To reduce the FIB size of PE routers, the selective FIB installation 170 concept as described in [I-D.ietf-grow-va] can be leveraged in the 171 Virtual Subnet context. Take the VPN instance demonstrated in 172 Figure 1 or Figure 2 as an example, the FIB reduction procedures are 173 described as follows: 175 1. Multiple more specific prefixes (e.g., 192.0.2.0/25 and 176 192.0.2.128/25 in IPv4 example, or 2001:db8::0/63 and 177 2001:db8::128/63 in IPv6 example ) corresponding to an extended 178 subnet (i.e., 192.0.2.0/24 in IPv4 example, or 2001:db8::0/64 in 179 IPv6 example) are specified as Virtual Prefixes (VPs). 180 Meanwhile, one or more PE routers (or route reflectors) are 181 configured as Aggregation Point Routers (APR) for each VP. The 182 APRs for a given VP would install a null route to that VP while 183 propagating a route to that VP via the L3VPN signaling. 185 2. For a given host route in the routing table which is learnt from 186 any remote PE router, PE routers which are non-APRs for any VP 187 covering this host route would not install it into the FIB by 188 default. In contrast, PE routers (or route reflectors) which are 189 APRs for any VP covering that host route would install it into 190 the FIB. If one or more particular remote host routes need to be 191 installed by non-APR PE routers by default as well for whatever 192 reasons, the best way to realize such goal is to attach a special 193 extended communities attribute to those particular host routes 194 either by originating PE routers or by route reflectors. Upon 195 receiving any host routes attached with the above extended 196 communities attribute, non-APR PE routers SHOULD install them by 197 default. 199 3. Upon receiving a packet destined for a given remote CE host, if 200 no host route for that CE host is found in the FIB, the ingress 201 PE router would forward the packet to a given APR according to 202 the longest-matching VP route, which in turn forwards the packet 203 to the final egress PE router. In this way, the FIB size of 204 those non-APR PE routers can be greatly reduced at the potential 205 cost of path stretch. 207 In order to forward packets destined for remote CE hosts directly to 208 the final egress PE routers without the potential path stretch 209 penalty, non-APR PE routers could perform on-demand FIB installation 210 for remote host routes which are available in the routing table. For 211 example, upon receiving an ARP request or Neighbor Solicitation (NS) 212 message from a local CE host, the non-APR PE router would perform a 213 lookup in the routing table. If a corresponding host route for the 214 target host is found but not yet installed into the FIB, it would be 215 installed into the FIB. Another possible way to trigger on-demand 216 FIB installation is as follows: when receiving a packet whose 217 longest-matching FIB entry is a particular VP route learnt from any 218 APR, a copy of this packet would be sent to the control plane while 219 this original packet is forwarded as normal. The above copy sent to 220 the control plane would trigger a lookup in the routing table. If a 221 corresponding host route is found but not yet installed into the FIB, 222 it would be installed into the FIB. To provide robust protection 223 against DoS attacks on the control plane, rate-limiting of the above 224 packets sent to the control plane MUST be enabled. Those FIB entries 225 for remote CE host routes which are on-demand installed on non-APR PE 226 routers would expire if not used for a certain period of time. 228 4. Acknowledgements 230 The authors would like to thank Susan Hares, Yongbing Fan, Robert 231 Raszuk, Bruno Decraene and Fred Baker for their valuable suggestions 232 on this document. 234 5. IANA Considerations 236 The type value for the Extended Communities Attributes as described 237 in this doc is required to be allocated by the IANA. 239 6. Security Considerations 241 Those security considerations as described in [RFC7814] are 242 applicable to this document. This document does not introduce any 243 new security risk. 245 7. References 247 7.1. Normative References 249 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 250 Requirement Levels", BCP 14, RFC 2119, 251 DOI 10.17487/RFC2119, March 1997, 252 . 254 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 255 Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February 256 2006, . 258 [RFC7814] Xu, X., Jacquenet, C., Raszuk, R., Boyes, T., and B. Fee, 259 "Virtual Subnet: A BGP/MPLS IP VPN-Based Subnet Extension 260 Solution", RFC 7814, DOI 10.17487/RFC7814, March 2016, 261 . 263 7.2. Informative References 265 [I-D.ietf-grow-va] 266 Francis, P., Xu, X., Ballani, H., Jen, D., Raszuk, R., and 267 L. Zhang, "FIB Suppression with Virtual Aggregation", 268 draft-ietf-grow-va-06 (work in progress), December 2011. 270 Authors' Addresses 272 Xiaohu Xu 273 Huawei 275 Email: xuxiaohu@huawei.com 276 Christian Jacquenet 277 Orange 279 Email: christian.jacquenet@orange.com 281 Truman Boyes 282 Bloomberg LP 284 Email: tboyes@bloomberg.net 286 Brendan Fee 287 Extreme Networks 289 Email: bfee@enterasys.com 291 Wim Henderickx 292 Alcatel-Lucent 294 Email: wim.henderickx@alcatel-lucent.com