BESS Workgroup                                                A. Sajassi
INTERNET-DRAFT                                              P. Brissette
Intended Status: Standards Track                                   Cisco
                                                               J. Uttaro
                                                                     ATT
                                                                J. Drake
                                                                  W. Lin
                                                                 Juniper
                                                              S. Boutros
                                                                  VMWare
                                                              J. Rabadan
                                                                   Nokia

Expires: January 6, 2016                                    July 6, 2016


               EVPN VPWS Flexible Cross-Connect Service
                draft-sajassi-bess-evpn-vpws-fxc-00.txt


Abstract

   This document describes a new EVPN VPWS VLAN-aware bundle service
   type referred to as flexible cross-connect service. It also describes
   the rational for this new service as well as a solution to deliver
   such service.


Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html



Sajassi et al.          Expires January 6, 2016                 [Page 1]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


Copyright and License Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.




Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1  Terminology . . . . . . . . . . . . . . . . . . . . . . . .  3
   2 Conflicting Requirements . . . . . . . . . . . . . . . . . . . .  4
   4 Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
     4.1 VLAN-Unaware Flexible Xconnect - Single-Homing . . . . . . .  7
     4.2 VLAN-Aware Flexible Xconnect . . . . . . . . . . . . . . . .  8
     4.3 VLAN-Unaware Flexible Xconnect - Multi-Homing  . . . . . . .  8
   5. BGP Extensions  . . . . . . . . . . . . . . . . . . . . . . . .  9
   6 Failure Scenarios  . . . . . . . . . . . . . . . . . . . . . . . 10
     6.2 EVPN VPWS service Failure  . . . . . . . . . . . . . . . . . 10
     6.2 Attachment Circuit Failure . . . . . . . . . . . . . . . . . 10
     6.3 PE Port Failure  . . . . . . . . . . . . . . . . . . . . . . 10
     6.4 PE Node Failure  . . . . . . . . . . . . . . . . . . . . . . 10
   7  Security Considerations . . . . . . . . . . . . . . . . . . . . 10
   8  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 10
   9  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     9.1  Normative References  . . . . . . . . . . . . . . . . . . . 11
     9.2  Informative References  . . . . . . . . . . . . . . . . . . 11
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11












Sajassi et al.          Expires January 6, 2016                 [Page 2]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


1  Introduction

   [EVPN-VPWS] describes a solution to deliver P2P services using BGP
   constructs defined in [RFC7432]. It delivers this P2P service between
   a pair of Attachment Circuits (ACs), where an AC can designate on a
   PE a port, a VLAN on a port, or a group of VLANs on a port. It also
   leverages multi-homing and fast convergence capabilities of [RFC7432]
   in delivering these VPWS services. Multi-homing capabilities include
   the support of single-active and all-active redundancy mode and fast
   convergence is provided using "mass withdraw" message in control-
   plane and fast protection switching using prefix independent
   convergence in data-plane upon node or link failure. Furthermore, the
   use of EVPN BGP constructs eliminates the need for multi-segment PW
   auto-discovery and signaling if the VPWS service need to span across
   multiple ASes.

   Some service providers have very large number of ACs (in millions)
   that require tag manipulation (e.g., VLAN translation) to be back
   hauled across their MPLS/IP network. These service providers want to
   multiplex a large number of ACs across several physical interfaces
   (e.g., several Ethernet Segments) onto a single VPWS service tunnel
   in order to a) reduce number of EVPN service labels associated with
   VPWS service tunnels and thus the associated OAM monitoring, and b)
   reduce EVPN BGP signaling (e.g., not to signal each AC as it is the
   case in [EVPN-VPWS]).

   These service provider want the above functionality without
   scarifying any of the capabilities of [EVPN-VPWS] including  single-
   active and all-active multi-homing, and fast convergence.

   This document presents a solution based on extensions to [EVPN-VPWS]
   to meet the above requirements.


1.1  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   MAC: Media Access Control

   MPLS: Multi Protocol Label Switching

   OAM: Operations, Administration and Maintenance

   PE: Provide Edge Node




Sajassi et al.          Expires January 6, 2016                 [Page 3]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   CE: Customer Edge device e.g., host or router or switch

   EVPL: Ethernet Virtual Private Line

   EPL: Ethernet Private Line

   ES: Ethernet Segment

   VPWS: Virtual private wire service

   EVI: EVPN Instance

   VPWS Service Tunnel: It is represented by a pair of EVPN service
   labels associated with a pair of endpoints. Each label is downstream
   assigned and advertised by the disposition PE through an Ethernet A-D
   per-EVI route. The downstream label identifies the endpoint on the
   disposition PE. A VPWS service tunnel can be associated with many
   VPWS service identifiers for VLAN-aware VPWS service where each
   identifier is a normalized VID.

   Single-Active Mode: When a device or a network is multi-homed to two
   or more PEs and when only a single PE in such redundancy group can
   forward traffic to/from the multi-homed device or network for a given
   VLAN, then such multi-homing or redundancy is referred to as "Single-
   Active".

   All-Active: When a device is multi-homed to two or more PEs and when
   all PEs in such redundancy group can forward traffic to/from the
   multi-homed device for a given VLAN, then such multi-homing or
   redundancy is referred to as "All-Active".


2 Conflicting Requirements

   Two of the main motivations for service providers seeking a new
   solution are: 1) to reduce number of VPWS service tunnels by muxing
   large number of ACs across different physical interfaces instead of
   having one VPWS service tunnel per AC, and 2) to reduce the signaling
   of ACs as much as possible. Besides these two requirements, they also
   want multi-homing and fast convergence capabilities of [EVPN-VPWS].

   In [EVPN-VPWS], a PE signals an AC indirectly by first associating
   that AC to a VPWS service tunnel (e.g., a VPWS service instance) and
   then signaling the VPWS service tunnel via a per-EVI Ethernet AD
   route with Ethernet Tag field set to a 24-bit VPWS service instance
   identifier (which is unique within the EVI) and ESI field set to a
   10-octet identifier of the Ethernet Segment corresponding to that AC.
   Therefore, a PE device that receives such EVPN routes, can associate



Sajassi et al.          Expires January 6, 2016                 [Page 4]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   the VPWS service tunnel to the remote Ethernet Segment, and when the
   remote ES fails and the PE receives the "mass withdraw" message
   associated with the failed ES per [RFC7432], it can update its BGP
   path list for that VPWS service tunnel quickly and achieve fast
   convergence for multi-homing scenarios. Even if fast convergence were
   not needed, there would still be a need for signaling each AC failure
   (via its corresponding VPWS service tunnel) associated with the
   failed ES, so that the BGP path list for each of them gets updated
   accordingly and the packets are sent to backup PE (in case of single-
   active multi-homing) or to other PEs in the redundancy group (in case
   of all-active multi-homing). In absence of updating the BGP path
   list, the traffic for that VPWS service tunnel will be black-holed.

   When a single VPWS service tunnel multiplexes many ACs across number
   of Ethernet Segments (number of physical interfaces) and the ACs are
   not signaled via EVPN BGP to remote PE devices, then the remote PE
   devices neither know the association of the received Ethernet Segment
   to these ACs (and in turn to their local ACs) nor they know the
   association of the VPWS service tunnel (e.g., EVPN service label) to
   the far-end ACs - i.e, the remote PEs only know the association of
   their local ACs to the VPWS service tunnel but not the far-end ACs.
   Thus upon a connectivity failure to the ES, they don't know how to
   redirect traffic via another multi-homing PE to that ES. In other
   words, even if an ES failure is signaled via EVPN to the remote PE
   devices, they don't know what to do with such message because they
   don't know the association among the ES, their ACs, and the VPWS
   service tunnel.

   In order to address this issue when multiplexing large number of ACs
   onto a single VPWS service tunnel, two mechanisms are devised: one to
   support VPWS services between two single-homed endpoints and another
   one to support VPWS services where one of the endpoints is multi-
   homed. An endpoint can be an AC, MAC-VRF, IP-VRF, global table, or
   etc.

   For single-homed endpoints, it is OK not to signal each AC in BGP
   because upon connection failure to the ES, there is no alternative
   path to that endpoint. However, the ramification for not signaling an
   AC failure is that the traffic destined to the failed AC, is sent
   over MPLS/IP core and then gets discarded at the destination PE -
   i.e., it can waste network resources. However, when there is a
   connection failure, the application layer will eventually stop
   sending traffic and thus this wastage of network resources should be
   transient. Section 4.1 describes a solution for such single-homing
   VPWS service which is called VLAN-Unaware flexible cross-connect
   service.

   For VPWS services where one of the endpoints is multi-homed, there



Sajassi et al.          Expires January 6, 2016                 [Page 5]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   are two options:

   1) to signal each AC via BGP so that the path list can be updated
   upon a failure that impacts those ACs. This solution is described in
   section 4.2 and it is called VLAN-Aware flexible cross-connect
   service.

   2) to bundle several ACs on an ES together per destination ES (or PE)
   and associated such bundle to a single VPWS service tunnel. This is
   similar to VLAN-bundle service interface described in [EVPN-VPWS].
   This solution is described in section 4.3.


4 Solution

   This section describes a solution for providing a new VPWS service
   between two PE devices where a large number of ACs (e.g., VLANs) that
   span across many physical interfaces on each PE are multiplex onto a
   single P2P EVPN LSP tunnel. Since multiplexing is done across several
   physical interfaces, there can be overlapping VLAN IDs across these
   interfaces; therefore, in such scenarios, the VLAN IDs (VIDs) MUST be
   translated into unique VIDs to avoid collision. Furthermore, if the
   number of VLANs that are getting multiplex onto a single VPWS service
   tunnel, exceed 4K, then a single tag to double tag translation MUST
   be performed. This translation of VIDs into unique VIDs (either
   single or double) is referred to as "VID normalization". When single
   normalized VID is used, the lower 12-bit of Ethernet tag field in
   EVPN routes is set to that VID and when double normalized VID is
   used, the  lower 12-bit of Ethernet tag field is set to inner VID and
   the higher 12-bit is set to the outer VID.

   Since there is only a single P2P EVPN LSP tunnel associated with many
   normalized VIDs (either single or double), MPLS lookup at the
   disposition PE is no longer sufficient to forward the packet to the
   right egress endpoint/interface. Therefore, in addition to an EVPN
   label lookup corresponding to the VPWS service tunnel, a VID lookup
   (either single or double) is also required. On the disposition PE,
   one can think of the lookup of EVPN label results in identification
   of a VID table, and the lookup of normalized VID(s) in that table,
   results in identification of egress endpoint/interface. The tag
   manipulation (translation from normalized VID(s) to local VID) can be
   performed either as part of the VID table lookup or at the egress
   interface itself.

   Since VID lookup (single or double) needs to be performed at the
   disposition PE, then VID normalization MUST be performed prior to the
   MPLS encapsulation on the ingress PE. This requires that both
   imposition and disposition PE devices be capable of VLAN tag



Sajassi et al.          Expires January 6, 2016                 [Page 6]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   manipulation, such as re-write (single or double), addition, deletion
   (single or double),  at their endpoints (e.g., their physical
   interfaces).


4.1 VLAN-Unaware Flexible Xconnect - Single-Homing

   In this mode of operation, many ACs across several Ethernet Segments
   are multiplex into a single P2P EVPN LSP tunnel represented by a
   single VPWS service ID. VLAN-Unaware mode for this solution means
   that VLANs (normalized VIDs) are not signaled via EVPN BGP among the
   PEs. In this solution, there is only a single P2P EVPN LSP tunnel
   between a pair of PEs for all their ACs that are single-homed.

   As discussed previously, since the VPWS service tunnel is used to
   multiplex ACs across different ES's (e.g., physical interfaces), the
   EVPN label alone is not sufficient for proper forwarding of the
   received packets (over MPLS/IP network) to egress interfaces.
   Therefore, normalized VID lookup is required in the disposition
   direction to forward packets to their proper egress end-points/
   interfaces - i.e., the EVPN label lookup identifies a VID table and
   subsequently, the normalized VID lookup in that table, identifies the
   egress interface.

   In this solution, on each PE, the single-homing ACs represented by
   their normalized VIDs are associated with a single VPWS service
   tunnel (in a given EVI). The EVPN route that gets generated is an
   EVPN Ethernet AD per EVI route with ESI=0, Ethernet Tag field set to
   VPWS service instance ID, MPLS label field set to dynamically
   generated EVPN service label representing the EVPN VPWS service. This
   route is sent with an RT representing the EVI. This RT can be auto-
   generated from the EVI per section 5.1.2.1 of [EVPN-Overlay].
   Furthermore, this route is sent with the EVPN Layer-2 Extended
   Community defined in section 3.1 of [EVPN-VPWS] with two new flags
   (defined in section 5) that indicate: 1) this VPWS service tunnel is
   for VLAN-unaware Flexible Cross-Connect, and 2) normalized VID type
   (single versus double). The receiving PE uses these new flags for
   consistency check and MAY generate an alarm if it detects
   inconsistency but doesn't bring down the VPWS service because such
   inconsistency may be intentional - i.e., one side is configured for
   VLAN-aware VPWS service and another side is configured for VLAN-
   unaware VPWS service.

   It should be noted that in this mode of operation, a single Ethernet
   AD route is sent upon configuration of the first AC (ie, normalized
   VID). Later, when additional ACs are configured and associated with
   this EVPN VPWS service tunnel, the PE does not advertise any
   additional EVPN BGP routes. The PE only associates locally these ACs



Sajassi et al.          Expires January 6, 2016                 [Page 7]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   with the already created VPWS service tunnel.


4.2 VLAN-Aware Flexible Xconnect

   In this mode of operation, just as the VLAN-unaware mode, many
   normalized VIDs (ACs) across several different ES's/interfaces are
   multiplexed into a single P2P EVPN LSP tunnel; however, this single
   tunnel is represented by many VPWS service IDs (one per normalized
   VID) and these normalized VIDs are signaled using EVPN BGP.

   In this solution, on each PE, the multi-homing ACs represented by
   their normalized VIDs are configured with a single EVI. There is no
   need to configure VPWS service instance ID in here. A VPWS service
   instance ID is derived automatically from each normalized VID. For
   each normalized VID on each ES, the PE generates an EVPN Ethernet AD
   per EVI route where ESI field represents the ES ID, the Ethernet Tag
   field is set to the normalized VID, MPLS label field is set to
   dynamically generated EVPN label representing the P2P EVPN LSP
   tunnel. This route is sent with an RT representing the EVI. As
   before, this RT can be auto-generated from the EVI per section
   5.1.2.1 of [EVPN-Overlay]. Furthermore, this route is sent with the
   EVPN Layer-2 Extended Community defined in section 3.1 of [EVPN-VPWS]
   with two new flags (defined in section 5) that indicate: 1) this VPWS
   service tunnel is for VLAN-aware Flexible Cross-Connect, and 2)
   normalized VID type (single versus double). The receiving PE uses
   these new flags for consistency check and MAY generate an alarm if it
   detects inconsistency but doesn't bring down the VPWS service because
   such inconsistency may be intentional - i.e., one side is configured
   for VLAN-aware VPWS service and another side is configured for VLAN-
   unaware VPWS service.

   It should be noted that in this mode of operation, the PE sends a
   single Ethernet AD route for each AC that is configured - i.e., each
   normalized VID that is configured per ES results in generation of an
   EVPN Ethernet AD per EVI.

   This mode of operation provides automatic cross checking of
   normalized VIDs used for EVPL services because these VIDs are
   signaled in EVPN BGP. For example, if the same normalized VID is
   configured on three PE devices (instead of two) for the same EVI,
   then when a PE receives the second EVPN Eth-AD per EVI route, it
   generates an error message unless the two EVPN Eth-AD per EVI routes
   include the same ESI. Such cross-checking is not feasible in VLAN-
   unaware FXC because the normalized VIDs are not signaled.

4.3 VLAN-Unaware Flexible Xconnect - Multi-Homing




Sajassi et al.          Expires January 6, 2016                 [Page 8]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   In this mode of operation, a group of normalized VIDs (ACs) on a
   single ES that are destined to a single endpoint/interface are
   multiplexed into a single P2P EVPN LSP tunnel represented by a single
   VPWS service ID. This mode of operation is the same as VLAN-bundle
   service interface of [EVPN-VPWS] except for the fact that VIDs on
   Ethernet frames are normalized before getting sent over the LSP
   tunnel.

   In the previous two modes of operation, only a single EVPN VPWS
   service tunnel is needed per pair of PEs. However, in this mode of
   operation, there can be lot more service tunnels per pair of PEs  -
   i.e, there is one tunnel per group of VIDs per pair of PEs and there
   can be many groups between a pair of PEs, thus resulting in many EVPN
   service tunnels.



5. BGP Extensions

   This draft uses the EVPN Layer-2 attribute extended community defined
   in [EVPN-VPWS] with two additional flags added to this EC as
   described below. This EC is to be advertised with Ethernet A-D per
   EVI route per section 4.



           +------------------------------------+
           |  Type(0x06)/Sub-type(TBD)(2 octet) |
           +------------------------------------+
           |  Control Flags (2 octets)          |
           +------------------------------------+
           |  L2 MTU (2 octets)                 |
           +------------------------------------+
           |  Reserved (2 octets)               |
           +------------------------------------+



            0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           |   MBZ           | V | M |C|P|B|  (MBZ = MUST Be Zero)
           +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


   The following bits in the Control Flags are defined; the remaining
   bits MUST be set to zero when sending and MUST be ignored when
   receiving this community.




Sajassi et al.          Expires January 6, 2016                 [Page 9]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


        Name     Meaning

        B,P,C    per definition in [EVPN-VPWS]

        M        00 mode of operation as defined in [EVPN-VPWS]
                 01 VLAN-aware FXC
                 10 VLAN-unaware FXC



        V        00 operating per [EVPN-VPWS]
                 01 single-VID normalization
                 10 double-VID normalization


   The M and V fields are OPTIONAL on transmission and ignored at
   reception for forwarding purposes. They are used for error
   notifications.

6 Failure Scenarios

6.2 EVPN VPWS service Failure

   The failure detection of an EVPN VPWS service can be performed via
   OAM mechanisms such as VCCV-BFD and upon such failure detection, the
   switch over procedure to the backup S-PE is the same as the one
   described above.

6.2 Attachment Circuit Failure


6.3 PE Port Failure


6.4 PE Node Failure

   In the case of PE node failure, the operation is similar to the steps
   described above, albeit that EVPN route withdrawals are performed by
   the Route Reflector instead of the PE.


7  Security Considerations

   TBD.


8  IANA Considerations




Sajassi et al.          Expires January 6, 2016                [Page 10]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   TBD


9  References

9.1  Normative References

   [RFC7432]  Sajassi et al., "Ethernet VPN", RFC 7432, February 2015.

   [EVPN-IRB] Sajassi et al., "Integrated Routing and Bridging in EVPN",
               draft-ietf-bess-evpn-inter-subnet-forwarding-00, work in
              progress, November 2014.

   [EVPN-PREFIX] Rabadan et al., "IP Prefix Advertisement in EVPN",
              draft-ietf-bess-evpn-prefix-advertisement-02, work in
              progress, September 2015.

   [RFC6718] Muley P., et al., "Pseudowire Redundancy", RFC 6718, August
              2012.

   [RFC6870] Muley P., et al., "Pseudowire Preferential Forwarding
              Status Bit", RFC 6870, February 2013.


9.2  Informative References

   [BGP-PIC] Bashandy A. et al., "BGP Prefix Independent Convergence",
              draft-rtgwg-bgp-pic-02.txt, work in progress, October
              2013.


Authors' Addresses


   A. Sajassi
   Cisco
   EMail: sajassi@cisco.com



   P. Brissette
   Cisco
   EMail: pbrisset@cisco.com



   J. Uttaro
   ATT



Sajassi et al.          Expires January 6, 2016                [Page 11]


INTERNET DRAFT          EVPN VPWS Flex Xconnect             July 6, 2016


   EMail: ju1738@att.com



   J. Drake
   Juniper
   EMail: jdrake@juniper.net



   S. Boutros
   ATT
   EMail: boutros.sami@gmail.com



   W. Lin
   Juniper
   EMail: wlin@juniper.net



   J. Rabadan
   jorge.rabadan@nokia.com



























Sajassi et al.          Expires January 6, 2016                [Page 12]