BESS WG Y. Wang
Internet-Draft B. Song
Intended status: Standards Track ZTE Corporation
Expires: December 9, 2020 June 7, 2020
Context Label for MPLS EVPN
draft-wang-bess-evpn-context-label-01
Abstract
EVPN is designed to provide a better VPLS service than [RFC4761] and
[RFC4762], and EVPN indeed introduced many new features which
couldn't be achieved in those old VPLS implementions. But EVPN
didn't inherit all features of old VPLS, and a few issues arises for
EVPN only.
Some of these issues can be imputed to the MP2P nature of EVPN
labels. The PW label in old VPLS is a label for P2P VC, so it
contains more context than a identifier in dataplane for it's VSI
instance.But the EVPN label just identifies it's VSI instnace and it
can't stand for the ingress PE in dataplane. So the following issues
arises with MPLS EVPN service:
MPLS EVPN statistics can't be done per ingress PE.
MPLS EVPN can't support hub/spoke use case which the spoke PE can
only connect to each other by the hub PE.
MPLS EVPN can't support AR REPLICATOR.
MPLS EVPN can't support anycast SR-MPLS tunnel on the SPE nodes.
This document introduces a compound label stack to take advantage of
both P2P VC and MP2P evpn labels.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
Wang & Song Expires December 9, 2020 [Page 1]
Internet-Draft EVPN Context Label June 2020
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 9, 2020.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Terminology and Acronyms . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 3
3. Context VC Infrastructure . . . . . . . . . . . . . . . . . . 4
3.1. The Shared Context VCs . . . . . . . . . . . . . . . . . 4
3.1.1. Signalling for Shared Context VCs . . . . . . . . . . 5
3.2. The per-EVI Context VCs . . . . . . . . . . . . . . . . . 6
3.2.1. Signalling for per-EVI Context VCs . . . . . . . . . 6
4. Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Solution for spoke PE isolating on hub PE . . . . . . . . 7
4.2. Solution for per ingress statistics . . . . . . . . . . . 8
4.2.1. Signalling using Context Label Space ID Extended
Community . . . . . . . . . . . . . . . . . . . . . . 8
4.2.2. Signalling using Label of Context-Label-Space
Extended Community . . . . . . . . . . . . . . . . . 9
4.3. Solution for AR REPLICATOR in MPLS EVPN . . . . . . . . . 9
4.4. Solution for anycast tunnel usage on SPE . . . . . . . . 10
5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
8. Normative References . . . . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13
Wang & Song Expires December 9, 2020 [Page 2]
Internet-Draft EVPN Context Label June 2020
1. Terminology and Acronyms
This document uses the following acronyms and terms:
BUM - Broadcast, Unknown unicast, and Multicast.
CE - Customer Edge equipment.
OPE - Originating PE - the original Router of an EVPN route.
PE - Provider Edge equipment.
ORIP - Originating Router's IP address.
PTA - PMSI Tunnel Attribute.
IR - Ingress Replication.
AR - Assisted Replication.
IR PTA - PMSI Tunnel Attribute with tunnel-type = IR.
AR PTA - PMSI Tunnel Attribute with tunnel-type = AR.
IRL - Ingress Replication List, the list for Ingress-Replication BUM
packets forwarding.
LS - Label Space.
CLS - Context Label Space.
2. Problem Statement
EVPN is designed to provide a better VPLS service than RFC4761/
RFC4762, and EVPN indeed introduced many new features which couldn't
be achieved in those old VPLS implemention.But EVPN didn't inherit
all features of old VPLS, and a few issues arises for EVPN only.
Some of these issues can be imputed to the MP2P nature of EVPN
labels. The PW label in old VPLS is a label for P2P VC, so it
contains more context than a identifier in dataplane for it's VSI
instance. But the EVPN label just identifies it's VSI instnace and
it can't stand for the ingress PE in dataplane. So the following
issues arises with MPLS EVPN service:
MPLS EVPN statistics can't be done per ingress PE. All flows from
remote PEs share the same statistics on egress PE, because they share
Wang & Song Expires December 9, 2020 [Page 3]
Internet-Draft EVPN Context Label June 2020
the same EVPN label and the egress PE can't pick them out in the
dataplane.
MPLS EVPN can't support hub/spoke usecase, where the spoke PEs can
only connect to each other through the hub PE. Especially when at
least two of the spoke PEs are connected to a common route reflector.
MPLS EVPN can't work as an AR-REPLICATOR. Because the AR-REPLICATOR
will apply replication for the ingress AR-LEAF too. But a packet
shoud not be sent back to the AR-LEAF where it is received from.
MPLS EVPN SPE cannot make use of SR-MPLS anycast tunnel because the
two SPEs of the anycast tunnel will assign different EVPN labels for
the same EVPN route.
So this document introduces an compound label stack to take advantage
of both P2P VC and MP2P evpn labels.
3. Context VC Infrastructure
In order to add as much context as old VPLS to EVPN data packet, We
can construct a infrastructure by a full-mesh of context VCs among
the EVPN PEs.
Take the context VCs between PE-i and PE-j as an example, VC-ij is
the context VC from PE-i to PE-j, and VC-ji is the context VC from
PE-j to PE-i. The VC-ij identifies the PE-i node on PE-j. The VC-ji
identifies PE-j node on PE-i. The VC-label for VC-ij is called as
L-ij, and the VC-label for VC-ji is called as L-ji.
So the PE-i can push the L-ij in the EVPN data packet for PE-j to
distinguish the packet of PE-i from other data packets. Because the
L-ij identifies the ingress PE of the data packet.
There are two styles of context VC in this draft. One style is named
as shared context VC, the other style is named per-EVI context VC.
3.1. The Shared Context VCs
The shared context VCs are dedicated to identify the context for a
data packet while the EVPN label still identifies the EVPN instance.
Note that typically a shared context VC can be shared by all the EVPN
instances between it's ingress PE and egress PE. In other words, we
don't have to construct a dedicated mesh of context VCs for each
specified EVPN service. So we called the shared context VCs as a
common infrastructure for those EVPN services.
Wang & Song Expires December 9, 2020 [Page 4]
Internet-Draft EVPN Context Label June 2020
3.1.1. Signalling for Shared Context VCs
The VCs of a context VC infrastructure are set up by a context VC
container, the container implements a VC signalling to set up the
VCs. There are two existing signalling protocol can be reused to set
up context VCs for a context VC container.
3.1.1.1. Kompella Signalling for context VC
The signalling used by a Kompella VPLS instance per [RFC4761] can
also be used by a context VC container.
Different from the Kompella VPLS instance, a context VC container
only use the signalling to set up the context VCs. They are the same
in signalling but different in dataplane. Take the PW between PE-i
and PE-j as an example, it is constructed by VC-ij and VC-ji, and
none of the two context VCs will identify a MAC-VRF. In other words
the PW is a context PW.
Note that the context VC containers don't have a MAC-VRF or a MAC-
table, they are just containers for context VC.
3.1.1.2. SR-MPLS signalling for context VC
SR-MPLS signalling is very similar to the singleton pattern of
Kompella VPLS, in spite of their different data plane and service
procedure. The SID is similar to the VE-ID, the SRGB is similar to
the label block.
So the constructed LSPs of the SR-MPLS signalling can be
reinterpreted as context VCs in another label space named S. These
context VCs use the same label values as those SR-LSPs but they are
constructed at the same time in different label spaces. Take the VC-
ij as an example, its label value L-ij is the same as the SID label
for PE-i in PE-j's SRGB. But the VC-ij are constructed in the
context label space S which is identified by a static label. it is
not constructed in the same label space with that SID label.
The context VC signalling may be [RFC8665], [RFC8666], [RFC8667].
The context VC may be established along with SR-LSPs.
Wang & Song Expires December 9, 2020 [Page 5]
Internet-Draft EVPN Context Label June 2020
+---------------------------------+
| underlay ethernet header |
+---------------------------------+
| PSN tunnel label |
+---------------------------------+
| EVPN label |
+---------------------------------+
| Static Label for Label Space S |
+---------------------------------+
| Context VC Label |
+---------------------------------+
| overlay ethernet or IP header |
+---------------------------------+
Figure 1: Encapsulation of Context VC Label in Context Label Space
Note that the static label S is the context label for L-ij, while the
L-ij is the context label for the data packet.
3.2. The per-EVI Context VCs
The per-EVI context VCs are used to identify both the context
(typically the ingress-PE) and the EVPN instance for a data packet at
the same time. In other words, we have to construct a dedicated set
of per-EVI context VCs for each specified EVPN service.
3.2.1. Signalling for per-EVI Context VCs
The IMET route per [RFC7432] have a corresponding route-type in MVPN.
It is, in effect, the Intra-AS I-PMSI route per [RFC6514]. But an
IMET route with Ingress Replication (IR) tunnel type PMSI Tunnel
Attribute (PTA) doesn't need a responding Leaf A-D route. The Leaf
A-D route per [I-D.ietf-bess-evpn-bum-procedure-updates] is required
for P2MP PTA only. In this draft, we use the Leaf A-D route with IR-
PTA to construct per-EVI context-VCs.
3.2.1.1. Construct Leaf A-D Route for IR
PE1 will construct a Leaf A-D route with IR-PTA for EVI1 in response
to an IMET route R1 with IR-PTA. The IMET route R1 is received from
PE2 previously. The key fields of the IMET route is included in the
"Route Type specific" fields of the Leaf A-D route (say R2) along
with the ORIP of PE1 itself. We call the ORIP of PE1 itself as the
Leaf A-D route's "self-ORIP" in order to distinguish it from the
"Route Type specific" ORIP. So the key fields of the Leaf A-D route
is per <EVI1,PE2> basis.
Wang & Song Expires December 9, 2020 [Page 6]
Internet-Draft EVPN Context Label June 2020
The MPLS label field in the IR-PTA of the Leaf A-D route is allocated
per <EVI1,PE2> basis in per-platform label space. So the per-EVI
context VC can identify the EVI1 too.
Note that PE1 may already advertise an IMET route R3 to PE2 before
the advertisement of above Leaf A-D route. Note that the MPLS label
field in the IR-PTA of R2 (Leaf A-D) may be the same label in the IR-
PTA of R3 (IMET) either. In such case, the IR-PTA is included in the
Leaf A-D route along with a "Context Label Space (CLS) ID Extended
Community" per [I-D.ietf-bess-mvpn-evpn-aggregation-label]. The ID-
type field of the CLS-ID EC is 0, the ID-Value field of the CLS-ID EC
is a label of "Shared Context VC" Label.
3.2.1.2. Construct Ingress Replication List by Leaf A-D Route
PE2 receives the responding Leaf A-D route (say R2) of the IMET route
R1 which is previously advertised by itself, and PE2 preiously
received an IMET route R3 with the same ORIP as the self-ORIP of R2 .
Given that R1,R2 and R3 both have a IR-PTA, PE2 SHOULD use R2 to
construct the Ingress Replication List (IRL) item for PE1 instead,
and R3 will not used to construct the IRL-item for PE1 from then on.
Note that when R2 included a CLS-ID EC, the ID-value of the CLS-ID EC
will be used as outgoing label by the IRL-item. It will be used as
the context label of the MPLS label of the IR-PTA.
4. Solutions
4.1. Solution for spoke PE isolating on hub PE
PEs1--------RR1--------PEh---------RR2--------PEs3
/
PEs2-------/
Figure 2: Hub PE and Spoke PEs
Now take above use case for example, there are three spoke PEs and
one hub PE. The spoke PEs are PEs1, PEs2 and PEs3. The hub PE is
PEh. Two of the spoke PEs (PEs1 and PEs2) are connected to the same
RR group and the third one connects to another RR group.
Although we can advertise different EVPN labels for different RR
groups, we can't advertise different EVPN labels for PEs1 and PEs2.
But PEh can request PEs1 or PEs2 to push the label of the context VC
from it to PEh. Benefit from the context VC label, PEh can
Wang & Song Expires December 9, 2020 [Page 7]
Internet-Draft EVPN Context Label June 2020
distinguish where the packet from, in other words, PEh can decide
where the packet can't be sent to.
The signaling for the hub PE to request the spoke PE to push the
context VC label will be added in future versions.
Note that although PEs1 and PEs2 can receive EVPN routes from each
other they won't import these routes because of the hub/spoke
behaviors.
4.2. Solution for per ingress statistics
The EVPN label is allocated from per-platform label space, and it
identifies the EVPN instance as per [RFC7432]. But it also
identifies a context label space LS1.
4.2.1. Signalling using Context Label Space ID Extended Community
The signalling in Section 3.2.1.1 with CLS-ID EC will be used.
But the ID-value in CLS-ID EC is the EVPN Label, and the IR-PTA label
of the Leaf A-D route will be allocated in LS1 per TPE basis, and it
is actually the context VC label. So the context VC label need to be
pushed to the label stack before the EVPN Label. Such encapsulation
is illustrated as the following figure:
+---------------------------------+
| underlay ethernet header |
+---------------------------------+
| PSN tunnel label |
+---------------------------------+
| EVPN label |
+---------------------------------+
| Context VC Label |
+---------------------------------+
| overlay ethernet or IP header |
+---------------------------------+
Figure 3: Encapsulation of Context VC Label for EVPN Payload
Note that the Context VC Label here is not the CLS-ID of the EVPN
Label. But the EVPN label is the CLS-ID of the Context VC Label.
And the label space LS1 may be actually the per-platform label space.
Wang & Song Expires December 9, 2020 [Page 8]
Internet-Draft EVPN Context Label June 2020
4.2.2. Signalling using Label of Context-Label-Space Extended Community
Note that when the label space LS1 is actually the per-platform label
space, and PE1 send a Leaf A-D route with CLS-ID EC to PE2, but PE2
don't recognize the CLS-ID EC, then PE2 will encapsulate the context
VC label without the EVPN label. This will cause packet drop.
So we introduce a new EC called Label of CLS (LoCLS) EC, the LoCLS EC
has the same format as the CLS-ID EC except for a different code-
point of it's "sub-type" field. The ID-Value of the LoCLS EC is a
MPLS label in a context label space identified by the PTA label. And
the MPLS label in LoCLS EC will be pushed to the label stack before
the PTA label by the ingress PE. Typically, the MPLS label of the
LoCLS EC is a downstream assigned label, which means that it will be
used as outgoing label by the PE receiving the LoCLS EC, not as
incomming label.
When constructing the Leaf A-D route, the IR-PTA label is the EVPN
Label, as per [RFC7432]. But the ID-value in LoCLS ES is a label
which is allocated in LS1 per TPE basis, and it is actually the
context VC label. So the context VC label need to be pushed to the
label stack before EVPN Label (which identifies LS1) on ingress PEs.
Note that when PE1 send a Leaf A-D route with LoCLS EC to PE2, but
PE2 don't recognize the LoCLS EC, then PE2 will encapsulate the EVPN
label without the inner context label. This will work as well as
[RFC7432], although the per-ingress statistics can't be applied.
Note that the LoCLS ECs (for different EVIs) received from the same
TPE will be the same label, So we can select a single EVI to use the
Leaf A-D route with LoCLS EC. This EVI is called as administrating
EVI (admin-EVI). The context VC label carried in the Leaf A-D routes
of the admin-EVI will be used for the IMET routes with the same ORIP
in all other ordinary EVIs in such case. Note that all other
ordinary EVIs don't use the Leaf A-D routes with IR-PTA, they use
ordinary IMET routes instead. The admin-EVI need to be configured on
all EVPN-PEs in such case.
4.3. Solution for AR REPLICATOR in MPLS EVPN
LEAF1--------REPLICATOR1--------RNVE1
/
LEAF2-----------/
Figure 4: AR REPLICATOR in MPLS EVPN
Wang & Song Expires December 9, 2020 [Page 9]
Internet-Draft EVPN Context Label June 2020
When REPLICATOR1 node recieves an IMET Route with AR-role = AR-LEAF
from LEAF1 node, REPLICATOR1 SHOLD respond to it with an Leaf A-D
route with AR-PTA. The MPLS label field of the AR-PTA (say AR-PTA
Label) will be allocated following the same rules as the IR-PTA Label
in Section 3.2.1.1. When ALEAF1 receives above Leaf A-D route, the
Leaf A-D route is treated as a Replicator-AR route for the same ORIP,
and then the control-plane procedures works following
[I-D.ietf-bess-evpn-optimized-ir]. When REPLICATOR1 receives data
packets from the AR-PTA Label, REPLICATOR1 will do source-squelching
for LEAF1 which means that these data packets will not be forwarded
back to LEAF1.
Note that the old Replicator-AR route which is in terms of IMET route
will not be used by MPLS EVPN AR-REPLICATOR. Because that the Leaf
A-D routes will take it's place per AR-LEAF basis. But the old
Regular-IR route can still be used by MPLS EVPN AR-REPLICATORs.
4.4. Solution for anycast tunnel usage on SPE
/--------SPE1-------\
TPE1 TPE2
\--------SPE2-------/
Figure 5: SPE with Anycast Tunnel
Now take above use case for example, the two SPEs are the egress
nodes of an anycast SR-MPLS tunnel. The anycast SR-MPLS tunnel is
used to transport flows from TPE1 to either SPE1 or SPE2 according to
load balancing procedures. So SPE1 and SPE2 have to advertise the
same EVPN label independently for a given EVPN route.
In fact, SPE1 and SPE2 can simply inherit the EVPN label from TPE2,
and they advertise it to TPE1 along with a context VC label. The
context VC label is for the context VC from TPE2 to SPE1 or SPE2. We
can make the VC labels from TPE2 to SPE1 and SPE2 have the same value
through configuring.
And the label stack on the anycast SR-MPLS tunnel is constructed as
the following:
Wang & Song Expires December 9, 2020 [Page 10]
Internet-Draft EVPN Context Label June 2020
+---------------------------------+
| underlay ethernet header |
+---------------------------------+
| Anycast SR-MPLS tunnel label |
+---------------------------------+
| Static Label for Label Space S |
+---------------------------------+
| Context VC Label |
+---------------------------------+
| EVPN label |
+---------------------------------+
| overlay ethernet or IP header |
+---------------------------------+
Figure 6: Encapsulation of Context VC Label for EVPN Label
Note that the context VC is also constructed in a context label
space, the label space is identified by a static label. And the
context label space is identified by the same label on all PEs of the
service domain. so the label stacks on the anycast tunnel are the
same for SPE1 and SPE2.
SPE1/SPE2 will perform ILM lookup for the EVPN label in the label
space identified by the context VC label.
5. Security Considerations
This section will be added in future versions.
6. IANA Considerations
The IANA considerations for LoCLS EC in Section 4.2.2 will be added
in future versions.
7. Acknowledgements
The authors would like to thank the following for their comments and
review of this document:
Benchong Xu.
8. Normative References
Wang & Song Expires December 9, 2020 [Page 11]
Internet-Draft EVPN Context Label June 2020
[I-D.ietf-bess-evpn-bum-procedure-updates]
Zhang, Z., Lin, W., Rabadan, J., Patel, K., and A.
Sajassi, "Updates on EVPN BUM Procedures", draft-ietf-
bess-evpn-bum-procedure-updates-08 (work in progress),
November 2019.
[I-D.ietf-bess-evpn-optimized-ir]
Rabadan, J., Sathappan, S., Lin, W., Katiyar, M., and A.
Sajassi, "Optimized Ingress Replication solution for
EVPN", draft-ietf-bess-evpn-optimized-ir-06 (work in
progress), October 2018.
[I-D.ietf-bess-mvpn-evpn-aggregation-label]
Zhang, Z., Rosen, E., Lin, W., Li, Z., and I. Wijnands,
"MVPN/EVPN Tunnel Aggregation with Common Labels", draft-
ietf-bess-mvpn-evpn-aggregation-label-03 (work in
progress), October 2019.
[RFC4761] Kompella, K., Ed. and Y. Rekhter, Ed., "Virtual Private
LAN Service (VPLS) Using BGP for Auto-Discovery and
Signaling", RFC 4761, DOI 10.17487/RFC4761, January 2007,
<https://www.rfc-editor.org/info/rfc4761>.
[RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP
Encodings and Procedures for Multicast in MPLS/BGP IP
VPNs", RFC 6514, DOI 10.17487/RFC6514, February 2012,
<https://www.rfc-editor.org/info/rfc6514>.
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
2015, <https://www.rfc-editor.org/info/rfc7432>.
[RFC8665] Psenak, P., Ed., Previdi, S., Ed., Filsfils, C., Gredler,
H., Shakir, R., Henderickx, W., and J. Tantsura, "OSPF
Extensions for Segment Routing", RFC 8665,
DOI 10.17487/RFC8665, December 2019,
<https://www.rfc-editor.org/info/rfc8665>.
[RFC8666] Psenak, P., Ed. and S. Previdi, Ed., "OSPFv3 Extensions
for Segment Routing", RFC 8666, DOI 10.17487/RFC8666,
December 2019, <https://www.rfc-editor.org/info/rfc8666>.
[RFC8667] Previdi, S., Ed., Ginsberg, L., Ed., Filsfils, C.,
Bashandy, A., Gredler, H., and B. Decraene, "IS-IS
Extensions for Segment Routing", RFC 8667,
DOI 10.17487/RFC8667, December 2019,
<https://www.rfc-editor.org/info/rfc8667>.
Wang & Song Expires December 9, 2020 [Page 12]
Internet-Draft EVPN Context Label June 2020
Authors' Addresses
Yubao Wang
ZTE Corporation
No. 50 Software Ave, Yuhuatai Distinct
Nanjing
China
Email: yubao.wang2008@hotmail.com
Bing Song
ZTE Corporation
No. 50 Software Ave, Yuhuatai Distinct
Nanjing
China
Email: song.bing@zte.com.cn
Wang & Song Expires December 9, 2020 [Page 13]