Network Working Group                                              X. Xu
Internet-Draft                                                    Huawei
Intended status: Informational                                  S. Hares
Expires: February 8, 2016                                     Individual
                                                                  Y. Fan
                                                           China Telecom
                                                            C. Jacquenet
                                                                  Orange
                                                                T. Boyes
                                                            Bloomberg LP
                                                                  B. Fee
                                                        Extreme Networks
                                                          August 7, 2015


                    RIB Reduction in Virtual Subnet
             draft-xu-bess-virtual-subnet-rib-reduction-01

Abstract

   Virtual Subnet is a BGP/MPLS IP VPN-based subnet extension solution
   which is intended for building Layer3 network virtualization overlays
   within and/or across data centers.  This document describes a
   mechanism for reducing the RIB size of PE routers in the Virtual
   Subnet context.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 8, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Xu, et al.              Expires February 8, 2016                [Page 1]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Solution Description  . . . . . . . . . . . . . . . . . . . .   3
   4.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   Virtual Subnet [I-D.ietf-bess-virtual-subnet] is a BGP/MPLS IP VPN
   [RFC4364] -based subnet extension solution which is intended for
   building Layer3 network virtualization overlays within and/or across
   data centers.  In the Virtual Subnet context, since CE host routes of
   a given VPN instance need to be exchanged among PE routers
   participating in that VPN instance, the resulting routing table size
   of PE routers may become a big concern, especially in large-scale
   data center environment where they may need to install a huge amount
   of host routes into their routing tables.

   [I-D.ietf-bess-virtual-subnet-fib-reduction] describes a method to
   reduce the FIB size of PE routers without any change to the RIB and
   the routing table.  This FIB reduction approach is applicable in the
   case where the control plane of PE routers still needs to maintain
   all host routes of the attached VPN instances for some reason (e.g.,
   to support multicast VPN service).  In the case where the control
   plane of PE routers doesn't need to maintain all host routes of the
   attached VPN instances, the RIB size of PE routers can be reduced as
   well which would be beneficial for CPU and memory resource saving
   purpose.  This document proposes a very simple RIB reduction
   mechanism.  The basic idea of this mechanism is: remote host routes




Xu, et al.              Expires February 8, 2016                [Page 2]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


   are learnt by PE routers on demand by using the L3VPN Address Prefix
   ORF as described in [I-D.xu-bess-l3vpn-prefix-orf].

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.  Terminology

   This memo makes use of the terms defined in [RFC4364].

3.  Solution Description

                                 +------+
                          +------+  RR  +------+
    +-----------------+   |      +------+      |   +-----------------+
    |VPN_A:10.1.1.1/24|   |                    |   |VPN_A:10.1.1.1/24|
    |              \  |   |                    |   |  /              |
    |  +------+     \++---+-+                +-+---++/     +------+  |
    |  |Host A+------+ PE-1 |                | PE-2 +------+Host B|  |
    |  +------+\     ++-+-+-+                +-+-+-++     /+------+  |
    |   10.1.1.2/24   | | |                    | | |    10.1.1.3/24  |
    |                 | | |                    | | |                 |
    |     DC West     | | |  IP/MPLS Backbone  | | |      DC East    |
    +-----------------+ | |                    | | +-----------------+
                        | +--------------------+ |
                        |                        |
VRF_A :                 V                VRF_A : V
+-------------+---------+--------+      +-------------+---------+--------+
|   Prefix    | Nexthop |Protocol|      |   Prefix    | Nexthop |Protocol|
+-------------+---------+--------+      +-------------+---------+--------+
|10.1.1.1/32  |127.0.0.1| Direct |      |10.1.1.1/32  |127.0.0.1| Direct |
+-------------+---------+--------+      +-------------+---------+--------+
|10.1.1.2/32  |10.1.1.2 | Direct |      |10.1.1.3/32  |10.1.1.3 | Direct |
+-------------+---------+--------+      +-------------+---------+--------+
|10.1.1.0/25  |    RR   |  IBGP  |      |10.1.1.0/25  |    RR   |  IBGP  |
+-------------+---------+--------+      +-------------+---------+--------+
|10.1.1.128/25|    RR   |  IBGP  |      |10.1.1.128/25|    RR   |  IBGP  |
+-------------+---------+--------+      +-------------+---------+--------+
|10.1.1.0/24  |10.1.1.1 | Direct |      |10.1.1.0/24  |10.1.1.1 | Direct |
+-------------+---------+--------+      +-------------+---------+--------+

                      Figure 1: RIB Reduction Example

   To reduce the RIB size of PE routers in the Virtual Subnet context,
   the L3VPN Address Prefix ORF mechanism is used to realize on-demand



Xu, et al.              Expires February 8, 2016                [Page 3]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


   route announcement.  Take the VPN instance as shown in Figure 1 as an
   example, the RIB reduction procedures are described as follows:

   1.  PE routers as RR clients advertise host routes for their local CE
       hosts to the RR by using Rout Target (RT) ORF [RFC4364] (i.e.,
       the RR is configured to advertise route refresh messages
       containing a RT-ORF entry corresponding to that VPN instance) or
       Route Target (RT) Constrain [RFC4684] (i.e., the RR is configured
       to advertise update messages containing RT membership information
       corresponding to that VPN instance).  Those PE routers belonging
       to that VPN instance which don't want to receive remote CE host
       routes of that VPN instance would notify the RR not to advertise
       any host route to them by using the L3VPN Address Prefix ORF
       mechanism (i.e., only requesting L3VPN routes with prefix length
       less than 32 (in the VPNv4 case) or 128 (in the VPNv6 case)).

   2.  Meanwhile, the RR is configured with static routes for more
       specific subnets (e.g., 10.1.1.0/25 and 10.1.1.128/25)
       corresponding to the extended subnet (e.g., 10.1.1.0/24) with
       next-hop being pointed to Null0 and then redistributes these
       routes to BGP.  In the case where the RR is not available for
       transferring L3VPN traffic between PE routers for some reason
       (e.g., the RR is running on a server), a particular PE router
       other than the RR could be selected to advertise the above more
       specific subnet routes as long as that PE router has learnt all
       remote host routes belonging to that VPN instance.

   3.  Upon receiving a packet destined for a remote CE host from a
       local CE host, if there is no host route for that remote CE host
       in the FIB, the ingress PE router will forward the packet to the
       RR according to the longest-matching subnet routes learnt from
       the RR, which in turn forwards the packet to the relevant egress
       PE router according to the host route learnt from that egress PE
       router.  As such, the RIB size of PE routers can be greatly
       reduced at the cost of path stretch.

   4.  In order to forward packets destined for that remote CE host
       directly to the corresponding egress PE router without any
       potential path stretch penalty, ingress PE routers could perform
       on-demand route learning of remote host routes by using one of
       the following options:

       A.  Upon receiving an ARP request or Neighbor Solicitation (NS)
           message from a local CE host, if there is no CE host route
           for that target host in its RIB yetthe ingress PE router
           would request the corresponding CE host route for the target
           host from its RR by using the L3VPN Address Prefix ORF
           mechanism.



Xu, et al.              Expires February 8, 2016                [Page 4]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


       B.  Upon receiving a packet whose longest-matching FIB entry is a
           particular more specific subnet routes (e.g., 10.1.1.0/25 and
           10.1.1.128/25) learnt from the RR, a copy of this packet
           would be sent to the control plane while this original packet
           is forwarded as normal.  The above copy sent to the control
           plane would trigger a route pull for that destination CE
           host.  To provide robust protection against DoS attacks on
           the control plane, rate-limiting of the above packets sent to
           the control plane MUST be enabled.

   5.  RIB entries of remote CE host routes would expire if they have
       not been used for forwarding for a certain period of time.  Once
       the expiration time for a given RIB entry is approaching, the PE
       router would notify its RR to remove the corresponding L3VPN
       Address Prefix ORF entry for that CE host route by using the
       L3VPN Address Prefix ORF mechanism.

4.  Acknowledgements

   TBD.

5.  IANA Considerations

   There is no requirement for any IANA action.

6.  Security Considerations

   This document doesn't introduce additional security risk to BGP/MPLS
   IP VPN, nor does it provide any additional security feature for BGP/
   MPLS IP VPN.

7.  References

7.1.  Normative References

   [I-D.ietf-bess-virtual-subnet]
              Xu, X., Raszuk, R., Jacquenet, C., Boyes, T., and B. Fee,
              "Virtual Subnet: A BGP/MPLS IP VPN-based Subnet Extension
              Solution", draft-ietf-bess-virtual-subnet-00 (work in
              progress), June 2015.

   [I-D.xu-bess-l3vpn-prefix-orf]
              Xu, X., Jacquenet, C., and L. Fang, "L3VPN Address Prefix
              Based Outbound Route Filter for BGP-4", draft-xu-bess-
              l3vpn-prefix-orf-02 (work in progress), April 2015.






Xu, et al.              Expires February 8, 2016                [Page 5]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC4364, February
              2006, <http://www.rfc-editor.org/info/rfc4364>.

   [RFC4684]  Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk,
              R., Patel, K., and J. Guichard, "Constrained Route
              Distribution for Border Gateway Protocol/MultiProtocol
              Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual
              Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC4684,
              November 2006, <http://www.rfc-editor.org/info/rfc4684>.

7.2.  Informative References

   [I-D.ietf-bess-virtual-subnet-fib-reduction]
              Xu, X., Jacquenet, C., Boyes, T., Fee, B., and W.
              Henderickx, "FIB Reduction in Virtual Subnet", draft-ietf-
              bess-virtual-subnet-fib-reduction-01 (work in progress),
              July 2015.

Authors' Addresses

   Xiaohu Xu
   Huawei

   Email: xuxiaohu@huawei.com


   Susan Hares
   Individual

   Email: shares@ndzh.com


   Yongbing Fan
   China Telecom

   Email: fanyb@gsta.com


   Christian Jacquenet
   Orange

   Email: christian.jacquenet@orange.com



Xu, et al.              Expires February 8, 2016                [Page 6]


Internet-Draft       RIB Reduction in Virtual Subnet         August 2015


   Truman Boyes
   Bloomberg LP

   Email: tboyes@bloomberg.net


   Brendan Fee
   Extreme Networks

   Email: bfee@enterasys.com









































Xu, et al.              Expires February 8, 2016                [Page 7]