L3VPN Working Group | R. Li |
Internet-Draft | K. Zhao |
Intended status: Standards Track | W. Wu |
Expires: January 02, 2014 | Huawei Technologies |
July 01, 2013 |
The Use of Big Labels for BGP/MPLS IP VPN
draft-renwei-l3vpn-big-label-00.txt
This document describes big labels in L3VPN.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 02, 2014.
Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.
Network virtualization and server virtualization are being designed and deployed in data center networks, and new data encapsulation methods and protocols are being defined and specified, for example, VXLAN, NVGRE and NVO3. The general idea is to add a new virtual network header so that a physical network can be used to support millions (16M) of virtualized overlaid networks. Network overlay virtualization have placed a new requirement on the access method to such virtualized overlaid networks.
BGP/MPLS IP VPNs, as specified in RFC 2547 and RFC 4364, provide a market-proven technology and solution for end-to-end IP VPNs. In BGP/MPLS IP VPNs, all the customer sites are connected to the service provider networks through PE-CE link. It is desirable to extend the BGP/MPLS scheme so that customers can access their virtualized networks hosted in a data center by using BGP/MPLS IP VPNs.
In the data plane of BGP/MPLS IP VPNs, the customer VPN/VRF instances are represented by an MPLS label (VPN label) locally assgined by the PE connecting to CE. Since MPLS labels are 20 bits long, a PE can maximally support 1 million VPNs/VRFs, which are not sufficient to support 16 millions of virtual networks that are being standardized in VXLAN, NVGRE and NVO3. When BGP/MPLS IP VPNs are extended to access virtualized networks in data centers, we will have to provide a solution on how to associate a customer to a virtual network. This document will describe some use cases and specify a solution to this problem.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
VXLAN - Virtual eXtensible Local Area Network NVGRE - Network Virtualization using Generic Routing Encapsulation NVO3 - Network Virtualization Over layer 3 BGP - Border Gateway Protocol MPLS - Multiprotocol Label Switching VPN - Virtual private network PE - Provider Edge CE - Customer Edge VRF - Virtual Routing and Forwarding NVE - Network Virtualization Edge VTEP - VXLAN Tunnel End Point VNI - VXLAN Network Identifier (VXLAN) VSID -Virtual Subnet ID (NVGRE) VNID - Virtual Network ID (NVO3) VM - Virtual Machine TS - Tenant System VLAN - Virtual Local Area Network
The following terms are used in this document:
In BGP/MPLS IP VPN reference models, at each site there are one or more Customer Edge (CE) devices, each of which is attached to one or more Provider Edge (PE) routers via some sort of attachment circuit such as PPP, Ethernet/VLAN, etc.
When the BGP/MPLS IP VPNs reference model is extended to connect to a virtual network, the Customer Edge (CE) devices and Provider Edge (PE) devices on the data center site can be physically the same device: it will be both the PE device with respect to the VPN model and the NVE device with respect to the network virtualization, as illustrated in the following diagram
-----------+ +----------------+ +---------------- | | | | +---+--+ +------+ +-------+--+ | CE |----| PE | MPLS | PE-NVE | Data center Site 1 |device| |device| network | device | virtualized +---+--+ +------+ +-------+--+ network | | | | -----------+ +----------------+ +----------------
In addition to the VPN PE functionalities of RFC 4364, PE-NVE will also perform the functionalities of network overlay virtualization. In what follows we describe three use cases for VXLAN, NVGRE, and NVO3, respectively.
In this use case, the VXLAN protocol of [I-D.mahalingam-dutt-dcops-vxlan] is used for network overlay virtualiztion.
.................................. . . . +------------+ . . |+----+ +---+| . . || | |VM || . . /+| | +---+| . . / ||VTEP| +---+| . -----+ +----------------+ . +------------+ || | |VM || . | | | . | | |+----+ +---+| . +---+--+ +------+ +---+---+--+ VXLAN | | Server | . | CE |---| PE | MPLS | PE-VTEP | network | +------------+ . |device| |device| network | device | over L3 | . +---+--+ +------+ +---+---+--+ network | +------------+ . | / | | . | | |+----+ +---+| . -----+ / +----------------+ . +------------+ || | |VM || . / . \ || | +---+| . -----+ / . \+|VTEP| +---+| . | / . || | |VM || . +---+--+ . |+----+ +---+| . | CE | . | Server | . |device| . Data Center +------------+ . +---+--+ .................................. | -----+ +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ |LSP label| | Outer Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ |VPN label| | VXLAN Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ | VM IP | | Inner Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ Packet format Packet format out of PE device out of PE-VTEP device to MPLS network to VXLAN network
The Provider Edge device connecting to the virtual networks will perform the following functionalities:
In order to correctly provide one-one mapping between VPN labels and VNI, we need to extend the MPLS label space to have at least 16 million labels.
In this use case, the NVGRE protocol of [I-D.sridharan-virtualization-nvgre] is used for network overlay virtualiztion.
.................................. . . . +------------+ . . |+----+ +---+| . . || | |VM || . . /+| | +---+| . . / ||NVE | +---+| . -----+ +----------------+ . +------------+ || | |VM || . | | | . | | |+----+ +---+| . +---+--+ +------+ +---+---+--+ NVGRE | | Server | . | CE |---| PE | MPLS | PE-NVE | network | +------------+ . |device| |device| network | device | over L3 | . +---+--+ +------+ +---+---+--+ network | +------------+ . | / | | . | | |+----+ +---+| . -----+ / +----------------+ . +------------+ || | |VM || . / . \ || | +---+| . -----+ / . \+|NVE | +---+| . | / . || | |VM || . +---+--+ . |+----+ +---+| . | CE | . | Server | . |device| . Data Center +------------+ . +---+--+ .................................. | -----+ +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ |LSP label| | Outer Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ |VPN label| | NVGRE Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ | VM IP | | Inner Header | +-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+ Packet format Packet format out of PE device out of PE-NVE device to MPLS network to NVGRE network
The Provider Edge device connecting to the virtual networks will perform the following functionalities:
In order to correctly provide one-one mapping between VPN labels and VSID, we need to extend the MPLS label space to have at least 16 million labels.
NVO3 is an on-going effort to standardize solutions to data center virtualizaiton with the goal of providing viable data encapsulation and protocols across a scaling range of a few thousand VMs to several million VMs running on greater than one hundred thousand physical servers. NVO3 considers approaches to multi-tenancy that reside at the network layer rather than using traditional isolation mechanisms that rely on the underlying layer 2 technology (e.g. VLANs).
Based on NVO3 framework and problem statement, NVO3 will deliver 16 million virtual networks in a physical data center. If L3VPN is used to access the virtual networks inside the data center, we need to solve the problem of associating MPLS labels to NVO3 VNIDs.
.................................. . . . +------------+ . . |+----+ +---+| . . || | |VM || . . /+|NVE | +---+| . . / || | +---+| . -----+ +----------------+ . +------------+ || | |VM || . | | | . | | |+----+ +---+| . +---+--+ +------+ +---+---+--+ NVO3 | | Server | . | CE |---| PE | MPLS | PE-NVE | network | +------------+ . |device| |device| network | device | over L3 | . +---+--+ +------+ +---+---+--+ network | +------------+ . | / | | . | | |+----+ +---+| . -----+ / +----------------+ . +------------+ || | |VM || . / . \ ||NVE | +---+| . -----+ / . \+| | +---+| . | / . || | |VM || . +---+--+ . |+----+ +---+| . | CE | . | Server | . |device| . Data Center +------------+ . +---+--+ .................................. | -----+
A PE device uses VPN labels to find the associated VRFs for VPN packet forwarding. Since there are potentially 16 millions of virtual networks, 20 bits label are not sufficient; we need to specify a new type of labels: big labels. A big label is an extension to the MPLS label format of RFC 3032 so that the label space is bigger than the 20-bit space with the minimum of 16 millions of labels.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Big Label Indicator | Exp |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Big Label Value | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Exp: Experimental Use, 3 bits S: Bottom of Stack, 1 bit TTL: Time to Live, 8 bits
The exact big label format is described in [I-D.draft-renwei-mpls-big-label]. One option of the big label format is as follows:
When an MPLS LSR receivs an MPLS packet, it reads out the MPLS label. If the MPLS label is a Big Label Indicator, it will use the subsequent 32-bit value as the MPLS label for the forwarding purpose.
In BGP/MPLS L3VPN models, A VRF on each PE is associated to a local attachment circuit connected to a customer site and routing targets connected to remote sites. When BGP/MPLS L3VPN model is extended to connect a virtulized network, A VRF on each PE-NVE device is associated to a virtual network instance which is significant locally to the virtualized networks in the data center.
Except for big labels being used, there are no changes to VRFs. In particular, the operational procedure is the same as common label-based VRFs.
VPN route distribution is performed by BGP in the same way as in RFC 2547 except that the labels associated to VRFs are "big labels". The detailed changes to BGP protocols are described in [I-D.draft-renwei-mpls-bgp-big-label].
The requirements on IANA are specified in other related documents [I-D.draft-renwei-mpls-big-label] and [I-D.draft-renwei-mpls-bgp-big-label], which request a reserved label to represent Big Label Indicator and BGP capabilities for big labels.
This draft does not add any additional security implications to the BGP/MPLS IP VPNs. All existing authentication and security mechanisms for BGP and MPLS still apply.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC2547] | Rosen, E. and Y. Rekhter, "BGP/MPLS VPNs", RFC 2547, March 1999. |
[RFC3107] | Rekhter, Y. and E. Rosen, "Carrying Label Information in BGP-4", RFC 3107, May 2001. |
[I-D.mahalingam-dutt-dcops-vxlan] | Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger, L., Sridhar, T., Bursell, M. and C. Wright, "VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", Internet-Draft draft-mahalingam-dutt-dcops-vxlan-03, February 2013. |
[I-D.sridharan-virtualization-nvgre] | Sridharan, M., Greenberg, A., Venkataramaiah, N., Wang, Y., Duda, K., Ganga, I., Lin, G., Pearson, M., Thaler, P. and C. Tumuluri, "NVGRE: Network Virtualization using Generic Routing Encapsulation", Internet-Draft draft-sridharan-virtualization-nvgre-02, February 2013. |