Network Working Group | V. Govindan |
Internet-Draft | S. Salam |
Intended status: Standards Track | A. Sajassi |
Expires: January 5, 2015 | Cisco Systems |
July 4, 2014 |
Proactive fault detection in EVPN
draft-vgovindan-l2vpn-evpn-bfd-02
This document proposes a proactive, in-band network OAM mechanism to detect connectivity faults that affect unicast and multi-destination paths in an EVPN network. The multi-destination paths are used by Broadcast, unknown Unicast and Multicast (BUM) traffic. The mechanisms proposed in the draft use the principles of the widely adopted Bidirectional Forwarding Detection (BFD) protocol.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 5, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
[I-D.salam-l2vpn-evpn-oam-req-frmwk] outlines the OAM requirements of Ethernet VPN networks [I-D.ietf-l2vpn-evpn]. This document proposes mechanisms for proactive fault detection at the network OAM layer of EVPN. These mechanisms could either be deployed for periodic and proactive monitoring, or be triggered by specific events to aid troubleshooting. EVPN fault detection mechanisms need to consider unicast and BUM traffic separately since they map to different FECs in EVPN. Since BUM traffic can be transported using MP2P or P2MP tunnels, this document proposes slightly different fault detection mechanisms to suit each type using the principles of BFD over MPLS LSPs [RFC5884] and Point-to-multipoint BFD[I-D.ietf-bfd-multipoint]. Please note that this document uses the term EVPN loosely to include [I-D.ietf-l2vpn-evpn], [I-D.ietf-l2vpn-pbb-evpn] as well as [I-D.ietf-l2vpn-trill-evpn].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
The choice of running BFD at the network layer of the OAM model for EVPN [I-D.salam-l2vpn-evpn-oam-req-frmwk] was made after considering the following:
Successful establishment and maintenance of BFD sessions between EVPN PE nodes does not fully guarantee that the EVPN service is functioning. For example, an egress EVPN-PE can understand the EVPN label but could switch data to incorrect interface. However, once BFD sessions in the EVPN Network Layer reach UP state, it does provide additional confidence that data transported using those tunnels will reach the expected egress node. When BFD sessions in the EVPN Network Layer exits UP state, it provides additional confidence that data transported using those tunnels will not reach the expected egress node.
This section proposes proactive fault detection using BFD mechanisms for: [I-D.ietf-mpls-mcast-cv] have used periodic MPLS ping requests to bootstrap P2MP BFD sessions over MPLS.
This specification describes procedures only for BFD asynchronous mode. BFD demand mode is outside the scope of this specification. Further, the use of the Echo function is outside the scope of this specification. The approach takes advantage of the inclusive multicast route used in EVPN to advertise the multi-destination FEC for bootstrapping the BFD sessions. Earlier approaches for P2MP BFD
Ingress replication uses separate MP2P tunnels for transporting BUM traffic from the ingress PE (head) to a set of one or more egress PEs (tails). The fault detection mechanism proposed by this document takes advantage of the fact that a unique copy is made by the head for each tail. Another key aspect to be considered in EVPN is the advertisement of the inclusive multicast route. The BUM traffic flows from a head node to a particular tail only after the head receives the inclusive multicast route containing the BUM EVPN label (downstream allocated) corresponding to the MP2P tunnel. Note that once the BFD session for the EVPN BUM label is UP, either end of the BFD session MUST NOT change the local discriminator values of the BFD Control packets it generates, unless it first brings down the session as specified in RFC 5884 [RFC5884].
To simplify BFD session de-multiplexing, we take advantage of the fact that the head replicates a BUM packet for each tail by using unique sets of discriminators in each copy of the (replicated) BFD packet. These discriminators MUST be exchanged out-of-band using MPLS ping RFC 5884 [RFC5884] before the start of the BFD session between the head and the tail node(s). The head PE performing ingress replication MUST initiate an LSP ping using the inclusive multicast FEC [I-D.jain-l2vpn-evpn-lsp-ping] upon receiving an inclusive multicast route from a tail to bootstrap the BFD session. This MPLS ping MUST include the BFD TLV specified in RFC 5884 [RFC5884]. There could exist multiple BFD sessions between a head of the multi-destination tunnel and an individual tail due to the usage of entropy labels RFC 6790 [RFC6790] for an inclusive multicast FEC. For fine-grained fault detection, a BFD session MAY be bootstrapped to monitor all unique path(s) that can be realized using entropy labels between a head and a given tail. However, the path(s) MUST be monitored using at least one or more number of representative BFD session(s) to satisfy the fault monitoring requirements [I-D.salam-l2vpn-evpn-oam-req-frmwk]. The issue of demultiplexing (separate) BFD sessions established to monitor liveness of the multiple paths of a <MPLS LSP, FEC> has not been fully addressed by [RFC5884]. Procedures proposed in [ID.draft-vgovindan-mpls-extended-bfd-disc-tlv] could be used for monitoring connectivity of the path(s) that are realized through entropy labels. The head node MAY initiate separate BFD sessions using different instance identifiers to verify connectivity of the different paths.
The tail nodes MUST bootstrap a BFD session based on the incoming MPLS ping initiated by the head [I-D.ietf-bfd-multipoint]. At the tail node, a new BFD discriminator MUST be allocated for each unique combination of the source IP and the attributes of the <inclusive multicast FEC, BUM label> when a MPLS ping initiated from the head is received. A tail node MAY include the instance identifier, if present to support monitoring of specific paths or all realizable paths.
The case of using P2MP tunnels for distributing BUM traffic presents a different challenge for using BFD. Clearly, the yourDisc of the BFD packet MUST be zero [I-D.ietf-bfd-multipoint] as the packet is multicast from the root unlike ingress replication where individual copies are made from the head. However the MPLS label that identifies the P-Tunnel [I-D.ietf-l2vpn-evpn] used for forwarding the multi-destination traffic provides a convenient method of identifying the source and the FEC (multi-destination tree) being tracked by the BFD session. The tails of the multi-destination tree MUST use the MPLS label identifying the P-tunnel to de-multiplex the BFD packet. In the case of Aggregate Inclusive trees, where the root of the multi-destination tree reuses the same LSP label for traffic of various EVIs, the tail node MUST use the MPLS labels of the P-Tunnel and the upstream assigned label which the PE has bound uniquely to the EVI. The myDisc of the BFD packet is filled with an unique value allocated by the root to identify the multi-path session.
The P2MP BFD sessions MUST be bootstrapped at the head [I-D.ietf-bfd-multipoint] as soon as there is one receiver for the MDT traffic.
The P2MP BFD sessions MUST be bootstrapped at the tail upon reception of the P2MP BFD packets from the head. The tail MUST use the P2MP MDT label to de-multiplex the incoming BFD packet. The BFD session MAY be destroyed immediately upon leaving Up state.
The mechanisms specified in BFD for MPLS LSPs RFC 5884 [RFC5884] can be applied to bootstrap and maintain BFD sessions for unicast EVPN traffic. The discriminators required for de-multiplexing the BFD sessions MUST be exchanged using MPLS ping specifying the Unicast EVPN FEC [I-D.jain-l2vpn-evpn-lsp-ping] before starting the BFD session. This is needed since the MPLS label stack does not contain enough information to disambiguate the sender of the packet. The usage of MPLS entropy labels take care of addressing the requirement of monitoring faults of the various paths of the multi-path server layer network RFC 6790 [RFC6790]. Each unique realizable path between the participating PE routers MAY be monitored separately when entropy labels are used. Alternately, all paths MUST be tracked by at least one or a fewer number of representative BFD session(s) in which case the granularity of fault-detection would be coarser. The PE node receiving the MPLS ping MUST allocate one BFD discriminator for every unique combination of the source IP address and the tuple of <unicast FEC, EVPN label>. A node MAY include the instance identifier of the entropy label,if present to satisfy the requirement of fault monitoring of specific paths or all realizable paths. Note that once the BFD session for the EVPN label is UP, either end of the BFD session MUST NOT change the local discriminator values of the BFD Control packets it generates, unless it first brings down the session as specified in RFC 5884 [RFC5884].
The packet contains the following labels: LSP label (transport) when not using PHP, the optional entropy label, the BUM label and the SH label[I-D.ietf-l2vpn-evpn] (where applicable). The G-ACh type is set to TBD. The discriminator values of BFD are obtained through negotiation through the out-of-band MPLS ping.
The packet contains the following labels: label identifying the P-Tunnel, upstream label which the PE has bound uniquely to the EVI (for aggregate inclusive trees only). The G-ACh type is set to TBD. The yourDisc value is set to 0 and the myDisc value is uniquely generated by the root.
The packet contains the following labels: LSP label (transport) when not using PHP, the optional entropy label and the EVPN Unicast label. The G-ACh type is set to TBD. The discriminator values of BFD are obtained through negotiation through the out-of-band MPLS ping.
The encapsulation option using IP headers will not be suited for EVPN, as using different values in the destination IP address for data and OAM (BFD) packets could cause the BFD packets to follow a different path than that of data packets. Hence this option MUST NOT be used for EVPN.
The mechanisms proposed by this draft could affect the packet load on the network and its elements especially when supporting configurations involving a large number of EVIs. The option of slowing down or speeding up BFD timer values can be used by an administrator or a network management entity to maintain the overhead incurred due to fault monitoring at an acceptable level.
This document does not introduce any new security issues, the security considerations defined in RFC 5880 [RFC5880] and [I-D.ietf-bfd-multipoint] apply in this document.
A new G-Ach Type is requested for for GAL encapsulated BFD as the existing type [RFC5885] specifically applies to PW-ACH encapsulation.
We thank Nobo Akiya, Tina Lam, Jose Liste, Mudigonda Mallik and Gregory Mirsky for their valuable input, discussions and comments.
[I-D.ietf-l2vpn-evpn] | Sajassi, A., Aggarwal, R., Bitar, N., Isaac, A. and J. Uttaro, "BGP MPLS Based Ethernet VPN", Internet-Draft draft-ietf-l2vpn-evpn-07, May 2014. |
[I-D.ietf-l2vpn-pbb-evpn] | Sajassi, A., Salam, S., Bitar, N., Isaac, A., Henderickx, W. and L. Jin, "PBB-EVPN", Internet-Draft draft-ietf-l2vpn-pbb-evpn-07, June 2014. |
[I-D.ietf-l2vpn-trill-evpn] | Sajassi, A., Salam, S., Bitar, N. and S. Aldrin, "TRILL-EVPN", Internet-Draft draft-ietf-l2vpn-trill-evpn-01, October 2013. |
[I-D.ietf-mpls-mcast-cv] | Swallow, G., "Connectivity Verification for Multicast Label Switched Paths", Internet-Draft draft-ietf-mpls-mcast-cv-00, April 2007. |
[I-D.salam-l2vpn-evpn-oam-req-frmwk] | Salam, S., Sajassi, A., Aldrin, S. and J. Drake, "E-VPN Operations, Administration and Maintenance Requirements and Framework", Internet-Draft draft-salam-l2vpn-evpn-oam-req-frmwk-02, January 2014. |
[RFC6790] | Kompella, K., Drake, J., Amante, S., Henderickx, W. and L. Yong, "The Use of Entropy Labels in MPLS Forwarding", RFC 6790, November 2012. |