Internet DRAFT - draft-glendon-bess-evpn-default-mac
draft-glendon-bess-evpn-default-mac
Network Working Group G. Liu
Internet-Draft H. Wang
Intended status: Standards Track Huawei Technologies
Expires: January 9, 2020 July 08, 2019
EVPN DEFAULT MAC
draft-glendon-bess-evpn-default-mac-00
Abstract
A principal feature of EVPN is the ability to support multihoming
from a customer equipment (CE) to multiple provider edge equipment
(PE) with all-active links. This draft specifies a mechanism of
default mac to reduce amounts of advertising mac route and enhance
EVPN network reliability.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
Liu & Wang Expires January 9, 2020 [Page 1]
Internet-Draft EVPN DEFAULT MAC July 2019
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Situation Anyalisis . . . . . . . . . . . . . . . . . . . 2
1.2. Alternative Solutions . . . . . . . . . . . . . . . . . . 3
1.3. Design Requirement . . . . . . . . . . . . . . . . . . . 3
1.4. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 4
3. Default MAC Capability negotiation . . . . . . . . . . . . . 5
4. Default MAC Actions . . . . . . . . . . . . . . . . . . . . . 6
4.1. Mac Route Extension . . . . . . . . . . . . . . . . . . . 6
4.2. Default MAC Flow Transmission . . . . . . . . . . . . . . 6
5. Application Senario . . . . . . . . . . . . . . . . . . . . . 7
5.1. Remote Interaction . . . . . . . . . . . . . . . . . . . 7
5.2. Local Interaction . . . . . . . . . . . . . . . . . . . . 8
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
A principal feature of EVPN is the ability to support multihoming
from a customer equipment (CE) to multiple provider edge equipment
(PE) with links used in the all-active redundancy mode. That mode is
where a device is multihomed to a group of two or more PEs and where
all PEs in such a redundancy group can forward traffic to/from the
multihomed device or network for a given VLAN (RFC7209). This draft
specifies a mechanism of default mac to reduce amounts of advertising
mac route and enhance EVPN network reliability.
1.1. Situation Anyalisis
One of the biggest features of EVPN is to transfer the VPLS network
side MAC address learning and publishing process from the data plane
to the control plane.But it also brings obvious drawbacks. Firstly,
compared with the route aggregation in the EVPN L3VPN scenario, the
MAC address of the control plane cannot be aggregated, which results
in a large overhead for large-scale user MAC advertisements.
Secondly, different from routing, the local MAC address will age
Liu & Wang Expires January 9, 2020 [Page 2]
Internet-Draft EVPN DEFAULT MAC July 2019
periodically, causing intermittent MAC revoke routing in all EVPN
network. This kind of route revocation is directed to the EVPN
network, which has a great impact on the performance of the network.
At last, EVPN advertises all user MACs to all reachable neighbors.
For a single device, the MAC capacity is equal to the sum of MACs
sent by all neighbors. However, the mac capacity of a single device
is limited. The risk of insufficient MAC is widespread. MAC Once
exceeded, the EVPN network data traffic will be flooded.
1.2. Alternative Solutions
The MAC routing in 1.1 is based on the risk that the flooding of the
EVPN neighbors on the control plane may cause flooding of the network
traffic. Without modifying the basic principles of protocol
interaction and traffic forwarding, there are two main solutions for
mitigating risks:
1) Statically limit the number of local MAC learning on the AC side
of the routing source device. This limitation can be either
interface-based or broardcast domain-based. This solution has a
certain protection effect on the large-size MAC traffic injection on
the access side.
2) For the routing initiator device to limit the number of PEER-level
MAC routes to be advertised, the solution is especially applicable to
scenarios where the user MAC traffic is not large but the number of
EVPN neighbors is large. A scene with a large number of user MAC
addresses and a large number of EVPN neighbors needs to be combined
with 1) for protection.
1.3. Design Requirement
Although the user local MAC restriction and the neighbor-based MAC
restriction mentioned in 1.2 have an inhibitory effect on the size of
the entire network MAC route, the disadvantages are obvious:
1) The number of access users and the number of neighbors in each
device in the network are different, and the order of magnitude may
vary greatly. Therefore, the network administrator must be aware of
the dynamic changes of users and neighbors, and adjust the MAC limit
value in real time. The cost of maintenance is very high.
2) When the network environment is unstable, there may be a large
number of illegal user MAC attacks. The device cannot identify the
illegal MAC address and the legal MAC address. The illegal MAC
address causes the global MAC address to reach the upper limit. The
data traffic destined for the legitimate user MAC on the network side
continues to be flooded.
Liu & Wang Expires January 9, 2020 [Page 3]
Internet-Draft EVPN DEFAULT MAC July 2019
In order to avoid the problem that the number of network MAC routes
increases exponentially with the number of users and neighbors, the
solution of default MAC route generation and release is proposed by
referring to the default route scheme of the L3VPN scenario.
Draft ietf-bess-dci-evpn-overlay-10#section-3.5.1 only mentions the
concept of all-zero MAC routing, but does not describe the
application scenarios and implementation principles of all-zero MAC.
The purpose of this draft is to describe the default MAC capability
negotiation, default MAC routing sending and receiving, default MAC
application scenario, default MAC mobility and so on completely based
on all-zero MAC.
1.4. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
"LOCAL PE": The local PE refers to the CSG PE. The local PE needs to
be configured with the default MAC route receiving enable.
"REMOTE PE": The remote PE refers to th RSG PE. The remote PE needs
to be configured with the default MAC route sending enable.
"default mac": Similar to the default route, it is used to guide the
forwarding behavior when the unicast traffic misses the detailed MAC
entry.
2. Solution Overview
The program includes the following points:
1) The default MAC advertisement is not the default behavior of the
device. You need to manually configure the default MAC route sending
enable (for the route sender) and the receive enable (for the route
receiver). The EVPN neighbors use the MAC route to implement the
default MAC capability negotiation.
2) default mac routing sending and receiving needs to be supported.
Unicast traffic additionally matches the default mac in case of
detailed MAC mismatching.
3) After the default MAC capability negotiation is successful, AC
interworking (including the same PE and cross-PE) needs to be
supported.
Liu & Wang Expires January 9, 2020 [Page 4]
Internet-Draft EVPN DEFAULT MAC July 2019
3. Default MAC Capability negotiation
Although the default MAC belongs to the device global capability,
considering the simplicity of the protocol extension, the MAC-IP
route carries the Layer 2 Attributes extended community to support
the default mac negotiation between the route sender and receiver.
The extention of the "Reserved" field is needed. The Layer 2
Attributes extended community defined here is defined as follows:
+-------------------------------------------+
| Type (0x06) / Sub-type (0x04) (2 octets) |
+-------------------------------------------+
| Control Flags (2 octets) |
+-------------------------------------------+
| L2 MTU (2 octets) |
+-------------------------------------------+
| Reserved (2 octets) |
+-------------------------------------------+
Figure 1: EVPN Layer 2 Attributes Extended Community
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|D| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2. The extention of the "Reserved" field
The first bit in the "Reserved" field is used to indicate whether the
default MAC route is enabled on the route sender.
Name Meaning
-------------------------------------------------- -------------
D If set to 1, this flag indicates that default mac advertising
capabilicy is enabled by the advertising PE.
If the default mac advertising capability is not enabled, then the
bit must be set to 0.
For the receiving end PE, it is necessary to determine whether to
allow crossover based on the default MAC route receiving enable
configuration. If only the D bit is set and the receiving end PE
default MAC route receiving is enabled, the received route can
finally crossed successfully. From the perspective of route
Liu & Wang Expires January 9, 2020 [Page 5]
Internet-Draft EVPN DEFAULT MAC July 2019
optimization, if the default MAC route sending enable is not
configured on the sender, the default MAC route may not be sent.
4. Default MAC Actions
4.1. Mac Route Extension
Based on the D bit in the Layer 2 attributes extended community
defined in Section 3, the default MAC route is released by the
special 0 mac and Layer 2 attributes extended community. The
extended MAC routing format is as follows:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MAC Address Length (=48) |
+---------------------------------------+
| MAC Address (=0) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| IP Address (0, 4, or 16 octets) |
+---------------------------------------+
| MPLS Label1 (3 octets) |
+---------------------------------------+
| MPLS Label2 (0 or 3 octets) |
+---------------------------------------+
Figure 3. Extended Mac Route Format
The Ethernet Tag ID, MAC Address Length, MAC Address, IP Address
Length, and IP Address fields are still considered to be part of the
prefix in the NLRI. At the same time, the MAC address field must be
filled in all zero.
4.2. Default MAC Flow Transmission
For the data traffic from the network side to the access side, the
BUM traffic still goes through the broadcast process, and unicast
traffic preferentially matches the detailed MAC, and the broadcast
process goes on for mismatching. For data traffic from the access
side to the network side, broadcast and multicast traffic still go
through the broadcast process. The priority control of unicast
traffic is as follows:
Liu & Wang Expires January 9, 2020 [Page 6]
Internet-Draft EVPN DEFAULT MAC July 2019
1) Query the detailed MAC entry, if it matches, the traffic is
forwarded according to the detailed MAC entry, otherwise go to 2);
2) Query the default MAC entry, if it matches, forward the traffic
according to the default MAC entry, otherwise go to 3);
3) Neither hit the detailed MAC entry nor hit the default MAC entry,
indicating that the device does not enable the MAC route receiving
capability and is unknown to unicast, and can only go through the
broadcast process.
5. Application Senario
5.1. Remote Interaction
The remote-side interaction refers to the interworking between the
users of different PEs. For the unicast traffic from the local PE to
the remote PE, the local PE hits the default MAC address and goes to
the remote PE. The unicast traffic of the local PE takes precedence
over the detailed MAC address. If the detailed MAC is missed, the
broadcast is performed.
For the case where the local PE is dual-homed to two remote PEs,
there exists two senarios:
1) In the dual-active scenario, the 0 MAC routes or the 0 MAC route/
EVI-AD routes sent by the remote PE1 and the remote PE2 form a load-
sharing relationship on the local PE.
2) For the single-live scenario, the 0 MAC routes or the 0 MAC route/
EVI-AD routes sent by the remote PE1 and the remote PE2 form a
master/slave relationship on the local PE.
Based on the implementation of 1) and 2), the local PE can be
instructed to go to the remote PE for unicast traffic with ms-level
fault fast switch.
For the case where the remote PE is dual-homed to two local PEs, the
existing dual-homing technology is completely inherited, and no
additional scenario expansion is required.
For ARP/ND pickup, the local ARP/ND learning extension is required to
generate a 0 MAC ARP/ND pickup entry. After the remote PE receives
the ARP/ND route, the extension supports the generation of a 0 MAC
ARP/ND pickup entry.
For the E-Tree function, the flag corresponding to the Root and Leaf
roles is carried in the MAC route as the E-Tree extended community
Liu & Wang Expires January 9, 2020 [Page 7]
Internet-Draft EVPN DEFAULT MAC July 2019
attribute content, and the default MAC route advertisement and
reception processing is not additionally processed.
5.2. Local Interaction
Local interaction refers to the interworking of user traffic on the
same PE. To prevent local traffic from hitting the default MAC
address, set the MAC aging time to be greater than the ARP aging time
on the local PE. For example, the default ARP aging time is 20
minutes, then the MAC aging time can be configured to 30 minutes. As
a result, MAC address entries for local interworking are always
present. You do not need to consider the impact of matching the
default MAC address.
When the MAC address aging time is less than 20 minutes, once the
destination MAC address is aged out, the local PE will match the
default MAC address. The solution may be: The access side is
flooded, and the default MAC address is taken on the network side.
Therefore, once the destination user goes online, the flooding on the
access side will disappear. However, the MAC address of the remote
interworking will continue to flood, and the impact on the network
may only be reduced by configuring BUM suppression.
6. Security Considerations
By default, the MAC route is an abnormal route. The route receiving
router may not support the forwarding process based on the default
MAC route. Forcibly receiving the 0 MAC route may cause the
forwarding exception. Therefore, if the MAC route receiving capacity
is not configured, 0 MAC routes must be discarded.
7. Acknowledgements
The author of this document would like to thank Yuan Gao, Yang Huang,
Tong Zhu for their comments and review of this document.
8. Contributors
The following individuals gave significant contributions to this
document:
Haibo Wang
Huawei Technologies
rainsword.wang@huawei.com
Liu & Wang Expires January 9, 2020 [Page 8]
Internet-Draft EVPN DEFAULT MAC July 2019
9. References
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
2015, <https://www.rfc-editor.org/info/rfc7432>.
Authors' Addresses
GuoLiang
Huawei Technologies
101 software Avenue, Yuhua District
Nanjing 210012
China
Email: liuguoliang@huawei.com
Haibo
Huawei Technologies
Huawei Bld., No.156 Beiqing Rd.
Beijing 10095
China
Email: rainsword.wang@huawei.com
Liu & Wang Expires January 9, 2020 [Page 9]