Internet DRAFT - draft-hu-nvo3-vxlan-gpe-extension-for-vbng
draft-hu-nvo3-vxlan-gpe-extension-for-vbng
nvo3 S. Hu
Internet-Draft F. Qin
Intended status: Informational Z. Li
Expires: June 12, 2019 China Mobile
Z. Wang
Huawei
T. Ao
ZTE
December 9, 2018
VXLAN GPE Extension for Packets Exchange Between Control and User Plane
of vBNG
draft-hu-nvo3-vxlan-gpe-extension-for-vbng-01
Abstract
This document briefly describes the architecture of control plane and
user plane separated vBNG and define the extension of VXLAN-GPE for
PPPoE/IPoE dialup packets exchange between control plane and user
plane.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 12, 2019.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Hu, et al. Expires June 12, 2019 [Page 1]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology and Abbreviations . . . . . . . . . . . . . . . . 2
3. CU separated BNG Requirements . . . . . . . . . . . . . . . . 3
4. Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.1. vBNG service header . . . . . . . . . . . . . . . . . . . 4
4.2. Optional solution for vBNG service header . . . . . . . . 5
4.3. Inner packets encapsulation and decapsulation . . . . . . 6
4.4. User dialup process . . . . . . . . . . . . . . . . . . . 6
5. Security Considerations . . . . . . . . . . . . . . . . . . . 8
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
7. Normative References . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
For migration of vBNG, one way is separating the control plane(CP)
and user plane(UP) of traditional BNG. CP is deployed in centrolized
cloud DC and UP is fulfilled by high performance hardware device,
e.g. router, switch, etc. VXLAN-GPE is used to transfer PPPoE/IPoE
dialup packets between CP and UP. This document describes how to
extend VXLAN-GPE to carry necessary information of access user in
VXLAN packets.
2. Terminology and Abbreviations
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
BNG: Broadband Network Gateway. It is usually the layer 3 edge node
of ISP's core network and provides users access control for broadband
service. It's also known as BRAS(Broadband Remote Access Server) or
BAS(Broadband Access Server).
CP: Control Plane. CP is a user control management component which
supports the management of UP's resources such as the user entry and
forwarding policy
Hu, et al. Expires June 12, 2019 [Page 2]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
UP: User Plane. UP is a network edge and user policy implementation
component. The traditional router's Control Plane and Forwarding
Plane are both preserved on BNG devices in the form of a user plane.
3. CU separated BNG Requirements
The architecture of C/U separated BNG is shown as the following
figure.
+----------------------------------+
| BNG-CP |
+--+--------------+--------------+-+
| | |
Service | Control | Management|
Interface | Interface | Interface |
| | | | | |
VXLAN-GPE | CUSP | NETCONF |
| | |
+--+--------------+--------------+-+
| BNG-UPs |
+-----------------+----------------+
|
|
+--------+--------+
| Access Network |
+--------+--------+
|
+----+----+
| User |
+---------+
In this architecture, CP is responsible for user access
authentication and setting forwarding entries of UP if authentication
is successful. UP need to relay PPPoE/IPoE dialup packets between
users and CP and forward PPPoE/IPoE data packets to Internet based on
the forwarding entries set by CP. CP should do some basic
configurations on UP, e.g. user profile configuration.
There are three interfaces between CP and UP. Management interface
is used by CP to carry out basic configurations of UP through
NETCONF. Control interface is used for seting forwarding entries on
UP through OpenFlow. Service interface is used to transmitting
PPPoE/IPoE dialup packets between user plane and control plane.
VXLAN-GPE is chosen for service interface since it's a relatively
mature technology and can carry L2 packets through L3 network. For
user access authentication, CP need to know which port of UP the user
is connected to for the authentication of access location because a
Hu, et al. Expires June 12, 2019 [Page 3]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
specfic user is only permitted to access on specific port/location.
The necessary information include: node ID, slot ID, subcard ID, port
ID and so on. The access port information should be carried in VXLAN
packets encapsulated by UP. The next section describes how to extend
VXLAN-GPE this requirement.
4. Mechanism
In order to extend VXLAN-GPE for carrying user access port
information, a new next protocol value will be requested from IANA
based on Generic Protocol Extension for VXLAN [I-D.ietf-nvo3-vxlan-
gpe], see section IANA Considerations. The new next protocol is
called vBNG service header.
4.1. vBNG service header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|R|F|R|R|Ver| Next Protocol | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Node ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Slot ID | Subcard ID | Port ID | Port Type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: vBNG service header
Flag (8 bits): The first 8 bits are the flag field. "R" bits are
reserved bits which MUST be set to zero and ignored.
F (1 bit): The F bit is set to indicated the inner packet following
the vBNG service header SHOULD be forwarded based on the routing
table by UP instead of forwarded to users. F bit is set only in the
packets from CP to UP for some specific scenarios, e.g. DHCP relay,
L2TP.
Ver (2 bits): Version of vBNG service header. In this document the
version is 0.
Next protocol (8 bit): This field indicates the protocol immediatly
following the vBNG service header. This doocument defines two next
protocol value, 0x00 for PPPoE and 0x01 for IPoE.
Hu, et al. Expires June 12, 2019 [Page 4]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
Node ID (32 bit): This field indicates which UP node is processing
the user access. It COULD be one of the UP's IP addresses which MUST
be unique in all related UPs.
Slot ID (8 bit): This field indicates which slot of the indicated UP
is processing the user access. If there is no different slots on the
indicated UP this field MUST be set to 0x00.
Subcard ID (8 bit): This field indicates which subcard of the
indicated slot is processing the user access. If there is no
different subcards on the indicated slot this field MUST be set to
0x00.
Port ID (8 bit): This field indicates which port of the indicated
subcard is processing the user access.
Port Type (8 bit): This field indicates the type of the user access
port. This document defines the following types:
+-------------------+----------+
| Port Type | Value |
+-------------------+----------+
| GE | 0x01 |
+-------------------+----------+
| 10GE | 0x02 |
+-------------------+----------+
| 40GE | 0x03 |
+-------------------+----------+
| 100GE | 0x04 |
+-------------------+----------+
| LAG | 0x05 |
+-------------------+----------+
| Virtual Interface | 0x06 |
+-------------------+----------+
Figure 3: vBNG service header
4.2. Optional solution for vBNG service header
One optional solution is using ifIndex to indicate the port
information.
The ifIndex of the interface MAY be included. This is the 32-bit
ifIndex assigned to the interface by the device as specified by the
Interfaces Group MIB [RFC2863].
Hu, et al. Expires June 12, 2019 [Page 5]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
The ifIndex can be utilized within a management domain to map to an
actual interface, but it is also valuable in public applications.
The ifIndex can be used as an opaque token to discern which interface
of UP is processing the user access. And based on this index, the
information binding with the interface of UP, such as the Slot ID,
subcard ID, Port ID, etc, can be retrieved by the CP.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|R|F|R|R|Ver| Next Protocol | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Node ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IfIndex |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 4: Optional vBNG service header
IfIndex (32 bit): This field indicates which interface of UP is
processing the user access. And based on this index, the information
which binding with the interface of UP, such as the Slot ID, subcard
ID, Port ID, etc, can be retrieved by the CP.
4.3. Inner packets encapsulation and decapsulation
Following the vBNG service header it's the original PPPoE/IPoE dialup
packet which SHOULD includes MAC, C-VLAN, S-VLAN, PPPoE/IPoE header,
PPPoE/IPoE payload and so on. UP SHOULD NOT modify the original
PPPoE/IPoE dialup packets when encapsulating them into VXLAN-GPE
packets or decapsulating them from VXLAN-GPE packets.
4.4. User dialup process
When UP receives PPPoE/IPoE dialup packets from users, it
encapsulates the original dialup packets in VXLAN-GPE with the user
access port information and sends to CP. CP decapsulates VXLAN-GPE
packets and processes PPPoE/IPoE related things, including AAA
authentication and addresses allocation. CP encapsulates the PPPoE/
IPoE response packets in VXLAN-GPE and sends to UP. UP decapsulates
VXLAN-GPE packets and sends PPPoE/IPoE response packets to users.
The following two diagrams show the PPPoE and IPoE process by UP and
CP.
Hu, et al. Expires June 12, 2019 [Page 6]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
+----+ +---+ +---+ +------+
|User| |UP | |CP | |Radius|
+-+--+ +-+-+ +-+-+ +---+--+
| | PPPoE PADI | |
| PPPoE PADI | in VXLAN-GPE | |
|------------------->|------------------->| |
| | PPPoE PADO | |
| PPPoE PADO | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | PPPoE PADR | |
| PPPoE PADR | in VXLAN-GPE | |
|------------------->|------------------->| |
| | PPPoE PADS | |
| PPPoE PADS | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | CHAP_Challenge | |
| CHAP_Challenge | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | CHAP_Response | |
| CHAP_Response | in VXLAN-GPE | |
|------------------->|------------------->| |
| | | Access-request |
| | |----------------->|
| | | Access-accept |
| | |<-----------------|
| | CHAP_Success | |
| CHAP_Success | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | IPCP | |
| IPCP | in VXLAN-GPE | |
|<==================>|<==================>| |
| | Set Forwarding | |
| | Entries on UP | |
| |<-------------------| |
| |
| User Data in PPPoE | User Data +--------------------+
|<==================>|<==============>| Internet |
| | +--------------------+
Figure 5: PPPoE Process
Hu, et al. Expires June 12, 2019 [Page 7]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
+----+ +---+ +---+ +------+
|User| |UP | |CP | |Radius|
+-+--+ +-+-+ +-+-+ +---+--+
| | DHCP Discovery | |
| DHCP Discovery | in VXLAN-GPE | |
|------------------->|------------------->| |
| | | Access-request |
| | |----------------->|
| | | Access-accept |
| | |<-----------------|
| | DHCP Offer | |
| DHCP Offer | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | DHCP Request | |
| DHCP Request | in VXLAN-GPE | |
|------------------->|------------------->| |
| | DHCP ACK | |
| DHCP ACK | in VXLAN-GPE | |
|<-------------------|<-------------------| |
| | Set Forwarding | |
| | Entries on UP | |
| |<-------------------| |
| |
| User Data in IPoE | User Data +--------------------+
|<==================>|<==============>| Internet |
| | +--------------------+
Figure 6: IPoE Process
5. Security Considerations
This document only defines new "Next Protocol" for C/U seperated
vBNG. So, this document itself does not directly introduce more
security issues. The same security considerations as Generic
Protocol Extension for VXLAN [I-D.ietf-nvo3-vxlan-gpe].
6. IANA Considerations
IANA is requested to assign a new next protocol value in VXLAN-GPE
header as the following:
Hu, et al. Expires June 12, 2019 [Page 8]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
+---------------+---------------------+----------------+
| Next Protocol | Description | Reference |
+---------------+---------------------+----------------+
| TBD | vBNG service header | This Document |
+---------------+---------------------+----------------+
Figure 7: Requested new next protocol
7. Normative References
[I-D.ietf-nvo3-vxlan-gpe]
Maino, F., Kreeger, L., and U. Elzur, "Generic Protocol
Extension for VXLAN", draft-ietf-nvo3-vxlan-gpe-06 (work
in progress), April 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000,
<https://www.rfc-editor.org/info/rfc2863>.
[RFC7348] Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
eXtensible Local Area Network (VXLAN): A Framework for
Overlaying Virtualized Layer 2 Networks over Layer 3
Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
<https://www.rfc-editor.org/info/rfc7348>.
Authors' Addresses
Shujun Hu
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: hushujun@chinamobile.com
Hu, et al. Expires June 12, 2019 [Page 9]
�
Internet-Draft VXLAN GPE for CU Separated BNG December 2018
Fengwei Qin
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: qinfengwei@chinamobile.com
Zhenqiang Li
China Mobile
32 Xuanwumen West Ave, Xicheng District
Beijing, Beijing 100053
China
Email: lizhenqiang@chinamobile.com
Zitao Wang
Huawei
101 Software Avenue, Yuhua District
Nanjing, Jiangsu 210012
China
Email: wangzitao@huawei.com
Ting Ao
ZTE
Hu, et al. Expires June 12, 2019 [Page 10]
