Internet DRAFT - draft-sajassi-bess-evpn-virtual-eth-segment
draft-sajassi-bess-evpn-virtual-eth-segment
Internet Working Group A. Sajassi
Internet Draft P. Brissette
Category: Standards Track Cisco
R. Schell
Verizon
J. Drake
Juniper
J. Rabadan
Nokia
Expires: August 26, 2016 February 26, 2018
EVPN Virtual Ethernet Segment
draft-sajassi-bess-evpn-virtual-eth-segment-03
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright and License Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Sajassi et al. Expires August 26, 2018 [Page 1]
INTERNET DRAFT PBB-EVPN February 26, 2018
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Abstract
EVPN and PBB-EVPN introduce a family of solutions for multipoint
Ethernet services over MPLS/IP network with many advanced
capabilities among which their multi-homing capabilities. These
solutions define two types of multi-homing for an Ethernet Segment
(ES): 1) Single-Active and 2) All-Active, where an Ethernet Segment
is defined as a set of links between the multi-homed device/network
and the set of PE devices that they are connected to.
Some Service Providers want to extend the concept of the physical
links in an ES to Ethernet Virtual Circuits (EVCs) where many of such
EVCs can be aggregated on a single physical External Network-to-
Network Interface (ENNI). An ES that consists of a set of EVCs
instead of physical links is referred to as a virtual ES (vES). This
draft describes the requirements and the extensions needed to support
vES in EVPN and PBB-EVPN.
Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 Virtual Ethernet Segments in Access Ethernet Networks . . . 4
1.2 Virtual Ethernet Segments in Access MPLS Networks . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1. Single-Homed & Multi-Homed Virtual Ethernet Segments . . . 8
3.2. Scalability . . . . . . . . . . . . . . . . . . . . . . . . 8
3.3. Local Switching . . . . . . . . . . . . . . . . . . . . . . 9
3.4. EVC Service Types . . . . . . . . . . . . . . . . . . . . . 9
3.5. Designated Forwarder (DF) Election . . . . . . . . . . . . 10
3.6. OAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.7. Failure & Recovery . . . . . . . . . . . . . . . . . . . . 10
3.8. Fast Convergence . . . . . . . . . . . . . . . . . . . . . 11
4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . . 11
4.1. EVPN DF Election for vES . . . . . . . . . . . . . . . . . 12
5. Failure Handling & Recovery . . . . . . . . . . . . . . . . . . 14
Sajassi et al. Expires August 26, 2018 [Page 2]
INTERNET DRAFT PBB-EVPN February 26, 2018
5.1. Failure Handling for Single-Active vES in EVPN . . . . . . 15
5.2. EVC Failure Handling for Single-Active vES in PBB-EVPN . . 15
5.3. Port Failure Handling for Single-Active vES's in EVPN . . . 16
5.4. Port Failure Handling for Single-Active vES's in PBB-EVPN . 17
5.5. Fast Convergence in PBB-EVPN . . . . . . . . . . . . . . . 18
6. BGP Encoding . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.1. I-SID Extended Community . . . . . . . . . . . . . . . . . 20
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20
8. Security Considerations . . . . . . . . . . . . . . . . . . . . 21
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 21
10. Intellectual Property Considerations . . . . . . . . . . . . . 21
11. Normative References . . . . . . . . . . . . . . . . . . . . . 21
12. Informative References . . . . . . . . . . . . . . . . . . . . 21
13. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21
Sajassi et al. Expires August 26, 2018 [Page 3]
INTERNET DRAFT PBB-EVPN February 26, 2018
1. Introduction
[EVPN] and [PBB-EVPN] introduce a family of solutions for multipoint
Ethernet services over MPLS/IP network with many advanced
capabilities among which their multi-homing capabilities. These
solutions define two types of multi-homing for an Ethernet Segment
(ES): 1) Single-Active and 2) All-Active, where an Ethernet Segment
is defined as a set of links between the multi-homed device/network
and the set of PE devices that they are connected to.
This document extends the Ethernet Segment concept so that an ES can
be associated to a set of EVCs or other objects such as MPLS Label
Switch Paths (LSP) or Pseudowires (PW).
1.1 Virtual Ethernet Segments in Access Ethernet Networks
Some Service Providers (SPs) want to extend the concept of the
physical links in an ES to Ethernet Virtual Circuits (EVCs) where
many of such EVCs can be aggregated on a single physical External
Network-to-Network Interface (ENNI). An ES that consists of a set of
EVCs instead of physical links is referred to as a virtual ES (vES).
Figure below depicts two PE devices (PE1 and PE2) each with an ENNI
where a number of vES's are aggregated on - each of which through its
associated EVC.
Sajassi et al. Expires August 26, 2018 [Page 4]
INTERNET DRAFT PBB-EVPN February 26, 2018
Carrier
Ethernet
+-----+ Network
| CE11|EVC1 +---------+
+-----+ \ | | +---+
Cust. A \-0=========0--ENNI1| |
+-----+ | | ENNI1| | +-------+ +---+
| CE12|EVC2--0=========0--ENNI1|PE1|---| | | |
+-----+ | | ENNI1| | | |---|PE3|-
| ==0--ENNI1| | |IP/MPLS| | | \ +---+
+-----+ | / | +---+ |Network| +---+ \-| |
| CE22|EVC3--0==== / | | | |CE4|
+-----+ | X | | | +---+ | |
| / \ | +---+ | | | | /-| |
+-----+ -0=== ===0--ENNI2| | | |---|PE4|-/ +---+
| CE3 |EVC4/ | | ENNI2|PE2|---| | | |
| |EVC5--0=========0--ENNI2| | +-------+ +---+
+-----+ | | +---+
Cust. C +---------+ /\
/\ ||
|| ENNI
EVCs Interface
<--------802.1Q----------> <-802.1Q->
Figure 1: DHD/DHN (both SA/AA) and SH on same ENNI
E-NNIs are commonly used to reach off-network / out-of-franchise
customer sites via independent Ethernet access networks or third-
party Ethernet Access Providers (EAP) (see above figure). E-NNIs can
aggregate traffic from hundreds to thousands of vES's; where, each
vES is represented by its associated EVC on that ENNI. As a result,
ENNIs and their associated EVCs are a key element of SP off-networks
that are carefully designed and closely monitored.
In order to meet customer's Service Level Agreements (SLA), SPs build
redundancy via multiple E-PEs / ENNIs (as shown in figure above)
where a given vES can be multi-homed to two or more PE devices (on
two or more ENNIs) via their associated EVCs. Just like physical ES's
in [EVPN] and [PBB-EVPN] solutions, these vES's can be single-homed
or multi-homed ES's and when multi-homed, then can operate in either
Single-Active or All-Active redundancy modes. In a typical SP off-
network scenario, an ENNI can be associated with several thousands of
single-homed vES's, several hundreds of Single-Active vES's and it
may also be associated with tens or hundreds of All-Active vES's.
1.2 Virtual Ethernet Segments in Access MPLS Networks
Sajassi et al. Expires August 26, 2018 [Page 5]
INTERNET DRAFT PBB-EVPN February 26, 2018
Other Service Providers (SPs) want to extend the concept of the
physical links in an ES to individual Pseudowires (PW) or to MPLS
Label Switched Paths (LSPs) per [EVPN-VPWS] in Access MPLS networks.
Figure 2 illustrates this concept.
MPLS Aggregation
Network
+-----+ +----------------+ <----EVPN Network----->
| CE11|EVC1 | |
+-----+ \+AG1--+ PW1 +-----+
Cust. A -0----|===========| |
+-----+ | ---+===========| | +-------+ +---+
| CE12|EVC2-0/ | PW2 /\ | PE1 +---+ | | |
+-----+ ++---+ ==||=| | | +---+PE3+-
| //=||=| | |IP/MPLS| | | \ +---+
| // \/ ++----+ |Network| +---+ \-+ |
+-----+EVC3 | PW3// LSP1 | | | |CE4|
| CE13| +AG2--+===/PW4 | | | +---+ | |
+-----+ 0 |=== /\ ++----+ | | | | /-+ |
0 |==PW5===||=| | | +---+PE4+-/ +---+
+-----+ /++---+==PW6===||=| PE2 +---+ | | |
| CE14|EVC4 | \/ | | +-------+ +---+
+-----+ | LSP2+-----+
Cust. C +----------------+
/\
||
EVCs
<--802.1Q---><------MPLS-------> <-802.1Q->
Figure 2: DHN and SH on Access MPLS networks
In some cases, Service Providers use Access MPLS Networks that belong
to separate administrative entities or third parties as a way to get
access to the their own IP/MPLS network infrastructure. This is the
case illustrated in Figure 2.
An ES is defined as a set of individual PWs if they cannot be
aggregated into a common LSP. If the aggregation of PWs is possible,
the ES can be associated to an LSP in a given PE. In the example of
Figure 2, EVC3 is connected to a VPWS instance in AG2 that is
connected to PE1 and PE2 via PW3 and PW5 respectively. EVC4 is
connected to a separate VPWS instance on AG2 that gets connected to
Sajassi et al. Expires August 26, 2018 [Page 6]
INTERNET DRAFT PBB-EVPN February 26, 2018
an EVI on PE1 and PE2 via PW4 and PW6, respectively. Since the PWs
for the two VPWS instances can be aggregated into the same LSPs going
to the EVPN network, a common virtual ES can be defined for LSP1 and
LSP2. This ES will be shared by two separate EVIs in the EVPN
network.
In some cases, this aggregation of PWs into common LSPs may not be
possible. For instance, if PW3 were terminated into a third PE, e.g.
PE3, instead of PE1, the ES would need to be defined on a per
individual PW on each PE, i.e. PW3 and PW5 would belong to ES-1,
whereas PW4 and PW6 would be associated to ES-2.
An ES that consists of a set of LSPs or individual PWs is also
referred as virtual ES (vES) in this document."
This draft describes requirements and the extensions needed to
support vES in [EVPN] and [PBB-EVPN]. Section 3 lists the set of
requirements for Virtual ES's. Section 4 describes the solution for
[PBB-EVPN] to meet these requirements. Section 5 describes the
failure handling and recovery for Virtual ES's in [PBB-EVPN]. Section
6 covers scalability and fast convergence required for Virtual ES's
in [PBB-EVPN].
2. Terminology
AC: Attachment Circuit
BEB: Backbone Edge Bridge
B-MAC: Backbone MAC Address
CE: Customer Edge
CFM: Connectivity Fault Management
C-MAC: Customer/Client MAC Address
DHD: Dual-homed Device
DHN: Dual-homed Network
ENNI: External Network-Network Interface
ES: Ethernet Segment
ESI: Ethernet-Segment Identifier
EVC: Ethernet Virtual Circuit
EVPN: Ethernet VPN
LACP: Link Aggregation Control Protocol
PE: Provider Edge
SH: Single-Homed
Single-Active Redundancy Mode (SA): When only a single PE, among a
group of PEs attached to an Ethernet-Segment, is allowed to forward
traffic to/from that Ethernet Segment, then the Ethernet segment is
defined to be operating in Single-Active redundancy mode.
Sajassi et al. Expires August 26, 2018 [Page 7]
INTERNET DRAFT PBB-EVPN February 26, 2018
All-Active Redundancy Mode (AA): When all PEs attached to an Ethernet
segment are allowed to forward traffic to/from that Ethernet-Segment,
then the Ethernet segment is defined to be operating in All-Active
redundancy mode.
3. Requirements
This section describes the requirements specific to virtual Ethernet
Segment (vES) for (PBB-)EVPN solutions. These requirements are in
addition to the ones described in [EVPN-REQ], [EVPN], and [PBB-EVPN].
3.1. Single-Homed & Multi-Homed Virtual Ethernet Segments
A PE needs to support the following types of vES's:
(R1a) A PE MUST handle single-homed vES's on a single physical port
(e.g., single ENNI)
(R1b) A PE MUST handle a mix of Single-Homed vES's and Single-Active
multi-homed vES's simultaneously on a single physical port (e.g.,
single ENNI). Single-Active multi-homed vES's will be simply referred
to as Single-Active vES's through the rest of this document.
(R1c) A PE MAY handle All-Active multi-homed vES's on a single
physical port. All-Active multi-homed vES's will be simply referred
to as All-Active vES's through the rest of this document.
(R1d) A PE MAY handle a mixed of All-Active vES's along with other
types of vES's on a single physical port
(R1e) A Multi-Homed vES (Single-Active or All-Active) can be spread
across any two or more PEs (on two or more ENNIs)
3.2. Scalability
A single physical port (e.g., ENNI) can be associated with many
vES's. The following requirements give a quantitative measure for
each vES type.
(R2a) A PE MUST handle thousands or tens of thousands of Single-homed
vES's on a single physical port (e.g., single ENNI)
(R2b) A PE MUST handle hundreds of Single-Active vES's on a single
physical port (e.g., single ENNI)
(R2c) A PE MAY handle tens or hundreds of All-Active Multi-Homed
Sajassi et al. Expires August 26, 2018 [Page 8]
INTERNET DRAFT PBB-EVPN February 26, 2018
vES's on a single physical port (e.g., single ENNI)
(R2d) A PE MUST handle the above scale for a mix of Single-homed
vES's and Single-Active vES's simultaneously on a single physical
port (e.g., single ENNI)
(R4e) A PE MAY handle the above sale for a mixed of All-Active Multi-
Homed vES's along with other types of vES's on a single physical port
3.3. Local Switching
Many vES's of different types can be aggregated on a single physical
port on a PE device and some of these vES can belong to the same
service instance (or customer). This translates into the need for
supporting local switching among the vES's of the same service
instance on the same physical port (e.g., ENNI) of the PE.
(R3a) A PE MUST support local switching among different vES's
belonging to the same service instance (or customer) on a single
physical port. For example, in the above figure (1), PE1 MUST
support local switching between CE11 and CE12 (both belonging to
customer A) that are mapped to two Single-homed vES's on ENNI1.
In case of Single-Active vES's, the local switching is performed
among active EVCs belonging to the same service instance on the same
ENNI.
3.4. EVC Service Types
A physical port (e.g., ENNI) of a PE can aggregate many EVCs each of
which is associated with a vES. Furthermore, an EVC may carry one or
more VLANs. Typically, an EVC carries a single VLAN and thus it is
associated with a single broadcast domain. However, there is no
restriction on an EVC to carry more than one VLANs.
(R4a) An EVC can be associated with a single broadcast domain - e.g.,
VLAN-based service or VLAN bundle service
(R4b) An EVC MAY be associated with several broadcast domains - e.g.,
VLAN-aware bundle service
In the same way, a PE can aggregated many LSPs and PWs. In the case
of individual PWs per vES, typically a PW is associated with a single
broadcast domain, but there is no restriction on the PW to carry more
than one VLAN if the PW is defined as vc-type VLAN.
(R4c) A PW can be associated with a single broadcast domain - e.g.,
VLAN-based service or VLAN bundle service.
Sajassi et al. Expires August 26, 2018 [Page 9]
INTERNET DRAFT PBB-EVPN February 26, 2018
(R4b) An PW MAY be associated with several broadcast domains - e.g.,
VLAN-aware bundle service."
3.5. Designated Forwarder (DF) Election
Section 8.5 of [EVPN] describes the default procedure for DF election
in EVPN which is also used in [PBB-EVPN]. This default DF election
procedure is performed at the granularity of <ESI, EVI>. In case of a
vES, the same EVPN default procedure for DF election also applies;
however, at the granularity of <vESI, EVI>; where vESI is the virtual
Ethernet Segment Identifier. As in [EVPN], this default procedure for
DF election at the granularity of <vESI, EVI> is also referred to as
"service carving"; where, EVI is represented by an I-SID in PBB-EVPN
and by a EVI service-id/vpn-id in EVPN. With service carving, it is
possible to evenly distribute the DFs for different vES's among
different PEs, thus distributing the traffic among different PEs. The
following list the requirements apply to DF election of vES's for
EVPN.
(R5a) A vES with m EVCs can be distributed among n ENNIs belonging to
p PEs in any arbitrary oder; where n >= P >= m. For example, if there
is an vES with 2 EVCs and there are 5 ENNIs on 5 PEs (PE1 through
PE5), then vES can be dual-homed to PE2 and PE4 and the DF election
must be performed between PE2 and PE4.
(R5b) Each vES MUST be identified by its own virtual ESI (vESI)
3.6. OAM
In order to detect the failure of individual EVC and perform DF
election for its associated vES as the result of this failure, each
EVC should be monitored independently.
(R6a) Each EVC SHOULD be monitored for its health independently
(R6b) A single EVC failure (among many aggregated on a single
physical port/ENNI) MUST trigger DF election for its associated vES.
3.7. Failure & Recovery
(R7a) Failure and failure recovery of an EVC for a Single-homed vES
SHALL NOT impact any other EVCs for its own service instance or any
other service instances. In other words, for PBB-EVPN, it SHALL NOT
trigger any MAC flushing both within its own I-SID as well as other
I-SIDs.
(R7b) In case of All-Active Multi-Homed vES, failure and failure
Sajassi et al. Expires August 26, 2018 [Page 10]
INTERNET DRAFT PBB-EVPN February 26, 2018
recovery of an EVC for that vES SHALL NOT impact any other EVCs for
its own service instance or any other service instances. In other
words, for PBB-EVPN, it SHALL NOT trigger any MAC flushing both
within its own I-SID as well as other I-SIDs.
(R7c) Failure & failure recovery of an EVC for a Single-Active vES
SHALL only impact its own service instance. In other words, for PBB-
EVPN, MAC flushing SHALL be limited to the associated I-SID only and
SHALL NOT impact any other I-SIDs.
(R7d) Failure & failure recovery of an EVC for a Single-Active vES
MAY only impact C-MACs associated with MHD/MHNs for that service
instance. In other words, MAC flushing SHOULD be limited to single
service instance (I-SID in the case of PBB-EVPN) and only CMACs for
Single-Active MHD/MHNs.
3.8. Fast Convergence
Since large number of EVCs (and their associated vES's) are
aggregated via a single physical port (e.g., ENNI), then the failure
of that physical port impacts large number of vES's and triggers
large number of ES route withdrawals. Formulating, sending,
receiving, and processing such large number of BGP messages can
introduce delay in DF election and convergence time. As such, it is
highly desirable to have a mass-withdraw mechanism similar to the one
in the [EVPN] for withdrawing large number of Ethernet A-D routes.
(R8a) There SHOULD be a mechanism equivalent to EVPN mass-withdraw
such that upon an ENNI failure, only a single BGP message is needed
to indicate to the remote PEs to trigger DF election for all impacted
vES associated with that ENNI.
4. Solution Overview
The solutions described in [EVPN] and [PBB-EVPN] are leveraged as is
with one simple modification and that is the ESI assignment is
performed for a group of EVCs instead of a group of links. In other
words, the ESI is associated with a virtual ES (vES) and that's why
it will be referred to as vESI.
For EVPN solution, everything basically remains the same except for
the handling of physical port failure where many vES's can be
impacted. Section 5.1 and 5.3 below describe the handling of physical
port/link failure for EVPN. In a typical multi-homed operation, MAC
addresses are learned behind a vES are advertised with the ESI
corresponding to the vES (i.e., vESI). EVPN aliasing and mass-
withdraw operations are performed with respect to vES. In other
Sajassi et al. Expires August 26, 2018 [Page 11]
INTERNET DRAFT PBB-EVPN February 26, 2018
words, the Ethernet A-D routes for these operations are advertised
with vESI instead of ESI.
For PBB-EVPN solution, the main change is with respect to the BMAC
address assignment which is performed similar to what is described in
section 7.2.1.1 of [PBB-EVPN] with the following refinements:
- One shared BMAC address is used per PE for the single-homed vES's.
In other words, a single BMAC is shared for all single-homed vES's on
that PE.
- One shared BMAC address should be used per PE per physical port
(e.g., ENNI) for the Single-Active vES's. In other words, a single
BMAC is shared for all Single-Active vES's that shared the same ENNI.
- One shared BMAC address can be used for all Single-Active vES's on
that PE.
- One BMAC address is used per EVC per physical port per PE for each
All-Active multi-homed vES. In other words, a single BMAC address is
used per vES for All-Active multi-homing scenarios.
- A single BMAC address may also be used per vES per PE for Single-
Active multi-homing scenarios.
BEB +--------------+ BEB
|| | | ||
\/ | | \/
+----+ EVC1 +----+ | | +----+ +----+
| CE1|------| | | | | |---| CE2|
+----+\ | PE1| | IP/MPLS | | PE3| +----+
\ +----+ | Network | +----+
\ | |
EVC2\ +----+ | |
\ | | | |
\| PE2| | |
+----+ | |
/\ +--------------+
||
BEB
<--802.1Q---> <---PBB over MPLS---> <--802.1Q->
Figure 2: PBB-EVPN Network
4.1. EVPN DF Election for vES
Sajassi et al. Expires August 26, 2018 [Page 12]
INTERNET DRAFT PBB-EVPN February 26, 2018
The procedure for service carving for virtual Ethernet Segments is
the same as the one outlined in section 8.5 of [EVPN] except for the
fact that ES is replaced with vES. For the sake of clarity and
completeness, this procedure is repeated below:
1. When a PE discovers the ESI or is configured with the ESI
associated with its attached vES, it advertises an Ethernet Segment
route with the associated ES-Import extended community attribute.
2. The PE then starts a timer (default value = 3 seconds) to allow
the reception of Ethernet Segment routes from other PE nodes
connected to the same vES. This timer value MUST be same across all
PEs connected to the same vES.
3. When the timer expires, each PE builds an ordered list of the IP
addresses of all the PE nodes connected to the vES (including
itself), in increasing numeric value. Each IP address in this list is
extracted from the "Originator Router's IP address" field of the
advertised Ethernet Segment route. Every PE is then given an ordinal
indicating its position in the ordered list, starting with 0 as the
ordinal for the PE with the numerically lowest IP address. The
ordinals are used to determine which PE node will be the DF for a
given EVPN instance on the vES using the following rule: Assuming a
redundancy group of N PE nodes, the PE with ordinal i is the DF for
an EVPN instance with an associated EVI ID value of V when (V mod N)
= i.
It should be noted that using "Originator Router's IP address" field
in the Ethernet Segment route to get the PE IP address needed for the
ordered list, allows for a CE to be multi-homed across different ASes
if such need ever arises.
4. The PE that is elected as a DF for a given EVPN instance will
unblock traffic for that EVPN instance. Note that the DF PE unblocks
all traffic in both ingress and egress directions for Single-Active
vES and unblocks multi-destination in egress direction for All-Active
Multi-homed vES. All non-DF PEs block all traffic in both ingress and
egress directions for Single-Active vES and block multi-destination
traffic in the egress direction for All-Active multi-homed vES.
In the case of an EVC failure, the affected PE withdraws its Ethernet
Segment route. This will re-trigger the service carving procedures on
all the PEs in the RG. For PE node failure, or upon PE commissioning
or decommissioning, the PEs re-trigger the service carving across all
affected vES's. In case of a Single-Active multi-homing, when a
service moves from one PE in the RG to another PE as a result of re-
carving, the PE, which ends up being the elected DF for the service,
SHOULD trigger a MAC address flush notification towards the
Sajassi et al. Expires August 26, 2018 [Page 13]
INTERNET DRAFT PBB-EVPN February 26, 2018
associated vES. This can be done, for e.g. using IEEE 802.1ak MVRP
'new' declaration.
For LSP and PW based vES, the non-DF PE SHOULD signal PW-status
'standby' signaling to the AG PE, and the new DF MAY send an LDP MAC
withdraw message as a MAC address flush notification.
5. Failure Handling & Recovery
There are a number of failure scenarios to consider such as:
A: CE Uplink Port Failure
B: Ethernet Access Network Failure
C: PE Access-facing Port or link Failure
D: PE Node Failure
E: PE isolation from IP/MPLS network
[EVPN] and [PBB-EVPN] solutions provide protection against such
failures as described in the corresponding references. In the
presence of virtual Ethernet Segments (vES's) in these solutions,
besides the above failure scenarios, there is one more scenario to
consider and that is EVC failure. This implies that individual EVCs
need to be monitored and upon their failure detection, appropriate DF
election procedures and failure recovery mechanism need to be
executed.
[ETH-OAM] is used for monitoring EVCs and upon failure detection of a
given EVC, DF election procedure per section [4.1] is executed. For
PBB-EVPN, some addition extensions are needed to failure handling and
recovery procedures of [PBB-EVPN] in order to meet the above
requirements. These extensions are describe in the next section.
[MPLS-OAM] and [PW-OAM] are used for monitoring the status of LSPs
and/or PWs associated to vES.
Sajassi et al. Expires August 26, 2018 [Page 14]
INTERNET DRAFT PBB-EVPN February 26, 2018
B D
|| ||
\/ \/
+-----+
+-----+ | | +---+
| CE1 |EVC2--0=====0--ENNI1| | +-------+
+-----+ | =0--ENNI1|PE1|---| | +---+ +---+
Cust. A | / | | | |IP/MPLS|--|PE3|--|CE4|
+-----+ | / | +---+ |Network| | | +---+
| |EVC2--0== | | | +---+
| CE2 | | | +---+ | |
| |EVC3--0=====0--ENNI2|PE2|---| |
+-----+ | | | | +-------+
+-----+ +---+
/\ /\ /\
|| || ||
A C E
Figure 3: Failure Scenarios A,B,C,D and E
5.1. Failure Handling for Single-Active vES in EVPN
When a PE connected to a Single-Active multi-homed Ethernet Segment
loses connectivity to the segment, due to link or port failure, it
signals the remote PE to flush all CMAC addresses associated with
that Ethernet Segment. This is done by advertising a mass-withdraw
message using Ethernet A-D per-ES route. To be precise, there is no
MAC flush per-se if there is only one backup PE for a given ES -
i.e., only an update of the forwarding entries per backup-path
procedure in [RFC 7432].
In case of an EVC failure that impacts a single vES, the exact same
EVPN procedure is used. In this case, the message using Ethernet A-D
per ES route carries the vESI representing the vES which is in turn
associated with the failed EVC. The remote PEs upon receiving this
message perform the same procedures outlined in section 8.2 of
[EVPN].
5.2. EVC Failure Handling for Single-Active vES in PBB-EVPN
When a PE connected to a Single-Active multi-homed Ethernet Segment
loses connectivity to the segment, due to link or port failure, it
signals the remote PE to flush all CMAC addresses associated with
that Ethernet Segment. This is done by advertising a BMAC route along
with MAC Mobility Extended community.
In case of an EVC failure that impacts a single vES, if the above
Sajassi et al. Expires August 26, 2018 [Page 15]
INTERNET DRAFT PBB-EVPN February 26, 2018
PBB-EVPN procedure is used, it results in excessive CMAC flushing
because a single physical port can support large number of EVCs (and
their associated vES's) and thus advertising a BMAC corresponding to
the physical port with MAC mobility Extended community will result in
flushing CMAC addresses not just for the impacted EVC but for all
other EVCs on that port.
In order to reduce the scope of CMAC flushing to only the impacted
service instances (the service instance(s) impacted by the EVC
failure), the BGP flush message is sent along with a list of impacted
I-SID(s) represented by the new EVPN I-SID Extended Community as
defined in section 6. Since typically an EVC maps to a single
broadcast domain and thus a single service instance, the list only
contains a single I-SID. However, if the failed EVC carries multiple
VLANs each with its own broadcast domain, then the list contains
several I-SIDs - one for each broadcast domain. This new BGP flush
message basically instructs the remote PE to perform flushing for
CMACs corresponding to the advertised BMAC only across the advertised
list of I-ISIDs (which is typically one).
The above BMAC route that is advertised with the MAC Mobility
Extended Community, can either represent the MAC address of the
physical port that the failed EVC is associated with, or it can
represent the MAC address of the PE. In the latter case, this is the
dedicated MAC address used for all Single-Active vES's on that PE.
The former one performs better than the latter one in terms of
reducing the scope of flushing as described below and thus it is the
recommended approach.
Advertising the BMAC route that represent the physical port (e.g.,
ENNI) on which the failed EVC reside along with MAC Mobility and I-
SID extended communities provide the most optimum mechanism for CMAC
flushing upon EVC failure in PBB-EVPN for Single-Active vES because:
1) Only CMAC addresses for the impacted service instances are
flushed.
2) Only a subset of CMAC addresses for the impacted service
instances are flushed - only the ones that are learned over the BMAC
associated with the failed EVC. In other words, only a small fraction
of the CMACs for the impacted service instance(s) are flushed.
5.3. Port Failure Handling for Single-Active vES's in EVPN
When a large number of EVCs are aggregated via a single physical port
on a PE; where each EVC corresponds to a vES, then the port failure
impacts all the associated EVCs and their corresponding vES's. If the
Sajassi et al. Expires August 26, 2018 [Page 16]
INTERNET DRAFT PBB-EVPN February 26, 2018
number of EVCs corresponding to the Single-Active vES's for that
physical port is in thousands, then thousands of service instances
are impacted. Therefore, the BGP flush message need to be inclusive
of all these impacted service instances. In order to achieve this,
the following extensions are added to the baseline EVPN mechanism:
1) A PE when advertises an Ether-AD per ES route for a given vES, it
colors it with the MAC address of the physical port which is
associated with that vES. The receiving PEs take note of this color
and create a list of vES's for this color.
2) Upon a port failure (e.g., ENNI failure), the PE advertise a
special mass-withdraw message with the MAC address of the failed port
(i.e., the color of the port) encoded in the ESI field. For this
encoding, type 3 ESI is used with the MAC field set to the MAC
address of the port and the 3-octet local discriminator field set to
0xFFFFFF. This mass-withdraw route is advertised with a list of Route
Targets corresponding to the impacted service instances. If the
number of Route Targets is more than they can fit into a single
attribute, then a set of Ethernet A-D per ES routes are advertised.
The remote PEs upon receiving this message, realize that this is a
special mass-withdraw message and they access the list of the vES's
for the specified color. Next, they initiate mass-withdraw procedure
for each of the vES's in the list.
5.4. Port Failure Handling for Single-Active vES's in PBB-EVPN
When a large number of EVCs are aggregated via a single physical port
on a PE; where each EVC corresponds to a vES, then the port failure
impacts all the associated EVCs and their corresponding vES's. If the
number of EVCs corresponding to the Single-Active vES's for that
physical port is in thousands, then thousands of service instances
(I-SIDs) are impacted. Therefore, the BGP flush message need to be
sent with a list of thousands of I-SIDs. The new I-SID Extended
Community provides a way to encode upto 24 I-SIDs in each Extended
Community if the impacted I-SIDs are sequential (the base I-SID value
plus the next 23 I-SID values). So, the packing efficiency can range
from 1 to 24 and there can be up to 400 such Extended Community sent
along with a BGP flush message for a total of 400 to 9600 I-SIDs. If
the number of I-SIDs is large enough to not fit in a single
Attribute, then either a number of BGP flush messages (with different
RDs) can be transmitted or a single BGP flush message without the I-
SID list can be transmitted. If the BGP flush message is transmitted
without the I-SID list, then it instructs the receiving PEs to flush
CMACs associated with that BMAC across all I-SIDs. For simplicity, we
opt for the latter option in this document. In other words, if the
number of impacted I-SIDs exceed that of a single BGP flush message,
Sajassi et al. Expires August 26, 2018 [Page 17]
INTERNET DRAFT PBB-EVPN February 26, 2018
then the flush message is sent without the I-SID list.
As also described in [PBB-EVPN], there are two ways to signal flush
message upon a physical port failure:
1) If the MAC address of the physical port is used for PBB
encapsulation as BMAC SA, then upon the port failure, the PE MUST use
the EVPN MAC route withdrawal message to signal the flush
2) If the PE shared MAC address is used for PBB encapsulation as BMAC
SA, then upon the port failure, the PE MUST re-advertise this MAC
route with the MAC Mobility Extended Community to signal the flush
The first method is recommended because it reduces the scope of
flushing the most.
5.5. Fast Convergence in PBB-EVPN
As described above, when a large number of EVCs are aggregated via a
physical port on a PE; where each EVC corresponds to a vES, then the
port failure impacts all the associated EVCs and their corresponding
vES's. Two actions must be taken as the result of such port failure:
- Flushing of all CMACs associated with the BMAC of the failed port
for the impacted I-SIDs
- DF election for all impacted vES's associated with the failed port
Section 5.4 describes how to flush CMAC address in the most optimum
way - e.g., to flush least number of CMAC addresses for the impacted
I-SIDs. This section describes how to perform DF election in the most
optimum way - e.g., to trigger DF election for all impacted vES's
(which can be in thousands) among the participating PEs via a single
BGP message as opposed to sending thousands of BGP messages - one per
vES.
In order to devise such fast convergence mechanism that can be
triggered via a single BGP message, all vES's associated with a given
physical port (e.g., ENNI) are colored with the same color
representing that physical port. The MAC address of the physical port
is used for this coloring purposes and when the PE advertises an ES
route for a vES associated with that physical port, it advertises it
with an EVPN MAC Extended Community indicating the color of that
port.
The receiving PEs take note of this color and for each such color,
Sajassi et al. Expires August 26, 2018 [Page 18]
INTERNET DRAFT PBB-EVPN February 26, 2018
they create a list of vES's associated with this color (with this MAC
address). Now, when a port failure occurs, the impacted PE needs to
notify the other PEs of this color so that these PEs can identify all
the impacted vES's associated with that color (from the above list)
and re-execute DF election procedures for all the impacted vES's.
In PBB-EVPN, there are two ways to convey this color to other PEs
upon a port failure - one corresponding to each method for signaling
flush message as described in section 5.4. If for PBB encapsulation,
the MAC address of the physical port is used as BMAC SA, then upon
the port failure, the PE sends MAC withdrawal message with the MAC
address of the failed port as the color. However, if for PBB
encapsulation, the shared MAC address of the PE (dedicated for all
Single-Active vES's) is used as BMAC SA, then upon the port failure,
the PE re-advertises the MAC route (that carries the shared BMAC)
along with this new EVPN MAC Extended Community to indicate the color
along with MAC Mobility Extended Community.
+-----+
+----+ | | +---+
| CE1|AC1--0=====0--ENNI1| | +-------+
| |AC2--0 | |PE1|--| |
+----+ |\ ==0--ENNI2| | | |
| \/ | +---+ | |
| /\ | |IP/MPLS|
+----+ |/ \ | +---+ |Network| +---+ +---+
| CE2|AC4--0 =0--ENNI3| | | |---|PE4|--|CE4|
| |AC4--0=====0--ENNI3|PE2|--| | +---+ +---+
+----+ | ====0--ENNI3| | | |
|/ | +---+ | |
0 | | |
+----+ /| | +---+ | |
| CE3|AC5- | | |PE3|--| |
| |AC6--0=====0--ENNI4| | +-------+
+----+ | | +---+
+-----+
Figure 4: Fast Convergence Upon ENNI Failure
The following describes the procedure for coloring vES's and fast
convergence using this color in more details:
1- When a vES is configured, the PE colors the vES with the MAC
address of the corresponding physical port and advertises the
Ethernet Segment route for this vES with this color.
Sajassi et al. Expires August 26, 2018 [Page 19]
INTERNET DRAFT PBB-EVPN February 26, 2018
2- All other PEs (in the redundancy group) take note of this color
and add the vES to the list for this color.
3- Upon the occurrence of a port failure (e.g., an ENNI failure), the
PE sends the flush message in one of the two ways described above
indicating this color.
4- On reception of the flush message, other PEs use this info to
flush their impacted CMACs and to initiate DF election procedures
across all their affected vES's.
5- The PE with the physical port failure (ENNI failure), also send ES
route withdrawal for every impacted vES's. The other PEs upon
receiving these messages, clear up their BGP tables. It should be
noted the ES route withdrawal messages are not used for executing DF
election procedures by the receiving PEs.
6. BGP Encoding
This document defines one new BGP Extended Community for EVPN.
6.1. I-SID Extended Community
A new EVPN BGP Extended Community called I-SID is introduced. This
new extended community is a transitive extended community with the
Type field of 0x06 (EVPN) and the Sub-Type of 0x04.
The I-SID Extended Community is encoded as an 8-octet value as
follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x03 | Base I-SID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cont. | Bit Map (24 bits) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This extended community is used to indicate the list of I-SIDs
associated with a given Ethernet Segment.
24-bit map represents the next 24 I-SID after the base I-SID. For
example based I-SID of 10025 with 24-bit map of zero means, only a
single I-SID of 10025. I-SID of 10025 with bit map of 0x000001 means
there are two I-SIDs, 10025 and 10026.
7. Acknowledgements
Sajassi et al. Expires August 26, 2018 [Page 20]
INTERNET DRAFT PBB-EVPN February 26, 2018
TBD
8. Security Considerations This document does not introduce any
additional security constraints.
9. IANA Considerations
TBD
10. Intellectual Property Considerations
This document is being submitted for use in IETF standards
discussions.
11. Normative References
[PBB] Clauses 25 and 26 of "IEEE Standard for Local and metropolitan
area networks - Media Access Control (MAC) Bridges and
Virtual Bridged Local Area Networks", IEEE Std 802.1Q,
2013.
12. Informative References
[RFC7209] Sajassi, et al., "Requirements for Ethernet VPN (EVPN)",
RFC7209, May 2014.
[EVPN] Sajassi, et al., "BGP MPLS Based Ethernet VPN", draft-ietf-
l2vpn-evpn-07.txt, work in progress, May 7, 2014.
[PBB-EVPN] Sajassi, et al., "PBB-EVPN", draft-ietf-l2vpn-pbb-evpn-
07.txt, work in progress, June 18, 2014.
13. Authors' Addresses
Ali Sajassi
Cisco Systems
Email: sajassi@cisco.com
Patrice Brissette
Cisco Systems
Email: pbrisset@cisco.com
Rick Schell
Verizon
Email: richard.schell@verizon.com
Sajassi et al. Expires August 26, 2018 [Page 21]
INTERNET DRAFT PBB-EVPN February 26, 2018
John E Drake
Juniper
Email: jdrake@juniper.net
Tapraj Singh
Juniper
Email: tsingh@juniper.net
Jorge Rabadan
ALU
Email: jorge.rabadan@alcatel-lucent.com
Sajassi et al. Expires August 26, 2018 [Page 22]