Internet DRAFT - draft-boutros-bess-evpn-vpws-service-edge-gateway

draft-boutros-bess-evpn-vpws-service-edge-gateway



 



INTERNET-DRAFT                                              Sami Boutros
Intended Status: Standard Track                                   VMware

                                                       Patrice Brissette
                                                             Ali Sajassi
                                                           Cisco Systems

                                                            Daniel Voyer
                                                             Bell Canada

                                                              John Drake
                                                        Juniper Networks

Expires: December 31, 2017                                 June 29, 2017


                    EVPN-VPWS Service Edge Gateway 
          draft-boutros-bess-evpn-vpws-service-edge-gateway-04


Abstract

   This document describes how a service node can dynamically terminate
   EVPN virtual private wire transport service (VPWS) from access nodes
   and offer Layer 2, Layer 3 and Ethernet VPN overlay services to
   Customer edge devices connected to the access nodes. Service nodes
   using EVPN will advertise to access nodes the L2, L3 and Ethernet VPN
   overlay services it can offer for the terminated EVPN VPWS transport
   service. On an access node an operator can specify the L2 or L3 or
   Ethernet VPN overlay service needed by the customer edge device
   connected to the access node that will be transported over the EVPN-
   VPWS service between access node and service node.


Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."
 


Boutros                Expires December 31, 2017                [Page 1]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Copyright and License Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document. Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Table of Contents

   1  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1  Terminology . . . . . . . . . . . . . . . . . . . . . . . .  3
   2. Requirements  . . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.1 Auto-Discovery . . . . . . . . . . . . . . . . . . . . . . .  4
     2.2 Scalability  . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.3 Head-end . . . . . . . . . . . . . . . . . . . . . . . . . .  4
     2.5 Multi-homing . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.5 Fast Convergence . . . . . . . . . . . . . . . . . . . . . .  5
   3. Benefits  . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . .  5
     4.1 Multi-homing . . . . . . . . . . . . . . . . . . . . . . . .  7
     4.2 Applicability to IP-VPN  . . . . . . . . . . . . . . . . . .  8
   5 Failure Scenarios  . . . . . . . . . . . . . . . . . . . . . . .  8
   6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . .  8
   7 Security Considerations  . . . . . . . . . . . . . . . . . . . .  8
   8  IANA Considerations . . . . . . . . . . . . . . . . . . . . . .  8
   9  References  . . . . . . . . . . . . . . . . . . . . . . . . . .  8
     9.1  Normative References  . . . . . . . . . . . . . . . . . . .  8
     9.2  Informative References  . . . . . . . . . . . . . . . . . .  8
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . .  8


 


Boutros                Expires December 31, 2017                [Page 2]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


1  Introduction

   This document describes how a service node can act as a gateway
   terminating dynamically EVPN virtual private wire service (VPWS) from
   access nodes and offering Layer 2, EVPN and Layer 3 VPN overlay
   services to Customer edge devices connected to the access nodes.

   The service node would initially advertise using EVPN the different
   L2, L3 and Ethernet VPN overlay services that can be transported from
   access nodes over an EVPN-VPWS transport service. 

   The service node would advertise EVPN-VPWS per EVI Ethernet A-D
   routes with the Ethernet Segment Identifier field set to 0 and the
   Ethernet tag ID set to (0xFFFFFFFF wildcard), all those routes will
   be associated with the EVPN-VPWS service edge RT that will be
   imported by other service edge PEs, each route will have a unique RD
   and will be associated with another RT corresponding to the L2, L3 or
   Ethernet VPN overlay service that can be transported over the EVPN-
   VPWS transport service.

   The access nodes will advertise EVPN-VPWS per EVI Ethernet A-D with
   the Ethernet Segment Identifier field set to 0 for single home
   customer edge CE device and set to the CE's ESI and the Ethernet Tag
   field is set to the VPWS service instance identifier. The route will
   have a unique RD and will be associated with an RT corresponding to
   the L2, L3 or Ethernet VPN overlay service that will be transported
   over the EVPN-VPWS transport service.

   If more than one service node advertise the ability to terminate the
   EVPN-VPWS transport service and offer the L2, L3 or Ethernet VPN
   service required by CE device connected to a given access node, then
   all service node(s) will perform a DF election based on HWR algorithm
   using {Ethernet tag-id, Service node IP addresses} to determine which
   service node will be the primary service node to to terminate the
   VPWS service and offer the L2, L3 or Ethernet overlay service for the
   customer edge, All active and single active redundancy can be
   offered.

   The Service PE node that is a DF for a given VPWS service ID MUST
   respond to the Eth A-D route per EVI from the access node by sending
   its own Eth A-D per EVI route and by setting the same VPWS service
   instance ID and downstream assigned MPLS label to be used by Access
   node. When access node receives this Eth A-D route per EVI from the
   service node, it binds the two side of EVCs together.

1.1  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
 


Boutros                Expires December 31, 2017                [Page 3]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].


2. Requirements

   This section describes the requirements specific to this draft. These
   requirements are in addition to the ones described in [EVPN-REQ],
   [EVPN], and [EVPN-VPWS].

2.1 Auto-Discovery

   A service node needs to support the following functionality of auto-
   discovery:

   (R1a) A service node PE MUST be agnostic of all access nodes PEs
   connected on the same access network.

   (R1b) A service node PE MUST advertise its associated overlay VRF(L2
   and/or L3) to all service nodes PEs connected on the same network.

   (R1c) A service node PE MUST resolve received overlay VRF(L2 and/or
   L3) from other service nodes with local configuration. The
   information is used to select proper service node PE for a given
   EVPN-VPWS connection from an access PE.

   (R1d) A service node PE MUST accept EVPN-VPWS connection from any
   access node PE which require one of the service node PE available L2
   or L3 overlay service.

2.2 Scalability

   (R2a) A single service node PE can be associated with many access
   node PEs. The following requirements give a quantitative measure.

   (R2b) A service node PE MUST support thousand(s) head-end connections
   for a a given access node PE connecting to different overlay VRF
   services on that service node. 

   (R2c) A service node PE MUST support thousand(s) head-end connections
   to many access node PEs.

2.3 Head-end 

   (R3a) A service node PE MUST support L2 and/or L3 head-end
   functionality.

   (R3b) A service node PE SHALL support auto-configuration of L2 and/or
 


Boutros                Expires December 31, 2017                [Page 4]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   L3 head-end functionality.

2.5 Multi-homing

   TBD

2.5 Fast Convergence

   TBD


3. Benefits

   This section describes some of the major benefits of EVPN-VPWS
   service edge gateway solution. This list is not considered as
   exhaustive.

   Majors benefits are:

      - An easy and scalable mechanism for tunneling (head-end)
        customer traffic into a common IP/MPLS network infra structure

      - Auto-provision features such as QOS access lists (ACL), tunnel 
        preference, bandwidth, L3VPN on a per head-end interface basis 

      - reduces CAPEX in the access or aggregation network and 
        service PE

      - Auto configuration of head-end functionality: 

        Configuring other Layer3 parameters, such as VRF and IP 
        addresses, are optional for the head-end to be 
        functional. However, they are required for Layer3 services
        to be operational (head-end L3 termination).

      - Auto-discovery of access nodes by service nodes. Hence, there 
        is no need to change any service node configuration when a new 
        access node is being added to the access network.


4. Solution Overview 







 


Boutros                Expires December 31, 2017                [Page 5]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


                       +---------+         +---------+
                       |         |         |         | 
      +----+   +-----+ | IP/MPLS | +-----+ | IP/MPLS |
      | CE |---| PE1 |-| Access  |-| PE2 |-| Core    | 
      +----+   +-----+ | Network | +-----+ | Network |
                       |         |         |         |
                       +---------+         +---------+
                  <---- EVPN-VPWS ----><---- IP/MAC VRF --->


   Figure 1: EVPN-VPWS Service Edge Gateway.
   AN: Access node
   SE: Service Edge node.  

   EVPN-VPWS Service Edge Gateway Operation

   At the service edge node, the EVPN Per-EVI Ethernet A-D routes will
   be advertised with the ESI set to 0 and the Ethernet tag-id set to
   (wildcard 0xFFFFFFF). The Ethernet A-D routes will have a unique RD
   and will be associated with 2 BGP RT(s), one RT corresponding to the
   underlay EVI i.e. the EVPN VPWS transport service that's configured
   only among the service edge nodes, and one corresponding to the L2,
   L3 or EVPN overlay service.

   At the access nodes, the EVPN per-EVI Ethernet A-D routes will be
   advertised as described in [draft-ietf-bess-evpn-vpws] with the ESI
   field is set to 0 and for single homed CEs and to the CE's ESI for
   multi-homed CE's and the Ethernet Tag field will be set to the VPWS
   service instance identifier that identifies the EVPL or EPL service.
   The Ethernet-AD route will have a unique RD and will be associated
   with one BGP RT corresponding to the L2, L3 or EVPN overlay service
   that will be transported over this EVPN VPWS transport service.

   Service edge nodes on the underlay EVI will determine the primary
   service node terminating the VPWS transport service and offering the
   L2, L3 or Ethernet VPN service by running the on HWR algorithm as
   described in [draft-mohanty-l2vpn-evpn-df-election] using weight
   [VPWS service identifier, Service Edge Node IP address]. This ensure
   that service node(s) will consistently pick the primary service node
   even after service node failure. Upon primary service node failure,
   all other remaining services nodes will choose another service node
   correctly and consistently.

   Single-sided signaling mechanism is used. The Service PE node that is
   a DF for accepts to terminate the VPWS transport service from an
   access node, the primary service edge node shall:- Dynamically create
   an interface to terminate the service and shall attach this interface
   to the overlay VPN service required by the access node to service its
 


Boutros                Expires December 31, 2017                [Page 6]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   customer edge device.- Responds to the Eth A-D route per EVI from the
   access node by sending its own Eth A-D per EVI route by setting the
   same VPWS service instance ID and downstream assigned MPLS label to
   be used by the access node.

   When access node receives this Eth A-D route per EVI from the service
   edge node, it binds the two side of EVCs together and it now knows
   what primary/backup service nodes to forward the traffic to.

   The service edge node shall support per features such as QoS, ACL,
   etc. for the EVPN VPWS transport service it terminates. 

4.1 Multi-homing

                       +---------+         +---------+
      +----+   +-----+ |         | +-----+ |         |
      | CE |---| AN1 |-|         |-| SE2 |-|         | 
      +----+   +-----+ | IP/MPLS | +-----+ | IP/MPLS |
                       | Access  |         | Core    |
                       | Network | +-----+ | Network |
                       |         |-| SE3 |-|         |
                       |         | +-----+ |         |
                       +---------+         +---------+
                  <---- EVPN-VPWS ----><---- IP/MAC VRF --->


   Figure 2: EVPN-VPWS SEG Multi-homing (same ASN)
   AN: Access node
   SE: Service Edge node.


                       +---------+         +---------+
      +----+   +-----+ |         | +-----+ | ASN-A   |
      | CE |---| AN1 |-|         |-| SE2 |-| Core    | 
      +----+   +-----+ | IP/MPLS | +-----+ | Network |
                       | Access  |         +---------+
                       | Network |         +---------+ 
                       |         | +-----+ | ASN-B   |
                       |         |-| SE3 |-| Core    |
                       |         | +-----+ | Network |
                       +---------+         +---------+
                  <---- EVPN-VPWS ----><---- IP/MAC VRF --->


   Figure 3: EVPN-VPWS SEG Multi-homing (different ASN)
   AN: Access node
   SE: Service Edge node.

 


Boutros                Expires December 31, 2017                [Page 7]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   Both All-active and single active redundancy can be supported.

   A backup service node can be preprogrammed in data plane on an access
   node in order to switch traffic and based on how fast the data plane
   detect the failure of the primary service node traffic on an access
   node can switch to the backup node.


4.2 Applicability to IP-VPN TBD

5 Failure Scenarios TBD

6 Acknowledgements TBD.

7 Security Considerations

   This document does not introduce any additional security constraints.

8  IANA Considerations

   TBD.

9  References

9.1  Normative References

   [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
   Requirement Levels", BCP 14, RFC 2119, March 1997.

9.2  Informative References

   [RFC7209] A. Sajassi, R. Aggarwal et. al., "Requirements for Ethernet
   VPN".

   [EVPN] A. Sajassi, R. Aggarwal et. al., "BGP MPLS Based Ethernet
   VPN", draft-ietf-l2vpn-evpn-11.txt.

   [EVPN-VPWS] S. Boutros et. al., "EVPN-VPWS", draft-ietf-bess-evpn-
   vpws-00.txt.


Authors' Addresses


   Sami Boutros
   VMware, Inc. 
   Email: sboutros@vmware.com

 


Boutros                Expires December 31, 2017                [Page 8]

INTERNET DRAFT       EVPN-VPWS Service Edge Gateway        June 29, 2017


   Patrice Brissette 
   Cisco
   Email: pbrisset@cisco.com

   Ali Sajassi
   Cisco
   Email: sajassi@cisco.com

   Daniel Voyer
   Bell Canada
   Email: daniel.voyer@bell.ca

   John Drake
   Juniper Networks
   Email: jdrake@juniper.net




































Boutros                Expires December 31, 2017                [Page 9]