Internet DRAFT - draft-glendon-bess-evpn-trusted-mac

draft-glendon-bess-evpn-trusted-mac







Network Working Group                                             G. Liu
Internet-Draft                                                   H. Wang
Intended status: Standards Track                     Huawei Technologies
Expires: January 25, 2020                                  July 24, 2019


               EVPN LOOP PREVENTION BASED ON TRUSTED MAC
                 draft-glendon-bess-evpn-trusted-mac-00

Abstract

   A principal feature of EVPN is the ability to support mac duplication
   detection based on mac mobility extened community.  This draft
   specifies a mechanism of valid loop prevention based on trusted mac
   to avoid servce interruption of the specifed source or destination
   mac address due to "black- holing".

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 25, 2020.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of



Liu & Wang              Expires January 25, 2020                [Page 1]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Situation Anyalisis . . . . . . . . . . . . . . . . . . .   2
     1.2.  Alternative Solutions . . . . . . . . . . . . . . . . . .   3
     1.3.  Design Requirement  . . . . . . . . . . . . . . . . . . .   3
     1.4.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Solution Overview . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Trusted MAC Capability negotiation  . . . . . . . . . . . . .   4
   4.  Trusted MAC Actions . . . . . . . . . . . . . . . . . . . . .   5
     4.1.  Flag Extension  . . . . . . . . . . . . . . . . . . . . .   5
     4.2.  Trusted MAC Generation and Delivery . . . . . . . . . . .   6
   5.  Application Senario . . . . . . . . . . . . . . . . . . . . .   7
     5.1.  Trusted MAC and Sticky MAC  . . . . . . . . . . . . . . .   7
     5.2.  Trusted MAC and Dynamic MAC . . . . . . . . . . . . . . .   8
     5.3.  Limitations . . . . . . . . . . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   8.  Contributors  . . . . . . . . . . . . . . . . . . . . . . . .   9
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   9

1.  Introduction

   A principal feature of EVPN is the ability to support mac duplication
   dection based on mac mobility extened community.  The mac duplication
   detection is proposed in EVPN [RFC7432] . The draft draft-snr-bess-
   evpn-loop-protect re-uses and enhances the MAC duplication solution
   specified in EVPN [RFC7432].  This draft is a further enhancement for
   RFC7432 and draft-snr-bess-evpn-loop-protect.  Trusted mac is
   proposed to avoid servce interruption of the specifed source or
   destination mac address due to "black- holing".

1.1.  Situation Anyalisis

   Based on [RFC7432], when the mac duplication threshold is met(mac
   moving for 5 times in 180 minutes in default), the PE MUST alert the
   operator and stop sending and processing any BGP mac/ip advertisement
   routes for that mac address, but the other PEs in the EVI will
   forward the traffic for the duplicated mac address to one of the PEs
   that have advertised it.  In order to prevent loop and not just



Liu & Wang              Expires January 25, 2020                [Page 2]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


   detect loop, it is necessary to introduce a new mechanism, draft-snr-
   bess-evpn-loop-protect proposes the idea of "black- holing".  "Black
   holing" is a good means of service isolation, however, the user's
   real intention is that the system has the ability to recognize the
   real AC port or peer neighbour of the mac after detecting mac
   duplication successfully.

1.2.  Alternative Solutions

   Sticky mac address is proposed in section 15.2 [RFC7432].  There are
   scenarios in which it is desired to configure static mac addresses so
   that they are not subjected to mac moves.  In such scenarios, these
   mac addresses are advertised with the mac mobility extended community
   where the flags field is set to 1 and the sequence number is set to
   zero.  Static mac can be used to prevent loop without service
   interruption, but the following problems come:

   1) In most scenarios, the user mac is unpredictable, and it is
   impossible to predict the AC port or the peer neighbour for the user
   accessing to the specific PE.

   2) Even if we can predict on the AC port or the peer neighbor that
   the user accesses, what should I do if the static mac that is learned
   locally and the sticky mac route that is received from the peer
   neighbour coexist at the same time?  Customers are hard to
   understand, regardless of whether to choose local mac or remote mac.

1.3.  Design Requirement

   This draft proposes a new method to prevent loop based on trusted
   mac.  The generation of trusted mac belongs to the local behavior of
   the PE.  After the generation of trusted mac, it is delivered to the
   EVPN neighbour through the EVPN route, and the mac duplication
   detection mechanism based on the mac mobility extended community is
   extended to finally generate a truly reliable mac outbound interface
   or EVPN neighbour.  Loop prevention comes true finally.

1.4.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   "PE": Provider edge device.  It is a unique access point for users to
   access the carrier network.




Liu & Wang              Expires January 25, 2020                [Page 3]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


   "AC": A physical or logical link.  It is used to connect a user edge
   device and a PE device.

   "trusted mac": The mac entry to the AC port or EVPN neighbour.  It is
   generated based on the user's trusted traffic.

2.  Solution Overview

   The draft includes the following technical points:

   1) Trusted mac sending and receiving is not the default behavior of
   the device.  It is needed to manually configure the trusted mac route
   sending enable (for the route sender) and the receiving enable (for
   the route receiver).  The EVPN neighbours use the mac route to
   implement trusted mac capability negotiation.

   2) Trusted mac needs to be generated based on certain rules, then mac
   mobility extended community is extended to add T bit for supporting
   trusted mac delivery.

   3) After trusted mac negotiation and delivery, the mac duplication
   detection mechanism between trusted mac and static mac needs to be
   supported.  Mac duplication between trusted mac and dynamic mac is
   also a consideration.

3.  Trusted MAC Capability negotiation

   Although trusted mac belongs to the device-level global capability,
   considering the simplicity of the protocol extension, the MAC-IP
   route with all zero mac and all zero ip carries the mac mobility
   extended community to support trusted mac negotiation between the
   route sender and the receiver.  The extention of the "Reserved" field
   is needed.  The mac mobility extended community defined here is
   defined as follows:

        0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       | Type=0x06     | Sub-Type=0x00 |Flags(1 octet) |  Reserved=0   |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
       |                       Sequence Number                         |
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                   Figure 1: MAC Mobility Extended Community








Liu & Wang              Expires January 25, 2020                [Page 4]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


                                 0 1 2 3 4 5 6 7
                                +-+-+-+-+-+-+-+-+
                                |             |T|
                                +-+-+-+-+-+-+-+-+

                   Figure 2. The extention of the "Reserved" field

   The last bit in the "Reserved" field is marked as T bit and is used
   to indicate whether the trusted mac route is enabled on the route
   sender.

   Name Meaning

   -------------------------------------------------- -------------

   T If set to 1, this flag indicates that trusted mac advertising
   capabilicy is enabled by the advertising PE.

   If the trusted mac advertising capability is not enabled, then the T
   bit must be set to 0.

   For the receiving PE, it is necessary to determine whether to allow
   crossover based on the trusted mac receiving enable configuration.
   If only the T bit is set and the trusted mac route receiving for the
   receiving PE is enabled, the received route can finally crossed
   successfully.  From the perspective of route optimization, if the
   trusted mac route sending enable is not configured on the sender, the
   trusted mac negotiation route may not be sent.

4.  Trusted MAC Actions

4.1.  Flag Extension

   In order to support trusted mac delivery, the mac route is released
   by the special 0 mac and 0 ip with extended mac mobility extended
   community.  The extended mac route format is as follows:















Liu & Wang              Expires January 25, 2020                [Page 5]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


                         +---------------------------------------+
                         |  RD (8 octets)                        |
                         +---------------------------------------+
                         |Ethernet Segment Identifier (10 octets)|
                         +---------------------------------------+
                         |  Ethernet Tag ID (4 octets)           |
                         +---------------------------------------+
                         |  MAC Address Length (=48)             |
                         +---------------------------------------+
                         |  MAC Address (=0)                     |
                         +---------------------------------------+
                         |  IP Address Length (1 octet)          |
                         +---------------------------------------+
                         |  IP Address (=0)       |
                         +---------------------------------------+
                         |  MPLS Label1 (3 octets)               |
                         +---------------------------------------+
                         |  MPLS Label2 (0 or 3 octets)          |
                         +---------------------------------------+

                          Figure 3. Extended Mac Route Format

   In order to distinguish between dynamic mac, static mac and trusted
   mac, the flags field in mac mobility extended community shown as
   section 3 figure 1 needs to extend new value.

   Name Meaning

   -------------------------------------------------- -------------

   Flags If set to 0, this value indicates that normal dynamic mac is
   advertised to the remote PE.

   If set to 1, this value indicates that sticky mac is advertised to
   the remote PE.

   If set to 2, this value indicates that trusted mac is advertised to
   the remote PE.

4.2.  Trusted MAC Generation and Delivery

   The generation of trusted mac belongs to the local behavior of the
   PE.  Generally speaking, the stable MAC out port or EVPN neighbor in
   the specified period of the first time learned locally is defined as
   trusted mac.  The specified period can be assigned to a default
   value, such as 60 seconds.  The value of the period may be modified
   to other values, for example, 1 minutes, 5 minutes or else.  Once the
   local trusted mac is generated, it will not be overwritten by the



Liu & Wang              Expires January 25, 2020                [Page 6]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


   other dynamic mac, but it can be overwritten by static mac.  Since
   trusted mac is still in the category of dynamic mac, trusted mac
   aging needs to support.

   There exists several limitations for trusted mac generation and
   delivery:

   1) In a very poor network environment, the specified mac may have a
   persistent mobility after the mac entry is generated for the first
   time.  In this case, trusted mac may not be generated.  Static mac
   may only be used to restrict the forwarding behavior of the user's
   traffic.

   2) Aftertrusted mac is generated, if the generation cycle of the
   trusted mac is dynamically modified, the generated trusted mac will
   not be deleted automatically in order to reduce the impact on the
   existing mac duplication detection mechanism based on trusted mac.
   If only trusted mac is manually deleted or aged, the system will
   generate a new trusted mac based on the modified period.

   3) After trusted mac is generated, if the specified mac is
   reconfigured as a static mac, the mac route carrying the mac mobility
   extended community with flags=1 will be re-advertised, so the result
   of the mac duplication detection may be changed.

   4) After trusted mac is generated, if the specified mac is
   reconfigured as a black- holing mac, the previously advertised
   trusted mac route needs to be withdrew to prevent invalid network
   traffic caused by the black holing mac.

5.  Application Senario

5.1.  Trusted MAC and Sticky MAC

   The sticky mac may be configured on the PE or be received from the
   other PEs, when trusted mac and sticky mac coexist in the same PE,
   There exist two sub-scenarios:

   1) Only one sticky mac exists beyond trusted mac.  The only sticky
   mac guides the user's traffic and will survive forever until sticky
   mac is manually deleted.

   2) Several sticky macs exist beyond trusted mac.  When there exists a
   local static mac, since the local static mac is unique, the user's
   traffic is preferentially guided according to the local mac.  When
   there exists no local static mac, the same PE may receive the same
   sticky mac from different EVPN neighbours.  Therefore, the PE selects




Liu & Wang              Expires January 25, 2020                [Page 7]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


   the sticky mac route from the neighbour with th smallest original ip
   address to guide the final user's traffic.

   In the above two sub-scenarios, the coexistence between trusted mac
   and sticky mac triggers the mac duplication alarm, and all trusted
   macs are eventually ignored.

5.2.  Trusted MAC and Dynamic MAC

   The coexistence of trusted mac and dynamic mac occurs when there is
   no sticky mac in the system, There exist two sub-scenarios:

   1) Only one trusted mac (local or remote) exists beyond dynamic mac.
   The only trusted mac guides the user's traffic and will age when the
   user's traffic based on the trusted mac (source mac or desination
   mac) disappears.

   2) Several trust macs exist beyond dynamic mac.  The locally learned
   trusted mac or the trusted mac route received from the remote PE have
   higher priority than the normal dynamic mac.  After detecting the mac
   duplication, the locally learned trust mac or the trusted mac route
   with the larger serial number is used to guide the final user's
   traffic.

   Note: If the local PE receives the trusted mac route with the same
   serial number from different neighbours, the route received from the
   neighbour with the smallest original ip is selected to participate in
   the mac duplication detection.

5.3.  Limitations

   the default mac route received from the other PE cannot participate
   in the mac duplication detection.  In this case, the traffic-based
   mac duplication detection mechanism can only be used on the access
   side.  Similarly, the priority of sticky mac is higher than trusted
   mac, the priority of trusted mac is higher than dynamic mac.

6.  Security Considerations

   When multiple network elements in the same network detect the mac
   duplication at the same time, trusted mac may cause the traffic
   between the network elements to loop.  The probability of this
   situation is relatively small.  Perhaps the user's traffic can only
   be isolated by black holing in order to reduce the whole network
   security risk.






Liu & Wang              Expires January 25, 2020                [Page 8]

Internet-Draft  EVPN LOOP PREVENTION BASED ON TRUSTED MAC      July 2019


7.  IANA Considerations

   This document does not require new codepoints.

8.  Contributors

   The following individuals gave significant contributions to this
   document:

   Haibo Wang

   Huawei Technologies

   rainsword.wang@huawei.com

9.  References

   [RFC7432]  Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
              Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
              Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
              2015, <https://www.rfc-editor.org/info/rfc7432>.

Authors' Addresses

   GuoLiang
   Huawei Technologies
   101 software Avenue, Yuhua District
   Nanjing  210012
   China

   Email: liuguoliang@huawei.com


   Haibo
   Huawei Technologies
   Huawei Bld., No.156 Beiqing Rd.
   Beijing  10095
   China

   Email: rainsword.wang@huawei.com











Liu & Wang              Expires January 25, 2020                [Page 9]