Network working group R. Gu Internet Draft J. Dong Intended status: Informational M. Chen Expires: September 2011 Q. Zeng Huawei Technologies Z. Liu China Telecom March 7, 2011 Analysis of Virtual Private LAN Service (VPLS) Deployment draft-gu-l2vpn-vpls-analysis-00.txt Abstract This document analyses the deployment of typical VPLS network with existing solutions, and discusses the features of each solution. In addition, this document indicates that the advantages of the existing VPLS mechanisms may be integrated to achieve easier and more efficient VPLS provisioning. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 7, 2011. Gu, et al. Expires September 7, 2011 [Page 1] Internet-Draft VPLS Analysis March 2011 Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ................................................ 2 2. Deployment of VPLS Network .................................. 3 2.1. Deployment Considerations of LDP based VPLS ............ 4 2.2. Deployment Considerations of BGP based VPLS ............ 5 3. Comparison of Existing VPLS Solutions ....................... 7 4. Security Considerations ..................................... 9 5. IANA Considerations ......................................... 9 6. Acknowledgments ............................................. 9 7. References .................................................. 9 7.1. Normative References ................................... 9 Authors' Addresses ............................................ 11 1. Introduction Virtual Private LAN Service (VPLS), also known as Transparent LAN Service and Virtual Private Switched Network Service, is a Layer 2 Service that emulates LAN service across a Wide Area Network (WAN) [RFC4664]. The primary motivation behind Virtual Private LAN Services (VPLS) is to provide connectivity between geographically dispersed customer sites across the service provider network, as if they were connected using a LAN. Recently VPLS has become quite popular, and will be deployed in more and larger networks. Also, since there has been much progress in network convergence, whereby multiple kinds of customer services, such as VPLS and IP VPN [RFC4364] etc., would be carried over a single, consolidated IP/MPLS network. Gu, et al. Expires September 7, 2011 [Page 2] Internet-Draft VPLS Analysis March 2011 Currently there are some options to deploy VPLS services, and operators need to choose the most suitable technology according to their requirement and the work load in network deployment and operation. This document analyzes the deployment of typical VPLS network with existing solutions, and discusses the features of each solution. In addition, this document indicates that the advantages of the existing VPLS mechanisms may be integrated to achieve easier and more efficient VPLS provisioning. 2. Deployment of VPLS Network This section describes the operation of a VPLS network with existing solutions. General topology of a VPLS network is shown in Figure 1. There are N PEs in the network, and V VPLS instances are deployed in the network. Gu, et al. Expires September 7, 2011 [Page 3] Internet-Draft VPLS Analysis March 2011 VPLS-1 ........... VPLS-2 . . ............. . +----+ . . +----+ . . | CE1| . . | CE3| . . +----+ . . +----+ . . \ . . / . ........\.. ..../........ .\......./...................... . \ +----+ SP network . VPLS-1 . \|PE-1| . ............. . +----+ +----+ . . +----+ . . \ /---|PE-3|--.--.-| CE3| . . \ / +----+ . . +----+ . . \ +----+ \ . . . . \| P | \ . ............. . / +----+ \. . +----+ / \ ............ . |PE-2|/ .\ . . . +----+ . \.+----+ . VPLS-1 ..../...\....................... \| CE2| . ........../ ..\........ .+----+ . . +----+ /. . \ . ............ . | CE2|/ . . +----+ . VPLS-2 . +----+ . . | CE1| . . . . +----+ . . . ........... ........... VPLS-2 Figure 1. General topology of VPLS network 2.1. Deployment Considerations of LDP based VPLS [RFC4762] describes the control plane of signaling pseudowire labels for VPLS service using Label Distribution Protocol (LDP). For LDP signaling, full-mesh targeted LDP sessions need to be established among VPLS PEs. For a network with N PEs, there would be N*(N-1) targeted LDP sessions. If N is large, the deployment would be configuration intensive. Besides, [RFC4762] does not provide mechanism for membership auto-discovery, by default the identities of all the remote pseudowire endpoints in each VPLS instance need to be manually configured on each PE. Thus if a new site or a new PE is added to one VPLS, configurations of all the other PEs need to be updated. Besides, in large scale VPLS networks, the overhead of maintaining full meshed N*(N-1) LDP sessions would be an issue. Gu, et al. Expires September 7, 2011 [Page 4] Internet-Draft VPLS Analysis March 2011 While this could be alleviated by Hierarchical VPLS (H-VPLS), the expense is additional complexity in provisioning and operation. When using LDP based mechanism to deploy a VPLS network, one unique VPLS Identifier needs to be assigned for each VPLS instance. Section 3.2.2 of [RFC6074] specifies BGP based Auto-Discovery (BGP- AD) mechanism for VPLS service. This mechanism can be combinely used with LDP based VPLS signaling, which would reduce the overhead of PW endpoint configuration, and even the establishment of targeted LDP sessions may be automatically triggered by BGP auto-discovery. However, when BGP-AD is used with LDP signaling, in addition to BGP sessions established for membership auto-discovery, it is still required to set up fully meshed targeted LDP sessions for pseudowire signaling, regardless of whether the LDP sessions are manually configured or automatically established. Thus in this case operators need to deploy and maintain both BGP and targeted LDP to offer VPLS services. And the signaling overhead in this case would be higher than both LDP signaling without BGP-AD and BGP based VPLS in [RFC4761]. Using LDP based VPLS signaling, the pseudowire labels are allocated "on-demand" for each remote endpoints in each VPLS instance, thus label resources are utilized efficiently. MAC Address Withdrawal mechanism is defined in LDP based VPLS to expedite removal of MAC addresses in some topology changes. And status information of the pseudowires can be exchanged using mechanism in [RFC4447]. These features could make operation and maintenance of VPLS more efficient and convenient. 2.2. Deployment Considerations of BGP based VPLS [RFC4761] describes the BGP based auto-discovery and signaling mechanism for VPLS. BGP based VPLS mechanism combines VPLS membership auto-discovery and signaling into a single BGP Update message, which achieves quite low signaling overhead and allows operational convergence with IP VPN. The control plane of BGP based VPLS could inherit the scalability mechanism from BGP, thus full meshed signaling sessions among VPLS PEs can be avoided by deploying route reflectors [RFC4456]. Each PE can just establish one BGP session with route reflector. Gu, et al. Expires September 7, 2011 [Page 5] Internet-Draft VPLS Analysis March 2011 To deploy a BGP based VPLS service, operator needs to assign a unique VE-ID for each PE in given VPLS instance. As VE-IDs cannot be generated automatically and requires coordination among all the PEs in the same VPLS, this may introduce management burden to operators, especially in multi-area and multi-AS scenarios. Similar to IP VPN, Route Targets are used to identify different VPLS instances. The pseudowire discriminators are advertised in form of label blocks. Although this avoids the control plane load of sending individual label signaling messages to each remote PE, the use of label block is based on idea of "allocate in advance" and "over-provisioning" and in many cases the allocation of label resources may be not quite efficient compared with "on-demand" label allocation for each discovered remote endpoint. Besides, the size of label block allocated could be impacted by VE-IDs of remote PEs, which makes the management more complicated, and exposes a potential security issue. An example of VE-ID assignment and label block allocation is described as below: For ease of VE-ID management and future network expansion, operator may assign a set of blocks of VE-ID for different regions of the network, as shown in Figure 2, VE-ID 1-100 are assigned to region 1, and VE-ID 101-200 are assigned to region 2. According to the mechanism in [RFC4761], in order to establish VPLS pseudowire with a PE in region 2, say the VE-ID is 102, PE1 needs to allocate a label block with the size of at least 102, even if in the beginning only less than 10 PEs are deployed in each region. If the number of VPLS instances V in the network is large, the amount of labels wasted altogether may not be neglectable. Gu, et al. Expires September 7, 2011 [Page 6] Internet-Draft VPLS Analysis March 2011 .................................................... . VPLS Backbone . . . . ....................... ....................... . . . Region 1 . . Region 2 +----+ . . . . +----+ . . | PE | . . . . | PE1|\ . . /+----+ . . . . +----+ \ +----+ . . +----+ / . . . . \| RR |--.--.--| RR |/ +----+ . . . . /+----+ . . +----+----| PE | . . . . +----+ / | . . \ +----+ . . . . | PE2|/ | . . \ ... . . . . +----+ | . . +----+ . . . . ... +----+ . . | PE | . . . . | PEn| . . +----+ . . . . VE-ID:1-100 +----+ . . VE-ID:101-200 . . . ....................... ....................... . . . . . .................................................... Figure 2. An Example of VE-ID Assignment Currently BGP based VPLS does not provide mechanisms of MAC address withdrawal and pseudowire status notification. 3. Comparison of Existing VPLS Solutions As analyzed in section 2, both LDP based and BGP based VPLS solutions have some advantages and disadvantages. These are summarized in Table 1. VPLS service provisioning consists of membership discovery and pseudowire signaling. VPLS membership can be either manually configured, or auto-discovered through BGP auto-discovery mechanism. According to Table 1, it is obvious that BGP-AD is an important feature which significantly reduces the overhead of manual provisioning in LDP based VPLS, with the expense of coexistence of two control plane protocols and additional signaling sessions and messages. BGP based VPLS combines auto-discovery and signaling into a single Update message at the cost of potential waste of label resources. While VPLS provides multipoint service, the underlying infrastructure is full-mesh point-to-point pseudowires. Thus the on- Gu, et al. Expires September 7, 2011 [Page 7] Internet-Draft VPLS Analysis March 2011 demand label allocation mechanism in LDP signaling could provide better efficiency in label resource utilization. Regarding the control plane scalability, the big challenge with LDP VPLS is maintenance of full-mesh targeted LDP sessions, while in BGP VPLS this problem can be easily solved with route reflection. Some service providers may have already deployed IP VPN service in their networks which uses BGP as signaling protocol, and plan to provide VPLS service in the same network, in this case they may prefer to deploy VPLS using the same technology as IP VPN to simplify service provisioning and network operation. VPLS Solution| Advantages | Disadvantages -------------|------------------------------|-------------------------- LDP VPLS |1.on-demand label allocation |1.manual provisioning without |2.MAC withdrawal and PW status|2.full mesh T-LDP session BGP-AD | notification mechanism |3. non-convergence with | | IP VPN operation -------------|------------------------------|-------------------------- BGP VPLS |1.convergence with IP VPN |1.VE-ID management |2.membership auto-discovery |2.waste of label resource |3.scalability with use of RR |3.lack of MAC withdrawal |4.minimal signaling overhead |and PW status notification -------------|------------------------------|-------------------------- LDP VPLS |1.membership auto-discovery |1.overhead of two control with |2.on-demand label allocation | plane protocols BGP-AD |3.MAC withdrawal and PW status|2.full mesh T-LDP session | notification mechanism | | | Table 1. Comparison of existing VPLS solutions To simply VPLS service provisioning, BGP based auto-discovery would becomes a mandatory feature. The concerns about LDP based VPLS with BGP-AD may be the scalability issue and burden of full-mesh targeted LDP sessions. While control plane of BGP based VPLS is more scalable and achieves convergence with IP VPN, inefficiency in label resource utilization and complexity in VE-ID management may influence operators' choice. Actually there may be one solution which integrates the advantages and avoid those disadvantages: Gu, et al. Expires September 7, 2011 [Page 8] Internet-Draft VPLS Analysis March 2011 a. BGP-AD in [RFC6074] is used for membership auto-discovery. b. After auto-discovery of members in each VPLS, instead of establishing targeted LDP sessions, the BGP sessions which are already established for BGP-AD can be re-used to execute signaling functions in a similar way to LDP VPLS, i.e. using BGP to perform on-demand pseudowire label allocation, MAC address withdrawal and pseudowire status notification. In this way, the VPLS provisioning could be simplified by BGP-AD, and there would be no need of setting up any targeted LDP session in the VPLS network. Label resource could be allocated efficiently and the complexity of VE-ID management would be avoided. BGP is the only control plane protocol and the operation convergence with IP VPN can be achieved. Detailed specification about extensions for this solution would be described in a separate document and is outside the scope of this document. 4. Security Considerations This document does not change the security properties of VPLS. 5. IANA Considerations There is no IANA action required by this draft. 6. Acknowledgments The authors would like to thank ... for their valuable suggestions and comments to this document. 7. References 7.1. Normative References [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006. [RFC4456] Bates, T., Chen, E., and R. Chandra, "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)", RFC 4456, April 2006. [RFC4664] Andersson, L. and E. Rosen, "Framework for Layer 2 Virtual Private Networks (L2VPNs)", RFC 4664, September 2006. Gu, et al. Expires September 7, 2011 [Page 9] Internet-Draft VPLS Analysis March 2011 [RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", RFC4761, January 2007. [RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC4762, January 2007. [RFC6074] Rosen, E., Luo, W., Davie, B. and V. Radoaca, ''Provisioning, Autodiscovery, and Signaling in L2VPNs'', RFC6074, January 2011. [RFC4447] Martini, L., Rosen, E., El-Aawar, N., Smith, T., and G. Heron, "Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)", RFC 4447, April 2006. Gu, et al. Expires September 7, 2011 [Page 10] Internet-Draft VPLS Analysis March 2011 Authors' Addresses Rui Gu Huawei Technologies Co.,Ltd. Huawei Building, No.3 Xinxi Rd., Hai-Dian District Beijing, 100085 P.R. China Email: gurui@huawei.com Jie Dong Huawei Technologies Co.,Ltd. Huawei Building, No.3 Xinxi Rd., Hai-Dian District Beijing, 100085 P.R. China Email: jie.dong@huawei.com Mach(Guoyi) Chen Huawei Technologies Co.,Ltd. Huawei Building, No.3 Xinxi Rd., Hai-Dian District Beijing, 100085 P.R. China Email: mach.chen@huawei.com Qing Zeng Huawei Technologies Co.,Ltd. Huawei Building, No.3 Xinxi Rd., Hai-Dian District Beijing, 100085 P.R. China Email: zengqing@huawei.com Zhihua Liu China Telecom 109 Zhongshan Ave., Guangzhou 510630, China Email: zhliu@gsta.com Gu, et al. Expires September 7, 2011 [Page 11]