Network working group L. Xia Internet Draft L. Yong Category: Standard Track Weiguo Hao Huawei Anoop Ghanwani Dell Ram Krishnan Brocade Expires: April 2015 October 27, 2014 Layer 2 Gateway (L2GW) draft-xia-nvo3-l2gw-02 Abstract A Layer 2 Gateway (L2GW) is used for interconnecting a Layer 2 overlay network [NVO3FRWK] and a Layer 2 bridged network [IEEE802.1Q] to form a single Layer 2 virtual network. This draft describes data plane interconnection and control plane interworking at the L2GW. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 27, 2015. Xia, et al. [Page 1] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 Copyright Notice Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction ................................................ 3 1.1. Conventions used in this document ...................... 3 1.2. Terminology ............................................ 3 2. L2GW Reference Model......................................... 4 3. General L2GW Operation Procedures ........................... 5 3.1. MAC Learning ........................................... 5 3.2. ARP Handling ........................................... 6 3.3. Dual L2GWs ............................................. 6 4. L2CP Review and Applicability to L2 Overlay Network ......... 8 4.1. STP/RSTP/MSTP ......................................... 10 4.2. PAUSE ................................................. 11 4.3. LACP/LAMP ............................................. 11 4.4. Link OAM .............................................. 12 4.5. Port Authentication ................................... 12 4.6. E-LMI ................................................. 13 4.7. LLDP .................................................. 13 4.8. PTP Peer Delay ........................................ 13 4.9. ESMC .................................................. 13 4.10. GARP/MRP Block........................................ 14 5. L2CP Processing in L2GWs ................................... 14 5.1. L2CP Frames Filtered (Peered or Discarded) in L2GW .... 14 5.2. L2CP Frames Passed through L2GW ....................... 15 6. Other Interworking Cases ................................... 15 7. Security Considerations .................................... 16 8. IANA Considerations ........................................ 16 9. References ................................................. 16 9.1. Normative References .................................. 16 9.2. Informative References ................................ 16 Xia, et al. [Page 2] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 1. Introduction Cloud computing and network virtualization are evolving in the direction of using network virtualization overlays over Layer 3 (NVO3). Some of the goals of NVO3 are -- fast and easy creation of tenant networks, support tenant system mobility, and improved manageability of all virtualized resources in the data center (DC). Layer 2 (L2) overlay network in NVO3 means tenant systems are interconnected at L2, while the NVEs are interconnected using Layer 3 (L3). As a result, it forms a full mesh topology of overlay network, i.e. only one L2 hop between any pair of NVEs. On the other hand, L2 bridged network is used to refer to the L2 network as specified in IEEE 802.1Q [IEEE 802.1Q] in this draft. In the first use case, involving DC network migration from physical tenant systems to virtual tenant systems, it is expected that the L2 overlay network may be used along with an existing L2 bridged network in a DC, and communication between them would be required. In the last use case, a L2 bridged network would be used to connect physical (non-virtualized) systems. These devices need to communicate to virtualized networks for information exchange. Some CPU-intensive applications such as big data analytics typically use physical servers rather than making of use of server virtualization. To interconnect two networks that are implemented with different technologies (NVO3 and a bridged network), gateway functions are needed on the device(s)/system(s) that interconnect them. This device is referred to as a Layer 2 Gateway (L2GW) in this draft. The device can be thought of as implementing an NVE that connects the tenant systems in the L2 bridged network to tenant systems in the NVO3 network. 1.1. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. 1.2. Terminology This document uses the terms defined in NVO3 framework [NVO3FRWK] and architecture [NVO3ARCH] documents. Xia, et al. [Page 3] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 2. L2GW Reference Model The following figure shows a reference model where an L2GW provides an interconnection between an L2 overlay network and an L2 bridged network. It shows the case where two different technologies are used to implement a single L2 network. ......... ......... +---+ ... .... . +------+ TSs-+NVE| +---------+ +-+Server| +---+ L2 Overlay | | L2 Bridge . +------+ . Network | L2GW | Network . . | | . +------+ ..+---+ +---------+ +-+Server| TSs-+NVE| ... .... ... +------+ +---+......... ........ Figure 1: L2GW Reference Model The L2GW can reside at the edge of the network providing direct connection to tenant systems, or reside at aggregation or core where the tenant systems attach to L2 switches. To connect with an L2 overlay network, an L2GW device physically connects to the underlay network on which the L2 overlay network is implemented and it functions as an NVE, providing termination for the L2 overlay network . To provide node failure resilience, the reference model can further be shown as in Figure 2, where two L2GWs interconnect the two networks. ......... ......... +---+ ... .... . +------+ TSs-+NVE| +---------+ +-+Server| +---+ L2 Overlay | L2GW | L2 Bridge . +------+ . Network +---------+ Network . . . +------+ ..+---+ +---------+ +-+Server| TSs-+NVE| ...| L2GW |.... ... +------+ +---+......... +---------+ ........ Figure 2: Redundant L2GW Model Note that this draft assumes that L2GW device embeds an L2 NVE as well as IEEE802.1Q bridge functions. Xia, et al. [Page 4] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 3. General L2GW Operation Procedures 3.1. MAC Learning The MAC addresses for an L2 virtual network created by interconnecting the two networks (the L2 overlay network and the L2 bridged network) needs to be distributed and/or learned at all NVEs that participate in that L2 virtual network. If NVE-NVA architecture is used, when an L2GW learns the MAC addresses from the bridged network, the L2GW should notify NVA of the MAC addresses. The NVA maintains the mapping of these MAC addresses from the L2GW, and informs the other NVEs of the mappings. Similarly, if the NVA maintains the mappings between a tenant system's MAC address and NVE for an L2 virtual network, the NVA would be expected to inform those mappings of MAC addresses to NVEs to the L2GWs because the L2GWs also implement the functions of an NVE. The L2GW maintains the mapping of VNID from the L2 overlay network and VLAN ID in the bridged network. These mappings may be manually configured at the L2GW or may be configured via the NVA. The L2GW maintains a forwarding table per virtual network which has all the MAC addresses learned from the bridged network as well as all of the MAC addresses it received from the NVA for that virtual network. Upon receiving a packet from the overlay network, the L2GW decapsulates the packet, performs the table lookup, and may insert a VLAN ID (if the decapsulated frame doesn't already have one) or modify the VLAN ID (if one is already present) prior to forwarding it to the bridged network. If the destination MAC address of the decapsulated packet is unknown (i.e. not present in the forwarding table), the L2GW may choose to discard the packet or flood it on the VLAN depending on the configured policy. Upon receiving a frame from the L2 bridge network, the L2GW encapsulates the frame prior to forwarding it to the remote NVE. If the frame's MAC DA is unknown to L2GW, it will be discarded or flooded to all the remote NVEs depending on the configured policy. Note that the outer VLAN ID on the packet may be removed before the encapsulation. The two networks which are interconnected to form a single L2 virtual network MUST NOT have any overlapping MAC addresses; i.e. the same MAC address cannot appear in the both the L2 overlay network as well as the L2 bridged network. Xia, et al. [Page 5] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 3.2. ARP Handling To avoid ARP flooding in the L2 overlay network, the L2GW may maintain an ARP cache locally and/or rely on NVA to maintain the ARP table. For the purpose of maintaining the ARP cache locally, the L2GW can snoop ARP requests from the bridged network and send ARP replies back. If the L2 overlay network supports ARP flooding, the L2GW can simply flood ARP requests from one network to another. 3.3. Dual L2GWs Two L2GWs may be used for network interconnection to support a network that is resilient to node failures. These two L2GWs may further operate in Active/Standby or Active/Active mode. In Active/Standby mode, only one of the L2GWs is actively passing traffic from one network to the other for a given L2 virtual network. In Active/Active mode, both L2GWs pass traffic from one network to the other for a given virtual network. (TBD: Does this need to be restricted to only two L2GWs?) In Active/Standby mode, to protect node failure, some protocol is necessary between the L2GWs to facilitate status exchange and determine which of them will operate in Active mode. The Active/Standby role may be configured or automatically selected based on an algorithm or policy. An L2GW should inform NVA about its role, i.e., Active or Standby, and the NVA should ensure that the active L2GW IP address is used in the mapping of (inner) MAC addresses to (outer) IP address. In Active/Active mode, NVA/NVEs have two paths to the bridge network and vise versa. The NVEs in an overlay can choose one based on the policy. The following presents the problems that need to be addressed and related solutions for Active/Active connection scenarios: 1. MAC flip-flop on remote NVEs MAC learning on an L2GW can be performed either in data plane or control plane. When a local host h1 attaches to multiple L2GWs, address learning at the remote NVEs for a given host h1 may experience what we refer to as the MAC flip-flop problem where h1 appears behind the NVE of one L2GW and then subsequently appears Xia, et al. [Page 6] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 behind the NVE of the other L2GW, going back and forth in this manner. In the data plane learning scenario, an anycast L2GW IP address that is shared among L2GWs may be used to avoid MAC flip-flop on remote devices (NVEs, L2GWs, etc). When a bridged network attaches to multiple L2GWs, any L2GW should use the shared anycast IP address, rather than its own IP address, as the ingress NVE IP address when it forwards NVO3 data frames into overlay network. Use of an anycast L2GW IP address makes the MAC addresses learnt by the remote devices appear to be behind a single source IP address rather than multiple different source IP addresses. In the control plane learning scenario (i.e. when NVA-NVE is used to learn address mappings), if an L2 bridged network is multi-homed to multiple L2GWs in Active/Active mode, each edge L2GW should announce the MAC addresses of its attached end systems to all other devices through NVE-NVA control plane protocol. For MAC addresses that originate from multiple L2GWs, remote devices will learn the MAC addresses as being associated with multiple ingress IP addresses and will generate multiple MAC forwarding entries in ECMP mode. All edge L2GWs should disable the data plane MAC learning function in their NVEs; they must still continue to learn MAC addresses from traffic received from the L2 bridged network. MAC address to NVE IP address association should be learned only through the control plane. The control plane must be aware of edge ports that are multi-homed to multiple L2GWs. 2. Duplicated traffic from remote device Frame duplication may occur when BUM (broadcast, unknown unicast, multicast) traffics are forwarded bidirectionally between an L2 bridged network and a NVO3 network which have an Active/Active connection through multiple edge L2GWs. The Designated Forwarder (DF) election mechanism defined in [EVPN] can be used to resolve this issue. According to [EVPN], multi-homing functions cover two scenarios. For the MHN (Multi-Homed Network) scenario, DF election mechanism allows only one L2GW of an edge group to forward BUM traffics between NVO3 network and the L2 bridged network by two directions for each VN. The basic idea of DF is to elect one L2GW per VN from an edge group to be responsible for forwarding the BUM traffics. For the MHD (Multi-Homed Device) scenario, the only difference with MHN scenario is at the L2 bridged network side, MC- LAG mechanism guarantees BUM traffics coming from L2 bridged network only goes to one L2GW. DF mechanism is not needed in this direction. 3. Loops Xia, et al. [Page 7] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 Consider the case where a bridged network originates a frame that is sent as a BUM frame to the NVO3 network via an L2GW, say L2GW1, that is one of multiple gateways interconnecting the bridged network and the NVO3 network. This frame will be encapsulated and then forwarded through NVO3 network and reach the other L2GW, say L2GW2, that is also connected to the bridged network. In this case, if L2GW2 decapsulates the NVO3 frame and forwards it into the bridged network where the frame originated, the frame loops endlessly. This is why it is important to have only single designated forwarder for multicast traffic. 4. Unsynchronized information among member L2GWs A local L2GW, say L2GW1 in an edge group, may have learned a VLAN and MAC to IP correspondence for a remote end system ES1 when ES1 sends a packet to local bridge. The returning traffic from local bridge may go to any other member L2GW of MC-LAG, for example L2GW2. To avoid flooding unicast traffic on L2GW2, MAC address should be synchronized among the edge L2GWs in an edge group. Additionally, to ensure DF election consistency, dynamic joined VLAN through VLAN registration protocol (VRP, [IEEE 802.1ak] amendment to the [IEEE 802.1Q]) and dynamic joined multicast group through IGMP or MLD protocol should be synchronized among all L2GWs in an edge group. 4. L2CP Review and Applicability to L2 Overlay Network This Section mainly discusses which L2CP (Layer 2 Control Protocol, specified in [IEEE 802.1Q]) should be supported by L2 overlay network and which should not, Section 5 specifies how L2GW should deal with L2CP frames. L2CP protocols defined in [IEEE 802.1Q] are listed in Table 1: +------------------+----------+----------+---------------------+ |MAC DA |Assignment| Protocol | L2CP Action | | | | Type +----------+----------+ | | | |VLAN-based|PORT-based| | | | | L2 | L2 | | | | | services | services | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-00 |Nearest |STP/RSTP/M|Filter |Pass | | |Customer |STP, | | | | |Bridge |LACP/LAMP | | | +------------------+----------+----------+----------+----------+ Xia, et al. [Page 8] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 |01-80-C2-00-00-01 |IEEE MAC |PAUSE |Filter |Filter | | |Specific | | | | | |Control | | | | | |Protocols | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-02 |IEEE 802 |LACP/LAMP,|Filter |Filter | | |Slow |Link OAM, | | | | |Protocols |ESMC | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-03 |Nearest |Port |Filter |Filter | | |non-TPRM |Authentica| | | | |Bridge |tion, | | | | | |LACP/LAMP | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-04 |IEEE MAC | |Filter |Filter | | |Specific | | | | | |Control | | | | | |Protocols | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-05 |Reserved | |Filter |Filter | | |for Future| | | | |01-80-C2-00-00-06 |Standardiz| | | | | |ation | | | | |01-80-C2-00-00-09 | | | | | | | | | | | |01-80-C2-00-00-0A | | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-07 |MEF ELMI |E-LMI |Filter |Filter | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-08 |Provide | |Filter |Filter | | |Bridge | | | | | |Group | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-0B |Reserved | |Filter |Pass | | |for Future| | | | |01-80-C2-00-00-0C |Standardiz| | | | | |ation | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-0D |Provider | |Filter |Pass | | |Bridge | | | | | |MVRP | | | | +------------------+----------+----------+----------+----------+ Xia, et al. [Page 9] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 |01-80-C2-00-00-0E |Nearest |LLDP, PTP |Filter |Filter | | |Bridge, |Peer Delay| | | | |Individual| | | | | |LAN Scope | | | | +------------------+----------+----------+----------+----------+ |01-80-C2-00-00-20 | |GARP/MRP |Pass |Pass | | | |Block | | | | through | | | | | | | | | | | |01-80-C2-00-00-2F | | | | | +------------------+----------+----------+----------+----------+ Table 1 L2CP protocols specification Note: Different L2CP protocols can use the same MAC DA in above block of 32 addresses, but be differentiated by protocol identifier. MAC DA determines the intended recipient device for the frame; Filter represent the L2CP action of peer or discard; Based on whether L2 interface is VLAN-aware, L2 services can divided into two categories: VLAN-based L2 services, PORT-based L2 services. L2CP action (peer, discard, pass) for these two L2 services is also different; Whether the L2CP frames are peered or discarded is further determined by the configuration of L2 interface. Further analysis about whether a L2CP protocol is necessary and how it is processed in NVO3 supported L2 VN, is provided in the following sub sections. 4.1. STP/RSTP/MSTP The Spanning Tree Protocol (STP) is a L2 protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast storm that results from them. Rapid spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) are all the enhanced xSTP protocols. L2 overlay network does not need xSTP protocols to prevent bridge loops because it has its own mechanism for it, i.e., NVA, control Xia, et al. [Page 10] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 plane mechanisms, full mesh + split horizon, etc. So, the process of xSTP frames in L2 VN is: Be in line with L2CP protocols' specification of Table 1 from IEEE in the L2 sub-networks attached to L2 NVEs; xSTP frames are filtered in L2 NVEs and should not go into L2 overlay network. 4.2. PAUSE [IEEE 802.3-2005] has specified a L2 flow control mechanism through using the PAUSE frame. This frame uses L2CP MAC DA of 01-80-C2-00- 00-01 to be sent to the node at the other end of the link for informing it to halt the frame transmission for a specified period of time. When L2 NVE is co-located in Hypervisor, PAUSE frame is not necessary in one device. When they are separated, PAUSE frame is only used in layer 2 network between L2 NVE and Hypervisor, there is no need to overlay PAUSE frame between L2 NVEs. For the underlay network of NVO3 network, L2 PAUSE mechanism is still used between two adjacent switches for flow control. 4.3. LACP/LAMP Link Aggregation [IEEE 802.1AXbk-2012] is a mechanism for making multiple point-to-point links between a pair of devices appear to be a single logical link between those devices. Link Aggregation Control Protocol (LACP) and Link Marker Control Protocol (LAMP) operate between exactly two peer devices for the purpose of creating, verifying, and monitoring the logical link created by aggregating individual links. Specific L2CP frames, known as Link Aggregation Control Protocol Data Units (LACPDUs), are exchanged between the peer devices on each individual link in the aggregation. The protocol identifier used by LACP is an Ethertype with a value of 0x8809 (the ''Slow Protocols'' Ethertype) and subtype values 01 (for LACP) and 02 (for LAMP). Note that LACP is used to represent LACP and LAMP in the following text. LACP uses 3 different L2CP MAC DAs to determine the scope of propagation of LACPDUs within a bridged LAN, as Table 2 follows: +----------------+------------------+-----------------------------+ |Assignment | L2CP MAC DA |Peered or discarded by | Xia, et al. [Page 11] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 +----------------+------------------+-----------------------------+ |Nearest Customer| 01-80-C2-00-00-00|End Station, Customer Bridge,| |Bridge | |Provider Edge Bridge | +----------------+------------------+-----------------------------+ |IEEE 802 Slow | 01-80-C2-00-00-02|End Station, Customer Bridge,| |Protocols | |Provider Edge Bridge, | | | |Provider Bridge | +----------------+------------------+-----------------------------+ |Nearest non-TPRM| 01-80-C2-00-00-03|Bridges except for Two Port | |Bridge | |MAC Relay | +----------------+------------------+-----------------------------+ Table 2 LACP specification of L2CP MAC DAs Base on the summary of Table 2, LACPDUs with the L2CP MAC DA of 01- 80-C2-00-00-02 are peered or discarded by every node, so this kind of LACPDUs will not be overlaid across the L2 overlay network. For 01-80-C2-00-00-00, it is possible that LACPDUs need to be overlaid across Provider Bridge and L2 NVEs of L2 overlay network to reach the other end Custom Bridge, L2 overlay network maybe need to support to overlay this kind of LACP frame between L2 NVEs. How the L2 overlay network support LACP frame of 01-80-C2-00-00-03 is TBD. 4.4. Link OAM Lin OAM defined is defined in [IEEE 802.3ah], as mechanisms for monitoring and troubleshooting Ethernet access links. Specifically it defines tools for discovery, remote failure indication, remote and local loopbacks and status and performance monitoring. The Link OAM frames using L2CP MAC DA of 01-80-C2-00-00-02 are peered or discarded by every node, so this kind of frame will not be overlaid across the L2 overlay network. 4.5. Port Authentication [IEEE 802.1X] is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. Whether or not the L2 overlay network needs to overlay this L2CP frames is TBD. Xia, et al. [Page 12] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 4.6. E-LMI Ethernet Local Management Interface (E-LMI) [MEF-16] is a protocol between the customer edge (CE) device and the provider edge (PE) device. It runs only on the PE-CE UNI link and notifies the CE of connectivity status and configuration parameters of Ethernet services available on the CE port. E-LMI interoperates with an OAM protocol, such as Connectivity Fault Management (CFM), that runs within the provider network to collect OAM status. CFM runs at the provider maintenance level (UPE to UPE with inward-facing MEPs at the UNI). E-LMI relies on the OAM Ethernet Infrastructure (EI) to interwork with CFM for end-to-end status of Ethernet virtual connections (EVCs) across CFM domains. The LLDP frames using L2CP MAC DA of 01-80-C2-00-00-07 are peered or discarded by every node except for the Two Port MAC Relay (TPMR) bridge, so this kind of frame will not be overlaid across the L2 overlay network. 4.7. LLDP The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in standards document [IEEE 802.1AB]. The LLDP frames using L2CP MAC DA of 01-80-C2-00-00-0E are peered or discarded by every node, so this kind of frame will not be overlaid across the L2 overlay network. 4.8. PTP Peer Delay PTP Peer Delay frame is specified in [IEEE 1588-2008] to carry PTP peer time information. It uses L2CP MAC DA of 01-80-C2-00-00-0E and peered or discarded by every node, so this kind of frame will not be overlaid across the L2 overlay network. 4.9. ESMC Ethernet Synchronization Messaging Channel (ESMC) is specified in [ITU-T Rec. G.8264] for conveying clock information between Synchronous Ethernet (SyncE) bridges. Xia, et al. [Page 13] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 The ESMC frames using L2CP MAC DA of 01-80-C2-00-00-02 are peered or discarded by every node, so this kind of frame will not be overlaid across the L2 overlay network. 4.10. GARP/MRP Block Multiple Registration Protocol (MRP), which replaced Generic Attribute Registration Protocol (GARP), is a generic registration framework defined by the [IEEE 802.1ak] amendment to the [IEEE 802.1Q] standard. MRP allows bridges, switches or other similar devices to be able to register and de-register attribute values, such as VLAN identifiers and multicast group membership across a large LAN. MRP operates at the Data Link Layer. The block of L2CP MAC DA from 01-80-C2-00-00-20 to 01-80-C2-00-00-2F is used for MRP protocol. Now, only 01-80-C2-00-00-20 is for Multiple MAC Registration Protocol (MMRP) and 01-80-C2-00-00-21 is for Multiple VLAN Registration Protocol (MVRP), other L2CP MAC DA of the block are all reserved for future use. Protocol using one address of this block is passed by all the intervening bridges that does not participate in the protocol using this address, and peered or discarded by the bridge that participate in the protocol at last. In order to send the MRP frames to all related nodes (i.e., NVEs, bridges, etc) in one L2 overlay network, the MRP frames may require to be overlaid across the L2 overlay network. 5. L2CP Processing in L2GWs For all L2CP protocols, several differences exist between L2 overlay network and L2 bridge network on how to process them. As the demarcation point between L2 overlay network and L2 bridge network, L2GW keeps the same action to all L2CP frames as before at the L2 bridge network side on the one hand, but maybe processes some L2CP frames differently at the L2 overlay network side on the other hand. The following sub sections will describe the L2CP process in L2GW. 5.1. L2CP Frames Filtered (Peered or Discarded) in L2GW Although xSTP protocols using Nearest Customer Bridge address of 01- 80-C2-00-00-00 indicate that it can be overlaid across L2 overlay network, they still are not necessary for L2 overlay network because L2 overlay network has its own mechanism to prevent bridge loops. So xSTP frames will be filtered by the L2GW and not go into the L2 overlay network. Based on the analysis of section 3.3, LACP/LAMP frames using IEEE 802 Slow Protocols of 01-80-C2-00-00-02 are not necessary for L2 Xia, et al. [Page 14] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 overlay network. So, LACP/LAMP frames will be filtered by the L2GW and not go into the L2 overlay network. ESMC frames using the same MAC DA will also be filtered by L2GW. For Link OAM frames, if OAM functions are necessary for the whole L2 network which interconnects L2 bridge network and L2 overlay network, L2GW needs to support the interworking of OAM as well. This means that L2GW should peer the Link OAM frames of L2 bridge network and perform some actions between NVEs in L2 overlay network. The detailed operation is TBD. Other L2CP protocols that are filtered by L2GW and do not go into L2 overlay network include PAUSE, E-LMI, LLDP, PTP Peer Delay. The basic reason is that they all require to be processed hop by hop in L2 network strictly, but overlay network breaks this rule. The action of ''filter'' can be ''peer'', or ''discard''. It depends on the specific service requirement, i.e., does L2GW need to participate in the L2CP protocol, etc. How to determine the specific action is TBD. 5.2. L2CP Frames Passed through L2GW Excepting for the aforementioned L2CP protocols filtered by L2GW, the left L2CP protocols need to be passed through L2GW. They include: LACP/LAMP frames using IEEE 802 Slow Protocols of 01-80-C2-00-00- 00; GARP/MRP series protocols (i.e., MMRP, MVRP) using the MAC DA block of 01-80-C2-00-00-20 through 01-80-C2-00-00-2F. All these kinds of L2CP frames are passed through L2GW and traverse across the L2 overlay network and L2 bridge network to arrive the bridges that participate in the L2CP protocols. For MRP protocols, another necessary operation of L2GW is to use the pre-provisioned VLAN to virtual network instance (VNI) mappings in NVE locally or by getting from NVA to map these MRP frames into corresponding VNIs. 6. Other Interworking Cases There are other L2 bridge network technologies that use L2 Control Plane protocols such as Provider Bridge [IEEE802.1AD] or Provider Backbone Bridge [PBB] [IEEE802.1AH]. The use case of L2 Overlay Xia, et al. [Page 15] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 Network interworking with these types of bridge networks is for the further study. Note that VPLS [RFC4761] [RFC4762], EVPN [EVPN], Shortest Path Bridging [IEEE SPB] and TRILL [RFC6325] are also technologies for L2 private network implementation. These technologies rely on the control plane protocol and aim for service provider network. SDN controller interworking with such control plane protocol will be addressed in separate draft. 7. Security Considerations TBD. 8. IANA Considerations The document does not require any IANA action. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC2119, March 1997. [RFC4761] Kompella, K. and Rekhter, Y. (Editors), "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", RFC 4761, January 2007 [RFC4762] Lasserre, M. and Kompella, V. (Editors), "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007. [RFC6325] Perlman, R., "RBridges: Base Protocol Specification", July 2011. 9.2. Informative References [NVO3ARCH] Black, D, Narten, T., et al, "An Architecture for Overlay Networks (NVO3)", draft-narten-nvo3-arch-01, work in progress [NVO3FRWK] LASSERRE, M., Motin, T., et al, "Framework for DC Network Virtualization", draft-ietf-nvo3-framework-07, work in progress. [NVGRE] Sridharan, M., et al, "NVGRE: Network Virtualization using Generic Routing Encapsulation", draft-sridharan-virtualization- nvgre-03, work in progress Xia, et al. [Page 16] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 [VXLAN] Mahalingam, M., Dutt, D., etc, "VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks", draft-mahalingam-dutt-dcops-vxlan-05.txt, work in progress [EVPN] Sajassi, A. and R. Aggarwal, "BGP MPLS Based Ethernet VPN", draft-ietf-l2vpn-evpn-07, May 2014 [EVPN-REQ] A. Sajassi, R. Aggarwal et. al., "Requirements for Ethernet VPN", RFC7209 [EVPN-MHN] Weiguo, Hao, Yizhou, Li, et al, "Multi-homed network in EVPN", draft-hao-l2vpn-evpn-mhn-00, work in progress [802.1Q] IEEE, "Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks", IEEE Std 802.1Q-2011, August, 2011. [IEEE 802.3-2005] "Part 3: Carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications" [IEEE 802.1AXbk-2012] "IEEE Standard for Local and metropolitan area networks--Link Aggregation Amendment 1: Protocol Addressing" [IEEE 802.3ah] "IEEE Standard for Information technology--Local and metropolitan area networks--Part 3: CSMA/CD Access Method and Physical Layer Specifications Amendment: Media Access Control Parameters, Physical Layers, and Management Parameters for Subscriber Access Networks" [IEEE 802.1X] "IEEE Standard for Local and metropolitan Area Networks. Port-based Network Access Control" [IEEE 802.1AB] "IEEE Standard for Station and Media Access Control, Connectivity Discovery" [MEF-16] Metro Ethernet Forum, MEF 16, Ethernet Local Management Interface (E-LMI), January 2006. [IEEE 1588-2008] "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems" [IEEE 802.1ak] "IEEE Standard for Local and metropolitan Area Networks - Virtual Bridged Local Area Networks, Amendment 7: Multiple Registration Protocol" Xia, et al. [Page 17] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 [IEEE 802.1AD], "Virtual Bridged Local Area Networks - Amendment 4: Provider Bridges", 2005 [PBB] Clauses 25 and 26 of "IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks", IEEE Std 802.1Q, 2013. [IEEE802.1AH] IEEE Draft P802.1ah/D4.2 "Virtual Bridged Local Area Networks, Amendment 6: Provider Backbone Bridges", 2008 [IEEE SPB] "IEEE standard for local and metropolitan area networks: Media access control (MAC) bridges and virtual bridged local area networks -- Amendment 20: Shortest path bridging", IEEE 802.1aq, June 2012. [ITU-T Rec. G.8264] "Distribution of Timing Through Packet Networks" Authors' Addresses Liang Xia (Frank) Huawei Technologies Email: frank.xialiang@huawei.com Lucy Yong Huawei Technologies, USA Email: lucy.yong@huawei.com Weiguo Hao Huawei Technologies 101 Software Avenue, Nanjing 210012 China Phone: +86-25-56623144 EMail: haoweiguo@huawei.com Anoop Ghanwani Dell Xia, et al. [Page 18] Internet-Draft Layer 2 Gateway (L2GW) April, 2015 Email: anoop@alumni.duke.edu Ram (Ramki) Krishnan Brocade Email: ramk@brocade.com Xia, et al. [Page 19]