Escolar Documentos
Profissional Documentos
Cultura Documentos
of MPLS-based L2VPN
sbng@cisco.com
ttheera@cisco.com
limfung@cisco.com
Agenda
Technical Overview
Flows and Use Cases
Ciscos PBB-EVPN Implementation
Summary
Technical Overview
Highlights and Solution Requirements
4
Towards EVPN
Solve Challenges of VPLS for All-Active Redundancy
Existing VPLS solutions do not offer an
All-Active per-flow redundancy
Looping of Traffic Flooded from PE
Duplicate Frames from Floods from the
Core
MAC Flip-Flopping over Pseudowire
E.g. Port-Channel Load-Balancing does not
produce a consistent hash-value for a frame
with the same source MAC (e.g. non MAC
based
Hash-Schemes)
M1
CE1
PE1
CE2
M2
Echo !
PE4
PE2
M1
CE1
PE1
PE3
M1
CE1
CE2 Duplicate !
PE4
PE2
PE1
PE3
CE2
M2
MAC
Flip-Flop
PE2
PE3
PE4
Solution Requirements
All-Active Redundancy and Load Balancing
Flow-based Multi-pathing
WAN
Flow-based Load
balancing
Geo-Redundancy
Backdoor
Site 1
Site N
Site 2
Load-balance traffic among PEs and exploit core ECMP based on flow entropy (flow can
be L2/L3/L4 or combinations)
Support geo-redundant PE nodes with optimal forwarding
Flexible Redundancy Grouping of PEs
2014 Cisco and/or its affiliates. All rights reserved.
Solution Requirements
All-Active Redundancy and Load Balancing (cont.)
Active / Active Multi-Homing with
flow-based load balancing in CE
to PE direction
Maximize bisectional bandwidth
Flows can be L2/L3/L4 or combinations
Vlan X
F2
P
E
P
E
P
E
P
E
P
E
P
E
P
E
P
E
Solution Requirements
All-Active Redundancy and Load Balancing (cont.)
Flow-based Multi-Pathing
Load balancing across
equal cost multiple paths
in the MPLS core
Load balancing at PE and
P routers based on
Entropy MPLS labels
Vlan X - F1
Vlan X
F2X
Vlan
F3X
Vlan
F4
PE
PE
P
PE
Solution Requirements
MAC Address Scalability
N * 1M
WAN
1Ms
10Ks
1Ks
DC Site 1
DC Site 2
DC Site N
MAC address scalability most pronounced on Data Center WAN Edge for Layer 2
extensions over WAN.
Example from a live network: 1M MAC addresses in a single SP data center
2014 Cisco and/or its affiliates. All rights reserved.
11
Ethernet VPN
Highlights
Next generation solution for Ethernet
multipoint connectivity services
Data-plane address
learning from Access
Control-plane address
advertisement / learning
over Core
PE1
PE3
VID 100
SMAC: M1
DMAC: F.F.F
CE1
CE3
MPLS
PE2
PE4
BGP MAC adv. Route
E-VPN NLRI
MAC M1 via PE1
12
Control-plane address
advertisement / learning
over Core (B-MAC)
Data-plane address
learning from Core
Remote C-MAC to remote
B-MAC binding
PE1
Data-plane address
learning from Access
Local C-MAC to local BMAC binding
PE3
B-MAC:
B-M1
B-M2
CE1
CE3
MPLS
B-MAC:
B-M1
B-M2
PE2
PE4
BGP MAC adv. Route
E-VPN NLRI
MAC B-M1 via PE2
13
Technical Overview
Concepts
14
Ethernet Segment
SHD
EV
I
BD
EV
I
BD
P
E
EVI identifies a VPN in the
network
Encompass one or more
bridge-domains,
depending on service
interface type
Port-based
VLAN-based (shown above)
CE1
ESI1
MHD
PE1
C
E2
ESI2
PE2
Represents a site
or an entire network
BGP Routes
BGP Route
Attributes
Route Types
Extended Communities
ES-Import
MAC Mobility
Default Gateway
plane purposes,
including:
communities defined
Expand information
VLAN-bundling
MAC / IP bindings of a GW
Aliasing
Multicast endpoint discovery
Redundancy group discovery
15
New!
Port Based Service
Interface
C
All CEVLANs
UE
NI
VLA
NX
VLAN
Y
VPN A
U
NI
U
NI
C
E
UE
NI
VPN
VPN
A
B
U
NI
U
NI
U
NI
U
NI
C
E
EV
I
BD
EV
I
P
E
U
NI
U
NI
EV
I
EV
I
PE
C
E
VP
N
A
BD
BD
BD
UE
NI
CEVLAN
subset
UE
NI
VPN
A
CEVLAN
subset
C
E
EV
I
BD
BD
PE
P
E
16
Ethernet Segment
Definition
SHD
ESI1
PE5
MHN
PE1
MHD
CE5
CE2
PE2
ESI2
MHD
ESI3
ESI4
CE4
CE1
CE3
ESI5
CE6
PE4
SHN
PE3
17
Ethernet Segment
ESI Auto-Sensing
CE1
LACPDU
BPDU
PE1
PE1
CE
PE2
MST
MPLS
PE2
MPLS
CE2
LACPDU
BPDU
System
Priority
2 bytes
System MAC
Address
Port Key
6 bytes
2 bytes
Bridge Priority
2 bytes
6 bytes
0x0000
2 bytes
18
Split Horizon
For Ethernet Segments E-VPN
Challenge:
How to prevent flooded traffic from echoing
back to a multi-homed Ethernet Segment?
ESI-1
CE1
PE1
ESI-2
PE3
Echo !
CE4
CE3
CE5
PE2
PE4
19
Split Horizon
For Ethernet Segments PBB-EVPN
Challenge:
How to prevent flooded traffic from echoing
back to a multi-homed Ethernet Segment?
ESI-1
CE1
B-MAC1 PE1
ESI-2
PE3
Echo !
CE5
B-MAC1
CE4
PE2
CE3
PE4
PEs connected to the same MHD use the same B-MAC address for the
Ethernet Segment
1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)
Disposition PEs check the B-MAC source address for Split-Horizon filtering
Frame not allowed to egress on an Ethernet Segment whose B-MAC matches the BMAC source address in the PBB header
20
Split Horizon
For Core Tunnels
Challenge:
How to prevent flooded traffic from looping back
over the core?
ESI-1
CE1
ESI-2
PE1
PE3
CE3
Loop !
CE5
CE4
PE2
PE4
Traffic received from an MPLS tunnel over the core is never forwarded
back to the MPLS core
This is similar to the VPLS split-horizon filtering rule
21
ESI-2
ESI-1
CE1
PE1
PE3
CE2
Duplicate !
PE2
PE4
22
Legend
PE1
CE
MPLS
PE2
MHN
PE2
CE2
Multi-destination
Traffic
MPLS
DF Filtering
Unicast Traffic
DF Filtering
PE1
CE
MPLS
PE2
!
DF Filtering
Filtering
Direction:
Core to Segment
Filtering
Direction:
Core to Segment
Segment to Core
Filtered Traffic:
Flooded multi-destination
Filtered Traffic:
Flooded multidestination
Unicast
23
Aliasing
I can reach
MAC1 via ESI1
I can
reach
ESI1
E-VPN
Challenge:
How to load-balance traffic towards a multihomed device across multiple PEs when MAC
addresses are learnt by only a single PE?
MAC1
PE1
(All-Active)
PE3
MAC1 ESI1
PE1
PE2
MAC1 CE1
ESI-1
CE3
PE2
I can
reach
ESI1
PE4
CE4
(All-Active)
When PE learns MAC address on its AC, it advertises the MAC in BGP
along with the ESI of the Ethernet Segment from which the MAC was
learnt
Remote PEs can load-balance traffic to a given MAC address across all
PEs advertising the same ESI
2014 Cisco and/or its affiliates. All rights reserved.
24
Aliasing
I can reach
MAC1 via BMAC1
I can
reach BMAC1
PBB-EVPN
Challenge:
How to load-balance traffic towards a multihomed device across multiple PEs when MAC
addresses are learnt by only a single PE?
MAC1
MAC1 CE1
PE1
MAC1 B-MAC1PE1
PE2
PE3
CE3
B-M1
B-M1
ESI-1
PE2
I can
reach BMAC1
PE4
CE4
PEs connected to the same MHD use the same B-MAC address for the Ethernet
Segment
1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)
PEs advertise their B-MAC addresses independent of the C-MAC learning state
Remote PEs can load-balance traffic to a given C-MAC across all PEs advertising
the same associated B-MAC
25
MAC Mass-Withdraw
I can reach
MAC1 via ESI1
I can reach
MAC2 via ESI1
Challenge:
How to inform remote PEs of a failure affecting
many MAC addresses quickly while the controlplane re-converges?
MAC1
MAC1, (All-Active)
MAC2,
PE1
MACn
I lost ESI1
I can
reach
ESI1
E-VPN
I can reach
MACn via ESI1
PE3
CE1
ESI-1
CE3
PE2
I can
reach
ESI1
PE4
CE4
(All-Active)
27
VPN Auto-Discovery
32
Example:
0000. 0011.0022.0033.0018
System
Priority
2 bytes
System MAC
Address
6 bytes
PE1
LACP PDU
exchange
Example: 0211.0022.0033
2 bytes
PE3
B-MAC
B-MAC
CE1
Port Key
CE3
MPLS
B-MAC
B-MAC
PE2
PE4
Segment Auto-Discovery
RD RD unique per
advertising PE
ESI = ESI1
ES-Import ext. comm.
e.g. 0011.0022.0033
PE1
PE3
CE3
MPLS
PE2
PE4
PE 2 Eth Segment Route
RD = RD20
ESI = ESI1
ES-Import ext. comm.
2014 Cisco and/or its affiliates. All rights reserved.
e.g. 0011.0022.0033
34
Modulo Operation
Result of modulo
operation is used to
determine DF and
BDF status
I-SID
I-SID mod N
(N = # of PEs)
(e.g. I-SID mod 2)
100
PE Ordered List
Position
PE
PE1
101
PE2
102
103
Example:
PE1 DF for I-SIDs 100, 102
PE1 BDF for I-SIDs 101, 103
PE1
PE3
Exchange of Ethernet
Segment Routes
CE1
CE3
(I-SID mod 2)
100
101
102
103
(*) DF election with Service Carving shown (i.e. one DF per I-SID in the segment)
2014 Cisco and/or its affiliates. All rights reserved.
MPLS
PE Ordered List
Position
PE
PE1
PE2
Example:
PE2 DF for I-SIDs 101, 103
PE2 BDF for I-SIDs 100, 102
PE2
PE4
DF Designated Forwarder
BDF Backup Designated Forwarder
I-SID PBB 24-bit Service Instance ID
35
RD RD unique per
advertising PE per EVI
ESI = all 1s
MAC = B-M1
B-MAC advertised
by route
Label = L1
PE1
RT ext. community
RT-a
PE3
B-M2
CE1
CE3
MPLS
PE2
PE4
Path List
Label = L2
VPN
MAC
ESI
NH
RT ext. community
RT-a
B-M1
n/a
PE1
RT-a
2014 Cisco and/or its affiliates. All rights reserved.
B-M2
B-M1
PE2
36
RD RD unique per
adv. PE per EVI
PE3
CE1
CE3
MPLS
PE 2 Inclusive Multicast Route
RD = RD-2a
PMSI Tunnel Attribute
Tunnel Type (e.g. Ing. Repl.)
PE2
PE4
RT ext. community
RT-a
PE3
B-M1
VID 100
SMAC: M1
DMAC: F.F.F
B-M2
CE1
CE3
PE1
B-M1
B-M2
L3 PBB
CE1
CE3
L2 PBB
MPLS
Mcast MPLS
Label assigned by
PE3 for incoming
BUM traffic on a
given EVI
PE3 as DF, it
forwards BUM
traffic towards
PE3
segment
MPLS
L4 PBB
PE 2 Inclusive Multicast
Route
B-M2
B-M1
B-M2
B-M1
RD = RD-2a
PMSI Tunnel Attribute
PE2
PE2
PE4
Mcast MPLS Label used to
transmit BUM traffic downstream assigned (for
ingress replication)
PE4
PE3 MAC Table
I-SID xyz
C-MAC
B-MAC
M1
B-M1
39
RD = RD-1a
MAC advertised
by route
ESI = all 1s
MAC = B-M1
Label = L1
VID 100
SMAC: M1
DMAC: F.F.F
PE1
RT ext. community
RT-a
PE1
PE3
B-M1
CE1
VID 100
SMAC: M3
DMAC: M1
B-M2
L1 PBB
CE3
CE1
VID 100
SMAC: M4
DMAC: M1
CE3
MPLS
MPLS
L2 PBB
B-M2
B-M1
PE2
PE4
PE3 RIB
Path List
Data-plane based
MAC learning for CMAC / B-MAC
association
Label = L2
VPN
MAC
ESI
NH
RT ext. community
RT-a
B-M1
n/a
PE1
C-MAC
B-MAC
PE2
M1
B-M1
RT-a
PE3
B-M1
B-M2
B-M2
B-M1
PE2
PSN MPLS label
to reach PE2
PE4
MP2P VPN Label
assigned by PE2
for incoming traffic
for target EVI
40
MAC Mobility
Host M1 moves
from CE1 to CE3s
location
1
PE1 learns C-MAC M1 on local
port and forwards across core
according to C-MAC DA to
Remote B-MAC mapping
PE3
B-M1
MPLS
PE4
M1
B-M2
B-M1
C-MAC
B-MAC
M1
B-M1
PE2
PE1 MAC Table
I-SID xyz
5
2014 Cisco and/or its affiliates. All rights reserved.
CE3
M1
B-M2
PE2
VID 100
SMAC: M1
B-M2 DMAC: F.F.F
L3 L4 PBB
B-M1
M1
PE3
CE1
CE3
MPLS
B-MAC
PE1
B-M1
B-M2
M1
C-MAC
Via data-plane
learning, PE1
updates C-MAC M1
location (via B-MAC
B-M2)
4
After host sends traffic at
new location, PE3 updates
C-MAC M1 location (local
port.) PE3 also forwards
across core according to CMAC DA to Remote B-MAC
mapping
L1 L2 PBB
CE1
2
Via data-plane
learning, PE3 learns
C-MAC M1 via BMAC B-M1
PE1
VID 100
SMAC: M1
DMAC: M2
PE4
PE3 MAC Table
I-SID xyz
C-MAC
B-MAC
C-MAC
B-MAC
M1
B-M2
M1
4
43
PE3
B-M1
B-M2
CE1
CE3
MPLS
2
PE1 withdraws Ethernet
Segment Route
B-M2
B-M1
4
PE2 reruns DF election.
Becomes DF for all ISIDs on segment
PE2
PE3 / PE4
remove PE1 from
path list for BMAC (B-M1)
PE4
Path List
MAC
ESI
NH
RT-a
B-M1
n/a
PE1
PE2
44
PE Failure
2
PE1 experiences a
node failure (e.g.
power failure)
PE1
PE3
B-M1
B-M2
LACP PDU
CE1
CE3
PE3
B-M1
B-M2
CE1
CE3
MPLS
2
B-M1
PE2
BGP RR / PE4
detects BGP
session timeout with PE1
4
PE2 reruns DF election.
Becomes DF for all ISIDs on segment
2014 Cisco and/or its affiliates. All rights reserved.
PE1
MPLS
BGP RR / PE2 detects
BGP session time-out
with PE1
PE1 looses
connectivity to the
core
B-M2
PE3 / PE4
invalidate routes
from PE1
PE4
Path List
MAC
ESI
NH
RT-a
B-M1
n/a
PE1
PE2
2
BGP RR / PE2
detects BGP
session timeout with PE1
B-M1
PE2
5
PE2 reruns DF election.
Becomes DF for all ISIDs on segment
4
B-M2
BGP RR / PE4
detects BGP
session timeout with PE1
PE3 / PE4
invalidate routes
from PE1
PE4
Path List
MAC
ESI
NH
RT-a
M1
ES1
PE1
PE2
45
Use Cases
46
PBB-EVPN Model
Customer Bridge
Domain
Ethernet
Segment
Identifier
ESI 1
BD
Core Bridge
Domain
B-MAC1
BD
BD
BD
ESI 2
BD
E-VPN
Forwarder
B-MAC2
BD
EFP
I-Component
B-Component
47
PBB-EVPN
Sample Use Access
Single Home Device (SHD)
Single Home Network (SHN)
PE1
PE1
CE1
ESI Null PE1
VID
X
BMAC
1
ESI W
VID
X
CE1
VID X
BMAC
1
ESI W
CE1
MPLS
Core
MPLS
Core
MPLS
Core
CE2
ESI Null
VID
X
VID X
VID
Y
BMAC
1
ESI W
PE2
BMAC
2
ESI W
PE2
48
PBB-EVPN
Sample Use Access (cont.)
Multi Home Device (MHD)
Active / Active Per-Flow LB
PE1
PE1
BMAC 1
ESI W
VID X
VID X
CE1
CE1
BMAC 1
ESI W
BMAC 2
ESI W
MPLS
Core
VID X
BMAC 1
ESI W
VID Y
PE2
VID X
MPLS
Core
PE2
VID Z
BMAC 1
ESI W
PE3
BMAC 3
ESI W
PE3
49
PBB-EVPN
Sample Use Access (cont.)
Dual Home Network (DHN)
ITU-T G.8032
CE1
ESI Null
PE1
PE1
CE1
VID X
MPLS
Core
G.8032
Open Sub-ring
REP
REP
Edge No
Neighbou
r
VID Y
ESI Null
PE2
ALT
port
REP-AG
REP-AG
PE1
MPLS
Core
MPLS
Core
VID Y
VID Y
CE2
BMAC 1
ESI W
VID X
VID X
VID X
CE1
VID Y
R-APS
CE2
ESI Null
VID X
VID Y
RPL
Link
ESI Null
PE2
CE2
BMAC 2
ESI W
PE2
Segment operation
controlled by REP protocol
50
MINIMAL
Configuration
Global B-MAC SA
Auto RT for EVI
Auto RD for EVI
Auto RD for Segment Route
PBB I-component
Includes I-SID assignment
PBB B-component
No need to define B-VLAN
PE1
CE1
BundleEth1.777
MPLS
Core
Mandatory - Globally
unique identifier for all PEs
in a given EVI
MINIMAL
Configuration
Auto ESI
Auto B-MAC SA
A/A Per-flow LB (default)
Auto RT for EVI
Auto RD for EVI
Auto RD for Segment Route
PE2 should use same RG
number
PE 2 should use different mlacp
node id
PE2 should use same mlacp
system mac and system priority
ICCP in singleton mode (i.e.No
peer neighbor configuration)
PE1
BundleEth25.1
CE1
MPLS
Core
BundleEth25.1
PE2
MINIMAL
Configuration
Global B-MAC SA
Default Service Carving
Auto RT for EVI
Auto RD for EVI
Auto RD for Segment Route
A/A per-service (per-ISID)
load balancing with
dynamic Service Carving
ESI must match on both
PEs
PBB I-component and Bcomponent configuration.
ISIDs must match on both
PEs
No need to define B-VLAN
Mandatory EVI ID
configuration
BGP configuration with
new EVPN AF
PE1
BundleEth25
CE1
MPLS
Core
BundleEth25
PE2
Summary
55
Summary
E-VPN / PBB-EVPN are next-generation L2VPN solutions based on a BGP
control-plane for MAC distribution/learning over the core
E-VPN / PBB-EVPN were designed to address following requirements:
E-VPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethernet use
cases
References
draft-ietf-l2vpn-evpn
draft-ietf-l2vpn-pbb-evpn
draft-ietf-l2vpn-trill-evpn
Description
Acronym
Description
AC
Attachment Circuit
PW
Pseudo-Wire
AS
Autonomous System
PWE3
BFD
QoS
Quality of Service
CoS
Class of Service
RD
Route Distinguisher
ECMP
RIB
EoMPLS
RR
Route Reflector
E-VPN
RSVP
EVI
E-VPN Instance
RSVP-TE
FRR
Fast Re-Route
RT
Route Target
IGP
TE
Traffic Engineering
LDP
tLDP
Targeted LDP
LER
VC
Virtual Circuit
LFIB
VCID
VC Identifier
LSM
VFI
LSP
VPLS
LSR
VPN
MPLS
VPWS
NLRI
VRF
PSN
VSI
58
Acronyms Ethernet/Bridging
Acronym
Description
Acronym
Description
ACL
MVRP
BD
Bridge Domain
PE
BPDU
PoA
Point of Attachment
CE
REP
REP-AG
RG
Redundancy Group
STP
C-VLAN / CEVLAN
Customer / CE VLAN
CoS
Class of Service
DHD
LACP
LAN
MEF
MEN
MIRP
mLACP
Multi-Chassis LACP
MST / MSTP
MSTG-AG
59
Description
Acronym
Description
B-BEB
B-Component BEB
I-BEB
I-Component BEB
BCB
IEEE
B-DA
BEB
I-SID
B-MAC
I-Tag
I-SID Tag
B-SA
MAC
B-Tag
B-VLAN Tag
N-PE
B-VLAN
Backbone VLAN
PB
Provider Bridge
C-DA
PBB
CE
PBBN
C-MAC
PBN
C-SA
PE
80
C-VLAN Tag
Q-in-Q
SA
C-VLAN / CEVLAN
Customer / CE VLAN
S-Tag
S-VLAN Tag
DA
S-VLAN
FCS
UNI
IB-BEB
U-PE
VLAN
Virtual LAN
60
BGP Routes
Overview
(PBB) E-VPN defines a single new BGP NLRI used to carry all E-VPN routes.
63
BGP Routes
Route Types and Usage
Route
Usage
Applicability
E-VPN only
MAC Advertisement
Route
MAC Mass-Withdraw
Aliasing
Advertising Split-Horizon Labels
Advertise MAC Address Reachability
Advertise IP/MAC Bindings
E-VPN &
PBB-EVPN
Inclusive Multicast
Route
E-VPN &
PBB-EVPN
Ethernet Segment
Route
E-VPN &
PBB-EVPN
64
BGP Routes
Route Attributes and Usage
Attribute
Usage
Route
Applicability
Ethernet A-D
Route
MAC
Advertisement
Route
ES-Import Extended
Community
Default Gateway
Extended Community
2014 Cisco and/or its affiliates. All rights reserved.
Ethernet
Segment Route
MAC
Advertisement
Route
65