IETF Logo Mail Archive

Re: [bess] Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc

"Joshi, Vinayak" <vinayak.joshi@hpe.com> Mon, 23 August 2021 11:30 UTC

Return-Path: <prvs=086904b228=vinayak.joshi@hpe.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 619D33A07D1; Mon, 23 Aug 2021 04:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.54
X-Spam-Level:
X-Spam-Status: No, score=-2.54 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NV9YC7dq7bA3; Mon, 23 Aug 2021 04:30:34 -0700 (PDT)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C98E3A07CE; Mon, 23 Aug 2021 04:30:34 -0700 (PDT)
Received: from pps.filterd (m0134421.ppops.net [127.0.0.1]) by mx0b-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17NBSDa6001892; Mon, 23 Aug 2021 11:30:34 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=pps0720; bh=lcS/zmvaVlNGK4pN9HjfvZqWQg7wKH6S1c2DKCtCZd0=; b=SpVb0bk+2j5I6cW5301e5GYT0iGxBr91B3BsPxCG7LnE230TBL0wT0hkHZfib/OUQVZi NV9qf5PJxJChRh4hIOHVQpJFWg8j1WhVd+PG9E0yxLQhx6OUw9+rMX7K/lI/+XXi4QYT ahinmm2lQWxLNfp2oKXYfefPV6Zkxd9lVEso4mdAJ2DUSVrbxPzvr+W+xVMVdhjWhRSy IpCiqzGZ1NW6YCuBcNUkUKC3beqbTidanw5fxYR7ULqgfBWetP2SjCgVJAUhd97eOKXc yt+iQxtijblHrfNnJHWNRn3P5vPz5yHiIGY5Xz6Rn1BAAsQYuCq0E2397VPBHnbnipv3 9w==
Received: from g2t2353.austin.hpe.com (g2t2353.austin.hpe.com [15.233.44.26]) by mx0b-002e3701.pphosted.com with ESMTP id 3am7ud1e0d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 23 Aug 2021 11:30:33 +0000
Received: from G9W8456.americas.hpqcorp.net (exchangepmrr1.us.hpecorp.net [16.216.161.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g2t2353.austin.hpe.com (Postfix) with ESMTPS id CF57877; Mon, 23 Aug 2021 11:30:32 +0000 (UTC)
Received: from G9W8453.americas.hpqcorp.net (2002:10d8:a0d3::10d8:a0d3) by G9W8456.americas.hpqcorp.net (2002:10d8:a15f::10d8:a15f) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 23 Aug 2021 11:30:32 +0000
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (15.241.52.10) by G9W8453.americas.hpqcorp.net (16.216.160.211) with Microsoft SMTP Server (TLS) id 15.0.1497.18 via Frontend Transport; Mon, 23 Aug 2021 11:30:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZmhzcXCfIa28oZMDGfH56S9qgsWWv1JiuyXsN8UEbD/O86xQqMEIPW0+Y7+29mEWPDV/a8RlRGcqxgeYAig9bDaeBYtt5V+URd9qxEQkckq8Ik5PojS1BI8UeAFueqPS0KJRdQrK1rx+rbMXOYjFOIm2rNpiRVuUWu1qegjIoLryMCdEH156uXMdRDRQeG8FVsE1E4wyUUGBOgiCsU6YKQjVkEMdeH1bzIzrqJvK43XhezB8Nn0I/KI4rNOR0VBQoDAD4jTt6l2+Qr1RBadjo79e41HrL6cDzW60IojQ+cvphH0V/Pgxw9vkJi85kWAeTkdlCJaYemZ/BOU+jnSyUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2VJg59Sz39SLAlEeVUiyhcXj+68gjYl6k57W68wrf2U=; b=QYs5QzzA/zjAIr4EyEJPxBL99ZqWeGVBh08TGM80jdb+zm4jBtVNFL7c+YNXOWMbhvw60f4uqwilzN2ASuJj+MhloTuhqshfOTgU+M9v/FUB7y+YET3tV5psj21NdsGglYrbfNv61pK4fWuCYYS2zR6+YYRfBzWqen3PDvcCzvBAGcP9Io1GE6/yNgx9rDfnrqiOjY6CDgM8Mnrmry1ahV/LxPqBZX1/TgnVUdi2SoJS61rcshjtEHKzJ4fSmemgtDP/FmicwXadodAObZMsCoVWvKh8kwFm+Pq91Ih8WjcJVtxG3y9u5UdgzdLw59H7CgfP2s7137iUzFructYarA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7606::18) by DF4PR8401MB0876.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:760e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.22; Mon, 23 Aug 2021 11:30:30 +0000
Received: from DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a0d3:cb12:eda1:f8cf]) by DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a0d3:cb12:eda1:f8cf%11]) with mapi id 15.20.4436.024; Mon, 23 Aug 2021 11:30:30 +0000
From: "Joshi, Vinayak" <vinayak.joshi@hpe.com>
To: "Dikshit, Saumya" <saumya.dikshit@hpe.com>, "Rabadan, Jorge (Nokia - US/Mountain View)" <jorge.rabadan@nokia.com>, "draft-ietf-bess-evpn-fast-df-recovery@ietf.org" <draft-ietf-bess-evpn-fast-df-recovery@ietf.org>, "draft-ietf-bess-evpn-df-election-framework@ietf.org" <draft-ietf-bess-evpn-df-election-framework@ietf.org>
CC: "bess@ietf.org" <bess@ietf.org>
Thread-Topic: Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc
Thread-Index: AdeUsUIzDqdWM3jCQ+GSnr3hpDVnWwAUYe7OAAGB9SAAwkC7QA==
Date: Mon, 23 Aug 2021 11:30:30 +0000
Message-ID: <DF4PR8401MB0475939B4560C0BCE4C6E29BF2C49@DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM>
References: <TU4PR8401MB124868977A69278FC870513F94C09@TU4PR8401MB1248.NAMPRD84.PROD.OUTLOOK.COM> <BY3PR08MB706044C8A3572A624DFD1E51F7C09@BY3PR08MB7060.namprd08.prod.outlook.com> <CS1PR8401MB123794D686B4006BDC54679A94C09@CS1PR8401MB1237.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <CS1PR8401MB123794D686B4006BDC54679A94C09@CS1PR8401MB1237.NAMPRD84.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: hpe.com; dkim=none (message not signed) header.d=none;hpe.com; dmarc=none action=none header.from=hpe.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6c07da27-e2d9-4b9b-9ee6-08d966296a15
x-ms-traffictypediagnostic: DF4PR8401MB0876:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DF4PR8401MB08769BC23B2EA89DD2DFA0F7F2C49@DF4PR8401MB0876.NAMPRD84.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2xaKQl0U0WH9rXcVZHq3fve7hF4yYC4o63i3fgAlQrC7XGABAafEx7Kl48ReRtvNy+LUgDqoBSVg7ufOF6NCqv5H6rh57FhZw4D1VSdTnYuEJir2OMZCwiwhI1felwI/ey28xufEC0mXlAo+xkLcOxe6PUV6TCAlJDMNgXld4nztC8XMXH7YOnmi1oywYXcP3pWtoQnsk6p4Zxcut8YTXFldNE0baEfpERMGgTGlZpmVPy6dORdOG8SOunP8VEV+fStAIjhMF2ZIP5lWoKAs/Ls2ukuH59bwGdcNPekp74+4WlBqL25CrB8uTNFzmA6vdFga8uxFQDLT8GkoOZO0ILG2G6tGwlsTI9hogqwjgNw05xTtz3mFD0ulPVL/iZ5Knk9foUqxMt8Mu/tQajLXU7pVeNc7vL1P+fNiBFwEnfdsbb9DVUg9lddd9ZAUItLupzpy2XItGMtEeyW0bBH4WEtMbmJH90ZjSi486xCXWN5O4xSNZu4SKEaBbQWkIMDHOu+SxSe3NrSvcoU+EtJuZLvqK1AecKZwfTjQZ2e1teyjJwq1t491rE//u7oU+c3y6qsSIQV/C998tWRnCRhcn5Kst6BmfgBeTLq8gWpHU1/NEK35l3+HlLyhqI4fXQuvGGmhOdy+uJG0Ry6FtNE2+a49v5WBO6NyM7Xjo2pIcG+DM6JAnpvt7ZGgcrk1sDHSA5gRX6ShPsV9gYp3euRQXW3Ylggk2j4m26wYOq6fnm6W23ECVO5rChU2liCsg2PJmtF6q6/MsWeESaYKZi/ZGOPlOPNSL48Bys5Z01bQM8jzcBFPy+/A14UdisLxp6iwL5oOn//zYiQrIgiGixtE+g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(346002)(366004)(39860400002)(376002)(396003)(136003)(86362001)(38070700005)(76116006)(2906002)(26005)(66946007)(7696005)(966005)(52536014)(166002)(8936002)(5660300002)(8676002)(83380400001)(66446008)(55236004)(71200400001)(122000001)(66476007)(53546011)(64756008)(9686003)(66556008)(316002)(296002)(478600001)(110136005)(55016002)(4326008)(186003)(6506007)(33656002)(38100700002)(66574015); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: gIbArI2WERISg49GISdqQTGf/161rb8SNe/XjzbekYqCIYxWbWc+fv8xJ9ahZ9/SxLZRdrO6Q+WDlJkTs0Zh3xaTm4gRySEOluApwNptBF9Bxli9+bNagvtatodzxcHKtQRSeodO8bTL/VK4nQ6+Nl78TDSVYAlNd9b8e9o9k7WyuXsz0aUoqon921LaNXhcQq+kW3psa59xIXA0iyrmIpGCMXTh+zO60CuwxDXrdnQgQVEth/eZg1RyhzvJL6NRVS+3OTeeCYyRw55hCLrjyslk+EccuBfyU4IWZLZqz8dOEAqe04S/qvlswahqF2+t7RmH44UClJbM8L6quz7GxdbTr8P2aZNlPlwHIv0nxgSmIvEgHxyh16Uuw9d54lG0h1JBQhQXLpWhQjT2V9q8zvvz/tsl2WfkCi56hYsReDZsRehZwfIEm81KRLc2bf+afwEEE47JSOdBS+PTV5pU/0xuq7iGLEy0Qevj6/JtgriaVVSFGCc0YTZszKFugYwQF+H6/sWqqtHiEPvIID1M/oTxT6UocfbUtQT3sa5gjohrop/HGmUVheo5BzZUJDEYTaTDAwsFVnGzFcxGkkBDh60FsRRKvBc0BSt2q4Vu4a3qOKzLyy/2K+9uvmK4T/Xr/2KMzlzohGGdJtcHHzJxTfZCof7iGcr4NpqqrHjqDhba7jLhYoNiyxC12HAeDT5Qsj2vmzpkdtw+4ZeJYSxkm0UnYxpLasmVNfSZiMe1vZyRGveEY19jYXknAvSsNFFdu3NBckLCWflg0+Afb40h+gPFYELUK+G4xGoMBDj4l5ECtHyZBCwHaE+I+c7jzXI1Ln2IvCkwNzr7sqFhlMY7+dIAvAUtDgxyOuLdyGhAsg7TxvNmpoCJ4Q0X9nzI5ZKSiEDzB+6K2lvP7PLX3wWInD44UuYnd50Hj5F3A41mrL6PXSIXufwnDGJUXrgzZVBdVP9+CTuJIiqAp4W10lP/wsGzTmrmD9h6G/xCLfdGLQsr9Oq/doKp0qSrPG7RUy2no+LzXMa/Wl710VRUuaJsWzdLjMDxJvDRjkRuHTKLpN/9jymDpYGjCeSMWmL2z/EukBfXMQlk0ClOSMl1YBq6qFn5wJd/n2ldGz2J4zSz4oZnV1CAFWpmEM9bLn3X+BFNc0cV+wtidbA0scDn6KF+7c3KxLwTOeYmbnSrln0J7tqy0x4oRPLeBKf4S+GEbRqrekgArn4Qh/v5MtkORZo7A55/Fa6nkdAXTS0qJDL11iVwYBwTZI1PT8JPzTqOq7+iHaI+zS9ZJwTSFNIJY8xw3L6Ka7m+doiBIc6zyMRnKD+tEFHsu3Y3hGoxl0nG2Xtt
Content-Type: multipart/alternative; boundary="_000_DF4PR8401MB0475939B4560C0BCE4C6E29BF2C49DF4PR8401MB0475_"
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DF4PR8401MB0475.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6c07da27-e2d9-4b9b-9ee6-08d966296a15
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Aug 2021 11:30:30.7790 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1BHSDczcunmLcsoTIjHZMnYjhmpvGf4PPHohBB4XjhKWbxLyVDOLmol5c/hzB9S9Ooaej8AJWdxleWII/OQRyg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DF4PR8401MB0876
X-OriginatorOrg: hpe.com
X-Proofpoint-ORIG-GUID: DP_xfr0vGuwSfdLs6oc63dL9-pMxgGC4
X-Proofpoint-GUID: DP_xfr0vGuwSfdLs6oc63dL9-pMxgGC4
X-Proofpoint-UnRewURL: 14 URL's were un-rewritten
MIME-Version: 1.0
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-23_02:2021-08-23, 2021-08-23 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 phishscore=0 adultscore=0 clxscore=1011 suspectscore=0 mlxlogscore=999 impostorscore=0 priorityscore=1501 mlxscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2107140000 definitions=main-2108230077
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/38IqacO9x4BwfQK4yDt_JXtVWkI>
Subject: Re: [bess] Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Aug 2021 11:30:42 -0000

In other words it is not just all-active multi-homing.

It is [all active + all DF] multihoming.  However, BUM procedures such as Local Bias have to be adhered to.

Regards,
Vinayaj

From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Dikshit, Saumya
Sent: Thursday, August 19, 2021 8:27 PM
To: Rabadan, Jorge (Nokia - US/Mountain View) <jorge.rabadan@nokia.com>; draft-ietf-bess-evpn-fast-df-recovery@ietf.org; draft-ietf-bess-evpn-df-election-framework@ietf.org
Cc: bess@ietf.org
Subject: Re: [bess] Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc

Thanks a lot for a prompt reply Jorge.

Well I missed drawing the Host(s) behind the remote Vtep (PE) assuming that it will not make any difference (except aliasing as you mentioned).

>>>> FW1 and FW2 can be attached to the same all-active ES
How to handle the broadcast packets like ARP request for the firewaill credentials ? ARP request (MAC_F) should to sent to the local vtep, which should act as a DF.
The hairpinning of ARP request to remote DF (over WAN), should be avoided. That's the reason it would be good to have two DFs for the {ESI, Bridge-domain} in this scenario.

>>>> In the implementations that I know, the local static MAC will be preferred over the EVPN MAC/IP route with the static bit, hence again you will have the behavior you want
The static-mac approach has an issue, when the local firewall goes down, there is no organic way to prefer/plumb the MAC_F published by remote vtep.

Thanks
Saumya.

From: Rabadan, Jorge (Nokia - US/Mountain View) [mailto:jorge.rabadan@nokia.com]
Sent: Thursday, August 19, 2021 7:47 PM
To: Dikshit, Saumya <saumya.dikshit@hpe.com<mailto:saumya.dikshit@hpe.com>>; draft-ietf-bess-evpn-fast-df-recovery@ietf.org<mailto:draft-ietf-bess-evpn-fast-df-recovery@ietf.org>; draft-ietf-bess-evpn-df-election-framework@ietf.org<mailto:draft-ietf-bess-evpn-df-election-framework@ietf.org>
Cc: bess@ietf.org<mailto:bess@ietf.org>
Subject: Re: Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc

Hi Saumya,

To be clear, your query has nothing to do with the two documents you refer to. In fact I don't see any issue related to multihoming.
Given that in your example host-1 and FW-1 are directly connected to the same leaf, and host-2 and FW-2 are connected to the same leaf too, I can see your use-case resolved in two ways:

a) FW1 and FW2 can be attached to the same all-active ES, I assume local-bias behavior as in RFC8365 (seems you are using VXLAN as data plane). Host-1 will send unicast and BUM to FW-1. Host-2 will send unicast and BUM to FW-2. In case of failure, the behavior will be as per your description. Note that a third leaf with a local host will do aliasing to both, but since it seems you only have directly connected leaf nodes, you are fine.

b) instead of attaching FW-1 and FW-2 to the same ES, EVPN allows 'static' MACs that are advertised with the sticky bit set. You can configure MAC F as static in the two leaf nodes. There is no mobility procedures for static MACs, hence forwarding comes down to the local selection on each node. In the implementations that I know, the local static MAC will be preferred over the EVPN MAC/IP route with the static bit, hence again you will have the behavior you want.. and again, only in your example with two directly connected leaf nodes.

My 2 cents.
Thx
Jorge


From: Dikshit, Saumya <saumya.dikshit@hpe.com<mailto:saumya.dikshit@hpe.com>>
Date: Thursday, August 19, 2021 at 4:51 AM
To: draft-ietf-bess-evpn-fast-df-recovery@ietf.org<mailto:draft-ietf-bess-evpn-fast-df-recovery@ietf.org> <draft-ietf-bess-evpn-fast-df-recovery@ietf.org<mailto:draft-ietf-bess-evpn-fast-df-recovery@ietf.org>>, draft-ietf-bess-evpn-df-election-framework@ietf.org<mailto:draft-ietf-bess-evpn-df-election-framework@ietf.org> <draft-ietf-bess-evpn-df-election-framework@ietf.org<mailto:draft-ietf-bess-evpn-df-election-framework@ietf.org>>
Cc: bess@ietf.org<mailto:bess@ietf.org> <bess@ietf.org<mailto:bess@ietf.org>>
Subject: Query to authors of draft-ietf-bess-evpn-fast-df-recovery and rfc
Hello Authors of https://datatracker.ietf.org/doc/rfc8584/<https://datatracker.ietf.org/doc/rfc8584/> and https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery<https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery>

I have a query regarding the following use-case which I could not find supported with existing DF-election procedures.

Scenario:
All PE (Vtep1 and Vtep2 in below example) routers attached to same ES and both act as DF.

This is a typical case of distributed firewall (active/active) across fabrics (sites),
Where in, the preferred firewall is the one local to the site, whereas, upon failure,
packets need to be redirected (over WAN, via DCI/VPN) towards the remote site firewall.
The firewall-device is connected to it's first-hop vtep over the same bridge-domain and same ESI.
All in all, it's an emulated multi-homing scenario.

This is scenario of distributed firewall devices host same MAC credentials.

Simplistic example :
There are two sites, SITE-1 and SITE-2 in the below diagram.
Traffic (including BUM) generated by Host1 (in SITE-1) (for a bridge-domain)
 should run through site-local firewall instance (firewall_1) preferably.
Only in case of local-outage, the traffic should be send across over WAN to the remote firewall (firewall_2).
Same should apply to traffic generated by Host2 (in SITE-2), wherein,
it should preferably run through the local firewall (firewall_2) and over a failure should go over the WAN towards firewall_1.

Vtep1/2 learn the firewall MAC (MAC_F) as local learning and also from the remote Vtep2/1.
But since both the learnings are over the same ESI, it should not lead to MAC move.
Cometh the local firewall failure, Vteps (1 or 2) should start redirecting the traffic to remote SITE.

Any ARP request (BUM traffic) for firewall credentials landing at either Vtep1 or Vtep2 should be flooded to network towards the local firewall.

    SITE-1                 |                         SITE-2
------------------------------------------------------
      Host1               |                        Host2
         |                     |                          |
     Vtep1  == ==WAN======  Vtep2
       |                       |                           |
Firewall _1           |                   Firewall_2
  (MAC_F)                                  (MAC_F)

Please let me know if there is a way out (with out) using existing standards.

Thanks
Saumya.

-----Original Message-----
From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
Sent: Tuesday, July 6, 2021 8:31 PM
To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
Cc: bess@ietf.org<mailto:bess@ietf.org>
Subject: [bess] I-D Action: draft-ietf-bess-evpn-fast-df-recovery-02.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the BGP Enabled ServiceS WG of the IETF.

        Title           : Fast Recovery for EVPN DF Election
        Authors         : Patrice Brissette
                          Ali Sajassi
                          Luc Andre Burdet
                          John Drake
                          Jorge Rabadan
        Filename        : draft-ietf-bess-evpn-fast-df-recovery-02.txt
        Pages           : 11
        Date            : 2021-07-06

Abstract:
   Ethernet Virtual Private Network (EVPN) solution provides Designated
   Forwarder election procedures for multi-homing Ethernet Segments.
   These procedures have been enhanced further by applying Highest
   Random Weight (HRW) Algorithm for Designated Forwarded election in
   order to avoid unnecessary DF status changes upon a failure.  This
   draft improves these procedures by providing a fast Designated
   Forwarder (DF) election upon recovery of the failed link or node
   associated with the multi-homing Ethernet Segment.  The solution is
   independent of number of EVIs associated with that Ethernet Segment
   and it is performed via a simple signaling between the recovered PE
   and each PEs in the multi-homing group.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery/<https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery/>

There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-fast-df-recovery-02<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-fast-df-recovery-02>

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-bess-evpn-fast-df-recovery-02<https://www.ietf.org/rfcdiff?url2=draft-ietf-bess-evpn-fast-df-recovery-02>


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/<ftp://ftp.ietf.org/internet-drafts/>


_______________________________________________
BESS mailing list
BESS@ietf.org<mailto:BESS@ietf.org>
https://www.ietf.org/mailman/listinfo/bess<https://www.ietf.org/mailman/listinfo/bess>

v2.23.0 | Report a Bug | By Email