Re: [bess] WG Last Call for draft-ietf-bess-evpn-inter-subnet-forwarding-03
Nabeel Cocker <nabeel@nuagenetworks.net> Sat, 18 February 2017 04:53 UTC
Return-Path: <nabeel@nuagenetworks.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D67E129478 for <bess@ietfa.amsl.com>; Fri, 17 Feb 2017 20:53:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nuagenetworks-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uocx8T0nU9Ku for <bess@ietfa.amsl.com>; Fri, 17 Feb 2017 20:53:31 -0800 (PST)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71E1212948C for <bess@ietf.org>; Fri, 17 Feb 2017 20:53:31 -0800 (PST)
Received: by mail-qk0-x233.google.com with SMTP id u25so60737249qki.2 for <bess@ietf.org>; Fri, 17 Feb 2017 20:53:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuagenetworks-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bs7Mgu4iPvM8VBTRC6DP2jrngLwUPgl+WUtStd84W/8=; b=U5tg0f5JP58pZftQqbYslekYluTQOucGoHx5DAnKZwwhuSwpmwGVr/3IWFsCZqjRRz ALZH/46X04CR9Tb2QziF9xGPpw5Ll6qkZ7xxYIafJZv68zZG1fXUa5vG/YGr2Yodso75 KMRAi1J3LaVCIOmGyMG/nl52ly6JLDptypnJhoR2GraQ/7yC3gW9fGIeqgSAWdySQQub +vnNI49Jelk7NFEG1gahyo4JrAf73K/m1Z25MfxFIjma5riUBibkdxo/QHadINrXp6Wm FcxgYvcawyaTFcRqXV2pEUnkVPHR7mCRcxellrGNCxywfVUIZcEUFF7Deg8wos6fOD7e k5JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=bs7Mgu4iPvM8VBTRC6DP2jrngLwUPgl+WUtStd84W/8=; b=N5HGP/OsdCaXaV6T/xyL98ar+Fp658FaS8kykNh+OBVe7KVAa7KZ/Z46s9/APDbV7+ d2LD6TI6SiML8MlXjCfPKKzcrUs0iTFGgYnGGDvig4jZJJkMtCB8CRT8Y0v0pQupJ9GF 9Vq3votXRmktr/EhCAu3NfNPztaG7QOLlanpGtCAivdil8+W2FeBRGkAD8i6g1QTP7cj X6onuJAwoCXoDbEVODj0qnw+9gFsMFE88p5GnWgB7svcr5sNyVQJc02HXvK0zbI6MZ7R nNUIlcIhJ+KxZrbEsrmfP06J65+YnfKJs6l0g4dTMS4MFwdUb9puuzZuCAzYft0q6avL H48g==
X-Gm-Message-State: AMke39lciLNQAA9WdUCuwsgQ80IuBmTrsiWWfc3nIoriU/VZ4k70rwoGCRnaI/nJTQ2pTwT3
X-Received: by 10.55.99.139 with SMTP id x133mr10440435qkb.317.1487393610343; Fri, 17 Feb 2017 20:53:30 -0800 (PST)
Received: from [10.0.1.34] (ool-2f1250fb.dyn.optonline.net. [47.18.80.251]) by smtp.gmail.com with ESMTPSA id k18sm7849936qtc.12.2017.02.17.20.53.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Feb 2017 20:53:29 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Nabeel Cocker <nabeel@nuagenetworks.net>
X-Mailer: iPhone Mail (14D27)
In-Reply-To: <D4CC888A.1CBFC2%sajassi@cisco.com>
Date: Fri, 17 Feb 2017 23:53:29 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <7006BC63-F0C1-4DBA-B4E0-391982CBAF08@nuagenetworks.net>
References: <89d9ab4e-309f-d7f5-a2b7-ac79a663618b@nokia.com> <DM5PR05MB314525CD2AF52FA0A0FA6848D45D0@DM5PR05MB3145.namprd05.prod.outlook.com> <D4CC888A.1CBFC2%sajassi@cisco.com>
To: "Ali Sajassi (sajassi)" <sajassi@cisco.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/CHecIdqUZqPtxIHVEmOfXvWrbiw>
Cc: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>, Martin Vigoureux <martin.vigoureux@nokia.com>, BESS <bess@ietf.org>
Subject: Re: [bess] WG Last Call for draft-ietf-bess-evpn-inter-subnet-forwarding-03
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2017 04:53:33 -0000
Support Regards, Nabeel > On Feb 17, 2017, at 5:25 PM, Ali Sajassi (sajassi) <sajassi@cisco.com> wrote: > > Hi Jeffrey, > > Thanks for your comments, please refer inline for my responses ... > > On 2/17/17, 10:42 AM, "BESS on behalf of Jeffrey (Zhaohui) Zhang" > <bess-bounces@ietf.org on behalf of zzhang@juniper.net> wrote: > >> Hi, >> >> I have the following nits/questions/comments. This email is only about >> the asymmetric section - I may send another one about symmetric section. >> >> "inter-subnet switching" is confusing. Shouldn't it be "inter-subnet >> routing" instead of "intra-subnet switching"? While it's EVPN aware, it >> still goes through routing first. > > The term ³switching² applies to both L2 and L3; whereas, the term > ³bridging² applies to only L2 and the term ³routing² applies to only L3. > >> >> Isn't requirement R1 covered by R2? > > Yup, will remove R1. > >> >> This is an environment where all NVEs to which an EVPN instance could >> potentially be attached (or moved) >> >> Strike the "(or moved)"? > > OK. > >> >>> From RFC 7432: >> >> 10.1. Default Gateway >> ... >> The IP Address field of the MAC/IP Advertisement route is set to the >> default gateway IP address for that subnet (e.g., an EVPN instance). >> For a given subnet (e.g., a VLAN or EVPN instance), the default >> gateway IP address is the same across all the participant PEs. The >> inclusion of this IP address enables the receiving PE to check its >> configured default gateway IP address against the one received in the >> MAC/IP Advertisement route for that subnet (or EVPN instance), and if >> there is a discrepancy, then the PE SHOULD notify the operator and >> log an error message. >> >> This draft: >> >> 2. Each NVE of a given EVPN instance uses its own default gateway IP >> and MAC addresses, and these addresses are aliased to the same >> conceptual gateway through the use of the Default Gateway extended >> community as specified in [EVPN], which is carried in the EVPN MAC >> Advertisement routes. On each NVE, this default gateway IP/MAC >> address correspond to the IRB interface connecting the MAC-VRF of >> that EVI to the corresponding IP-VRF. >> >> The above 2nd model seems to be conflicting with RFC 7432? > > > Thanks for catching it. The 2nd case is supposed to be ³the same IP > anycast address but different MAC addresses" - ie, the two use cases in > this draft correspond to the two uses cases in section 10.1 of RFC 7432. > So, the new text reads as follow: > > ³2. Each NVE of a given EVPN instance uses the same anycast default > gateway IP address but its own MAC address. These MAC addresses are > aliased to the same anycast default gateway IP address through the use of > the Default Gateway extended community as specified in [EVPN], which is > carried in the EVPN MAC/IP Advertisement routes. On each NVE, this default > gateway IP address along with its associated MAC addresses correspond to > the IRB interface connecting the MAC-VRF of that EVI to the corresponding > IP-VRF.² > > >> Also, what does "this default gateway" refer to? Each NVE's "own default >> gateway" or "the same conceptual gateway"? > > Default gateway with respect to TS¹s as mentioned in the 2nd para of > section 3.1 > > >> Is it that besides their own default gateway, an additional common >> gateway is advertised using that extended community? If so, what's the >> purpose to call those different IP addresses on the IRB interfaces >> "default gateway"? I assume the hosts will be using the common gateway >> address? > > This comment should be already addressed by above clarification. > >> >> It is worth noting that if the applications that are running on the >> TS's are employing or relying on any form of MAC security, then the >> first model (i.e. using anycast addresses) would be required to >> ensure that the applications receive traffic from the same source MAC >> address that they are sending to. >> >> Why is that? As long as an NVE changes the source MAC to the one it sends >> in the ARP reply, it should work even with the 2nd model? > > If it changes, yes but if it doesn¹t change it, it creates issue for MAC > security. Modified the paragraph to provide further clarification: > > "It is worth noting that if the applications that are running on the TS's > are employing or relying on any form of MAC security, then either the > first model (i.e. using anycast MAC address) should be used to ensure that > the applications receive traffic from the same IRB interface MAC address > that they are sending to, or if the second model is used, then the IRB > interface MAC address MUST be the one used in the initial ARP reply for > that TS." > > >> >> 3.2 Heterogeneous Environment >> >> .. Even though policies >> among multiple subnets belonging to same tenant can be simpler, >> >> s/simpler/simple/? > > Done. > >> >> ... Therefore, there can be a mixed environment where an NVE >> performs inter-subnet switching for some EVPN instances and the L3GW >> for others. >> >> For the above sentence, it helps a lot if the last part reads "and the >> L3GW performs inter-subnet switching for other EVPN instances". > > Done. > >> >> 4.1 Among EVPN NVEs within a DC >> >> ... It also rewrites the source MAC address with its IRB >> Interface MAC address. >> >> Need to make it clear that the above mentioned IRB interface is for the >> destination subnet. Same issue in 4.2. > > Changed it to: > > "It also rewrites the source MAC address with its IRB Interface MAC > address for the destination subnet.² > >> >> For section 4.2, the processing on the ingress and egress NVE is no >> different from 4.1; the processing on the ASBRs is vanilla EVPN >> forwarding and not specific to inter-subnet forwarding at all; therefore, >> 4.2 is not really needed? Additionally, the section is about "w/o GW", >> yet the text talks about ingress/egress Gateway. It's better to replace >> Gateway with ASBRs. > > Changed ³GW" in the diagram to ³ASBR². > >> >> 4.3 Among EVPN NVEs in Different DCs with GW >> >> ... It also rewrites the >> source MAC address with its own IRB Interface MAC address. >> >> Similar to 4.1, the above needs to be clear that it's the IRB interface >> for the subnet between the NVE and the GW. More below on this. > > Done. Added "for the destination subnet (i.e., the subnet between NVE1 and > GW1)." > >> >> ... This implies that the GW1 needs to keep the remote >> host MAC addresses along with the corresponding EVPN labels in the >> adjacency entries of the IP-VRF table (i.e., its ARP table). >> >> Does that mean GW1 needs to keep all type-2 IP/MAC addresses that GW2 >> learns from NVEs in DC2? > > Yes it does. > >> Also does that mean GW1 and GW2 must be attached to all subnets? > > That¹s correct. > >> If so, between the source NVE and its local GW, when the source NVE >> route the traffic to the GW, I assume it's the destination subnet's IRB >> interface's mac address that will be used as the source mac address, > > Correct. It is NVE1¹s destination subnet¹s IRB interface MAC address. > >> and GW1's IRB mac address for the destination subnet is used as the dst >> mac address. It is true that an NVE may have the same system mac address >> for all its IRB interfaces, but it's good to point out which IRB is used >> (and if different IRB mac address is used, things will still work out). > > I update the section 4.3. Please take a look at it (refer to the > attachment) and let me know if you have any further comments. > >> >> Also, while each subnet is attached to each NVE, the IP routing process >> (e.g. TTL decrement) happens twice - first on the source NVE and then on >> the source GW. That's probably OK, but better point out all these details. > > TTL decrement is given when IP lookup is performed at each hop. > >> >> 4.5 Use of Centralized Gateway >> >> In this scenario, the NVEs within a given data center need to forward >> traffic in L2 to a centralized L3GW for a number of reasons: a) they >> don't have IRB capabilities or b) they don't have required policy for >> switching traffic between different tenants or security zones. >> >> For b), do we configure IRB on those non-centralized gateways at all? I >> assume not (even though the NVE could support IRB) - It's better to be >> clear. > > Yes, no IRB configuration. I added a sentence. > >> >> I'll send a follow up email about the symmetric section. > > OK. It sounds good. > > Cheers, > Ali > >> >> Thanks. >> >> Jeffrey >> >>> -----Original Message----- >>> From: BESS [mailto:bess-bounces@ietf.org] On Behalf Of Martin Vigoureux >>> Sent: Monday, February 13, 2017 5:07 PM >>> To: BESS <bess@ietf.org> >>> Subject: [bess] WG Last Call for >>> draft-ietf-bess-evpn-inter-subnet-forwarding-03 >>> >>> Hello Working Group, >>> >>> This email starts a Working Group Last Call on >>> draft-ietf-bess-evpn-inter-subnet-forwarding-03 [1] which is considered >>> mature and ready for a final working group review. >>> Note that this call is longer than usual because we are pushing two >>> correlated documents together. >>> >>> Please read this document if you haven't read the most recent >>> version yet, and send your comments to the list, no later than >>> *5th of March*. >>> Note that this is *not only* a call for comments on the document; it is >>> also a call for support (or not) to publish this document as a Proposed >>> Standard RFC. >>> >>> *Coincidentally*, we are also polling for knowledge of any IPR that >>> applies to draft-ietf-bess-evpn-inter-subnet-forwarding, to ensure that >>> IPR has been disclosed in compliance with IETF IPR rules (see RFCs 3979, >>> 4879, 3669 and 5378 for more details). >>> >>> *If* you are listed as a document author or contributor of >>> draft-ietf-bess-evpn-inter-subnet-forwarding-03 please respond to this >>> email and indicate whether or not you are aware of any relevant IPR. >>> >>> Note that, as of today, no IPR has been disclosed against this document >>> or its earlier versions. >>> >>> We are also polling for knowledge of implementations of part or all of >>> what this document specifies. This information is expected as per [2]. >>> Please inform the mailing list, or the chairs, or only one of the >>> chairs. >>> >>> Thank you, >>> M&T >>> >>> [1] >>> >>> https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-inter-subnet-forwar >>> ding/ >>> [2] >>> https://mailarchive.ietf.org/arch/msg/bess/cG3X1tTqb_vPC4rg56SEdkjqDpw >>> >>> _______________________________________________ >>> BESS mailing list >>> BESS@ietf.org >>> https://www.ietf.org/mailman/listinfo/bess >> >> _______________________________________________ >> BESS mailing list >> BESS@ietf.org >> https://www.ietf.org/mailman/listinfo/bess > > <draft-ietf-bess-evpn-inter-subnet-forwarding-03.txt> > _______________________________________________ > BESS mailing list > BESS@ietf.org > https://www.ietf.org/mailman/listinfo/bess
- [bess] WG Last Call for draft-ietf-bess-evpn-inte… Martin Vigoureux
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Rabadan, Jorge (Nokia - US)
- Re: [bess] [ALU] WG Last Call fordraft-ietf-bess-… Oya Luengo, Roberto (Nokia - US)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Satya Mohanty (satyamoh)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Henderickx, Wim (Nokia - BE)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Jeff Tantsura
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Liu, Hua
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Ali Sajassi (sajassi)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Patrice Brissette (pbrisset)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… John E Drake
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Jeffrey (Zhaohui) Zhang
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Ali Sajassi (sajassi)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Nabeel Cocker
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Nabeel Cocker
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Jeffrey (Zhaohui) Zhang
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Eric C Rosen
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Ali Sajassi (sajassi)
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Jeffrey (Zhaohui) Zhang
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Jeffrey (Zhaohui) Zhang
- Re: [bess] WG Last Call for draft-ietf-bess-evpn-… Martin Vigoureux