Re: [bess] WG Last Call for draft-ietf-bess-evpn-prefix-advertisement-04

"Jeffrey (Zhaohui) Zhang" <> Tue, 21 February 2017 14:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD9CA1294AF for <>; Tue, 21 Feb 2017 06:56:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nL2y8GZTHdyJ for <>; Tue, 21 Feb 2017 06:56:49 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AC301129BF6 for <>; Tue, 21 Feb 2017 06:56:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=UVyTf0kd3GPuLUL2Q5eN8stF348RnSj7My4GzOJMHa0=; b=jD9NM+7JHt1d6uw1jA/vxaxgJ3kU11L9zpLNXxtu+F72lGxh1WKlKbpOQjFhmuiilwymnL8Qu7saQ7DlBG+V2FWToKy63LVvJyNR00akWV9wKihIX6rWEQY2HrLRfrHxOTp1DiuaXydyWVZ9sj+KickpnlUOg5sRnkuSwZ17290=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.933.7; Tue, 21 Feb 2017 14:56:47 +0000
Received: from ([]) by ([]) with mapi id 15.01.0933.011; Tue, 21 Feb 2017 14:56:47 +0000
From: "Jeffrey (Zhaohui) Zhang" <>
To: Martin Vigoureux <>, BESS <>
Thread-Topic: [bess] WG Last Call for draft-ietf-bess-evpn-prefix-advertisement-04
Thread-Index: AQHShkWh0AtdTDrn6kOW4aM2D9WQa6FuLjaQ
Date: Tue, 21 Feb 2017 14:56:47 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 31c446e4-fc7d-47bc-3f2c-08d45a69dbf4
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR05MB3145;
x-microsoft-exchange-diagnostics: 1; DM5PR05MB3145; 7:400UZPY7qVmnvC8UVJAZSNJYdRz7oaWJXcrQxhDUbP1fZ3pGvI1iNasnRuEhMGy3XN/eQODdjDYEQxuxCe6dNhQnOlCGNC4gqXkwWAG3JyVQMlai8tkCjJWrwRL2xxnrpxq7NgAsXICkPVQvpeHO4J0bcjM7juzremLK208qjXjI42ajAZPcHPvQX0WeOMVHE1/rU1ZQjjIvPejhqbaui/hVbdMoT4xv+uuqbWefBs9iu06QxsVmJNpOo9rirmoMkpV6bZE0DVNSrInAMAQY1y26iXTgleasypg00EhNyjZrdEYC7lg4BcXe8PhoGIERREdpmyv8crw+ZWm2yOKcog==
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:(120809045254105)(200054503718035);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123560025)(20161123558025)(6072148); SRVR:DM5PR05MB3145; BCL:0; PCL:0; RULEID:; SRVR:DM5PR05MB3145;
x-forefront-prvs: 0225B0D5BC
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39450400003)(39850400002)(39840400002)(39410400002)(39860400002)(189002)(199003)(13464003)(18374002)(377454003)(33656002)(122556002)(92566002)(7736002)(2906002)(2950100002)(50986999)(76176999)(54356999)(97736004)(3660700001)(3280700002)(305945005)(189998001)(74316002)(101416001)(106356001)(106116001)(2900100001)(105586002)(53936002)(53546006)(6246003)(38730400002)(7696004)(102836003)(6116002)(3846002)(81166006)(81156014)(8676002)(8936002)(66066001)(230783001)(229853002)(6436002)(99286003)(6306002)(68736007)(6506006)(5890100001)(55016002)(25786008)(9686003)(77096006)(5660300001)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR05MB3145;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Feb 2017 14:56:47.3314 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR05MB3145
Archived-At: <>
Subject: Re: [bess] WG Last Call for draft-ietf-bess-evpn-prefix-advertisement-04
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Feb 2017 14:56:51 -0000

Some nits/questions/comments:


   EVPN provides a flexible control plane that allows intra-subnet
   connectivity in an IP/MPLS and/or an NVO-based network. In NVO
   networks, there is also a need for a dynamic and efficient inter-
   subnet connectivity across Tenant Systems and End Devices that can be
   physical or virtual and may not support their own routing protocols.

Why is that "need for ..." only in NVO networks?

   Overlay index: object used in the IP Prefix route, as described in
   this document. It can be an IP address in the tenant space or an ESI,
   and identifies a pointer yielded by the IP route lookup at the
   routing context importing the route. An overlay index always needs a
   recursive route resolution on the NVE receiving the IP Prefix route,
   so that the NVE knows to which egress NVE it needs to forward the

Given that there is an "underlay next-hop", perhaps rename "overlay index" to "overlay next-hop" and define it after the "underlay next-hop"? It could also be a MAC address (as described in 5.4.3) as well; in fact I really don't see the need of using ESI (more below).

Suggested text for "overlay next-hop":

  Overlay next-hop: an IP/MAC address in the tenant space or an ESI.
  It is included in the IP Prefix route to specify that the destination
  prefix is reached through the overlay next-hop, which requires a
  recursive lookup of the next-hop in the tenant's space.


        o Clean identification, operation of troubleshooting of IP
          Prefixes, not subject to interpretation and independent of the
          IPL and the IP value. E.g.: a default IP route must
          always be easily and clearly distinguished from the absence of
          IP information.

I had trouble understanding the "independent of" part; then I realized that it reads better if it is moved to the beginning of the clause: "independent of and not subject to the interpretation of ...".

Section 4 should be folded into section 2.2. In fact, much of section 6 can be removed as well.

5.3 ESI overlay index ("Bump in the wire") use-case

How does multicast work, for traffic sourced from SN1?

             . Destination inner MAC = M2 (this MAC will be obtained
               from the Router's MAC Extended Community received along
               with the RT-5 for SN1).

Because the RT-5 has M2 mac attached, the overlay index could be the mac address itself - no need to use the ESI. This has advantage when there is no multihoming (no ESI need to be defined) and can also work with multihoming. In fact, that is what section 5.4.3 does.

5.4 IP-VRF-to-IP-VRF model

   .. EVPN provides connectivity for:

   1. Traffic destined to the IRB IP interfaces as well as
   2. Traffic destined to IP subnets seating behind the TS, e.g. SN1 or
   In order to provide connectivity for (1), MAC/IP routes (RT-2) are
   needed so that IRB MACs and IPs can be distributed. Connectivity type
   (2) is accomplished by the exchange of IP Prefix routes (RT-5) for
   IPs and subnets seating behind certain overlay indexes, e.g. GW IP or

I have trouble understanding #1 above (even with the explanation). #2 is about destinations behind the TS; is #1 about TS themselves? Why is "IRB IP" singled out?

Additionally, I think 5.4 should be promoted to its own section (section 5 is about three use cases of the "overlay index" or "underlay next-hop" and section 6 is about implementing IPVPN using type-5 instead of SAFI 128).

5.4.1 Interface-less IP-VRF-to-IP-VRF model

I suppose this is basically using type-5 vs. SAFI 128 routes to do IPVPN. It's better to point that out.

   b) The IP-VRF instances in the NVE/DGWs are directly connected
      through NVO tunnels, and no IRBs and/or MAC-VRF instances are
      defined at the core.

"at the core" is a little bit confusing. Perhaps 5.4.2/5.4.3 can be discussed first, and then come to this new model where no dedicated mac-VRF is used for the purpose of forwarding IPVPN traffic through this mac-VRF.

Additionally, it is not really "interface-less" vs. "interface-full". It's really if a dedicated mac-VRF is used or not. If you organize it that way, then 5.4.2 and 5.4.3 can be easily merged (the only difference between 5.4.2 and 5.4.3 is whether IRB IP or mac address is used as the overlay-index).

BTW - in an upcoming revision of draft-lin-bess-evpn-irb-multicast, a dedicated mac-VRF (or BD) is also used. It is called PBD (Pseudo Bridge Domain). It would be good to synchronize the two. Will follow up on that separately.

   c) The solution must provide layer-3 connectivity among the IP-VRFs
      for Ethernet NVO tunnels, for instance, VXLAN or nvGRE.

   d) The solution may provide layer-3 connectivity among the IP-VRFs
      for IP NVO tunnels, for example, VXLAN GPE (with IP payload).

Why is c) MUST while d) MAY?

        o RD as per [RFC7432].
        o Eth-Tag ID=0 assuming VLAN-based service.

I suppose no matter how many BDs you have, the type-5 is not tied to any particular BD. In case of VLAN-based service, there would be many EVIs, so saying "RD as per [RFC7432]" is not enough; in case of vlan-aware bundle, what Eth-Tag ID do you use? So the second bullet is not good either? My understanding: RD is not really tied to any of the EVPN EVIs; it's really the RD for the IP-VRF; the Eth-Tag would always be 0 as well, even for vlan-aware bundle?

   (2) DGW1 imports the received routes from NVE1:
        o Since GW IP=0 and the VNI is a valid value, DGW1 will use the
          VNI and next-hop of the RT-5, as well as the MAC address
          conveyed in the Router's MAC Extended Community (as inner
          destination MAC address) to encapsulate the routed IP packets.

s/encapsulate the routed IP packets/set up relevant forwarding state/? This bullet is about what to do when receiving the route (not when receiving the packet).

        o The IP packet destined to IPx is encapsulated with: Source
          inner MAC = DGW1 MAC, Destination inner MAC = M1, Source outer
          IP (source VTEP) = DGW1 IP, Destination outer IP (destination
          VTEP) = NVE1 IP.

Same comment as in the inter-sbunet-forwarding draft: setting of the inner src/dst mac address to the specific value seems to be tied to certain hardware - in theory they are not needed at all (if not were for certain hardware implementation). If that's the case, the spec should point that out.

5.4.2 Interface-full IP-VRF-to-IP-VRF with core-facing IRB 
   In this model, the requirements are the following:

Those do not seem to be requirements. Rather they just describe the scenario. Same comment for 5.4.1.

        o RD as per [RFC7432].
        o Eth-Tag ID=0 assuming VLAN-based service.

In this case, I suppose type-5 routes are tied to the core mac-VRF, and the RD is tied to that as wel; for Eth-Tag ID, it's tied to that mac-VRF as well. It's better to spell that out instead of just saying "assuming VLAN-based service".

        o MPLS label or VNI corresponding to the IP-VRF. Note that the
          value SHOULD be zero since the RT-5 route requires a recursive
          lookup resolution to an RT-2 route. The MPLS label or VNI to
          be used when forwarding packets will be derived from the RT-
          2's MPLS Label1 field.

Delete "corresponding to the IP-VRF. Note that the value" so that it reads as following?

        o MPLS label or VNI SHOULD be zero since the RT-5 route requires a recursive
          lookup resolution to an RT-2 route.

For the following:

        o Route type 2 (MAC/IP route for the core-facing IRB)
          . Route-target identifying the tenant. This route-target MAY
            be the same as the one used with the RT-5.

The Route-target should really identify the mac-VRF. It is true that the mac-VRF must be present on every NVE for the tenant, but since we're talking about type-2 route it is better to say route target for the mac-VRF.

Similar comments for 5.4.3. However, I suggest to fold 5.4.3 into 5.4.2 - there is really no need to repeat w/ little difference.


> -----Original Message-----
> From: BESS [] On Behalf Of Martin Vigoureux
> Sent: Monday, February 13, 2017 5:08 PM
> To: BESS <>
> Subject: [bess] WG Last Call for draft-ietf-bess-evpn-prefix-advertisement-04
> Hello Working Group,
> This email starts a Working Group Last Call on
> draft-ietf-bess-evpn-prefix-advertisement-04 [1] which is considered
> mature and ready for a final working group review.
> Note that this call is longer than usual because we are pushing two
> correlated documents together.
> Please read this document if you haven't read the most recent
> version yet, and send your comments to the list, no later than
> *5th of March*.
> Note that this is *not only* a call for comments on the document; it is
> also a call for support (or not) to publish this document as a Proposed
> Standard RFC.
> *Coincidentally*, we are also polling for knowledge of any IPR that
> applies to draft-ietf-bess-evpn-prefix-advertisement, to ensure that IPR
> has been disclosed in compliance with IETF IPR rules (see RFCs 3979,
> 4879, 3669 and 5378 for more details).
> *If* you are listed as a document author or contributor of
> draft-ietf-bess-evpn-prefix-advertisement-04 please respond to this
> email and indicate whether or not you are aware of any relevant IPR.
> Note that, as of today, no IPR has been disclosed against this document
> or its earlier versions.
> We are also polling for knowledge of implementations of part or all of
> what this document specifies. This information is expected as per [2].
> Please inform the mailing list, or the chairs, or only one of the chairs.
> Thank you,
> M&T
> [1]
> [2]
> _______________________________________________
> BESS mailing list