IETF Logo Mail Archive

[bess] Re: draft-wang-bess-l3-accessible-evpn

Aijun Wang <wangaijun@tsinghua.org.cn> Thu, 20 March 2025 15:01 UTC

Return-Path: <wangaijun@tsinghua.org.cn>
X-Original-To: bess@mail2.ietf.org
Delivered-To: bess@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id D8945FB3FEF; Thu, 20 Mar 2025 08:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -0.903
X-Spam-Level:
X-Spam-Status: No, score=-0.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8QePq9f4WZI; Thu, 20 Mar 2025 08:01:44 -0700 (PDT)
Received: from mail-m49197.qiye.163.com (mail-m49197.qiye.163.com [45.254.49.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D4C7BFB3FE0; Thu, 20 Mar 2025 08:01:40 -0700 (PDT)
Received: from smtpclient.apple (unknown [146.88.49.68]) by smtp.qiye.163.com (Hmail) with ESMTP id ef97dd81; Thu, 20 Mar 2025 23:01:35 +0800 (GMT+08:00)
Content-Type: multipart/alternative; boundary="Apple-Mail-03E95897-BB68-4D44-838D-71D27C19B36C"
Content-Transfer-Encoding: 7bit
From: Aijun Wang <wangaijun@tsinghua.org.cn>
Mime-Version: 1.0 (1.0)
Date: Thu, 20 Mar 2025 22:01:24 +0700
Message-Id: <349AE23D-FDF0-4BEE-8007-72C81A388398@tsinghua.org.cn>
References: <DS0PR05MB95655695E985B36B85253A80D4D82@DS0PR05MB9565.namprd05.prod.outlook.com>
In-Reply-To: <DS0PR05MB95655695E985B36B85253A80D4D82@DS0PR05MB9565.namprd05.prod.outlook.com>
To: Jeffrey Zhang <zzhang=40juniper.net@dmarc.ietf.org>
X-Mailer: iPhone Mail (22D72)
X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly tZV1koWUFKTEtLSjdXWS1ZQUlXWQ8JGhUIEh9ZQVkaH01PVktKThkfHRhKHkIdHVYeHw5VEwETFh oSFyQUDg9ZV1kYEgtZQVlKT01VQ0NVT0JVTUNZV1kWGg8SFR0UWUFZT0tIVUpLSU9PT0hVSktLVU pCS0tZBg++
X-HM-Tid: 0a95b412f2ff03a2kunmef97dd81
X-HM-MType: 10
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6NT46LRw4HjJKKTopMCwzKC4c KjoaFFFVSlVKTE9JT0NJQ0JNQ0NKVTMWGhIXVQwaFRwaEhEOFTsPCBIVHBMOGlUUCRxVGBVFWVdZ EgtZQVlKT01VQ0NVT0JVTUNZV1kIAVlBTUpKQ003Bg++
Message-ID-Hash: BU2U7JFTKJWTYI7YYXGHPYFRNEVUFKEO
X-Message-ID-Hash: BU2U7JFTKJWTYI7YYXGHPYFRNEVUFKEO
X-MailFrom: wangaijun@tsinghua.org.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bess.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Aijun Wang <wangaijun@tsinghua.org.cn>, BESS <bess@ietf.org>, draft-wang-bess-l3-accessible-evpn@ietf.org, Jorge Rabadan <jorge.rabadan@nokia.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [bess] Re: draft-wang-bess-l3-accessible-evpn
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/SqVCVXEUt7g7ZqlQXcsFO5l1q0g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Owner: <mailto:bess-owner@ietf.org>
List-Post: <mailto:bess@ietf.org>
List-Subscribe: <mailto:bess-join@ietf.org>
List-Unsubscribe: <mailto:bess-leave@ietf.org>

Hi, Jeffery:

Yes, they are related to the MAC lookup, which can assure the traffic isolation in LSI based/LSI bundle/LSI aware bundle environment.

The related forwarding plane extension and control plane extension are only necessary for LSI aware bundle environment——in this situation, the destination MAC of incoming traffic will be looked up within the specified LSI BD domain only.

If there is no LSI value(which is different from the VNI value of backbone EVPN) associated with the income traffic, the above aim cannot be accomplished.

Aijun Wang
China Telecom

On Mar 20, 2025, at 19:39, Jeffrey (Zhaohui) Zhang <zzhang=40juniper.net@dmarc.ietf.org> wrote:



Hi Aijun,

 

My quote of RFC7432 is in this context:

 

If your intention is to avoid the MAC lookup on the egress PE (which the draft does not talk about)” …

 

Is that your intention? If not, then the quote should simply be ignored.

If yes, your draft should be clear about that (it is not currently); and I will come back with more comments.

 

Jeffrey

 

 


Juniper Business Use Only

From: Aijun Wang <wangaijun@tsinghua.org.cn>
Sent: Monday, March 17, 2025 7:06 AM
To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net>
Cc: Aijun Wang <wangaijun@tsinghua.org.cn>; BESS <bess@ietf.org>; draft-wang-bess-l3-accessible-evpn@ietf.org; Jorge Rabadan <jorge.rabadan@nokia.com>
Subject: Re: [bess] draft-wang-bess-l3-accessible-evpn

 

[External Email. Be cautious of content]

 

Hi, Jeffery:

 

Thanks for your analysis.

Let’s try again to converge based on our current  mutual understandings.

 

First, the conclusion, the solution proposed in this document is necessary. 

 

Here is the reasoning: 

What you quoted at https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc7432.html*section-9.2.1__;Iw!!NEt6yMaO-gk!EVS8RAEKl0m4mLCuOqpNzbkMSq2HFrRlHCebswm9hv4cNcjVIUouszlapK9Cr_XiqJ9ekoWkbuol07Bc7idetStS$" rel="nofollow">https://www.rfc-editor.org/rfc/rfc7432.html#section-9.2.1 is just the traditional layer 2 access EVPN services or one of our layer 3 accessible EVPN service(“LSI based EVPN services”), the protocol extensions proposed in draft-wang-bess-l3-accessible-evpn is mainly for “LSI Aware Bundle EVPN services”, which is not covered by the current RFC7432, or any other existing EVPN related services.

 

For example:

 
A PE may advertise the same single EVPN label for all MAC addresses
   in a given MAC-VRF.  This label assignment is referred to as a per
   MAC-VRF label assignment.  


—-The above description corresponds to “Layer 2 VLAN Bundled EVPN Service”


 
Alternatively, a PE may advertise a unique
   EVPN label per <MAC-VRF, Ethernet tag> combination.  This label
   assignment is referred to as a per <MAC-VRF, Ethernet tag> label
   assignment.  
 
—-The above description corresponds to “Layer 2 VLAN Based EVPN Service”
 
 
As a third option, a PE may advertise a unique EVPN
   label per <ESI, Ethernet tag> combination.  This label assignment is
   referred to as a per <ESI, Ethernet tag> label assignment.  
 
—-The above description corresponds to “LSI Based EVPN Service”.
 
As a
   fourth option, a PE may advertise a unique EVPN label per MAC
   address.  This label assignment is referred to as a per MAC label
   assignment.  
 
—-The above description is just for some very specific situations, and is not in the scope of current “Layer 2 Access EVPN Service” or the corresponding newly proposed “Layer 3 accessible EVPN service” 
 
 
All of these label assignment methods have their
   trade-offs. 
 The choice of a particular label assignment methodology
   is purely local to the PE that originates the route
 

 

Aijun Wang

China Telecom



Aijun Wang

China Telecom

On Mar 17, 2025, at 05:12, Jeffrey (Zhaohui) Zhang <zzhang=40juniper.net@dmarc.ietf.org> wrote:

Hi Aijun,

Now that the -08 revision has been published, let me bring this discussion to the WG. The email thread has some details that help clarify the intended use case and why the proposed solution is not needed or not good.

The draft does not clearly state it, but based on our discussions below, the PE-CE connection is a PW that terminates into the EVPN PE. There are two previous points that I want to re-emphasize here. I'll then explain why your proposed solution is not needed in my view.

- There are already deployed solutions of PWs terminating into VPN service PEs, including EVPN, w/o any protocol extensions
- On the EVPN side, there is no difference between "a PW terminates into a PW-PE, which then connects to EVPN PE via a physical L2 connection" and "a PW terminates into the EVPN PE directly"

Your solution requires the ingress EVPN PEs to put on the PW information that is used on the egress side. That is just unnecessary and not appropriate.

In the true L2 connection case, the MAC lookup on the egress PE leads to local forwarding information, including the outgoing AC and perhaps VID translation information.
In the PW terminating into EVPN PE case, the same lookup leads to local forwarding information, including the PW information, which is *local* and should not be advertised other EVPN PEs for them to put into the VXLAN header.

If your intention is to avoid the MAC lookup on the egress PE (which the draft does not talk about), it is an orthogonal issue (nothing to do with PW terminating into EVPN PE) that is already solved. Per RFC7432:

  A PE may advertise the same single EVPN label for all MAC addresses
  in a given MAC-VRF.  This label assignment is referred to as a per
  MAC-VRF label assignment.  Alternatively, a PE may advertise a unique
  EVPN label per <MAC-VRF, Ethernet tag> combination.  This label
  assignment is referred to as a per <MAC-VRF, Ethernet tag> label
  assignment.  As a third option, a PE may advertise a unique EVPN
  label per <ESI, Ethernet tag> combination.  This label assignment is
  referred to as a per <ESI, Ethernet tag> label assignment.  As a
  fourth option, a PE may advertise a unique EVPN label per MAC
  address.  This label assignment is referred to as

_______________________________________________
BESS mailing list -- bess@ietf.org
To unsubscribe send an email to bess-leave@ietf.org

v2.29.0 | Report a Bug | By Email | System Status