Re: [bess] A question about RFC 8317

"Ali Sajassi (sajassi)" <> Thu, 20 December 2018 17:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C2774131175 for <>; Thu, 20 Dec 2018 09:52:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.563
X-Spam-Status: No, score=-14.563 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DC_PNG_UNO_LARGO=0.001, DKIMWL_WL_HIGH=-0.065, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jvsLM5AaUbze for <>; Thu, 20 Dec 2018 09:52:08 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ACD1F131171 for <>; Thu, 20 Dec 2018 09:52:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=79022; q=dns/txt; s=iport; t=1545328327; x=1546537927; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=iM1jsJO+eyFiu2UQc56RI3o4aUkCh7DESzUz10splss=; b=hq9226Y2UJsUvtTBymlnWCaf6r4B/u4QKCrUzutJCd5vTupi9GvzXyqm sAcZsu9RzXVVAhtiEbTlDplygNkg5+yK6GTy6dhlc0efpwxZwbA1fHk/w YU2JJ+1wK7k2+iHOKOkhoQj1cK0dz/5ef1E9Vt7YG/eZQkt/tpQxMMlPT c=;
X-Files: image001.png : 41161
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.56,378,1539648000"; d="png'150?scan'150,208,217,150";a="215560679"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Dec 2018 17:52:06 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id wBKHq6g3006562 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 20 Dec 2018 17:52:06 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 20 Dec 2018 12:52:05 -0500
Received: from ([]) by ([]) with mapi id 15.00.1395.000; Thu, 20 Dec 2018 12:52:05 -0500
From: "Ali Sajassi (sajassi)" <>
To: Alexander Vainshtein <>
CC: "Samer Salam (ssalam)" <>, "John E Drake (" <>, "" <>, "" <>, "" <>, "" <>
Thread-Topic: A question about RFC 8317
Thread-Index: AdSYUr9cSCgYcdt7R1u6vcshLnORdAAINGEA
Date: Thu, 20 Dec 2018 17:52:05 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
user-agent: Microsoft-MacOutlook/
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/related; boundary="_004_B7FEDC8A9A1646F581EEFC79CF6E9002ciscocom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [bess] A question about RFC 8317
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Dec 2018 17:52:11 -0000

Hi Sasha,

The use case that you have described below is a legitimate use case and if we look at what happens in RFC 7432 baseline, there is no flooding there because MAC addresses among multi-homing PEs get synch’d up and thus even a PE in the all-active multi-homing group doesn’t receive a flow from a locally connected CE, the frames destined toward that CE will not get flooded. So, we should expect the same behavior for the E-TREE. We do get the same behavior from E-TREE (RFC 8317) by using the solution described section 4 which is a comprehensive solution that works for both scenarios 1 & 2. It uses ingress filtering for unicast traffic and egress filtering for BUM traffic while still using a single Route Target just like RFC 7432.

The use of two RTs in scenario-1, was intended to describe a very limited use case where no communications is needed among leaf PEs (e.g., Single Homing or Single-Active). However, in case of All-Active MH, we do need communications among leaf PEs and thus we should use the solution described in section 4.


From: Alexander Vainshtein <>
Date: Thursday, December 20, 2018 at 3:30 AM
To: Cisco Employee <>
Cc: "Samer Salam (ssalam)" <>, "John E Drake (" <>, "" <>, "" <>, "" <>, "" <>
Subject: A question about RFC 8317

Ali and all,
I have read RFC 8317<>, and I would like to clarify a question dealing with Leaf ACs of an EVPN-based E-Tree service on All-Active Multi-Homed Ethernet Segments (MH ES).

The reference model for my question is shown in the Embedded diagram below.


It shows an EVPN E-tree service with one Root customer site and two leaf customer sites, where each Leaf CE is dual-homed to the same pair of PEs using two different All-Active multi-homed Ethernet Segments.

Suppose that the scheme with two RTs (one identifying the Root site and the other identifying the Leaf sites) is used as described in 4.3.1.

Suppose also that each MAC-VRF uses per MAC-VRF label assignment as defined in section 9.2.1 of RFC 7432, i.e., advertises exactly one EVPN application label that identifies it as the Egress MAC-VRF, while the disposition of the received Ethernet frame within this MAC-VRF is based on the destination MAC address. In this case the per MAC-VRF label can be also used as the “aliasing” label in the per EVI EAD route.

PE-1 will receive and accept per EVI EAD routes for both MH ES for PE-2 and PE-3 with the corresponding “aliasing” labels.

Suppose that MAC-VRF in PE-2 learns some {MAC, IP} pair  {X, Y}  locally from the Leaf CE-1 and advertises this pair in the EVPN MAC/IP Advertisement route. With the “two RTs” scheme this route will be accepted by the MAC-VRF in PE-1 but it will not be accepted by the MAC-VRF in PE3. As a consequence:

  *   MAC-VRF in PE-1 will know that this pair has been learned from the “blue” all-active MH ES, and therefore can decide to send locally received unicast frames with destination MAC address X to PE-3 using the corresponding “aliasing label”. No other labels will be included in the EVN encapsulation of such  frames because they are received from the Root AC.
  *   MAC-VRF in PE-3 will not know anything about MAC address X, therefore, when it receives an EVPN-encapsulated frame with this destination, it will treat it as an “unknown unicast” and flood it to both Leaf CE-1 (where it should be sent) and to Leaf CE-2 (where it should not be sent).

Is this what is really supposed to happen in this scenario? If not, what did I miss in the E-tree EVPN solution?

Regards, and lots of thanks in advance,

Office: +972-39266302
Cell:      +972-549266302


This e-mail message is intended for the recipient only and contains information which is
CONFIDENTIAL and which may be proprietary to ECI Telecom. If you have received this
transmission in error, please inform us by e-mail, phone or fax, and then delete the original
and all copies thereof.