Re: [bess] Comments on draft-sajassi-bess-evpn-mvpn-seamless-interop
"Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net> Wed, 10 October 2018 19:29 UTC
Return-Path: <zzhang@juniper.net>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7EC1277BB for <bess@ietfa.amsl.com>; Wed, 10 Oct 2018 12:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.711
X-Spam-Level:
X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kq_cUZxmCzMh for <bess@ietfa.amsl.com>; Wed, 10 Oct 2018 12:29:04 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01241126F72 for <bess@ietf.org>; Wed, 10 Oct 2018 12:29:03 -0700 (PDT)
Received: from pps.filterd (m0108156.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w9AJOsiX009965; Wed, 10 Oct 2018 12:29:00 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=eknSe1NoIV0Oii0ZgRMllXSoq6eu4e6Ya6dMwe1GXLU=; b=gGphKm2Y95hVt2xS3fmAl/w6VJ5E+LXkAk47qjE71Ia4NxVkyEO87yYmozNM1GVWpTMK lZrRdH6xrmCXnZhXRCKiLtEmJHIYE5k26TngCK/Ny2efOB1ItWCpNczn+So2qsgjijv1 lgk1CbR4VF4xQrjSfX9UfuE7u9ljHUr+Hb6G+6FwmgG9ryXFU7nV5c7cMsaZUgBVCN1C 3/X2TeNZpYrPi4dF3G+t2T+WuVhuQZTqJ/O2mVtD2BZ1zrUfNg4AqvwvnRva1yo3w3Rl P2yLC/q3J1wodCuDAOC/HNXCrP0nPjNxn1cSWNOOP7o7i3En8hn6qf/j994af0CEElWN Ig==
Received: from nam05-by2-obe.outbound.protection.outlook.com (mail-by2nam05lp0246.outbound.protection.outlook.com [216.32.181.246]) by mx0a-00273201.pphosted.com with ESMTP id 2n1e93s9mg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 10 Oct 2018 12:29:00 -0700
Received: from CY1PR05MB2300.namprd05.prod.outlook.com (10.166.192.146) by CY1PR05MB2730.namprd05.prod.outlook.com (10.167.18.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.20; Wed, 10 Oct 2018 19:28:58 +0000
Received: from CY1PR05MB2300.namprd05.prod.outlook.com ([fe80::4c5e:bc16:d273:b7fb]) by CY1PR05MB2300.namprd05.prod.outlook.com ([fe80::4c5e:bc16:d273:b7fb%4]) with mapi id 15.20.1228.020; Wed, 10 Oct 2018 19:28:56 +0000
From: "Jeffrey (Zhaohui) Zhang" <zzhang@juniper.net>
To: Ashutosh Gupta <ashutoshgupta.ietf@gmail.com>
CC: Ali Sajassi <sajassi@cisco.com>, "bess@ietf.org" <bess@ietf.org>
Thread-Topic: [bess] Comments on draft-sajassi-bess-evpn-mvpn-seamless-interop
Thread-Index: AdQgNfc/QzuBBltmQ3GV8oaXbh8RMwUN5FyAAzG6mmA=
Date: Wed, 10 Oct 2018 19:28:55 +0000
Message-ID: <CY1PR05MB23007FB03CDBF70F7C384A34D4E00@CY1PR05MB2300.namprd05.prod.outlook.com>
References: <BN3PR05MB2642E17EE48821C2F70AA485D4510@BN3PR05MB2642.namprd05.prod.outlook.com> <CAPAoC9S=A72O7WDPdmVvksHxqTgOhogG9QbGwVBNKt5w_v==Sw@mail.gmail.com>
In-Reply-To: <CAPAoC9S=A72O7WDPdmVvksHxqTgOhogG9QbGwVBNKt5w_v==Sw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.400.15
dlp-reaction: no-action
x-originating-ip: [66.129.241.14]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY1PR05MB2730; 6:MsjwWXqEIYqPmb3a5Nkjvg9jzJSZrOyjZmhEvrsuIjZrPFKiuU2MmNTSfPQ+qWgI67MC5ms1UasO1l3frupgk5HC6QCiB+anJXgtTXWoab8JE8Zdg70aGGFrf8KkWMEBMhOH2Jf4DYExtzVnSrjmR9DgfRTVccOtabJ2Gry1G8cUKPnw8rayQsXEPlmir8K2Fbpt5YbXHM2UoOCryDhLCNjibrlkcuHhKKshlcCKg/BNOILfMGuo5JlT1vnEMOoVFcLaiKXgoAiEM4u/sm6QvqxmjxMcNyg9QTKxUSKxJbUNcv4ZPTTcsT9G8iPzmz79HvlBn8F8ld0Vnj6oEHIH64IF1QRdr3+I6EOqATfXyis1B8PWgj1vPvUG2NCvi7+TXpDGan7VWwnbvP7oNkCEqZjQijFVx0RBxeyoHisJuyI8zI5Tc9ZflwB36iPQyR4EtxJ8J2wkPKfLzC8VMMDtwg==; 5:3cf6UWtL3gg7JT9Ti0P7cq+aKVoHA5h+OLvXwC2Qj0oa5LLgG33W7842CbatlYINmyfwUNvUJGZWDmlnCntp1lZMFyx8TgXzqX1bLXHc8PMFkriwHPkwfcmTWBV8h0fXyvzaC/7jANUJCUt8Ei3S1dStfpOiYkEzlkJCszeIGb0=; 7:e6mhECp/QHveVRv3KiOTl56kI7fqHKyE5l1SnjqJ2liPNUSiJq7oWqA8uupdHlRKTDDWQs/z/Ri2a/eldcubtgIIlQWLoQL1AuKCEt4sGbWxPpe4NRJHWHOQ9RwCdQ/kqlLCs9Ov8fvgGEHYcRELyqcbBMBprzz/G4Yctc2oCHFVl4v7Y1PCog0qPzEfJalCeC/wIB0U9q4ma0wxAGWlnjxUNxhgNTWCOumhtwrL1XCNldwqVSEfVwPQ1f3s5aqK
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 20971d6c-050e-4c2d-56a8-08d62ee69eda
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:CY1PR05MB2730;
x-ms-traffictypediagnostic: CY1PR05MB2730:
x-microsoft-antispam-prvs: <CY1PR05MB273079DE3D30D1885578A7F4D4E00@CY1PR05MB2730.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(85827821059158)(138986009662008)(95692535739014)(269456686620040)(21748063052155)(28532068793085)(190501279198761)(227612066756510)(10436049006162)(163750095850);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(3002001)(10201501046)(93006095)(93001095)(6055026)(149066)(150057)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(201708071742011)(7699051)(76991055); SRVR:CY1PR05MB2730; BCL:0; PCL:0; RULEID:; SRVR:CY1PR05MB2730;
x-forefront-prvs: 08213D42D3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(366004)(346002)(39860400002)(396003)(51444003)(199004)(189003)(54896002)(74316002)(6306002)(6246003)(236005)(53936002)(6506007)(7696005)(9686003)(97736004)(55016002)(54906003)(5250100002)(6116002)(99286004)(39060400002)(3846002)(790700001)(81156014)(478600001)(8676002)(966005)(53946003)(2900100001)(81166006)(9326002)(4326008)(8936002)(25786009)(76176011)(606006)(53546011)(86362001)(14454004)(2906002)(11346002)(486006)(446003)(26005)(316002)(476003)(66066001)(105586002)(71200400001)(106356001)(186003)(256004)(68736007)(5660300001)(102836004)(71190400001)(6916009)(7736002)(229853002)(6436002)(33656002)(579004)(559001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR05MB2730; H:CY1PR05MB2300.namprd05.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
x-microsoft-antispam-message-info: NtUj4xQiiaR1MYN9sVLfqSSpQzhIuvsIZa9Kt9x0KRur37tIIriySaYsrBvQ4ZHpUGfrPBWndG5yBaXaSBUvGGlC88Gzuatdc3W2xqxh6+0+nh8AYjDa0yOBbSNshVX3uHdVFuago/KxthIdnsegoJlY4hprI6hYyUlfADk8WVJER608hCujtF05NnuIgKKQWZtLIyzbF4px4H9SQmzYl3RlDS96ztkjMUYSURR/cBmKAdMdEZx7wpzJFwEKQY/YKkHAfihOs0L64EY0TIeOin4OyG/+haWN9AzSlkQTCwN9dE3ReJIC92Q1m6hP9cTvdiXWWgzM0/4YtuHIH0xVYe9txUdnqp65m5cPWl6mafU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY1PR05MB23007FB03CDBF70F7C384A34D4E00CY1PR05MB2300namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-Network-Message-Id: 20971d6c-050e-4c2d-56a8-08d62ee69eda
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2018 19:28:55.9781 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR05MB2730
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-10-10_12:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1810100180
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/qWDwxi9H0CVDpnt3Efoj-shb_5U>
Subject: Re: [bess] Comments on draft-sajassi-bess-evpn-mvpn-seamless-interop
X-BeenThere: bess@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bess>, <mailto:bess-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess/>
List-Post: <mailto:bess@ietf.org>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bess>, <mailto:bess-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2018 19:29:08 -0000
Hi Ashutosh, Sorry for the late response. Please see zzh> below. From: Ashutosh Gupta <ashutoshgupta.ietf@gmail.com<mailto:ashutoshgupta.ietf@gmail.com>> Sent: Wednesday, August 15, 2018 3:57 AM To: Jeffrey (Zhaohui) Zhang <zzhang@juniper.net<mailto:zzhang@juniper.net>> Cc: Ali Sajassi <sajassi@cisco.com<mailto:sajassi@cisco.com>>; bess@ietf.org<mailto:bess@ietf.org> Subject: Re: [bess] Comments on draft-sajassi-bess-evpn-mvpn-seamless-interop Hey Jeffrey, Thanks for your comments & please find my responses inline <AG> . On Fri, Jul 20, 2018 at 9:53 AM, Jeffrey (Zhaohui) Zhang <zzhang@juniper.net<mailto:zzhang@juniper.net>> wrote: Hi Ali, Here are the comments that I did not get a chance for in the meeting today. Regarding "ttl decrement" and "src mac change": ------------------------------------------------------------------ Since "bridging/switching in the same BD" is not put down as a requirement in the spec but rather discounted citing "emulation", the listed "requirements" should be changed to "properties" as well - one could also argue that those may not be true requirements and could also discounted. <AG> seamless-Interop solution supports both intra-subnet and inter-subnet forwarding which are the basic requirement along with Efficient fabric utilization and Operational simplicity. More specifically, having many discussions with customers we didn't come across any use-case where strict intra-subnet bridging was needed along with inter-subnet routing, so we can argue that "strict bridging/switching in the same BD" is just an idealistic requirement. Zzh> The point is, those “requirements” are really somewhat arbitrary/subjective. We have not heard real requirements about “seamless integration” either, and even when the requirement comes, the OISM can do that seamless integration by having every EVPN as an MEG. Even if RFC7432 does not prove true ethernet service, "ttl decrement" and "src mac change" for intra-subnet traffic does NOT happen with RFC7432. In other words, this is a step-down from RFC7432. <AG> It is not a step down since we are not losing any needed functionality. Zzh> It is a step down from what RFC7432 provides. The argument that TTL/mac change for intra-subnet is not an issue is subjective. Again, seamless-interop solution utilizes existing and well deployed technology (MVPN) instead of re-defining all the constructs of MVPN into EVPN. evpn-irb-multicast draft takes later approach and achieves in-signification functionality gain at the expense of huge overhead in control-plane (Explained on a separate thread). From our customer interactions, we understand that Multicast is a complex technology to deploy, operate and troubleshoot. So any amount of simplification results in Opex reduction. Additionally, re-use of existing MVPN implementation for additional EVPN use-cases results in quick time-to-market with lower investment. Zzh> Please see Eric’s comment on a separate thread. Both Eric and I are from MVPN background - trust us that we’d not be against “just use MVPN” if it solves EVPN problems effectively. Zzh> BTW, with the seamless approach, aren’t you guys abandoning the SMET solution defined in draft-ietf-bess-evpn-igmp-mld-proxy? About the comment "MVPN also decrements ttl and change src mac address" - that's expected behavior because it is routing between subnets not "intra subnet", and no application that uses MVPN service has assumption on constant TTL and src mac. More regarding the "requirements" (or "properties") ----------------------------------------------------------------------- With the other solution (evpn-irb-multicast, aka OISM), if every EVPN PE runs the MEG procedures then the same set of "requirements" is also achieved - it is also "seamless interop" but based on the OISM procedures, but that does not "translate into this method" (as defined in the seamless-interop draft) (I think that's what you mentioned when addressing Jorge's comment). What's more, it does not have the "ttl decrementing" and "src mac change" issue for intra subnet traffic. <AG> The point was made that once multicast traffic reaches MVPN domain, it doesn't belong to any specific BD and hence intra-subnet and inter-subnet receivers are treated similarly. Even with evpn-irb-multicast solution, it would be the same unless a second copy of traffic is send over BD specific tunnel. Zzh> But for traffic reaching MVPN domain, we don’t need to worry about TTL and src mac address change, while we do need to worry about that on EVPN side in case of intra-subnet. Indeed separate copies are sent for EVPN and MVPN, but the MVPN copy is only when a remote MVPN PE is not also an EVPN PE. It’s hard to argue that removing that one extra MVPN copy (that is sent towards MVPN-only PEs) is a hard “requirement”. Zzh> A bit more elaboration on the above “extra copy”. While the traffic is sent on a BD specific tunnel and on an MVPN tunnel, if we’re using ingress replication then there is no extra copy at all – one copy is sent to each EVPN PEs (the EVPN tunnel) and one copy is sent to each MVPN-only PEs (the MVPN tunnel) and there is no overlapping. If we’re using p2mp/BIER, then there is at most one extra copy (for the tunnel to reach all MVPN-only PEs) on the outgoing link, not one extra copy for each MVPN-only PE. That is not bad at all. Regarding "9. DCs with only EVPN PEs" ---------------------------------------------------- For comparison, the OISM method does not need any provisioning/procedures related to RP and registering. That is a significant simplification that an EVPN-only operator should be aware of. <AG> Same functionality is achieved in seamless-Interop by utilizing SPT-only mode of MVPN in which shared multicast trees are not formed in the core. Zzh> This is where OISM has a tremendous advantage, besides that it does switching (vs. routing) for intra-subnet traffic. On EVPN-only PEs, only (*,g) state (control plane and data plane) is needed and the concepts of RP, RPT/SPT and switch do NOT exist on EVPN-only PEs. Zzh> it just is not true that SPT-only mode eliminates provisioning/procedures related to RP and registering. It does NOT change the following facts: - With MVPN spt-only mode, each PE still needs to be aware of RP (or itself must be a RP or have an MSDP session with the RP) so that it can register with a RP (which could be another PE or outside the EVPN domain). It is that registration that causes the MVPN type-5 routes to be advertised, data driven. - There will be (s,g) MVPN type-5 routes installed on ALL PEs, and (s,g) forwarding state installed on all PEs that need to send/receive the traffic. This is a larger scaling concern than having to install MPLS label routes for all BDs on all PEs of a tenant (a concern you raised and Eric commented about in another thread). Zzh> Additionally, the MVPN instance may very well have to run the rpt-spt mode (shared tree across the core) because some providers (and some of their customers) do not want to change the customer’s RP infrastructure (and bring RP functionality to the PEs). In that case, If some group traffic has sources on both evpn side and mvpn side then rpt-spt mode has to be used even for EVPN sources (even if some other groups only has EVPN sources, since the mode is not on a per-group basis). Thanks. Jeffrey Thanks. Jeffrey Regards, Ashutosh _______________________________________________ BESS mailing list BESS@ietf.org<mailto:BESS@ietf.org> https://www.ietf.org/mailman/listinfo/bess<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_bess&d=DwMFaQ&c=HAkYuh63rsuhr6Scbfh0UjBXeMK-ndb3voDTXcWzoCI&r=f7wsLGcfzAWDNS6XNTBZwj_OLAOsZZqdrR2IDAzeZqE&m=AJQjCmLI3ezSlB5d0_On7W688YzYCCkRPfwSYAirEVc&s=ye7h4lnggye9zWJvSJVNDwpngr2n-ozakKEDYWSK6LM&e=>
- [bess] Comments on draft-sajassi-bess-evpn-mvpn-s… Jeffrey (Zhaohui) Zhang
- Re: [bess] Comments on draft-sajassi-bess-evpn-mv… Ashutosh Gupta
- Re: [bess] Comments on draft-sajassi-bess-evpn-mv… Jeffrey (Zhaohui) Zhang