[bess] Concerns regarding load balancing of routed unicast traffic indraft-ietf-bess-evpn-unequal-lb

Alexander Vainshtein <Alexander.Vainshtein@rbbn.com> Tue, 17 September 2024 10:03 UTC

Return-Path: <alexander.vainshtein@rbbn.com>
X-Original-To: bess@ietfa.amsl.com
Delivered-To: bess@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF9ABC1D61EF for <bess@ietfa.amsl.com>; Tue, 17 Sep 2024 03:03:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rbbn.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9KRw2AYfQArB for <bess@ietfa.amsl.com>; Tue, 17 Sep 2024 03:03:20 -0700 (PDT)
Received: from usb-smtp-delivery-110.mimecast.com (usb-smtp-delivery-110.mimecast.com [170.10.153.110]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B461C1D6FBC for <bess@ietf.org>; Tue, 17 Sep 2024 03:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rbbn.com; s=mimecast20230413; t=1726567398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=GwaKOMED4woXlyKeUOCSCUNuNzwuM7C9o5IqI4q532Q=; b=JWoYIimZW3eYNyYaItOu9JxxaKmdRn7zc7kjD/xsSnFnCSYUJIa3j4f+lZDnSd+mLYy893 zfvbt9w1O5hgA07B+tQIcQJnF3ByiaYHLqNyuvAUwAf1E2SzeHKlcVaDRCPlvhpnD/nhlg fjCPkeHQhECPnLcYWgTzykTRcLkRN2o=
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2041.outbound.protection.outlook.com [104.47.70.41]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id usb-mta-20-bb9N0KYTO1m17f4yg9_vmA-2; Tue, 17 Sep 2024 03:02:39 -0700
X-MC-Unique: bb9N0KYTO1m17f4yg9_vmA-2
Received: from PH0PR03MB6300.namprd03.prod.outlook.com (2603:10b6:510:e2::5) by DM6PR03MB5146.namprd03.prod.outlook.com (2603:10b6:5:1e8::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.24; Tue, 17 Sep 2024 10:02:35 +0000
Received: from PH0PR03MB6300.namprd03.prod.outlook.com ([fe80::a48b:db16:775a:4a16]) by PH0PR03MB6300.namprd03.prod.outlook.com ([fe80::a48b:db16:775a:4a16%7]) with mapi id 15.20.7962.022; Tue, 17 Sep 2024 10:02:35 +0000
From: Alexander Vainshtein <Alexander.Vainshtein@rbbn.com>
To: "draft-ietf-bess-evpn-unequal-lb@ietf.org" <draft-ietf-bess-evpn-unequal-lb@ietf.org>
Thread-Topic: Concerns regarding load balancing of routed unicast traffic indraft-ietf-bess-evpn-unequal-lb
Thread-Index: AdsI42ZoxmtMIU17Tvi9WVScBEbEtQ==
Importance: high
X-Priority: 1
Date: Tue, 17 Sep 2024 10:02:35 +0000
Message-ID: <PH0PR03MB63007F01FEE0BD41619E4C89F6612@PH0PR03MB6300.namprd03.prod.outlook.com>
Accept-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR03MB6300:EE_|DM6PR03MB5146:EE_
x-ms-office365-filtering-correlation-id: 7e2d52f8-a4ec-4b2d-3069-08dcd6ffda82
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|376014|38070700018
x-microsoft-antispam-message-info: DUQvqXmBp1DPZUYmj9safZHoNbRoOcuSlYWVtbXa4Ribf39AW/mmvhGTvS/mLH0oHOeJX689Vx2tpoXncwfPioI5gigGrJOcSBqK5gj/tXWhCnVynLO073CsvEuinKXChYNtBHMRFg9XN3ItpT0/kFDU1vCQBsUYQ6zqzdnHC0QNuSZ7DpJaz/NN3ZoBPMKkxf+mIY4TEqmvPL+sWFZKVCgn2e7UHpcg001/pL1dHRJxmWjuuRtGqVFzv/40IH/WNmwRyU/dtBkS2bhA4ixHgIFCTulgVoHzmKRwuNsqmW2eo6+2Rxkv4fOPptKMNw3spnpdYuW6CVKYDyJ1ZVXTxG9xHD594vjizY8rH6RVgN9RRl37SOHAxNiwe+5PEmeML0dcYm6hd52QksC6H6bRYSPmFnoPxWwytQcsBbXNdONd3bpdIbDo31+TELn0aD7cUA4RLiCieb7Fjc/2It8L606aiD4Bs07bA7a203zFYFhXFRlLT/sujJucyHmzvmTLiajmX/97HbQ6IHpa0KDWuaoPiGyjc2mTIYKlZ1S+TebRRb4McZ+ifWRY4r+3wE2z8Y60MH7tTVDV+v9O0uWLmLnJJJIOwOY3iNGRR3limRVKNXaX4G+4YFIh3RuUMlgadMwR0TtKtP1ruhb5wcgqeemPuPcolpxtSxJ84YqlG1Z1P5crme6UHAEb/5W5n530ldngZzgg82dVp3L0j/l+hYSxIrmqOjdt4GLkn+irROb+mgJiLDm4cxI2LAtOcXRh5nwRjqcOabCERYT+hXm0peelAxfhQQmpJEIdcSUbzUPoRwk/11PfrzDnqn3R7ph20aweImjKAcRsdzGFkgirFFWZGNppPwJKU9dCxp7m6OstiQwbhX1SnFThx9+VUKa4yywd1ro0Gp6blfG681nTBDgXavoul3CfDfCE1+10lU/s/U/q/7Sp13g1/ZMwRP+E+5lR9NsDzdbFgwNQl6yJhshqjqCp/hle0WZ4+/791qcuj1OYmgLJKFEZvv3Ih9kswUTjAKBW638yXVe2/rch2QPw+QBVhxTgBANz7NHvt4TO8aAsBNWdhTepy1XO6+3neL5XQ3Fm2UvXgAZYr0UFzdE8Ib3nWTnAVYzIvXyzWuDse687O84a6UkDFmyFgkpYmxPIs83gYlQTCQMR2ZkNMdSD3VcYz4+fCXalrKNeEMoZEX1isUCSPRSJho69HFcdugqdIVCz3idXaBWRczllR98xSrijgexCLMw4jJWBnsDFOAQQoFlLDJymjMNjqK8RpwhVlrk2gf1dKrj92lH0j2oqBJxF3sdq+pLaaWunbeX/1O3f9U8XpmFXQIvWqa2U
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR03MB6300.namprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1102
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: tfbQ/Ux2Z3TuxMPjM5DhLblc2SgM9aJ68rdU3rTht/V689cg+YQZl5/32AcIZx/CNo5aOYcpvygkyWbIPH3dV7USFkeR48nXoTF3JG9qnTPw5+HN29Eg2aMUIZSlxzCAKf1iX3KqvbCnoA6Mgr0MANB85l8e1HQqRS5tfJ3oreapUea9AlVyLTa3fCtX79QIW06KaJQoDrju279slkoyupT8qHqajlFZAl0F+6hIm0x0EE04xUNtO22K61mkLdY9Y/ANHBWg+DsT4Ue1MM1S+XkN/6i7RgItXGpx0yzkfi7YEns2pbjPTeCqREpByhlkcttE9qOeHHyGe6x98HHlYvf3dOTOMJIKWXNUJY6RqVU0F7KQlyV8Wt2eGWYMmvc1pQhUngHneOhTiLeZ9QzM5sfUXur6f1BuOXdaUplozb4aMIIK5F+GlbmsfXx88oQsYGF31uLYhS0drmoOx99Ki5Y0/S7xuMeMnqgeSs/W0tUD7SYLz0q1rRgyLbeF9yp3zE7Hx2NVZ/h9ULcA+JVyNNgmFkdYzbNcr86NT8BMH+W4qjdqhfWqBxmRgQpANTvMSyU/TCHOk4+EfJDljo+gcuMSHy7XCtMC2k4qoLyDvVxUrdOnSJ75ttq/OLrvMx+NYwt/m+jtKxOMsAHJd+jHc6EllzwkinIRvVPnAulnpFiSaqyRIAj4rdXh9pCDgtHho/VgWJ5npnJX35F+0319W4oREQJn+nahumPW1f6Bimrd18oYoIcJOE8e7fWQsSWIeQaiwXHKKhdzFIb/9GxIyuvU2T4f3bdJzVUbEMu9VnW7y7027idkVQDaxGTHjtk+f4A9geFrHUWq4tNFlYvyWg95KZzTL+NFB3MgAZte5gPuKOCYquDc3hAGzePi8dJz8T5Lne8vQNUjtfU/F4B3jz8p8J7VtUxqh07cgfNZrY02xswudFw4neaFb2RIolvBw1tVwxMcT8Y445FJck42j2htZaUyFE/wXyvgIe6Sc+qh7GqtOsYDrqOpgVG5ws5gLKpX+uOPocWXyQTGwJcC7hU7HtO7mHNQIHA/RJ2tXxeHZSFmGFtkiqLj4RfdVLseu+3iXktkjNE8lAhwhXcPa1aRdqvMyUhywqhJnNuyqeJObWgdMROmBdbR9ugcR9gn0d9ZOHuDZd3CF7v54J0GLOPP7tZ1K8zY7O5YNJXL0Z8v80DdDG8yFUGCAc8C62alIV7TPSTfr1hP1W40JHQvWNrLMe7kRQmScwYEJgIt0PKf1JXGcjVXU65iO0zcUgPlurme+bttvIY4BCh/EKdFzXLEKPD7e3AA0TNcu0hZBbDlGRhZrNT+B5jqLKiPI9w1lw5EmM70KYrheKPEeiLIRKSOGXr28JuatkQ/0M5oGDTjcFSeHpK4iYSRc84NL4KSnJ0VRSU31op+kK82zwKVAv+vIdzztd/YBfh0NQW/cCWheM6D3AJsDfopfoXUZf52Zoy0kgy7KrmpnwECxVkkcfKRPbFoUMPY0LlkPmS4S5aXVTmhIkJuJhS1jEbLy3YmsOW74/azw4p+5b8pHHMwvgJMZLcylU0lry0hNvjC3eOY/sDz/ZjnlvDrNIuE97r/
MIME-Version: 1.0
X-OriginatorOrg: rbbn.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR03MB6300.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7e2d52f8-a4ec-4b2d-3069-08dcd6ffda82
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2024 10:02:35.0241 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 29a671dc-ed7e-4a54-b1e5-8da1eb495dc3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7GcpbYFiHsADHIrK6EthMp6wbqRdqTnKGoV4c2vgX6FlV8kcJXw9LidMH01DDF1GW4Bdprlir4wOMewynlwm3Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR03MB5146
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: rbbn.com
Content-Language: en-US
Content-Type: multipart/related; boundary="_006_PH0PR03MB63007F01FEE0BD41619E4C89F6612PH0PR03MB6300namp_"; type="multipart/alternative"
Message-ID-Hash: IXNTPRSFBA55R4T34W75DMM2S77AD3EC
X-Message-ID-Hash: IXNTPRSFBA55R4T34W75DMM2S77AD3EC
X-MailFrom: alexander.vainshtein@rbbn.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-bess.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "bess@ietf.org" <bess@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [bess] Concerns regarding load balancing of routed unicast traffic indraft-ietf-bess-evpn-unequal-lb
List-Id: BGP-Enabled ServiceS working group discussion list <bess.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bess/rWleyJKHS1lL35IP4a9_Q8d2VfY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bess>
List-Help: <mailto:bess-request@ietf.org?subject=help>
List-Owner: <mailto:bess-owner@ietf.org>
List-Post: <mailto:bess@ietf.org>
List-Subscribe: <mailto:bess-join@ietf.org>
List-Unsubscribe: <mailto:bess-leave@ietf.org>

Hi,
I have some concerns about load balancing of routed unicast traffic in the Weighted Multi-Path Procedures for EVPN Multi-Homing<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-unequal-lb-22> draft.

Load balancing of routed unicast traffic is mentioned in a single sentence in the Introduction section of the draft that says "ECMP Load-balancing for routed unicast traffic is enabled via existing L3 ECMP mechanisms".

I think that this statement is quite problematic. E.g., consider the scenario depicted in the embedded diagram below:

[cid:image002.png@01DB0901.A0AE33F0]


In this diagram:

  1.  A Layer 2 switch is dual-homed to a pair of EVPN PEs (PE-1 and PE-2) using LAG
  2.  The two PE-CE links are treated as members in an All-Active MH ES by the EVPN PEs
  3.  Multiple IP hosts from a single subnet (192.168.100.0/24) are connected to this Layer 2 switch
     *   All these hosts are configured with the same default gateway IP address
     *   They use this default gateway address for communication with a server whose IP address belongs to a different IP subnet (10.0.0.0/24), and which is connected to a remote PE (PE-3)
  4.  Each of the EVPN PEs contains a local representative of an EVI that is attached to the MH ES in question and connected to an IP-VRF using Symmetric Anycast IRB as defined in Section 4.1 of RFC 9135<https://www.rfc-editor.org/rfc/rfc9135#section-4.1>:
     *   IP address of this IRB is the address used as the default gateway of the hosts
     *   The IRB in each of the PEs belongs to an IP-VRF that locally represents the same BGP/MPLS IP VPN service instance
     *   There is an IP-VRF in PE-3 that locally represents the same BGP/MPLS IP VPN service instance and to which the server is locally connected. Please note that there are no local representatives of any EVI in PE-3
  5.  Constrained Route Distribution (RFC 4684<https://datatracker.ietf.org/doc/html/rfc4684>) is enabled in the IP/MPLS core providing connectivity between PE-1, PE-2 and PE-3.

In this scenario "existing L3 ECMP mechanisms" will not result in load-balancing of routed unicast traffic from the server to the hosts because:

  1.  PE-3 would not be aware of EVPN multi-homing because it would not receive any EVPN Ethernet A-D routes advertised by PE-1 and PE-2
  2.  ARP messages generated by any specific host behind the Layer 2 switch would be received by just one PE and, therefore, only this PE would advertise an MAC/IP Advertisement route for the {Sender MAC, Sender IP} pair in these ARP messages
     *   Each of these routes would carry route targets of both the MAC-VRF and IP-VRF, and would contain a valid label identifying the local IP-VRF in the Label2 field of their NLRI
     *   Therefore, each of these routes would be received by PE-3 an installed as a labeled host route in the RIB and FIB of IP-VRF
  3.  Existing L3 ECMP mechanisms would not provide any load balancing, because There would be just one labeled host route for each host in the RIB and FIB of IP-VRF in PE-3.


I think that this situation is well known, and there are at least two drafts on the table that address this problem:

  1.  EVPN Support for L3 Fast Convergence and Aliasing/Backup Path<https://datatracker.ietf.org/doc/html/draft-sajassi-bess-evpn-ip-aliasing-09>
  2.  Proxy MAC-IP Advertisement in EVPNs<https://datatracker.ietf.org/doc/html/draft-rbickhart-evpn-ip-mac-proxy-adv-02>.

However, neither of these drafts is referenced in the Weighted Multi-Path Procedures for EVPN Multi-Homing<https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-unequal-lb-22> draft.

Hopefully, these notes will be useful.


Regards,
Sasha

Disclaimer

This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.