RE: Interest in IS-IS VPLS
Linda Dunbar <linda.dunbar@huawei.com> Tue, 08 May 2012 14:56 UTC
Return-Path: <linda.dunbar@huawei.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 895CC21F865B for <l2vpn@ietfa.amsl.com>; Tue, 8 May 2012 07:56:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.932
X-Spam-Level:
X-Spam-Status: No, score=-1.932 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FMIQSTnYjTnW for <l2vpn@ietfa.amsl.com>; Tue, 8 May 2012 07:56:53 -0700 (PDT)
Received: from dfwrgout.huawei.com (dfwrgout.huawei.com [206.16.17.72]) by ietfa.amsl.com (Postfix) with ESMTP id E64F521F8648 for <l2vpn@ietf.org>; Tue, 8 May 2012 07:56:48 -0700 (PDT)
Received: from 172.18.9.243 (EHLO dfweml201-edg.china.huawei.com) ([172.18.9.243]) by dfwrg01-dlp.huawei.com (MOS 4.2.3-GA FastPath) with ESMTP id AFX88937; Tue, 08 May 2012 10:56:48 -0400 (EDT)
Received: from DFWEML406-HUB.china.huawei.com (10.193.5.131) by dfweml201-edg.china.huawei.com (172.18.9.107) with Microsoft SMTP Server (TLS) id 14.1.323.3; Tue, 8 May 2012 07:54:49 -0700
Received: from DFWEML506-MBX.china.huawei.com ([10.124.31.111]) by dfweml406-hub.china.huawei.com ([10.193.5.131]) with mapi id 14.01.0323.003; Tue, 8 May 2012 07:54:45 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Aldrin Isaac <aldrin.isaac@gmail.com>
Subject: RE: Interest in IS-IS VPLS
Thread-Topic: Interest in IS-IS VPLS
Thread-Index: AQHNKJ3mO48LuIhSPkS8Et2e3RTHupa3awKA//+BFwCAAUwRAIAAibWAgAA5z4CAAHp5AIAAvVcAgACaWQCABBCQcIAA5RAAgAA+2iA=
Date: Tue, 08 May 2012 14:54:44 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F63392BC4F@dfweml506-mbx>
References: <CBC805CA.1A7B8%giles.heron@gmail.com> <CBC808CF.2D46%sajassi@cisco.com> <2691CE0099834E4A9C5044EEC662BB9D330E8F11@dfweml505-mbx> <2E819CEF-4A49-439B-86DF-C17503A75398@gmail.com> <2691CE0099834E4A9C5044EEC662BB9D330E918C@dfweml505-mbx> <03B0FD5F-D9F5-4C4E-A7FD-0A2C36A7B092@gmail.com> <4A95BA014132FF49AE685FAB4B9F17F633918DFE@dfweml505-mbx> <E4D21458-343B-4E3D-98E5-90367931E7D6@gmail.com>
In-Reply-To: <E4D21458-343B-4E3D-98E5-90367931E7D6@gmail.com>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.156]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "l2vpn@ietf.org" <l2vpn@ietf.org>, sajassi <sajassi@cisco.com>
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2012 14:56:54 -0000
Isaac, I thought that is why "Private VLAN" is introduced. You can put the pair of firewalls in "private VLAN" and create a group of regular VLANs (with each VLAN mapped to /xx, and xx >24). This group of VLANs can access the "private VLAN". Is it correct? Thanks for the example. Linda > -----Original Message----- > From: Aldrin Isaac [mailto:aldrin.isaac@gmail.com] > Sent: Monday, May 07, 2012 11:05 PM > To: Linda Dunbar > Cc: Lucy yong; l2vpn@ietf.org; sajassi > Subject: Re: Interest in IS-IS VPLS > > Linda, > > Let me give a simple example. If you have a DMZ with a public /24 > address and you want to share that DMZ (one pair of firewalls to the > Internet) with multiple different classes of applications that you want > to keep isolated from each other. Within each class the computers can > communicate with each other and out to the Internet, but computers that > are of different classes cannot communicate with one another. > > -- aldrin > > > On May 7, 2012, at 5:29 PM, Linda Dunbar wrote: > > > Adrin, > > > > You mentioned that " private vlan and community vlans which are very > common for DMZs in Data Center". > > > > I can totally understand why "private vlan" being used. But what > scenario will you need "community vlans" but can't be simply achieved > by traditional VLANs? > > > > Thanks, Linda > > > > > >> -----Original Message----- > >> From: l2vpn-bounces@ietf.org [mailto:l2vpn-bounces@ietf.org] On > Behalf > >> Of Aldrin Isaac > >> Sent: Friday, May 04, 2012 7:20 PM > >> To: Lucy yong > >> Cc: l2vpn@ietf.org; sajassi > >> Subject: Re: Interest in IS-IS VPLS > >> > >> Hi Lucy, > >> > >> Please see inline > >> > >> On May 4, 2012, at 11:07 AM, Lucy yong wrote: > >> > >>> Hi Isaac, > >>> > >>> Thank you for the reply. Please see inline. > >>> > >>> Regards, > >>> Lucy > >>> > >>> -----Original Message----- > >>> From: Aldrin Isaac [mailto:aldrin.isaac@gmail.com] > >>> Sent: Thursday, May 03, 2012 10:50 PM > >>> To: Lucy yong > >>> Cc: sajassi; Giles Heron; Nabil Bitar; l2vpn@ietf.org > >>> Subject: Re: Interest in IS-IS VPLS > >>> > >> > >> ... > >> > >>> E-VPN also supports policy based-topologies versus simple point-to- > >> point, flat or tree VLANs. It can support point-to-point, tree, > mesh, > >> one-way, or pretty much any other "complex" or overlapped topologies > >> (depending on how you like to see it). An example is ability to > >> natively recreate private vlan, community vlan topologies (which > happen > >> to be quite common in DC networks) and any number of combinations of > >> these simultaneously to a single port. A BGP E-VPN VPN is also > >> decoupled from the edge EVI/ESI such that it is not limited to a > single > >> tenant/vlan but can span tenants/vlans (l2 extranet) if so required. > >> This is native to E-VPN. > >>> [[LY]] Such policy based-topologies are useful for service provider > >> network, but may too complex for intra DCs. One reason that > customers > >> often want to choose with L2VPN service is "it is simple". However, > >> L3VPN have its applications although some operators often complain > the > >> complexities to configure these policies. Typical example is the a > >> firewall only placed at a location. Could you share why operator > want > >> such policy based-topology for L2VPN? > >> > >> Policy-based topologies are generally complex when used to > interconnect > >> IP networks because there are generally multiple prefixes in a vrf, > and > >> often different prefixes need to be associated to different VPNs or > >> routing behavior. In the DC, L2VPN role is to interconnect host > ports > >> so the policies for basic are very simple --- list of import route > >> targets and list of export route targets where each import/export > pair > >> correspond to a VPN (tenant, service, ...). An example of how a DC > >> operator might use this for example is to meet a requirement for > >> private vlan and community vlans which are very common for DMZs. > >> Hopefully you are familiar with these very common use cases. It is > >> even possible to recreate more complex switch "features" like MVR > (in > >> addition to private VLANs which are also considered "features") > using > >> E-VPN. It took me three years to get the MVR feature into a > particular > >> vendor's switch to meet a business need. I'll sacrifice plug-and- > play > >> simplicity for business agility. I'm sure my peers are with me on > this > >> one. > >> > >> If simple "plug-and-play" is important, one could imagine RRs > sending > >> out an "RR TLV" such that RRs in an IGP area auto-connect with each > >> other and RR-clients connect to the closest RR based on SPF (some > >> details like peer-group, etc would need to be factored in to make it > >> more powerful). Other BGP/MPLS configuration is, IMHO, trivial > unless > >> you CHOOSE to use more advanced capabilities (i.e. not locked in). > >> > >> Maybe the reason why MPLS comes across as complex is because of how > >> IETF deals with requirements lately by creating point solutions. E- > VPN > >> tries to put new capabilities on the table while trying not to take > >> existing value off the table. There is no reason why a solution > can't > >> bring more value than what the standards body calls for. > >> > >>> E-VPN supports interconnecting end-stations or interconnecting L2 > >> networks. Procedures to easily span STP based networks across an E- > VPN > >> network without loops comes with the base spec. Extensions to E-VPN, > >> such as PBB-EVPN, simplify the fully functional spanning of non-EVPN > >> networks across an E-VPN network. > >>> [[LY]] current L2VPN support all these except active-active mode > >> which causes the loop. > >> > >> Base E-VPN spec will natively deal with the STP case through an > >> active/standby mode and BPDU-snooping -- detect root bridge and use > >> that as ESI (ethernet segment id) to indicate unique STP network > with > >> active/standby bit set to ensure only one forwarding link among > links > >> with same ESI. Tags (vlans) can potentially each have a different > >> active link within the member links of an ESI allowing for automatic > >> tag(tenant)/vlan level load-balancing into an STP network. Edge > >> networks that don't have mac-move issue will be able to take full > >> advantage of active-active load-balancing without need for LAG/MLAG. > >> > >>> An SVI/IRB interface can also be a member of both an E-VPN EVI and > an > >> IP VRF allowing for easily bringing together virtual L2 and L3 > >> topologies anywhere in the network without a physical port. > >>> [[LY]] Could you please share how operator plan to use this? Which > >> service will you sell to customer in this case? > >> > >> The service will be where a customer wants to communicate to a > >> destination network that is not in his subnet. Operators most > >> interested in EVPN already have IPVPN services on their network. > This > >> is the gateway point between the EVPN virtual networks and [existing] > >> IPVPN virtual networks. No physical port required. > >> > >>> E-VPN builds on top of years of work in the IETF; traffic > engineering, > >> scaling with route reflectors and RT constrain, multicast via NG- > MVPN, > >> etc. > >>> [[LY]] Agree. These are useful features for service provider > network. > >> However, these functions may not necessary within DC although they > had > >> been proved works well. > >> > >> I'm not sure how eventually re-inventing these capabilities (yes it > >> will happen) on behalf of a new protocol will be better than simply > >> leveraging proven technology. Vendors don't need to implement every > >> MPLS RFC ever written to be able to implement the basic E-VPN. > >> > >>> Can also use IP for transport tunnel. But my understanding is that > >> popular merchant silicon has support for MPLS push/pop/swap these > days > >> (?). This was captured by EVPN at it's inception, which is why the > PE > >> is referred to as MES (MPLS-enabled switch) in E-VPN. > >>> [[LY]] Yes, current draft aims on MPLS solution only. But it states > >> the potential to extend to the use of IP tunnel. > >>> The way I see it, a major reason why STP-based LANS are fickle and > >> don't scale well is on account of insufficient decoupling of core > from > >> edge created by requirement for plug-and-play and how that played > out > >> over time. Conversely the reason (among other things) why IP > networks > >> are more stable is because they are not inherently plug-and-play, > and > >> with MPLS/BGP allows excellent decoupling of core and edge. I don't > >> know enough about TRILL or PBB to comment on those -- I just know > that > >> I'm not interested for enough good reasons. E-VPN enables a dynamic > >> edge over a stable decoupled core while giving each operator room > for > >> service differentiation. It is especially interesting to operators > >> that have invested in MPLS technology and operations. I can find a > lot > >> of folks that understand BGP/MPLS IPVPN and in short order have them > >> know the ins and outs of basic E-VPN. It's quite hard for me to > find > >> non-vendor folk who really actually understand the other > technologies > >> used to span Ethernet aside from basic STP. > >> > >>> [[LY]] Thank you to share this in the mailing list. > >>> > >>> This is an operator perspective. > >>> [[LY]] This is great! > >>> > >>> > >>> On May 3, 2012, at 4:31 PM, Lucy yong wrote: > >>> > >>>> Hi Ali, > >>>> > >>>> > >>>> "5. Ethernet VPN (E-VPN) - An enhanced Layer-2 service that > >>>> emulates an Ethernet (V)LAN across a PSN. E-VPN supports > >>>> load-sharing across multiple connections from a Layer-2 site > >>>> to an L2VPN service. E-VPN is primarily targeted to support > >>>> large-scale L2VPNs with resiliency requirements not satisfied > >>>> by other L2VPN solutions" > >>>> > >>>> [[LY]] IMO, E-VPN enhancement is to support multi-homing with > >> active-active mode. Load-sharing across multiple connections from a > >> layer-2 site is desired when this mode is used. Current VPLS can > >> provide resiliency requirement when the multi-homing site configured > >> with active-standby mode. > >>>> > >>>> Regards, > >>>> Lucy > >>>> > >>>> Cheers, > >>>> Ali > >>>> > >>> > >
- RE: Interest in IS-IS VPLS Lucy yong
- Interest in IS-IS VPLS Giles Heron
- Re: Interest in IS-IS VPLS Rogers, Josh
- Re: Interest in IS-IS VPLS Mallette, Edwin J.
- RE: Interest in IS-IS VPLS Gregory Mirsky
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Jie Dong
- re: Interest in IS-IS VPLS Xuxiaohu
- RE: Interest in IS-IS VPLS Mach Chen
- RE: Interest in IS-IS VPLS Alexander Vainshtein
- RE: Interest in IS-IS VPLS John E Drake
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS John E Drake
- Re: Interest in IS-IS VPLS LEVRAU, LIEVEN (LIEVEN)
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Gregory Mirsky
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS LEVRAU, LIEVEN (LIEVEN)
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS John E Drake
- Re: Interest in IS-IS VPLS sajassi
- RE: Interest in IS-IS VPLS Henderickx, Wim (Wim)
- Re: Interest in IS-IS VPLS LEVRAU, LIEVEN (LIEVEN)
- RE: Interest in IS-IS VPLS Linda Dunbar
- RE: Interest in IS-IS VPLS John E Drake
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS John E Drake
- re: Interest in IS-IS VPLS Xuxiaohu
- RE: Interest in IS-IS VPLS Mingui Zhang
- re: Interest in IS-IS VPLS Xuxiaohu
- Re: Interest in IS-IS VPLS Kireeti Kompella
- re: Interest in IS-IS VPLS Xuxiaohu
- RE: Interest in IS-IS VPLS Shah, Himanshu
- RE: Interest in IS-IS VPLS John E Drake
- RE: Interest in IS-IS VPLS John E Drake
- RE: Interest in IS-IS VPLS John E Drake
- Re: Interest in IS-IS VPLS Vishwas Manral
- Re: Interest in IS-IS VPLS Giles Heron
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Gregory Mirsky
- Re: Interest in IS-IS VPLS Vishwas Manral
- Re: Interest in IS-IS VPLS Giles Heron
- Re: Interest in IS-IS VPLS Thomas Nadeau
- RE: Interest in IS-IS VPLS UTTARO, JAMES
- Re: Interest in IS-IS VPLS Thomas Nadeau
- re: Interest in IS-IS VPLS Xuxiaohu
- RE: Interest in IS-IS VPLS Mingui Zhang
- re: Interest in IS-IS VPLS Xuxiaohu
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS sajassi
- re: Interest in IS-IS VPLS Xuxiaohu
- Re: Interest in IS-IS VPLS Giles Heron
- Re: Interest in IS-IS VPLS Bitar, Nabil N
- RE: Interest in IS-IS VPLS Shah, Himanshu
- Re: Interest in IS-IS VPLS sajassi
- Re: Interest in IS-IS VPLS Giles Heron
- Re: Interest in IS-IS VPLS sajassi
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS Aldrin Isaac
- RE: Interest in IS-IS VPLS Lucy yong
- Re: Interest in IS-IS VPLS Aldrin Isaac
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS UTTARO, JAMES
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Linda Dunbar
- Re: Interest in IS-IS VPLS Aldrin Isaac
- Re: Interest in IS-IS VPLS Aldrin Isaac
- RE: Interest in IS-IS VPLS Lucy yong
- RE: Interest in IS-IS VPLS Linda Dunbar
- Re: Interest in IS-IS VPLS Aldrin Isaac