IETF Logo Mail Archive

Re: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement

"Rabadan, Jorge (Jorge)" <jorge.rabadan@alcatel-lucent.com> Mon, 11 November 2013 15:52 UTC

Return-Path: <jorge.rabadan@alcatel-lucent.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C70B11E8107 for <l2vpn@ietfa.amsl.com>; Mon, 11 Nov 2013 07:52:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.998
X-Spam-Level:
X-Spam-Status: No, score=-9.998 tagged_above=-999 required=5 tests=[AWL=-0.601, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_12=0.6, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sH5tIGhWy9mj for <l2vpn@ietfa.amsl.com>; Mon, 11 Nov 2013 07:52:28 -0800 (PST)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by ietfa.amsl.com (Postfix) with ESMTP id 561B411E818D for <l2vpn@ietf.org>; Mon, 11 Nov 2013 07:52:28 -0800 (PST)
Received: from fr711usmtp1.zeu.alcatel-lucent.com (h135-239-2-122.lucent.com [135.239.2.122]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id rABFqOge029765 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 11 Nov 2013 09:52:26 -0600 (CST)
Received: from FR711WXCHHUB02.zeu.alcatel-lucent.com (fr711wxchhub02.zeu.alcatel-lucent.com [135.239.2.112]) by fr711usmtp1.zeu.alcatel-lucent.com (GMO) with ESMTP id rABFqOsi006898 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 11 Nov 2013 16:52:24 +0100
Received: from FR711WXCHMBA03.zeu.alcatel-lucent.com ([169.254.3.151]) by FR711WXCHHUB02.zeu.alcatel-lucent.com ([135.239.2.112]) with mapi id 14.02.0247.003; Mon, 11 Nov 2013 16:52:24 +0100
From: "Rabadan, Jorge (Jorge)" <jorge.rabadan@alcatel-lucent.com>
To: "Andrew McLachlan (amclachl)" <amclachl@cisco.com>, "Henderickx, Wim (Wim)" <wim.henderickx@alcatel-lucent.com>
Subject: Re: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement
Thread-Topic: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement
Thread-Index: Ac7cvqYcD4BB2/82Q4+fCPK55cREGP//WkCA//ukXXCACOGNgIAAaI3R//+PIQA=
Date: Mon, 11 Nov 2013 15:52:24 +0000
Message-ID: <CEA63B07.28F00%jorge.rabadan@alcatel-lucent.com>
In-Reply-To: <1A914EDF-7BE7-4AFA-AFFA-7068DCF22FFB@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
x-originating-ip: [135.239.27.41]
Content-Type: multipart/alternative; boundary="_000_CEA63B0728F00jorgerabadanalcatellucentcom_"
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
Cc: "l2vpn@ietf.org" <l2vpn@ietf.org>
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Layer 2 Virtual Private Networks <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2013 15:52:35 -0000

Besides Wim’s comments, section 2.2 tries to summarize why L3VPN does not meet all the requirements in this environment.
We need the flexibility given by the overlay next-hops within the NLRI: GW IP and ESI.

Section 2.3 gives some of the reason why a new EVPN route type is needed.

Thanks.
Jorge

From: "Andrew McLachlan (amclachl)" <amclachl@cisco.com<mailto:amclachl@cisco.com>>
Date: Monday, November 11, 2013 at 5:36 AM
To: "Henderickx, Wim (Wim)" <wim.henderickx@alcatel-lucent.com<mailto:wim.henderickx@alcatel-lucent.com>>
Cc: "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Subject: Re: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement


Wim, thank you for clarifying this. I just read your comments and drafts you refer to, and what you detail would be the right approach imo.



On 11 Nov 2013, at 08:22, "Henderickx, Wim (Wim)" <wim.henderickx@alcatel-lucent.com<mailto:wim.henderickx@alcatel-lucent.com>> wrote:

In-line

From: Lucy yong <lucy.yong@huawei.com<mailto:lucy.yong@huawei.com>>
Date: Monday 11 November 2013 08:43
To: Wim Henderickx <wim.henderickx@alcatel-lucent.com<mailto:wim.henderickx@alcatel-lucent.com>>, Lucy yong <lucy.yong@huawei.com<mailto:lucy.yong@huawei.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Subject: RE: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement

Wim,

I read the draft and still think that all the use cases work well with RT2.  Here are my views how these use cases in section 5 can be implemented without RT5

Use case 1 can be done by an L3 VN overlay, say VN10, and a gateway at DCGW1 and DCGW2. The gateway is used to interconnect the VN 10 and WAN.
The VN10 route the traffic on SN 1 and SN2, SN3, and IP2-IP5.  I call this implementation “L3VN plus a gateway” Why do you want to use an L2 VN overlay here?

WH> you don’t have a GW IP in the L3VPN AFI/SAFI, so you will need to define a new route to do this efficiently

Use case 2 and use case 4 are about multi-homing. In the case 2, TS and NVE are co-located; in the case 4, TS and NVE are physically separated.  First of all, IMO, when TS and NVE co-locate on the same server, multi-homed TS is not necessary. The use case 4 is just the use case 1 with multi-homing. Thus, it can be implemented by “L3VN plus a gateway” w/ VRRP.

WH> there is no VRRP in these cases since the appliance is a bump in the wire for use case 4 so they don’t even speak IP, so you have an undefined NH, which is also not evadable in the L3VPn AFI/SAFI and there is no ESI NH possible

In your use case 3, EVI10 should be replaced by an L3 overlay. The VRF on the NVE1 acts as the L3 distributed gateway for the EVN1 and EVN2.  The VRF on the NVE2 acts as the L3 distributed gateway for the EVN2 and EVN3. The VRFs on DGW1 and DGW2 act as the gateway between the L3 overlay and WAN. If NVE1 and NVE2 use RT2 advertises TS IP/MAC,  NVE1 will know IP subnet/prefix associating to EVN1 and EVN2, and IP subnet/prefix associating to the L3 overlay. When NVE1 receives a packet from IP1 and the packet has the destination to SN1, the packet dMAC address will be the MAC address for the distributed gateway that is the same for all the NVEs. When NVE sees this address, it will perform the VRF table lookup by using the destination IP addr on the packet, which results the IP addr is associated to the EVN2, then NVE performs the table look-up in EVI-2 that has both IP/MAC to outer (or VAP) address mapping, so it will replace the dMAC addr on the packet with the real destination MAC addr and send to the VAP that SN1 associated to.  When NVE1 receives a packet from IP1 and the packet has the destination in the WAN network, the dMAC on the packet is also the MAC address for the distributed gateway. So NVE will perform the VRF table look-up by using the destination IP on the packet, which results to the outer IP address on one of DGWs, say DGW1. NVE1 adds the L3 VN ID and the outer header on the packet prior sending it out. When DGW1 receives the packet, it removes the tunnel header and uses the L3 VN ID on the packet to reach the vGW on DGW1. The vGW perform the packet treatment before sending to the WAN.

WH> it depends how you want to do this, you can either go route from ingress w/o IP lookup on ingress or do a lookup on egress. Both options are possible and required for some HW in the market. EVPN supports both already, what this draft is doing is how prefixes should be used in this environment

L2/L3 NVE service type described in draft-yong-nv03-nve is for this use case. When L2/L3 NVE service type is used, NVE maintains both TS IP/MAC addresses but may advertise both IP/MAC addresses or one of the address depending on the remote NVE service type. When L2 NVE service type is used, NVE just maintains TS MAC addresses. Both cases can be implemented by EVPN solution.

WH> draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-02 describes the IRB case

There are places we need to use L2 VNs. For example, all TSes in a VN have the same IP address but different MAC addresses;  there is broadcast/multicast traffic in a VN; non-IP packet. However, we don’t want to make a complex EVPN solution to solve the case that L3VN can easily address.

WH> see draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-02 it describes it all. As I said not all use case can be done with L3VPN and this is required.

Regards,
Lucy







From: HenderickxHi Win,, Wim (Wim) [mailto:wim.henderickx@alcatel-lucent.com]
Sent: Friday, November 08, 2013 2:18 PM
To: Lucy yong; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Subject: Re: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement

Lucy, did you read the draft and is explained in section 6.
Show an example on how you do the scenario’s with RT2 and you will see why this is less efficient/scalable + does not support all scenario’s in the draft like ESI NH.

E-VPN distributes host routes using RT-2: (IP) + MAC and these can be an interface e.g. And prefixes can exists behind them.

From: Lucy yong <lucy.yong@huawei.com<mailto:lucy.yong@huawei.com>>
Date: Friday 8 November 2013 22:10
To: "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Subject: comment on draft-rabadan-l2vpn-evpn-prefix-advertisement

Hi Authors,

I am not convinced if RT 5 is necessary for the use cases you specified in the draft (or presentation). IMO: RT2 is sufficient to support all the cases.
There is a draft-yong-nvo3-nve, which covers all the L2 overlay cases, which can be implemented by EVPN with RT2.

One question, why EVPN service allow to VAP being an IP interface?

Thanks,
Lucy

v2.23.0 | Report a Bug | By Email