Re: MAC route with IP

["Ali Sajassi (sajassi)" <sajassi@cisco.com>]

Yes, although my email and Jorge's emails crossed each others, we are both saying exactly the same thing.

That's why I think the existing text is sufficient and we don't need to add any thing more because both of the scenarios I mentioned below can happen and the existing text covers them both.

Cheers,
Ali



From: John E Drake <jdrake@juniper.net<mailto:jdrake@juniper.net>>
Date: Tuesday, May 13, 2014 10:44 AM
To: Cisco Employee <sajassi@cisco.com<mailto:sajassi@cisco.com>>, Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: RE: MAC route with IP

Ali,

As both Jorge and you have pointed out, there may indeed be cases for which there should not be a MAC only route.

Yours Irrespectively,

John

From: L2vpn [mailto:l2vpn-bounces@ietf.org] On Behalf Of Ali Sajassi (sajassi)
Sent: Tuesday, May 13, 2014 10:38 AM
To: Jakob Heitz; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: Re: MAC route with IP


Even if there is reordering by route reflector, then as I said, I don't see an issue here :-) In your example, the receiver sees the withdrawn of the IP/MAC route before receiving the MAC-only route. In that case, the traffic toward that MAC address will get flooding (or dropped if flooding is disabled) till it receives the MAC-only route. However, why does the sender has to wait till it withdraws the IP/MAC advertisement before sending the MAC-only advertisement – e.g., why doesn't the sender send MAC-only advertisement as soon as it learns it.

Again, there are scenarios in which learning is done in data-plane along with ARP suppression. In such scenarios, the sender should send MAC-only route as soon as it learns it and MAC/IP route when it snoops the ARP.  However, there are other scenarios where there is no MAC learning in data-plane. In such scenario, when a VM becomes known, the MAC/IP route is advertised and if the VM goes away, MAC/IP is withdrawn. In such scenarios, we don't want to advertise an extra route (MAC-only route) unnecessarily.

Cheers,
Ali

From: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>
Date: Tuesday, May 13, 2014 10:13 AM
To: Cisco Employee <sajassi@cisco.com<mailto:sajassi@cisco.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: RE: MAC route with IP

A route reflector can and frequently does reorder routes from the same speaker.
For example, a version walk of a tree does not walk in version order, it walks in key order.
Fine, you don’t want to make it a requirement. Then some words to alert the implementor

Whenever a PE withdraws all MAC advertisement routes with IP address for a particular MAC address, but it still knows the MAC address, it SHOULD advertise one MAC advertisement route without an IP address for that MAC address well in advance of the withdrawals. This is because BGP announcements of different routes are not required to be received in the same order in which they were sent.

Cheers,
Jakob.

From: Ali Sajassi (sajassi) [mailto:sajassi@cisco.com]
Sent: Tuesday, May 13, 2014 10:01 AM
To: Jakob Heitz; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: Re: MAC route with IP


I can understand that if route reflector receives different routes from different speakers, then it can re-order them. But we are talking about different routes from the same speaker (same BGP session and TCP/IP connection).

In your scenario below, the if the MAC is learned via data-plane learning, then the sender has already sent a MAC-only advertisement anyway, so there is no issue.

There can be scenarios in which both MAC/IP and MAC-only routes are advertise for the same MAC and there are scenarios where only MAC/IP routes are advertised. I don't want to constrain the solution unnecessarily by saying that MAC-only route must be accompanied with MAC/IP route. Again, I am not precluding what you are saying. I just don't want to make it a requirement.

Cheers,
Ali

From: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>
Date: Tuesday, May 13, 2014 9:43 AM
To: Cisco Employee <sajassi@cisco.com<mailto:sajassi@cisco.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: RE: MAC route with IP

Then if a sender withdraws a MAC/IP route, say because the ARP cache timed out, but the MAC is still known, it must send a MAC only route before it withdraws the MAC/IP route.
Now, because route reflectors can reorder route advertisements (but not announce/withdraw of the same route), the receiver can receive the withdrawal of the MAC/IP before it receives the announcement of the MAC only.
To prevent this glitch, I propose

Whenever a PE advertises one or more MAC advertisement routes with IP address for a particular MAC address, it MUST also advertise one MAC advertisement route without an IP address for that MAC address.

Thanks,
Jakob.

From: Ali Sajassi (sajassi) [mailto:sajassi@cisco.com]
Sent: Tuesday, May 13, 2014 9:35 AM
To: Jakob Heitz; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: Re: MAC route with IP


Jakob,

If there is no MAC-only route, then it is fine as well – e.g., we don't need the MAC-only route for the MAC/IP route to work. If there is only MAC/IP route, the FIB entry will be populated based on that route and if it is withdrawn, then FIB entry gets deleted. However, if there are both MAC/IP route and MAC-only route, and one of them gets withdrawn, then the FIB entry will still exist. This is the correct behavior.

Cheers,
Ali

From: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>
Date: Tuesday, May 13, 2014 9:28 AM
To: Cisco Employee <sajassi@cisco.com<mailto:sajassi@cisco.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: RE: MAC route with IP

My concern is not that a MAC/IP withdrawal might delete a MAC only route.
It is that there might not be a MAC only route there at all.

Thanks,
Jakob.

From: Ali Sajassi (sajassi) [mailto:sajassi@cisco.com]
Sent: Monday, May 12, 2014 11:21 PM
To: Jakob Heitz; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: Re: MAC route with IP


Jakob, Antoni:

Agreed that the ARP entries can timeout independent from the MAC table and thus the entries in MAC-VRF and ARP table can be deleted independent of each other. However, the existing text is still accurate. It already covers the scenario that is interest to you where there are multiple IP/MAC pair advertisement for a given MAC plus MAC-only advertisement. In such case, the withdraw of a IP/MAC pair will remove the corresponding IP/MAC entry in the ARP table but it doesn't remove the MAC entry in the MAC-VRF table.

I added the following couple of sentences to the end of 2nd para of section 10 for further clarification:

"If the receiving PE has already received a MAC-only advertisement for MACx in addition to the IPx/MACx advertisement, then when it receives a withdraw message for the IPx/MACx, it MUST delete the corresponding entry from the ARP table. However, it MUST not delete the MACx entry from the MAC-VRF table unless it receives a withdraw message for MACx only."

Cheers,
Ali


From: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>
Date: Sunday, May 11, 2014 10:59 PM
To: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>, Cisco Employee <sajassi@cisco.com<mailto:sajassi@cisco.com>>, "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: RE: MAC route with IP

People clear ARP caches when they get too big. When that happens, the bridge table may not be cleared at the same time or at all.
An ARP cache may have a different timeout than the bridge table.
A bridge can snoop ARP messages to learn bindings and those bindings can time out.
However, many other packets can come from the same MAC address, keeping the MAC alive in the bridge table. In this case, the MAC-IP binding will be lost without the MAC address itself being lost.
IP-MAC bindings can be learnt other than by snooping ARPs, by configuration, for example.
Such configurations can be removed.

Cheers,
Jakob.

From: L2vpn [mailto:l2vpn-bounces@ietf.org] On Behalf Of Jakob Heitz
Sent: Sunday, May 11, 2014 10:39 PM
To: Ali Sajassi (sajassi); l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: RE: MAC route with IP

When the IP address is dissociated with the MAC address, but the MAC address still exits.

Cheers,
Jakob.

From: Ali Sajassi (sajassi) [mailto:sajassi@cisco.com]
Sent: Sunday, May 11, 2014 10:34 PM
To: Jakob Heitz; l2vpn@ietf.org<mailto:l2vpn@ietf.org>
Cc: Antoni Przygienda
Subject: Re: MAC route with IP


Hi Jakob,

I believe the currency text is correct and sufficient. What use case do you have in mind?

EVPN PE devices that only do L2 (w/ flooding), only advertise MAC route (w/o IP address) and EVPN PE devices that do L2 w/ ARP suppression, advertise both MAC and IP. In the latter case, if there are several IP addresses map to the same MAC address, then the MAC address from MAC-VRF only gets removed, when there is no more ARP entry with that MAC address.

Cheers,
Ali

From: Jakob Heitz <jakob.heitz@ericsson.com<mailto:jakob.heitz@ericsson.com>>
Date: Sunday, May 11, 2014 9:56 PM
To: "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Cc: Antoni Przygienda <antoni.przygienda@ericsson.com<mailto:antoni.przygienda@ericsson.com>>
Subject: MAC route with IP

We have another issue
In section 10: ARP and ND, the draft says:

   If there are multiple IP addresses associated with a MAC address,
   then multiple MAC advertisement routes MUST be generated, one for
   each IP address. For instance, this may be the case when there are
   both an IPv4 and an IPv6 address associated with the MAC address.


   When the IP address is dissociated with the MAC address, then the MAC

   advertisement route with that particular IP address MUST be

   withdrawn.

If such a route is withdrawn and no MAC route without IP exists, then the MAC address will be forgotten. Therefore, we would like to add a sentence:

Whenever a PE advertises one or more MAC advertisement routes with IP address for a particular MAC address, it MUST also advertise one MAC advertisement route without an IP address for that MAC address.

Thanks,
Jakob.