Re: comment on draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-01
"Ali Sajassi (sajassi)" <sajassi@cisco.com> Tue, 12 March 2013 15:31 UTC
Return-Path: <sajassi@cisco.com>
X-Original-To: l2vpn@ietfa.amsl.com
Delivered-To: l2vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE8C021F8CE2 for <l2vpn@ietfa.amsl.com>; Tue, 12 Mar 2013 08:31:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.597
X-Spam-Level:
X-Spam-Status: No, score=-10.597 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HXNPtgcNVqVY for <l2vpn@ietfa.amsl.com>; Tue, 12 Mar 2013 08:31:07 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0BE21F8CDF for <l2vpn@ietf.org>; Tue, 12 Mar 2013 08:31:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=42273; q=dns/txt; s=iport; t=1363102267; x=1364311867; h=from:to:cc:subject:date:message-id:in-reply-to: mime-version; bh=JNTZNucYvxMSkU0RMdMV4EdGWkLxKPk2Obhxaj9h8nc=; b=OzDBJFlXOiPoVdIBkbDdrD3EAUEV2lvbRnE7qz7OXWGaZubSfNRLCP/o B3cnsRAkGmC0vKtcw+v0tmZ8Shw4W/vf+XmBC3heOKc3oZfroNCi4GCWy PYmrU+Lswm6lkmi3adFjNzUgYl8G83xPfWt/KQ7R9dkZFKpP1y66ZerrL g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFALBIP1GtJV2c/2dsb2JhbABDhAMjwD2BRxZ0gigBAQEEJwY6EhIBCBEDAQEBCxYBBjkUCQgBAQQBDQUIEwSHdQGxG49xF45cIAYLBgGCX2EDp0yDCoIo
X-IronPort-AV: E=Sophos; i="4.84,831,1355097600"; d="scan'208,217"; a="186579201"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-7.cisco.com with ESMTP; 12 Mar 2013 15:31:06 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id r2CFV6F6013196 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 12 Mar 2013 15:31:06 GMT
Received: from xmb-aln-x13.cisco.com ([fe80::5404:b599:9f57:834b]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.02.0318.004; Tue, 12 Mar 2013 10:31:06 -0500
From: "Ali Sajassi (sajassi)" <sajassi@cisco.com>
To: Linda Dunbar <linda.dunbar@huawei.com>, Lucy yong <lucy.yong@huawei.com>, Susan Hares <susan.hares@huawei.com>
Subject: Re: comment on draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-01
Thread-Topic: comment on draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-01
Thread-Index: Ac4V7IyD4mMZ6DH7Q1GTbDhPRXkI2AACv0SAAAAcW7ACS3cggA==
Date: Tue, 12 Mar 2013 15:31:05 +0000
Message-ID: <69670F7146898C4583F56DA9AD32F77B1230FAA3@xmb-aln-x13.cisco.com>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F645AE56FD@dfweml509-mbx.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.1.120420
x-originating-ip: [10.21.68.177]
Content-Type: multipart/alternative; boundary="_000_69670F7146898C4583F56DA9AD32F77B1230FAA3xmbalnx13ciscoc_"
MIME-Version: 1.0
Cc: "l2vpn@ietf.org" <l2vpn@ietf.org>
X-BeenThere: l2vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <l2vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l2vpn>
List-Post: <mailto:l2vpn@ietf.org>
List-Help: <mailto:l2vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l2vpn>, <mailto:l2vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 15:31:08 -0000
Hi Linda,
Sorry for the delayed in response. Please refer to my reply inline …
From: Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>>
Date: Thursday, February 28, 2013 5:28 PM
To: Lucy yong <lucy.yong@huawei.com<mailto:lucy.yong@huawei.com>>, Susan Hares <susan.hares@huawei.com<mailto:susan.hares@huawei.com>>
Cc: "l2vpn@ietf.org<mailto:l2vpn@ietf.org>" <l2vpn@ietf.org<mailto:l2vpn@ietf.org>>
Subject: RE: comment on draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-01
Ali, et al,
I want to add a few more comments to the draft in addition to Lucy’s points:
When you say “connecting E-VPN NVEs within a DC” in Section 2.1, do you mean allowing a NVE to route data frames among directly attached VMs that belong to different E-VPN instances?
For inter-subnet,yes.
In Section 3 “Default Gateway Addressing”, you stated that “NVE behaves as an IP Gateway from the perspective of the attached end stations”.
However, the default gateway specified in end stations usually won’t be any NVE. Therefore letting NVEs to route traffic among different E-VPN instances may violate the intention of traffic separation that L2VPN aims to provide.
We achieve isolation via EVPN instances. If forwarding between different subnets are not desired, then one can configure it as such. As the matter of fact, the default configuration is that unless one configures IRB functionality to allow forwarding among selected subnets.
Even though you only allow NVEs to route traffic among IP subnets belonging to one customers, those NVEs basically merge multiple virtual network instances to one, which might not be the desired behavior by the customer.
We have complete flexibility on inter-subnet switching among different VNs (represented by different VNIs). The operator can decide for what VNs to enable or disable (by default) IRB functions.
Cheers,
Ali
Linda
From: Lucy yong
Sent: Thursday, February 28, 2013 1:48 PM
To: 'draft-sajassi-l2vpn-evpn-inter-subnet-forwarding@tools.ietf.org<mailto:'draft-sajassi-l2vpn-evpn-inter-subnet-forwarding@tools.ietf.org>'
Subject: comment on draft-sajassi-l2vpn-evpn-inter-subnet-forwarding-01
Hello Ali and All,
I have read this draft and have some comments. As you may know or not, I have been thinking and working on this topics since writing nvo3 use case draft (draft-ietf-nvo3-use-case) and nvo3 framework and data plane addition (draft-yong-nvo3-frwk-dpreq); glad to see you have drafted the solution document now and wish to work with you all on this draft as a co-author.
Here are some major comments:
· Case 2 is about interconnecting DC infrastructure via WAN, where DC operator can build one IP VPN that contain multiple IP subnets. I think this is the carrier’s carrier case in section 9 in rfc4364, not inter-as case specified in current document. In addition, there are two options for this case, one is used of routing aggregation, anther one is without routing aggregation. Both let PE not maintain host/vm specific addresses in forwarding path and DC operator to build an IP VPN over WAN without WAN SP awareness.
· Case3 may also implemented in following way, which should be documented too.
NVE1 GW1 GW2 NVE2
+------------+ +------------+ +------------+ +------------+
| ... ... | | ... ... | | ... | | ... ... |
|(EVI)-(VRF) | |(EVI)-(VRF) | | [LS ] | |(VRF)-(EVI) |
| .|.| | | .|. .|. | | |...| | | ... |..| |
+------------+ +------------+ +------------+ +------------+
^ v ^ V ^ V ^ V
| | | | | | | |
VM1->-+ +------>------+ +----------+ +---------------+ +->-VM2
Figure 4b: Inter-Subnet Forwarding Among E-VPN NVEs in Different DCs
with Route Aggregation
· Case 4 may also implemented in following way, which should be documented too.
NVE1 GW1 ASBR NVE2
+------------+ +------------+ +------------+ +------------+
| ... ... | | ... ... | | ... | | ... |
|(EVI)-(VRF) | |(EVI)-(VRF) | | [LS ] | | (VRF)|
| .|.|. | | |. .| | | |...| | | |..| |
+------------+ +------------+ +------------+ +------------+
^ v ^ V ^ V ^ V
| | | | | | | |
VM1->-+ +------>-----+ +----------+ +---------------+ +->-H1
Figure 5b: Inter-Subnet Forwarding Among IP-VPN Sites and E-VPN NVEs
with Route Aggregation
· Document assume that host/vm send inter subnet packet to the MAC address of IRB. But does not mention how that may happen, i.e. via configuration the gateway MAC address on host/vm or via the protocol such as ARP or DHCP. IMO: it need to describe it.
· It is not clear to me if the VNID is per EVPN instances or per IP VPN? If it is former, each subnet, i.e. EVPN instance has its own VNID, NVE may also need to convert the VNID for inter subnet forwarding.
· The term “EVPN site” is used in this document, the site has been used in VPN technology a lot and has some notion to link the physical location. But I don’t know that this document has that notion, it is virtual site, i.e. EVPN site may spread among many servers. Is that right?
Like to hear from you on these.
Regards/Thanks,
Lucy
- RE: comment on draft-sajassi-l2vpn-evpn-inter-sub… Linda Dunbar
- Re: comment on draft-sajassi-l2vpn-evpn-inter-sub… Ali Sajassi (sajassi)