e-vpn & pbb-evpn: the next generation of mpls-based l2vpn ckn techadvantage webinar

E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN A Cisco Knowledge Network (CKN) TechAdvantage Webinar

April 2013

© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public

Today’s Presenters

 Tina Lam ([email protected]) Product Manager Cisco

 Jose Liste ([email protected]) Technical Marketing Engineer Cisco

2


Agenda

 Market Overview and Drivers  Ethernet VPN and PBB-EVPN Technical Overview  Flows and Use Cases  Summary

3

Market Overview and Drivers

4


L2VPN Market Drivers

Service Provider •  L2 transport for

distribution and core network

•  L2 aggregation for mobile RAN and Carrier Ethernet

•  L2 access services •  SP managed DCI

Data Center •  Data center interconnect

(DCI) •  L2 overlay network

Enterprise •  L2 transport across

campuses •  Enterprise managed DCI

Extends L2 connectivity for all markets


Data Center Interconnect requirements not fully addressed by current L2VPN technologies

DCI Brings New Requirements

Ethernet Virtual Private Network (E-VPN) and Provider Backbone Bridging EVPN (PBB-EVPN) designed to address these requirements

  All-active Redundancy and Load Balancing

  Simplified Provisioning and Operation

  Optimal Forwarding

  Fast Convergence

  MAC Address Scalability

Technical Overview Highlights and Solution Requirements

7


  Next generation solution for Ethernet multipoint connectivity services

  PEs run Multi-Protocol BGP to advertise & learn MAC addresses over Core

  Learning on PE Access Circuits via data-plane transparent learning

  No pseudowires –  Unicast: use MP2P tunnels –  Multicast: use ingress replication over

MP2P tunnels or use LSM   Under standardization at IETF – draft-

ietf-l2vpn-evpn

Ethernet VPN Highlights

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

VID 100 SMAC: M1 DMAC: F.F.F

BGP MAC adv. Route E-VPN NLRI MAC M1 via PE1

Data-plane address learning from Access

Control-plane address advertisement / learning over Core


  Combines Ethernet Provider Backbone Bridging (PBB - IEEE 802.1ah) with Ethernet VPN –  PEs perform as PBB Backbone Edge Bridge (BEB)

  Reduces number of BGP MAC advertisements routes by aggregating Customer MACs (C-MAC) via Provider Backbone MAC (B-MAC) –  Addresses virtualized data centers with C-MAC

count into the millions –  PEs advertise local Backbone MAC (B-MAC)

addresses in BGP –  C-MAC and C-MAC to B-MAC mapping learned in

data-plane

  Under standardization at IETF – draft-ietf-l2vpn-pbb-evpn

PBB Ethernet VPN Highlights

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

B-MAC: B-M1 B-M2

B-M2

BGP MAC adv. Route E-VPN NLRI MAC B-M1 via PE2

B-MAC: B-M1

Control-plane address advertisement / learning over Core (B-MAC)

Data-plane address learning from Access • Local C-MAC to local B-

MAC binding

Data-plane address learning from Core • Remote C-MAC to remote

B-MAC binding


  Active / Active Multi-Homing with flow-based load balancing in CE to PE direction –  Maximize bisectional bandwidth –  Flows can be L2/L3/L4 or

combinations

  Flow-based load balancing in PE to PE direction –  Multiple RIB entries associated

for a given MAC –  Exercises multiple links towards

CE

10

Solution Requirements All-Active Redundancy and Load Balancing

PE

PE

PE

PE

Vlan X - F1

Vlan X – F2

Flow Based Load-balancing – CE to PE direction

PE

PE

PE

PE

Flow Based Load-balancing – PE to PE direction

Vlan X - F1 Vlan X – F2


  Flow-based Multi-Pathing

  Load balancing across equal cost multiple paths in the MPLS core

  Load balancing at PE and P routers based on Entropy MPLS labels

11

Solution Requirements All-Active Redundancy and Load Balancing (cont.)

PE

PE

PE

PE

P

P

P

P

Flow Based Multi-Pathing in the Core Vlan X - F1 Vlan X – F2 Vlan X – F3 Vlan X – F4


  Optimal forwarding for unicast and multicast

  Shortest path – no triangular forwarding at steady-state

  Loop-Free & Echo-Free Forwarding

  Avoid duplicate delivery of flooded traffic

  Multiple multicast tunneling options: –  Ingress Replication –  P2MP LSM tunnels –  MP2MP

12

Solution Requirements Optimal Forwarding

PE1

PE2

PE3

PE4

CE1 CE2

Echo !

PE1

PE2

PE3

PE4

CE1 CE2 Duplicate !

CE1 CE2 PE1

PE2

PE3

PE4 Triangular Forwarding!


Solution Requirements

  Server Virtualization fueling growth in MAC Address scalability: –  1 VM = 1 MAC address. –  1 server = 10’s or 100’s of VMs

  MAC address scalability most pronounced on Data Center WAN Edge for Layer 2 extensions over WAN. –  Example from a live network: 1M MAC addresses in a single SP data center

MAC Address Scalability

13

WAN

DC Site 1

DC Site 2 DC Site N

1K’s

10K’s

1M’s

N * 1M

Technical Overview Concepts

14


E-VPN / PBB-EVPN Concepts

Ethernet Segment

•  Represents a ‘site’ connected to one or more PEs

•  Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI)

•  Could be a single device or an entire network Single-Homed Device (SHD) Multi-Homed Device (MHD) Single-Homed Network (SHN) Multi-Homed Network (MHN)

BGP Routes

•  E-VPN and PBB-EVPN define a single new BGP NLRI used to carry all E-VPN routes

•  NLRI has a new SAFI (70) •  Routes serve control plane

purposes, including: MAC address reachability MAC mass withdrawal Split-Horizon label adv. Aliasing Multicast endpoint discovery Redundancy group discovery Designated forwarder election

E-VPN Instance (EVI)

•  EVI identifies a VPN in the network

•  Encompass one or more bridge-domains, depending on service interface type Port-based VLAN-based (shown above) VLAN-bundling VLAN aware bundling (NEW)

BGP Route Attributes

•  New BGP extended communities defined

•  Expand information carried in BGP routes, including: MAC address moves C-MAC flush notification Redundancy mode MAC / IP bindings of a GW Split-horizon label encoding

PE

BD

BD

EVI EVI

PE1

PE2

CE1

CE2

SHD

MHD

ESI1

ESI2

Route Types [1] Ethernet Auto-Discovery (AD) Route

[2] MAC Advertisement Route

[3] Inclusive Multicast Route

[4] Ethernet Segment Route

Extended Communities ESI MPLS Label

ES-Import

MAC Mobility

Default Gateway


Split Horizon For Ethernet Segments – E-VPN

  PE advertises in BGP a split-horizon label (ESI MPLS Label) associated with each multi-homed Ethernet Segment

  Split-horizon label is only used for multi-destination frames (Unknown Unicast, Multicast & Broadcast)

  When an ingress PE floods multi-destination traffic, it encodes the Split-Horizon label identifying the source Ethernet Segment in the packet

  Egress PEs use this label to perform selective split-horizon filtering over the attachment circuit

PE1

PE2

PE3

PE4

CE1 CE3

ESI-1 ESI-2

CE4

CE5

Challenge: How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?

Echo !


Split Horizon For Ethernet Segments – PBB-EVPN

  PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment –  1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)

  Disposition PEs check the B-MAC source address for Split-Horizon filtering –  Frame not allowed to egress on an Ethernet Segment whose B-MAC matches the B-

MAC source address in the PBB header

PE1

PE2

PE3

PE4

CE1 CE3

ESI-1 ESI-2

CE4

CE5

Challenge: How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?

Echo !

B-MAC1

B-MAC1


Designated Forwarder (DF) DF Election

  PEs connected to a multi-homed Ethernet Segment discover each other via BGP

  These PEs then elect among them a Designated Forwarder responsible for forwarding flooded multi-destination frames to the multi-homed Segment

  DF Election granularity can be: –  Multiple DFs for load-sharing –  Per Ethernet Tag on Ethernet Segment (E-VPN) –  Per I-SID on Ethernet Segment (PBB-EVPN)

PE1

PE2

PE3

PE4

CE1 CE2

ESI-1 ESI-2 Challenge: How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed Ethernet Segment? Duplicate !


Aliasing E-VPN

  PEs advertise in BGP the ESIs of local multi-homed Ethernet Segments –  All-Active Redundancy Mode indicated

 When PE learns MAC address on its AC, it advertises the MAC in BGP along with the ESI of the Ethernet Segment from which the MAC was learnt

 Remote PEs can load-balance traffic to a given MAC address across all PEs advertising the same ESI

MAC1 PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge: How to load-balance traffic towards a multi-homed device across multiple PEs when MAC addresses are learnt by only a single PE?

I can reach ESI1

(All-Active)

I can reach ESI1

(All-Active)

MAC1

I can reach MAC1 via ESI1

MAC1 ESI1 PE1 PE2


Aliasing PBB-EVPN

  PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment –  1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)

  PEs advertise their B-MAC addresses independent of the C-MAC learning state

  Remote PEs can load-balance traffic to a given C-MAC across all PEs advertising the same associated B-MAC

MAC1 PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge: How to load-balance traffic towards a multi-homed device across multiple PEs when MAC addresses are learnt by only a single PE?

I can reach B-MAC1

I can reach B-MAC1

MAC1

I can reach MAC1 via B-MAC1

MAC1 B-MAC1PE1 PE2


MAC Mass-Withdraw

  PEs advertise two sets of information: –  MAC addresses along with the ESI from the address was learnt –  Connectivity to ESI(s)

  If a PE detects a failure impacting an Ethernet Segment, it withdraws the route for the associated ESI –  Remote PEs remove failed PE from the path-list for all MAC addresses associated

with an ESI –  This effectively is a MAC ‘mass-withdraw’ function

E-VPN

21

MAC1 PE1

PE2

PE3

PE4

CE1 CE3

CE4 ESI-1

Challenge: How to inform remote PEs of a failure affecting many MAC addresses quickly while the control-plane re-converges?

MAC1, MAC2,… MACn

I can reach ESI1

(All-Active)



I can reach MACn via ESI1

I can reach ESI1

(All-Active)

MAC1,.. MACn ESI1 PE1 PE2 I lost ESI1

X

Technical Overview Comparison of Solutions

22


Comparison of L2VPN Solutions

23

Requirement VPLS PBB-VPLS E-VPN PBB-EVPN

Multi-Homing with All-Active Forwarding VLAN Based Load-balancing CE-to-PE ✔ ✔ ✔ ✔ Flow Based Load-balancing CE-to-PE " ✔ ✔ Flow Based Load-balancing PE-to-PE " ✔ ✔ Flow Based Multi-Pathing in the Core ✔ ✔ ✔ ✔

MAC Scalability Scale to Millions of C-MAC Addresses ✔ ✔ Confinement of C-MAC entries to PE with active flows ✔ ✔ ✔ MAC Summarization ✔ ✔ MAC Summarization co-existence with C-MAC Mobility ✔

Flexible VPN Policies Per C-MAC Forwarding Control Policies ✔ Per-Segment Forwarding Control Policies ✔ ✔


Poll Questions #1

Which features will be most critical for your company to roll out E-VPN / PBB-EVPN? [multiple choice] A.  All Active Redundancy and Load Balancing B.  MAC Address Scalability C.  Interworking / Co-existence with VPLS D.  Multi-vendor Interoperability E.  Optimized Multicast (Label Switch Multicast)

What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice] A.  E-LAN Business Ethernet Services B.  E-Tree Business Ethernet Services C.  Mobile Backhaul D.  Data Center Interconnect (DCI) E.  No interest for now

Flows and Use Cases PBB-EVPN Life of a Packet

25


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a Packet Ingress Replication – Multi-destination Traffic Forwarding

26

MPLS

PE1

CE1

PE2

PE3

CE3

PE4


Mcast MPLS Label assigned by PE3 for incoming BUM traffic on a given EVI

PSN MPLS label to reach PE3

PE4 – non-DF for given I-SID drops BUM traffic PE2 – drops BUM

traffic originated on same source B-MAC (B-M1)

PE1 receives broadcast traffic from CE1. PE1 adds PBB encapsulation and forwards it using ingress replication – 3 copies created PE3 – as DF, it

forwards BUM traffic towards segment

PE 2 Inclusive Multicast Route

RD = RD-2a PMSI Tunnel Attribute

Tunnel Type = Ing. Repl. Label = L2

RT ext. community RT-a

Mcast MPLS Label – used to transmit BUM traffic - downstream assigned (for ingress replication)

During start-up sequence, PE1, PE2, PE3, PE4 sent Inclusive Multicast route which include Mcast label

B-M1

B-M1

B-M2

B-M2

B-M1

B-M1

B-M2

B-M2

L2 PBB

L3 PBB

L4 PBB

PE3 MAC Table I-SID xyz

C-MAC B-MAC M1 B-M1

Data-plane based MAC learning for C-MAC / B-MAC association


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PBB-EVPN Life of a Packet (cont.) Unicast Traffic Forwarding and Aliasing

27

PE1 MAC Route RD = RD-1a

ESI = 1 MAC = B-M1 Label = L1


PE3 RIB VPN MAC ESI RT-a B-M1 n/a

Path List NH PE1 PE2


MP2P VPN Label – downstream allocated label used by other PEs to send traffic to advertised MAC

MAC advertised by route

B-M1

B-M1

B-M2

B-M2


C-MAC B-MAC M1 B-M1

During start-up sequence, PE1 & PE2 advertised MAC route for B-MAC (B-M1)

PE2 MAC Route RD = RD-2a

ESI = 1 MAC = B-M1 Label = L2


MPLS

PE1

CE1

PE2

PE3

CE3

PE4

MP2P VPN Label assigned by PE2 for incoming traffic for target EVI


PE3 forwards traffic on a flow (flow 2) to M1 using B-MAC B-M1 towards PE2

VID 100 SMAC: M4 DMAC: M1

MP2P VPN Label assigned by PE1 for incoming traffic for target EVI


PE3 forwards traffic on a flow (flow 1) to M1 using B-MAC B-M1 towards PE1


B-M1

B-M1

B-M2

B-M2

L2 PBB

L1 PBB

Data-plane based MAC learning for C-MAC / B-MAC association

Flows and Use Cases PBB-EVPN Operational / Failure scenarios

28


PBB-EVPN Operational Scenarios MAC Mobility

29

 MAC Mobility

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

MPLS

PE1

CE1

PE2

PE3

CE3

PE4


PE1 learns C-MAC M1 on local port and forwards across core according to C-MAC DA to Remote B-MAC mapping

1 Host M1 moves from CE1 to CE3’s locartion

3

M1 M1 M1


Via data-plane learning, PE3 learns C-MAC M1 via B-MAC B-M1

2

After host sends traffic at new location, PE3 updates C-MAC M1 location (local port.) PE3 also forwards across core according to C-MAC DA to Remote B-MAC mapping

4

Via data-plane learning, PE1 updates C-MAC M1 location (via B-MAC B-M2)

5

B-M1

B-M1

B-M2

B-M2

L1 L2 PBB


C-MAC B-MAC M1 -


C-MAC B-MAC M1 B-M1


C-MAC B-MAC M1 -


C-MAC B-MAC M1 B-M2

1

4

1 4

2

5

B-M1

B-M1

B-M2

B-M2

L3 L4 PBB

MAC Mobility event handled entirely by data-plane learning


PBB-EVPN Failure Scenarios / Convergence Link / Segment Failure – Active/Active per Flow

MPLS

PE1

CE1

PE2

PE3

CE3

PE4

PE3, PE4 RIB VPN MAC ESI RT-a B-M1 n/a

Path List NH PE1 PE2

PE1 withdraws B-MAC advertised for failed segment (B-M1)

2

PE2 reruns DF election. Becomes DF for all I-SIDs on segment

4

PE3 / PE4 remove PE1 from path list for B-MAC (B-M1)

3

PE1 detects failure of one of its attached segments

1

PE1

B-M1

B-M1

B-M2

B-M2

Use Cases

31


PBB-EVPN Sample Use Access

32

  Null Ethernet Segment Identifier (ESI)

PE1

CE1 MPLS Core

PE2

BMAC 1 ESI W

BMAC 1 ESI W

Dual Home Device (DHD) Active / Active Per-Flow LB

VID X

VID X

PE1

CE1 MPLS Core

PE2

BMAC 2 ESI W

BMAC 1 ESI W

Dual Home Device (DHD)

Active / Active Per-Service LB

VID X

VID Y

PE1

CE1

MPLS Core

ESI Null

Single Home Device (SHD) Single Home Network (SHN)

VID X

VID X

  Identical B-MAC on PBB-EVPN PEs (PE1 / PE2)

  Identical ESI on PBB-EVPN PEs

  Different B-MAC on PBB-EVPN PEs (PE1 / PE2)

  Identical ESI on PBB-EVPN PEs

  Per service (I-SID) carving (manual or automatic)

CE2 ESI Null


What best would describe your company’s interest on E-VPN / PBB-EVPN? [single choice]

A.  No plans to deploy / Not applicable to my environment

B.  Undecided. Need further evaluation / understanding of the technology

C.  I would consider deployment in the next 12 months

D.  I would consider deployment in the next 12-24 months

Poll Question #2

Summary

34


Summary

  E-VPN / PBB-EVPN are next-generation L2VPN solutions based on a BGP control-plane for MAC distribution/learning over the core

  E-VPN / PBB-EVPN were designed to address following requirements: –  All-active Redundancy and Load Balancing –  Simplified Provisioning and Operation –  Optimal Forwarding –  Fast Convergence

  In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy provides: –  Scale to Millions of C-MAC (Virtual Machine) Addresses –  MAC summarization co-existence with C-MAC (VM) mobility

  E-VPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethernet use cases

35

e-vpn & pbb-evpn: the next generation of mpls-based l2vpn ckn techadvantage webinar

Technology

cisco andor

mac addresses

provider backbone mac

fbgp mac

m2bgp mac

bmac mapping

bgp cmac

cisco public flow