e-vpn & pbb-evpn: the next generation of mpls-based l2vpn ckn techadvantage webinar
DESCRIPTION
TRANSCRIPT
E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN A Cisco Knowledge Network (CKN) TechAdvantage Webinar
April 2013
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Today’s Presenters
Tina Lam ([email protected]) Product Manager Cisco
Jose Liste ([email protected]) Technical Marketing Engineer Cisco
2
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Agenda
Market Overview and Drivers Ethernet VPN and PBB-EVPN Technical Overview Flows and Use Cases Summary
3
Market Overview and Drivers
4
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
L2VPN Market Drivers
Service Provider • L2 transport for
distribution and core network
• L2 aggregation for mobile RAN and Carrier Ethernet
• L2 access services • SP managed DCI
Data Center • Data center interconnect
(DCI) • L2 overlay network
Enterprise • L2 transport across
campuses • Enterprise managed DCI
Extends L2 connectivity for all markets
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Data Center Interconnect requirements not fully addressed by current L2VPN technologies
DCI Brings New Requirements
Ethernet Virtual Private Network (E-VPN) and Provider Backbone Bridging EVPN (PBB-EVPN) designed to address these requirements
All-active Redundancy and Load Balancing
Simplified Provisioning and Operation
Optimal Forwarding
Fast Convergence
MAC Address Scalability
Technical Overview Highlights and Solution Requirements
7
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Next generation solution for Ethernet multipoint connectivity services
PEs run Multi-Protocol BGP to advertise & learn MAC addresses over Core
Learning on PE Access Circuits via data-plane transparent learning
No pseudowires – Unicast: use MP2P tunnels – Multicast: use ingress replication over
MP2P tunnels or use LSM Under standardization at IETF – draft-
ietf-l2vpn-evpn
Ethernet VPN Highlights
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
VID 100 SMAC: M1 DMAC: F.F.F
BGP MAC adv. Route E-VPN NLRI MAC M1 via PE1
Data-plane address learning from Access
Control-plane address advertisement / learning over Core
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Combines Ethernet Provider Backbone Bridging (PBB - IEEE 802.1ah) with Ethernet VPN – PEs perform as PBB Backbone Edge Bridge (BEB)
Reduces number of BGP MAC advertisements routes by aggregating Customer MACs (C-MAC) via Provider Backbone MAC (B-MAC) – Addresses virtualized data centers with C-MAC
count into the millions – PEs advertise local Backbone MAC (B-MAC)
addresses in BGP – C-MAC and C-MAC to B-MAC mapping learned in
data-plane
Under standardization at IETF – draft-ietf-l2vpn-pbb-evpn
PBB Ethernet VPN Highlights
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
B-MAC: B-M1 B-M2
B-M2
BGP MAC adv. Route E-VPN NLRI MAC B-M1 via PE2
B-MAC: B-M1
Control-plane address advertisement / learning over Core (B-MAC)
Data-plane address learning from Access • Local C-MAC to local B-
MAC binding
Data-plane address learning from Core • Remote C-MAC to remote
B-MAC binding
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Active / Active Multi-Homing with flow-based load balancing in CE to PE direction – Maximize bisectional bandwidth – Flows can be L2/L3/L4 or
combinations
Flow-based load balancing in PE to PE direction – Multiple RIB entries associated
for a given MAC – Exercises multiple links towards
CE
10
Solution Requirements All-Active Redundancy and Load Balancing
PE
PE
PE
PE
Vlan X - F1
Vlan X – F2
Flow Based Load-balancing – CE to PE direction
PE
PE
PE
PE
Flow Based Load-balancing – PE to PE direction
Vlan X - F1 Vlan X – F2
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Flow-based Multi-Pathing
Load balancing across equal cost multiple paths in the MPLS core
Load balancing at PE and P routers based on Entropy MPLS labels
11
Solution Requirements All-Active Redundancy and Load Balancing (cont.)
PE
PE
PE
PE
P
P
P
P
Flow Based Multi-Pathing in the Core Vlan X - F1 Vlan X – F2 Vlan X – F3 Vlan X – F4
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Optimal forwarding for unicast and multicast
Shortest path – no triangular forwarding at steady-state
Loop-Free & Echo-Free Forwarding
Avoid duplicate delivery of flooded traffic
Multiple multicast tunneling options: – Ingress Replication – P2MP LSM tunnels – MP2MP
12
Solution Requirements Optimal Forwarding
PE1
PE2
PE3
PE4
CE1 CE2
Echo !
PE1
PE2
PE3
PE4
CE1 CE2 Duplicate !
CE1 CE2 PE1
PE2
PE3
PE4 Triangular Forwarding!
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Solution Requirements
Server Virtualization fueling growth in MAC Address scalability: – 1 VM = 1 MAC address. – 1 server = 10’s or 100’s of VMs
MAC address scalability most pronounced on Data Center WAN Edge for Layer 2 extensions over WAN. – Example from a live network: 1M MAC addresses in a single SP data center
MAC Address Scalability
13
WAN
DC Site 1
DC Site 2 DC Site N
1K’s
10K’s
1M’s
N * 1M
Technical Overview Concepts
14
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
E-VPN / PBB-EVPN Concepts
Ethernet Segment
• Represents a ‘site’ connected to one or more PEs
• Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI)
• Could be a single device or an entire network Single-Homed Device (SHD) Multi-Homed Device (MHD) Single-Homed Network (SHN) Multi-Homed Network (MHN)
BGP Routes
• E-VPN and PBB-EVPN define a single new BGP NLRI used to carry all E-VPN routes
• NLRI has a new SAFI (70) • Routes serve control plane
purposes, including: MAC address reachability MAC mass withdrawal Split-Horizon label adv. Aliasing Multicast endpoint discovery Redundancy group discovery Designated forwarder election
E-VPN Instance (EVI)
• EVI identifies a VPN in the network
• Encompass one or more bridge-domains, depending on service interface type Port-based VLAN-based (shown above) VLAN-bundling VLAN aware bundling (NEW)
BGP Route Attributes
• New BGP extended communities defined
• Expand information carried in BGP routes, including: MAC address moves C-MAC flush notification Redundancy mode MAC / IP bindings of a GW Split-horizon label encoding
PE
BD
BD
EVI EVI
PE1
PE2
CE1
CE2
SHD
MHD
ESI1
ESI2
Route Types [1] Ethernet Auto-Discovery (AD) Route
[2] MAC Advertisement Route
[3] Inclusive Multicast Route
[4] Ethernet Segment Route
Extended Communities ESI MPLS Label
ES-Import
MAC Mobility
Default Gateway
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Split Horizon For Ethernet Segments – E-VPN
PE advertises in BGP a split-horizon label (ESI MPLS Label) associated with each multi-homed Ethernet Segment
Split-horizon label is only used for multi-destination frames (Unknown Unicast, Multicast & Broadcast)
When an ingress PE floods multi-destination traffic, it encodes the Split-Horizon label identifying the source Ethernet Segment in the packet
Egress PEs use this label to perform selective split-horizon filtering over the attachment circuit
PE1
PE2
PE3
PE4
CE1 CE3
ESI-1 ESI-2
CE4
CE5
Challenge: How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Echo !
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Split Horizon For Ethernet Segments – PBB-EVPN
PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment – 1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)
Disposition PEs check the B-MAC source address for Split-Horizon filtering – Frame not allowed to egress on an Ethernet Segment whose B-MAC matches the B-
MAC source address in the PBB header
PE1
PE2
PE3
PE4
CE1 CE3
ESI-1 ESI-2
CE4
CE5
Challenge: How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment?
Echo !
B-MAC1
B-MAC1
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Designated Forwarder (DF) DF Election
PEs connected to a multi-homed Ethernet Segment discover each other via BGP
These PEs then elect among them a Designated Forwarder responsible for forwarding flooded multi-destination frames to the multi-homed Segment
DF Election granularity can be: – Multiple DFs for load-sharing – Per Ethernet Tag on Ethernet Segment (E-VPN) – Per I-SID on Ethernet Segment (PBB-EVPN)
PE1
PE2
PE3
PE4
CE1 CE2
ESI-1 ESI-2 Challenge: How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed Ethernet Segment? Duplicate !
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Aliasing E-VPN
PEs advertise in BGP the ESIs of local multi-homed Ethernet Segments – All-Active Redundancy Mode indicated
When PE learns MAC address on its AC, it advertises the MAC in BGP along with the ESI of the Ethernet Segment from which the MAC was learnt
Remote PEs can load-balance traffic to a given MAC address across all PEs advertising the same ESI
MAC1 PE1
PE2
PE3
PE4
CE1 CE3
CE4 ESI-1
Challenge: How to load-balance traffic towards a multi-homed device across multiple PEs when MAC addresses are learnt by only a single PE?
I can reach ESI1
(All-Active)
I can reach ESI1
(All-Active)
MAC1
I can reach MAC1 via ESI1
MAC1 ESI1 PE1 PE2
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Aliasing PBB-EVPN
PEs connected to the same MHD use the same B-MAC address for the Ethernet Segment – 1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)
PEs advertise their B-MAC addresses independent of the C-MAC learning state
Remote PEs can load-balance traffic to a given C-MAC across all PEs advertising the same associated B-MAC
MAC1 PE1
PE2
PE3
PE4
CE1 CE3
CE4 ESI-1
Challenge: How to load-balance traffic towards a multi-homed device across multiple PEs when MAC addresses are learnt by only a single PE?
I can reach B-MAC1
I can reach B-MAC1
MAC1
I can reach MAC1 via B-MAC1
MAC1 B-MAC1PE1 PE2
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MAC Mass-Withdraw
PEs advertise two sets of information: – MAC addresses along with the ESI from the address was learnt – Connectivity to ESI(s)
If a PE detects a failure impacting an Ethernet Segment, it withdraws the route for the associated ESI – Remote PEs remove failed PE from the path-list for all MAC addresses associated
with an ESI – This effectively is a MAC ‘mass-withdraw’ function
E-VPN
21
MAC1 PE1
PE2
PE3
PE4
CE1 CE3
CE4 ESI-1
Challenge: How to inform remote PEs of a failure affecting many MAC addresses quickly while the control-plane re-converges?
MAC1, MAC2,… MACn
I can reach ESI1
(All-Active)
I can reach MAC1 via ESI1
I can reach MAC2 via ESI1
I can reach MACn via ESI1
I can reach ESI1
(All-Active)
MAC1,.. MACn ESI1 PE1 PE2 I lost ESI1
X
Technical Overview Comparison of Solutions
22
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Comparison of L2VPN Solutions
23
Requirement VPLS PBB-VPLS E-VPN PBB-EVPN
Multi-Homing with All-Active Forwarding VLAN Based Load-balancing CE-to-PE ✔ ✔ ✔ ✔ Flow Based Load-balancing CE-to-PE " ✔ ✔ Flow Based Load-balancing PE-to-PE " ✔ ✔ Flow Based Multi-Pathing in the Core ✔ ✔ ✔ ✔
MAC Scalability Scale to Millions of C-MAC Addresses ✔ ✔ Confinement of C-MAC entries to PE with active flows ✔ ✔ ✔ MAC Summarization ✔ ✔ MAC Summarization co-existence with C-MAC Mobility ✔
Flexible VPN Policies Per C-MAC Forwarding Control Policies ✔ Per-Segment Forwarding Control Policies ✔ ✔
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Poll Questions #1
Which features will be most critical for your company to roll out E-VPN / PBB-EVPN? [multiple choice] A. All Active Redundancy and Load Balancing B. MAC Address Scalability C. Interworking / Co-existence with VPLS D. Multi-vendor Interoperability E. Optimized Multicast (Label Switch Multicast)
What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice] A. E-LAN Business Ethernet Services B. E-Tree Business Ethernet Services C. Mobile Backhaul D. Data Center Interconnect (DCI) E. No interest for now
Flows and Use Cases PBB-EVPN Life of a Packet
25
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
PBB-EVPN Life of a Packet Ingress Replication – Multi-destination Traffic Forwarding
26
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
VID 100 SMAC: M1 DMAC: F.F.F
Mcast MPLS Label assigned by PE3 for incoming BUM traffic on a given EVI
PSN MPLS label to reach PE3
PE4 – non-DF for given I-SID drops BUM traffic PE2 – drops BUM
traffic originated on same source B-MAC (B-M1)
PE1 receives broadcast traffic from CE1. PE1 adds PBB encapsulation and forwards it using ingress replication – 3 copies created PE3 – as DF, it
forwards BUM traffic towards segment
PE 2 Inclusive Multicast Route
RD = RD-2a PMSI Tunnel Attribute
Tunnel Type = Ing. Repl. Label = L2
RT ext. community RT-a
Mcast MPLS Label – used to transmit BUM traffic - downstream assigned (for ingress replication)
During start-up sequence, PE1, PE2, PE3, PE4 sent Inclusive Multicast route which include Mcast label
B-M1
B-M1
B-M2
B-M2
B-M1
B-M1
B-M2
B-M2
L2 PBB
L3 PBB
L4 PBB
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M1
Data-plane based MAC learning for C-MAC / B-MAC association
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
PBB-EVPN Life of a Packet (cont.) Unicast Traffic Forwarding and Aliasing
27
PE1 MAC Route RD = RD-1a
ESI = 1 MAC = B-M1 Label = L1
RT ext. community RT-a
PE3 RIB VPN MAC ESI RT-a B-M1 n/a
Path List NH PE1 PE2
VID 100 SMAC: M1 DMAC: F.F.F
MP2P VPN Label – downstream allocated label used by other PEs to send traffic to advertised MAC
MAC advertised by route
B-M1
B-M1
B-M2
B-M2
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M1
During start-up sequence, PE1 & PE2 advertised MAC route for B-MAC (B-M1)
PE2 MAC Route RD = RD-2a
ESI = 1 MAC = B-M1 Label = L2
RT ext. community RT-a
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
MP2P VPN Label assigned by PE2 for incoming traffic for target EVI
PSN MPLS label to reach PE2
PE3 forwards traffic on a flow (flow 2) to M1 using B-MAC B-M1 towards PE2
VID 100 SMAC: M4 DMAC: M1
MP2P VPN Label assigned by PE1 for incoming traffic for target EVI
PSN MPLS label to reach PE1
PE3 forwards traffic on a flow (flow 1) to M1 using B-MAC B-M1 towards PE1
VID 100 SMAC: M3 DMAC: M1
B-M1
B-M1
B-M2
B-M2
L2 PBB
L1 PBB
Data-plane based MAC learning for C-MAC / B-MAC association
Flows and Use Cases PBB-EVPN Operational / Failure scenarios
28
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Operational Scenarios MAC Mobility
29
MAC Mobility
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
VID 100 SMAC: M1 DMAC: M2
PE1 learns C-MAC M1 on local port and forwards across core according to C-MAC DA to Remote B-MAC mapping
1 Host M1 moves from CE1 to CE3’s locartion
3
M1 M1 M1
VID 100 SMAC: M1 DMAC: F.F.F
Via data-plane learning, PE3 learns C-MAC M1 via B-MAC B-M1
2
After host sends traffic at new location, PE3 updates C-MAC M1 location (local port.) PE3 also forwards across core according to C-MAC DA to Remote B-MAC mapping
4
Via data-plane learning, PE1 updates C-MAC M1 location (via B-MAC B-M2)
5
B-M1
B-M1
B-M2
B-M2
L1 L2 PBB
PE1 MAC Table I-SID xyz
C-MAC B-MAC M1 -
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M1
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 -
PE1 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M2
1
4
1 4
2
5
B-M1
B-M1
B-M2
B-M2
L3 L4 PBB
MAC Mobility event handled entirely by data-plane learning
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Failure Scenarios / Convergence Link / Segment Failure – Active/Active per Flow
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
PE3, PE4 RIB VPN MAC ESI RT-a B-M1 n/a
Path List NH PE1 PE2
PE1 withdraws B-MAC advertised for failed segment (B-M1)
2
PE2 reruns DF election. Becomes DF for all I-SIDs on segment
4
PE3 / PE4 remove PE1 from path list for B-MAC (B-M1)
3
PE1 detects failure of one of its attached segments
1
PE1
B-M1
B-M1
B-M2
B-M2
Use Cases
31
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Sample Use Access
32
Null Ethernet Segment Identifier (ESI)
PE1
CE1 MPLS Core
PE2
BMAC 1 ESI W
BMAC 1 ESI W
Dual Home Device (DHD) Active / Active Per-Flow LB
VID X
VID X
PE1
CE1 MPLS Core
PE2
BMAC 2 ESI W
BMAC 1 ESI W
Dual Home Device (DHD)
Active / Active Per-Service LB
VID X
VID Y
PE1
CE1
MPLS Core
ESI Null
Single Home Device (SHD) Single Home Network (SHN)
VID X
VID X
Identical B-MAC on PBB-EVPN PEs (PE1 / PE2)
Identical ESI on PBB-EVPN PEs
Different B-MAC on PBB-EVPN PEs (PE1 / PE2)
Identical ESI on PBB-EVPN PEs
Per service (I-SID) carving (manual or automatic)
CE2 ESI Null
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
What best would describe your company’s interest on E-VPN / PBB-EVPN? [single choice]
A. No plans to deploy / Not applicable to my environment
B. Undecided. Need further evaluation / understanding of the technology
C. I would consider deployment in the next 12 months
D. I would consider deployment in the next 12-24 months
Poll Question #2
Summary
34
© 2013 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Summary
E-VPN / PBB-EVPN are next-generation L2VPN solutions based on a BGP control-plane for MAC distribution/learning over the core
E-VPN / PBB-EVPN were designed to address following requirements: – All-active Redundancy and Load Balancing – Simplified Provisioning and Operation – Optimal Forwarding – Fast Convergence
In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy provides: – Scale to Millions of C-MAC (Virtual Machine) Addresses – MAC summarization co-existence with C-MAC (VM) mobility
E-VPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethernet use cases
35