Loop Protection in EVPN Networks draftsnrbessevpnloopprotect00 Jorge Rabadan
Loop Protection in EVPN Networks draft-snr-bess-evpn-loop-protect-00 Jorge Rabadan (Nokia) Senthil Sathappan (Nokia) Kiran Nagaraj (Nokia) Julio Bueno (Telefonica) Jose Manuel Crespo (Telefonica) IETF 99, July 2017 Prague 1
Local vs Global loops in EVPN Broadcast Domains draft-snr-bess-evpn-loop-protect addresses global loops A local Loop Host-1 • A non-expected situation in which BUM frames are received on the same PE and BD from where they were sent. • Either within the same AC or different ACs. • Resolution is implementation specific and independent of the other PEs PE 1 broadcast MAC-VRF CE 6 PE 3 PE 2 CE 2 EVPN AC 2 Global LOOP! AC 3 AC 4 Backdoor link CE 3 2 Local LOOP! MAC-VRF Local LOOP! AC 6 AC 5 CE 5 A Global Loop CE 4 • Across multiple PEs in the same BD • Usually caused by accidental backdoors between CEs or ACs connected to the same BD. • Addressed by this draft.
Global Loop Protection Proposal For EVPN networks • It completes the RFC 7432 MAC Duplication mechanism with an optional Loop Protection procedure for Global Loops. • RFC 7432 -compatible. • It does not modify/add any control plane piece of information. • Upon detecting a loop, it carries out the following Loop Protection actions: – The PE SHOULD discard looping flows while allowing other non-looping flows. – The PE MAY bring down the ACs involved in the loop, as opposed to only discarding the flows involved. 3
Loop Protection Solution for EVPN Broadcast Domains MAC (M 2, SEQ y) MAC (M 2, SEQ x) PE 2 M 2 AC 2 EVPN Backdoor link x=0 This documen t MACVRF AC 4 AC 3 t=0 y=0 M 2/SEQ+1 PE 3 stops advertising M 2 and logs a duplicate event 2 PE 3 initializes a retry-timer “R” t=0 3 withdraw • x=2 M 2/SEQ+2 • It is installed in the BT as Black-Hole (not associated to any AC). For any ingress frame on PE 3: withdraw y=2 • M 2/SEQ+3 y=3 • withdraw • … x=N-1 PE 3 triggers Loop Protection and “black-holes” M 2 A Black-Hole MAC M 2 means: y=1 x=3 y=N-1 y=N (t<M) Add M 2 to duplicate -MAC list • Actions If MAC SA=M 2 frame MUST be discarded If MAC DA=M 2 frame SHOULD be discarded Optionally, for any ingress frame on a PE 3 AC • M 2/SEQ+N-1 withdraw 4 1 PE 3 MACVRF broadcast RFC 7432 If MAC SA=M 2 AC MAY be brought oper down. A Black-Hole M 2 is flushed if: • R expires • Manual flush • PE 2 withdraws M 2 or sends M 2 with sticky bit.
Observations and conclusions Why is this draft Informational It is compatible with RFC 7432 procedures and does not modify EVPN routes Can be deployed in an EVPN BD where not all the PEs support Loop Protection Why do we think it is important Accidental (or not) backdoor paths happen Global Loops are a big concern in Operators and Service Providers What do we ask the WG Feedback / Comments 5
Thank you 6
- Slides: 6