INTERNET-DRAFT Sami Boutros Intended Status: Standard Track Rex Fernando Ali Sajassi Cisco Systems Kitty Pang Alibaba Expires: December 28, 2015 June 26, 2015 EVPN auto provisioning using a controller draft-boutros-bess-evpn-auto-provisoning-00 Abstract In some datacenter use cases, a priori knowledge of what PE/NVE to be configured for a given L2 or L3 service may not be available. This document describes how EVPN can be extended to discover what L2 or L3 services to be enabled on a given PE/NVE, based on first sign of life FSOL packets received on the PE/NVE ports. An EVPN route based on the FSOL packets will be sent to a controller to trigger a push of the related L2/L3 service configuration to be provisioned on the PE/NVE and on the switch ports. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Boutros Expires December 28, 2015 [Page 1] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 Copyright and License Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1 Auto-Provisioning . . . . . . . . . . . . . . . . . . . . . 4 2.2 Scalability . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.4 Multi-homing . . . . . . . . . . . . . . . . . . . . . . . . 4 2.5 Fast Convergence . . . . . . . . . . . . . . . . . . . . . . 4 3. Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Solution Overview . . . . . . . . . . . . . . . . . . . . . . . 5 5 Ethernet Segment identifier encoding . . . . . . . . . . . . . . 5 6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 6 7 Security Considerations . . . . . . . . . . . . . . . . . . . . 6 8 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6 9 References . . . . . . . . . . . . . . . . . . . . . . . . . . 6 9.1 Normative References . . . . . . . . . . . . . . . . . . . 6 9.2 Informative References . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7 Boutros Expires December 28, 2015 [Page 2] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 1 Introduction In some datacenter use cases, a priori knowledge of what PE/NVE configuration state for a given L2 or L3 service may not be available. A controller will be pre-provisioned with the L2/L3 service policies that need to be enabled in the data center. Provisioning all the PE/NVEs in a data center with all the L2/L3 service policies can pose a scale concern, given that a data center can support hundreds of thousands of services. This document describes how EVPN can be extended to discover what L2 or L3 services to be enabled on a given PE/NVE, based on first sign of life FSOL packets received on the PE/NVE ports. An EVPN route based on the FSOL packets will be sent to a controller from the PE/NVE nodes that saw the FSOL, to trigger a push of the related L2/L3 service configuration to be provisioned on the PE/NVE nodes and on the switch ports. Initially, all the PE/NVE nodes are configured with a default EVPN service that includes all Ethernet access ports. Based on the FSOL packets received on any of the Ethernet trunk ports, an EVPN MAC/IP Advertisement route is sent to the controller containing the MAC and IP information associated with this FSOL packet. The ESI field of the route encodes both the Ethernet port information as well as the Ethernet Tag associated with the FSOL packet. Once the controller receives the MAC/IP Advertisement route from the PE/NVE node, it consults a pre-configured policy for any L2 or L3 services that need to be enabled on this PE/NVE node based on the information in the route. Any combination of fields encoded in the EVPN route may be used to that effect. If such service is required to be pushed to the PE/NVE node, the controller pushes the provisioning information to the access PE/NVE node and other PE/NVE nodes involved in this L2/L3 service. The alternative is to configure every EVPN instance on all PE/NVEs and that poses a scale concern on the PE/NVEs deployed in the DC. 1.1 Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Boutros Expires December 28, 2015 [Page 3] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 2. Requirements This section describes the requirements specific to this draft. These requirements are in addition to the ones described in [EVPN-REQ], [EVPN], and [EVPN-VPWS]. 2.1 Auto-Provisioning Auto provisioning of L2/L3 services on PE/NVE nodes connected to a IP/MPLS fabric based on the FSOL packets received by the PE/NVE nodes. 2.2 Scalability A single controller node can provision many access PE/NVE nodes. A single controller node must be able to handle all EVPN routes received from all the access PE/NVE nodes that it is controlling. 2.3 Redundancy TBD 2.4 Multi-homing TBD 2.5 Fast Convergence TBD 3. Benefits This section describes some of the major benefits of EVPN Auto- provisioning. Majors benefits are: - An easy and scalable mechanism for auto provisioning access PE/NVE nodes connected to a DC fabric based on FSOL using EVPN control plane. - Auto-provision features such as QOS access lists (ACL), tunnel preference, bandwidth, L3VPN, EVPN, etc.. based on the policy plane previously available to the controller. Boutros Expires December 28, 2015 [Page 4] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 4. Solution Overview +----------+ |Controller| +----------+ +---------+ | | +-------+ +--------+ | IP/MPLS | +--------+ +-------+ |Server1|---|access |-| Access |-|access |---|Server2| +-------+ |PE-1 | | Network | |PE-2 | +-------+ +--------+ | | +--------+ +---------+ Figure 1: EVPN-Auto provisioning Operation Initially all the access PE/NVE nodes trunk ports will be associated with a default bridge and will be associated with a default EVPN instance that all PE/NVE node(s) and the controller are part of. Based on FSOL packet received from Server1, an EVPN MAC/IP Advertisement route will be sent by PE-1 to the controller, the ESI value will be encoded to contain the access port number and the Ethernet Tag(s) associated with the FSOL packet, the IP and MAC fields will be set based on the source IP and MAC information on the FSOL packet. An operator has previously provisioned a policy to associate a VLAN identifier on a given PE or set of PE(s) with a L2 or L3 service. When the BGP EVPN advertisement is received by the controller, the controller checks the policy, and pushes down to the PE/NVE node or set of PE/NVE nodes(s) the L2/L3 service to be provisioned on those access routers/switches via the management plane. When PE-1 stop seeing traffic for the MAC/IP, as per EVPN PE-1 will withdrawn the EVPN MAC/IP advertisement, when all the MAC/IP advertisements related to a given L2 service have been withdrawn from the controller, the controller will remove the provisioned L2/L3 service from this PE/NVE node. 5 Ethernet Segment identifier encoding This document proposes a new ESI type to encode the Ethernet port on Boutros Expires December 28, 2015 [Page 5] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 which the FSOL packet was received, and the Ethernet Tag(s) that are encoded on the FSOL packet. +---+---+---+---+---+---+---+---+---+---+ | T | ESI Value | +---+---+---+---+---+---+---+---+---+---+ The ESI 9 octets value will be as follow: +---+---+---+---+---+---+---+---+---+---+ | T |Ethernet Port #|Vlan-1 |Vlan-2 |0's| +---+---+---+---+---+---+---+---+---+---+ Ethernet Port number encoded on the 1st 4 bytes, this Ethernet port number is unique per PE/NVE node and will be used on the controller to infer the actual physical port on the PE/NVE node/router. The Vlan-1 and Vlan-2 values are used to encode the Ethernet Tag identifiers found on the FSOL packet received on the Ethernet port. 6 Acknowledgements The authors would like to thank Samer Salam for his valuable comments. 7 Security Considerations This document does not introduce any additional security constraints. 8 IANA Considerations New ESI type need to be allocated to specify the encoding in section 5. 9 References 9.1 Normative References [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 9.2 Informative References [RFC7209] A. Sajassi, R. Aggarwal et. al., "Requirements for Ethernet Boutros Expires December 28, 2015 [Page 6] INTERNET DRAFT EVPN Auto provisioning June 26, 2015 VPN". [EVPN] A. Sajassi, R. Aggarwal et. al., "BGP MPLS Based Ethernet VPN", draft-ietf-l2vpn-evpn-11.txt. [EVPN-VPWS] S. Boutros et. al., "EVPN-VPWS", draft-ietf-bess-evpn- vpws-00.txt. Authors' Addresses Sami Boutros Cisco Email: sboutros@cisco.com Rex Fernando Cisco Email: rex@cisco.com Ali Sajassi Cisco Email: sajassi@cisco.com Kitty Pang Alibaba Email: kittypang@alibaba-inc.com Boutros Expires December 28, 2015 [Page 7]