INTERNET-DRAFT Mohammed Umair Intended Status: Proposed Standard Kingston Smiler IP Infusion Donald Eastlake 3rd Lucy Yong Huawei Technologies Expires: January 7, 2016 July 6, 2015 TRILL Transparent Transport over MPLS draft-muks-trill-transport-over-mpls-00 Abstract This document specifies how to interconnect Transparent Interconnection of Lots of links (TRILL) sites belonging to a tenant that are separated geographically over an MPLS domain. This draft addresses two problems 1) Providing connection between more than two TRILL sites that are separated by an MPLS provider network using [RFC7173] 2) Providing connection between TRILL sites belonging to a tenant over a MPLS provider network Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright and License Notice M.Umair & K.Smiler Expires January 7, 2016 [Page 1] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. TRILL Over MPLS Model . . . . . . . . . . . . . . . . . . . . 4 3. VPLS Model . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Entities in the VPLS Model . . . . . . . . . . . . . . . . 6 3.3. TRILL Adjacency for VPLS model . . . . . . . . . . . . . . 7 3.4. MPLS encapsulation for VPLS model . . . . . . . . . . . . . 7 3.5 Loop Free provider PSN/MPLS. . . . . . . . . . . . . . . . 7 3.6. Frame processing. . . . . . . . . . . . . . . . . . . . . 7 4. VPTS Model . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.1. Entities in the VPTS Model . . . . . . . . . . . . . . . . 9 4.1.1 TRILL Intermediate Routers [TIR] . . . . . . . . . . . . 9 4.1.2 Virtual TRILL Switch Domain (VTSD) . . . . . . . . . . . 10 4.2. TRILL Adjacency for VPLS model . . . . . . . . . . . . . . 10 4.3. MPLS encapsulation for VPLS model . . . . . . . . . . . . . 10 4.4 Loop Free provider PSN/MPLS. . . . . . . . . . . . . . . . 10 4.5. Frame processing. . . . . . . . . . . . . . . . . . . . . 10 4.5.1 Multi-Destination Frame processing . . . . . . . . . . . 10 4.5.2 Unicast Frame processing . . . . . . . . . . . . . . . . 11 5. Extensions to TRILL Over Pseudowires [RFC7173] . . . . . . . . 11 6. VPTS Model Versus VPLS Model . . . . . . . . . . . . . . . . . 11 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 9.1 Normative References . . . . . . . . . . . . . . . . . . . 12 9.2 Informative References . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 M.Umair & K.Smiler Expires January 7, 2016 [Page 2] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 1 Introduction The IETF Transparent Interconnection of Lots of Links (TRILL) protocol [RFC6325] [RFC7177] [RFC7180bis] provides transparent forwarding in multi-hop networks with arbitrary topology and link technologies using a header with a hop count and link-state routing. TRILL provides optimal pair-wise forwarding without configuration, safe forwarding even during periods of temporary loops, and support for multipathing of both unicast and multicast traffic. Intermediate Systems (ISs) implementing TRILL are called Routing Bridges(RBridges) or TRILL Switches This draft, in conjunction with [RFC7173], address two problems 1) Providing connection between more than two TRILL sites of a single TRILL network that are separated by an MPLS provider network using [RFC7173]. (Herein also called as problem statement 1.) 2) Providing connection between TRILL sites belongs to a tenant/tenants over a MPLS provider network. (Herein also called as problem statement 2.) A tenant is the administrative entity on whose behalf one or more customers and their associated services are managed. Here Customer refers to TRILL campus not Data Label. A key multi-tenancy requirement is traffic isolation so that one tenant's traffic is not visible to any other tenant. This draft also addresses the problem of multi-tenancy by isolating one tenant's traffic from the other. 1.1 Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Acronyms used in this document include the following: AC - Attachment Circuit [RFC4664] Data Label - VLAN or FGL ECMP - Equal Cost Multi Path FGL - Fine-Grained Labeling [RFC7172] M.Umair & K.Smiler Expires January 7, 2016 [Page 3] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 IS-IS - Intermediate System to Intermediate System [IS-IS] LDP - Label Distribution Protocol LAN - Local Area Network MPLS - Multi-Protocol Label Switching PE - Provider Edge Device PPP - Point-to-Point Protocol [RFC1661] PSN - Packet Switched Network PW - Pseudowire [RFC4664] TIR - TRILL Intermediate Router [Devices where Pseudowire starts and Terminates] TRILL - Transparent Interconnection of Lots of Links OR Tunneled Routing in the Link Layer TRILL Site - A part of a TRILL campus that contains at least one RBridge. VLAN - Virtual Local Area Network VPLS - Virtual Private LAN Service VPTS - Virtual Private TRILL Service VSI - Virtual Service Instance [RFC4664] VTSD - Virtual TRILL Switch Domain A Virtual RBridge which segregates one tenant's TRILL database as well as traffic from the other. WAN - Wide Area Network 2. TRILL Over MPLS Model TRILL Over MPLS can be achieved by two different ways. a) VPLS Model for TRILL b) VPTS Model/TIR Model M.Umair & K.Smiler Expires January 7, 2016 [Page 4] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 Both these models can be used to solve the problem statement 1 and 2. Herein the VPLS Model for TRILL is also called Model 1 and the VPTS Model/TIR Model is also called Model 2. 3. VPLS Model Figure 1 shows the topological model of TRILL over MPLS using VPLS model. The PE routers in the below topology model should support all the functional Components mentioned in [RFC4664]. +-----+ +-----+ | RBa +---+ ........................... +---| RBb | +-----+ | . . | +-----+ Site 1 | +----+ +----+ | Site 2 +----|PE1 | |PE2 |----+ +----+ MPLS Cloud +----+ . . . +----+ . ..........|PE3 |........... +----+ ^ | | | +-- Emulated LAN +-----+ | RBc | +-----+ Site 3 Figure 1: Topological Model of TRILL over MPLS connecting three TRILL Sites Figure 2 below shows the topological model of TRILL over MPLS to connect multiple TRILL sites belonging to a tenant (tenant here is a campus, not a Data label). VSI1 and VSI2 are two Virtual Service Instances which segregates Tenant1's traffic from Tenant2's. VSI1 will maintain its own database for Tenant1, similarly VSI2 will maintain its own database for Tenant2. M.Umair & K.Smiler Expires January 7, 2016 [Page 5] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 +-----+ ............................ +-----+ |RBat1+---+ . ++++++++++++++++++++++++ . +---|RBbt1| +-----+ | . + + . | +-----+ Tenant1 Site 1 | +----+ +----+ | Tenant1 Site2 +----|VSI1| |VSI1|----+ +----|VSI2| MPLS Cloud |VSI2|----+ | +----+ +----+ | +-----+ | . + + . | +-----+ |RBat2+---+ . +++++++++ +----+ ++++++++ . +---|RBbt2| +-----+ ............|VSI1|........... +-----+ Tenant2 Site 2 +----|VSI2|----+ ^ Tenant2 Site2 | +----+ | | | | | +-----+ +-----+ +-----Emulated |RBct2| |RBct1| LAN +-----+ +-----+ Tenant2 Site 3 Tenant1 Site 3 .... VSI1 Path ++++ VSI2 Path Figure 2: Topological Model for VPLS Model connecting 2 Tenants with 3 sites each In this model TRILL sites are connected using VPLS-capable PE devices that provide a logical interconnect, such that TRILL RBridges belonging to a specific tenant connected via an single bridged Ethernet. These devices are same as PE devices specified in [RFC4026]. The Attachment Circuit ports of PE Routers are layer 2 switch ports that are connected to the RBridges in a TRILL site. Here each VPLS instance looks like an emulated LAN. This model is similar to connecting different RBridges (TRILL sites) by a layer 2 bridge domain (multi access links) as specified in [RFC6325]. This model doesn't requires any changes in PE routers to carry TRILL frames, as TRILL frame will be transferred transparently. 3.1. Entities in the VPLS Model The PE (VPLS-PE) and CE devices are defined in [RFC4026]. The Generic L2VPN Transport Functional Components like Attachment Circuits, Pseudowires, VSI etc. are defined in [RFC4664]. The RB (RBridge) and TRILL Sites are defined in [RFC6325] M.Umair & K.Smiler Expires January 7, 2016 [Page 6] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 3.3. TRILL Adjacency for VPLS model As specified in section 3 of this document, the MPLS cloud looks like an emulated LAN (also called multi-access link or broadcast link). This results in RBridge of different sites looking like that they are connected to a multi-access link. With such interconnection, the TRILL adjacency over the link is automatically discovered and established through TRILL IS-IS control messages [RFC7177] which is transparently forwarded by the VPLS domain, after doing MPLS encapsulation specified in the section 3.4. 3.4. MPLS encapsulation for VPLS model MPLS encapsulation over Ethernet pseudowire is specified in [RFC7173] Appendix A, and requires no changes in the frame format. 3.5 Loop Free provider PSN/MPLS. No explicit handling is required to avoid loop free topology as, Split Horizon technique mentioned in [RFC4664] in the provider PSN network takes care of loop-free topology in the PSN. 3.6. Frame processing. The PE device transparently process the TRILL control and data frames and procedure to forward the frames are defined in [RFC4664] 4. VPTS Model The [Virtual Private TRILL Service] VPTS is an L2 TRILL service that emulates TRILL service across a Wide Area Network (WAN). VPTS is similar to what VPLS does for bridge domain. VPLS provides virtual private LAN service for different customers. VPTS provide Virtual Private TRILL service (VPTS) for different TRILL tenants. Figure 3 shows the topological model of TRILL over MPLS using VPTS. In this model the PE routers are replaced with TIR [TRILL Intermediate Router] and VSI is replaced with VTSD [Virtual TRILL Switch Domain]. The TIR [TRILL Intermediate Router] devices are interconnected via PWs appear as a single emulated TRILL Site with each VTSD inside a TIR equivalent to a RBridge. The TIR devices must be capable of supporting both MPLS and TRILL. M.Umair & K.Smiler Expires January 7, 2016 [Page 7] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 +-----+ +-----+ | RBa +---+ ........................... +---| RBb | +-----+ | . . | +-----+ Site 1 | +----+ +----+ | Site 2 +----|TIR1| |TIR2|----+ +----+ MPLS Cloud +----+ . . . +----+ . ..........|TIR3|........... +----+ ^ | | | +-- Emulated TRILL +-----+ | RBc | +-----+ Site 3 Figure 3: Topological Model of VPTS/TIR connecting three TRILL Sites In the above figure (Figure 3) Site1, Site2 and Site3 (running TRILL protocol) are connected to TIR Devices. These TIR devices along with the MPLS cloud looks like an emulated TRILL Site with all the TRILL Sites connecting to MPLS cloud forming a single TRILL campus. Only the PE devices in the MPLS network should be replaced with TIRs that make the intermediate P routers agnostic to the TRILL protocol. Figure 4 below shows the topological model of TRILL over MPLS to connect multiple TRILL sites belonging to a tenant (tenant here is a campus, not a Data label) using VPTS model. VTSD1 and VTSD2 are two Virtual TRILL Switch Domains (Virtual RBridges) that segregates Tenant1's traffic from Tenant2's. VTSD1 will maintain its own TRILL database for Tenant1, similarly VTSD2 will maintain its own TRILL database for Tenant2. M.Umair & K.Smiler Expires January 7, 2016 [Page 8] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 +-----+ ............................ +-----+ |RBat1+---+ . ######################## . +---|RBbt1| +-----+ | . # # . | +-----+ Tenant1 Site 1| +-----+ +-----+ | Tenant1 Site 2 +----|VTSD1| |VTSD1|----+ +----|VTSD2| MPLS Cloud |VTSD2|----+ | +-----+ +-----+ | +-----+ | . # # . | +-----+ |RBat2+---+ . #########+-----+######### . +---|RBbt2| +-----+ ...........|VTSD1|........... +-----+ Tenant2 Site2 +---|VTSD2|----+ ^ Tenant2 Site 2 | +-----+ | | | | | +-----+ +-----+ +-----Emulated |RBct2| |RBct1| TRILL +-----+ +-----+ Tenant2 Site 3 Tenant1 Site 3 .... VTSD1 Connectivity #### VTSD2 Connectivity Figure 4: Topological Model of VPTS/TIR connecting 2 tenants with three TRILL Sites 4.1. Entities in the VPTS Model The CE devices are defined in [RFC4026]. The Generic L2VPN Transport Functional Components like Attachment Circuits, Pseudowires etc. are defined in [RFC4664]. The RB (RBridge) and TRILL Campus are defined in [RFC6325] This model introduces two new entities called TIR and VTSD. 4.1.1 TRILL Intermediate Routers [TIR] The TIRs [TRILL Intermediate Routers] must be capable of running both VPLS and TRILL protocols. TIR devices are superset of VPLS-PE devices which is defined in [RFC4026]. The VSI instance that provides transparent bridging functionality in the PE device is replaced with VTSD in TIR. M.Umair & K.Smiler Expires January 7, 2016 [Page 9] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 4.1.2 Virtual TRILL Switch Domain (VTSD) The VTSD [Virtual Trill Switch Domain] is similar to VSI (layer 2 bridge) in VPLS model, but this acts as TRILL RBridge. The VTSD is a superset of VSI and must support all the functionality provided by the VSI as defined in [RFC4026]. Along with VSI functionality, the VTSD must be capable of supporting TRILL protocols and form TRILL adjacency. The VTSD must be capable of performing all the operations that a standard TRILL Switch can do. One VTSD instance per tenant must be maintained, when multiple tenants are connected to the TIR. The VTSD must maintain all the information maintained by the RBridge on a per tenant basis. The VTSD must also take care of segregating one tenant traffic from other. 4.2. TRILL Adjacency for VPLS model The VTSD must be capable of forming TRILL adjacency with other VTSDs present in its peer VPTS neighbor, and also the RBridges present in the TRILL sites. The procedure to form TRILL Adjacency is specified in [RFC7173] and [RFC7177]. 4.3. MPLS encapsulation for VPLS model MPLS encapsulation over pseudowire is specified in [RFC7173], and requires no changes in the frame format. 4.4 Loop Free provider PSN/MPLS. This model isn't required to employ Split Horizon mechanism in the provider PSN network, as TRILL takes care of Loop free topology using Distribution Trees. Any multi-destination frame will traverse a distribution tree path. All distribution trees are calculated based on TRILL base protocol standard [RFC6325] as updated by [RFC7180bis]. 4.5. Frame processing. This section specifies multi-destination and unicast frame processing in VPTS/TIR model. 4.5.1 Multi-Destination Frame processing Any unknown unicast, multicast or broadcast frames inside VTSD should be M.Umair & K.Smiler Expires January 7, 2016 [Page 10] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 processed or forwarded through any one of the distribution tree's path. If any multi-destination frame is received from the wrong pseudowire at a VTSD, the TRILL protocol running in VTSD should perform a RPF check as specified in [RFC7180bis] and drops the packet. Pruning mechanism of Distribution Tree as specified in [RFC6325] and [RFC7180bis] can also be used for forwarding of multi-destination data frames on the branches that are not pruned. 4.5.2 Unicast Frame processing Unicast frames must be forwarded in same way they get forwarded in a standard TRILL Campus as specified in [RFC6325]. If multiple equal cost paths are available over pseudowires to reach destination, then VTSD should be capable of doing ECMP for them. 5. Extensions to TRILL Over Pseudowires [RFC7173] The [RFC7173] mentions how to interconnect a pair of Transparent Interconnection of Lots of Links (TRILL) switch ports using pseudowires. This document explains, how to connect multiple TRILL sites (not limited to only two sites) using the mechanisms and encapsulations defined in [RFC7173]. 6. VPTS Model Versus VPLS Model VPLS Model uses a simpler loop breaking rule: the "split horizon" rule, where a PE must not forward traffic from one PW to another in the same VPLS mesh. An issue with the above rule is that if a pseudowire between PEs fails, frames will not get forwarded between the PEs where pseudowire went down. VPTS solves this problem, since the VPTS Model uses distribution Trees for loop free topology, so frames reach all TIRs even when any one of the pseudowires fails in a mesh topology. If equal cost paths are available to reach a site over pseudowires, VPTS Model can use ECMP for processing of frames over pseudowires. M.Umair & K.Smiler Expires January 7, 2016 [Page 11] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 7. Security Considerations For general TRILL security considerations, see [RFC6325] For transport of TRILL by Pseudowires security consideration, see [RFC7173]. Since VPTS Model uses Distribution tree for processing of multi- destination data frames, it is always advisable to run at least one Distribution tree in a TRILL site per tenant, this will avoid data frames getting received on TRILL sites where end-station service is not enabled for that data frame. 8. IANA Considerations This document requires no IANA actions. RFC Editor: Please delete this section before publication 9. References 9.1 Normative References [RFC6325] Perlman, R., Eastlake 3rd, D., Dutt, D., Gai, S., and A.Ghanwani, "Routing Bridges (RBridges): Base Protocol Specification", RFC 6325, July 2011. [RF7180bis] Eastlake 3rd, D., Zhang, M., Perlman, R., Banerjee, A., A.Ghanwani, and Gupta, S, "Routing Bridges (RBridges): TRILL: Clarifications, Corrections, and Updates", work in progress. "https://tools.ietf.org/html/draft-ietf-trill- rfc7180bis-05" [RFC7173] Yong, L., Eastlake 3rd, D., Aldrin, S., and Hudson, J, "Transparent Interconnection of Lots of Links (TRILL) Transport Using Pseudowires", RFC 7173, May 2014. [RFC4762] Lasserre, M., and Kompella, V., Virtual Private LAN M.Umair & K.Smiler Expires January 7, 2016 [Page 12] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 Service (VPLS) Using Label Distribution Protocol (LDP) Signaling, RFC 4762, January 2007 [RFC4026] Andersson, L., and Madsen, T., Provider Provisioned Virtual Private Network (VPN) Terminology, RFC 4026, March 2005 [RFC4664] Andersson, L., and Rosen, E., Framework for Layer 2 Virtual Private Networks (L2VPNs), RFC 4664, September 2006 9.2 Informative References [IS-IS] ISO/IEC 10589:2002, Second Edition, "Information technology -- Telecommunications and information exchange between systems -- Intermediate System to Intermediate System intra-domain routeing information exchange protocol for use in conjunction with the protocol for providing the connectionless-mode network service (ISO 8473)", 2002. [RFC3985] Bryant, S., Ed., and P. Pate, Ed., "Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture", RFC 3985, March 2005. [RFC4023] Worster, T., Rekhter, Y., and E. Rosen, Ed., "Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE)", RFC 4023, March 2005. [RFC4448] Martini, L., Ed., Rosen, E., El-Aawar, N., and G. Heron, "Encapsulation Methods for Transport of Ethernet over MPLS Networks", RFC 4448, April 2006. [RFC7177] Eastlake 3rd, D., Perlman, R., Ghanwani, A., Yang, H., and V. Manral, "Transparent Interconnection of Lots of Links (TRILL): Adjacency", RFC 7177, May 2014. M.Umair & K.Smiler Expires January 7, 2016 [Page 13] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 [RFC7172] Eastlake 3rd, D., Zhang, R., Agarwal, P., Perlman, R., and Dutt, D, "Transparent Interconnection of Lots of Links (TRILL): Fine-Grained Labeling", RFC 7172, May 2014. Authors' Addresses Mohammed Umair IP Infusion RMZ Centennial Mahadevapura Post Bangalore - 560048 India EMail: mohammed.umair2@gmail.com Kingston Smiler IP Infusion RMZ Centennial Mahadevapura Post Bangalore - 560048 India EMail: kingstonsmiler@gmail.com Donald E. Eastlake 3rd Huawei Technologies 155 Beaver Street Milford, MA 01757 USA Phone: +1-508-333-2270 EMail: d3e3e3@gmail.com Lucy Yong Huawei Technologies 5340 Legacy Drive Plano, TX 75024 M.Umair & K.Smiler Expires January 7, 2016 [Page 14] INTERNET DRAFT TRILL Transparent Transport over MPLS July 6, 2015 USA Phone: +1-469-227-5837 EMail: lucy.yong@huawei.com M.Umair & K.Smiler Expires January 7, 2016 [Page 15]