Upload
get-your-build-on-with-software-for-the-network-beyond
View
1.414
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Building L2VPNs with Provider Backbone Bridging Ethernet VPN (PBB-EVPN) implementation and use cases.
Citation preview
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Building L2VPNs with Provider Backbone Bridging Ethernet VPN (PBB-EVPN) Implementation and Use Cases April 23rd, 2014 Tina Lam ([email protected]) Jose Liste ([email protected])
1
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Today’s Presenters
§ Tina Lam ([email protected]) Product Manager Cisco
§ Jose Liste ([email protected]) Technical Marketing Engineer Cisco
2
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Agenda
What is PBB-‐EVPN and its benefits?
PBB-‐EVPN in ASR9000
Demonstra?on
Summary
Use Cases
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
What is PBB-EVPN?
§ xEVPN family introduces next generation solutions for Ethernet services ‒ BGP control-plane for Ethernet Segment
and MAC distribution and learning over MPLS core
‒ Same principles and operational experience of IP VPNs
§ No use of Pseudowires ‒ Uses MP2P tunnels for unicast
‒ Multi-destination frame delivery via ingress replication (via MP2P tunnels) or LSM
§ Multi-vendor solutions under IETF standardization
E-LAN E-LINE E-TREE
EVPN VPWS
EVPN E-TREE
PBB-EVPN
EVPN
Focus of Presentation
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Business Advantages • All-Active (per-flow) access load-balancing • Fast convergence (link / node / MAC moves)
Business Continuity Service Robustness
• Control-plane (BGP) learning in the Core. PWs no longer used • Scalability of IP VPN. MAC address scalability Designed to Scale
• Per-flow and per-service access load-balancing • PE load-balancing (BGP multi-pathing). Access / core ECMP CapEx Optimization
• Peer PEs auto-discovery. Redundancy group auto-sensing • Operational consistency with L3 IP VPN
Ease of Provision and Operation
• Support existing and new service types (E-LAN, E-Line, E-TREE, VLAN-aware bundling) Service Flexibility
• Open standard • Multi-vendor support Investment Protection
5
PBB-EVPN in Cisco ASR9000
6
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Introducing PBB-EVPN in Cisco ASR 9000
§ Introducing the next-generation of L2VPNs – Provider Backbone Bridging Ethernet VPN (PBB-EVPN)
§ Support across Cisco ASR 9000 series router family ‒ From ASR9001-S to ASR9922
§ Support starting with Cisco IOS-XR release 4.3.21 (FCS 09/2013)
§ Enhanced Ethernet Line Cards (Typhoon) required as Ingress and Egress linecards
(1) PBB-EVPN support started in IOS-XR 4.3.2 and 5.1.1 releases
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB Ethernet VPN
§ Next generation solution for Ethernet multipoint (E-LAN) services by combining Provider Backbone Bridging (PBB - IEEE 802.1ah) and Ethernet VPN
§ Data-plane learning of local C-MACs and remote C-MAC to B-MAC binding
§ PEs run Multi-Protocol BGP to advertise local Backbone MAC addresses (B-MACs) & learn remote B-MACs ‒ Takes advantage of PBB encapsulation to simplify
BGP control plane operation – faster convergence
‒ Lowers BGP resource usage (CPU, memory) on deployed infrastructure (PEs and RRs)
§ Under standardization at IETF – WG draft: draft-ietf-l2vpn-pbb-evpn
Highlights
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
B-MAC: B-M1 B-M2
B-M2
BGP MAC adv. Route EVPN NLRI MAC B-M1 via PE2
B-MAC: B-M1
Control-plane address advertisement / learning over Core (B-MAC)
Data-plane address learning from Access • Local C-MAC to local B-
MAC binding
Data-plane address learning from Core • Remote C-MAC to remote
B-MAC binding
PBB Backbone
Edge Bridge EVPN
PBB-EVPN PE
C-MAC: MB
C-MAC: MA
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
To PBB or not to PBB? § What is the value of combining PBB
and EVPN functions? § Lower control-plane overhead than
EVPN alone ‒ PBB-EVPN uses only a sub-set of EVPN
routes
‒ Simpler and Faster failure convergence for all-active multi-homing scenarios
‒ Faster MAC move convergence handled in data-plane
§ Lower control-plane scale requirements than EVPN alone ‒ BGP MAC advertisements for smaller
Backbone MAC (B-MAC) address space
‒ Requires less resources (CPU, memory) on deployed infrastructure (PEs / RRs)
9
PBB
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Provider Backbone Bridging Overview § PBB (IEEE 802.1ah-2008) defines an
architecture that includes ‒ 224 service instances (I-SID) per B-VLAN
‒ MAC-in-MAC
§ I-Component ‒ Learns & forwards using C-MACs
‒ Maintains a mapping table of C-MACs to B-MACs
‒ Performs PBB encap/decap on PIP
§ B-Component ‒ Learns & forwards using B-MACs
‒ Push / pop B-VLAN on CBP
10
B-comp
I-comp
I-comp
I-comp
IB-BEB = I-/B-comp Backbone Edge Bridge I-SID = Backbone Service Instance Identifier PIP = Provider Instance Port CBP = Customer Backbone Port
PIP
CBP
IB-BEB
L2 C
ore
L2 A
cces
s
B-DA / B-SA B-Tag
I-TAG
C-DA / C-SA
Customer Frame
B-DA / B-SA
I-TAG
C-DA / C-SA
Customer Frame
C-DA / C-SA
Customer Frame
6B
4B
12B
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Concepts
Ethernet Segment
• Represents a ‘site’ connected to one or more PEs
• Uniquely identified by a 10-byte global Ethernet Segment Identifier (ESI)
• Could be a single device or an entire network Single-Homed Device (SHD) Multi-Homed Device (MHD) Single-Homed Network (SHN) Multi-Homed Network (MHN)
BGP Routes
• EVPN and PBB-EVPN define a single new BGP NLRI used to carry all EVPN routes
• NLRI has a new SAFI (70) • Routes serve control plane
purposes, including: MAC address reachability MAC mass withdrawal Split-Horizon label adv. Aliasing Multicast endpoint discovery Redundancy group discovery Designated forwarder election
EVPN Instance (EVI)
• EVI identifies a VPN in the network
• Encompass one or more bridge-domains, depending on service interface type Port-based VLAN-based (shown above) VLAN-bundling VLAN aware bundling (NEW)
BGP Route Attributes
• New BGP extended communities defined
• Expand information carried in BGP routes, including: MAC address moves C-MAC flush notification Redundancy mode MAC / IP bindings of a GW Split-horizon label encoding
PE
BD
BD
EVI EVI
PE1
PE2
CE1
CE2
SHD
MHD
ESI1
ESI2
Route Types [1] Ethernet Auto-Discovery (AD) Route
[2] MAC Advertisement Route
[3] Inclusive Multicast Route
[4] Ethernet Segment Route
Extended Communities ESI MPLS Label
ES-Import
MAC Mobility
Default Gateway
Used by PBB-EVPN
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Model Cisco ASR 9000
BD-1
BD-2
BD-3
BD-4 I-SID X
I-Component: PBB Edge Bridges Domain
B-Component: PBB Core Bridges Domain
I-SID Y
I-SID Z
BD-5
EVI aaa
EVI bbb
Interface (Physical / Bundle) Ethernet Segment Identifier (ESI) Source B-MAC
MPLS EVPN
Forwarder
Ethernet Flow Points (EFP) (Layer2 sub-if)
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Model Cisco ASR 9000
BD-1
BD-2
BD-3
BD-4 I-SID X
I-SID Y
I-SID Z
BD-5
EVI aaa
EVI bbb VFI
EoMPLS PW
VPLS VFI
MPLS EVPN
Forwarder
VPLS VFI (PBB-VPLS)1
VFI
(1) Co-existence of VPLS VFI and EVI under same Core BD in IOS-XR 5.1.2 (Apr. 14)
Connecting with existing services
I-Component: PBB Edge Bridges Domain
B-Component: PBB Core Bridges Domain
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Encapsulation
B-DA B-SA
E-type (I-TAG 0x88E7) I-TAG
DA SA
802.1q Tag (0x8100) C-VID
Payload E-Type
Payload
DA SA
E-type (802.1q 0x8100) C-VID
Payload E-Type
Payload
EVPN MPLS label Control Word
PBB Header
Customer Frame
BD BD I-SID X EVI aaa
EVPN Forwarder
DA (NH router) SA
E-type (MPLS 0x8847) PSN MPLS label
EVPN MPLS label Control Word
PBB Header
Customer Frame
6B
6B
2B
4B
4B
4B
18B
4B
24-bit I-SID inside I-TAG
MPLS Ethernet Access
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PBB-EVPN Operation Multicast Tunnel ID / Endpoint Discovery1
15
BD
EVPN Forwarder
BD
BD I-SID X
I-SID Y Flood List Entry 1: PE 2 – label D Entry 2: PE 4 – label E
I-SID Y
EVI aaa
PE2
PE3
PE4
PE1
I-SID X Flood List Entry 1: PE 2 – label A Entry 2: PE 3 – label B Entry 3: PE 4 – label C
X
X
X
Y
Y
RR
At start-up, PEs send EVPN Inclusive Multicast routes to signal I-SID membership
Inclusive Multicast route signals MPLS label to be used in the downstream direction
1
2
2
EVPN Inclusive Multicast route
CE2
CE4
CE1
CE3
(1) Ingress / Head Replication model shown
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PBB-EVPN Operation B-MAC Reachability Advertisement
16
BD
EVPN Forwarder
BD
BD I-SID X
I-SID Y
EVI aaa
PE3 PE1
L2 Routing Information Base (RIB) B-DA2; Next Hop PE2; label F B-DA3; Next Hop PE3; label G B-DA4; Next Hop PE4; label H
CE2
PE2
CE4 PE4
B-DA2
B-DA4
RR
B-DA1
CE1
2
At start-up, PEs send EVPN MAC Advertisement route for local B-MAC/EVI
1
B-DA3
MAC Advertisement route signals MPLS label to be used in the downstream direction
EVPN MAC Advertisement route
CE3
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PBB-EVPN Operation Multi-Destination Traffic Forwarding (Per-ISID Ingress Replication)
17
BD
EVPN Forwarder
BD
BD I-SID X
I-SID Y Flood List Entry 1: PE 2 – label D Entry 2: PE 4 – label E
I-SID Y
EVI aaa
PE2
PE3
PE4
PE1
I-SID X Flood List Entry 1: PE 2 – label A Entry 2: PE 3 – label B Entry 3: PE 4 – label C
X
Ingress replication with Per-ISID flooding 3 copies for I-SID X 2 copies for I-SID Y
Multi-destination Traffic • Unknown unicast • Broadcast • Multicast
1
2
CE2
CE4
CE3
X Y
X Y
CE1
B-DA1 C-MAC1a
SA: C-MAC1a DA: FFFF.FFFF.FFFF SA: C-MAC1b DA: FFFF.FFFF.FFFF
C-MAC1b
CAM Table I-SID X Entry1: C-MAC1a; B-DA1 CAM Table I-SID Y Entry1: C-MAC1b; B-DA1
3
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
MPLS
PBB-EVPN Operation Known Unicast Traffic Forwarding
18
BD
EVPN Forwarder
BD
BD I-SID X
I-SID Y
EVI aaa
PE3 PE1
CAM Table I-SID X Entry1: C-MAC1a; local Entry2: C-MAC2; B-DA2 Entry3: C-MAC4; B-DA4
L2 Routing Information Base (RIB) B-DA2; Next Hop PE2; label F B-DA3; Next Hop PE3; label G B-DA4; Next Hop PE4; label H
Known Unicast Traffic CE2 C-MAC2
PE2
CE4
C-MAC4 PE4
B-DA2
B-DA4
B-DA1 C-MAC1a CE1
SA: C-MAC1a DA: C-MAC2 SA: C-MAC1a DA: C-MAC4
1
Lookup
Lookup B-DA2 B-DA4
PE2; label F
PE4; label H
Known Unicast delivered to specific remote PEs
2
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Failure Scenarios / Convergence Link / Segment Failure – All-Active Load-Balancing
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
PE3, PE4 RIB VPN MAC ESI RT-a B-M1 n/a
Path List NH PE1 PE2
PE1 withdraws B-MAC advertised for failed segment (B-M1)
2
PE2 reruns DF election. Becomes DF for all I-SIDs on segment
4 PE3 / PE4 remove PE1 from path list for B-MAC (B-M1)
3
PE1 detects failure of one of its attached segments
1
PE1
B-M1
B-M1
B-M2
B-M2
PE1 withdraws Ethernet Segment Route
2
At idle state, PE3, PE4 install two (2) next hops for B-MAC B-M1
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Operational Scenarios MAC Mobility
20
MAC Mobility
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
MPLS
PE1
CE1
PE2
PE3
CE3
PE4
VID 100 SMAC: M1 DMAC: M2
PE1 learns C-MAC M1 on local port and forwards across core according to C-MAC DA to Remote B-MAC mapping
1 Host M1 moves from CE1 to CE3’s location
3
M1 M1 M1
VID 100 SMAC: M1 DMAC: F.F.F
Via data-plane learning, PE3 learns C-MAC M1 via B-MAC B-M1
2
After move, host sends Gratuitous/Reverse ARP at new location, PE3 updates C-MAC M1 location (local port.) PE3 also forwards across core according to C-MAC DA to Remote B-MAC mapping
4
Via data-plane learning, PE1 updates C-MAC M1 location (via B-MAC B-M2)
5
B-M1
B-M1
B-M2
B-M2
L1 L2 PBB
PE1 MAC Table I-SID xyz
C-MAC B-MAC M1 -
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M1
PE3 MAC Table I-SID xyz
C-MAC B-MAC M1 -
PE1 MAC Table I-SID xyz
C-MAC B-MAC M1 B-M2
1
4
1 4
2
5
B-M1
B-M1
B-M2
B-M2
L3 L4 PBB
MAC Mobility event handled entirely by data-plane learning
Multi-Homing Use Cases
21
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN
§ Null Ethernet Segment Identifier (ESI)
§ No DF election / No vlan carving
Access Multi-Homing Options
22
PE1
CE1 MPLS Core
PE2
BMAC 1 ESI W
BMAC 1 ESI W
Dual Home Device (DHD) All-Active (Per-Flow) LB
VID X
VID X
PE1
CE1 MPLS Core
PE2
BMAC 2 ESI W
BMAC 1 ESI W
Dual Home Device (DHD)
Single-Active (Per-Service) LB
VID X
VID Y
§ Main candidate for Data Center deployments
§ Identical B-MAC and ESI on PEs
§ Different B-MACs and identical ESI on PEs
§ Per service (I-SID) carving (manual or automatic)
§ CE flush via STP TCN / MVRP
PE1
CE1
MPLS Core
ESI Null
Single Home Device (SHD) Single Home Network (SHN)
VID X
VID X
CE2 ESI Null
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Access Multi-Homing Options (cont.)
23
PE1
CE1 MPLS Core
PE3
BMAC 1 ESI W
BMAC 1 ESI W
Multi Home Device (MHD) All-Active (Per-Flow) LB
VID X
VID X
Multi Home Device (MHD)
Single-Active (Per-Service) LB
§ More than two (2) PEs in redundancy group
§ Same as DHD All-Active Load-balancing
§ More than two (2) PEs in redundancy group
§ Same as DHD Single-Active Load-balancing
PE2
PE1
CE1 MPLS Core
PE3
BMAC 3 ESI W
BMAC 1 ESI W
VID X
VID Z
PE2 VID Y VID X
BMAC 1 ESI W
BMAC 2 ESI W
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Access Multi-Homing Options (cont.)
24
MPLS Core
§ Treated as SHN by PEs
‒ Null ESI; No DF election / No service carving
§ Ring operation controlled by R-APS protocol
MPLS Core
§ Treated as SHN by PEs
‒ Null ESI; No DF election / No service carving
§ Segment operation controlled by REP protocol
§ Different B-MAC on PEs
§ Identical ESI on PEs
§ Per service (I-SID) carving (manual or automatic)
§ CE flush via STP TCN / MVRP
PE1
PE2 CE2
CE1
Dual Home Network (DHN) Single-Active (Per-Service) LB
MPLS Core
BMAC 2 ESI W
BMAC 1 ESI W
VID X
VID Y
PE1
PE2 CE2
CE1
REP
Dual Home Network (DHN) REP
ALT port
REP Edge No Neighbour
REP-AG REP-AG
ESI Null
ESI Null
VID X
VID Y
VID X
VID Y
PE1
PE2 CE2
CE1
G.8032 Open Sub-ring
Dual Home Network (DHN) ITU-T G.8032
R-APS
RPL Link
ESI Null
ESI Null
VID X
VID Y
VID X
VID Y
Demonstration
25
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Demonstration Topology
P
P
P
P
PE3 ASR9006
PE1 ASR9006
PE2 ASR9001
CE2
CE3
CE1
TG
TG
TG I-SID 111010
I-SID 111020
I-SID 111030
EVI 111
Three (3) E-LAN services between CE-1, CE-2, CE-3
DHD Active/Active per Flow
SHD SHD with Bundle
Legend: SHD = Single-Home Device DHD = Dual-Home Device TG = Traffic Generator
Lo0 14.14.14.7
Lo0 14.14.14.5
Lo0 14.14.14.6
Focus of Demonstration
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
Summary § PBB-EVPN is a next-generation L2VPN solution based on BGP control-plane for
MAC distribution/learning over the core § PBB-EVPN was designed to address following requirements: ‒ All-active Redundancy and Load Balancing
‒ Simplified Provisioning and Operation
‒ Optimal Forwarding
‒ Fast Convergence
§ In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy provides: ‒ Simplified control plane operation and faster convergence
‒ Lower control-plane scale requirements (BGP CPU and memory)
‒ MAC address Scalability
§ PBB-EVPN applicability goes beyond DCI into Carrier Ethernet use cases
27
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
References
§ Cisco.com PBB-EVPN User Documentation: http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/lxvpn/configuration/guide/lesc51x/lesc51pbb.html
§ (Video / Slides) Cisco Live 365: BRKMPL-2333: E-VPN and PBB-EVPN: The Next Generation of MPLS-Based Layer 2 VPN (2014 Milan) https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=76547
§ You can also meet us at Cisco Live 2014 – San Francisco (May 19-24) ‒ Breakout Session: BRKMPL-2333 ‒ Request a Meet The Expert (MTE) session
28
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
© 2014 Cisco and/or its affiliates. All rights reserved. [email protected] Cisco Public
PBB-EVPN Shipping Features
IOS-XR 4.3.2 – Aug 2013 XR 5.1.2 – Apr 2014
ASR9K1 PBB-EVPN Introduction • Port, VLAN, VLAN-bundle Mode • PE Auto-discovery • Ethernet Segment Identifier Auto-config w/ LACP • Single-homing • Single-active Multi-homing • All-active Multi-homing • Access Redundancy w/ LACP, G.8032, MST, nV Cluster
• Designated Forwarding (DF) election • MAC Mobility • Multicast Ingress Replication • BGP ISSU and NSR • BGP Route Reflector (RR) for PBB-EVPN
PBB-EVPN Enhancement • MAC Security on PBB-EVPN • PBB-EVPN and PBB-VPLS Seamless Integration
IOS XE 3.11 – Nov 2013
ASR1K • BGP Route Reflector (RR) for PBB-EVPN
(1) Requires use of Enhanced Ethernet Linecards (Typhoon) for access-facing and core-facing interfaces