Network Working Group Internet Draft B. Mack-Crane Intended status: Informational L. Yong Huawei Expires: April 2012 October 17, 2011 Shortest Path Bridging (SPB) over an MPLS Packet Switched Network draft-mack-crane-l2vpn-spb-o-mpls-00.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Distribution of this document is unlimited. Comments should be sent to the DNSEXT working group mailing list: . Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this Mack-Crane & Yong Expires April 17, 2012 [Page 1] Internet-Draft SPB over MPLS October 2011 document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the BSD License. Abstract This informational document describes ways to interconnect a Shortest Path Tree (SPT) Region over WAN connections using MPLS Pseudo Wires (PWs) with existing SPB and MPLS standards. It also describes how a combination of SPB and MPLS can provide a hierarchical scalable L2VPN. Table of Contents 1. Introduction...................................................2 2. Use Cases......................................................3 2.1. Point-To-Point Interconnection............................4 2.2. Multiple Interconnections.................................5 2.3. Hierarchical L2VPN with SPB and MPLS......................7 3. Security Considerations........................................9 4. IANA Considerations............................................9 5. Acknowledgements...............................................9 6. References.....................................................9 6.1. Normative References......................................9 6.2. Informative References...................................10 1. Introduction The IEEE Shortest Path Bridging (SPB) standard [802.1aq] provides optimal pair-wise data frame forwarding with little or no configuration in multi-hop networks of arbitrary topology. This network behavior is implemented by Shortest Path Tree (SPT) Bridges that automatically confederate (i.e., recognize compatibly configured neighbors) to form SPT Regions within which shortest path bridging is provided. The data plane controlled by SPT Bridges is unchanged from earlier bridging standards except for the addition of a reverse path forwarding check option. The ECMP project [802.1Qbp] will add support for multipath load spreading for both unicast and multicast traffic. SPB enables a new method to construct enterprise and cloud data center networks. This document describes use cases for SPB over an MPLS Packet Switched Network (PSN) and introduces a new hierarchical L2VPN architecture that uses SPB and IP/MPLS and documents the related Mack-Crane & Yong Expires April 17, 2012 [Page 2] Internet-Draft SPB over MPLS October 2011 configurations and references for proper interworking. In the use cases described the SPBM mode (MAC address based) is used, implying the existence of a Provider Backbone Edge Bridge function (MAC-in- MAC encapsulation) [802.1Q] at the boundary of the SPT Region. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Acronyms used in this document include the following: AC - Attachment Circuit CE - Customer Edge IS-IS - Intermediate System to Intermediate System MPLS - Multi-Protocol Label Switching PE - Provider Edge PPP - Point to Point Protocol PW - Pseudo Wire SPB - Shortest Path Bridging SPT - Shortest Path Tree VSI - Virtual Switching Instance 2. Use Cases SPT Regions at different locations may be interconnected by networks that are implemented with different technologies to form one larger SPT Region. This section describes use cases assuming that IP/MPLS technology is available. From the MPLS network view, SPT Bridges act as Customer Edge (CE) devices and connect to PEs via an attachment circuit (AC). SPT Bridges [802.1aq] support deterministic forwarding behavior over point-to-point links. Section 2.1 describes SPT Region interconnection over a single point-to-point link provided by an MPLS network. Section 2.2 describes interconnecting multiple SPT Regions using multiple PWs. Section 2.3 introduces a hierarchical L2VPN solution that uses SPT Bridges and MPLS in a tiered architecture. Mack-Crane & Yong Expires April 17, 2012 [Page 3] Internet-Draft SPB over MPLS October 2011 2.1. Point-To-Point Interconnection Two SPT Bridges are interconnected by either an Ethernet or PPP PW over a MPLS network. The PW is configured between a pair of PEs to provide part of the point-to-point link between two SPT Bridges. Figure 1 illustrates this architecture. Each SPT Bridge connects to a PE via an AC and acts as a CE device. The MPLS PSN is bounded by the PEs. The link across the IP/MPLS PSN enables the site A and site B SPT Bridges to form one SPT Region. MPLS supports many pseudo wire transport encapsulations [RFC4446]. Two types of links between Bridges have been standardized: Ethernet [RFC4448] and PPP [RFC3518, RFC4618]. A Bridge port connected to an AC may be mapped to a PW with Ethernet encapsulation [RFC4448]. The PW between two PEs can be auto-configured [RFC4447] or manually configured; the two Bridges then appear directly interconnected with an Ethernet link. When the Bridge ports connected to the ACs are configured with PPP, the PEs may be configured as a PW with PPP encapsulation [RFC4618]. After the PW is established between two PEs, the two RBridges then appear directly interconnected with a PPP link. Because the frames between the bridges are encapsulated within PPP, if the PEs have the capability to add or remove PPP encapsulation, it is an independent decision for each AC and for the PW whether each is PPP or Ethernet. An SPB adjacency is automatically established over an Ethernet link or PPP link. The PW provides transparent transport between ACs. Note: For Ethernet PW configuration, PE SHOULD use the raw mode and non-service-delimiting options. <---------- SPB Link ----------> *-------* <-------PW-------> *-------* | | AC +----+ +---+ +----+ AC | | | SPT +----| PE |----| P |---| PE |----+ SPT | |Bridge | +----+ +---+ +----+ |Bridge | |Site A | { PSN } |Site B | *-------* *-------* { One SPT Region } Figure 1 P2P SPB Link over IP/MPLS PSN Use Case I Mack-Crane & Yong Expires April 17, 2012 [Page 4] Internet-Draft SPB over MPLS October 2011 As networks converge, it is possible that one operator controls both the SPT Region as well as the core MPLS network. Figure 2 illustrates this use case, in which SPT Bridges are also MPLS PE enabled. The interworking between the SPT network and the MPLS PSN is within one device. In this case, a virtual Ethernet interface is configured between the SPT Bridge component and PE component on the SPT/PE device and a Packet-PW is configured between two PE components on two devices to emulate the virtual Ethernet link. An SPB adjacency is established between two RB/PE devices after the PW is established. In this case, SPB runs in the client layer and MPLS runs in the Server Layer; SPB/PE devices support both client and server layer control plane and data plane functions. *---------* *---------* | SPT |<------- SPB Link ------>| SPT | | Site A | (Client Layer) | Site B | | +-------+ +---+ +-------+ | | |SPB/PE |-----| P |------| PE/SPB| | | +-------+ +---+ +-------+ | | |<--------- PW ---------->| | | | (Server Layer) | | *---------* *---------* { PSN } { One SPT Region } Figure 2 P2P SPB-Link over IP/MPLS PSN Use Case II In both case I and II, the PE treats an SPT Bridge as a generic CE and has no awareness of SPB capability on the CE. Use case I enables the business models when the SPT Region and Core MPLS may be operated by different operators or the same operator. In the case of different operators, the core MPLS operator can sell a VPWS service to the SPB operator. Use case II provides the model where the SPT Region and the core network are operated by the same operator but use different technologies in edge and core domains of the network. A PW may cross multiple MPLS domains [RFC5659]. In this case, SPT Bridges connect to T-PEs and it works in the same way as single domain. 2.2. Multiple Interconnections More than two SPT sites may be interconnected by a full or partial mesh of PWs. The PWs provide a set of links interconnecting the SPT sites and enable the formation of one SPT Region. Interconnecting Mack-Crane & Yong Expires April 17, 2012 [Page 5] Internet-Draft SPB over MPLS October 2011 multiple sites using PWs is preferable to using a VPLS (VLAN) service because it allows deterministic control of traffic placement and traffic engineering (assuming the PWs provide a bandwidth SLA). PWs can provide multiple connections to a single physical interface if VLAN tags are used for service selection (Ethernet VLAN ACs). Virtual ports can be provisioned on the SPT Bridge by using a port- mapping S-VLAN component [802.1Qbc]. The S-VID is then used for service selection to map traffic to each PW connection. Figure 3 shows the use of PWs to interconnect three SPT Bridges. One SPT Region is formed across three different sites. Three PWs are configured, providing a full mesh between the three sites. Each SPT site connects to the others via PWs selected by the service- delimiting S-VID on the AC. So in this use case the PEs should use raw mode with service-delimiting. *-------* ........................... *-------* | | . . | | | SPT | +----+ PWs +----+ | SPT | | Region|---| ********************** |--| Region| | Site 1|---| PE ***** ***** PE |--| Site 2| | | ^ +----+ **** **** +----+ | | | | | . +*--*+ . *-------* *-------* | ..........| |........... | | PE | | +----+ S-Tagged | | Ethernet VLAN ACs | | *---------* | SPT | | Region | | Site 3 | *---------* Figure 3 Multiple SPT sites interconnected by PWs The scenario in Figure 3 can also be applied to interconnect multiple SPT Bridges when a device serves both SPT Bridge and PE functions. This use case is addressed in the following section. Note: If CEs at a site happen to be regular C-VLAN bridges, the site may be connected to a SPT Bridge via a virtual port bound to an I- Component. This enables MAC-in-MAC encapsulation to be performed Mack-Crane & Yong Expires April 17, 2012 [Page 6] Internet-Draft SPB over MPLS October 2011 before the traffic enters the SPT Region without requiring upgrade at the C-VLAN bridging site. In this case the PW at the PE connected to the C-VLAN bridging site could be configured as raw mode, non service-delimiting. 2.3. Hierarchical L2VPN with SPB and MPLS H-VPLS in [RFC4762] describes a two-tier hierarchical solution for the purpose of pseudo wire (PW) scalability improvement. This improvement is achieved by reducing the number of PE devices connected in a full-mesh topology through connecting CE devices via the lower-tier access network, which in turn is connected to the top-tier core network. However, H-VPLS solutions in [RFC4762] require learning and forwarding based on customer MAC addresses, which poses scalability issues as the number of VPLS instances and customer MAC addresses increase. [PBB-VPLS] describes how to use PBB (Provider Backbone Bridges) at the lower-tier access network to solve the scalability issue, in which the transit network nodes only learn and forward on PBB port MAC addresses instead of customer MAC addresses. Figure 4 depicts the hierarchical L2VPN architecture with SPT Bridge/MPLS technologies. An IP/MPLS network serves the top-tier core network function while an SPT Region serves as the low-tier access network function. A SPB/PE enabled device is placed at the border of the two-tier networks. Ethernet PWs, as described in Section 2.1, are configured between pairs of PE components in the top-tier IP/MPLS network, which construct a full mesh of links among the SPB/PE devices. The SPT Bridge component on a SPB/PE device and other SPT Bridges at the same site serve as the low-tier access network. Customer CEs connect to SPT Bridges at each site directly. This architecture provides E-LAN or E-VLAN connectivity among customer CEs connecting to the SPT Region sites. The transit SPT Bridge node only forwards and learns other SPT Bridge addresses and the number of PWs in the top-tier core network is not related to the number of devices connecting to Customer CEs. This makes the solution scale very well. In addition, SPB technology supports multiple links from one SPT Bridge to multiple other SPT Bridges and prevents loops, which provides the flexibility to construct the networks based on traffic demands and dynamically reroute traffic when necessary. Figure 4 shows that one SPT Bridge in campus site 1 connects to two SPB/PE devices and one SPB/PE device connects two SPT Bridges at Site 3. Mack-Crane & Yong Expires April 17, 2012 [Page 7] Internet-Draft SPB over MPLS October 2011 +---------+ ........................... +--------+ | | . IP/MPLS Core . | | | | . . | +-- CE--+ | +----+ PW +----+ | | | SPT +---|SPB/|********************|SPB/|--+ SPT |CEs . --+ Region +-+ | PE |**** ****| PE |\ | Region +-- . | Site 1 | | +----+ **** **** +----+ -+ Site 3 | . --+ | | . +*--*+ . | | | | | ..........|SPB/|........... +--------+ CE--+ | +--------------| PE | | | +----+ +---------+ | | +---------+ | SPT | | Region | | Site 2 | +-+----+--+ |... | CEs Figure 4 Hierarchical L2VPN with SPB and MPLS There are several advantages to using SPT Bridge/MPLS based L2VPNs: 1) Scalability improvement; 2) Auto-configuration; 3) Good efficiency and loop prevention; 4) Multipath support (based on 802.1Qbp). The solution also has advantages over some alternative solutions: 1. SPT Bridges provide deterministic forwarding behavior, allowing network tuning and traffic engineering; 2. SPB supports shortest path for both unicast and multicast traffic; 3. SPT Bridge core interfaces do not have to be upgraded to support a new encapsulation; 4. I-SID supports over 16M tenants; 5) Mature OAM functionality, Ethernet OAM (802.1ag and Y.1731) can be applied to SPB VLANs. Note: It is possible to construct a Tiered L2VPN in the combination of Figure 4 and 3, i.e. some locations use SPB/PE enabled device and some location use separated SPT Bridge and PE devices in a Hierarchical L2VPN. Mack-Crane & Yong Expires April 17, 2012 [Page 8] Internet-Draft SPB over MPLS October 2011 3. Security Considerations The IS-IS authentication mechanism [RFC5304] [RFC5310] can be used to prevent fabrication of link-state control messages including those discussed in this document. The use cases do not introduce any new security considerations for MPLS networks. 4. IANA Considerations This document requires no IANA actions. 5. Acknowledgements The authors would like to acknowledge the contributions of Donald E. rd Eastlake, 3 , Sue Hares, and Sam Aldrin. 6. References 6.1. Normative References [RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement Levels," BCP 14 and RFC 2119, March 1997 [RFC3518] Higashiyama, M., etc, "Point-to-Point Protocol (PPP) Bridging Control Protocol (BCP)", RFC 3518, April 2003. [RFC4446] Martini, L., "IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)", BCP 116, RFC 4446, April 2006. [RFC4447] Martini, L., etc, "Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)", RFC4447, April 2006. [RFC4448] Martini, L., "Encapsulation Methods for Transport of Ethernet over MPLS Networks", BCP 116, RFC 4446, April 2006. [RFC4618] Martini, L., "Encapsulation Methods for Transport of PPP/High-Level Data Link Control (HDLC) over MPLS Networks", BCP 116, RFC 4618, September 2006. [RFC4762] Lasserre, M., and Kompella, V., "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC4762, January 2007 Mack-Crane & Yong Expires April 17, 2012 [Page 9] Internet-Draft SPB over MPLS October 2011 [RFC5304] Li, T. and Atkinson, R, "IS-IS Cryptographic Authentication," RFC 5304, October 2008 [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., and M. Fanto, "IS-IS Generic Cryptographic Authentication", RFC 5310, February 2009 [RFC5659] Bocci, M and Bryant, S, "An Architecture for Multi-Segment Pseudowire Emulation Edge-to-Edge", RFC 5659, October 2009. [802.1Q] IEEE Std 802.1Q 2011, Media Access Control (MAC) Bridges and Virtual Bridge Local Area Networks, August 2011. [802.1Qbc] IEEE Std 802.1Qbc 2011, Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks-Amendment 16: Provider Bridging-Remote Customer Service Interfaces, September 2011. 6.2. Informative References [PBB-VPLS] Sajassi, A, etc, "VPLS Interoperability with Provider Backbone Bridges", draft-ietf-l2vpn-pbb-vpls-interop, work in progress, 2011 Mack-Crane & Yong Expires April 17, 2012 [Page 10] Internet-Draft SPB over MPLS October 2011 Authors' Addresses Ben Mack-Crane Huawei Technologies 5340 Legacy Drive Plano, TX 75025 Phone: 630-810-1132 Email: ben.mackcrane@huawei.com Lucy Yong Huawei Technologies 5340 Legacy Drive Plano, TX 75025 Phone: 469-227-5837 Email: lucy.yong@huawei.com Mack-Crane & Yong Expires April 17, 2012 [Page 11]