Monday, August 6, 2012

Ethernet VPN - Layer 2 Scalability

MPLS (Multi-Protocol Label Switching) is matured technology & has widely been opted by most of the service providers across the globe. Initially it has been deployed for fast switching but due to its scalability, resiliency & protocol agnostic nature made it more successful across the network. MPLS not only provides the wan connectivity but also acts as a platform for service providers to offer different kind of services which can further be used for monetization purpose. VPLS (Virtual Private LAN Services) is one of the service offering in MPLS which helps to provide the extension of broadcast domain from one to multiple sites over the wan. VPLS became more popular after the outburst of data center interconnects. The utmost reason for the extension of layer 2 domains is workload mobility (Migration of Virtual machines from one data center to another), high availability clusters, and geographical redundancy.
Current Challenges with VPLS
1. Scaling of thousands of MAC addresses (Single VM requires single mac address):- Virtualization applications are fueling the need of the mac-address in the network. A single server which can host hundreds of virtual machines and every machine consume one mac address which clearly justifies the scaling requirement of mac-address tables.

2. Optimal forwarding of multicast:- Multicast LSP can be formed in conjunction with VPLS but limited to point to multipoint which consumes more network resources as there is no defined set of parameters in VPLS to create multipoint to multipoint multicast LSPs.

3. MultiHoming:- VPLS supports Active/standby BGP multi homing model. MultiHoming with all active attached circuits is not possible. In contract, customer can utilize only 50% of the links in lieu of 100% payment.

4. C-Mac (Customer Mac) Transparency:- Current VPLS solution doesn’t support the transparency of customer mac address.

5. Fast Convergence for C-Mac Flushing:- In case of failure of virtual machines or physical servers, network re-convergence will occur which may lead to the mac flushing problems.

Proposed Solution
Ethernet Virtual Private Network (E-VPN) is the proposed solution to overcome the issues highlighted by VPLS. E-VPN uses the existing MPLS/IP backbone to transport the layer 2 connectivity among the various data centers which are part of same VPN. Being layer-2 extension, the solution treats the mac addresses as routable addresses and uses the existing MP-iBGP protocol to carry the customer mac addresses. In E-VPN, mac learning at the edge routers doesn’t occur in data plane but in the control plane consequences more control could be applied in terms of the learning mechanism. The process is similar to the IPVPN as mentioned in RFC 4364. The policy attributes specified in E-VPN are almost similar in MPLS VPN. RD and RT remains the same, but instead of virtual routing forwarding instance we have now Ethernet VPN Instance. The information about Ethernet TAG of EVI is advertised by the new BGP NLRI which is E-VPN.

Figure 1
In EVPN, the mac learning could be of two types:- 1. Local Mac Learning 2. Remote Mac Learning In local mac learning process, MPLS Edge Switch (MES) must support the local mac learning process through standard protocols. Once the local learning process gets complete, MES can advertise the locally learn mac address to remote MES nodes via MP-iBGP. This process of receiving the remote mac addresses of attached customer via MP-iBGP is known as remote mac learning process.
Solution for MultiHoming and Avoiding Layer 2 Loops in EVPN
Ethernet Segment ID (ESI) is used when Customer Edge device is multi homed to different MPLS Edge Switches as shown in Figure 2. It has new MPLS BGP Label Extended community which is used for split horizon procedures in multi homing scenarios. As depicted in figure 2, host H1 has mac address of M1. It sends the broadcast request to MES-1 and MES2. MES-1 and MES-2 identified that the request is coming from Extended Segment ID-1, so before replicating the frames both MESs will append a split horizon label on the frames. Once it will be done, frames get exchanged among the MESs. All MESs check the SH label and if found the same ESI-1 is directly attached, the traffic is silently dropped because a frame originated by a segment must not be received by the same segment. This technique helps to avoid loops in multi homing scenarios.

Figure 2
Note:- Split horizon label is only used for unknown unicast, multicast and broadcast
Role of Designated Forwarder
As per figure 2, MES-3 and MES-4 will receive the multi destination frames via MP-iBGP for particular segment. How will it be decided which MES has to forward the frames to downstream segment? Only Designated Forwarder will forward the frames to particular segment and Designated forwarder election is performed by each PE advertising the ESI in BGP route. All the non-Designated Forwarder MES will block their respective port for that segment as shown in Figure 3.

Figure 3
Load Balancing
As per figure 3, MES-3 & MES-4 is receiving the update of host H1 with Mac M1 from MES-1 and MES-2 with Ethernet segment of ESI-1. So MES-3 and MES-4 install the two routes in the Forwarding Information Base. Once the traffic of M1 destination is received both the routers will do the load balancing during forwarding. The core will forward the traffic on the basics of next hop information for M1 which is MES-1 and MES-2.
Scaling by using Provider Backbone Bridge (PBB)
The EVPN scalability is achieved by using the existing technique of Provider Backbone Bridge aka PBB. Below are the advantages while using PBB in EVPN:-
1. Subnetting of C-MAC addresses is not possible. But by using PBB, B-MAC addresses can be subnetted easily which leads to mac address scalability.

2. In case of shifting of VM or local customer networks from one DC to another requires lot of mac flushing. But by using B-MAC that C-MAC flushing will become transparent which leads to fast convergence.

3. Per Site Policy Support by using B-MAC

4. Device MultiHoming

5. Network MultiHoming

6. C-MAC addresses need to be distributed in BGP but by using PBB-EVPN C-MAC advertisement could be limited by assigning multiple C-MAC addresses to single B-MAC address.

EVPN requirement
Download Full Document

People who read this post also read :


Anonymous said...

Hi, at the beginning I would like to point out, that Í do not have a wide overview about different vendors of L2 MPLS systems.

Regarding MP2MP services I do have the problem, that MPLS do not offer the possibilty of using ring protections like RSTP in an ordinary PB network. MPLS just offer Split Horizion and asking for "any to any" LSPs, which is, in my point ov view, a waste of bandwidth. How to overcome this problem in an E-LAN service with 30-50 memebrs is a "still open" question for me.

How do provider act with this fact in their networks?

Shivlu Jain said...

in PB network, BPDUs are trasparently forwarded over the backbone. The best is to deploy E-VPN which can help you to get rid of the issues you are facing in legacy VPLS domain. The best part of EVPN is that is has TTL value too in the proposed standard.