• Share
  • Email
  • Embed
  • Like
  • Private Content
E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN CKN TechAdvantage Webinar
 

E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN CKN TechAdvantage Webinar

on

  • 4,095 views

 

Statistics

Views

Total Views
4,095
Views on SlideShare
4,092
Embed Views
3

Actions

Likes
1
Downloads
206
Comments
0

2 Embeds 3

https://twitter.com 2
http://moderation.local 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN CKN TechAdvantage Webinar E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN CKN TechAdvantage Webinar Presentation Transcript

    • E-VPN & PBB-EVPN: the Next Generationof MPLS-based L2VPNA Cisco Knowledge Network (CKN) TechAdvantage WebinarApril 2013
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicToday’s Presenters Tina Lam (tinalam@cisco.com)Product ManagerCisco Jose Liste (jliste@cisco.com)Technical Marketing EngineerCisco2
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicAgenda Market Overview and Drivers Ethernet VPN and PBB-EVPN Technical Overview Flows and Use Cases Summary3
    • Market Overview and Drivers4
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicL2VPN Market DriversService Provider•  L2 transport fordistribution and corenetwork•  L2 aggregation for mobileRAN and CarrierEthernet•  L2 access services•  SP managed DCIData Center•  Data center interconnect(DCI)•  L2 overlay networkEnterprise•  L2 transport acrosscampuses•  Enterprise managed DCIExtends L2 connectivity for all markets
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicData Center Interconnect requirements not fully addressed by currentL2VPN technologiesDCI Brings New RequirementsEthernet Virtual Private Network (E-VPN) and Provider Backbone BridgingEVPN (PBB-EVPN) designed to address these requirements  All-active Redundancy and Load Balancing  Simplified Provisioning and Operation  Optimal Forwarding  Fast Convergence  MAC Address Scalability
    • Technical OverviewHighlights and Solution Requirements7
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco Public  Next generation solution for Ethernetmultipoint connectivity services  PEs run Multi-Protocol BGP to advertise& learn MAC addresses over Core  Learning on PE Access Circuits viadata-plane transparent learning  No pseudowires–  Unicast: use MP2P tunnels–  Multicast: use ingress replication overMP2P tunnels or use LSM  Under standardization at IETF – draft-ietf-l2vpn-evpnEthernet VPNHighlightsMPLSPE1CE1PE2PE3CE3PE4VID 100SMAC: M1DMAC: F.F.FBGP MAC adv. RouteE-VPN NLRIMAC M1 via PE1Data-plane addresslearning from AccessControl-plane addressadvertisement / learningover Core
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco Public  Combines Ethernet Provider BackboneBridging (PBB - IEEE 802.1ah) with EthernetVPN–  PEs perform as PBB Backbone Edge Bridge (BEB)  Reduces number of BGP MAC advertisementsroutes by aggregating Customer MACs (C-MAC) via Provider Backbone MAC (B-MAC)–  Addresses virtualized data centers with C-MACcount into the millions–  PEs advertise local Backbone MAC (B-MAC)addresses in BGP–  C-MAC and C-MAC to B-MAC mapping learned indata-plane  Under standardization at IETF – draft-ietf-l2vpn-pbb-evpnPBB Ethernet VPNHighlightsMPLSPE1CE1PE2PE3CE3PE4B-MAC:B-M1 B-M2B-M2BGP MAC adv. RouteE-VPN NLRIMAC B-M1 via PE2B-MAC:B-M1Control-plane addressadvertisement / learningover Core (B-MAC)Data-plane addresslearning from Access• Local C-MAC to local B-MAC bindingData-plane addresslearning from Core• Remote C-MAC to remoteB-MAC binding
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco Public  Active / Active Multi-Homingwith flow-based loadbalancing in CE to PEdirection–  Maximize bisectional bandwidth–  Flows can be L2/L3/L4 orcombinations  Flow-based load balancing inPE to PE direction–  Multiple RIB entries associatedfor a given MAC–  Exercises multiple links towardsCE10Solution RequirementsAll-Active Redundancy and Load BalancingPEPEPEPEVlan X - F1Vlan X – F2Flow Based Load-balancing – CE to PE directionPEPEPEPEFlow Based Load-balancing – PE to PE directionVlan X - F1Vlan X – F2
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco Public  Flow-based Multi-Pathing  Load balancing acrossequal cost multiple pathsin the MPLS core  Load balancing at PE andP routers based onEntropy MPLS labels11Solution RequirementsAll-Active Redundancy and Load Balancing (cont.)PEPEPEPEPPPPFlow Based Multi-Pathing in the CoreVlan X - F1Vlan X – F2Vlan X – F3Vlan X – F4
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco Public  Optimal forwarding for unicast andmulticast  Shortest path – no triangular forwardingat steady-state  Loop-Free & Echo-Free Forwarding  Avoid duplicate delivery of floodedtraffic  Multiple multicast tunneling options:–  Ingress Replication–  P2MP LSM tunnels–  MP2MP12Solution RequirementsOptimal ForwardingPE1PE2PE3PE4CE1 CE2Echo !PE1PE2PE3PE4CE1 CE2 Duplicate !CE1 CE2PE1PE2PE3PE4TriangularForwarding!
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicSolution Requirements  Server Virtualization fueling growth in MAC Address scalability:–  1 VM = 1 MAC address.–  1 server = 10’s or 100’s of VMs  MAC address scalability most pronounced on Data Center WAN Edge for Layer 2extensions over WAN.–  Example from a live network: 1M MAC addresses in a single SP data centerMAC Address Scalability13WANDC Site 1DC Site 2DC Site N1K’s10K’s1M’sN * 1M
    • Technical OverviewConcepts14
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicE-VPN / PBB-EVPN ConceptsEthernet Segment•  Represents a ‘site’connected to one or morePEs•  Uniquely identified by a 10-byte global EthernetSegment Identifier (ESI)•  Could be a single device oran entire networkSingle-Homed Device (SHD)Multi-Homed Device (MHD)Single-Homed Network (SHN)Multi-Homed Network (MHN)BGP Routes•  E-VPN and PBB-EVPNdefine a single new BGPNLRI used to carry all E-VPN routes•  NLRI has a new SAFI (70)•  Routes serve control planepurposes, including:MAC address reachabilityMAC mass withdrawalSplit-Horizon label adv.AliasingMulticast endpoint discoveryRedundancy group discoveryDesignated forwarder electionE-VPN Instance (EVI)•  EVI identifies a VPN in thenetwork•  Encompass one or morebridge-domains, dependingon service interface typePort-basedVLAN-based (shown above)VLAN-bundlingVLAN aware bundling (NEW)BGP Route Attributes•  New BGP extendedcommunities defined•  Expand information carriedin BGP routes, including:MAC address movesC-MAC flush notificationRedundancy modeMAC / IP bindings of a GWSplit-horizon label encodingPEBDBDEVIEVIPE1PE2CE1CE2SHDMHDESI1ESI2Route Types[1] Ethernet Auto-Discovery (AD) Route[2] MAC Advertisement Route[3] Inclusive Multicast Route[4] Ethernet Segment RouteExtended CommunitiesESI MPLS LabelES-ImportMAC MobilityDefault Gateway
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicSplit HorizonFor Ethernet Segments – E-VPN  PE advertises in BGP a split-horizon label (ESI MPLS Label) associatedwith each multi-homed Ethernet Segment  Split-horizon label is only used for multi-destination frames (UnknownUnicast, Multicast & Broadcast)  When an ingress PE floods multi-destination traffic, it encodes the Split-Horizon label identifying the source Ethernet Segment in the packet  Egress PEs use this label to perform selective split-horizon filtering over theattachment circuitPE1PE2PE3PE4CE1 CE3ESI-1 ESI-2CE4CE5Challenge:How to prevent flooded traffic from echoingback to a multi-homed Ethernet Segment?Echo !
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicSplit HorizonFor Ethernet Segments – PBB-EVPN  PEs connected to the same MHD use the same B-MAC address for theEthernet Segment–  1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)  Disposition PEs check the B-MAC source address for Split-Horizon filtering–  Frame not allowed to egress on an Ethernet Segment whose B-MAC matches the B-MAC source address in the PBB headerPE1PE2PE3PE4CE1 CE3ESI-1 ESI-2CE4CE5Challenge:How to prevent flooded traffic from echoingback to a multi-homed Ethernet Segment?Echo !B-MAC1B-MAC1
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicDesignated Forwarder (DF)DF Election  PEs connected to a multi-homed Ethernet Segment discover each other viaBGP  These PEs then elect among them a Designated Forwarder responsible forforwarding flooded multi-destination frames to the multi-homed Segment  DF Election granularity can be:–  Multiple DFs for load-sharing–  Per Ethernet Tag on Ethernet Segment (E-VPN)–  Per I-SID on Ethernet Segment (PBB-EVPN)PE1PE2PE3PE4CE1 CE2ESI-1 ESI-2Challenge:How to prevent duplicate copies of floodedtraffic from being delivered to a multi-homedEthernet Segment? Duplicate !
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicAliasingE-VPN  PEs advertise in BGP the ESIs of local multi-homed Ethernet Segments–  All-Active Redundancy Mode indicated  When PE learns MAC address on its AC, it advertises the MAC in BGPalong with the ESI of the Ethernet Segment from which the MAC waslearnt  Remote PEs can load-balance traffic to a given MAC address across allPEs advertising the same ESIMAC1PE1PE2PE3PE4CE1 CE3CE4ESI-1Challenge:How to load-balance traffic towards a multi-homed device across multiple PEs when MACaddresses are learnt by only a single PE?I can reachESI1(All-Active)I can reachESI1(All-Active)MAC1I can reachMAC1 via ESI1MAC1 ESI1  PE1 PE2
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicAliasingPBB-EVPN  PEs connected to the same MHD use the same B-MAC address for theEthernet Segment–  1:1 mapping between B-MAC and ESI (for All-Active Redundancy with flow-based LB)  PEs advertise their B-MAC addresses independent of the C-MAC learning state  Remote PEs can load-balance traffic to a given C-MAC across all PEsadvertising the same associated B-MACMAC1PE1PE2PE3PE4CE1 CE3CE4ESI-1Challenge:How to load-balance traffic towards a multi-homed device across multiple PEs when MACaddresses are learnt by only a single PE?I can reachB-MAC1I can reachB-MAC1MAC1I can reach MAC1via B-MAC1MAC1 B-MAC1PE1 PE2
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicMAC Mass-Withdraw  PEs advertise two sets of information:–  MAC addresses along with the ESI from the address was learnt–  Connectivity to ESI(s)  If a PE detects a failure impacting an Ethernet Segment, it withdraws the routefor the associated ESI–  Remote PEs remove failed PE from the path-list for all MAC addresses associatedwith an ESI–  This effectively is a MAC ‘mass-withdraw’ functionE-VPN21MAC1PE1PE2PE3PE4CE1 CE3CE4ESI-1Challenge:How to inform remote PEs of a failure affectingmany MAC addresses quickly while thecontrol-plane re-converges?MAC1,MAC2,…MACnI can reachESI1(All-Active)I can reachMAC1 via ESI1I can reachMAC2 via ESI1I can reachMACn via ESI1I can reachESI1(All-Active)MAC1,.. MACn  ESI1  PE1 PE2I lost ESI1X
    • Technical OverviewComparison of Solutions22
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicComparison of L2VPN Solutions23Requirement VPLS PBB-VPLS E-VPN PBB-EVPNMulti-Homing with All-Active ForwardingVLAN Based Load-balancing CE-to-PE ✔ ✔ ✔ ✔Flow Based Load-balancing CE-to-PE "  ✔ ✔Flow Based Load-balancing PE-to-PE "  ✔ ✔Flow Based Multi-Pathing in the Core ✔ ✔ ✔ ✔MAC ScalabilityScale to Millions of C-MAC Addresses  ✔  ✔Confinement of C-MAC entries to PE with active flows ✔ ✔  ✔MAC Summarization   ✔ ✔MAC Summarization co-existence with C-MAC Mobility    ✔Flexible VPN PoliciesPer C-MAC Forwarding Control Policies   ✔ Per-Segment Forwarding Control Policies   ✔ ✔
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicPoll Questions #1Which features will be most critical for your company to roll out E-VPN / PBB-EVPN? [multiplechoice]A.  All Active Redundancy and Load BalancingB.  MAC Address ScalabilityC.  Interworking / Co-existence with VPLSD.  Multi-vendor InteroperabilityE.  Optimized Multicast (Label Switch Multicast)What applications would you be most interested for deployment of E-VPN / PBB-EVPN in yournetwork? [multiple choice]A.  E-LAN Business Ethernet ServicesB.  E-Tree Business Ethernet ServicesC.  Mobile BackhaulD.  Data Center Interconnect (DCI)E.  No interest for now
    • Flows and Use CasesPBB-EVPN Life of a Packet25
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicMPLSPE1CE1PE2PE3CE3PE4PBB-EVPN Life of a PacketIngress Replication – Multi-destination Traffic Forwarding26MPLSPE1CE1PE2PE3CE3PE4VID 100SMAC: M1DMAC: F.F.FMcast MPLS Labelassigned by PE3 forincoming BUM trafficon a given EVIPSN MPLS label toreach PE3PE4 – non-DF forgiven I-SID dropsBUM trafficPE2 – drops BUMtraffic originated onsame source B-MAC (B-M1)PE1 receives broadcasttraffic from CE1. PE1adds PBB encapsulationand forwards it usingingress replication – 3copies created PE3 – as DF, itforwards BUMtraffic towardssegmentPE 2 Inclusive MulticastRouteRD = RD-2aPMSI Tunnel AttributeTunnel Type = Ing. Repl.Label = L2RT ext. communityRT-aMcast MPLS Label – used totransmit BUM traffic -downstream assigned (foringress replication)During start-up sequence,PE1, PE2, PE3, PE4 sentInclusive Multicast routewhich include Mcast labelB-M1B-M1B-M2B-M2B-M1B-M1B-M2B-M2L2 PBBL3 PBBL4 PBBPE3 MAC TableI-SID xyzC-MAC B-MACM1 B-M1Data-plane basedMAC learning forC-MAC / B-MACassociation
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicMPLSPE1CE1PE2PE3CE3PE4PBB-EVPN Life of a Packet (cont.)Unicast Traffic Forwarding and Aliasing27PE1 MAC RouteRD = RD-1aESI = 1MAC = B-M1Label = L1RT ext. communityRT-aPE3 RIBVPN MAC ESIRT-a B-M1 n/aPath ListNHPE1PE2VID 100SMAC: M1DMAC: F.F.FMP2P VPN Label –downstream allocated labelused by other PEs to sendtraffic to advertised MACMAC advertised byrouteB-M1B-M1B-M2B-M2PE3 MAC TableI-SID xyzC-MAC B-MACM1 B-M1During start-up sequence,PE1 & PE2 advertisedMAC route for B-MAC (B-M1)PE2 MAC RouteRD = RD-2aESI = 1MAC = B-M1Label = L2RT ext. communityRT-aMPLSPE1CE1PE2PE3CE3PE4MP2P VPN Labelassigned by PE2 forincoming traffic fortarget EVIPSN MPLS label toreach PE2PE3 forwards trafficon a flow (flow 2) toM1 using B-MAC B-M1 towards PE2VID 100SMAC: M4DMAC: M1MP2P VPNLabel assignedby PE1 forincoming trafficfor target EVIPSN MPLS label toreach PE1PE3 forwards trafficon a flow (flow 1) toM1 using B-MAC B-M1 towards PE1VID 100SMAC: M3DMAC: M1B-M1B-M1B-M2B-M2L2 PBBL1 PBBData-plane basedMAC learning for C-MAC / B-MACassociation
    • Flows and Use CasesPBB-EVPN Operational / Failure scenarios28
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicPBB-EVPN Operational ScenariosMAC Mobility29  MAC MobilityMPLSPE1CE1PE2PE3CE3PE4MPLSPE1CE1PE2PE3CE3PE4VID 100SMAC: M1DMAC: M2PE1 learns C-MAC M1 on localport and forwards across coreaccording to C-MAC DA toRemote B-MAC mapping1Host M1 movesfrom CE1 to CE3’slocartion3M1M1 M1VID 100SMAC: M1DMAC: F.F.FVia data-planelearning, PE3 learnsC-MAC M1 via B-MAC B-M12After host sends traffic atnew location, PE3 updatesC-MAC M1 location (localport.) PE3 also forwardsacross core according to C-MAC DA to Remote B-MACmapping4Via data-planelearning, PE1updates C-MAC M1location (via B-MACB-M2)5B-M1B-M1B-M2B-M2L1L2 PBBPE1 MAC TableI-SID xyzC-MAC B-MACM1 -PE3 MAC TableI-SID xyzC-MAC B-MACM1 B-M1PE3 MAC TableI-SID xyzC-MAC B-MACM1 -PE1 MAC TableI-SID xyzC-MAC B-MACM1 B-M2141 425B-M1B-M1B-M2B-M2L3L4 PBBMAC Mobility event handled entirely bydata-plane learning
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicPBB-EVPN Failure Scenarios / ConvergenceLink / Segment Failure – Active/Active per FlowMPLSPE1CE1PE2PE3CE3PE4PE3, PE4 RIBVPN MAC ESIRT-a B-M1 n/aPath ListNHPE1PE2PE1 withdraws B-MACadvertised for failedsegment (B-M1)2PE2 reruns DF election.Becomes DF for all I-SIDs on segment4PE3 / PE4remove PE1 frompath list for B-MAC (B-M1)3PE1 detects failureof one of itsattached segments1PE1B-M1B-M1B-M2B-M2
    • Use Cases31
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicPBB-EVPNSample Use Access32  Null Ethernet SegmentIdentifier (ESI)PE1CE1MPLSCorePE2BMAC 1ESI WBMAC 1ESI WDual Home Device (DHD)Active / Active Per-Flow LBVID XVID XPE1CE1MPLSCorePE2BMAC 2ESI WBMAC 1ESI WDual Home Device (DHD)Active / Active Per-Service LBVID XVID YPE1CE1MPLSCoreESI NullSingle Home Device (SHD)Single Home Network (SHN)VID XVID X  Identical B-MAC on PBB-EVPN PEs (PE1 / PE2)  Identical ESI on PBB-EVPNPEs  Different B-MAC on PBB-EVPN PEs (PE1 / PE2)  Identical ESI on PBB-EVPNPEs  Per service (I-SID) carving(manual or automatic)CE2ESI Null
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicWhat best would describe your company’s interest on E-VPN / PBB-EVPN? [single choice]A.  No plans to deploy / Not applicable to my environmentB.  Undecided. Need further evaluation / understanding of the technologyC.  I would consider deployment in the next 12 monthsD.  I would consider deployment in the next 12-24 monthsPoll Question #2
    • Summary34
    • © 2013 Cisco and/or its affiliates. All rights reserved.jliste@cisco.com Cisco PublicSummary  E-VPN / PBB-EVPN are next-generation L2VPN solutions based on a BGPcontrol-plane for MAC distribution/learning over the core  E-VPN / PBB-EVPN were designed to address following requirements:–  All-active Redundancy and Load Balancing–  Simplified Provisioning and Operation–  Optimal Forwarding–  Fast Convergence  In addition, PBB-EVPN and its inherent MAC-in-MAC hierarchy provides:–  Scale to Millions of C-MAC (Virtual Machine) Addresses–  MAC summarization co-existence with C-MAC (VM) mobility  E-VPN / PBB-EVPN applicability goes beyond DCI into Carrier Ethernet usecases35