1 / 21

Softwires “Mesh” Scenario

Softwires “Mesh” Scenario. Problem: pass AF1 routing and data over the AF1-free core, while obeying certain constraints on solution Legacy devices not necessarily attached to “islands”. AF2-only cloud (“AF1-free core”). Legacy AF1 Device. Legacy AF1 Device. AF1/AF2 AFBR. AF1/AF2 AFBR.

adria-jensen
Download Presentation

Softwires “Mesh” Scenario

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Softwires “Mesh” Scenario • Problem: • pass AF1 routing and data over the AF1-free core, • while obeying certain constraints on solution • Legacy devices not necessarily attached to “islands” AF2-only cloud (“AF1-free core”) Legacy AF1 Device Legacy AF1 Device AF1/AF2 AFBR AF1/AF2 AFBR Softwire WG Meeting

  2. Solution Constraints • Transparent to legacy AF1 equipment • No explicit mesh of legacy-legacy adjacencies • Only AFBRs are dual-AF: • No AF1 routing protocols within core • No native AF1 data packets within core • Allow network administrators to choose tunneling technology for moving data Softwire WG Meeting

  3. Design Center • Two main cases of interest: • IPv4 through IPv6-only (“IPv4-free”) core • IPv6 through IPv4-only (“IPv6-free”) core • Solutions may apply more generally • e.g., IPv4 through “BGP-free” core (no external routes) • but not within scope of WG • Handling of VPN address families already solved in L3VPN, out of scope for this WG Softwire WG Meeting

  4. Solution Components • Routing: • Ingress AFBR must know egress AFBR for AF1 prefix • Core routers are AF1-free • AFBRs use BGP to distribute AF1 routes among themselves • Well understood model, leveraged in L3VPN • Data Plane • BGP provides AFBR next hop for each AF1 prefix • Ingress AFBR must tunnel packet to egress AFBR Softwire WG Meeting

  5. Routing: AF1 Prefixes with AF2 Next Hops • AFBR “perspective” on Next Hops for AF1 prefixes: • next hop across the core is another AFBR • since the AFBRs can only communicate with each other via AF2, the next hop for an AF1 prefix is an AF2 address • BGP Terminology: • the address or address prefix whose route is being distributed is known as NLRI. • each route associates a next hop (NH) with an NLRI. • our model allows AF1 NLRI to have AF2 NH • Several precedents for BGP NLRI and NH in different AF • non-IP NLRI with IPv4 and/or IPv6 NH • VPN-IP NLRI with IPv4 and/or IPv6 NH • 6PE: IPv6 NLRI with IPv4 NH Softwire WG Meeting

  6. Mixed NLRI/NH • Softwire WG responsibility is to • endorse the notion of a v6 nh for a v4 prefix (and vice versa) • say when to generate updates that have mixed NLRI/NH • say how these may affect forwarding decisions • There are encoding issues, but those fall within the scope of the IDR WG Softwire WG Meeting

  7. When to Generate Mixed NLRI/NH Updates • Matter of policy • Default • When doing “next hop self”, specify “self” NH in IPvX if running BGP session on IPvX, even if NLRI is not IPvX. • When not doing “next hop self”, (e.g., RR), do not change address family of NH • Specific deployment scenarios might require departure from default policy Softwire WG Meeting

  8. Deployment Constraint • In a given AF1-free core, all AFBRs (and any RRs of which they are clients) must be able to deal with mixed NH/NLRI combinations Softwire WG Meeting

  9. Data Plane: Encapsulation and Policy • AF1 data packets must be tunneled through AF2 core from one AFBR to another • Tunneling technology is chosen by policy • Typical case probably very simple: • admin. selects favorite tunneling technology • admin. only deploys AFBRs that offer it • Policy is configured at AFBR which does encapsulation (i.e., tunnel head end) Softwire WG Meeting

  10. Conditional Policies • Policy cannot be automatically deduced from information about capabilities of head end and tail end: • E.g., what if they both support MPLS, but core doesn’t? • Policy must be configured at head end • Policies can be made conditional on information gathered in real time about tail end or even about individual prefix Softwire WG Meeting

  11. Example Conditional Policy • Example: • use GRE to talk to “type X” AFBRs, • but use L2TP to talk to “type Y” AFBRs • Conditional policy pre-configured • Information about “type” of AFBR gathered in real time • BGP can be used by an AFBR to distribute the information that it is, e.g., type Y. Softwire WG Meeting

  12. BGP-Based Distribution of Information about an AFBR • Like BGP-based auto-discovery used in L2/L3VPN • Useful to have special BGP update to carry arbitrary information about originator of update: Info-SAFI • Carries factual info about AFBR • Info is opaque to BGP • Info often representable as arbitrarily assigned (ext.) community • Info and route distribution can be constrained independently • Factual info from tail end used as input to conditional policy configured at head end • Very general but simple mechanism, allows administrators full control of policy • To be discussed in IDR Softwire WG Meeting

  13. More on Policy • Head end and tail end do not negotiate policy, or even suggest policies to each other • Policies depending on facts about individual prefixes could be configured: • possibly based on attributes of prefixes • no need for tail end to dynamcally assign prefixes to tunnels • Polices with respect to QoS, TE, Security, could also be configured at head end Softwire WG Meeting

  14. Tunnel Setup and Signaling • Some tunneling technologies don’t need anything but the tail address: • GRE (without optional key) • IP-in-IP • LDP-based MPLS • Others have native signaling which can be used: • RSVP-TE • But … Softwire WG Meeting

  15. BGP for Tunnel Setup • For some tunneling technologies: • tail needs to pass info for head to place in the encapsulation header, • but native signaling either doesn’t exist or isn’t right for this application • Examples: • GRE if optional key is to be used • L2TPv3 Softwire WG Meeting

  16. BGP for L2TPv3 Tunnel Setup • Tail end must pass session id and cookie value to head ends • for given tail end, all head ends can use same session id and cookie • best done via p2mp signaling • but L2TPv3 native signaling is p2p • makes sense to pass this info via BGP. • good use for the info-SAFI. Softwire WG Meeting

  17. What’s Not Needed • Prioritized lists of encapsulation types • policies configured at head end • no negotiation of policy between head and tail • so prioritized list from tail doesn’t make much sense • Replacement of “BGP next hop” notion with “BGP next tunnel” notion • Leads to simplification over some previous proposals, without loss of generality Softwire WG Meeting

  18. Payload Type Identification • Some tunnel technologies have native means of identifying payload type • Others require demultiplexor value to be distributed by BGP with other encaps info • Details to be worked out for each encaps type Softwire WG Meeting

  19. Security? • Scope is Internet traffic, not VPN traffic • If confidentiality or integrity is required inside the tunnel, it’s also required outside the tunnel, so no new confidentiality requirement • Spoofed encapsulation header is possible • but without the tunnel, a spoofed payload packet would be possible, so no new authentication requirement Softwire WG Meeting

  20. Security?? • Security ADs don’t take “no” for an answer: • Allow tunnel-mode IPsec as one of the IP-based tunneling technologies • Given large number of tunnels, requres automated key distribution (IKE) • Need for security probably not prefix-dependent or dependent on tunnel endpoints • In progress Softwire WG Meeting

  21. Multicast • Next time! • (Probably based on carrying AF1 multicast streams in AF2 multicast tunnels) • (Probably with an array of possible AF2 multicast tunnel technologies, like the MVPN PMSI.) Softwire WG Meeting

More Related