140 likes | 382 Views
E-VPN and Data Center . R. Aggarwal ( rahul@juniper.net ). Reference Model and Terminology. DCS1. DCB3. DCS2. DCB1. DCS8. Data Center 1. Data Center 3. DCS5. “WAN”. DCS4. DCB4/DCS9. DCB2. Data Center 2. Data Center 4. Client Site BR. DC: Data Center DCS: Data center switch
E N D
E-VPN and Data Center R. Aggarwal (rahul@juniper.net)
Reference Model and Terminology DCS1 DCB3 DCS2 DCB1 DCS8 Data Center 1 Data Center 3 DCS5 “WAN” DCS4 DCB4/DCS9 DCB2 Data Center 2 Data Center 4 Client Site BR • DC: Data Center • DCS: Data center switch • Connected to Servers/VMs • DCB: Data center border router • Could be co-located with DCS • “WAN” provides interconnect among DCs, and between DCs and Client Site BR Client site
Data Center Interconnect: Layer 2 Extension DCB3 VM4 DCS1 VM1 DCS8 DCB1 DCS2 Data Center 3 VM2 Data Center 1 VM7 VM3 DCS5 VM6 “WAN” DCB4/DCS9 DCS4 VM8 DCB2 Data Center 4 VM5 Data Center 2 Client Site BR • VLAN1 (subnet1) stretches between DC1, DC2, DC3 and DC4 • VLAN2 (subnet2) is present only on DCS1 Client site • VLAN3 (subnet3) stretches between DC1 and DC2 • VLAN stretch is required for cloud computing “resource fungibility”, redundancy etc. • Communication between VMs on different VLANs/subnets and between clients and the VMs requires layer 3 routing
BGP-MPLS E-VPNs for Data Center Interconnect • BGP-MPLS based technology, one application of which is data center interconnect between data center switches for intra-VLAN forwarding i.e., layer 2 extension • Why? • Not all data center interconnect layer 2 extension requirements are satisfied by existing MPLS technology such as VPLS • E.g., minimizing flooding, active-active points of attachment, fast edge protection, scale, etc. • How? • Reuses several building blocks from existing BGP-MPLS technologies • Requires extensions to existing BGP-MPLS technologies • Draft-raggarwa-sajassi-l2vpn-evpn-01.txt • Being pursued in the L2VPN WG
E-VPN Reference Model VPN A MES 4 ESI 1, VLAN1 Host-A4 Host -A1 ESI 3, VLAN1 Ethernet Switch-B3 VPN A MES 2 EFI-A ESI 1, VLAN1 VPN B EFI-A RR ESI 4, VLAN2 Host –A5 EFI-A ESI 2, VLAN2 EFI-B ESI 5, VLAN1 MES 1 Host-A3 EFI-B VPN B Host-B1 VPN A MES 3 • MES - MPLS Edge Switch; EFI – E-VPN Forwarding Instance; ESI – Ethernet Segment Identifier (e.g., LAG identifier) • MESes are connected by an IP/MPLS infrastructure • Transport may be provided by MPLS P2P or MP2P LSPs and optionally P2MP/MP2MP LSPs for “multicast” • Transport may be also be provided by IP/GRE Tunnels
Relating EVPN Reference Model to Data Center Interconnect Reference Model DCS2 DCS1 DCS8 DCB3 DCB1 Data Center 1 Data Center 3 “WAN” DCS5 DCS4 DCB4/DCS9 DCB2 Data Center 4 Data Center 2 • DCSes may act as MPLS Edge Switches (MES) • DCSes may interconnect with DCBs using E-VPN • DCSes are connected to hosts i.e., VMs • DCBs must participate in E-VPN although they may perform only MPLS switching • WAN routers may or may not participate in E-VPN • Following slides will describe an overview of E-VPN and then apply E-VPN to data center interconnect
E-VPN Local MAC Address Learning • A MES must support local data plane learning using vanilla ethernet learning procedures • When a CE generates a data plane packet such as an ARP request • MESes may learn the MAC addresses of hosts in the control plane using extensions to protocols that run between the MES and the hosts • MESes may learn the MAC addresses of hosts in the management plane
E-VPN Remote MAC Address Learning • E-VPN introduces the ability for an MES to advertise locally learned MAC addresses in BGP to other MESes, using principles borrowed from IP VPNs • E-VPN requires an MES to learn the MAC addresses of CEs connected to other MESes in the control plane using BGP • Remote MAC addresses are not learned in the data plane
Remote MAC Address Learning in the BGP Control PlaneArchitectural Benefits • Increases the scale of MAC addresses and VLANs supported • BGP capabilities such as constrained distribution, Route Reflectors, inter-AS etc., are reused • Allows hosts to connect to multiple active points of attachment • Improves convergence in the event of certain network failures • Allow hosts to relocate within the same subnet without requiring renumbering • Minimizes flooding of unknown unicast packets • Minimizes flooding of ARP • Rest of the presentation will focus on this • Control over which MAC addresses are learned by which devices • Simplifies operations; enables flexible topologies etc.
ARP Scaling Optimization: Approach • Minimize the radius of ARP request/response propagation • Minimize the propagation radius of ARP request from a server/Virtual Machine • In the switching infrastructure in the data center • Across data centers • Respond to an ARP request from a server/VM as close to the server/VM as possible • Requires a number of components • See the following slide
ARP Scaling Optimization: Proxy ARP • A network node as close to the server/VM, as possible, performs “Proxy ARP” in response to ARP requests from the server/VM • The network node should ideally be the DCS • Which MAC address does the network node use to respond to the ARP request? • The answer depends on the forwarding paradigm used by the node to forward packets within the VLAN • MAC lookup based forwarding within the VLAN/subnet • The solution in the following slides focuses on this • IP address based forwarding within the VLAN/subnet • Not discussed in the following slides
ARP Scaling Optimization: The Role of E- VPN (1)When MAC lookup based forwarding is used within a VLAN/subnet • MESes perform Proxy ARP • An MES responds to an ARP request, for an IP address, with the MAC address bound to the IP address • When the destination is in the same subnet as the sender of the ARP request • The ARP request is not forwarded to other MESes
ARP Scaling Optimization: The Role of E- VPN (2) • How does the MES learn the IP address bound to the MAC address when the MAC address is remote? • BGP MAC routes carry the IP address bound to the MAC address • How does an MES learn the IP to MAC binding when the MAC address is local? • Control or management plane between MES and CEs or data plane snooping • An MES advertises the local IP to MAC bindings in the MAC routes