draft-ietf-l2vpn-evpn-10.txt   draft-ietf-l2vpn-evpn-11.txt 
skipping to change at page 1, line 18 skipping to change at page 1, line 18
Juniper Networks Juniper Networks
N. Bitar N. Bitar
W. Henderickx Verizon W. Henderickx Verizon
Alcatel-Lucent Alcatel-Lucent
Aldrin Isaac Aldrin Isaac
Bloomberg Bloomberg
J. Uttaro J. Uttaro
AT&T AT&T
Expires: April 3, 2015 October 3, 2014 Expires: April 18, 2015 October 18, 2014
BGP MPLS Based Ethernet VPN BGP MPLS Based Ethernet VPN
draft-ietf-l2vpn-evpn-10 draft-ietf-l2vpn-evpn-11
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 2, line 18 skipping to change at page 2, line 18
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Abstract Abstract
This document describes procedures for BGP MPLS based Ethernet VPNs This document describes procedures for BGP MPLS based Ethernet VPNs
(EVPN). The procedures described here are intended to meet the (EVPN). The procedures described here meet the requirements specified
requirements specified in RFC7209 - Requirements for Ethernet VPN. in RFC7209 - Requirements for Ethernet VPN.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Specification of requirements . . . . . . . . . . . . . . . . . 5 2. Specification of requirements . . . . . . . . . . . . . . . . . 5
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. BGP MPLS Based EVPN Overview . . . . . . . . . . . . . . . . . 6 4. BGP MPLS Based EVPN Overview . . . . . . . . . . . . . . . . . 6
5. Ethernet Segment . . . . . . . . . . . . . . . . . . . . . . . 7 5. Ethernet Segment . . . . . . . . . . . . . . . . . . . . . . . 7
6. Ethernet Tag ID . . . . . . . . . . . . . . . . . . . . . . . . 10 6. Ethernet Tag ID . . . . . . . . . . . . . . . . . . . . . . . . 10
6.1 VLAN Based Service Interface . . . . . . . . . . . . . . . . 11 6.1 VLAN Based Service Interface . . . . . . . . . . . . . . . . 11
6.2 VLAN Bundle Service Interface . . . . . . . . . . . . . . . 11 6.2 VLAN Bundle Service Interface . . . . . . . . . . . . . . . 11
6.2.1 Port Based Service Interface . . . . . . . . . . . . . . 11 6.2.1 Port Based Service Interface . . . . . . . . . . . . . . 11
6.3 VLAN Aware Bundle Service Interface . . . . . . . . . . . . 11 6.3 VLAN Aware Bundle Service Interface . . . . . . . . . . . . 11
6.3.1 Port Based VLAN Aware Service Interface . . . . . . . . 12 6.3.1 Port Based VLAN Aware Service Interface . . . . . . . . 12
7. BGP EVPN NLRI . . . . . . . . . . . . . . . . . . . . . . . . . 12 7. BGP EVPN Routes . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Ethernet Auto-Discovery Route . . . . . . . . . . . . . . . 13 7.1. Ethernet Auto-Discovery Route . . . . . . . . . . . . . . . 13
7.2. MAC/IP Advertisement Route . . . . . . . . . . . . . . . . 13 7.2. MAC/IP Advertisement Route . . . . . . . . . . . . . . . . 13
7.3. Inclusive Multicast Ethernet Tag Route . . . . . . . . . . 14 7.3. Inclusive Multicast Ethernet Tag Route . . . . . . . . . . 14
7.4 Ethernet Segment Route . . . . . . . . . . . . . . . . . . . 15 7.4 Ethernet Segment Route . . . . . . . . . . . . . . . . . . . 15
7.5 ESI Label Extended Community . . . . . . . . . . . . . . . . 15 7.5 ESI Label Extended Community . . . . . . . . . . . . . . . . 15
7.6 ES-Import Route Target . . . . . . . . . . . . . . . . . . . 16 7.6 ES-Import Route Target . . . . . . . . . . . . . . . . . . . 16
7.7 MAC Mobility Extended Community . . . . . . . . . . . . . . 16 7.7 MAC Mobility Extended Community . . . . . . . . . . . . . . 16
7.8 Default Gateway Extended Community . . . . . . . . . . . . . 17 7.8 Default Gateway Extended Community . . . . . . . . . . . . . 17
7.9 Route Distinguisher Assignment per EVI . . . . . . . . . . . 17 7.9 Route Distinguisher Assignment per EVI . . . . . . . . . . . 17
7.10 Route Targets . . . . . . . . . . . . . . . . . . . . . . . 17 7.10 Route Targets . . . . . . . . . . . . . . . . . . . . . . . 17
skipping to change at page 4, line 4 skipping to change at page 4, line 4
16.2.1. Inclusive Trees . . . . . . . . . . . . . . . . . . . 45 16.2.1. Inclusive Trees . . . . . . . . . . . . . . . . . . . 45
17. Convergence . . . . . . . . . . . . . . . . . . . . . . . . . 45 17. Convergence . . . . . . . . . . . . . . . . . . . . . . . . . 45
17.1. Transit Link and Node Failures between PEs . . . . . . . . 45 17.1. Transit Link and Node Failures between PEs . . . . . . . . 45
17.2. PE Failures . . . . . . . . . . . . . . . . . . . . . . . 46 17.2. PE Failures . . . . . . . . . . . . . . . . . . . . . . . 46
17.3. PE to CE Network Failures . . . . . . . . . . . . . . . . 46 17.3. PE to CE Network Failures . . . . . . . . . . . . . . . . 46
18. Frame Ordering . . . . . . . . . . . . . . . . . . . . . . . . 46 18. Frame Ordering . . . . . . . . . . . . . . . . . . . . . . . . 46
19. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 47 19. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 47
20. Security Considerations . . . . . . . . . . . . . . . . . . . 47 20. Security Considerations . . . . . . . . . . . . . . . . . . . 47
21. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 49 21. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 49
22. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 22. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49
23. References . . . . . . . . . . . . . . . . . . . . . . . . . . 49 23. References . . . . . . . . . . . . . . . . . . . . . . . . . . 50
23.1 Normative References . . . . . . . . . . . . . . . . . . . 49 23.1 Normative References . . . . . . . . . . . . . . . . . . . 50
23.2 Informative References . . . . . . . . . . . . . . . . . . 50 23.2 Informative References . . . . . . . . . . . . . . . . . . 50
24. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 50 24. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 51
1. Introduction 1. Introduction
This document describes procedures for BGP MPLS based Ethernet VPNs This document describes procedures for BGP MPLS based Ethernet VPNs
(EVPN). The procedures described here are intended to meet the (EVPN). The procedures described here meet the requirements specified
requirements specified in [RFC7209]. Please refer to [RFC7209] for in [RFC7209]. Please refer to [RFC7209] for the detailed
the detailed requirements and motivation. EVPN requires extensions to requirements and motivation. EVPN requires extensions to existing
existing IP/MPLS protocols as described in this document. In addition IP/MPLS protocols as described in this document. In addition to these
to these extensions EVPN uses several building blocks from existing extensions EVPN uses several building blocks from existing MPLS
MPLS technologies. technologies.
2. Specification of requirements 2. Specification of requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Terminology 3. Terminology
Broadcast Domain: in a bridged network, it corresponds to a Virtual Broadcast Domain: In a bridged network, it corresponds to a Virtual
LAN (VLAN); where a VLAN is typically represented by a single VLAN ID LAN (VLAN); where a VLAN is typically represented by a single VLAN ID
(VID), but can be represented by several VIDs. (VID), but can be represented by several VIDs where Shared VLAN
Learning (SVL) is used per [802.1Q].
Bridge Domain: An instantiation of a broadcast domain on a bridge Bridge Domain: An instantiation of a broadcast domain on a bridge
node node
CE: Customer Edge device e.g., host or router or switch CE: Customer Edge device e.g., host or router or switch
EVI: An EVPN instance spanning across the PEs participating in that EVI: An EVPN instance spanning across the PEs participating in that
EVPN EVPN
MAC-VRF: A Virtual Routing and Forwarding table for MAC addresses on MAC-VRF: A Virtual Routing and Forwarding table for MAC addresses on
a PE for an EVI a PE for an EVI
Ethernet Segment Identifier (ESI): If a CE is multi-homed to two or Ethernet Segment (ES): If a multi-homed device or network is
more PEs, the set of Ethernet links that attaches the CE to the PEs connected to two or more PEs via a set of Ethernet links, then that
is an 'Ethernet segment'. Ethernet segments MUST have a unique non- set of links is referred to as an 'Ethernet segment'.
zero identifier, the 'Ethernet Segment Identifier'.
Ethernet Segment Identifier (ESI): A unique non-zero identifier that
identifies an Ethernet Segment is called an 'Ethernet Segment
Identifier'.
Ethernet Tag: An Ethernet Tag identifies a particular broadcast Ethernet Tag: An Ethernet Tag identifies a particular broadcast
domain, e.g., a VLAN. An EVPN instance consists of one or more domain, e.g., a VLAN. An EVPN instance consists of one or more
broadcast domains. Ethernet tag(s) are assigned to the broadcast broadcast domains. Ethernet tag(s) are assigned to the broadcast
domains of a given EVPN instance by the provider of that EVPN, and domains of a given EVPN instance by the provider of that EVPN, and
each PE in that EVPN instance performs a mapping between broadcast each PE in that EVPN instance performs a mapping between broadcast
domain identifier(s) understood by each of its attached CEs and the domain identifier(s) understood by each of its attached CEs and the
corresponding Ethernet tag. corresponding Ethernet tag.
LACP: Link Aggregation Control Protocol LACP: Link Aggregation Control Protocol
MP2MP: Multipoint to Multipoint MP2MP: Multipoint to Multipoint
P2MP: Point to Multipoint P2MP: Point to Multipoint
P2P: Point to Point P2P: Point to Point
Single-Active Redundancy Mode: When only a single PE, among a group Single-Active Redundancy Mode: When only a single PE, among all the
of PEs attached to an Ethernet segment, is allowed to forward traffic PEs attached to an Ethernet segment, is allowed to forward traffic
to/from that Ethernet Segment, then the Ethernet segment is defined to/from that Ethernet Segment, then the Ethernet segment is defined
to be operating in Single-Active redundancy mode. to be operating in Single-Active redundancy mode.
All-Active Redundancy Mode: When all PEs attached to an Ethernet All-Active Redundancy Mode: When all PEs attached to an Ethernet
segment are allowed to forward traffic to/from that Ethernet Segment, segment are allowed to forward traffic to/from that Ethernet Segment,
then the Ethernet segment is defined to be operating in All-Active then the Ethernet segment is defined to be operating in All-Active
redundancy mode. redundancy mode.
4. BGP MPLS Based EVPN Overview 4. BGP MPLS Based EVPN Overview
skipping to change at page 12, line 20 skipping to change at page 12, line 24
provider. provider.
6.3.1 Port Based VLAN Aware Service Interface 6.3.1 Port Based VLAN Aware Service Interface
This service interface is a special case of the VLAN Aware Bundle This service interface is a special case of the VLAN Aware Bundle
service interface, where all of the VLANs on the port are part of the service interface, where all of the VLANs on the port are part of the
same service and are mapped to a single bundle but without any VID same service and are mapped to a single bundle but without any VID
translation. The procedures are subset of those described in section translation. The procedures are subset of those described in section
6.3. 6.3.
7. BGP EVPN NLRI 7. BGP EVPN Routes
This document defines a new BGP NLRI, called the EVPN NLRI. This document defines a new BGP Network Layer Reachability
Information (NLRI), called the EVPN NLRI.
Following is the format of the EVPN NLRI: Following is the format of the EVPN NLRI:
+-----------------------------------+ +-----------------------------------+
| Route Type (1 octet) | | Route Type (1 octet) |
+-----------------------------------+ +-----------------------------------+
| Length (1 octet) | | Length (1 octet) |
+-----------------------------------+ +-----------------------------------+
| Route Type specific (variable) | | Route Type specific (variable) |
+-----------------------------------+ +-----------------------------------+
skipping to change at page 12, line 51 skipping to change at page 13, line 9
+ 1 - Ethernet Auto-Discovery (A-D) route + 1 - Ethernet Auto-Discovery (A-D) route
+ 2 - MAC/IP advertisement route + 2 - MAC/IP advertisement route
+ 3 - Inclusive Multicast Ethernet Tag Route + 3 - Inclusive Multicast Ethernet Tag Route
+ 4 - Ethernet Segment Route + 4 - Ethernet Segment Route
The detailed encoding and procedures for these route types are The detailed encoding and procedures for these route types are
described in subsequent sections. described in subsequent sections.
The EVPN NLRI is carried in BGP [RFC4271] using BGP Multiprotocol The EVPN NLRI is carried in BGP [RFC4271] using BGP Multiprotocol
Extensions [RFC4760] with an AFI of 25 (L2VPN) and a SAFI of 70 Extensions [RFC4760] with an Address Family Identifier (AFI) of 25
(L2VPN) and a Subsequent Address Family Identifier (SAFI) of 70
(EVPN). The NLRI field in the MP_REACH_NLRI/MP_UNREACH_NLRI attribute (EVPN). The NLRI field in the MP_REACH_NLRI/MP_UNREACH_NLRI attribute
contains the EVPN NLRI (encoded as specified above). contains the EVPN NLRI (encoded as specified above).
In order for two BGP speakers to exchange labeled EVPN NLRI, they In order for two BGP speakers to exchange labeled EVPN NLRI, they
must use BGP Capabilities Advertisement to ensure that they both are must use BGP Capabilities Advertisement to ensure that they both are
capable of properly processing such NLRI. This is done as specified capable of properly processing such NLRI. This is done as specified
in [RFC4760], by using capability code 1 (multiprotocol BGP) with an in [RFC4760], by using capability code 1 (multiprotocol BGP) with an
AFI of 25 (L2VPN) and a SAFI of 70 (EVPN). AFI of 25 (L2VPN) and a SAFI of 70 (EVPN).
7.1. Ethernet Auto-Discovery Route 7.1. Ethernet Auto-Discovery Route
skipping to change at page 13, line 30 skipping to change at page 13, line 37
+---------------------------------------+ +---------------------------------------+
|Ethernet Segment Identifier (10 octets)| |Ethernet Segment Identifier (10 octets)|
+---------------------------------------+ +---------------------------------------+
| Ethernet Tag ID (4 octets) | | Ethernet Tag ID (4 octets) |
+---------------------------------------+ +---------------------------------------+
| MPLS Label (3 octets) | | MPLS Label (3 octets) |
+---------------------------------------+ +---------------------------------------+
For the purpose of BGP route key processing, only the Ethernet For the purpose of BGP route key processing, only the Ethernet
Segment Identifier and the Ethernet Tag ID are considered to be part Segment Identifier and the Ethernet Tag ID are considered to be part
of the prefix in the NLRI. The MPLS Label field is to be treated as of the prefix in the NLRI. The MPLS Label field is to be treated as a
a route attribute as opposed to being part of the route. route attribute as opposed to being part of the route.
For procedures and usage of this route please see section 8.2 "Fast For procedures and usage of this route please see section 8.2 "Fast
Convergence" and section 8.4 "Aliasing". Convergence" and section 8.4 "Aliasing".
7.2. MAC/IP Advertisement Route 7.2. MAC/IP Advertisement Route
A MAC/IP advertisement route type specific EVPN NLRI consists of the A MAC/IP advertisement route type specific EVPN NLRI consists of the
following: following:
+---------------------------------------+ +---------------------------------------+
skipping to change at page 26, line 27 skipping to change at page 26, line 27
space among the PE nodes evenly, in such a way that every PE is the space among the PE nodes evenly, in such a way that every PE is the
DF for a disjoint set of EVIs. The procedure for service carving is DF for a disjoint set of EVIs. The procedure for service carving is
as follows: as follows:
1. When a PE discovers the ESI of the attached Ethernet Segment, it 1. When a PE discovers the ESI of the attached Ethernet Segment, it
advertises an Ethernet Segment route with the associated ES-Import advertises an Ethernet Segment route with the associated ES-Import
extended community attribute. extended community attribute.
2. The PE then starts a timer (default value = 3 seconds) to allow 2. The PE then starts a timer (default value = 3 seconds) to allow
the reception of Ethernet Segment routes from other PE nodes the reception of Ethernet Segment routes from other PE nodes
connected to the same Ethernet Segment. This timer value MUST be same connected to the same Ethernet Segment. This timer value should be
across all PEs connected to the same Ethernet Segment. same across all PEs connected to the same Ethernet Segment.
3. When the timer expires, each PE builds an ordered list of the IP 3. When the timer expires, each PE builds an ordered list of the IP
addresses of all the PE nodes connected to the Ethernet Segment addresses of all the PE nodes connected to the Ethernet Segment
(including itself), in increasing numeric value. Each IP address in (including itself), in increasing numeric value. Each IP address in
this list is extracted from the "Originator Router's IP address" this list is extracted from the "Originator Router's IP address"
field of the advertised Ethernet Segment route. Every PE is then field of the advertised Ethernet Segment route. Every PE is then
given an ordinal indicating its position in the ordered list, given an ordinal indicating its position in the ordered list,
starting with 0 as the ordinal for the PE with the numerically lowest starting with 0 as the ordinal for the PE with the numerically lowest
IP address. The ordinals are used to determine which PE node will be IP address. The ordinals are used to determine which PE node will be
the DF for a given EVPN instance on the Ethernet Segment using the the DF for a given EVPN instance on the Ethernet Segment using the
following rule: Assuming a redundancy group of N PE nodes, the PE following rule:
with ordinal i is the DF for an EVPN instance with an associated
Ethernet Tag value V when (V mod N) = i. In the case where multiple Assuming a redundancy group of N PE nodes, the PE with ordinal i is
Ethernet Tags are associated with a single EVPN instance, then the the DF for an EVPN instance with an associated Ethernet Tag value V
numerically lowest Ethernet Tag value in that EVPN instance MUST be when (V mod N) = i. In the case where multiple Ethernet Tags are
used in the modulo function. associated with a single EVPN instance, then the numerically lowest
Ethernet Tag value in that EVPN instance on that ES MUST be used in
the modulo function.
It should be noted that using "Originator Router's IP address" field It should be noted that using "Originator Router's IP address" field
in the Ethernet Segment route to get the PE IP address needed for the in the Ethernet Segment route to get the PE IP address needed for the
ordered list, allows for a CE to be multi-homed across different ASes ordered list, allows for a CE to be multi-homed across different ASes
if such need ever arises. if such need ever arises.
4. The PE that is elected as a DF for a given EVPN instance will 4. The PE that is elected as a DF for a given EVPN instance will
unblock traffic for the Ethernet Tags associated with that EVPN unblock traffic for the Ethernet Tags associated with that EVPN
instance. Note that the DF PE unblocks multi-destination traffic in instance. Note that the DF PE unblocks multi-destination traffic in
the egress direction towards the Segment. All non-DF PEs continue to the egress direction towards the Segment. All non-DF PEs continue to
skipping to change at page 34, line 25 skipping to change at page 34, line 28
11.1. Constructing Inclusive Multicast Ethernet Tag Route 11.1. Constructing Inclusive Multicast Ethernet Tag Route
The RD MUST be the RD of the EVI that is advertising the NLRI. The The RD MUST be the RD of the EVI that is advertising the NLRI. The
procedures for setting the RD for a given EVPN instance on a PE are procedures for setting the RD for a given EVPN instance on a PE are
described in section 7.9. described in section 7.9.
The Ethernet Tag ID is the identifier of the Ethernet Tag. It may be The Ethernet Tag ID is the identifier of the Ethernet Tag. It may be
set to 0 or to a valid Ethernet Tag value. set to 0 or to a valid Ethernet Tag value.
The Originating Router's IP address MUST be set to an IP address of The Originating Router's IP address MUST be set to an IP address of
the PE. This address SHOULD be common for all the EVIs on the PE the PE that should be common for all the EVIs on the PE (e.,g., this
(e.,g., this address may be PE's loopback address). The IP Address address may be PE's loopback address). The IP Address Length field is
Length field is in bits. in bits.
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST The Next Hop field of the MP_REACH_NLRI attribute of the route MUST
be set to the same IP address as the one carried in the Originating be set to the same IP address as the one carried in the Originating
Router's IP Address field. Router's IP Address field.
The BGP advertisement for the Inclusive Multicast Ethernet Tag route The BGP advertisement for the Inclusive Multicast Ethernet Tag route
MUST also carry one or more Route Target (RT) attributes. The MUST also carry one or more Route Target (RT) attributes. The
assignment of RTs described in the section 7.10 MUST be followed. assignment of RTs described in the section 7.10 MUST be followed.
11.2. P-Tunnel Identification 11.2. P-Tunnel Identification
skipping to change at page 48, line 29 skipping to change at page 48, line 30
amounts of traffic). amounts of traffic).
The mechanisms in this document use BGP for the control plane. Hence, The mechanisms in this document use BGP for the control plane. Hence,
techniques such as in [RFC5925] help authenticate BGP messages, techniques such as in [RFC5925] help authenticate BGP messages,
making it harder to spoof updates (which can be used to divert EVPN making it harder to spoof updates (which can be used to divert EVPN
traffic to the wrong EVPN instance) or withdrawals (denial-of-service traffic to the wrong EVPN instance) or withdrawals (denial-of-service
attacks). In the multi-AS methods (b) and (c), this also means attacks). In the multi-AS methods (b) and (c), this also means
protecting the inter-AS BGP sessions, between the ASBRs, the PEs, or protecting the inter-AS BGP sessions, between the ASBRs, the PEs, or
the Route Reflectors. the Route Reflectors.
Further discussion of security considerations for BGP may be found in
the BGP specification itself [RFC4271] and in the security analysis
for BGP [RFC4272]. The original discussion of the use of the TCP MD5
signature option to protect BGP sessions is found in [RFC5925], while
[RFC6952] includes an analysis of BGP keying and authentication
issues.
Note that [RFC5925] will not help in keeping MPLS labels private -- Note that [RFC5925] will not help in keeping MPLS labels private --
knowing the labels, one can eavesdrop on EVPN traffic. However, this knowing the labels, one can eavesdrop on EVPN traffic. Such
requires access to the data path within an SP network, which is eavesdropping additionally requires access to the data path within an
assumed to be composed of trusted nodes/links. SP network. Users of VPN services are expected to take appropriate
precautions (such as encryption) to protect the data exchanged over a
VPN.
One of the requirements for protecting the data plane is that the One of the requirements for protecting the data plane is that the
MPLS labels be accepted only from valid interfaces. For a PE, valid MPLS labels be accepted only from valid interfaces. For a PE, valid
interfaces comprise links from other routers in the PE's own AS. For interfaces comprise links from other routers in the PE's own AS. For
an ASBR, valid interfaces comprise links from other routers in the an ASBR, valid interfaces comprise links from other routers in the
ASBR's own AS, and links from other ASBRs in ASes that have instances ASBR's own AS, and links from other ASBRs in ASes that have instances
of a given EVPN. It is especially important in the case of multi-AS of a given EVPN. It is especially important in the case of multi-AS
EVPN instances that one accept EVPN packets only from valid EVPN instances that one accept EVPN packets only from valid
interfaces. interfaces.
skipping to change at page 49, line 28 skipping to change at page 49, line 37
Florin Balus Florin Balus
Nuage Networks Nuage Networks
22. IANA Considerations 22. IANA Considerations
This document defines a new NLRI, called "EVPN", to be carried in BGP This document defines a new NLRI, called "EVPN", to be carried in BGP
using multiprotocol extensions. This NLRI uses the existing AFI of using multiprotocol extensions. This NLRI uses the existing AFI of
25 (L2VPN). IANA has assigned it a SAFI value of 70. 25 (L2VPN). IANA has assigned it a SAFI value of 70.
IANA has allocated the following EVPN Extended Community sub-types IANA has allocated the following EVPN Extended Community sub-types in
and this document is the only reference for them. [RFC7153] and this document is the only reference for them.
0x00 MAC Mobility [this document] 0x00 MAC Mobility [this document]
0x01 ESI Label [this document] 0x01 ESI Label [this document]
0x02 ES-Import Route Target [this document] 0x02 ES-Import Route Target [this document]
This document is creating a registry called "EVPN Route Types." New This document is creating a registry called "EVPN Route Types." New
registrations will be made through the "RFC Required" procedure registrations will be made through the "RFC Required" procedure
defined in [RFC5226]. The registry has no maximum value. Initial defined in [RFC5226]. The registry has a maximum value of 255.
registrations are as follows: Initial registrations are as follows:
0 RESERVED
1 Ethernet Auto-Discovery [this document] 1 Ethernet Auto-Discovery [this document]
2 MAC/IP Advertisement [this document] 2 MAC/IP Advertisement [this document]
3 Inclusive Multicast Ethernet Tag [this document] 3 Inclusive Multicast Ethernet Tag [this document]
4 Ethernet Segment [this document] 4 Ethernet Segment [this document]
23. References 23. References
23.1 Normative References 23.1 Normative References
[RFC4364] "BGP/MPLS IP VPNs", Rosen, Rekhter, et. al., February 2006 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service [RFC4364] Rosen, Rekhter, et. al., "BGP/MPLS IP VPNs", February 2006
[RFC4761] Kompella, K. and Y. Rekhter, "Virtual Private LAN Service
(VPLS) Using BGP for Auto-Discovery and Signaling", RFC (VPLS) Using BGP for Auto-Discovery and Signaling", RFC
4761, January 2007. 4761, January 2007.
[RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service [RFC4762] Lasserre, M. and V. Kompella, "Virtual Private LAN Service
(VPLS) Using Label Distribution Protocol (LDP) Signaling", (VPLS) Using Label Distribution Protocol (LDP) Signaling",
RFC 4762, January 2007. RFC 4762, January 2007.
[RFC4271] Y. Rekhter et. al., "A Border Gateway Protocol 4 (BGP-4)", [RFC4271] Y. Rekhter et. al., "A Border Gateway Protocol 4 (BGP-4)",
RFC 4271, January 2006 RFC 4271, January 2006
[RFC4760] T. Bates et. al., "Multiprotocol Extensions for BGP-4", RFC [RFC4760] T. Bates et. al., "Multiprotocol Extensions for BGP-4",
4760, January 2007 RFC 4760, January 2007
23.2 Informative References [RFC7153] E. Rosen et. al., "IANA Registries for BGP Extended
Communities", RFC 7153, March 2014
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 23.2 Informative References
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC7209] A. Sajassi, R. Aggarwal et. al., "Requirements for Ethernet [RFC7209] A. Sajassi, R. Aggarwal et. al., "Requirements for
VPN", May 2014. Ethernet VPN", May 2014.
[RFC7117] R. Aggarwal et.al., "Multicast in Virtual Private LAN [RFC7117] R. Aggarwal et.al., "Multicast in Virtual Private LAN
Service (VPLS)", February 2014. Service (VPLS)", February 2014.
[RFC4684] P. Marques et. al., "Constrained Route Distribution for [RFC4684] P. Marques et. al., "Constrained Route Distribution for
Border Gateway Protocol/MultiProtocol Label Switching Border Gateway Protocol/MultiProtocol Label Switching
(BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks
(VPNs)", RFC 4684, November 2006. (VPNs)", RFC 4684, November 2006.
[RFC6790] K. Kompella et. al, "The Use of Entropy Labels in MPLS [RFC6790] K. Kompella et. al, "The Use of Entropy Labels in MPLS
Forwarding", RFC 6790, November 2012. Forwarding", RFC 6790, November 2012.
[RFC4385] S. Bryant et. al, "PWE3 Control Word for Use over an MPLS [RFC4385] S. Bryant et. al, "PWE3 Control Word for Use over an MPLS
PSN", RFC 4385, February 2006 PSN", RFC 4385, February 2006
[RFC5925] J. Touch et. al., "The TCP Authentication Option", RFC [RFC5925] J. Touch et. al., "The TCP Authentication Option", RFC
5925, June 2010 5925, June 2010
[RFC5226] T. Narten et. al., "Guidelines for Writing an IANA [RFC5226] T. Narten et. al., "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 5226, May 2008 Considerations Section in RFCs", RFC 5226, May 2008
[RFC4272] S. Murphy, "BGP Security Vulnerabilities Analysis", RFC
4272, January 2006
[RFC6952] M. Jethanandani et. al., "Analysis of BGP, LDP, PCEP, and
MSDP Issues According to the Keying and Authentication
for Routing Protocols (KARP) Design Guide", RFC 6952, May
2013
[802.1Q] "IEEE Standard for Local and metropolitan area networks -
Media Access Control (MAC) Bridges and Virtual Bridged
Local Area Networks", IEEE Std 802.1Q(tm), 2012 Edition,
October 2012.
24. Author's Address 24. Author's Address
Ali Sajassi Ali Sajassi
Cisco Cisco
Email: sajassi@cisco.com Email: sajassi@cisco.com
Rahul Aggarwal Rahul Aggarwal
Email: raggarwa_1@yahoo.com Email: raggarwa_1@yahoo.com
Nabil Bitar Nabil Bitar
 End of changes. 38 change blocks. 
62 lines changed or deleted 96 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/