draft-ietf-rtgwg-bgp-routing-large-dc-02.txt   draft-ietf-rtgwg-bgp-routing-large-dc-03.txt 
Routing Area Working Group P. Lapukhov Routing Area Working Group P. Lapukhov
Internet-Draft Facebook Internet-Draft Facebook
Intended status: Informational A. Premji Intended status: Informational A. Premji
Expires: October 22, 2015 Arista Networks Expires: December 17, 2015 Arista Networks
J. Mitchell, Ed. J. Mitchell, Ed.
April 20, 2015 Google
June 15, 2015
Use of BGP for routing in large-scale data centers Use of BGP for routing in large-scale data centers
draft-ietf-rtgwg-bgp-routing-large-dc-02 draft-ietf-rtgwg-bgp-routing-large-dc-03
Abstract Abstract
Some network operators build and operate data centers that support Some network operators build and operate data centers that support
over one hundred thousand servers. In this document, such data over one hundred thousand servers. In this document, such data
centers are referred to as "large-scale" to differentiate them from centers are referred to as "large-scale" to differentiate them from
smaller infrastructures. Environments of this scale have a unique smaller infrastructures. Environments of this scale have a unique
set of network requirements with an emphasis on operational set of network requirements with an emphasis on operational
simplicity and network stability. This document summarizes simplicity and network stability. This document summarizes
operational experience in designing and operating large-scale data operational experience in designing and operating large-scale data
skipping to change at page 1, line 41 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 22, 2015. This Internet-Draft will expire on December 17, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 20 skipping to change at page 2, line 23
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Network Design Requirements . . . . . . . . . . . . . . . . . 4 2. Network Design Requirements . . . . . . . . . . . . . . . . . 4
2.1. Bandwidth and Traffic Patterns . . . . . . . . . . . . . 4 2.1. Bandwidth and Traffic Patterns . . . . . . . . . . . . . 4
2.2. CAPEX Minimization . . . . . . . . . . . . . . . . . . . 4 2.2. CAPEX Minimization . . . . . . . . . . . . . . . . . . . 4
2.3. OPEX Minimization . . . . . . . . . . . . . . . . . . . . 5 2.3. OPEX Minimization . . . . . . . . . . . . . . . . . . . . 5
2.4. Traffic Engineering . . . . . . . . . . . . . . . . . . . 5 2.4. Traffic Engineering . . . . . . . . . . . . . . . . . . . 5
2.5. Summarized Requirements . . . . . . . . . . . . . . . . . 5 2.5. Summarized Requirements . . . . . . . . . . . . . . . . . 6
3. Data Center Topologies Overview . . . . . . . . . . . . . . . 6 3. Data Center Topologies Overview . . . . . . . . . . . . . . . 6
3.1. Traditional DC Topology . . . . . . . . . . . . . . . . . 6 3.1. Traditional DC Topology . . . . . . . . . . . . . . . . . 6
3.2. Clos Network topology . . . . . . . . . . . . . . . . . . 7 3.2. Clos Network topology . . . . . . . . . . . . . . . . . . 7
3.2.1. Overview . . . . . . . . . . . . . . . . . . . . . . 7 3.2.1. Overview . . . . . . . . . . . . . . . . . . . . . . 7
3.2.2. Clos Topology Properties . . . . . . . . . . . . . . 8 3.2.2. Clos Topology Properties . . . . . . . . . . . . . . 8
3.2.3. Scaling the Clos topology . . . . . . . . . . . . . . 9 3.2.3. Scaling the Clos topology . . . . . . . . . . . . . . 9
3.2.4. Managing the Size of Clos Topology Tiers . . . . . . 10 3.2.4. Managing the Size of Clos Topology Tiers . . . . . . 10
4. Data Center Routing Overview . . . . . . . . . . . . . . . . 10 4. Data Center Routing Overview . . . . . . . . . . . . . . . . 11
4.1. Layer 2 Only Designs . . . . . . . . . . . . . . . . . . 11 4.1. Layer 2 Only Designs . . . . . . . . . . . . . . . . . . 11
4.2. Hybrid L2/L3 Designs . . . . . . . . . . . . . . . . . . 11 4.2. Hybrid L2/L3 Designs . . . . . . . . . . . . . . . . . . 12
4.3. Layer 3 Only Designs . . . . . . . . . . . . . . . . . . 12 4.3. Layer 3 Only Designs . . . . . . . . . . . . . . . . . . 12
5. Routing Protocol Selection and Design . . . . . . . . . . . . 12 5. Routing Protocol Selection and Design . . . . . . . . . . . . 13
5.1. Choosing EBGP as the Routing Protocol . . . . . . . . . . 13 5.1. Choosing EBGP as the Routing Protocol . . . . . . . . . . 13
5.2. EBGP Configuration for Clos topology . . . . . . . . . . 14 5.2. EBGP Configuration for Clos topology . . . . . . . . . . 14
5.2.1. Example ASN Scheme . . . . . . . . . . . . . . . . . 14 5.2.1. EBGP Configuration Guidelines and Example ASN Scheme 15
5.2.2. Private Use BGP ASNs . . . . . . . . . . . . . . . . 15 5.2.2. Private Use ASNs . . . . . . . . . . . . . . . . . . 16
5.2.3. Prefix Advertisement . . . . . . . . . . . . . . . . 16 5.2.3. Prefix Advertisement . . . . . . . . . . . . . . . . 17
5.2.4. External Connectivity . . . . . . . . . . . . . . . . 17 5.2.4. External Connectivity . . . . . . . . . . . . . . . . 18
5.2.5. Route Summarization at the Edge . . . . . . . . . . . 18 5.2.5. Route Summarization at the Edge . . . . . . . . . . . 19
6. ECMP Considerations . . . . . . . . . . . . . . . . . . . . . 19 6. ECMP Considerations . . . . . . . . . . . . . . . . . . . . . 19
6.1. Basic ECMP . . . . . . . . . . . . . . . . . . . . . . . 19 6.1. Basic ECMP . . . . . . . . . . . . . . . . . . . . . . . 20
6.2. BGP ECMP over Multiple ASNs . . . . . . . . . . . . . . . 20 6.2. BGP ECMP over Multiple ASNs . . . . . . . . . . . . . . . 21
6.3. Weighted ECMP . . . . . . . . . . . . . . . . . . . . . . 20 6.3. Weighted ECMP . . . . . . . . . . . . . . . . . . . . . . 21
6.4. Consistent Hashing . . . . . . . . . . . . . . . . . . . 21 6.4. Consistent Hashing . . . . . . . . . . . . . . . . . . . 22
7. Routing Convergence Properties . . . . . . . . . . . . . . . 21 7. Routing Convergence Properties . . . . . . . . . . . . . . . 22
7.1. Fault Detection Timing . . . . . . . . . . . . . . . . . 21 7.1. Fault Detection Timing . . . . . . . . . . . . . . . . . 22
7.2. Event Propagation Timing . . . . . . . . . . . . . . . . 22 7.2. Event Propagation Timing . . . . . . . . . . . . . . . . 23
7.3. Impact of Clos Topology Fan-outs . . . . . . . . . . . . 22 7.3. Impact of Clos Topology Fan-outs . . . . . . . . . . . . 23
7.4. Failure Impact Scope . . . . . . . . . . . . . . . . . . 23 7.4. Failure Impact Scope . . . . . . . . . . . . . . . . . . 24
7.5. Routing Micro-Loops . . . . . . . . . . . . . . . . . . . 24 7.5. Routing Micro-Loops . . . . . . . . . . . . . . . . . . . 25
8. Additional Options for Design . . . . . . . . . . . . . . . . 25 8. Additional Options for Design . . . . . . . . . . . . . . . . 26
8.1. Third-party Route Injection . . . . . . . . . . . . . . . 25 8.1. Third-party Route Injection . . . . . . . . . . . . . . . 26
8.2. Route Summarization within Clos Topology . . . . . . . . 25 8.2. Route Summarization within Clos Topology . . . . . . . . 26
8.2.1. Collapsing Tier-1 Devices Layer . . . . . . . . . . . 26 8.2.1. Collapsing Tier-1 Devices Layer . . . . . . . . . . . 27
8.2.2. Simple Virtual Aggregation . . . . . . . . . . . . . 27 8.2.2. Simple Virtual Aggregation . . . . . . . . . . . . . 28
8.3. ICMP Unreachable Message Masquerading . . . . . . . . . . 27 8.3. ICMP Unreachable Message Masquerading . . . . . . . . . . 29
9. Security Considerations . . . . . . . . . . . . . . . . . . . 28 9. Security Considerations . . . . . . . . . . . . . . . . . . . 29
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 28 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 29 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 30
12.1. Normative References . . . . . . . . . . . . . . . . . . 29 12.1. Normative References . . . . . . . . . . . . . . . . . . 30
12.2. Informative References . . . . . . . . . . . . . . . . . 29 12.2. Informative References . . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 31 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33
1. Introduction 1. Introduction
This document describes a practical routing design that can be used This document describes a practical routing design that can be used
in a large-scale data center ("DC") design. Such data centers, also in a large-scale data center ("DC") design. Such data centers, also
known as hyper-scale or warehouse-scale data-centers, have a unique known as hyper-scale or warehouse-scale data centers, have a unique
attribute of supporting over a hundred thousand servers. In order to attribute of supporting over a hundred thousand servers. In order to
accommodate networks of this scale, operators are revisiting accommodate networks of this scale, operators are revisiting
networking designs and platforms to address this need. networking designs and platforms to address this need.
The design presented in this document is based on operational The design presented in this document is based on operational
experience with data centers built to support large scale distributed experience with data centers built to support large-scale distributed
software infrastructure, such as a Web search engine. The primary software infrastructure, such as a Web search engine. The primary
requirements in such an environment are operational simplicity and requirements in such an environment are operational simplicity and
network stability so that a small group of people can effectively network stability so that a small group of people can effectively
support a significantly sized network. support a significantly sized network.
After experimentation and extensive testing, Microsoft chose to use After experimentation and extensive testing, Microsoft chose to use
an end-to-end routed network infrastructure with External BGP (EBGP) an end-to-end routed network infrastructure with External BGP (EBGP)
[RFC4271] as the only routing protocol for some of its DC [RFC4271] as the only routing protocol for some of its DC
deployments. This is in contrast with more traditional DC designs, deployments. This is in contrast with more traditional DC designs,
which may use simple tree topologies and rely on extending Layer 2 which may use simple tree topologies and rely on extending Layer 2
domains across multiple network devices. This document elaborates on domains across multiple network devices. This document elaborates on
the requirements that led to this design choice and presents details the requirements that led to this design choice and presents details
of the EBGP routing design as well as explores ideas for further of the EBGP routing design as well as explores ideas for further
enhancements. enhancements.
This document first presents an overview of network design This document first presents an overview of network design
requirements and considerations for large-scale data centers. Then requirements and considerations for large-scale data centers. Then
traditional hierarchical data center network topologies are traditional hierarchical data center network topologies are
contrasted with Clos networks that are horizontally scaled out. This contrasted with Clos networks [CLOS1953] that are horizontally scaled
is followed by arguments for selecting EBGP with a Clos topology as out. This is followed by arguments for selecting EBGP with a Clos
the most appropriate routing protocol to meet the requirements and topology as the most appropriate routing protocol to meet the
the proposed design is described in detail. Finally, the document requirements and the proposed design is described in detail.
reviews some additional considerations and design options.
Finally, the document reviews some additional considerations and
design options.
2. Network Design Requirements 2. Network Design Requirements
This section describes and summarizes network design requirements for This section describes and summarizes network design requirements for
large-scale data centers. large-scale data centers.
2.1. Bandwidth and Traffic Patterns 2.1. Bandwidth and Traffic Patterns
The primary requirement when building an interconnection network for The primary requirement when building an interconnection network for
large number of servers is to accommodate application bandwidth and large number of servers is to accommodate application bandwidth and
latency requirements. Until recently it was quite common to see the latency requirements. Until recently it was quite common to see the
majority of traffic entering and leaving the data center, commonly majority of traffic entering and leaving the data center, commonly
referred to as "north-south" traffic. As a result, traditional referred to as "north-south" traffic. As a result, traditional
"tree" topologies were sufficient to accommodate such flows, even "tree" topologies were sufficient to accommodate such flows, even
with high oversubscription ratios between the layers of the network. with high oversubscription ratios between the layers of the network.
If more bandwidth was required, it was added by "scaling up" the If more bandwidth was required, it was added by "scaling up" the
network elements, e.g. by upgrading the device's line-cards or network elements, e.g. by upgrading the device's linecards or fabrics
fabrics or replacing the device with one with higher port density. or replacing the device with one with higher port density.
Today many large-scale data centers host applications generating Today many large-scale data centers host applications generating
significant amounts of server-to-server traffic, which does not significant amounts of server-to-server traffic, which does not
egress the DC, commonly referred to as "east-west" traffic. Examples egress the DC, commonly referred to as "east-west" traffic. Examples
of such applications could be compute clusters such as Hadoop, of such applications could be compute clusters such as Hadoop
massive data replication between clusters needed by certain [HADOOP], massive data replication between clusters needed by certain
applications, or virtual machine migrations. Scaling traditional applications, or virtual machine migrations. Scaling traditional
tree topologies to match these bandwidth demands becomes either too tree topologies to match these bandwidth demands becomes either too
expensive or impossible due to physical limitations, e.g. port expensive or impossible due to physical limitations, e.g. port
density in a switch. density in a switch.
2.2. CAPEX Minimization 2.2. CAPEX Minimization
The cost of the network infrastructure alone (CAPEX) constitutes The Capital Expenditures (CAPEX) associated with the network
about 10-15% of total data center expenditure (see [GREENBERG2009]). infrastructure alone constitutes about 10-15% of total data center
However, the absolute cost is significant, and hence there is a need expenditure (see [GREENBERG2009]). However, the absolute cost is
to constantly drive down the cost of individual network elements. significant, and hence there is a need to constantly drive down the
This can be accomplished in two ways: cost of individual network elements. This can be accomplished in two
ways:
o Unifying all network elements, preferably using the same hardware o Unifying all network elements, preferably using the same hardware
type or even the same device. This allows for volume pricing on type or even the same device. This allows for volume pricing on
bulk purchases. bulk purchases.
o Driving costs down using competitive pressures, by introducing o Driving costs down using competitive pressures, by introducing
multiple network equipment vendors. multiple network equipment vendors.
In order to allow for good vendor diversity it is important to In order to allow for good vendor diversity it is important to
minimize the software feature requirements for the network elements. minimize the software feature requirements for the network elements.
This strategy provides maximum flexibility of vendor equipment This strategy provides maximum flexibility of vendor equipment
choices while enforcing interoperability using open standards. choices while enforcing interoperability using open standards.
2.3. OPEX Minimization 2.3. OPEX Minimization
Operating large-scale infrastructure could be expensive, provided Operating large-scale infrastructure could be expensive, provided
that larger amount of elements will statistically fail more often. that a larger amount of elements will statistically fail more often.
Having a simpler design and operating using a limited software Having a simpler design and operating using a limited software
feature-set minimizes software issue related failures. feature set minimizes software issue-related failures.
An important aspect of OPEX minimization is reducing size of failure An important aspect of Operational Expenditure (OPEX) minimization is
domains in the network. Ethernet networks are known to be reducing size of failure domains in the network. Ethernet networks
susceptible to broadcast or unicast traffic storms that have dramatic are known to be susceptible to broadcast or unicast traffic storms
impact on network performance and availability. The use of a fully that can have a dramatic impact on network performance and
routed design significantly reduces the size of the data-plane availability. The use of a fully routed design significantly reduces
failure domains - i.e. limits them to the lowest level in the network the size of the data plane failure domains - i.e. limits them to the
hierarchy. However, such designs introduce the problem of lowest level in the network hierarchy. However, such designs
distributed control-plane failures. This observation calls for introduce the problem of distributed control plane failures. This
simpler control-plane protocols that are expected to have less observation calls for simpler control plane protocols that are
chances of network meltdown. Minimizing software feature expected to have less chances of network meltdown. Minimizing
requirements as described in the CAPEX section above also reduces software feature requirements as described in the CAPEX section above
testing and training requirements. also reduces testing and training requirements.
2.4. Traffic Engineering 2.4. Traffic Engineering
In any data center, application load-balancing is a critical function In any data center, application load balancing is a critical function
performed by network devices. Traditionally, load-balancers are performed by network devices. Traditionally, load balancers are
deployed as dedicated devices in the traffic forwarding path. The deployed as dedicated devices in the traffic forwarding path. The
problem arises in scaling load-balancers under growing traffic problem arises in scaling load balancers under growing traffic
demand. A preferable solution would be able to scale load-balancing demand. A preferable solution would be able to scale load balancing
layer horizontally, by adding more of the uniform nodes and layer horizontally, by adding more of the uniform nodes and
distributing incoming traffic across these nodes. In situation like distributing incoming traffic across these nodes. In situation like
this, an ideal choice would be to use network infrastructure itself this, an ideal choice would be to use network infrastructure itself
to distribute traffic across a group of load-balancers. The to distribute traffic across a group of load balancers. The
combination of Anycast prefix advertisement [RFC4786] and Equal Cost combination of Anycast prefix advertisement [RFC4786] and Equal Cost
Multipath (ECMP) functionality can be used to accomplish this goal. Multipath (ECMP) functionality can be used to accomplish this goal.
To allow for more granular load-distribution, it is beneficial for To allow for more granular load distribution, it is beneficial for
the network to support the ability to perform controlled per-hop the network to support the ability to perform controlled per-hop
traffic engineering. For example, it is beneficial to directly traffic engineering. For example, it is beneficial to directly
control the ECMP next-hop set for Anycast prefixes at every level of control the ECMP next-hop set for Anycast prefixes at every level of
network hierarchy. network hierarchy.
2.5. Summarized Requirements 2.5. Summarized Requirements
This section summarizes the list of requirements outlined in the This section summarizes the list of requirements outlined in the
previous sections: previous sections:
skipping to change at page 6, line 28 skipping to change at page 6, line 37
3. Data Center Topologies Overview 3. Data Center Topologies Overview
This section provides an overview of two general types of data center This section provides an overview of two general types of data center
designs - hierarchical (also known as tree based) and Clos based designs - hierarchical (also known as tree based) and Clos based
network designs. network designs.
3.1. Traditional DC Topology 3.1. Traditional DC Topology
In the networking industry, a common design choice for data centers In the networking industry, a common design choice for data centers
typically look like a (upside-down) tree with redundant uplinks and typically look like a (upside down) tree with redundant uplinks and
three layers of hierarchy namely core, aggregation/distribution and three layers of hierarchy namely; core, aggregation/distribution and
access layers (see Figure 1). To accommodate bandwidth demands, each access layers (see Figure 1). To accommodate bandwidth demands, each
higher layer, from server towards DC egress or WAN, has higher port higher layer, from server towards DC egress or WAN, has higher port
density and bandwidth capacity where the core functions as the density and bandwidth capacity where the core functions as the
"trunk" of the tree based design. To keep terminology uniform and "trunk" of the tree based design. To keep terminology uniform and
for comparison with other designs, in this document these layers will for comparison with other designs, in this document these layers will
be referred to as Tier-1, Tier-2 and Tier-3 "tiers" instead of Core, be referred to as Tier-1, Tier-2 and Tier-3 "tiers", instead of Core,
Aggregation or Access layers. Aggregation or Access layers.
+------+ +------+ +------+ +------+
| | | | | | | |
| |--| | Tier-1 | |--| | Tier-1
| | | | | | | |
+------+ +------+ +------+ +------+
| | | | | | | |
+---------+ | | +----------+ +---------+ | | +----------+
| +-------+--+------+--+-------+ | | +-------+--+------+--+-------+ |
skipping to change at page 7, line 32 skipping to change at page 7, line 32
+-| |-+ +-| |-+ Tier-3 +-| |-+ +-| |-+ Tier-3
+-----+ +-----+ +-----+ +-----+
| | | | | | | | | | | |
<- Servers -> <- Servers -> <- Servers -> <- Servers ->
Figure 1: Typical DC network topology Figure 1: Typical DC network topology
3.2. Clos Network topology 3.2. Clos Network topology
This section describes a common design for horizontally scalable This section describes a common design for horizontally scalable
topology in large scale data centers in order to meet REQ1. topology in large-scale data centers in order to meet REQ1.
3.2.1. Overview 3.2.1. Overview
A common choice for a horizontally scalable topology is a folded Clos A common choice for a horizontally scalable topology is a folded Clos
topology, sometimes called "fat-tree" (see, for example, [INTERCON] topology, sometimes called "fat-tree" (see, for example, [INTERCON]
and [ALFARES2008]). This topology features an odd number of stages and [ALFARES2008]). This topology features an odd number of stages
(sometimes known as dimensions) and is commonly made of uniform (sometimes known as dimensions) and is commonly made of uniform
elements, e.g. network switches with the same port count. Therefore, elements, e.g. network switches with the same port count. Therefore,
the choice of folded Clos topology satisfies REQ1 and facilitates the choice of folded Clos topology satisfies REQ1 and facilitates
REQ2. See Figure 2 below for an example of a folded 3-stage Clos REQ2. See Figure 2 below for an example of a folded 3-stage Clos
skipping to change at page 8, line 48 skipping to change at page 8, line 48
3.2.2. Clos Topology Properties 3.2.2. Clos Topology Properties
The following are some key properties of the Clos topology: The following are some key properties of the Clos topology:
o The topology is fully non-blocking (or more accurately: non- o The topology is fully non-blocking (or more accurately: non-
interfering) if M >= N and oversubscribed by a factor of N/M interfering) if M >= N and oversubscribed by a factor of N/M
otherwise. Here M and N is the uplink and downlink port count otherwise. Here M and N is the uplink and downlink port count
respectively, for a Tier-2 switch as shown in Figure 2. respectively, for a Tier-2 switch as shown in Figure 2.
o Utilizing this topology requires control and data plane supporting o Utilizing this topology requires control and data plane support
ECMP with the fan-out of M or more. for ECMP with a fan-out of M or more.
o Tier-1 switches have exactly one path to every server in this o Tier-1 switches have exactly one path to every server in this
topology. This is an important property that makes route topology. This is an important property that makes route
summarization impossible in this topology (see Section 8.2 below). summarization impossible in this topology (see Section 8.2 below).
o Traffic flowing from server to server is load-balanced over all o Traffic flowing from server to server is load balanced over all
available paths using ECMP. available paths using ECMP.
3.2.3. Scaling the Clos topology 3.2.3. Scaling the Clos topology
A Clos topology can be scaled either by increasing network element A Clos topology can be scaled either by increasing network element
port density or adding more stages, e.g. moving to a 5-stage Clos, as port density or adding more stages, e.g. moving to a 5-stage Clos, as
illustrated in Figure 3 below: illustrated in Figure 3 below:
Tier-1 Tier-1
+-----+ +-----+
| | Cluster | |
+--| |--+ +----------------------------+ +--| |--+
| +-----+ | | | | +-----+ |
Tier-2 | | Tier-2 | Tier-2 | | | Tier-2
+-----+ | +-----+ | +-----+ | +-----+ | | +-----+ | +-----+
+-------------| DEV |--+--| |--+--| |-------------+ | +-------------| DEV |------+--| |--+--| |-------------+
| +-----| C |--+ | | +--| |-----+ | | | +-----| C |------+ | | +--| |-----+ |
| | +-----+ +-----+ +-----+ | | | | | +-----+ | +-----+ +-----+ | |
| | | | | | | | | |
| | +-----+ +-----+ +-----+ | | | | | +-----+ | +-----+ +-----+ | |
| +-----+-----| DEV |--+ | | +--| |-----+-----+ | | | +-----------| DEV |------+ | | +--| |-----------+ |
| | | +---| D |--+--| |--+--| |---+ | | | | | | | +---| D |------+--| |--+--| |---+ | | |
| | | | +-----+ | +-----+ | +-----+ | | | | | | | | | +-----+ | | +-----+ | +-----+ | | | |
| | | | | | | | | | | | | | | | | | | | | |
+-----+ +-----+ | +-----+ | +-----+ +-----+ | +-----+ +-----+ | | +-----+ | +-----+ +-----+
| DEV | | DEV | +--| |--+ | | | | | | DEV | | DEV | | +--| |--+ | | | |
| A | | B | Tier-3 | | Tier-3 | | | | | | A | | B | Tier-3 | | | Tier-3 | | | |
+-----+ +-----+ +-----+ +-----+ +-----+ | +-----+ +-----+ | +-----+ +-----+ +-----+
| | | | | | | | | | | | | | | | | |
O O O O O O O O | O O O O | O O O O
Servers Servers | Servers | Servers
+----------------------------+
Figure 3: 5-Stage Clos topology Figure 3: 5-Stage Clos topology
The small example topology on Figure 3 is built from devices with a The small example topology on Figure 3 is built from devices with a
port count of 4 and provides full bisectional bandwidth to all port count of 4 and provides full bisectional bandwidth to all
connected servers. In this document, one set of directly connected connected servers. In this document, one set of directly connected
Tier-2 and Tier-3 devices along with their attached servers will be Tier-2 and Tier-3 devices along with their attached servers will be
referred to as a "cluster". For example, DEV A, B, C, D, and the referred to as a "cluster". For example, DEV A, B, C, D, and the
servers that connect to DEV A and B, on Figure 3 form a cluster. servers that connect to DEV A and B, on Figure 3 form a cluster. The
concept of a cluster may also be a useful concept as a single
deployment or maintenance unit which can be operated on at a
different frequency than the entire topology.
In practice, the Tier-3 layer of the network, which are typically top In practice, the Tier-3 layer of the network, which are typically top
of rack switches (ToRs), is where oversubscription is introduced to of rack switches (ToRs), is where oversubscription is introduced to
allow for packaging of more servers in the data center while meeting allow for packaging of more servers in the data center while meeting
the bandwidth requirements for different types of applications. The the bandwidth requirements for different types of applications. The
main reason to limit oversubscription at a single layer of the main reason to limit oversubscription at a single layer of the
network is to simplify application development that would otherwise network is to simplify application development that would otherwise
need to account for multiple bandwidth pools: within rack (Tier-3), need to account for multiple bandwidth pools: within rack (Tier-3),
between racks (Tier-2), and between clusters (Tier-1). Since between racks (Tier-2), and between clusters (Tier-1). Since
oversubscription does not have a direct relationship to the routing oversubscription does not have a direct relationship to the routing
design it is not discussed further in this document. design it is not discussed further in this document.
3.2.4. Managing the Size of Clos Topology Tiers 3.2.4. Managing the Size of Clos Topology Tiers
If a data-center network size is small, it is possible to reduce the If a data center network size is small, it is possible to reduce the
number of switches in Tier-1 or Tier-2 of Clos topology by a power of number of switches in Tier-1 or Tier-2 of Clos topology by a power of
two. To understand how this could be done, take Tier-1 as an two. To understand how this could be done, take Tier-1 as an
example. Every Tier-2 device connects to a single group of Tier-1 example. Every Tier-2 device connects to a single group of Tier-1
devices. If half of the ports on each of the Tier-1 devices are not devices. If half of the ports on each of the Tier-1 devices are not
being used then it is possible to reduce the number of Tier-1 devices being used then it is possible to reduce the number of Tier-1 devices
by half and simply map two uplinks from a Tier-2 device to the same by half and simply map two uplinks from a Tier-2 device to the same
Tier-1 device that were previously mapped to different Tier-1 Tier-1 device that were previously mapped to different Tier-1
devices. This technique maintains the same bisectional bandwidth devices. This technique maintains the same bisectional bandwidth
while reducing the number of elements in the Tier-1 layer, thus while reducing the number of elements in the Tier-1 layer, thus
saving on CAPEX. The tradeoff, in this example, is the reduction of saving on CAPEX. The tradeoff, in this example, is the reduction of
maximum DC size in terms of overall server count by half. maximum DC size in terms of overall server count by half.
In this example, Tier-2 devices will be using two parallel links to In this example, Tier-2 devices will be using two parallel links to
connect to each Tier-1 device. If one of these links fails, the connect to each Tier-1 device. If one of these links fails, the
other will pick up all traffic of the failed link, possible resulting other will pick up all traffic of the failed link, possible resulting
in heavy congestion and quality of service degradation if the path in heavy congestion and quality of service degradation if the path
determination procedure, does not take bandwidth amount into account. determination procedure does not take bandwidth amount into account.
To avoid this situation, parallel links can be grouped in link To avoid this situation, parallel links can be grouped in link
aggregation groups (LAGs, such as [IEEE8023AD]) with widely available aggregation groups (LAGs, such as [IEEE8023AD]) with widely available
implementation settings that take the whole "bundle" down upon a implementation settings that take the whole "bundle" down upon a
single link failure. Equivalent techniques that enforce "fate single link failure. Equivalent techniques that enforce "fate
sharing" on the parallel links can be used in place of LAGs to sharing" on the parallel links can be used in place of LAGs to
achieve the same effect. As a result of such fate-sharing, traffic achieve the same effect. As a result of such fate-sharing, traffic
from two or more failed links will be re-balanced over the multitude from two or more failed links will be re-balanced over the multitude
of remaining paths that equals the number of Tier-1 devices. This of remaining paths that equals the number of Tier-1 devices. This
example is using two links for simplicity it should be noted, that example is using two links for simplicity, having more links in a
having more links in a bundle will have less impact on capacity upon bundle will have less impact on capacity upon a member-link failure.
a member-link failure.
4. Data Center Routing Overview 4. Data Center Routing Overview
This section provides an overview of three general types of data This section provides an overview of three general types of data
center protocol designs - Layer 2 only, Hybrid L2/L3 and Layer 3 center protocol designs - Layer 2 only, Hybrid L2/L3 and Layer 3
only. only.
4.1. Layer 2 Only Designs 4.1. Layer 2 Only Designs
Originally most data center designs used Spanning-Tree Protocol (STP) Originally most data center designs used Spanning-Tree Protocol (STP)
for loop free topology creation, typically utilizing variants of the originally defined in [IEEE8021D-1990] for loop free topology
traditional DC topology described in Section 3.1. At the time, many creation, typically utilizing variants of the traditional DC topology
DC switches either did not support Layer 3 routed protocols or described in Section 3.1. At the time, many DC switches either did
supported it with additional licensing fees, which played a part in not support Layer 3 routed protocols or supported it with additional
the design choice. Although many enhancements have been made through licensing fees, which played a part in the design choice. Although
the introduction of Rapid Spanning Tree Protocol and Multiple many enhancements have been made through the introduction of Rapid
Spanning Tree Protocol that increase convergence, stability and load Spanning Tree Protocol (RSTP) in the latest revision of
[IEEE8021D-2004] and Multiple Spanning Tree Protocol (MST) specified
in [IEEE8021Q] that increase convergence, stability and load
balancing in larger topologies many of the fundamentals of the balancing in larger topologies many of the fundamentals of the
protocol limit its applicability in large scale DC's. STP and its protocol limit its applicability in large-scale DCs. STP and its
newer variants use an active/standby approach to path selection and newer variants use an active/standby approach to path selection and
are therefore hard to deploy in horizontally scaled topologies are therefore hard to deploy in horizontally-scaled topologies as
described in Section 3.2. Further, operators have had many described in Section 3.2. Further, operators have had many
experiences with large failures due to issues caused by improper experiences with large failures due to issues caused by improper
cabling, misconfiguration, or flawed software on a single device. cabling, misconfiguration, or flawed software on a single device.
These failures regularly affected the entire spanning-tree domain and These failures regularly affected the entire spanning-tree domain and
were very hard to troubleshoot due to the nature of the protocol. were very hard to troubleshoot due to the nature of the protocol.
For these reasons, and since almost all DC traffic is now IP, For these reasons, and since almost all DC traffic is now IP,
therefore requiring a Layer 3 routing protocol at the network edge therefore requiring a Layer 3 routing protocol at the network edge
for external connectivity, designs utilizing STP usually fail all of for external connectivity, designs utilizing STP usually fail all of
the requirements of large scale DC operators. Various enhancements the requirements of large-scale DC operators. Various enhancements
to link-aggregation protocols such as [IEEE8023AD], generally known to link-aggregation protocols such as [IEEE8023AD], generally known
as Multi-Chassis Link-Aggregation (M-LAG) made it possible to use as Multi-Chassis Link-Aggregation (M-LAG) made it possible to use
Layer 2 designs with active-active network paths while relying on STP Layer 2 designs with active-active network paths while relying on STP
as the backup for loop prevention. The major downside of this as the backup for loop prevention. The major downside of this
approach is proprietary nature of such extensions. approach is the proprietary nature of such extensions.
It should be noted that building large, horizontally scalable, Layer It should be noted that building large, horizontally scalable, Layer
2 only networks without STP is possible recently through the 2 only networks without STP is possible recently through the
introduction of TRILL [RFC6325]. TRILL resolves many of the issues introduction of the TRILL protocol in [RFC6325]. TRILL resolves many
STP has for large scale DC design however currently the maturity of of the issues STP has for large-scale DC design however currently the
the protocol, limited number of implementations, and requirement for maturity of the protocol, limited number of implementations, and
new equipment that supports it has limited its applicability and requirement for new equipment that supports it has limited its
increased the cost of such designs. applicability and increased the cost of such designs.
Finally, neither TRILL nor M-LAG approach eliminate the fundamental Finally, neither TRILL nor the M-LAG approach eliminate the
problem of the shared broadcast domain, that is so detrimental to the fundamental problem of the shared broadcast domain, that is so
operations of any Layer 2, Ethernet based solutions. detrimental to the operations of any Layer 2, Ethernet based
solutions.
4.2. Hybrid L2/L3 Designs 4.2. Hybrid L2/L3 Designs
Operators have sought to limit the impact of data-plane faults and Operators have sought to limit the impact of data plane faults and
build larger scale topologies through implementing routing protocols build large-scale topologies through implementing routing protocols
in either the Tier-1 or Tier-2 parts of the network and dividing the in either the Tier-1 or Tier-2 parts of the network and dividing the
Layer-2 domain into numerous, smaller domains. This design has Layer-2 domain into numerous, smaller domains. This design has
allowed data centers to scale up, but at the cost of complexity in allowed data centers to scale up, but at the cost of complexity in
the network managing multiple protocols. For the following reasons, the network managing multiple protocols. For the following reasons,
operators have retained Layer 2 in either the access (Tier-3) or both operators have retained Layer 2 in either the access (Tier-3) or both
access and aggregation (Tier-3 and Tier-2) parts of the network: access and aggregation (Tier-3 and Tier-2) parts of the network:
o Supporting legacy applications that may require direct Layer 2 o Supporting legacy applications that may require direct Layer 2
adjacency or use non-IP protocols. adjacency or use non-IP protocols.
o Seamless mobility for virtual machines that require the o Seamless mobility for virtual machines that require the
preservation of IP addresses when a virtual machine moves to preservation of IP addresses when a virtual machine moves to
different Tier-3 switch. different Tier-3 switch.
o Simplified IP addressing = less IP subnets is required for the o Simplified IP addressing = less IP subnets are required for the
data center. data center.
o Application load-balancing may require direct Layer 2 reachability o Application load balancing may require direct Layer 2 reachability
to perform certain functions such as Layer 2 Direct Server Return to perform certain functions such as Layer 2 Direct Server Return
(DSR). (DSR).
o Continued CAPEX differences between Layer-2 and Layer-3 capable o Continued CAPEX differences between Layer-2 and Layer-3 capable
switches. switches.
4.3. Layer 3 Only Designs 4.3. Layer 3 Only Designs
Network designs that leverage IP routing down to Tier-3 of the Network designs that leverage IP routing down to Tier-3 of the
network have gained popularity as well. The main benefit of these network have gained popularity as well. The main benefit of these
designs is improved network stability and scalability, as a result of designs is improved network stability and scalability, as a result of
confining L2 broadcast domains. Commonly an IGP such as OSPF confining L2 broadcast domains. Commonly an Interior Gateway
[RFC2328] is used as the primary routing protocol in such a design. Protocol (IGP) such as OSPF [RFC2328] is used as the primary routing
As data centers grow in scale, and server count exceeds tens of protocol in such a design. As data centers grow in scale, and server
thousands, such fully routed designs have become more attractive. count exceeds tens of thousands, such fully routed designs have
become more attractive.
Choosing a Layer 3 only design greatly simplifies the network, Choosing a Layer 3 only design greatly simplifies the network,
facilitating the meeting of REQ1 and REQ2, and has widespread facilitating the meeting of REQ1 and REQ2, and has widespread
adoption in networks where large Layer 2 adjacency and larger size adoption in networks where large Layer 2 adjacency and larger size
Layer 3 subnets are not as critical compared to network scalability Layer 3 subnets are not as critical compared to network scalability
and stability. Application providers and network operators continue and stability. Application providers and network operators continue
to also develop new solutions to meet some of the requirements that to also develop new solutions to meet some of the requirements that
previously have driven large Layer 2 domains. previously have driven large Layer 2 domains.
5. Routing Protocol Selection and Design 5. Routing Protocol Selection and Design
skipping to change at page 13, line 14 skipping to change at page 13, line 23
5.1. Choosing EBGP as the Routing Protocol 5.1. Choosing EBGP as the Routing Protocol
REQ2 would give preference to the selection of a single routing REQ2 would give preference to the selection of a single routing
protocol to reduce complexity and interdependencies. While it is protocol to reduce complexity and interdependencies. While it is
common to rely on an IGP in this situation, sometimes with either the common to rely on an IGP in this situation, sometimes with either the
addition of EBGP at the device bordering the WAN or Internal BGP addition of EBGP at the device bordering the WAN or Internal BGP
(IBGP) throughout, this document proposes the use of an EBGP only (IBGP) throughout, this document proposes the use of an EBGP only
design. design.
Although EBGP is the protocol used for almost all inter-provider Although EBGP is the protocol used for almost all inter-domain
routing on the Internet and has wide support from both vendor and routing on the Internet and has wide support from both vendor and
service provider communities, it is not generally deployed as the service provider communities, it is not generally deployed as the
primary routing protocol within the data center for a number of primary routing protocol within the data center for a number of
reasons (some of which are interrelated): reasons (some of which are interrelated):
o BGP is perceived as a "WAN only protocol only" and not often o BGP is perceived as a "WAN only protocol only" and not often
considered for enterprise or data center applications. considered for enterprise or data center applications.
o BGP is believed to have a "much slower" routing convergence o BGP is believed to have a "much slower" routing convergence
compared to IGPs. compared to IGPs.
skipping to change at page 13, line 36 skipping to change at page 13, line 45
o BGP deployment within an Autonomous System typically assumes the o BGP deployment within an Autonomous System typically assumes the
presence of an IGP for next-hop resolution. presence of an IGP for next-hop resolution.
o BGP is perceived to require significant configuration overhead and o BGP is perceived to require significant configuration overhead and
does not support neighbor auto-discovery. does not support neighbor auto-discovery.
This document discusses some of these perceptions, especially as This document discusses some of these perceptions, especially as
applicable to the proposed design, and highlights some of the applicable to the proposed design, and highlights some of the
advantages of using the protocol such as: advantages of using the protocol such as:
o BGP has less complexity within its protocol design - internal data o BGP has less complexity in parts of its protocol design - internal
structures and state-machines are simpler when compared to a link- data structures and state machine are simple when compared to most
state IGP such as OSPF. For example, instead of implementing link-state IGP such as OSPF. For example, instead of implementing
adjacency formation, adjacency maintenance and/or flow-control, adjacency formation, adjacency maintenance and/or flow-control,
BGP simply relies on TCP as the underlying transport. This BGP simply relies on TCP as the underlying transport. This
fulfills REQ2 and REQ3. fulfills REQ2 and REQ3.
o BGP information flooding overhead is less when compared to link- o BGP information flooding overhead is less when compared to link-
state IGPs. Since every BGP router calculates and propagates only state IGPs. Since every BGP router calculates and propagates only
the best-path selected, a network failure is masked as soon as the the best-path selected, a network failure is masked as soon as the
BGP speaker finds an alternate path, which exists when highly BGP speaker finds an alternate path, which exists when highly
symmetric topologies, such as Clos, are coupled with EBGP only symmetric topologies, such as Clos, are coupled with EBGP only
design. In contrast, the event propagation scope of a link-state design. In contrast, the event propagation scope of a link-state
IGP is an entire area, regardless of the failure type. This meets IGP is an entire area, regardless of the failure type. This meets
REQ3 and REQ4. It is worth mentioning that all widely deployed REQ3 and REQ4. It is worth mentioning that all widely deployed
link-state IGPs also feature periodic refreshes of routing link-state IGPs also feature periodic refreshes of routing
information, while BGP does not expire routing state, even if this information, while BGP does not expire routing state, even if this
rarely causes significant impact to modern router control planes. rarely causes significant impact to modern router control planes.
o BGP supports third-party (recursively resolved) next-hops. This o BGP supports third-party (recursively resolved) next-hops. This
allows for manipulating multi-path to be non-ECMP based or allows for manipulating multipath to be non-ECMP based or
forwarding based on application-defined forwarding paths, through forwarding based on application-defined forwarding paths, through
establishment of a peering session with an application establishment of a peering session with an application
"controller" which can inject routing information into the system, "controller" which can inject routing information into the system,
satisfying REQ5. OSPF provides similar functionality using satisfying REQ5. OSPF provides similar functionality using
concepts such as "Forwarding Address", but with more difficulty in concepts such as "Forwarding Address", but with more difficulty in
implementation and lack of protocol simplicity. implementation and lack of protocol simplicity.
o Using a well-defined BGP ASN allocation scheme and standard o Using a well-defined ASN allocation scheme and standard AS_PATH
AS_PATH loop detection, "BGP path hunting" (see [JAKMA2008]) can loop detection, "BGP path hunting" (see [JAKMA2008]) can be
be controlled and complex unwanted paths will be ignored. See controlled and complex unwanted paths will be ignored. See
Section 5.2 for an example of a working BGP ASN allocation scheme. Section 5.2 for an example of a working ASN allocation scheme. In
In a link-state IGP accomplishing the same goal would require a link-state IGP accomplishing the same goal would require multi-
multi-(instance/topology/processes) support, typically not (instance/topology/processes) support, typically not available in
available in all DC devices and quite complex to configure and all DC devices and quite complex to configure and troubleshoot.
troubleshoot. Using a traditional single flooding domain, which Using a traditional single flooding domain, which most DC designs
most DC designs utilize, under certain failure conditions may pick utilize, under certain failure conditions may pick up unwanted
up unwanted lengthy paths, e.g. traversing multiple Tier-2 lengthy paths, e.g. traversing multiple Tier-2 devices.
devices.
o EBGP configuration that is implemented with minimal routing policy o EBGP configuration that is implemented with minimal routing policy
is easier to troubleshoot for network reachability issues. In is easier to troubleshoot for network reachability issues. In
most implementations, it is straightforward to view contents of most implementations, it is straightforward to view contents of
BGP Loc-RIB and compare it to the router's RIB. Also every BGP BGP Loc-RIB and compare it to the router's RIB. Also in most
neighbor has corresponding Adj-RIB-In and Adj-RIB-Out structures implementations an operator can view every BGP neighbors Adj-RIB-
with incoming and outgoing NRLI information that can be easily In and Adj-RIB-Out structures and therefore incoming and outgoing
correlated on both sides of a BGP session. Thus, BGP satisfies NRLI information can be easily correlated on both sides of a BGP
REQ3. session. Thus, BGP satisfies REQ3.
5.2. EBGP Configuration for Clos topology 5.2. EBGP Configuration for Clos topology
Clos topologies that have more than 5 stages are very uncommon due to Clos topologies that have more than 5 stages are very uncommon due to
the large numbers of interconnects required by such a design. the large numbers of interconnects required by such a design.
Therefore, the examples below are made with reference to the 5-stage Therefore, the examples below are made with reference to the 5-stage
Clos topology (5 stages in unfolded state). Clos topology (5 stages in unfolded state).
5.2.1. Example ASN Scheme 5.2.1. EBGP Configuration Guidelines and Example ASN Scheme
The diagram below illustrates an example ASN allocation scheme. The The diagram below illustrates an example ASN allocation scheme. The
following is a list of guidelines that can be used: following is a list of guidelines that can be used:
o Only EBGP sessions established over direct point-to-point links o EBGP single-hop sessions are established over direct point-to-
interconnecting the network nodes. point links interconnecting the network nodes, no multi-hop or
loopback sessions are used even in the case of multiple links
o 16-bit (two octet) BGP ASNs are used, since these are widely between the same pair of nodes.
supported and have better vendor interoperability.
o Private BGP ASNs from the range 64512-65534 are used so as to o Private Use ASNs from the range 64512-65534 are used so as to
avoid ASN conflicts. avoid ASN conflicts.
o A single BGP ASN is allocated to all of the Clos topology's Tier-1 o A single ASN is allocated to all of the Clos topology's Tier-1
devices. devices.
o Unique BGP ASN is allocated per each group of Tier-2 devices. o A unique ASN is allocated per each group of Tier-2 devices.
o Unique BGP ASN is allocated to every Tier-3 device (e.g. ToR) in o A unique ASN is allocated to every Tier-3 device (e.g. ToR) in
this topology. this topology.
ASN 65534 ASN 65534
+---------+ +---------+
| +-----+ | | +-----+ |
| | | | | | | |
+-|-| |-|-+ +-|-| |-|-+
| | +-----+ | | | | +-----+ | |
ASN 646XX | | | | ASN 646XX ASN 646XX | | | | ASN 646XX
+---------+ | | | | +---------+ +---------+ | | | | +---------+
skipping to change at page 15, line 48 skipping to change at page 16, line 34
| | | | | | | | | | | | | | | | | | | | | | | |
+-----+ +-----+ | | +-----+ | | +-----+ +-----+ +-----+ +-----+ | | +-----+ | | +-----+ +-----+
| ASN | | | +-|-| |-|-+ | | | | | ASN | | | +-|-| |-|-+ | | | |
|65YYY| | ... | | | | | | ... | | ... | |65YYY| | ... | | | | | | ... | | ... |
+-----+ +-----+ | +-----+ | +-----+ +-----+ +-----+ +-----+ | +-----+ | +-----+ +-----+
| | | | +---------+ | | | | | | | | +---------+ | | | |
O O O O <- Servers -> O O O O O O O O <- Servers -> O O O O
Figure 4: BGP ASN layout for 5-stage Clos Figure 4: BGP ASN layout for 5-stage Clos
5.2.2. Private Use BGP ASNs 5.2.2. Private Use ASNs
The original range of Private Use BGP ASNs [RFC6996] limited The original range of Private Use ASNs [RFC6996] limited operators to
operators to 1023 unique ASNs. Since it is quite likely that the 1023 unique ASNs. Since it is quite likely that the number of
number of network devices may exceed this number, a workaround is network devices may exceed this number, a workaround is required.
required. One approach is to re-use the ASNs assigned to the Tier-3 One approach is to re-use the ASNs assigned to the Tier-3 devices
devices across different clusters. For example, Private Use BGP ASNs across different clusters. For example, Private Use ASNs 65001,
65001, 65002 ... 65032 could be used within every individual cluster 65002 ... 65032 could be used within every individual cluster and
and assigned to Tier-3 devices. assigned to Tier-3 devices.
To avoid route suppression due to the AS_PATH loop detection To avoid route suppression due to the AS_PATH loop detection
mechanism in BGP, upstream EBGP sessions on Tier-3 devices must be mechanism in BGP, upstream EBGP sessions on Tier-3 devices must be
configured with the "AllowAS In" feature that allows accepting a configured with the "AllowAS In" feature [ALLOWASIN] that allows
device's own ASN in received route advertisements. Introducing this accepting a device's own ASN in received route advertisements.
feature does not create an opportunity for routing loops under Introducing this feature does not make it likely for routing loops in
misconfiguration since the AS_PATH is always incremented when routes the design since the AS_PATH is being added to by routers at each of
are propagated between topology tiers. Loop protection is also in the topology tiers and AS_PATH length is an early tie breaker in the
place at the Tier-1 device, which does not accept routes with a path BGP path selection process. Further loop protection is still in
including its own ASN. place at the Tier-1 device, which will not accept routes with a path
including its own ASN and Tier-2 devices do not have direct
connectivity with each other.
Another solution to this problem would be using four-octet BGP ASNs Another solution to this problem would be using Four-Octet ASNs
([RFC6793]), where there are additional Private Use ASN's available, ([RFC6793]), where there are additional Private Use ASNs available,
see [IANA.AS]. Use of Four-Octet BGP ASNs put additional protocol see [IANA.AS]. Use of Four-Octet ASNs put additional protocol
complexity in the BGP implementation so should be considered against complexity in the BGP implementation so should be considered against
the complexity of re-use when considering REQ3 and REQ4. Perhaps the complexity of re-use when considering REQ3 and REQ4. Perhaps
more importantly, they are not yet supported by all BGP more importantly, they are not yet supported by all BGP
implementations, which may limit vendor selection of DC equipment. implementations, which may limit vendor selection of DC equipment.
When supported, ensure that implementations in use are able to remove
the Private Use ASNs if required for external connectivity
(Section 5.2.4).
5.2.3. Prefix Advertisement 5.2.3. Prefix Advertisement
A Clos topology features a large number of point-to-point links and A Clos topology features a large number of point-to-point links and
associated prefixes. Advertising all of these routes into BGP may associated prefixes. Advertising all of these routes into BGP may
create FIB overload conditions in the network devices. Advertising create FIB overload conditions in the network devices. Advertising
these links also puts additional path computation stress on the BGP these links also puts additional path computation stress on the BGP
control plane for little benefit. There are two possible solutions: control plane for little benefit. There are two possible solutions:
o Do not advertise any of the point-to-point links into BGP. Since o Do not advertise any of the point-to-point links into BGP. Since
the EBGP based design changes the next-hop address at every the EBGP-based design changes the next-hop address at every
device, distant networks will automatically be reachable via the device, distant networks will automatically be reachable via the
advertising EBGP peer and do not require reachability to these advertising EBGP peer and do not require reachability to these
prefixes. However, this may complicate operational prefixes. However, this may complicate operational
troubleshooting or monitoring systems if the addresses are not troubleshooting or monitoring systems if the addresses are not
reachable: e.g. using the popular "traceroute" tool will display reachable: e.g. using the popular "traceroute" tool will display
IP addresses that are not reachable. IP addresses that are not reachable.
o Advertise point-to-point links, but summarize them on every o Advertise point-to-point links, but summarize them on every
device. This requires an address allocation scheme such as device. This requires an address allocation scheme such as
allocating a consecutive block of IP addresses per Tier-1 and allocating a consecutive block of IP addresses per Tier-1 and
skipping to change at page 17, line 33 skipping to change at page 18, line 22
A dedicated cluster (or clusters) in the Clos topology could be used A dedicated cluster (or clusters) in the Clos topology could be used
for the purpose of connecting to the Wide Area Network (WAN) edge for the purpose of connecting to the Wide Area Network (WAN) edge
devices, or WAN Routers. Tier-3 devices in such cluster would be devices, or WAN Routers. Tier-3 devices in such cluster would be
replaced with WAN routers, and EBGP peering would be used again, replaced with WAN routers, and EBGP peering would be used again,
though WAN routers are likely to belong to a public ASN if Internet though WAN routers are likely to belong to a public ASN if Internet
connectivity is required in the design. The Tier-2 devices in such a connectivity is required in the design. The Tier-2 devices in such a
dedicated cluster will be referred to as "Border Routers" in this dedicated cluster will be referred to as "Border Routers" in this
document. These devices have to perform a few special functions: document. These devices have to perform a few special functions:
o Hide network topology information when advertising paths to WAN o Hide network topology information when advertising paths to WAN
routers, i.e. remove Private BGP ASNs from the AS_PATH attribute. routers, i.e. remove Private Use ASNs [RFC6996] from the AS_PATH
This is typically done to avoid ASN number collisions between attribute. This is typically done to avoid ASN number collisions
different data centers and also to provide a uniform AS_PATH between different data centers and also to provide a uniform
length to the WAN for purposes of WAN ECMP to Anycast prefixes AS_PATH length to the WAN for purposes of WAN ECMP to Anycast
originated in the topology. An implementation specific BGP prefixes originated in the topology. An implementation specific
feature typically called "Remove Private AS" is commonly used to BGP feature typically called "Remove Private AS" is commonly used
accomplish this. Depending on implementation, the feature should to accomplish this. Depending on implementation, the feature
strip a contiguous sequence of private ASNs found in AS_PATH should strip a contiguous sequence of Private Use ASNs found in
attribute prior to advertising the path to a neighbor. This AS_PATH attribute prior to advertising the path to a neighbor.
assumes that all BGP ASN's used for intra data center numbering This assumes that all ASNs used for intra data center numbering
are from the private ASN range. The process for stripping the are from the Private Use ranges. The process for stripping the
private ASNs is not currently standardized, but most Private Use ASNs is not currently standardized, but most
implementations commonly follow the logic described in implementations commonly follow the logic described in this
[REMOVE-PRIVATE-AS] vendor's document. vendor's document [REMOVE-PRIVATE-AS].
o Originate a default route to the data center devices. This is the o Originate a default route to the data center devices. This is the
only place where default route can be originated, as route only place where default route can be originated, as route
summarization is risky for the "scale-out" topology. summarization is risky for the "scale-out" topology.
Alternatively, Border Routers may simply relay the default route Alternatively, Border Routers may simply relay the default route
learned from WAN routers. Advertising the default route from learned from WAN routers. Advertising the default route from
Border Routers requires that all Border Routers to be fully Border Routers requires that all Border Routers be fully connected
connected to the WAN Routers upstream, to provide resistance to a to the WAN Routers upstream, to provide resistance to a single-
single-link failure causing the black-holing of traffic. To link failure causing the black-holing of traffic. To prevent
prevent chance of operator or implementation error that may impact chance of operator or implementation error that may impact EBGP
EBGP sessions to the WAN routers simultaneously (although these sessions to the WAN routers simultaneously (although these
scenarios are not planned for by many operators since they scenarios are not planned for by many operators since they
represents a multiple failure) it is more desirable to take this represents a multiple failure) it is more desirable to take this
approach rather than introducing complicated conditional default approach rather than introducing the default route via complicated
origination schemes provided by some implementations. conditional route origination schemes provided by some
implementations [CONDITIONALROUTE].
5.2.5. Route Summarization at the Edge 5.2.5. Route Summarization at the Edge
It is often desirable to summarize network reachability information It is often desirable to summarize network reachability information
prior to advertising it to the WAN network due to high amount of IP prior to advertising it to the WAN network due to high amount of IP
prefixes originated from within the data center in a fully routed prefixes originated from within the data center in a fully routed
network design. For example, a network with 2000 Tier-3 devices will network design. For example, a network with 2000 Tier-3 devices will
have at least 2000 servers subnets advertised into BGP, along with have at least 2000 servers subnets advertised into BGP, along with
the infrastructure or other prefixes. However, as discussed before, the infrastructure or other prefixes. However, as discussed before,
the proposed network design does not allow for route summarization the proposed network design does not allow for route summarization
skipping to change at page 19, line 15 skipping to change at page 20, line 7
topology as additional links have to be provisioned on some network topology as additional links have to be provisioned on some network
devices. devices.
6. ECMP Considerations 6. ECMP Considerations
This section covers the Equal Cost Multipath (ECMP) functionality for This section covers the Equal Cost Multipath (ECMP) functionality for
Clos topology and discusses a few special requirements. Clos topology and discusses a few special requirements.
6.1. Basic ECMP 6.1. Basic ECMP
ECMP is the fundamental load-sharing mechanism used by a Clos ECMP is the fundamental load sharing mechanism used by a Clos
topology. Effectively, every lower-tier device will use all of its topology. Effectively, every lower-tier device will use all of its
directly attached upper-tier devices to load-share traffic destined directly attached upper-tier devices to load share traffic destined
to the same IP prefix. Number of ECMP paths between any two Tier-3 to the same IP prefix. Number of ECMP paths between any two Tier-3
devices in Clos topology equals to the number of the devices in the devices in Clos topology equals to the number of the devices in the
middle stage (Tier-1). For example, Figure 5 illustrates the middle stage (Tier-1). For example, Figure 5 illustrates the
topology where Tier-3 device A has four paths to reach servers X and topology where Tier-3 device A has four paths to reach servers X and
Y, via Tier-2 devices B and C and then Tier-1 devices 1, 2, 3, and 4 Y, via Tier-2 devices B and C and then Tier-1 devices 1, 2, 3, and 4
respectively. respectively.
Tier-1 Tier-1
+-----+ +-----+
| DEV | | DEV |
skipping to change at page 19, line 51 skipping to change at page 20, line 43
+-----+ +-----+ | +-----+ | +-----+ +-----+ +-----+ +-----+ | +-----+ | +-----+ +-----+
| DEV | | | Tier-3 +->| DEV |--+ Tier-3 | | | | | DEV | | | Tier-3 +->| DEV |--+ Tier-3 | | | |
| A | | | | 4 | | | | | | A | | | | 4 | | | | |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+ +-----+
| | | | | | | | | | | | | | | |
O O O O <- Servers -> X Y O O O O O O <- Servers -> X Y O O
Figure 5: ECMP fan-out tree from A to X and Y Figure 5: ECMP fan-out tree from A to X and Y
The ECMP requirement implies that the BGP implementation must support The ECMP requirement implies that the BGP implementation must support
multi-path fan-out for up to the maximum number of devices directly multipath fan-out for up to the maximum number of devices directly
attached at any point in the topology in upstream or downstream attached at any point in the topology in upstream or downstream
direction. Normally, this number does not exceed half of the ports direction. Normally, this number does not exceed half of the ports
found on a device in the topology. For example, an ECMP fan-out of found on a device in the topology. For example, an ECMP fan-out of
32 would be required when building a Clos network using 64-port 32 would be required when building a Clos network using 64-port
devices. The Border Routers may need to have wider fan-out to be devices. The Border Routers may need to have wider fan-out to be
able to connect to multitude of Tier-1 devices if route summarization able to connect to multitude of Tier-1 devices if route summarization
at Border Router level is implemented as described in Section 5.2.5. at Border Router level is implemented as described in Section 5.2.5.
If a device's hardware does not support wider ECMP, logical link- If a device's hardware does not support wider ECMP, logical link-
grouping (link-aggregation at layer 2) could be used to provide grouping (link-aggregation at layer 2) could be used to provide
"hierarchical" ECMP (Layer 3 ECMP followed by Layer 2 ECMP) to "hierarchical" ECMP (Layer 3 ECMP followed by Layer 2 ECMP) to
compensate for fan-out limitations. Such approach, however, compensate for fan-out limitations. Such approach, however,
increases the risk of flow polarization, as less entropy will be increases the risk of flow polarization, as less entropy will be
available to the second stage of ECMP. available to the second stage of ECMP.
Most BGP implementations declare paths to be equal from ECMP Most BGP implementations declare paths to be equal from ECMP
perspective if they match up to and including step (e) perspective if they match up to and including step (e)
Section 9.1.2.2 of [RFC4271]. In the proposed network design there Section 9.1.2.2 of [RFC4271]. In the proposed network design there
is no underlying IGP, so all IGP costs are assumed to be zero or is no underlying IGP, so all IGP costs are assumed to be zero or
otherwise the same value across all paths and policies may be applied otherwise the same value across all paths and policies may be applied
as necessary to equalize BGP attributes that vary in vendor defaults, as necessary to equalize BGP attributes that vary in vendor defaults,
as has been seen occasionally with MED and origin code. Routing such as MED and origin code. For historical reasons it is also
loops are unlikely due to the BGP best-path selection process which useful to not use 0 as the equalized MED value, this and some other
prefers shorter AS_PATH length, and longer paths through the Tier-1 useful BGP information is available in [RFC4277] . Routing loops are
devices which don't allow their own AS in the path and have the same unlikely due to the BGP best-path selection process which prefers
ASN are also not possible. shorter AS_PATH length, and longer paths through the Tier-1 devices
which don't allow their own ASN in the path and have the same ASN are
also not possible.
6.2. BGP ECMP over Multiple ASNs 6.2. BGP ECMP over Multiple ASNs
For application load-balancing purposes it is desirable to have the For application load balancing purposes it is desirable to have the
same prefix advertised from multiple Tier-3 devices. From the same prefix advertised from multiple Tier-3 devices. From the
perspective of other devices, such a prefix would have BGP paths with perspective of other devices, such a prefix would have BGP paths with
different AS_PATH attribute values, while having the same AS_PATH different AS_PATH attribute values, while having the same AS_PATH
attribute lengths. Therefore, BGP implementations must support load- attribute lengths. Therefore, BGP implementations must support load
sharing over above-mentioned paths. This feature is sometimes known sharing over above-mentioned paths. This feature is sometimes known
as "multipath relax" and effectively allows for ECMP to be done as "multipath relax" and effectively allows for ECMP to be done
across different neighboring ASNs if all other attributes are equal across different neighboring ASNs if all other attributes are equal
as described in the previous section. as described in the previous section.
6.3. Weighted ECMP 6.3. Weighted ECMP
It may be desirable for the network devices to implement weighted It may be desirable for the network devices to implement weighted
ECMP, to be able to send more traffic over some paths in ECMP fan- ECMP, to be able to send more traffic over some paths in ECMP fan-
out. This could be helpful to compensate for failures in the network out. This could be helpful to compensate for failures in the network
skipping to change at page 21, line 12 skipping to change at page 22, line 10
described further in Section 8.1. If support in implementations is described further in Section 8.1. If support in implementations is
available, weight-distribution for multiple BGP paths could be available, weight-distribution for multiple BGP paths could be
signaled using the technique described in signaled using the technique described in
[I-D.ietf-idr-link-bandwidth]. [I-D.ietf-idr-link-bandwidth].
6.4. Consistent Hashing 6.4. Consistent Hashing
It is often desirable to have the hashing function used to ECMP to be It is often desirable to have the hashing function used to ECMP to be
consistent (see [CONS-HASH]), to minimizing the impact on flow to consistent (see [CONS-HASH]), to minimizing the impact on flow to
next-hop affinity changes when a next-hop is added or removed to ECMP next-hop affinity changes when a next-hop is added or removed to ECMP
group. This could be used if the network device is used as a load- group. This could be used if the network device is used as a load
balancer, mapping flows toward multiple destinations - in this case, balancer, mapping flows toward multiple destinations - in this case,
losing or adding a destination will not have detrimental effect of losing or adding a destination will not have detrimental effect of
currently established flows. One particular recommendation on currently established flows. One particular recommendation on
implementing consistent hashing is provided in [RFC2992], though implementing consistent hashing is provided in [RFC2992], though
other implementations are possible. This functionality could be other implementations are possible. This functionality could be
naturally combined with weighted ECMP, with the impact of the next- naturally combined with weighted ECMP, with the impact of the next-
hop changes being proportional to the weight of the given next-hop. hop changes being proportional to the weight of the given next-hop.
Notice that the usual downside of consistent hashing is increased Notice that the usual downside of consistent hashing is increased
load on hardware resource utilization, as typically more space is load on hardware resource utilization, as typically more space is
required to implement a consistent-hashing region. required to implement a consistent-hashing region.
skipping to change at page 22, line 6 skipping to change at page 22, line 50
implementations the minimum configurable BGP hold timer value is implementations the minimum configurable BGP hold timer value is
three seconds). However, many BGP implementations can shut down three seconds). However, many BGP implementations can shut down
local EBGP peering sessions in response to the "link down" event for local EBGP peering sessions in response to the "link down" event for
the outgoing interface used for BGP peering. This feature is the outgoing interface used for BGP peering. This feature is
sometimes called as "fast fallover". Since links in modern data sometimes called as "fast fallover". Since links in modern data
centers are often point-to-point fiber connections, a physical centers are often point-to-point fiber connections, a physical
interface failure is often detected in milliseconds and subsequently interface failure is often detected in milliseconds and subsequently
triggers a BGP re-convergence. triggers a BGP re-convergence.
Ethernet technologies may support failure signaling or detection Ethernet technologies may support failure signaling or detection
standards such as [IEEE8021AG] and [IEEE8023AH], which may make standards such as Connectivity Fault Management (CFM) as described in
failure detection more robust. Alternatively, some platforms may [IEEE8021Q], which may make failure detection more robust.
support Bidirectional Forwarding Detection (BFD) [RFC5880] to allow Alternatively, some platforms may support Bidirectional Forwarding
for sub-second failure detection and fault signaling to the BGP Detection (BFD) [RFC5880] to allow for sub-second failure detection
process. However, use of either of these presents additional and fault signaling to the BGP process. However, use of either of
requirements to vendor software and possibly hardware, and may these presents additional requirements to vendor software and
contradict REQ1. Until recently with [RFC7130], BFD also did not possibly hardware, and may contradict REQ1. Until recently with
allow detection of a single member link failure on a LAG, which would [RFC7130], BFD also did not allow detection of a single member link
limit's it's usefulness in some designs. failure on a LAG, which would limit's it's usefulness in some
designs.
7.2. Event Propagation Timing 7.2. Event Propagation Timing
In this design the impact of BGP Minimum Route Advertisement Interval In this design the impact of BGP Minimum Route Advertisement Interval
(MRAI) timer (See section 9.2.1.1 of [RFC4271]) should be considered. (MRAI) timer (See section 9.2.1.1 of [RFC4271]) should be considered.
Per the standard it is required for BGP implementations to space out Per the standard it is required for BGP implementations to space out
consecutive BGP UPDATE messages by at least MRAI seconds, which is consecutive BGP UPDATE messages by at least MRAI seconds, which is
often a configurable value. The initial BGP UPDATE messages after an often a configurable value. The initial BGP UPDATE messages after an
event carrying withdrawn routes are commonly not affected by this event carrying withdrawn routes are commonly not affected by this
timer. The MRAI timer may present significant convergence delays timer. The MRAI timer may present significant convergence delays
skipping to change at page 23, line 12 skipping to change at page 24, line 9
connected Tier-3 devices. If the original Tier-2 device or the connected Tier-3 devices. If the original Tier-2 device or the
relaying Tier-1 devices introduce some delay into their relaying Tier-1 devices introduce some delay into their
announcements, the result could be WITHDRAW message "dispersion", announcements, the result could be WITHDRAW message "dispersion",
that could be as long as multiple seconds. In order to avoid such that could be as long as multiple seconds. In order to avoid such
behavior, BGP implementations must support "update groups". The behavior, BGP implementations must support "update groups". The
"update group" is defined as a collection of neighbors sharing the "update group" is defined as a collection of neighbors sharing the
same outbound policy - the local speaker will send BGP updates to the same outbound policy - the local speaker will send BGP updates to the
members of the group synchronously. members of the group synchronously.
The impact of such "dispersion" grows with the size of topology fan- The impact of such "dispersion" grows with the size of topology fan-
out and could also grow under network convergence churn. out and could also grow under network convergence churn. Some
operators may be tempted to introduce "route flap dampening" type
features that vendors include to reduce the control plane impact of
rapidly flapping prefixes, however due to issues described with false
positives in these implementations especially under such "dispersion"
events, it is not recommended to turn this feature on in this design.
More background and issues with "route flap dampening" and possible
implementation changes that could change this are well described in
[RFC7196].
7.4. Failure Impact Scope 7.4. Failure Impact Scope
A network is declared to converge in response to a failure once all A network is declared to converge in response to a failure once all
devices within the failure impact scope are notified of the event and devices within the failure impact scope are notified of the event and
have re-calculated their RIB's and consequently updated their FIB's. have re-calculated their RIB's and consequently updated their FIB's.
Larger failure impact scope typically means slower convergence since Larger failure impact scope typically means slower convergence since
more devices have to be notified, and additionally results in a less more devices have to be notified, and additionally results in a less
stable network. In this section we describe BGP's advantages over stable network. In this section we describe BGP's advantages over
link-state routing protocols in reducing failure impact scope for a link-state routing protocols in reducing failure impact scope for a
Clos topology. Clos topology.
BGP is behaves like a distance-vector protocol in the sense that only BGP behaves like a distance-vector protocol in the sense that only
the best path from the point of view of the local router is sent to the best path from the point of view of the local router is sent to
neighbors. As such, some failures are masked if the local node can neighbors. As such, some failures are masked if the local node can
immediately find a backup path and does not have to send any updates immediately find a backup path and does not have to send any updates
further. Notice that in the worst case ALL devices in a data center further. Notice that in the worst case ALL devices in a data center
topology have to either withdraw a prefix completely or update the topology have to either withdraw a prefix completely or update the
ECMP groups in the FIB. However, many failures will not result in ECMP groups in the FIB. However, many failures will not result in
such a wide impact. There are two main failure types where impact such a wide impact. There are two main failure types where impact
scope is reduced: scope is reduced:
o Failure of a link between Tier-2 and Tier-1 devices: In this case, o Failure of a link between Tier-2 and Tier-1 devices: In this case,
skipping to change at page 24, line 19 skipping to change at page 25, line 25
prefixes share a single ECMP group on Tier-2 device. Therefore, in prefixes share a single ECMP group on Tier-2 device. Therefore, in
the case of implementations with a hierarchical FIB, only a single the case of implementations with a hierarchical FIB, only a single
change has to be made to the FIB. Hierarchical FIB here means FIB change has to be made to the FIB. Hierarchical FIB here means FIB
structure where the next-hop forwarding information is stored structure where the next-hop forwarding information is stored
separately from the prefix lookup table, and the latter only store separately from the prefix lookup table, and the latter only store
pointers to the respective forwarding information. pointers to the respective forwarding information.
Even though BGP offers some failure scope reduction, reduction of the Even though BGP offers some failure scope reduction, reduction of the
fault domain using summarization is not always possible with the fault domain using summarization is not always possible with the
proposed design, since using this technique may create routing black- proposed design, since using this technique may create routing black-
holes as mentioned previously. Therefore, the worst control-plane holes as mentioned previously. Therefore, the worst control plane
failure impact scope is the network as a whole, for instance in a failure impact scope is the network as a whole, for instance in a
case of a link failure between Tier-2 and Tier-3 devices. The amount case of a link failure between Tier-2 and Tier-3 devices. The amount
of impacted prefixes in this case would be much less than in the case of impacted prefixes in this case would be much less than in the case
of a failure in the upper layers of a Clos network topology. The of a failure in the upper layers of a Clos network topology. The
property of having such large failure scope is not a result of property of having such large failure scope is not a result of
choosing EBGP in the design but rather a result of using the "scale- choosing EBGP in the design but rather a result of using the "scale-
out" Clos topology. out" Clos topology.
7.5. Routing Micro-Loops 7.5. Routing Micro-Loops
skipping to change at page 24, line 48 skipping to change at page 26, line 6
micro-loop will last for the duration of time it takes the upstream micro-loop will last for the duration of time it takes the upstream
device to fully update its forwarding tables. device to fully update its forwarding tables.
To minimize impact of the micro-loops, Tier-2 and Tier-1 switches can To minimize impact of the micro-loops, Tier-2 and Tier-1 switches can
be configured with static "discard" or "null" routes that will be be configured with static "discard" or "null" routes that will be
more specific than the default route for specific prefixes missing more specific than the default route for specific prefixes missing
during network convergence. For Tier-2 switches, the discard route during network convergence. For Tier-2 switches, the discard route
should be a summary route, covering all server subnets of the should be a summary route, covering all server subnets of the
underlying Tier-3 devices. For Tier-1 devices, the discard route underlying Tier-3 devices. For Tier-1 devices, the discard route
should be a summary covering the server IP address subnet allocated should be a summary covering the server IP address subnet allocated
for the whole data-center. Those discard routes will only take for the whole data center. Those discard routes will only take
precedence for the duration of network convergence, until the device precedence for the duration of network convergence, until the device
learns a more specific prefix via a new path. learns a more specific prefix via a new path.
8. Additional Options for Design 8. Additional Options for Design
8.1. Third-party Route Injection 8.1. Third-party Route Injection
BGP allows for a "third-party", i.e. directly attached, BGP speaker BGP allows for a "third-party", i.e. directly attached, BGP speaker
to inject routes anywhere in the network topology, meeting REQ5. to inject routes anywhere in the network topology, meeting REQ5.
This can be achieved by peering via a multihop BGP session with some This can be achieved by peering via a multihop BGP session with some
or even all devices in the topology. Furthermore, BGP diverse path or even all devices in the topology. Furthermore, BGP diverse path
distribution [RFC6774] could be used to inject multiple BGP next hops distribution [RFC6774] could be used to inject multiple BGP next hops
for the same prefix to facilitate load-balancing, or using the BGP for the same prefix to facilitate load balancing, or using the BGP
ADD-PATH capability [I-D.ietf-idr-add-paths] if supported by the ADD-PATH capability [I-D.ietf-idr-add-paths] if supported by the
implementation. Unfortunately, in many implementations ADD-PATH has implementation. Unfortunately, in many implementations ADD-PATH has
been found to only support IBGP properly due to the use cases it was been found to only support IBGP properly due to the use cases it was
originally optimized for, which limits the "third-party" peering to originally optimized for, which limits the "third-party" peering to
iBGP only, if the feature is used. iBGP only, if the feature is used.
To implement route injection in the proposed design a third-party BGP To implement route injection in the proposed design a third-party BGP
speaker may peer with Tier-3 and Tier-1 switches, injecting the same speaker may peer with Tier-3 and Tier-1 switches, injecting the same
prefix, but using a special set of BGP next-hops for Tier-1 devices. prefix, but using a special set of BGP next-hops for Tier-1 devices.
Those next-hops are assumed to resolve recursively via BGP, and could Those next-hops are assumed to resolve recursively via BGP, and could
skipping to change at page 26, line 5 skipping to change at page 27, line 12
done by checking the reachability on devices doing summarization done by checking the reachability on devices doing summarization
under the condition of a link or pathway failure between a set of under the condition of a link or pathway failure between a set of
devices in every Tier as well as to the WAN routers if external devices in every Tier as well as to the WAN routers if external
connectivity is present. connectivity is present.
Route summarization would be possible with a small modification to Route summarization would be possible with a small modification to
the network topology, though the trade-off would be reduction of the the network topology, though the trade-off would be reduction of the
total size of the network as well as network congestion under total size of the network as well as network congestion under
specific failures. This approach is very similar to the technique specific failures. This approach is very similar to the technique
described above, which allows Border Routers to summarize the entire described above, which allows Border Routers to summarize the entire
data-center address space. data center address space.
8.2.1. Collapsing Tier-1 Devices Layer 8.2.1. Collapsing Tier-1 Devices Layer
In order to add more paths between Tier-1 and Tier-3 devices, group In order to add more paths between Tier-1 and Tier-3 devices, group
Tier-2 devices into pairs, and then connect the pairs to the same Tier-2 devices into pairs, and then connect the pairs to the same
group of Tier-1 devices. This is logically equivalent to group of Tier-1 devices. This is logically equivalent to
"collapsing" Tier-1 devices into a group of half the size, merging "collapsing" Tier-1 devices into a group of half the size, merging
the links on the "collapsed" devices. The result is illustrated in the links on the "collapsed" devices. The result is illustrated in
Figure 6. For example, in this topology DEV C and DEV D connect to Figure 6. For example, in this topology DEV C and DEV D connect to
the same set of Tier-1 devices (DEV 1 and DEV 2), whereas before they the same set of Tier-1 devices (DEV 1 and DEV 2), whereas before they
skipping to change at page 28, line 13 skipping to change at page 29, line 21
Specifically, IP addresses displayed by the tool will be the link's Specifically, IP addresses displayed by the tool will be the link's
point-to-point addresses, and hence will be unreachable for point-to-point addresses, and hence will be unreachable for
management connectivity. This makes some troubleshooting more management connectivity. This makes some troubleshooting more
complicated. complicated.
One way to overcome this limitation is by using the DNS subsystem to One way to overcome this limitation is by using the DNS subsystem to
create the "reverse" entries for the IP addresses of the same device create the "reverse" entries for the IP addresses of the same device
pointing to the same name. The connectivity then can be made by pointing to the same name. The connectivity then can be made by
resolving this name to the "primary" IP address of the devices, e.g. resolving this name to the "primary" IP address of the devices, e.g.
its Loopback interface, which is always advertised into BGP. its Loopback interface, which is always advertised into BGP.
However, this create dependency on DNS subsystem, which may happen to However, this creates a dependency on the DNS subsystem, which may be
be unavailable during an outage. unavailable during an outage.
Another option is to make the network device perform IP address Another option is to make the network device perform IP address
masquerading, that is rewriting the source IP addresses of the masquerading, that is rewriting the source IP addresses of the
appropriate ICMP messages sent off of the device with the "primary" appropriate ICMP messages sent off of the device with the "primary"
IP address of the device. Specifically, the ICMP Destination IP address of the device. Specifically, the ICMP Destination
Unreachable Message (type 3) codes 3 (port unreachable) and ICMP Time Unreachable Message (type 3) codes 3 (port unreachable) and ICMP Time
Exceeded (type 11) code 0, which are involved in proper working of Exceeded (type 11) code 0, which are involved in proper working of
the "traceroute" tool. With this modification, the "traceroute" the "traceroute" tool. With this modification, the "traceroute"
probes sent to the devices will always be sent back with the probes sent to the devices will always be sent back with the
"primary" IP address as the source, allowing the operator to discover "primary" IP address as the source, allowing the operator to discover
skipping to change at page 28, line 44 skipping to change at page 29, line 52
10. IANA Considerations 10. IANA Considerations
This document includes no request to IANA. This document includes no request to IANA.
11. Acknowledgements 11. Acknowledgements
This publication summarizes work of many people who participated in This publication summarizes work of many people who participated in
developing, testing and deploying the proposed network design, some developing, testing and deploying the proposed network design, some
of whom were George Chen, Parantap Lahiri, Dave Maltz, Edet Nkposong, of whom were George Chen, Parantap Lahiri, Dave Maltz, Edet Nkposong,
Robert Toomey, and Lihua Yuan. Authors would also like to thank Robert Toomey, and Lihua Yuan. Authors would also like to thank
Linda Dunbar, Susan Hares, Russ White and Robert Raszuk for reviewing Linda Dunbar, Susan Hares, Danny McPherson, Russ White and Robert
the document and providing valuable feedback and Mary Mitchell for Raszuk for reviewing the document and providing valuable feedback and
grammar and style suggestions. Mary Mitchell for grammar and style suggestions.
12. References 12. References
12.1. Normative References 12.1. Normative References
[RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway [RFC4271] Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
Protocol 4 (BGP-4)", RFC 4271, January 2006. Protocol 4 (BGP-4)", RFC 4271, January 2006.
[RFC6996] Mitchell, J., "Autonomous System (AS) Reservation for [RFC6996] Mitchell, J., "Autonomous System (AS) Reservation for
Private Use", BCP 6, RFC 6996, July 2013. Private Use", BCP 6, RFC 6996, July 2013.
12.2. Informative References 12.2. Informative References
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998. [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC2992] Hopps, C., "Analysis of an Equal-Cost Multi-Path
Algorithm", RFC 2992, November 2000.
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC [RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC
4272, January 2006. 4272, January 2006.
[RFC4277] McPherson, D. and K. Patel, "Experience with the BGP-4
Protocol", RFC 4277, January 2006.
[RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast [RFC4786] Abley, J. and K. Lindqvist, "Operation of Anycast
Services", BCP 126, RFC 4786, December 2006. Services", BCP 126, RFC 4786, December 2006.
[RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C. [RFC5082] Gill, V., Heasley, J., Meyer, D., Savola, P., and C.
Pignataro, "The Generalized TTL Security Mechanism Pignataro, "The Generalized TTL Security Mechanism
(GTSM)", RFC 5082, October 2007. (GTSM)", RFC 5082, October 2007.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection [RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding Detection
(BFD)", RFC 5880, June 2010. (BFD)", RFC 5880, June 2010.
[RFC6325] Perlman, R., Eastlake, D., Dutt, D., Gai, S., and A. [RFC6325] Perlman, R., Eastlake, D., Dutt, D., Gai, S., and A.
Ghanwani, "Routing Bridges (RBridges): Base Protocol Ghanwani, "Routing Bridges (RBridges): Base Protocol
Specification", RFC 6325, July 2011. Specification", RFC 6325, July 2011.
[RFC6769] Raszuk, R., Heitz, J., Lo, A., Zhang, L., and X. Xu,
"Simple Virtual Aggregation (S-VA)", RFC 6769, October
2012.
[RFC6774] Raszuk, R., Fernando, R., Patel, K., McPherson, D., and K. [RFC6774] Raszuk, R., Fernando, R., Patel, K., McPherson, D., and K.
Kumaki, "Distribution of Diverse BGP Paths", RFC 6774, Kumaki, "Distribution of Diverse BGP Paths", RFC 6774,
November 2012. November 2012.
[RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet [RFC6793] Vohra, Q. and E. Chen, "BGP Support for Four-Octet
Autonomous System (AS) Number Space", RFC 6793, December Autonomous System (AS) Number Space", RFC 6793, December
2012. 2012.
[RFC2992] Hopps, C., "Analysis of an Equal-Cost Multi-Path
Algorithm", RFC 2992, November 2000.
[RFC6769] Raszuk, R., Heitz, J., Lo, A., Zhang, L., and X. Xu,
"Simple Virtual Aggregation (S-VA)", RFC 6769, October
2012.
[RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and [RFC7130] Bhatia, M., Chen, M., Boutros, S., Binderberger, M., and
J. Haas, "Bidirectional Forwarding Detection (BFD) on Link J. Haas, "Bidirectional Forwarding Detection (BFD) on Link
Aggregation Group (LAG) Interfaces", RFC 7130, February Aggregation Group (LAG) Interfaces", RFC 7130, February
2014. 2014.
[RFC7196] Pelsser, C., Bush, R., Patel, K., Mohapatra, P., and O.
Maennel, "Making Route Flap Damping Usable", RFC 7196, May
2014.
[I-D.ietf-idr-add-paths] [I-D.ietf-idr-add-paths]
Walton, D., Retana, A., Chen, E., and J. Scudder, Walton, D., Retana, A., Chen, E., and J. Scudder,
"Advertisement of Multiple Paths in BGP", draft-ietf-idr- "Advertisement of Multiple Paths in BGP", draft-ietf-idr-
add-paths-10 (work in progress), October 2014. add-paths-10 (work in progress), October 2014.
[I-D.ietf-idr-link-bandwidth] [I-D.ietf-idr-link-bandwidth]
Mohapatra, P. and R. Fernando, "BGP Link Bandwidth Mohapatra, P. and R. Fernando, "BGP Link Bandwidth
Extended Community", draft-ietf-idr-link-bandwidth-06 Extended Community", draft-ietf-idr-link-bandwidth-06
(work in progress), January 2013. (work in progress), January 2013.
[CLOS1953]
Clos, C., "A Study of Non-Blocking Switching Networks:
Bell System Technical Journal Vol. 32(2)", March 1953.
[HADOOP] Apache, , "Apache HaDoop", June 2015,
<https://hadoop.apache.org/>.
[GREENBERG2009] [GREENBERG2009]
Greenberg, A., Hamilton, J., and D. Maltz, "The Cost of a Greenberg, A., Hamilton, J., and D. Maltz, "The Cost of a
Cloud: Research Problems in Data Center Networks", January Cloud: Research Problems in Data Center Networks", January
2009. 2009.
[IEEE8021AG] [IEEE8021D-1990]
IEEE 802.1Q, , "IEEE Standard for Local and metropolitan IEEE 802.1D, , "IEEE Standard for Local and Metropolitan
area networks - Media Access Control (MAC) Bridges and Area Networks--Media access control (MAC) Bridges", May
Virtual Bridged Local Area Networks", October 2012. 1990.
[IEEE8023AH] [IEEE8021D-2004]
IEEE 802.3, , "IEEE Standard for Information technology - IEEE 802.1D, , "IEEE Standard for Local and Metropolitan
Local and metropolitan area networks - Carrier sense Area Networks--Media access control (MAC) Bridges",
multiple access with collision detection (CSMA/CD) access February 2004.
method and physical layer specifications", December 2008.
[IEEE8021Q]
IEEE 802.1Q, , "IEEE Standard for Local and metropolitan
area networks--Bridges and Bridged Networks", December
2014.
[INTERCON] [INTERCON]
Dally, W. and B. Towles, "Principles and Practices of Dally, W. and B. Towles, "Principles and Practices of
Interconnection Networks", ISBN 978-0122007514, January Interconnection Networks", ISBN 978-0122007514, January
2004. 2004.
[ALFARES2008] [ALFARES2008]
Al-Fares, M., Loukissas, A., and A. Vahdat, "A Scalable, Al-Fares, M., Loukissas, A., and A. Vahdat, "A Scalable,
Commodity Data Center Network Architecture", August 2008. Commodity Data Center Network Architecture", August 2008.
[IANA.AS] IANA, , "Autonomous System (AS) Numbers", April 2015, [IANA.AS] IANA, , "Autonomous System (AS) Numbers", June 2015,
<http://www.iana.org/assignments/as-numbers/>. <http://www.iana.org/assignments/as-numbers/>.
[IEEE8023AD] [IEEE8023AD]
IEEE 802.3ad, , "IEEE Standard for Link aggregation for IEEE 802.3ad, , "IEEE Standard for Link aggregation for
parallel links", October 2000. parallel links", October 2000.
[ALLOWASIN]
Cisco Systems, , "Allowas-in Feature in BGP Configuration
Example", February 2015,
<http://www.cisco.com/c/en/us/support/docs/ip/border-
gateway-protocol-bgp/112236-allowas-in-bgp-config-
example.html>.
[REMOVE-PRIVATE-AS] [REMOVE-PRIVATE-AS]
Cisco Systems, , "Removing Private Autonomous System Cisco Systems, , "Removing Private Autonomous System
Numbers in BGP", August 2005, Numbers in BGP", August 2005,
<http://www.cisco.com/en/US/tech/tk365/ <http://www.cisco.com/en/US/tech/tk365/
technologies_tech_note09186a0080093f27.shtml>. technologies_tech_note09186a0080093f27.shtml>.
[CONDITIONALROUTE]
Cisco Systems, , "Configuring and Verifying the BGP
Conditional Advertisement Feature", August 2005,
<http://www.cisco.com/c/en/us/support/docs/ip/
border-gateway-protocol-bgp/16137-cond-adv.html>.
[FB4POST] Farrington, N. and A. Andreyev, "Facebook's Data Center [FB4POST] Farrington, N. and A. Andreyev, "Facebook's Data Center
Network Architecture", May 2013, Network Architecture", May 2013,
<http://nathanfarrington.com/papers/facebook-oic13.pdf>. <http://nathanfarrington.com/papers/facebook-oic13.pdf>.
[JAKMA2008] [JAKMA2008]
Jakma, P., "BGP Path Hunting", 2008, Jakma, P., "BGP Path Hunting", 2008,
<https://blogs.oracle.com/paulj/entry/bgp_path_hunting>. <https://blogs.oracle.com/paulj/entry/bgp_path_hunting>.
[CONS-HASH] [CONS-HASH]
Wikipedia, , "Consistent Hashing", Wikipedia, , "Consistent Hashing",
skipping to change at page 31, line 43 skipping to change at page 33, line 29
Ariff Premji Ariff Premji
Arista Networks Arista Networks
5453 Great America Parkway 5453 Great America Parkway
Santa Clara, CA 95054 Santa Clara, CA 95054
US US
Email: ariff@arista.com Email: ariff@arista.com
URI: http://arista.com/ URI: http://arista.com/
Jon Mitchell (editor) Jon Mitchell (editor)
Google
1600 Amphitheatre Parkway
Mountain View, CA 94043
US
Email: jrmitche@puck.nether.net Email: jrmitche@puck.nether.net
 End of changes. 92 change blocks. 
254 lines changed or deleted 315 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/