SDN [email protected] COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — INTERNAL PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION IETF NVO3 WG : NETWORK VIRTUALIZATION OVERLAYS (OVER L3) http://datatracker.ietf.org/wg/nvo3/charter/ IP Underlay Layer2/Layer3 / - RFC 7364 : Problem Statement : Overlays for Network Virtualization - RFC 7365 : Framework for Data Center (DC) Network Virtualization Feb 2015 Feb 2015 Feb 2015 Feb 2015 Apr 2015 Apr 2015 Oct 2015 Oct 2015 Oct 2015 Dec 2015 Data Plane Requirements submitted for IESG review Control Plane Requirements submitted for IESG review Operational Requirements submitted for IESG review Security Requirements submitted for IESG review Architecture submitted for IESG review Use Cases submitted for IESG review NVE - NVA Control Plane Solution submitted for IESG review End Device - NVE Control Plane Solution submitted for IESG review Data Plane Solution submitted for IESG review Recharter or close working group 2 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (1) Overlay Network:L3 overlay Overlay Tenant1 End System Tenant1 End System VN1(Virtual Network1) NVE NVE VN2(Virtual Network2) Tenant2 End System Tenant2 End System Underlay Underlay Network NVE IP Reachability NVE(Network Virtualization Edge) : Overlay L2 (Ethernet LAN-Like) L3 , Overlay state L2/L3 (IP VPN-Like) 3 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. IP Tunneling NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (2) L3 Network (Underlay) IP address NVE 1 Overlay Module VN Context Overlay Module VNI 1 VNI 1 VN Context VNI 2 VAP NVE 2 VNI 2 VAP Tenant1 End System Tenant2 End System Tenant1 End System VNI (Virtual Network Instance): Virtual Network VAP Virtual Access Point : VN Context Identifier: VN 4 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Tenant2 End System ( / ) NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (3) Tenant1’s IP Packet L3 tunnel Header VN context VNI 1 Tenant2’s Ether VN context net VNI 2 Frame L3 Network (Underlay) IP address NVE 1 Overlay Module VN Context Overlay Module VNI 1 VNI 1 VN Context VNI 2 VAP Tenant1’s Ether net Packet Tenant1 End System VNI 2 NVE 2 VAP Tenant2 End System Tenant2’s Ether net Packet Tenant1’s Ether net Packet 5 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Tenant1 End System Tenant2 End System Tenant2’s Ether net Packet NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (4) NVE NVE L3 Network - NVE DC GW - (lookup/filtering/ encap/decap) - Control plane(routing/ signaling/OAM) Intra-DC Network - FIB/RIB - Multicast NVE Switch Server Hypervisor VM VM Hypervisor VM VM NVE Hypervisor VM VM NVE 6 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. - /Replication - Fragmentation - QoS - Resiliency NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (5) NVE NVE VN draft-ietf-nvo3-hpvr2nve-cp-req Server Hypervisor vSwitch /NVE Overlay module VN2 VN1 Access Switch /NVE Overlay module VN1 VN2 Port2 Port1 vSW Vlan10 vPort1 Tenant1 VM vPort2 Tenant2 VM Tenant1 Bare metal Vlan20 Hypervisor-NVE Protocol Hypervisor vSwitch vPort1 Tenant1 VM vPort2 Server Tenant2 VM Example: vPort/ VN Context Src Addr Port(and Vlan) Dest Addr Encap Type LocalRemoteNVE-Addr NVE-Addr 7 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Data-Plane VXLAN: RFC 7348 Encapsulation • UDP/IP L2 • 24-bit VNID VN • Inner Hash ( Outer UDP SRC-PORT Multi-path Inner Flow +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R|R|R|R|I|R|R|R| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VXLAN Network Identifier (VNI) | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IP VLAN Ethernet VXLAN UDP IP Ethernet Payload Original User Frame 8 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. I=1 Data-Plane Encapsulation VXLAN GPE(Generic Protocol Extension) draft-quinn-vxlan-gpe • VXLAN Ethernet Multi Protocol Transport • Next Protocol P=1 P=0 RFC7348 VXLAN +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |R|R|R|R|I|P|R|O|Ver| Reserved |Next Protocol | O=OAM +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ver=0 | VXLAN Network Identifier (VNI) | Reserved | Next Protocol: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0x1 : IPv4 IP VLAN Eth IP VXLAN UDP IP Ethernet Payload Payload Original User Packet/Frame 9 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. 0x2 : IPv6 0x3 : Ethernet 0x4 : NSH Network Service Header Data-Plane Encapsulation NVGRE : draft-sridharan-virtualization-nvgre • GRE/IP L2 • 24-bit VSID(Virtual Subnet ID) • FlowID: Flow VN Encapsulation • Multipath Outer IP +GRE +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| |1|0| Reserved0 | Ver | Protocol Type 0x6558 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Virtual Subnet ID (VSID) | FlowID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IP VLAN Ethernet GRE IP Ethernet Payload Original User Frame 10 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Data-Plane Encapsulation Geneve (Generic Network Virtualization Encapsulation) draft-gross-geneve (VMware/MS/RH/Intel/Broadcom/Arista/Cumulus) (Options/Tunnel Options • • HW (Intel NIC +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Ver| Opt Len |O|C| Rsvd. | Protocol Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Virtual Network Identifier (VNI) | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Variable Length Options | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ IP VLAN Ethernet Geneve UDP IP Ethernet Payload Original User Packet/Frame 11 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Encapsulation • MPLS over GRE : RFC4023 - IP-VPN like L3 • STT : draft-davie-stt - VMware L2oL3 TCP-like 12 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. NVO3 FRAMEWORK/ARCHITECTURE OVERVIEW (6) NVE NVA NVA Full Distribute Hybrid Centralized Orchestrator/CMS Orchestrator/CMS Orchestrator/CMS NVA C-Plane NVE c roto p e an ol pl r t n NVO3 Co ol C/D-Plane NVA NVE C-Plane NVE NVA NVA-to-NVE Protocol C-Plane NVE Control plane protocol NVO3 NVE D-Plane NVE NVA(Network Virtualization Authority):NVE 13 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. NVE NVO3 NVE D-Plane NVE NVE VM MOBILITY Dest-MAC = MAC B Dest-IP = IP 2 NVA Control Plane Updates Control Plane NVA NVA Frame to VM2 tenant VM1 MAC A, IP 1 NVA NVE 1 Data Plane tenant VM2 MAC B, IP 2 L2: MAC L3: IP NVA NVE 2 NVA NVE 3 VM “hot” mobility(Live Migration) L2 Table L3 Table ARP 14 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. tenant VM2’ MAC B, IP 2 L2 MAC ( • L2NW - ARP/ND BUM - Underlay Multicast - = Underlay PIM Multicast Protocol Ingress Replication = • CMS and/or Hypervisor (or ) (ex. EVPN) • L2 15 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. EVPN RFC/I-D draft-allan-l2vpn-mldp-evpn draft-boutros-l2vpn-evpn-vpws draft-boutros-l2vpn-vxlan-evpn • IETF L2VPN WG draft-ietf-l2vpn-evpn RFC7209 (draft-ietf-l2vpn-evpn-req) draft-ietf-l2vpn-pbb-evpn • - RFC7209: EVPN requirements - draft-ietf-l2vpn-evpn: EVPN base specification( RFC) - draft-ietf-l2vpn-pbb-evpn • - Cisco - Juniper - Alcatel-Lucent 16 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. draft-ietf-l2vpn-spbm-evpn draft-ietf-l2vpn-trill-evpn draft-jain-l2vpn-evpn-lsp-ping draft-li-l2vpn-evpn-mcast-state-ad draft-li-l2vpn-evpn-pe-ce draft-li-l2vpn-segment-evpn draft-rabadan-l2vpn-dci-evpn-overlay draft-rabadan-l2vpn-evpn-prefix-advertisement draft-rabadan-l2vpn-evpn-optimized-ir draft-rp-l2vpn-evpn-usage draft-sajassi-l2vpn-evpn-etree draft-sajassi-l2vpn-evpn-inter-subnet-forwarding draft-sajassi-l2vpn-evpn-ipvpn-interop draft-sajassi-l2vpn-evpn-vpls-integration draft-salam-l2vpn-evpn-oam-req-frmwk draft-sd-l2vpn-evpn-overlay draft-vgovindan-l2vpn-evpn-bfd draft-zhang-l2vpn-evpn-selective-mcast draft-zheng-l2vpn-evpn-pm-framework EVPN : EVPN MP-BGP Control Plane draft-ietf-l2vpn-evpn Data Plane • EVPN over MPLS ELAN • All-active / single-active • PBB PE EVPN • NVO (VXLAN, NVGRE, MPLSoGRE ) EVPN • All-active / single-active • All-active / single-active • RSVP-TE/LDP/SR MPLS 17 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. EVPN : MAC • MP-BGP BGP MAC - Flooding - L2 • MAC RR IP MAC/IP Advertisement Route BGP Route-distinguisher (8B) EVPN NLRI - AFI = 25 (L2VPN) / SAFI = 70 (EVPN) VNI(VXLAN) VSID(NVGRE) • MAC Ethernet Tag ID (4B) MAC Address Length (1B) MAC Address (6B) - • EVPN L2 Ethernet Segment ID (10B) (EVI) IP Address Length (1B) Isolation IP Address (0 or 4 or 16B) MPLS Label 1 (3B) MPLS Label 2 (0 or 3B) 18 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. EVPN: Proxy-ARP/ND MAC/IP MAC1-IP1 MAC2-IP2 MAC3-IP3 type dynamic EVPN EVPN Flooding Proxy-ARP Enable MAC/IP type MAC1-IP1 EVPN MAC2-IP2 static MAC3-IP3 EVPN MAC1/IP1 ARP/GARP NVE/NVA ARP request IP1 MAC2/IP2 MAC1/IP1 EVI 1 MAC2/IP2 EVI 1 EVI 1 MAC1/IP1 MAC2/IP2 EVI 1 ARP reply MAC1/IP1 Orchestrator/CMS MAC3/IP3 Dynamic(ARP/ND ) Control Plane ) Static(CMS Local EVPN NVE/NVA ARP 19 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. EVPN Local MAC1/IP1 IP1 ARP EVPN: L2/L3 forwarding draft-rabadan-l2vpn-evpn-prefix-advertisement - EVPN Prefix-route - EVI Egress Ingress VRF/ARP tables VRF table IP NH IP MAC NH 20.0 EVPN-tunnel PE2 20.10 M2 EVI2 EVI2 FDB EVI1 FDB MAC NH IRB1 local IRB-1 10.10.10.1 VM1 IRB EVPN-tunnel MAC NH M2 local IRB IRB-4 EVPN-tunnel VRF VRF 20.20.20.1 MAC-VRF EVI2 MAC-VRF EVI1 VM2 10.10.10.10/24 M1 EVPN Prefix-route 20.20.20.0/24 20.20.20.10/24 M2 20 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. - PE VRF Local MAC-VRF EVPNTunnel IRB(Integrated Routing and Bridging) - Local EVI Remote PE Host MAC/IP import - EVPN VRF routing table import prefix EVPN control plane subnet IP-VRF : - ingress PE - FDB lookup IRB - Routing lookup remote PE - egress PE - Routing/ARP lookup local EVI - FDB lookup local AC VXLAN-EVPN Payload 1. Control Plane: EVPN MAC/Prefix Control plane PE1 2. Data Plane: VXLAN Encap 135.0.0.0/24 Routed to PE1 VPRN routing-table EVPN Prefix-route 10.0.0.0/24 VNI=10, GW-MAC=AA:AA IP-VPN NH 135.0.0.0/24 PE1 (LSP-1) 10.0.0.0/24 EVPN-tunnel VRS-1 VPRN VPRN evpn-tunnel evpn-tunnel DC-GW-1 192.0.0.1 BB:BB VPRN routing-table IP evpn-tunnel NH ." 135.0.0.0/24 EVPN-tunnel DC-GW-1 10.0.0.0/24 local-RVPLS1 RVPLS1 FDB MAC NH IRB1 local-VPRN Payload IP EVPN-VXLAN EVPN Prefix-route 135.0.0.0/24 VNI=10, GW-MAC=BB:BB IP DA = 135.0.0.10 IP SA = 10.0.0.10 ." IRB1 VPRN RVPLS1 ." MAC VXLAN UDP IP MAC IP DA = 135.0.0.10 IP SA = 10.0.0.10 MAC DA = BB:BB MAC SA = AA:AA VNI=10 IP (dest VTEP) = 192.0.0.1 IP (src VTEP) = 192.1.1.1 RVPLS2 VRS-1 192.1.1.1 VM-1 AA:AA 10.0.0.10/24 21 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Payload EVPN: DC-GW ALU IP DA = 135.0.0.10 IP SA = 10.0.0.10 MAC MAC DA = IRB1 IETF SFC WG : Service Function Chanining http://datatracker.ietf.org/wg/sfc/charter/ / (Chain Control plane - - - - - Service Function Encapsulation, ) draft-ietf-sfc-problem-statement (submitted to IESG) draft-ietf-sfc-architecture draft-ietf-sfc-dc-use-cases draft-ietf-sfc-long-lived-flow-use-cases draft-ietf-sfc-use-case-mobility Classifier SF1 SF2 SF3 chain1 chain2 22 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. SFC Architecture +----------------+ +----------------+ | SFC-aware | | SFC-unaware | |Service Function| |Service Function| +-------+--------+ +-------+--------+ | | (capability/availability/location) SFC Encapsulation No SFC Encapsulation | SFC | +---------+ +----------------+ Encapsulation +---------+ SFC Policy |SFC-Aware|-----------------+ \ +------------|SFC Proxy| | SF | ... ----------+ \ \ / +---------+ +---------+ \ \ \ / SFC Contol plane +-------+--------+ SFC-aware SF | SF Forwarder | Proxy | (SFF) | +-------+--------+ SFP | Network traffic SFC Encapsulation Classification 1 SF SFP Encapsulation | Encapsulation ... SFC-enabled Domain ... SFP SFF Classifier | Network Overlay Transport | _,....._ ,-' `-. o . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . / `. . +--------------+ +------------------~~~ | Network | . | Service | SFC | Service +---+ +---+ `. / . |Classification| Encapsulation | Function |sf1|...|sfn| Classifier `.__ __,-' +---->| Function |+---------------->| Path +---+ +---+ `'''' . +--------------+ +------------------~~~ . SFC-enabled Domain o . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. SFC Encapsulation 2 • draft-quinn-sfc-nsh (NSH : Network Service Header) - Mandatory - OVS data plane Context header OpenDaylight control plane • dra3-zhang-sfc-sch (SCH : Service Chain Header) - Context header ? 24 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. <NVO3> Commercial Deployment • EVPN • • L2/L3 combined • VXLAN Geneve <SFC> • Architecture / Usecase • 25 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. 26 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
© Copyright 2024 Paperzz
