Internet Engineering Task Force (IETF) A. Sajassi, Ed.
Request for Comments: 7432 Cisco
Category: Standards Track R. Aggarwal
ISSN: 2070-1721 Arktan
N. Bitar
Verizon
A. Isaac
Bloomberg
J. Uttaro
AT&T
J. Drake
Juniper Networks
W. Henderickx
Alcatel-Lucent
February 2015
Internet Engineering Task Force (IETF) A. Sajassi, Ed.
Request for Comments: 7432 Cisco
Category: Standards Track R. Aggarwal
ISSN: 2070-1721 Arktan
N. Bitar
Verizon
A. Isaac
Bloomberg
J. Uttaro
AT&T
J. Drake
Juniper Networks
W. Henderickx
Alcatel-Lucent
February 2015
BGP MPLS-Based Ethernet VPN
基于bgpmpls的以太网VPN
Abstract
摘要
This document describes procedures for BGP MPLS-based Ethernet VPNs (EVPN). The procedures described here meet the requirements specified in RFC 7209 -- "Requirements for Ethernet VPN (EVPN)".
本文档描述了基于BGP MPLS的以太网VPN(EVPN)的过程。此处描述的过程符合RFC 7209“以太网VPN(EVPN)要求”中规定的要求。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7432.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7432.
Copyright Notice
版权公告
Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................4
2. Specification of Requirements ...................................4
3. Terminology .....................................................4
4. BGP MPLS-Based EVPN Overview ....................................6
5. Ethernet Segment ................................................7
6. Ethernet Tag ID ................................................10
6.1. VLAN-Based Service Interface ..............................11
6.2. VLAN Bundle Service Interface .............................11
6.2.1. Port-Based Service Interface .......................11
6.3. VLAN-Aware Bundle Service Interface .......................11
6.3.1. Port-Based VLAN-Aware Service Interface ............12
7. BGP EVPN Routes ................................................13
7.1. Ethernet Auto-discovery Route .............................14
7.2. MAC/IP Advertisement Route ................................14
7.3. Inclusive Multicast Ethernet Tag Route ....................15
7.4. Ethernet Segment Route ....................................16
7.5. ESI Label Extended Community ..............................16
7.6. ES-Import Route Target ....................................17
7.7. MAC Mobility Extended Community ...........................18
7.8. Default Gateway Extended Community ........................18
7.9. Route Distinguisher Assignment per EVI ....................18
7.10. Route Targets ............................................19
7.10.1. Auto-derivation from the Ethernet Tag ID ..........19
8. Multihoming Functions ..........................................19
8.1. Multihomed Ethernet Segment Auto-discovery ................19
8.1.1. Constructing the Ethernet Segment Route ............19
8.2. Fast Convergence ..........................................20
8.2.1. Constructing Ethernet A-D per Ethernet
Segment Route ......................................21
8.2.1.1. Ethernet A-D Route Targets ................21
1. Introduction ....................................................4
2. Specification of Requirements ...................................4
3. Terminology .....................................................4
4. BGP MPLS-Based EVPN Overview ....................................6
5. Ethernet Segment ................................................7
6. Ethernet Tag ID ................................................10
6.1. VLAN-Based Service Interface ..............................11
6.2. VLAN Bundle Service Interface .............................11
6.2.1. Port-Based Service Interface .......................11
6.3. VLAN-Aware Bundle Service Interface .......................11
6.3.1. Port-Based VLAN-Aware Service Interface ............12
7. BGP EVPN Routes ................................................13
7.1. Ethernet Auto-discovery Route .............................14
7.2. MAC/IP Advertisement Route ................................14
7.3. Inclusive Multicast Ethernet Tag Route ....................15
7.4. Ethernet Segment Route ....................................16
7.5. ESI Label Extended Community ..............................16
7.6. ES-Import Route Target ....................................17
7.7. MAC Mobility Extended Community ...........................18
7.8. Default Gateway Extended Community ........................18
7.9. Route Distinguisher Assignment per EVI ....................18
7.10. Route Targets ............................................19
7.10.1. Auto-derivation from the Ethernet Tag ID ..........19
8. Multihoming Functions ..........................................19
8.1. Multihomed Ethernet Segment Auto-discovery ................19
8.1.1. Constructing the Ethernet Segment Route ............19
8.2. Fast Convergence ..........................................20
8.2.1. Constructing Ethernet A-D per Ethernet
Segment Route ......................................21
8.2.1.1. Ethernet A-D Route Targets ................21
8.3. Split Horizon .............................................22
8.3.1. ESI Label Assignment ...............................22
8.3.1.1. Ingress Replication .......................22
8.3.1.2. P2MP MPLS LSPs ............................24
8.4. Aliasing and Backup Path ..................................25
8.4.1. Constructing Ethernet A-D per EVPN Instance Route ..26
8.5. Designated Forwarder Election .............................27
8.6. Interoperability with Single-Homing PEs ...................29
9. Determining Reachability to Unicast MAC Addresses ..............30
9.1. Local Learning ............................................30
9.2. Remote Learning ...........................................30
9.2.1. Constructing MAC/IP Address Advertisement ..........31
9.2.2. Route Resolution ...................................32
10. ARP and ND ....................................................33
10.1. Default Gateway ..........................................34
11. Handling of Multi-destination Traffic .........................36
11.1. Constructing Inclusive Multicast Ethernet Tag Route ......36
11.2. P-Tunnel Identification ..................................37
12. Processing of Unknown Unicast Packets .........................38
12.1. Ingress Replication ......................................38
12.2. P2MP MPLS LSPs ...........................................39
13. Forwarding Unicast Packets ....................................39
13.1. Forwarding Packets Received from a CE ....................39
13.2. Forwarding Packets Received from a Remote PE .............41
13.2.1. Unknown Unicast Forwarding ........................41
13.2.2. Known Unicast Forwarding ..........................41
14. Load Balancing of Unicast Packets .............................41
14.1. Load Balancing of Traffic from a PE to Remote CEs ........41
14.1.1. Single-Active Redundancy Mode .....................42
14.1.2. All-Active Redundancy Mode ........................42
14.2. Load Balancing of Traffic between a PE and a Local CE ....44
14.2.1. Data-Plane Learning ...............................44
14.2.2. Control-Plane Learning ............................44
15. MAC Mobility ..................................................45
15.1. MAC Duplication Issue ....................................47
15.2. Sticky MAC Addresses .....................................47
16. Multicast and Broadcast .......................................47
16.1. Ingress Replication ......................................47
16.2. P2MP LSPs ................................................48
16.2.1. Inclusive Trees ...................................48
17. Convergence ...................................................49
17.1. Transit Link and Node Failures between PEs ...............49
17.2. PE Failures ..............................................49
17.3. PE-to-CE Network Failures ................................49
18. Frame Ordering ................................................50
8.3. Split Horizon .............................................22
8.3.1. ESI Label Assignment ...............................22
8.3.1.1. Ingress Replication .......................22
8.3.1.2. P2MP MPLS LSPs ............................24
8.4. Aliasing and Backup Path ..................................25
8.4.1. Constructing Ethernet A-D per EVPN Instance Route ..26
8.5. Designated Forwarder Election .............................27
8.6. Interoperability with Single-Homing PEs ...................29
9. Determining Reachability to Unicast MAC Addresses ..............30
9.1. Local Learning ............................................30
9.2. Remote Learning ...........................................30
9.2.1. Constructing MAC/IP Address Advertisement ..........31
9.2.2. Route Resolution ...................................32
10. ARP and ND ....................................................33
10.1. Default Gateway ..........................................34
11. Handling of Multi-destination Traffic .........................36
11.1. Constructing Inclusive Multicast Ethernet Tag Route ......36
11.2. P-Tunnel Identification ..................................37
12. Processing of Unknown Unicast Packets .........................38
12.1. Ingress Replication ......................................38
12.2. P2MP MPLS LSPs ...........................................39
13. Forwarding Unicast Packets ....................................39
13.1. Forwarding Packets Received from a CE ....................39
13.2. Forwarding Packets Received from a Remote PE .............41
13.2.1. Unknown Unicast Forwarding ........................41
13.2.2. Known Unicast Forwarding ..........................41
14. Load Balancing of Unicast Packets .............................41
14.1. Load Balancing of Traffic from a PE to Remote CEs ........41
14.1.1. Single-Active Redundancy Mode .....................42
14.1.2. All-Active Redundancy Mode ........................42
14.2. Load Balancing of Traffic between a PE and a Local CE ....44
14.2.1. Data-Plane Learning ...............................44
14.2.2. Control-Plane Learning ............................44
15. MAC Mobility ..................................................45
15.1. MAC Duplication Issue ....................................47
15.2. Sticky MAC Addresses .....................................47
16. Multicast and Broadcast .......................................47
16.1. Ingress Replication ......................................47
16.2. P2MP LSPs ................................................48
16.2.1. Inclusive Trees ...................................48
17. Convergence ...................................................49
17.1. Transit Link and Node Failures between PEs ...............49
17.2. PE Failures ..............................................49
17.3. PE-to-CE Network Failures ................................49
18. Frame Ordering ................................................50
19. Security Considerations .......................................50
20. IANA Considerations ...........................................52
21. References ....................................................52
21.1. Normative References .....................................52
21.2. Informative References ...................................53
Acknowledgements ..................................................55
Contributors ......................................................55
Authors' Addresses ................................................56
19. Security Considerations .......................................50
20. IANA Considerations ...........................................52
21. References ....................................................52
21.1. Normative References .....................................52
21.2. Informative References ...................................53
Acknowledgements ..................................................55
Contributors ......................................................55
Authors' Addresses ................................................56
Virtual Private LAN Service (VPLS), as defined in [RFC4664], [RFC4761], and [RFC4762], is a proven and widely deployed technology. However, the existing solution has a number of limitations when it comes to multihoming and redundancy, multicast optimization, provisioning simplicity, flow-based load balancing, and multipathing; these limitations are important considerations for Data Center (DC) deployments. [RFC7209] describes the motivation for a new solution to address these limitations. It also outlines a set of requirements that the new solution must address.
[RFC4664]、[RFC4761]和[RFC4762]中定义的虚拟专用LAN服务(VPLS)是一种经过验证且广泛部署的技术。然而,现有的解决方案在多宿主和冗余、多播优化、资源调配的简单性、基于流的负载平衡和多路径等方面存在一些局限性;这些限制是数据中心(DC)部署的重要考虑因素。[RFC7209]描述了解决这些限制的新解决方案的动机。它还概述了新解决方案必须解决的一组需求。
This document describes procedures for a BGP MPLS-based solution called Ethernet VPN (EVPN) to address the requirements specified in [RFC7209]. Please refer to [RFC7209] for the detailed requirements and motivation. EVPN requires extensions to existing IP/MPLS protocols as described in this document. In addition to these extensions, EVPN uses several building blocks from existing MPLS technologies.
本文档描述了基于BGP MPLS的以太网VPN(EVPN)解决方案的过程,以满足[RFC7209]中规定的要求。详细要求和动机请参考[RFC7209]。EVPN需要对现有IP/MPLS协议进行扩展,如本文档所述。除了这些扩展之外,EVPN还使用了现有MPLS技术的几个构建块。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。
Broadcast Domain: In a bridged network, the broadcast domain corresponds to a Virtual LAN (VLAN), where a VLAN is typically represented by a single VLAN ID (VID) but can be represented by several VIDs where Shared VLAN Learning (SVL) is used per [802.1Q].
广播域:在桥接网络中,广播域对应于虚拟LAN(VLAN),其中VLAN通常由单个VLAN ID(VID)表示,但可以由多个VID表示,其中根据[802.1Q]使用共享VLAN学习(SVL)。
Bridge Table: An instantiation of a broadcast domain on a MAC-VRF.
桥接表:MAC-VRF上广播域的实例。
CE: Customer Edge device, e.g., a host, router, or switch.
CE:客户边缘设备,例如主机、路由器或交换机。
EVI: An EVPN instance spanning the Provider Edge (PE) devices participating in that EVPN.
EVI:跨越参与该EVPN的提供者边缘(PE)设备的EVPN实例。
MAC-VRF: A Virtual Routing and Forwarding table for Media Access Control (MAC) addresses on a PE.
MAC-VRF:PE上媒体访问控制(MAC)地址的虚拟路由和转发表。
Ethernet Segment (ES): When a customer site (device or network) is connected to one or more PEs via a set of Ethernet links, then that set of links is referred to as an 'Ethernet segment'.
以太网段:当客户站点(设备或网络)通过一组以太网链路连接到一个或多个PEs时,该组链路称为“以太网段”。
Ethernet Segment Identifier (ESI): A unique non-zero identifier that identifies an Ethernet segment is called an 'Ethernet Segment Identifier'.
以太网段标识符(ESI):标识以太网段的唯一非零标识符称为“以太网段标识符”。
Ethernet Tag: An Ethernet tag identifies a particular broadcast domain, e.g., a VLAN. An EVPN instance consists of one or more broadcast domains.
以太网标签:以太网标签标识特定的广播域,例如VLAN。EVPN实例由一个或多个广播域组成。
LACP: Link Aggregation Control Protocol.
链路聚合控制协议。
MP2MP: Multipoint to Multipoint.
MP2MP:多点对多点。
MP2P: Multipoint to Point.
MP2P:多点对点。
P2MP: Point to Multipoint.
P2MP:点对多点。
P2P: Point to Point.
P2P:点对点。
PE: Provider Edge device.
PE:提供程序边缘设备。
Single-Active Redundancy Mode: When only a single PE, among all the PEs attached to an Ethernet segment, is allowed to forward traffic to/from that Ethernet segment for a given VLAN, then the Ethernet segment is defined to be operating in Single-Active redundancy mode.
单主动冗余模式:当在连接到以太网段的所有PE中,只有一个PE被允许为给定VLAN向/从该以太网段转发流量时,则以太网段被定义为在单主动冗余模式下运行。
All-Active Redundancy Mode: When all PEs attached to an Ethernet segment are allowed to forward known unicast traffic to/from that Ethernet segment for a given VLAN, then the Ethernet segment is defined to be operating in All-Active redundancy mode.
全主动冗余模式:当允许连接到以太网段的所有PE为给定VLAN向该以太网段转发已知的单播通信量或从该以太网段转发已知的单播通信量时,以太网段被定义为在全主动冗余模式下运行。
This section provides an overview of EVPN. An EVPN instance comprises Customer Edge devices (CEs) that are connected to Provider Edge devices (PEs) that form the edge of the MPLS infrastructure. A CE may be a host, a router, or a switch. The PEs provide virtual Layer 2 bridged connectivity between the CEs. There may be multiple EVPN instances in the provider's network.
本节概述了EVPN。EVPN实例包括连接到构成MPLS基础设施边缘的提供商边缘设备(PE)的客户边缘设备(CE)。CE可以是主机、路由器或交换机。PEs提供CEs之间的虚拟第2层桥接连接。提供商的网络中可能有多个EVPN实例。
The PEs may be connected by an MPLS Label Switched Path (LSP) infrastructure, which provides the benefits of MPLS technology, such as fast reroute, resiliency, etc. The PEs may also be connected by an IP infrastructure, in which case IP/GRE (Generic Routing Encapsulation) tunneling or other IP tunneling can be used between the PEs. The detailed procedures in this document are specified only for MPLS LSPs as the tunneling technology. However, these procedures are designed to be extensible to IP tunneling as the Packet Switched Network (PSN) tunneling technology.
PEs可以通过MPLS标签交换路径(LSP)基础设施连接,该基础设施提供MPLS技术的优点,例如快速重路由、弹性等。PEs也可以通过IP基础设施连接,在这种情况下,可以在PEs之间使用IP/GRE(通用路由封装)隧道或其他IP隧道。本文件中的详细程序仅针对作为隧道技术的MPLS LSP进行了规定。然而,这些过程被设计为可扩展到IP隧道,作为分组交换网络(PSN)隧道技术。
In an EVPN, MAC learning between PEs occurs not in the data plane (as happens with traditional bridging in VPLS [RFC4761] [RFC4762]) but in the control plane. Control-plane learning offers greater control over the MAC learning process, such as restricting who learns what, and the ability to apply policies. Furthermore, the control plane chosen for advertising MAC reachability information is multi-protocol (MP) BGP (similar to IP VPNs [RFC4364]). This provides flexibility and the ability to preserve the "virtualization" or isolation of groups of interacting agents (hosts, servers, virtual machines) from each other. In EVPN, PEs advertise the MAC addresses learned from the CEs that are connected to them, along with an MPLS label, to other PEs in the control plane using Multiprotocol BGP (MP-BGP). Control-plane learning enables load balancing of traffic to and from CEs that are multihomed to multiple PEs. This is in addition to load balancing across the MPLS core via multiple LSPs between the same pair of PEs. In other words, it allows CEs to connect to multiple active points of attachment. It also improves convergence times in the event of certain network failures.
在EVPN中,PE之间的MAC学习不是在数据平面上发生的(就像VPLS[RFC4761][RFC4762]中的传统桥接一样),而是在控制平面上发生的。控制平面学习提供了对MAC学习过程的更大控制,例如限制谁学习什么以及应用策略的能力。此外,为广告MAC可达性信息而选择的控制平面是多协议(MP)BGP(类似于IP vpn[RFC4364])。这提供了灵活性和保持交互代理组(主机、服务器、虚拟机)之间的“虚拟化”或隔离的能力。在EVPN中,PEs使用多协议BGP(MP-BGP)向控制平面中的其他PEs公布从连接到它们的CE中学习到的MAC地址以及MPLS标签。控制平面学习可实现与多个PEs的多宿CEs之间的流量负载平衡。此外,还可以通过同一对PE之间的多个LSP跨MPLS核心进行负载平衡。换句话说,它允许CEs连接到多个活动连接点。它还可以在发生某些网络故障时缩短收敛时间。
However, learning between PEs and CEs is done by the method best suited to the CE: data-plane learning, IEEE 802.1x, the Link Layer Discovery Protocol (LLDP), IEEE 802.1aq, Address Resolution Protocol (ARP), management plane, or other protocols.
然而,PEs和CEs之间的学习是通过最适合CE的方法完成的:数据平面学习、IEEE 802.1x、链路层发现协议(LLDP)、IEEE 802.1aq、地址解析协议(ARP)、管理平面或其他协议。
It is a local decision as to whether the Layer 2 forwarding table on a PE is populated with all the MAC destination addresses known to the control plane, or whether the PE implements a cache-based scheme. For instance, the MAC forwarding table may be populated only with the MAC destinations of the active flows transiting a specific PE.
关于PE上的第2层转发表是否填充了控制平面已知的所有MAC目的地地址,或者PE是否实现了基于缓存的方案,这是一个本地决定。例如,MAC转发表可以仅填充通过特定PE的活动流的MAC目的地。
The policy attributes of EVPN are very similar to those of IP-VPN. An EVPN instance requires a Route Distinguisher (RD) that is unique per MAC-VRF and one or more globally unique Route Targets (RTs). A CE attaches to a MAC-VRF on a PE, on an Ethernet interface that may be configured for one or more Ethernet tags, e.g., VLAN IDs. Some deployment scenarios guarantee uniqueness of VLAN IDs across EVPN instances: all points of attachment for a given EVPN instance use the same VLAN ID, and no other EVPN instance uses this VLAN ID. This document refers to this case as a "Unique VLAN EVPN" and describes simplified procedures to optimize for it.
EVPN的策略属性与IP-VPN非常相似。EVPN实例需要每个MAC-VRF唯一的路由识别器(RD)和一个或多个全局唯一路由目标(RTs)。CE连接到PE上的MAC-VRF,以太网接口上的MAC-VRF可以配置为一个或多个以太网标签,例如VLAN ID。一些部署场景保证了EVPN实例中VLAN ID的唯一性:给定EVPN实例的所有连接点使用相同的VLAN ID,并且没有其他EVPN实例使用此VLAN ID。本文档将此情况称为“唯一VLAN EVPN”,并描述了为其优化的简化过程。
As indicated in [RFC7209], each Ethernet segment needs a unique identifier in an EVPN. This section defines how such identifiers are assigned and how they are encoded for use in EVPN signaling. Later sections of this document describe the protocol mechanisms that utilize the identifiers.
如[RFC7209]所示,每个以太网段都需要EVPN中的唯一标识符。本节定义了如何分配此类标识符以及如何对其进行编码以用于EVPN信令。本文档后面的部分描述了利用标识符的协议机制。
When a customer site is connected to one or more PEs via a set of Ethernet links, then this set of Ethernet links constitutes an "Ethernet segment". For a multihomed site, each Ethernet segment (ES) is identified by a unique non-zero identifier called an Ethernet Segment Identifier (ESI). An ESI is encoded as a 10-octet integer in line format with the most significant octet sent first. The following two ESI values are reserved:
当客户站点通过一组以太网链路连接到一个或多个PEs时,该组以太网链路构成“以太网段”。对于多址站点,每个以太网段由称为以太网段标识符(ESI)的唯一非零标识符标识。ESI以行格式编码为10个八位整数,最重要的八位字节先发送。保留以下两个ESI值:
- ESI 0 denotes a single-homed site.
- ESI 0表示单个主站点。
- ESI {0xFF} (repeated 10 times) is known as MAX-ESI and is reserved.
- ESI{0xFF}(重复10次)称为MAX-ESI,是保留的。
In general, an Ethernet segment SHOULD have a non-reserved ESI that is unique network wide (i.e., across all EVPN instances on all the PEs). If the CE(s) constituting an Ethernet segment is (are) managed by the network operator, then ESI uniqueness should be guaranteed; however, if the CE(s) is (are) not managed, then the operator MUST configure a network-wide unique ESI for that Ethernet segment. This is required to enable auto-discovery of Ethernet segments and Designated Forwarder (DF) election.
通常,以太网段应具有唯一的网络范围内的非保留ESI(即,在所有PE上的所有EVPN实例中)。如果构成以太网段的CE由网络运营商管理,则应保证ESI唯一性;但是,如果CE未被管理,则运营商必须为该以太网段配置网络范围的唯一ESI。这是启用以太网段自动发现和指定转发器(DF)选择所必需的。
In a network with managed and non-managed CEs, the ESI has the following format:
在具有托管和非托管CE的网络中,ESI具有以下格式:
+---+---+---+---+---+---+---+---+---+---+
| T | ESI Value |
+---+---+---+---+---+---+---+---+---+---+
+---+---+---+---+---+---+---+---+---+---+
| T | ESI Value |
+---+---+---+---+---+---+---+---+---+---+
Where:
哪里:
T (ESI Type) is a 1-octet field (most significant octet) that specifies the format of the remaining 9 octets (ESI Value). The following six ESI types can be used:
T(ESI类型)是一个1个八位字节字段(最高有效八位字节),用于指定剩余9个八位字节(ESI值)的格式。可使用以下六种ESI类型:
- Type 0 (T=0x00) - This type indicates an arbitrary 9-octet ESI value, which is managed and configured by the operator.
- 类型0(T=0x00)-此类型表示由操作员管理和配置的任意9个八位组的ESI值。
- Type 1 (T=0x01) - When IEEE 802.1AX LACP is used between the PEs and CEs, this ESI type indicates an auto-generated ESI value determined from LACP by concatenating the following parameters:
- 类型1(T=0x01)-当在PEs和CEs之间使用IEEE 802.1AX LACP时,此ESI类型表示通过连接以下参数从LACP确定的自动生成ESI值:
+ CE LACP System MAC address (6 octets). The CE LACP System MAC address MUST be encoded in the high-order 6 octets of the ESI Value field.
+ CE LACP系统MAC地址(6个八位字节)。CE LACP系统MAC地址必须编码在ESI值字段的高阶6个八位字节中。
+ CE LACP Port Key (2 octets). The CE LACP port key MUST be encoded in the 2 octets next to the System MAC address.
+ CE LACP端口密钥(2个八位字节)。CE LACP端口密钥必须在系统MAC地址旁边的2个八位字节中编码。
+ The remaining octet will be set to 0x00.
+ 剩余的八位字节将设置为0x00。
As far as the CE is concerned, it would treat the multiple PEs that it is connected to as the same switch. This allows the CE to aggregate links that are attached to different PEs in the same bundle.
就CE而言,它将其连接的多个PE视为同一个交换机。这允许CE聚合连接到同一捆绑包中不同PE的链接。
This mechanism could be used only if it produces ESIs that satisfy the uniqueness requirement specified above.
只有当生成满足上述唯一性要求的ESI时,才能使用此机制。
- Type 2 (T=0x02) - This type is used in the case of indirectly connected hosts via a bridged LAN between the CEs and the PEs. The ESI Value is auto-generated and determined based on the Layer 2 bridge protocol as follows: If the Multiple Spanning Tree Protocol (MSTP) is used in the bridged LAN, then the value of the ESI is derived by listening to Bridge PDUs (BPDUs) on the Ethernet segment. To achieve this, the PE is not required to run MSTP. However, the PE must learn the Root Bridge MAC address and Bridge Priority of the root of the Internal Spanning Tree (IST) by listening to the BPDUs. The ESI Value is constructed as follows:
- 类型2(T=0x02)-此类型用于通过CEs和PEs之间的桥接LAN间接连接主机的情况。ESI值是根据第2层网桥协议自动生成和确定的,如下所示:如果在桥接LAN中使用多生成树协议(MSTP),则ESI值是通过侦听以太网段上的网桥PDU(BPDU)得出的。为了实现这一点,PE不需要运行MSTP。但是,PE必须通过侦听BPDU来了解内部生成树(IST)根的根网桥MAC地址和网桥优先级。ESI值的构造如下所示:
+ Root Bridge MAC address (6 octets). The Root Bridge MAC address MUST be encoded in the high-order 6 octets of the ESI Value field.
+ 根网桥MAC地址(6个八位字节)。根网桥MAC地址必须编码为ESI值字段的高阶6个八位字节。
+ Root Bridge Priority (2 octets). The CE Root Bridge Priority MUST be encoded in the 2 octets next to the Root Bridge MAC address.
+ 根网桥优先级(2个八位字节)。CE根网桥优先级必须编码在根网桥MAC地址旁边的2个八位字节中。
+ The remaining octet will be set to 0x00.
+ 剩余的八位字节将设置为0x00。
This mechanism could be used only if it produces ESIs that satisfy the uniqueness requirement specified above.
只有当生成满足上述唯一性要求的ESI时,才能使用此机制。
- Type 3 (T=0x03) - This type indicates a MAC-based ESI Value that can be auto-generated or configured by the operator. The ESI Value is constructed as follows:
- 类型3(T=0x03)-此类型表示可由操作员自动生成或配置的基于MAC的ESI值。ESI值的构造如下所示:
+ System MAC address (6 octets). The PE MAC address MUST be encoded in the high-order 6 octets of the ESI Value field.
+ 系统MAC地址(6个八位字节)。PE MAC地址必须编码在ESI值字段的高阶6个八位字节中。
+ Local Discriminator value (3 octets). The Local Discriminator value MUST be encoded in the low-order 3 octets of the ESI Value.
+ 本地鉴别器值(3个八位字节)。本地鉴别器值必须以ESI值的低位3个八位字节进行编码。
This mechanism could be used only if it produces ESIs that satisfy the uniqueness requirement specified above.
只有当生成满足上述唯一性要求的ESI时,才能使用此机制。
- Type 4 (T=0x04) - This type indicates a router-ID ESI Value that can be auto-generated or configured by the operator. The ESI Value is constructed as follows:
- 类型4(T=0x04)-此类型表示可由操作员自动生成或配置的路由器ID ESI值。ESI值的构造如下所示:
+ Router ID (4 octets). The system router ID MUST be encoded in the high-order 4 octets of the ESI Value field.
+ 路由器ID(4个八位字节)。系统路由器ID必须编码在ESI值字段的高阶4个八位字节中。
+ Local Discriminator value (4 octets). The Local Discriminator value MUST be encoded in the 4 octets next to the IP address.
+ 本地鉴别器值(4个八位字节)。本地鉴别器值必须编码在IP地址旁边的4个八位字节中。
+ The low-order octet of the ESI Value will be set to 0x00.
+ ESI值的低位八位字节将设置为0x00。
This mechanism could be used only if it produces ESIs that satisfy the uniqueness requirement specified above.
只有当生成满足上述唯一性要求的ESI时,才能使用此机制。
- Type 5 (T=0x05) - This type indicates an Autonomous System (AS)-based ESI Value that can be auto-generated or configured by the operator. The ESI Value is constructed as follows:
- 类型5(T=0x05)-此类型表示基于自主系统(AS)的ESI值,可由操作员自动生成或配置。ESI值的构造如下所示:
+ AS number (4 octets). This is an AS number owned by the system and MUST be encoded in the high-order 4 octets of the ESI Value field. If a 2-octet AS number is used, the high-order extra 2 octets will be 0x0000.
+ 作为数字(4个八位字节)。这是系统拥有的AS编号,必须编码在ESI值字段的高阶4个八位字节中。如果使用2个八位字节作为数字,则高阶额外的2个八位字节将为0x0000。
+ Local Discriminator value (4 octets). The Local Discriminator value MUST be encoded in the 4 octets next to the AS number.
+ 本地鉴别器值(4个八位字节)。本地鉴别器值必须在AS编号旁边的4个八位字节中编码。
+ The low-order octet of the ESI Value will be set to 0x00.
+ ESI值的低位八位字节将设置为0x00。
This mechanism could be used only if it produces ESIs that satisfy the uniqueness requirement specified above.
只有当生成满足上述唯一性要求的ESI时,才能使用此机制。
An Ethernet Tag ID is a 32-bit field containing either a 12-bit or 24-bit identifier that identifies a particular broadcast domain (e.g., a VLAN) in an EVPN instance. The 12-bit identifier is called the VLAN ID (VID). An EVPN instance consists of one or more broadcast domains (one or more VLANs). VLANs are assigned to a given EVPN instance by the provider of the EVPN service. A given VLAN can itself be represented by multiple VIDs. In such cases, the PEs participating in that VLAN for a given EVPN instance are responsible for performing VLAN ID translation to/from locally attached CE devices.
以太网标签ID是一个32位字段,包含12位或24位标识符,用于标识EVPN实例中的特定广播域(例如VLAN)。12位标识符称为VLAN ID(VID)。EVPN实例由一个或多个广播域(一个或多个VLAN)组成。VLAN由EVPN服务的提供者分配给给定的EVPN实例。给定的VLAN本身可以由多个VID表示。在这种情况下,参与给定EVPN实例的该VLAN的PE负责执行与本地连接的CE设备之间的VLAN ID转换。
If a VLAN is represented by a single VID across all PE devices participating in that VLAN for that EVPN instance, then there is no need for VID translation at the PEs. Furthermore, some deployment scenarios guarantee uniqueness of VIDs across all EVPN instances; all points of attachment for a given EVPN instance use the same VID, and no other EVPN instances use that VID. This allows the RT(s) for each EVPN instance to be derived automatically from the corresponding VID, as described in Section 7.10.1.
如果VLAN由参与该EVPN实例的VLAN的所有PE设备上的单个VID表示,则不需要在PEs处进行VID转换。此外,一些部署场景保证了VID在所有EVPN实例中的唯一性;给定EVPN实例的所有连接点都使用相同的VID,其他EVPN实例都不使用该VID。如第7.10.1节所述,这使得每个EVPN实例的RT可以从相应的VID自动导出。
The following subsections discuss the relationship between broadcast domains (e.g., VLANs), Ethernet Tag IDs (e.g., VIDs), and MAC-VRFs as well as the setting of the Ethernet Tag ID, in the various EVPN BGP routes (defined in Section 8), for the different types of service interfaces described in [RFC7209].
以下小节讨论广播域(例如VLAN)、以太网标签ID(例如VID)和MAC VRF之间的关系,以及[RFC7209]中所述不同类型服务接口的各种EVPN BGP路由(第8节中定义)中以太网标签ID的设置。
The following Ethernet Tag ID value is reserved:
保留以下以太网标记ID值:
- Ethernet Tag ID {0xFFFFFFFF} is known as MAX-ET.
- 以太网标记ID{0xFFFFFFFF}称为MAX-ET。
With this service interface, an EVPN instance consists of only a single broadcast domain (e.g., a single VLAN). Therefore, there is a one-to-one mapping between a VID on this interface and a MAC-VRF. Since a MAC-VRF corresponds to a single VLAN, it consists of a single bridge table corresponding to that VLAN. If the VLAN is represented by multiple VIDs (e.g., a different VID per Ethernet segment per PE), then each PE needs to perform VID translation for frames destined to its Ethernet segment(s). In such scenarios, the Ethernet frames transported over an MPLS/IP network SHOULD remain tagged with the originating VID, and a VID translation MUST be supported in the data path and MUST be performed on the disposition PE. The Ethernet Tag ID in all EVPN routes MUST be set to 0.
使用此服务接口,EVPN实例仅由单个广播域(例如,单个VLAN)组成。因此,该接口上的VID与MAC-VRF之间存在一对一映射。由于MAC-VRF对应于单个VLAN,因此它由对应于该VLAN的单个网桥表组成。如果VLAN由多个VID表示(例如,每个PE的每个以太网段具有不同的VID),则每个PE需要对发送到其以太网段的帧执行VID转换。在这种情况下,通过MPLS/IP网络传输的以太网帧应保持与原始VID的标记,并且必须在数据路径中支持VID转换,并且必须在PE上执行。所有EVPN路由中的以太网标记ID必须设置为0。
With this service interface, an EVPN instance corresponds to multiple broadcast domains (e.g., multiple VLANs); however, only a single bridge table is maintained per MAC-VRF, which means multiple VLANs share the same bridge table. This implies that MAC addresses MUST be unique across all VLANs for that EVI in order for this service to work. In other words, there is a many-to-one mapping between VLANs and a MAC-VRF, and the MAC-VRF consists of a single bridge table. Furthermore, a single VLAN must be represented by a single VID -- e.g., no VID translation is allowed for this service interface type. The MPLS-encapsulated frames MUST remain tagged with the originating VID. Tag translation is NOT permitted. The Ethernet Tag ID in all EVPN routes MUST be set to 0.
通过该服务接口,EVPN实例对应于多个广播域(例如,多个VLAN);但是,每个MAC-VRF只维护一个网桥表,这意味着多个VLAN共享同一个网桥表。这意味着该EVI的MAC地址必须在所有VLAN中都是唯一的,这样该服务才能工作。换句话说,VLAN和MAC-VRF之间存在多对一映射,MAC-VRF由一个网桥表组成。此外,单个VLAN必须由单个VID表示——例如,此服务接口类型不允许进行VID转换。MPLS封装的帧必须保留原始视频的标签。标签翻译是不允许的。所有EVPN路由中的以太网标记ID必须设置为0。
This service interface is a special case of the VLAN bundle service interface, where all of the VLANs on the port are part of the same service and map to the same bundle. The procedures are identical to those described in Section 6.2.
此服务接口是VLAN捆绑包服务接口的特例,其中端口上的所有VLAN都是同一服务的一部分,并映射到同一捆绑包。程序与第6.2节所述程序相同。
With this service interface, an EVPN instance consists of multiple broadcast domains (e.g., multiple VLANs) with each VLAN having its own bridge table -- i.e., multiple bridge tables (one per VLAN) are maintained by a single MAC-VRF corresponding to the EVPN instance.
使用此服务接口,EVPN实例由多个广播域(例如,多个VLAN)组成,每个VLAN都有自己的网桥表——即,多个网桥表(每个VLAN一个)由对应于EVPN实例的单个MAC-VRF维护。
Broadcast, unknown unicast, or multicast (BUM) traffic is sent only to the CEs in a given broadcast domain; however, the broadcast domains within an EVI either MAY each have their own P-Tunnel or MAY share P-Tunnels -- e.g., all of the broadcast domains in an EVI MAY share a single P-Tunnel.
广播、未知单播或多播(BUM)流量仅发送到给定广播域中的CEs;然而,EVI中的广播域可以各自具有其自己的P隧道,或者可以共享P隧道——例如,EVI中的所有广播域可以共享单个P隧道。
In the case where a single VLAN is represented by a single VID and thus no VID translation is required, an MPLS-encapsulated packet MUST carry that VID. The Ethernet Tag ID in all EVPN routes MUST be set to that VID. The advertising PE MAY advertise the MPLS Label1 in the MAC/IP Advertisement route representing ONLY the EVI or representing both the Ethernet Tag ID and the EVI. This decision is only a local matter by the advertising PE (which is also the disposition PE) and doesn't affect any other PEs.
在单个VLAN由单个VID表示,因此不需要VID转换的情况下,MPLS封装的数据包必须携带该VID。所有EVPN路由中的以太网标签ID必须设置为该VID。广告PE可以在仅表示EVI或同时表示以太网标签ID和EVI的MAC/IP广告路由中广告MPLS标签1。该决定仅为广告PE(也是处置PE)的本地事宜,不影响任何其他PE。
In the case where a single VLAN is represented by different VIDs on different CEs and thus VID translation is required, a normalized Ethernet Tag ID (VID) MUST be carried in the EVPN BGP routes. Furthermore, the advertising PE advertises the MPLS Label1 in the MAC/IP Advertisement route representing both the Ethernet Tag ID and the EVI, so that upon receiving an MPLS-encapsulated packet, it can identify the corresponding bridge table from the MPLS EVPN label and perform Ethernet Tag ID translation ONLY at the disposition PE -- i.e., the Ethernet frames transported over the MPLS/IP network MUST remain tagged with the originating VID, and VID translation is performed on the disposition PE. The Ethernet Tag ID in all EVPN routes MUST be set to the normalized Ethernet Tag ID assigned by the EVPN provider.
如果单个VLAN由不同CE上的不同VID表示,因此需要进行VID转换,则必须在EVPN BGP路由中携带规范化以太网标签ID(VID)。此外,广告PE在表示以太网标签ID和EVI两者的MAC/IP广告路由中广告MPLS标签1,以便在接收到MPLS封装的分组时,它能够从MPLS EVPN标签识别相应的桥接表,并且仅在配置PE处执行以太网标签ID转换——即。,通过MPLS/IP网络传输的以太网帧必须保留原始VID的标签,并且在PE上执行VID转换。所有EVPN路由中的以太网标签ID必须设置为EVPN提供商分配的规范化以太网标签ID。
This service interface is a special case of the VLAN-aware bundle service interface, where all of the VLANs on the port are part of the same service and are mapped to a single bundle but without any VID translation. The procedures are a subset of those described in Section 6.3.
此服务接口是支持VLAN的捆绑服务接口的特例,其中端口上的所有VLAN都是同一服务的一部分,并映射到单个捆绑,但没有任何VID转换。这些程序是第6.3节所述程序的子集。
This document defines a new BGP Network Layer Reachability Information (NLRI) called the EVPN NLRI.
本文档定义了一个新的BGP网络层可达性信息(NLRI),称为EVPN NLRI。
The format of the EVPN NLRI is as follows:
EVPN NLRI的格式如下:
+-----------------------------------+
| Route Type (1 octet) |
+-----------------------------------+
| Length (1 octet) |
+-----------------------------------+
| Route Type specific (variable) |
+-----------------------------------+
+-----------------------------------+
| Route Type (1 octet) |
+-----------------------------------+
| Length (1 octet) |
+-----------------------------------+
| Route Type specific (variable) |
+-----------------------------------+
The Route Type field defines the encoding of the rest of the EVPN NLRI (Route Type specific EVPN NLRI).
Route Type字段定义其余EVPN NLRI(路由类型特定的EVPN NLRI)的编码。
The Length field indicates the length in octets of the Route Type specific field of the EVPN NLRI.
长度字段表示EVPN NLRI的路由类型特定字段的长度(以八位字节为单位)。
This document defines the following Route Types:
本文件定义了以下路线类型:
+ 1 - Ethernet Auto-Discovery (A-D) route
+ 2 - MAC/IP Advertisement route
+ 3 - Inclusive Multicast Ethernet Tag route
+ 4 - Ethernet Segment route
+ 1 - Ethernet Auto-Discovery (A-D) route
+ 2 - MAC/IP Advertisement route
+ 3 - Inclusive Multicast Ethernet Tag route
+ 4 - Ethernet Segment route
The detailed encoding and procedures for these route types are described in subsequent sections.
这些路线类型的详细编码和程序将在后续章节中描述。
The EVPN NLRI is carried in BGP [RFC4271] using BGP Multiprotocol Extensions [RFC4760] with an Address Family Identifier (AFI) of 25 (L2VPN) and a Subsequent Address Family Identifier (SAFI) of 70 (EVPN). The NLRI field in the MP_REACH_NLRI/MP_UNREACH_NLRI attribute contains the EVPN NLRI (encoded as specified above).
EVPN NLRI在BGP[RFC4271]中使用BGP多协议扩展[RFC4760],地址族标识符(AFI)为25(L2VPN),后续地址族标识符(SAFI)为70(EVPN)。MP_REACH_NLRI/MP_UNREACH_NLRI属性中的NLRI字段包含EVPN NLRI(编码如上所述)。
In order for two BGP speakers to exchange labeled EVPN NLRI, they must use BGP Capabilities Advertisements to ensure that they both are capable of properly processing such NLRI. This is done as specified in [RFC4760], by using capability code 1 (multiprotocol BGP) with an AFI of 25 (L2VPN) and a SAFI of 70 (EVPN).
为了让两个BGP扬声器交换带标签的EVPN NLRI,他们必须使用BGP功能广告,以确保他们都能够正确处理此类NLRI。这是按照[RFC4760]中的规定,通过使用AFI为25(L2VPN)和SAFI为70(EVPN)的能力代码1(多协议BGP)实现的。
An Ethernet A-D route type specific EVPN NLRI consists of the following:
以太网A-D路由类型特定的EVPN NLRI由以下部分组成:
+---------------------------------------+
| Route Distinguisher (RD) (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MPLS Label (3 octets) |
+---------------------------------------+
+---------------------------------------+
| Route Distinguisher (RD) (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MPLS Label (3 octets) |
+---------------------------------------+
For the purpose of BGP route key processing, only the Ethernet Segment Identifier and the Ethernet Tag ID are considered to be part of the prefix in the NLRI. The MPLS Label field is to be treated as a route attribute as opposed to being part of the route.
出于BGP路由密钥处理的目的,只有以太网段标识符和以太网标签ID被视为NLRI中前缀的一部分。MPLS标签字段将被视为路由属性,而不是路由的一部分。
For procedures and usage of this route, please see Sections 8.2 ("Fast Convergence") and 8.4 ("Aliasing and Backup Path").
有关此路径的程序和用法,请参见第8.2节(“快速收敛”)和第8.4节(“别名和备份路径”)。
A MAC/IP Advertisement route type specific EVPN NLRI consists of the following:
MAC/IP播发路由类型特定的EVPN NLRI由以下部分组成:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MAC Address Length (1 octet) |
+---------------------------------------+
| MAC Address (6 octets) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| IP Address (0, 4, or 16 octets) |
+---------------------------------------+
| MPLS Label1 (3 octets) |
+---------------------------------------+
| MPLS Label2 (0 or 3 octets) |
+---------------------------------------+
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| MAC Address Length (1 octet) |
+---------------------------------------+
| MAC Address (6 octets) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| IP Address (0, 4, or 16 octets) |
+---------------------------------------+
| MPLS Label1 (3 octets) |
+---------------------------------------+
| MPLS Label2 (0 or 3 octets) |
+---------------------------------------+
For the purpose of BGP route key processing, only the Ethernet Tag ID, MAC Address Length, MAC Address, IP Address Length, and IP Address fields are considered to be part of the prefix in the NLRI. The Ethernet Segment Identifier, MPLS Label1, and MPLS Label2 fields are to be treated as route attributes as opposed to being part of the "route". Both the IP and MAC address lengths are in bits.
出于BGP路由密钥处理的目的,只有以太网标签ID、MAC地址长度、MAC地址、IP地址长度和IP地址字段被视为NLRI中前缀的一部分。以太网段标识符、MPLS Label1和MPLS Label2字段将被视为路由属性,而不是“路由”的一部分。IP和MAC地址长度均以位为单位。
For procedures and usage of this route, please see Sections 9 ("Determining Reachability to Unicast MAC Addresses") and 14 ("Load Balancing of Unicast Packets").
有关此路由的程序和用法,请参见第9节(“确定单播MAC地址的可达性”)和第14节(“单播数据包的负载平衡”)。
An Inclusive Multicast Ethernet Tag route type specific EVPN NLRI consists of the following:
包含多播以太网标记路由类型特定的EVPN NLRI由以下部分组成:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| Originating Router's IP Address |
| (4 or 16 octets) |
+---------------------------------------+
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
| Ethernet Tag ID (4 octets) |
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| Originating Router's IP Address |
| (4 or 16 octets) |
+---------------------------------------+
For procedures and usage of this route, please see Sections 11 ("Handling of Multi-destination Traffic"), 12 ("Processing of Unknown Unicast Packets"), and 16 ("Multicast and Broadcast"). The IP address length is in bits. For the purpose of BGP route key processing, only the Ethernet Tag ID, IP Address Length, and Originating Router's IP Address fields are considered to be part of the prefix in the NLRI.
有关此路由的程序和用法,请参见第11节(“多目的地流量的处理”)、第12节(“未知单播数据包的处理”)和第16节(“多播和广播”)。IP地址长度以位为单位。出于BGP路由密钥处理的目的,只有以太网标签ID、IP地址长度和原始路由器的IP地址字段被视为NLRI中前缀的一部分。
An Ethernet Segment route type specific EVPN NLRI consists of the following:
特定于以太网段路由类型的EVPN NLRI由以下部分组成:
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| Originating Router's IP Address |
| (4 or 16 octets) |
+---------------------------------------+
+---------------------------------------+
| RD (8 octets) |
+---------------------------------------+
|Ethernet Segment Identifier (10 octets)|
+---------------------------------------+
| IP Address Length (1 octet) |
+---------------------------------------+
| Originating Router's IP Address |
| (4 or 16 octets) |
+---------------------------------------+
For procedures and usage of this route, please see Section 8.5 ("Designated Forwarder Election"). The IP address length is in bits. For the purpose of BGP route key processing, only the Ethernet Segment ID, IP Address Length, and Originating Router's IP Address fields are considered to be part of the prefix in the NLRI.
有关本路线的程序和使用,请参见第8.5节(“指定货运代理选择”)。IP地址长度以位为单位。对于BGP路由密钥处理,只有以太网段ID、IP地址长度和原始路由器的IP地址字段被视为NLRI中前缀的一部分。
This Extended Community is a new transitive Extended Community having a Type field value of 0x06 and the Sub-Type 0x01. It may be advertised along with Ethernet Auto-discovery routes, and it enables split-horizon procedures for multihomed sites as described in Section 8.3 ("Split Horizon"). The ESI Label field represents an ES by the advertising PE, and it is used in split-horizon filtering by other PEs that are connected to the same multihomed Ethernet segment.
此扩展社区是一个新的可传递扩展社区,其类型字段值为0x06,子类型为0x01。它可能会与以太网自动发现路由一起发布,并为多址站点启用拆分地平线程序,如第8.3节(“拆分地平线”)所述。ESI标签字段表示广告PE的ES,它用于连接到同一多址以太网段的其他PE的拆分地平线过滤。
Each ESI Label extended community is encoded as an 8-octet value, as follows:
每个ESI标签扩展社区编码为8个八位组值,如下所示:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x01 | Flags(1 octet)| Reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved=0 | ESI Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x01 | Flags(1 octet)| Reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved=0 | ESI Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The low-order bit of the Flags octet is defined as the "Single-Active" bit. A value of 0 means that the multihomed site is operating in All-Active redundancy mode, and a value of 1 means that the multihomed site is operating in Single-Active redundancy mode.
标志八位字节的低位被定义为“单个活动”位。值0表示多宿站点在所有活动冗余模式下运行,值1表示多宿站点在单个活动冗余模式下运行。
This is a new transitive Route Target extended community carried with the Ethernet Segment route. When used, it enables all the PEs connected to the same multihomed site to import the Ethernet Segment routes. The value is derived automatically for the ESI Types 1, 2, and 3, by encoding the high-order 6-octet portion of the 9-octet ESI Value, which corresponds to a MAC address, in the ES-Import Route Target. The format of this Extended Community is as follows:
这是一种新的过渡路由,目标是扩展社区,与以太网段路由一起提供。使用时,它使连接到同一多址站点的所有PE能够导入以太网段路由。对于ESI类型1、2和3,通过编码ES导入路由目标中9个八位组ESI值(对应于MAC地址)的高阶6个八位组部分,自动导出该值。该扩展社区的格式如下:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x02 | ES-Import |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ES-Import Cont'd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x02 | ES-Import |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ES-Import Cont'd |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
This document expands the definition of the Route Target extended community to allow the value of the high-order octet (Type field) to be 0x06 (in addition to the values specified in [RFC4360]). The low-order octet (Sub-Type field) value 0x02 indicates that this Extended Community is of type "Route Target". The new Type field value 0x06 indicates that the structure of this RT is a 6-octet value (e.g., a MAC address). A BGP speaker that implements RT Constraint [RFC4684] MUST apply the RT Constraint procedures to the ES-Import RT as well.
本文档扩展了路由目标扩展社区的定义,以允许高阶八位组(类型字段)的值为0x06(除了[RFC4360]中指定的值之外)。低阶八位组(子类型字段)值0x02表示此扩展社区的类型为“路由目标”。新类型字段值0x06表示此RT的结构为6个八位组的值(例如MAC地址)。实现RT约束[RFC4684]的BGP扬声器也必须将RT约束过程应用于ES导入RT。
For procedures and usage of this attribute, please see Section 8.1 ("Multihomed Ethernet Segment Auto-discovery").
有关此属性的过程和用法,请参阅第8.1节(“多址以太网段自动发现”)。
This Extended Community is a new transitive Extended Community having a Type field value of 0x06 and the Sub-Type 0x00. It may be advertised along with MAC/IP Advertisement routes. The procedures for using this Extended Community are described in Section 15 ("MAC Mobility").
此扩展社区是一个新的可传递扩展社区,其类型字段值为0x06,子类型为0x00。它可以与MAC/IP广告路由一起进行广告。第15节(“MAC移动性”)描述了使用该扩展社区的程序。
The MAC Mobility extended community is encoded as an 8-octet value, as follows:
MAC移动性扩展社区编码为8个八位组值,如下所示:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x00 |Flags(1 octet)| Reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type=0x06 | Sub-Type=0x00 |Flags(1 octet)| Reserved=0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The low-order bit of the Flags octet is defined as the "Sticky/static" flag and may be set to 1. A value of 1 means that the MAC address is static and cannot move. The sequence number is used to ensure that PEs retain the correct MAC/IP Advertisement route when multiple updates occur for the same MAC address.
标志八位字节的低位被定义为“粘性/静态”标志,可设置为1。值为1表示MAC地址是静态的,不能移动。序列号用于确保当同一MAC地址发生多个更新时,PEs保留正确的MAC/IP播发路由。
The Default Gateway community is an Extended Community of an Opaque Type (see Section 3.3 of [RFC4360]). It is a transitive community, which means that the first octet is 0x03. The value of the second octet (Sub-Type) is 0x0d (Default Gateway) as assigned by IANA. The Value field of this community is reserved (set to 0 by the senders, ignored by the receivers). For procedures and usage of this attribute, please see Section 10.1 ("Default Gateway").
默认网关社区是不透明类型的扩展社区(见[RFC4360]第3.3节)。它是一个可传递的社区,这意味着第一个八位组是0x03。第二个八位字节(子类型)的值是由IANA分配的0x0d(默认网关)。此社区的值字段是保留的(发送方设置为0,接收方忽略)。有关此属性的过程和用法,请参阅第10.1节(“默认网关”)。
The Route Distinguisher (RD) MUST be set to the RD of the MAC-VRF that is advertising the NLRI. An RD MUST be assigned for a given MAC-VRF on a PE. This RD MUST be unique across all MAC-VRFs on a PE. It is RECOMMENDED to use the Type 1 RD [RFC4364]. The value field comprises an IP address of the PE (typically, the loopback address) followed by a number unique to the PE. This number may be generated by the PE. Or, in the Unique VLAN EVPN case, the low-order 12 bits may be the 12-bit VLAN ID, with the remaining high-order 4 bits set to 0.
路由识别器(RD)必须设置为正在宣传NLRI的MAC-VRF的RD。必须为PE上的给定MAC-VRF分配RD。此RD在PE上的所有MAC VRF中必须是唯一的。建议使用类型1 RD[RFC4364]。值字段包括PE的IP地址(通常为环回地址),后跟PE特有的数字。该编号可由PE生成。或者,在唯一VLAN EVPN情况下,低阶12位可以是12位VLAN ID,其余高阶4位设置为0。
The EVPN route MAY carry one or more Route Target (RT) attributes. RTs may be configured (as in IP VPNs) or may be derived automatically.
EVPN路由可以携带一个或多个路由目标(RT)属性。RTs可以配置(如在IP VPN中),也可以自动派生。
If a PE uses RT Constraint, the PE advertises all such RTs using RT Constraints per [RFC4684]. The use of RT Constraints allows each EVPN route to reach only those PEs that are configured to import at least one RT from the set of RTs carried in the EVPN route.
如果PE使用RT约束,则PE根据[RFC4684]使用RT约束播发所有此类RT。RT约束的使用允许每个EVPN路由仅到达那些配置为从EVPN路由中携带的RTs集合导入至少一个RT的PE。
For the "Unique VLAN EVPN" scenario, it is highly desirable to auto-derive the RT from the Ethernet Tag ID (VLAN ID) for that EVPN instance. The procedure for performing such auto-derivation is as follows:
对于“唯一VLAN EVPN”场景,非常需要从该EVPN实例的以太网标记ID(VLAN ID)自动派生RT。执行此类自动推导的步骤如下所示:
+ The Global Administrator field of the RT MUST be set to the Autonomous System (AS) number with which the PE is associated.
+ RT的全局管理员字段必须设置为PE关联的自治系统(AS)编号。
+ The 12-bit VLAN ID MUST be encoded in the lowest 12 bits of the Local Administrator field, with the remaining bits set to zero.
+ 12位VLAN ID必须在本地管理员字段的最低12位编码,其余位设置为零。
This section discusses the functions, procedures, and associated BGP routes used to support multihoming in EVPN. This covers both multihomed device (MHD) and multihomed network (MHN) scenarios.
本节讨论用于支持EVPN中多宿的功能、过程和相关BGP路由。这包括多宿设备(MHD)和多宿网络(MHN)场景。
PEs connected to the same Ethernet segment can automatically discover each other with minimal to no configuration through the exchange of the Ethernet Segment route.
连接到同一以太网段的PEs可以通过交换以太网段路由自动发现彼此,只需最少或不需要配置。
The Route Distinguisher (RD) MUST be a Type 1 RD [RFC4364]. The value field comprises an IP address of the PE (typically, the loopback address) followed by a number unique to the PE.
路由识别器(RD)必须是类型1 RD[RFC4364]。值字段包括PE的IP地址(通常为环回地址),后跟PE特有的数字。
The Ethernet Segment Identifier (ESI) MUST be set to the 10-octet value described in Section 5.
以太网段标识符(ESI)必须设置为第5节中所述的10个八位字节的值。
The BGP advertisement that advertises the Ethernet Segment route MUST also carry an ES-Import Route Target, as defined in Section 7.6.
播发以太网段路由的BGP播发还必须携带ES导入路由目标,如第7.6节所定义。
The Ethernet Segment route filtering MUST be done such that the Ethernet Segment route is imported only by the PEs that are multihomed to the same Ethernet segment. To that end, each PE that is connected to a particular Ethernet segment constructs an import filtering rule to import a route that carries the ES-Import Route Target, constructed from the ESI.
必须进行以太网段路由过滤,以便以太网段路由仅由多址到同一以太网段的PE导入。为此,连接到特定以太网段的每个PE构建导入过滤规则,以导入承载ES导入路由目标的路由,该目标由ESI构建。
In EVPN, MAC address reachability is learned via the BGP control plane over the MPLS network. As such, in the absence of any fast protection mechanism, the network convergence time is a function of the number of MAC/IP Advertisement routes that must be withdrawn by the PE encountering a failure. For highly scaled environments, this scheme yields slow convergence.
在EVPN中,MAC地址可达性通过MPLS网络上的BGP控制平面来学习。因此,在没有任何快速保护机制的情况下,网络收敛时间是遇到故障的PE必须撤回的MAC/IP广告路由的数量的函数。对于大规模环境,该方案收敛速度较慢。
To alleviate this, EVPN defines a mechanism to efficiently and quickly signal, to remote PE nodes, the need to update their forwarding tables upon the occurrence of a failure in connectivity to an Ethernet segment. This is done by having each PE advertise a set of one or more Ethernet A-D per ES routes for each locally attached Ethernet segment (refer to Section 8.2.1 below for details on how these routes are constructed). A PE may need to advertise more than one Ethernet A-D per ES route for a given ES because the ES may be in a multiplicity of EVIs and the RTs for all of these EVIs may not fit into a single route. Advertising a set of Ethernet A-D per ES routes for the ES allows each route to contain a subset of the complete set of RTs. Each Ethernet A-D per ES route is differentiated from the other routes in the set by a different Route Distinguisher (RD).
为了缓解这种情况,EVPN定义了一种机制,用于在与以太网段的连接出现故障时,高效、快速地向远程PE节点发送更新其转发表的需要的信号。这是通过让每个PE为每个本地连接的以太网段发布一组一个或多个以太网a-D-per ES路由来实现的(关于这些路由的构造方式,请参阅下面的第8.2.1节)。对于给定的ES,PE可能需要为每个ES路由播发多个以太网A-D,因为ES可能位于多个evi中,并且所有这些evi的RTs可能不适合于单个路由。为ES发布一组以太网a-D per ES路由允许每条路由包含完整RTs集的子集。每个ES路由的每个以太网A-D通过不同的路由区分器(RD)与集合中的其他路由区分开来。
Upon a failure in connectivity to the attached segment, the PE withdraws the corresponding set of Ethernet A-D per ES routes. This triggers all PEs that receive the withdrawal to update their next-hop adjacencies for all MAC addresses associated with the Ethernet segment in question. If no other PE had advertised an Ethernet A-D route for the same segment, then the PE that received the withdrawal simply invalidates the MAC entries for that segment. Otherwise, the PE updates its next-hop adjacencies accordingly.
当连接到连接段的连接出现故障时,PE根据ES路由撤回相应的一组以太网a-D。这将触发所有接收到撤回的PE,以更新与所讨论的以太网段相关联的所有MAC地址的下一跳邻接。如果没有其他PE为同一网段播发以太网A-D路由,则接收撤回的PE将使该网段的MAC条目无效。否则,PE将相应地更新其下一跳邻接。
This section describes the procedures used to construct the Ethernet A-D per ES route, which is used for fast convergence (as discussed above) and for advertising the ESI label used for split-horizon filtering (as discussed in Section 8.3). Support of this route is REQUIRED.
本节描述了用于构建每个ES路由的以太网A-D的过程,该过程用于快速收敛(如上所述)和用于宣传用于分割地平线过滤的ESI标签(如第8.3节所述)。这条路线需要支持。
The Route Distinguisher (RD) MUST be a Type 1 RD [RFC4364]. The value field comprises an IP address of the PE (typically, the loopback address) followed by a number unique to the PE.
路由识别器(RD)必须是类型1 RD[RFC4364]。值字段包括PE的IP地址(通常为环回地址),后跟PE特有的数字。
The Ethernet Segment Identifier MUST be a 10-octet entity as described in Section 5 ("Ethernet Segment"). The Ethernet A-D route is not needed when the Segment Identifier is set to 0 (e.g., single-homed scenarios).
以太网段标识符必须是第5节(“以太网段”)中所述的10个八位字节实体。当段标识符设置为0时(例如,单宿场景),不需要以太网A-D路由。
The Ethernet Tag ID MUST be set to MAX-ET.
以太网标签ID必须设置为MAX-ET。
The MPLS label in the NLRI MUST be set to 0.
NLRI中的MPLS标签必须设置为0。
The ESI Label extended community MUST be included in the route. If All-Active redundancy mode is desired, then the "Single-Active" bit in the flags of the ESI Label extended community MUST be set to 0 and the MPLS label in that Extended Community MUST be set to a valid MPLS label value. The MPLS label in this Extended Community is referred to as the ESI label and MUST have the same value in each Ethernet A-D per ES route advertised for the ES. This label MUST be a downstream assigned MPLS label if the advertising PE is using ingress replication for receiving multicast, broadcast, or unknown unicast traffic from other PEs. If the advertising PE is using P2MP MPLS LSPs for sending multicast, broadcast, or unknown unicast traffic, then this label MUST be an upstream assigned MPLS label. The usage of this label is described in Section 8.3.
ESI标签扩展社区必须包含在路由中。如果需要所有活动冗余模式,则ESI标签扩展社区标志中的“单个活动”位必须设置为0,且该扩展社区中的MPLS标签必须设置为有效的MPLS标签值。此扩展社区中的MPLS标签称为ESI标签,并且在每个为ES播发的ES路由的以太网A-D中必须具有相同的值。如果广告PE使用入口复制从其他PE接收多播、广播或未知单播流量,则此标签必须是下游分配的MPLS标签。如果广告PE使用P2MP MPLS LSP发送多播、广播或未知单播流量,则此标签必须是上游分配的MPLS标签。第8.3节介绍了该标签的用法。
If Single-Active redundancy mode is desired, then the "Single-Active" bit in the flags of the ESI Label extended community MUST be set to 1 and the ESI label SHOULD be set to a valid MPLS label value.
如果需要单活动冗余模式,则ESI标签扩展社区标志中的“单活动”位必须设置为1,并且ESI标签应设置为有效的MPLS标签值。
Each Ethernet A-D per ES route MUST carry one or more Route Target (RT) attributes. The set of Ethernet A-D routes per ES MUST carry the entire set of RTs for all the EVPN instances to which the Ethernet segment belongs.
每个ES路由的每个以太网A-D必须携带一个或多个路由目标(RT)属性。每个ES的以太网A-D路由集必须承载以太网段所属的所有EVPN实例的整个RTs集。
Consider a CE that is multihomed to two or more PEs on an Ethernet segment ES1 operating in All-Active redundancy mode. If the CE sends a broadcast, unknown unicast, or multicast (BUM) packet to one of the non-Designated Forwarder (non-DF) PEs, say PE1, then PE1 will forward that packet to all or a subset of the other PEs in that EVPN instance, including the DF PE for that Ethernet segment. In this case, the DF PE to which the CE is multihomed MUST drop the packet and not forward back to the CE. This filtering is referred to as "split-horizon filtering" in this document.
考虑在多个有源冗余模式下工作的以太网段ES1上多个归属于两个或多个PES的CE。如果CE将广播、未知单播或多播(BUM)分组发送到非指定转发器(非DF)PE之一,例如PE1,则PE1将该分组转发到该EVPN实例中的所有或其他PE的子集,包括该以太网段的DF PE。在这种情况下,CE被多址到的DF PE必须丢弃数据包,而不是转发回CE。该过滤在本文档中称为“分割地平线过滤”。
When a set of PEs are operating in Single-Active redundancy mode, the use of this split-horizon filtering mechanism is highly recommended because it prevents transient loops at the time of failure or recovery that would impact the Ethernet segment -- e.g., when two PEs think that both are DFs for that segment before the DF election procedure settles down.
当一组PEs在单一主动冗余模式下运行时,强烈建议使用这种分割地平线过滤机制,因为它可以防止在故障或恢复时出现可能影响以太网段的瞬态环路,例如。,在DF选举程序确定之前,两个PE认为这两个部门都是DF。
In order to achieve this split-horizon function, every BUM packet originating from a non-DF PE is encapsulated with an MPLS label that identifies the Ethernet segment of origin (i.e., the segment from which the frame entered the EVPN network). This label is referred to as the ESI label and MUST be distributed by all PEs when operating in All-Active redundancy mode using a set of Ethernet A-D per ES routes, per Section 8.2.1 above. The ESI label SHOULD be distributed by all PEs when operating in Single-Active redundancy mode using a set of Ethernet A-D per ES routes. These routes are imported by the PEs connected to the Ethernet segment and also by the PEs that have at least one EVPN instance in common with the Ethernet segment in the route. As described in Section 8.1.1, the route MUST carry an ESI Label extended community with a valid ESI label. The disposition PE relies on the value of the ESI label to determine whether or not a BUM frame is allowed to egress a specific Ethernet segment.
为了实现该分割地平线功能,来自非DF PE的每个BUM数据包都用MPLS标签封装,该标签标识源以太网段(即帧从中进入EVPN网络的段)。该标签被称为ESI标签,根据上述第8.2.1节,在所有主动冗余模式下运行时,必须由所有PEs根据ES路由使用一组以太网a-D分发。当使用一组以太网a-D per ES路由在单一主动冗余模式下运行时,所有PEs应分发ESI标签。这些路由由连接到以太网段的PEs导入,也由至少有一个EVPN实例与路由中的以太网段相同的PEs导入。如第8.1.1节所述,路线必须带有带有有效ESI标签的ESI标签扩展社区。配置PE依赖于ESI标签的值来确定是否允许BUM帧离开特定以太网段。
The following subsections describe the assignment procedures for the ESI label, which differ depending on the type of tunnels being used to deliver multi-destination packets in the EVPN network.
以下小节描述了ESI标签的分配过程,根据用于在EVPN网络中传送多目标数据包的隧道类型的不同而有所不同。
Each PE that operates in All-Active or Single-Active redundancy mode and that uses ingress replication to receive BUM traffic advertises a downstream assigned ESI label in the set of Ethernet A-D per ES routes for its attached ES. This label MUST be programmed in the platform label space by the advertising PE, and the forwarding entry
在所有主动或单个主动冗余模式下运行并使用入口复制接收BUM流量的每个PE在以太网a-D per ES路由集中为其连接的ES播发下游分配的ESI标签。此标签必须由广告PE和转发条目在平台标签空间中编程
for this label must result in NOT forwarding packets received with this label onto the Ethernet segment for which the label was distributed.
因为此标签必须导致不将使用此标签接收的数据包转发到为其分发标签的以太网段。
The rules for the inclusion of the ESI label in a BUM packet by the ingress PE operating in All-Active redundancy mode are as follows:
在所有主动冗余模式下运行的入口PE在BUM数据包中包含ESI标签的规则如下:
- A non-DF ingress PE MUST include the ESI label distributed by the DF egress PE in the copy of a BUM packet sent to it.
- 非DF入口PE必须在发送给它的BUM数据包副本中包含DF出口PE分发的ESI标签。
- An ingress PE (DF or non-DF) SHOULD include the ESI label distributed by each non-DF egress PE in the copy of a BUM packet sent to it.
- 入口PE(DF或非DF)应在发送给它的BUM数据包副本中包含由每个非DF出口PE分发的ESI标签。
The rule for the inclusion of the ESI label in a BUM packet by the ingress PE operating in Single-Active redundancy mode is as follows:
在单一主动冗余模式下运行的入口PE在BUM数据包中包含ESI标签的规则如下:
- An ingress DF PE SHOULD include the ESI label distributed by the egress PE in the copy of a BUM packet sent to it.
- 入口DF PE应在发送给它的BUM数据包副本中包含由出口PE分发的ESI标签。
In both All-Active and Single-Active redundancy mode, an ingress PE MUST NOT include an ESI label in the copy of a BUM packet sent to an egress PE that is not attached to the ES through which the BUM packet entered the EVI.
在全主动和单主动冗余模式下,入口PE不得在发送到出口PE的BUM数据包副本中包含ESI标签,该出口PE未连接到BUM数据包通过其进入EVI的ES。
As an example, consider PE1 and PE2, which are multihomed to CE1 on ES1 and operating in All-Active multihoming mode. Further, consider that PE1 is using P2P or MP2P LSPs to send packets to PE2. Consider that PE1 is the non-DF for VLAN1 and PE2 is the DF for VLAN1, and PE1 receives a BUM packet from CE1 on VLAN1 on ES1. In this scenario, PE2 distributes an Inclusive Multicast Ethernet Tag route for VLAN1 corresponding to an EVPN instance. So, when PE1 sends a BUM packet that it receives from CE1, it MUST first push onto the MPLS label stack the ESI label that PE2 has distributed for ES1. It MUST then push onto the MPLS label stack the MPLS label distributed by PE2 in the Inclusive Multicast Ethernet Tag route for VLAN1. The resulting packet is further encapsulated in the P2P or MP2P LSP label stack required to transmit the packet to PE2. When PE2 receives this packet, it determines, from the top MPLS label, the set of ESIs to which it will replicate the packet after any P2P or MP2P LSP labels have been removed. If the next label is the ESI label assigned by PE2 for ES1, then PE2 MUST NOT forward the packet onto ES1. If the next label is an ESI label that has not been assigned by PE2, then PE2 MUST drop the packet. It should be noted that in this scenario, if PE2 receives a BUM packet for VLAN1 from CE1, then it SHOULD encapsulate the packet with an ESI label received from PE1 when sending it to PE1 in order to avoid any transient loops during a failure scenario that would impact ES1 (e.g., port or link failure).
作为一个例子,考虑PE1和PE2,它们在ES1上被多重归化到CE1,并且在所有有源多归巢模式下工作。此外,考虑PE1正在使用P2P或MP2P LSP来发送分组到PE2。考虑到PE1是VLAN1的非DF,PE2是VLAN1的DF,PE1从ES1上的VLAN1上从CE1接收BUM分组。在此场景中,PE2为对应于EVPN实例的VLAN1分发一个包含多播以太网标记路由。因此,当PE1发送从CE1接收的BUM数据包时,它必须首先将PE2为ES1分发的ESI标签推送到MPLS标签堆栈上。然后,它必须将PE2在VLAN1的包容性多播以太网标记路由中分发的MPLS标签推送到MPLS标签堆栈上。所得分组进一步封装在P2P或MP2P LSP标签栈中,所述P2P或MP2P LSP标签栈需要将分组发送到PE2。当PE2接收到该数据包时,它从顶部MPLS标签确定它将在移除任何P2P或MP2P LSP标签后将数据包复制到的一组ESI。如果下一个标签是PE2为ES1分配的ESI标签,则PE2不得将数据包转发到ES1。如果下一个标签是PE2未分配的ESI标签,则PE2必须丢弃该数据包。应该注意的是,在这种情况下,如果PE2从CE1接收到VLAN1的BUM数据包,那么在将数据包发送到PE1时,它应该使用从PE1接收到的ESI标签来封装该数据包,以避免在故障情况下出现会影响ES1的任何瞬态循环(例如,端口或链路故障)。
The non-DF PEs that operate in All-Active redundancy mode and that use P2MP LSPs to send BUM traffic advertise an upstream assigned ESI label in the set of Ethernet A-D per ES routes for their common attached ES. This label is upstream assigned by the PE that advertises the route. This label MUST be programmed by the other PEs that are connected to the ESI advertised in the route, in the context label space for the advertising PE. Further, the forwarding entry for this label must result in NOT forwarding packets received with this label onto the Ethernet segment for which the label was distributed. This label MUST also be programmed by the other PEs that import the route but are not connected to the ESI advertised in the route, in the context label space for the advertising PE. Further, the forwarding entry for this label must be a label pop with no other associated action.
在所有主动冗余模式下运行并使用P2MP LSP发送BUM流量的非DF PE在以太网A-D per ES路由集中为其公共连接的ES发布上游分配的ESI标签。该标签由公布路线的PE向上游分配。该标签必须由连接到路线中广告的ESI的其他PE在广告PE的上下文标签空间中进行编程。此外,此标签的转发条目必须导致不将使用此标签接收的数据包转发到为其分发标签的以太网段。该标签还必须由导入路由但未连接到路由中广告的ESI的其他PE在广告PE的上下文标签空间中进行编程。此外,此标签的转发条目必须是没有其他关联操作的标签pop。
The DF PE that operates in Single-Active redundancy mode and that uses P2MP LSPs to send BUM traffic should advertise an upstream assigned ESI label in the set of Ethernet A-D per ES routes for its attached ES, just as described in the previous paragraph.
在单一主动冗余模式下运行并使用P2MP LSP发送BUM流量的DF PE应在以太网A-D per ES路由集中为其连接的ES发布上游分配的ESI标签,如前一段所述。
As an example, consider PE1 and PE2, which are multihomed to CE1 on ES1 and operating in All-Active multihoming mode. Also, consider that PE3 belongs to one of the EVPN instances of ES1. Further, assume that PE1, which is the non-DF, is using P2MP MPLS LSPs to send BUM packets. When PE1 sends a BUM packet that it receives from CE1, it MUST first push onto the MPLS label stack the ESI label that it has assigned for the ESI on which the packet was received. The resulting packet is further encapsulated in the P2MP MPLS label stack necessary to transmit the packet to the other PEs. Penultimate hop popping MUST be disabled on the P2MP LSPs used in the MPLS transport infrastructure for EVPN. When PE2 receives this packet, it decapsulates the top MPLS label and forwards the packet using the context label space determined by the top label. If the next label is the ESI label assigned by PE1 to ES1, then PE2 MUST NOT forward the packet onto ES1. When PE3 receives this packet, it decapsulates the top MPLS label and forwards the packet using the context label space determined by the top label. If the next label is the ESI label assigned by PE1 to ES1 and PE3 is not connected to ES1, then PE3 MUST pop the label and flood the packet over all local ESIs in that EVPN instance. It should be noted that when PE2 sends a BUM frame over a P2MP LSP, it should encapsulate the frame with an ESI label even though it is the DF for that VLAN, in order to avoid any transient loops during a failure scenario that would impact ES1 (e.g., port or link failure).
作为一个例子,考虑PE1和PE2,它们在ES1上被多重归化到CE1,并且在所有有源多归巢模式下工作。此外,考虑PE3属于ES1的EVPN实例之一。此外,假设PE1(非DF)正在使用P2MP MPLS LSP发送BUM数据包。当PE1发送它从CE1接收的BUM数据包时,它必须首先将它为接收数据包的ESI分配的ESI标签推送到MPLS标签堆栈上。生成的分组进一步封装在P2MP MPLS标签栈中,该标签栈是将分组传输到其他PEs所必需的。必须在EVPN的MPLS传输基础设施中使用的P2MP LSP上禁用倒数第二跳弹出。当PE2接收到该数据包时,它将解除顶部MPLS标签的封装,并使用顶部标签确定的上下文标签空间转发该数据包。如果下一个标签是PE1分配给ES1的ESI标签,则PE2不得将数据包转发到ES1。当PE3接收到该数据包时,它将解除顶部MPLS标签的封装,并使用顶部标签确定的上下文标签空间转发该数据包。如果下一个标签是PE1分配给ES1的ESI标签,并且PE3未连接到ES1,则PE3必须弹出该标签并将数据包泛洪到该EVPN实例中的所有本地ESI上。应该注意的是,当PE2通过P2MP LSP发送BUM帧时,它应该使用ESI标签封装该帧,即使它是该VLAN的DF,以避免在故障场景中出现任何会影响ES1的瞬态循环(例如,端口或链路故障)。
In the case where a CE is multihomed to multiple PE nodes, using a Link Aggregation Group (LAG) with All-Active redundancy, it is possible that only a single PE learns a set of the MAC addresses associated with traffic transmitted by the CE. This leads to a situation where remote PE nodes receive MAC/IP Advertisement routes for these addresses from a single PE, even though multiple PEs are connected to the multihomed segment. As a result, the remote PEs are not able to effectively load balance traffic among the PE nodes connected to the multihomed Ethernet segment. This could be the case, for example, when the PEs perform data-plane learning on the access, and the load-balancing function on the CE hashes traffic from a given source MAC address to a single PE.
在CE被多宿到多个PE节点的情况下,使用具有所有活动冗余的链路聚合组(LAG),可能只有单个PE学习与CE发送的业务相关联的MAC地址集。这导致远程PE节点从单个PE接收这些地址的MAC/IP播发路由的情况,即使多个PE连接到多址段。因此,远程PE无法在连接到多址以太网段的PE节点之间有效地负载平衡流量。例如,当PEs在访问上执行数据平面学习,并且CE上的负载平衡功能将来自给定源MAC地址的流量散列到单个PE时,可能就是这种情况。
Another scenario where this occurs is when the PEs rely on control-plane learning on the access (e.g., using ARP), since ARP traffic will be hashed to a single link in the LAG.
发生这种情况的另一种情况是,PEs依赖于访问控制平面学习(例如,使用ARP),因为ARP流量将在延迟中散列到单个链路。
To address this issue, EVPN introduces the concept of 'aliasing', which is the ability of a PE to signal that it has reachability to an EVPN instance on a given ES even when it has learned no MAC addresses from that EVI/ES. The Ethernet A-D per EVI route is used for this purpose. A remote PE that receives a MAC/IP Advertisement route with a non-reserved ESI SHOULD consider the advertised MAC address to be reachable via all PEs that have advertised reachability to that MAC address's EVI/ES via the combination of an Ethernet A-D per EVI route for that EVI/ES (and Ethernet tag, if applicable) AND Ethernet A-D per ES routes for that ES with the "Single-Active" bit in the flags of the ESI Label extended community set to 0.
为了解决这个问题,EVPN引入了“混叠”的概念,这是指PE能够发出信号,表明它可以访问给定ES上的EVPN实例,即使它没有从该EVI/ES中了解到MAC地址。每个EVI路由的以太网A-D用于此目的。接收非保留ESI的MAC/IP广告路由的远程PE应该考虑通过所有EPE的可到达的MAC地址来访问所述MAC地址,所述PES通过EVI/ES的每个EVI路由的以太网Ad的组合(以及以太网标签,如果适用)对MAC地址的EVI/ES进行广告可达性。每个ES的以太网A-D路由,ESI标签扩展社区标志中的“单个活动”位设置为0。
Note that the Ethernet A-D per EVI route may be received by a remote PE before it receives the set of Ethernet A-D per ES routes. Therefore, in order to handle corner cases and race conditions, the Ethernet A-D per EVI route MUST NOT be used for traffic forwarding by a remote PE until it also receives the associated set of Ethernet A-D per ES routes.
注意,每个EVI路由的以太网A-D可以在远程PE接收到每个ES路由的以太网A-D集之前由远程PE接收。因此,为了处理拐弯情况和竞争条件,远程PE不得将每EVI以太网A-D路由用于流量转发,直到它还接收到每ES以太网A-D路由的相关集合。
The backup path is a closely related function, but it is used in Single-Active redundancy mode. In this case, a PE also advertises that it has reachability to a given EVI/ES using the same combination of Ethernet A-D per EVI route and Ethernet A-D per ES route as discussed above, but with the "Single-Active" bit in the flags of the ESI Label extended community set to 1. A remote PE that receives a MAC/IP Advertisement route with a non-reserved ESI SHOULD consider the advertised MAC address to be reachable via any PE that has advertised this combination of Ethernet A-D routes, and it SHOULD install a backup path for that MAC address.
备份路径是一项密切相关的功能,但它用于单一主动冗余模式。在这种情况下,PE还使用如上所述的每个EVI路由的以太网a-D和每个ES路由的以太网a-D的相同组合,但将ESI标签扩展社区的标志中的“单个活动”位设置为1,宣传其可到达给定EVI/ES。接收非保留ESI的MAC/IP广告路由的远程PE应该考虑通过已经宣传了该以太网-A路由的组合的任何PE来访问所述广告MAC地址,并且应该为该MAC地址安装备份路径。
This section describes the procedures used to construct the Ethernet A-D per EVPN instance (EVI) route, which is used for aliasing (as discussed above). Support of this route is OPTIONAL.
本节描述了用于构造每个EVPN实例(EVI)以太网A-D路由的过程,该路由用于别名(如上所述)。此路线的支持是可选的。
The Route Distinguisher (RD) MUST be set per Section 7.9.
必须按照第7.9节设置路线识别器(RD)。
The Ethernet Segment Identifier MUST be a 10-octet entity as described in Section 5 ("Ethernet Segment"). The Ethernet A-D route is not needed when the Segment Identifier is set to 0.
以太网段标识符必须是第5节(“以太网段”)中所述的10个八位字节实体。当段标识符设置为0时,不需要以太网A-D路由。
The Ethernet Tag ID is the identifier of an Ethernet tag on the Ethernet segment. This value may be a 12-bit VLAN ID, in which case the low-order 12 bits are set to the VLAN ID and the high-order 20 bits are set to 0. Or, it may be another Ethernet tag used by the EVPN. It MAY be set to the default Ethernet tag on the Ethernet segment or to the value 0.
以太网标签ID是以太网段上以太网标签的标识符。该值可以是12位VLAN ID,在这种情况下,低阶12位设置为VLAN ID,高阶20位设置为0。或者,它可能是EVPN使用的另一个以太网标签。可以将其设置为以太网段上的默认以太网标记或值0。
Note that the above allows the Ethernet A-D route to be advertised with one of the following granularities:
注意,上述允许以太网A-D路由以以下粒度之一进行广告:
+ One Ethernet A-D route per <ESI, Ethernet Tag ID> tuple per MAC-VRF. This is applicable when the PE uses MPLS-based disposition with VID translation or may be applicable when the PE uses MAC-based disposition with VID translation.
+ 每个<ESI一个以太网A-D路由,每个MAC-VRF一个以太网标签ID>元组。这适用于PE使用基于MPLS的处置和VID翻译时,或者可能适用于PE使用基于MAC的处置和VID翻译时。
+ One Ethernet A-D route for each <ESI> per MAC-VRF (where the Ethernet Tag ID is set to 0). This is applicable when the PE uses MAC-based disposition or MPLS-based disposition without VID translation.
+ 每个MAC-VRF的每个<ESI>都有一个以太网A-D路由(其中以太网标签ID设置为0)。这适用于PE使用基于MAC的部署或基于MPLS的部署而不进行VID转换的情况。
The usage of the MPLS label is described in Section 14 ("Load Balancing of Unicast Packets").
MPLS标签的使用在第14节(“单播分组的负载平衡”)中描述。
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST be set to the IPv4 or IPv6 address of the advertising PE.
路由的MP_REACH_NLRI属性的Next Hop字段必须设置为广告PE的IPv4或IPv6地址。
The Ethernet A-D route MUST carry one or more Route Target (RT) attributes, per Section 7.10.
根据第7.10节,以太网A-D路由必须具有一个或多个路由目标(RT)属性。
Consider a CE that is a host or a router that is multihomed directly to more than one PE in an EVPN instance on a given Ethernet segment. One or more Ethernet tags may be configured on the Ethernet segment. In this scenario, only one of the PEs, referred to as the Designated Forwarder (DF), is responsible for certain actions:
考虑一个CE,它是一个主机或路由器,它在给定的以太网段上直接在EVPN实例中被多路复用到多个PE。可以在以太网段上配置一个或多个以太网标签。在这种情况下,只有一个PEs(称为指定货运代理(DF))负责某些行动:
- Sending multicast and broadcast traffic, on a given Ethernet tag on a particular Ethernet segment, to the CE.
- 将特定以太网段上给定以太网标签上的多播和广播流量发送到CE。
- Flooding unknown unicast traffic (i.e., traffic for which a PE does not know the destination MAC address), on a given Ethernet tag on a particular Ethernet segment to the CE, if the environment requires flooding of unknown unicast traffic.
- 如果环境需要淹没未知单播通信量,则将特定以太网段上给定以太网标签上的未知单播通信量(即,PE不知道目标MAC地址的通信量)淹没到CE。
Note that this behavior, which allows selecting a DF at the granularity of <ES, VLAN> or <ES, VLAN bundle> for multicast, broadcast, and unknown unicast traffic, is the default behavior in this specification.
请注意,此行为是本规范中的默认行为,它允许为多播、广播和未知单播流量选择粒度为<ES,VLAN>或<ES,VLAN bundle>的DF。
Note that a CE always sends packets belonging to a specific flow using a single link towards a PE. For instance, if the CE is a host, then, as mentioned earlier, the host treats the multiple links that it uses to reach the PEs as a Link Aggregation Group (LAG). The CE employs a local hashing function to map traffic flows onto links in the LAG.
注意,CE总是使用单个链路向PE发送属于特定流的分组。例如,如果CE是主机,则如前所述,主机将其用于到达PEs的多个链路视为链路聚合组(LAG)。CE使用本地哈希函数将流量映射到LAG中的链路上。
If a bridged network is multihomed to more than one PE in an EVPN network via switches, then the support of All-Active redundancy mode requires the bridged network to be connected to two or more PEs using a LAG.
如果桥接网络通过交换机多宿到EVPN网络中的多个PE,则支持所有主动冗余模式要求桥接网络使用LAG连接到两个或多个PE。
If a bridged network does not connect to the PEs using a LAG, then only one of the links between the bridged network and the PEs must be the active link for a given <ES, VLAN> or <ES, VLAN bundle>. In this case, the set of Ethernet A-D per ES routes advertised by each PE MUST have the "Single-Active" bit in the flags of the ESI Label extended community set to 1.
如果桥接网络未使用LAG连接到PEs,则桥接网络和PEs之间的链路中只有一个必须是给定<ES,VLAN>或<ES,VLAN束>的活动链路。在这种情况下,每个PE播发的以太网A-D per ES路由集必须将ESI标签扩展社区的标志中的“单个活动”位设置为1。
The default procedure for DF election at the granularity of <ES, VLAN> for VLAN-based service or <ES, VLAN bundle> for VLAN-(aware) bundle service is referred to as "service carving". With service carving, it is possible to elect multiple DFs per Ethernet segment (one per VLAN or VLAN bundle) in order to perform load balancing of multi-destination traffic destined to a given segment. The load-balancing procedures carve up the VLAN space per ES among the PE
对于基于VLAN的服务,粒度为<ES,VLAN>的DF选择的默认过程或对于VLAN-(感知)捆绑服务,粒度为<ES,VLAN捆绑>的DF选择的默认过程称为“服务分割”。使用服务分割,可以为每个以太网段选择多个DFs(每个VLAN或VLAN包一个),以便对发送到给定段的多目标流量执行负载平衡。负载平衡过程在PE之间划分每个VLAN空间
nodes evenly, in such a way that every PE is the DF for a disjoint set of VLANs or VLAN bundles for that ES. The procedure for service carving is as follows:
节点均匀分布,每个PE都是一组不相交的VLAN或该PE的VLAN束的DF。服务雕刻程序如下:
1. When a PE discovers the ESI of the attached Ethernet segment, it advertises an Ethernet Segment route with the associated ES-Import extended community attribute.
1. 当PE发现所连接的以太网段的ESI时,它播发具有相关ES Import extended COMMITION属性的以太网段路由。
2. The PE then starts a timer (default value = 3 seconds) to allow the reception of Ethernet Segment routes from other PE nodes connected to the same Ethernet segment. This timer value should be the same across all PEs connected to the same Ethernet segment.
2. 然后,PE启动计时器(默认值=3秒),以允许从连接到同一以太网段的其他PE节点接收以太网段路由。连接到同一以太网段的所有PE的定时器值应相同。
3. When the timer expires, each PE builds an ordered list of the IP addresses of all the PE nodes connected to the Ethernet segment (including itself), in increasing numeric value. Each IP address in this list is extracted from the "Originating Router's IP address" field of the advertised Ethernet Segment route. Every PE is then given an ordinal indicating its position in the ordered list, starting with 0 as the ordinal for the PE with the numerically lowest IP address. The ordinals are used to determine which PE node will be the DF for a given EVPN instance on the Ethernet segment, using the following rule:
3. 计时器过期时,每个PE以递增的数值构建连接到以太网段(包括自身)的所有PE节点的IP地址的有序列表。此列表中的每个IP地址都是从公布的以太网段路由的“原始路由器的IP地址”字段中提取的。然后给每个PE一个序号,指示其在有序列表中的位置,从0开始,作为IP地址数字最低的PE的序号。序号用于使用以下规则确定哪个PE节点将是以太网段上给定EVPN实例的DF:
Assuming a redundancy group of N PE nodes, for VLAN-based service, the PE with ordinal i is the DF for an <ES, VLAN V> when (V mod N) = i. In the case of VLAN-(aware) bundle service, then the numerically lowest VLAN value in that bundle on that ES MUST be used in the modulo function.
假设一个由N个PE节点组成的冗余组,对于基于VLAN的服务,序号为i的PE是(V mod N)=i时<ES,VLAN V>的DF。在VLAN-(感知)捆绑服务的情况下,则必须在模函数中使用该ES上该捆绑中数值最低的VLAN值。
It should be noted that using the "Originating Router's IP address" field in the Ethernet Segment route to get the PE IP address needed for the ordered list allows for a CE to be multihomed across different ASes if such a need ever arises.
应该注意的是,使用以太网段路由中的“始发路由器的IP地址”字段来获取有序列表所需的PE IP地址允许CE在需要时跨不同ASE进行多址。
4. The PE that is elected as a DF for a given <ES, VLAN> or <ES, VLAN bundle> will unblock multi-destination traffic for that VLAN or VLAN bundle on the corresponding ES. Note that the DF PE unblocks multi-destination traffic in the egress direction towards the segment. All non-DF PEs continue to drop multi-destination traffic in the egress direction towards that <ES, VLAN> or <ES, VLAN bundle>.
4. 被选为给定<ES,VLAN>或<ES,VLAN bundle>的DF的PE将在相应的ES上解除对该VLAN或VLAN bundle>的多目标通信的阻止。请注意,DF PE在朝向该段的出口方向上解锁多目的地流量。所有非DF PE在出口方向上继续向<ES,VLAN>或<ES,VLAN bundle>投放多目标流量。
In the case of link or port failure, the affected PE withdraws its Ethernet Segment route. This will re-trigger the service carving procedures on all the PEs in the redundancy group. For PE node failure, or upon PE commissioning or decommissioning, the PEs re-trigger the service carving. In the case of Single-Active
在链路或端口故障的情况下,受影响的PE退出其以太网段路由。这将重新触发冗余组中所有PE上的维修程序。对于PE节点故障,或在PE调试或停运时,PEs重新触发服务。在单个激活的情况下
multihoming, when a service moves from one PE in the redundancy group to another PE as a result of re-carving, the PE, which ends up being the elected DF for the service, SHOULD trigger a MAC address flush notification towards the associated Ethernet segment. This can be done, for example, using the IEEE 802.1ak Multiple VLAN Registration Protocol (MVRP) 'new' declaration.
多归属,当服务由于重新划分而从冗余组中的一个PE移动到另一个PE时,该PE(最终为服务选择的DF)应触发指向相关以太网段的MAC地址刷新通知。例如,可以使用IEEE 802.1ak多VLAN注册协议(MVRP)“新”声明来实现这一点。
Let's refer to PEs that only support single-homed CE devices as single-homing PEs. For single-homing PEs, all the above multihoming procedures can be omitted; however, to allow for single-homing PEs to fully interoperate with multihoming PEs, some of the multihoming procedures described above SHOULD be supported even by single-homing PEs:
让我们将仅支持单主CE设备的PEs称为单主PE。对于单寻的PEs,可省略上述所有多寻的程序;然而,为了使单寻的PEs能够与多寻的PEs完全互操作,即使单寻的PEs也应支持上述一些多寻的程序:
- procedures related to processing Ethernet A-D routes for the purpose of fast convergence (Section 8.2 ("Fast Convergence")), to let single-homing PEs benefit from fast convergence
- 为实现快速融合(第8.2节(“快速融合”)而处理以太网A-D路由的相关程序,以使单归属PEs从快速融合中受益
- procedures related to processing Ethernet A-D routes for the purpose of aliasing (Section 8.4 ("Aliasing and Backup Path")), to let single-homing PEs benefit from load balancing
- 与处理以太网A-D路由以实现别名相关的程序(第8.4节(“别名和备份路径”),以使单主PEs从负载平衡中受益
- procedures related to processing Ethernet A-D routes for the purpose of a backup path (Section 8.4 ("Aliasing and Backup Path")), to let single-homing PEs benefit from the corresponding convergence improvement
- 为备份路径(第8.4节(“别名和备份路径”))处理以太网A-D路由的相关程序,以使单归属PEs从相应的收敛改进中受益
PEs forward packets that they receive based on the destination MAC address. This implies that PEs must be able to learn how to reach a given destination unicast MAC address.
PEs根据目标MAC地址转发接收的数据包。这意味着PEs必须能够了解如何到达给定的目标单播MAC地址。
There are two components to MAC address learning -- "local learning" and "remote learning":
MAC地址学习有两个组件——“本地学习”和“远程学习”:
A particular PE must be able to learn the MAC addresses from the CEs that are connected to it. This is referred to as local learning.
特定PE必须能够从连接到它的CE中学习MAC地址。这被称为本地学习。
The PEs in a particular EVPN instance MUST support local data-plane learning using standard IEEE Ethernet learning procedures. A PE must be capable of learning MAC addresses in the data plane when it receives packets such as the following from the CE network:
特定EVPN实例中的PEs必须支持使用标准IEEE以太网学习程序的本地数据平面学习。当PE从CE网络接收到如下数据包时,必须能够在数据平面中学习MAC地址:
- DHCP requests
- DHCP请求
- An ARP Request for its own MAC
- 对自身MAC的ARP请求
- An ARP Request for a peer
- 对对等方的ARP请求
Alternatively, PEs MAY learn the MAC addresses of the CEs in the control plane or via management-plane integration between the PEs and the CEs.
或者,PEs可以在控制平面中或者通过PEs和CEs之间的管理平面集成来学习CEs的MAC地址。
There are applications where a MAC address that is reachable via a given PE on a locally attached segment (e.g., with ESI X) may move, such that it becomes reachable via another PE on another segment (e.g., with ESI Y). This is referred to as "MAC Mobility". Procedures to support this are described in Section 15 ("MAC Mobility").
在一些应用中,可通过本地连接段(例如,使用ESI X)上的给定PE访问的MAC地址可能会移动,从而可通过另一段(例如,使用ESI Y)上的另一PE访问。这被称为“MAC移动性”。第15节(“MAC移动性”)中描述了支持这一点的程序。
A particular PE must be able to determine how to send traffic to MAC addresses that belong to or are behind CEs connected to other PEs, i.e., to remote CEs or hosts behind remote CEs. We call such MAC addresses "remote" MAC addresses.
特定PE必须能够确定如何将流量发送到属于或位于连接到其他PE的CE后面的MAC地址,即发送到远程CE或远程CE后面的主机。我们称这种MAC地址为“远程”MAC地址。
This document requires a PE to learn remote MAC addresses in the control plane. In order to achieve this, each PE advertises the MAC addresses it learns from its locally attached CEs in the control plane, to all the other PEs in that EVPN instance, using MP-BGP and, specifically, the MAC/IP Advertisement route.
本文档要求PE了解控制平面中的远程MAC地址。为了实现这一点,每个PE使用MP-BGP,特别是MAC/IP播发路由,向该EVPN实例中的所有其他PE播发其在控制平面中从其本地连接的CE学到的MAC地址。
BGP is extended to advertise these MAC addresses using the MAC/IP Advertisement route type in the EVPN NLRI.
BGP扩展为使用EVPN NLRI中的MAC/IP播发路由类型播发这些MAC地址。
The RD MUST be set per Section 7.9.
必须根据第7.9节设置RD。
The Ethernet Segment Identifier is set to the 10-octet ESI described in Section 5 ("Ethernet Segment").
以太网段标识符设置为第5节(“以太网段”)中所述的10个八位ESI。
The Ethernet Tag ID may be zero or may represent a valid Ethernet Tag ID. This field may be non-zero when there are multiple bridge tables in the MAC-VRF (i.e., the PE needs to support VLAN-aware bundle service for that EVI).
以太网标签ID可以为零,也可以表示有效的以太网标签ID。当MAC-VRF中存在多个网桥表时,此字段可能为非零(即,PE需要支持该EVI的VLAN感知捆绑服务)。
When the Ethernet Tag ID in the NLRI is set to a non-zero value for a particular broadcast domain, then this Ethernet Tag ID may be either the CE's Ethernet tag value (e.g., CE VLAN ID) or the EVPN provider's Ethernet tag value (e.g., provider VLAN ID). The latter would be the case if the CE Ethernet tags (e.g., CE VLAN ID) for a particular broadcast domain are different on different CEs.
当NLRI中的以太网标签ID被设置为特定广播域的非零值时,该以太网标签ID可以是CE的以太网标签值(例如,CE VLAN ID)或EVPN提供商的以太网标签值(例如,提供商VLAN ID)。如果特定广播域的CE以太网标签(例如,CE VLAN ID)在不同CE上不同,则会出现后一种情况。
The MAC Address Length field is in bits, and it is set to 48. MAC address length values other than 48 bits are outside the scope of this document. The encoding of a MAC address MUST be the 6-octet MAC address specified by [802.1Q] and [802.1D-REV].
MAC地址长度字段以位为单位,设置为48。除48位以外的MAC地址长度值不在本文档范围内。MAC地址的编码必须是[802.1Q]和[802.1D-REV]指定的6位八位组MAC地址。
The IP Address field is optional. By default, the IP Address Length field is set to 0, and the IP Address field is omitted from the route. When a valid IP address needs to be advertised, it is then encoded in this route. When an IP address is present, the IP Address Length field is in bits, and it is set to 32 or 128 bits. Other IP Address Length values are outside the scope of this document. The encoding of an IP address MUST be either 4 octets for IPv4 or 16 octets for IPv6. The Length field of the EVPN NLRI (which is in octets and is described in Section 7) is sufficient to determine whether an IP address is encoded in this route and, if so, whether the encoded IP address is IPv4 or IPv6.
IP地址字段是可选的。默认情况下,IP地址长度字段设置为0,并且从路由中省略IP地址字段。当一个有效的IP地址需要公布时,它就会被编码在这个路由中。当存在IP地址时,IP地址长度字段以位为单位,并设置为32或128位。其他IP地址长度值不在本文档范围内。IP地址的编码必须为IPv4的4个八位字节或IPv6的16个八位字节。EVPN NLRI的长度字段(以八位字节为单位,在第7节中描述)足以确定IP地址是否在此路由中编码,如果是,则确定编码的IP地址是IPv4还是IPv6。
The MPLS Label1 field is encoded as 3 octets, where the high-order 20 bits contain the label value. The MPLS Label1 MUST be downstream assigned, and it is associated with the MAC address being advertised by the advertising PE. The advertising PE uses this label when it receives an MPLS-encapsulated packet to perform forwarding based on the destination MAC address toward the CE. The forwarding procedures are specified in Sections 13 and 14.
MPLS Label1字段编码为3个八位字节,其中高阶20位包含标签值。MPLS标签1必须是下游分配的,并且它与由广告PE广告的MAC地址相关联。广告PE在接收到MPLS封装的分组时使用该标签,以基于目的地MAC地址执行向CE的转发。第13节和第14节规定了转运程序。
A PE may advertise the same single EVPN label for all MAC addresses in a given MAC-VRF. This label assignment is referred to as a per MAC-VRF label assignment. Alternatively, a PE may advertise a unique EVPN label per <MAC-VRF, Ethernet tag> combination. This label assignment is referred to as a per <MAC-VRF, Ethernet tag> label assignment. As a third option, a PE may advertise a unique EVPN label per <ESI, Ethernet tag> combination. This label assignment is referred to as a per <ESI, Ethernet tag> label assignment. As a fourth option, a PE may advertise a unique EVPN label per MAC address. This label assignment is referred to as a per MAC label assignment. All of these label assignment methods have their trade-offs. The choice of a particular label assignment methodology is purely local to the PE that originates the route.
PE可以为给定MAC-VRF中的所有MAC地址宣传相同的单个EVPN标签。此标签分配称为per MAC-VRF标签分配。或者,PE可以根据<MAC-VRF,以太网标签>组合宣传唯一的EVPN标签。此标签分配称为per<MAC-VRF,以太网标签>标签分配。作为第三种选择,PE可以根据<ESI,Ethernet tag>组合宣传唯一的EVPN标签。此标签分配称为per<ESI,Ethernet tag>标签分配。作为第四个选项,PE可以为每个MAC地址发布唯一的EVPN标签。此标签分配称为每MAC标签分配。所有这些标签分配方法都有各自的优缺点。特定标签分配方法的选择完全是源自路线的PE的本地选择。
An assignment per MAC-VRF label requires the least number of EVPN labels but requires a MAC lookup in addition to an MPLS lookup on an egress PE for forwarding. On the other hand, a unique label per <ESI, Ethernet tag> or a unique label per MAC allows an egress PE to forward a packet that it receives from another PE, to the connected CE, after looking up only the MPLS labels without having to perform a MAC lookup. This includes the capability to perform appropriate VLAN ID translation on egress to the CE.
每个MAC-VRF标签的分配需要最少数量的EVPN标签,但除了在出口PE上进行MPLS查找外,还需要进行MAC查找以进行转发。另一方面,每个<ESI,Ethernet tag>的唯一标签或每个MAC的唯一标签允许出口PE在仅查找MPLS标签之后将其从另一个PE接收的分组转发到连接的CE,而不必执行MAC查找。这包括在出口到CE时执行适当VLAN ID转换的能力。
The MPLS Label2 field is an optional field. If it is present, then it is encoded as 3 octets, where the high-order 20 bits contain the label value.
MPLS Label2字段是可选字段。如果存在,则将其编码为3个八位字节,其中高阶20位包含标签值。
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST be set to the IPv4 or IPv6 address of the advertising PE.
路由的MP_REACH_NLRI属性的Next Hop字段必须设置为广告PE的IPv4或IPv6地址。
The BGP advertisement for the MAC/IP Advertisement route MUST also carry one or more Route Target (RT) attributes. RTs may be configured (as in IP VPNs) or may be derived automatically from the Ethernet Tag ID, in the Unique VLAN case, as described in Section 7.10.1.
MAC/IP播发路由的BGP播发还必须带有一个或多个路由目标(RT)属性。如第7.10.1节所述,在唯一VLAN情况下,RTs可以配置(如IP VPN中),也可以从以太网标签ID自动派生。
It is to be noted that this document does not require PEs to create forwarding state for remote MACs when they are learned in the control plane. When this forwarding state is actually created is a local implementation matter.
需要注意的是,本文件不要求PEs在控制平面中学习远程MAC时为其创建转发状态。实际创建此转发状态的时间是本地实现问题。
If the Ethernet Segment Identifier field in a received MAC/IP Advertisement route is set to the reserved ESI value of 0 or MAX-ESI, then if the receiving PE decides to install forwarding state for the associated MAC address, it MUST be based on the MAC/IP Advertisement route alone.
如果接收到的MAC/IP播发路由中的以太网段标识符字段设置为保留ESI值0或MAX-ESI,则如果接收PE决定为相关MAC地址安装转发状态,则必须仅基于MAC/IP播发路由。
If the Ethernet Segment Identifier field in a received MAC/IP Advertisement route is set to a non-reserved ESI, and the receiving PE is locally attached to the same ESI, then the PE does not alter its forwarding state based on the received route. This ensures that local routes are preferred to remote routes.
如果接收到的MAC/IP播发路由中的以太网段标识符字段设置为非保留ESI,并且接收到的PE本地连接到同一ESI,则PE不会基于接收到的路由改变其转发状态。这确保了本地路由优先于远程路由。
If the Ethernet Segment Identifier field in a received MAC/IP Advertisement route is set to a non-reserved ESI, then if the receiving PE decides to install forwarding state for the associated MAC address, it MUST be when both the MAC/IP Advertisement route AND the associated set of Ethernet A-D per ES routes have been received. The dependency of MAC route installation on Ethernet A-D per ES routes is to ensure that MAC routes don't get accidentally installed during a mass withdraw period.
如果接收到的MAC/IP播发路由中的以太网段标识符字段设置为非保留ESI,则如果接收PE决定为关联的MAC地址安装转发状态,则必须在同时接收到MAC/IP播发路由和关联的以太网a-D per ES路由集时。MAC路由安装在以太网A-D per ES路由上的依赖性是确保MAC路由不会在大规模撤回期间意外安装。
To illustrate this with an example, consider two PEs (PE1 and PE2) connected to a multihomed Ethernet segment ES1. All-Active redundancy mode is assumed. A given MAC address M1 is learned by PE1 but not PE2. On PE3, the following states may arise:
为了举例说明这一点,考虑连接到多归属以太网段ES1的两个PES(PE1和PE2)。假设所有主动冗余模式。给定的MAC地址M1由PE1而不是PE2学习。在PE3上,可能出现以下状态:
T1 When the MAC/IP Advertisement route from PE1 and the set of Ethernet A-D per ES routes and Ethernet A-D per EVI routes from PE1 and PE2 are received, PE3 can forward traffic destined to M1 to both PE1 and PE2.
T1当接收到来自PE1的MAC/IP播发路由以及来自PE1和PE2的以太网A-D每ES路由和以太网A-D每EVI路由集时,PE3可以将目的地为M1的流量转发到PE1和PE2。
T2 If after T1 PE1 withdraws its set of Ethernet A-D per ES routes, then PE3 forwards traffic destined to M1 to PE2 only.
T2如果在T1 PE1退出其每ES一组以太网A-D路由后,PE3仅将目的地为M1的流量转发给PE2。
T2' If after T1 PE2 withdraws its set of Ethernet A-D per ES routes, then PE3 forwards traffic destined to M1 to PE1 only.
T2'如果在T1 PE2撤销其每ES一组以太网A-D路由后,则PE3仅将目的地为M1的流量转发给PE1。
T2'' If after T1 PE1 withdraws its MAC/IP Advertisement route, then PE3 treats traffic to M1 as unknown unicast.
T2''如果在T1 PE1退出其MAC/IP播发路由后,PE3将到M1的流量视为未知单播。
T3 PE2 also advertises a MAC route for M1, and then PE1 withdraws its MAC route for M1. PE3 continues forwarding traffic destined to M1 to both PE1 and PE2. In other words, despite M1 withdrawal by PE1, PE3 forwards the traffic destined to M1 to both PE1 and PE2. This is because a flow from the CE, resulting in M1 traffic getting hashed to PE1, can get terminated, resulting in M1 being aged out in PE1; however, M1 can be reachable by both PE1 and PE2.
T3 PE2还为M1播发MAC路由,然后PE1撤回其为M1的MAC路由。PE3继续将目的地为M1的流量转发给PE1和PE2。换言之,尽管PE1退出M1,PE3仍将目的地为M1的流量转发给PE1和PE2。这是因为来自CE的流(导致M1通信量散列到PE1)可以被终止,导致M1在PE1中老化;然而,M1可以通过PE1和PE2访问。
The IP Address field in the MAC/IP Advertisement route may optionally carry one of the IP addresses associated with the MAC address. This provides an option that can be used to minimize the flooding of ARP
MAC/IP广告路由中的IP地址字段可以可选地携带与MAC地址相关联的IP地址之一。这提供了一个可用于最小化ARP溢出的选项
or Neighbor Discovery (ND) messages over the MPLS network and to remote CEs. This option also minimizes ARP (or ND) message processing on end-stations/hosts connected to the EVPN network. A PE may learn the IP address associated with a MAC address in the control or management plane between the CE and the PE. Or, it may learn this binding by snooping certain messages to or from a CE. When a PE learns the IP address associated with a MAC address of a locally connected CE, it may advertise this address to other PEs by including it in the MAC/IP Advertisement route. The IP address may be an IPv4 address encoded using 4 octets or an IPv6 address encoded using 16 octets. For ARP and ND purposes, the IP Address Length field MUST be set to 32 for an IPv4 address or 128 for an IPv6 address.
或通过MPLS网络发送到远程CEs的邻居发现(ND)消息。此选项还可以最大限度地减少连接到EVPN网络的终端站/主机上的ARP(或ND)消息处理。PE可以学习与CE和PE之间的控制或管理平面中的MAC地址相关联的IP地址。或者,它可以通过窥探到CE或从CE中窥探某些消息来学习这种绑定。当PE学习到与本地连接的CE的MAC地址相关联的IP地址时,它可以通过将该地址包括在MAC/IP播发路由中来向其他PE播发该地址。IP地址可以是使用4个八位字节编码的IPv4地址或使用16个八位字节编码的IPv6地址。对于ARP和ND,对于IPv4地址,IP地址长度字段必须设置为32;对于IPv6地址,IP地址长度字段必须设置为128。
If there are multiple IP addresses associated with a MAC address, then multiple MAC/IP Advertisement routes MUST be generated, one for each IP address. For instance, this may be the case when there are both an IPv4 and an IPv6 address associated with the same MAC address for dual-IP-stack scenarios. When the IP address is dissociated with the MAC address, then the MAC/IP Advertisement route with that particular IP address MUST be withdrawn.
如果有多个IP地址与MAC地址关联,则必须生成多个MAC/IP播发路由,每个IP地址一个。例如,对于双IP堆栈方案,当同时存在与相同MAC地址关联的IPv4和IPv6地址时,可能会出现这种情况。当IP地址与MAC地址分离时,必须撤回具有该特定IP地址的MAC/IP播发路由。
Note that a MAC-only route can be advertised along with, but independent from, a MAC/IP route for scenarios where the MAC learning over an access network/node is done in the data plane and independent from ARP snooping that generates a MAC/IP route. In such scenarios, when the ARP entry times out and causes the MAC/IP to be withdrawn, then the MAC information will not be lost. In scenarios where the host MAC/IP is learned via the management or control plane, then the sender PE may only generate and advertise the MAC/IP route. If the receiving PE receives both the MAC-only route and the MAC/IP route, then when it receives a withdraw message for the MAC/IP route, it MUST delete the corresponding entry from the ARP table but not the MAC entry from the MAC-VRF table, unless it receives a withdraw message for the MAC-only route.
注意,对于在数据平面上通过接入网络/节点进行MAC学习并且独立于生成MAC/IP路由的ARP窥探的场景,仅MAC路由可以与MAC/IP路由一起发布,但独立于MAC/IP路由。在这种情况下,当ARP进入超时并导致MAC/IP退出时,MAC信息不会丢失。在通过管理或控制平面学习主机MAC/IP的场景中,发送方PE可能仅生成和通告MAC/IP路由。如果接收PE同时接收到MAC-only路由和MAC/IP路由,则当接收到MAC/IP路由的撤销消息时,必须从ARP表中删除相应的条目,但不能从MAC-VRF表中删除MAC条目,除非接收到MAC-only路由的撤销消息。
When a PE receives an ARP Request for an IP address from a CE, and if the PE has the MAC address binding for that IP address, the PE SHOULD perform ARP proxy by responding to the ARP Request.
当PE从CE接收到针对IP地址的ARP请求时,如果PE具有针对该IP地址的MAC地址绑定,则PE应通过响应ARP请求来执行ARP代理。
When a PE needs to perform inter-subnet forwarding where each subnet is represented by a different broadcast domain (e.g., a different VLAN), the inter-subnet forwarding is performed at Layer 3, and the PE that performs such a function is called the default gateway for the EVPN instance. In this case, when the PE receives an ARP Request for the IP address configured as the default gateway address, the PE originates an ARP Reply.
当PE需要执行子网间转发时,其中每个子网由不同的广播域(例如,不同的VLAN)表示,子网间转发在第3层执行,并且执行此功能的PE称为EVPN实例的默认网关。在这种情况下,当PE收到配置为默认网关地址的IP地址的ARP请求时,PE发起ARP应答。
Each PE that acts as a default gateway for a given EVPN instance MAY advertise in the EVPN control plane its default gateway MAC address using the MAC/IP Advertisement route, and each such PE indicates that such a route is associated with the default gateway. This is accomplished by requiring the route to carry the Default Gateway extended community defined in Section 7.8 ("Default Gateway Extended Community"). The ESI field is set to zero when advertising the MAC route with the Default Gateway extended community.
充当给定EVPN实例的默认网关的每个PE可以使用MAC/IP广告路由在EVPN控制平面中广告其默认网关MAC地址,并且每个这样的PE指示这样的路由与默认网关相关联。这是通过要求路由承载第7.8节(“默认网关扩展社区”)中定义的默认网关扩展社区来实现的。当使用默认网关扩展社区公布MAC路由时,ESI字段设置为零。
The IP Address field of the MAC/IP Advertisement route is set to the default gateway IP address for that subnet (e.g., an EVPN instance). For a given subnet (e.g., a VLAN or EVPN instance), the default gateway IP address is the same across all the participant PEs. The inclusion of this IP address enables the receiving PE to check its configured default gateway IP address against the one received in the MAC/IP Advertisement route for that subnet (or EVPN instance), and if there is a discrepancy, then the PE SHOULD notify the operator and log an error message.
MAC/IP播发路由的IP地址字段设置为该子网(例如,EVPN实例)的默认网关IP地址。对于给定的子网(例如,VLAN或EVPN实例),默认网关IP地址在所有参与者PE中都是相同的。包含此IP地址使接收PE能够对照在该子网(或EVPN实例)的MAC/IP播发路由中接收到的IP地址检查其配置的默认网关IP地址,如果存在差异,则PE应通知操作员并记录错误消息。
Unless it is known a priori (by means outside of this document) that all PEs of a given EVPN instance act as a default gateway for that EVPN instance, the MPLS label MUST be set to a valid downstream assigned label.
除非事先(通过本文档之外的方式)已知给定EVPN实例的所有PE充当该EVPN实例的默认网关,否则必须将MPLS标签设置为有效的下游分配标签。
Furthermore, even if all PEs of a given EVPN instance do act as a default gateway for that EVPN instance, but only some, but not all, of these PEs have sufficient (routing) information to provide inter-subnet routing for all the inter-subnet traffic originated within the subnet associated with the EVPN instance, then when such a PE advertises in the EVPN control plane its default gateway MAC address using the MAC/IP Advertisement route and indicates that such a route is associated with the default gateway, the route MUST carry a valid downstream assigned label.
此外,即使给定EVPN实例的所有PE都充当该EVPN实例的默认网关,但这些PE中只有部分(但不是全部)具有足够的(路由)信息,以便为与EVPN实例相关联的子网内产生的所有子网间流量提供子网间路由,然后,当这样的PE在EVPN控制平面中使用MAC/IP播发路由播发其默认网关MAC地址并指示这样的路由与默认网关相关联时,该路由必须携带有效的下游分配标签。
If all PEs of a given EVPN instance act as a default gateway for that EVPN instance, and the same default gateway MAC address is used across all gateway devices, then no such advertisement is needed. However, if each default gateway uses a different MAC address, then each default gateway needs to be aware of other gateways' MAC addresses and thus the need for such an advertisement. This is called MAC address aliasing, since a single default gateway can be represented by multiple MAC addresses.
如果给定EVPN实例的所有PE充当该EVPN实例的默认网关,并且在所有网关设备上使用相同的默认网关MAC地址,则不需要此类广告。但是,如果每个默认网关使用不同的MAC地址,则每个默认网关需要知道其他网关的MAC地址,因此需要这样的广告。这称为MAC地址别名,因为单个默认网关可以由多个MAC地址表示。
Each PE that receives this route and imports it as per procedures specified in this document follows the procedures in this section when replying to ARP Requests that it receives.
接收该路由并按照本文件中规定的程序导入的每个PE在答复其接收的ARP请求时,遵循本节中的程序。
Each PE that acts as a default gateway for a given EVPN instance that receives this route and imports it as per procedures specified in this document MUST create MAC forwarding state that enables it to apply IP forwarding to the packets destined to the MAC address carried in the route.
作为接收此路由并按照本文档中指定的过程导入该路由的给定EVPN实例的默认网关的每个PE必须创建MAC转发状态,使其能够将IP转发应用于发送到路由中承载的MAC地址的数据包。
Procedures are required for a given PE to send broadcast or multicast traffic received from a CE encapsulated in a given Ethernet tag (VLAN) in an EVPN instance to all the other PEs that span that Ethernet tag (VLAN) in that EVPN instance. In certain scenarios, as described in Section 12 ("Processing of Unknown Unicast Packets"), a given PE may also need to flood unknown unicast traffic to other PEs.
给定PE需要执行以下步骤:将从封装在EVPN实例中的给定以太网标记(VLAN)中的CE接收的广播或多播流量发送到该EVPN实例中跨越该以太网标记(VLAN)的所有其他PE。在某些情况下,如第12节(“未知单播数据包的处理”)中所述,给定PE可能还需要将未知单播通信量涌入其他PE。
The PEs in a particular EVPN instance may use ingress replication, P2MP LSPs, or MP2MP LSPs to send unknown unicast, broadcast, or multicast traffic to other PEs.
特定EVPN实例中的PEs可以使用入口复制、P2MP lsp或MP2MP lsp向其他PEs发送未知的单播、广播或多播流量。
Each PE MUST advertise an "Inclusive Multicast Ethernet Tag route" to enable the above. The following subsection provides the procedures to construct the Inclusive Multicast Ethernet Tag route. Subsequent subsections describe its usage in further detail.
每个PE必须公布“包含多播以太网标记路由”以启用上述功能。以下小节提供了构造包含性多播以太网标记路由的过程。随后的小节将更详细地描述其用法。
The RD MUST be set per Section 7.9.
必须根据第7.9节设置RD。
The Ethernet Tag ID is the identifier of the Ethernet tag. It may be set to 0 or to a valid Ethernet tag value.
以太网标签ID是以太网标签的标识符。它可以设置为0或有效的以太网标记值。
The Originating Router's IP Address field value MUST be set to an IP address of the PE that should be common for all the EVIs on the PE (e.g., this address may be the PE's loopback address). The IP Address Length field is in bits.
始发路由器的IP地址字段值必须设置为PE的IP地址,该地址对于PE上的所有EVI都应该是公共的(例如,该地址可能是PE的环回地址)。IP地址长度字段以位为单位。
The Next Hop field of the MP_REACH_NLRI attribute of the route MUST be set to the IPv4 or IPv6 address of the advertising PE.
路由的MP_REACH_NLRI属性的Next Hop字段必须设置为广告PE的IPv4或IPv6地址。
The BGP advertisement for the Inclusive Multicast Ethernet Tag route MUST also carry one or more Route Target (RT) attributes. The assignment of RTs as described in Section 7.10 MUST be followed.
包容性多播以太网标记路由的BGP播发还必须带有一个或多个路由目标(RT)属性。必须遵循第7.10节所述的RTs分配。
In order to identify the P-tunnel used for sending broadcast, unknown unicast, or multicast traffic, the Inclusive Multicast Ethernet Tag route MUST carry a Provider Multicast Service Interface (PMSI) Tunnel attribute as specified in [RFC6514].
为了识别用于发送广播、未知单播或多播流量的P隧道,包容性多播以太网标记路由必须具有[RFC6514]中指定的提供商多播服务接口(PMSI)隧道属性。
Depending on the technology used for the P-tunnel for the EVPN instance on the PE, the PMSI Tunnel attribute of the Inclusive Multicast Ethernet Tag route is constructed as follows.
根据PE上EVPN实例的P隧道使用的技术,包含性多播以太网标记路由的PMSI隧道属性构造如下。
+ If the PE that originates the advertisement uses a P-multicast tree for the P-tunnel for EVPN, the PMSI Tunnel attribute MUST contain the identity of the tree (note that the PE could create the identity of the tree prior to the actual instantiation of the tree).
+ 如果发起广告的PE为EVPN的P隧道使用P多播树,则PMSI隧道属性必须包含树的标识(请注意,PE可以在树的实际实例化之前创建树的标识)。
+ A PE that uses a P-multicast tree for the P-tunnel MAY aggregate two or more EVPN instances (EVIs) present on the PE onto the same tree. In this case, in addition to carrying the identity of the tree, the PMSI Tunnel attribute MUST carry an MPLS upstream assigned label, which the PE has bound uniquely to the EVI associated with this update (as determined by its RTs).
+ 为P隧道使用P多播树的PE可以将PE上存在的两个或多个EVPN实例(evi)聚合到同一树上。在这种情况下,除了携带树的标识外,PMSI隧道属性还必须携带MPLS上游分配的标签,PE已将该标签唯一绑定到与此更新相关联的EVI(由其RTs确定)。
If the PE has already advertised Inclusive Multicast Ethernet Tag routes for two or more EVIs that it now desires to aggregate, then the PE MUST re-advertise those routes. The re-advertised routes MUST be the same as the original ones, except for the PMSI Tunnel attribute and the label carried in that attribute.
如果PE已经为现在希望聚合的两个或多个EVI播发了包含性多播以太网标记路由,则PE必须重新播发这些路由。重新公布的路线必须与原始路线相同,但PMSI隧道属性和该属性中包含的标签除外。
+ If the PE that originates the advertisement uses ingress replication for the P-tunnel for EVPN, the route MUST include the PMSI Tunnel attribute with the Tunnel Type set to Ingress Replication and the Tunnel Identifier set to a routable address of the PE. The PMSI Tunnel attribute MUST carry a downstream assigned MPLS label. This label is used to demultiplex the broadcast, multicast, or unknown unicast EVPN traffic received over an MP2P tunnel by the PE.
+ 如果发起广告的PE对EVPN的P隧道使用入口复制,则路由必须包括PMSI隧道属性,隧道类型设置为入口复制,隧道标识符设置为PE的可路由地址。PMSI隧道属性必须带有下游分配的MPLS标签。此标签用于将PE通过MP2P隧道接收的广播、多播或未知单播EVPN流量解复用。
+ The Leaf Information Required flag of the PMSI Tunnel attribute MUST be set to zero and MUST be ignored on receipt.
+ PMSI Tunnel属性的Leaf Information Required标志必须设置为零,并且在收到时必须忽略。
The procedures in this document do not require the PEs to flood unknown unicast traffic to other PEs. If PEs learn CE MAC addresses via a control-plane protocol, the PEs can then distribute MAC addresses via BGP, and all unicast MAC addresses will be learned prior to traffic to those destinations.
本文件中的程序不要求PEs将未知单播通信量涌入其他PEs。如果PEs通过控制平面协议学习CE MAC地址,则PEs可以通过BGP分配MAC地址,并且所有单播MAC地址将在传输到这些目的地之前被学习。
However, if a destination MAC address of a received packet is not known by the PE, the PE may have to flood the packet. When flooding, one must take into account "split-horizon forwarding" as follows: The principles behind the following procedures are borrowed from the split-horizon forwarding rules in VPLS solutions [RFC4761] [RFC4762]. When a PE capable of flooding (say PEx) receives an unknown destination MAC address, it floods the frame. If the frame arrived from an attached CE, PEx must send a copy of that frame on every Ethernet segment (belonging to that EVI) for which it is the DF, other than the Ethernet segment on which it received the frame. In addition, the PE must flood the frame to all other PEs participating in that EVPN instance. If, on the other hand, the frame arrived from another PE (say PEy), PEx must send a copy of the packet on each Ethernet segment (belonging to that EVI) for which it is the DF. PEx MUST NOT send the frame to other PEs, since PEy would have already done so. Split-horizon forwarding rules apply to unknown MAC addresses.
然而,如果PE不知道接收到的分组的目的地MAC地址,则PE可能必须泛洪该分组。在泛洪时,必须考虑如下“分割地平线转发”:以下过程背后的原则借鉴了VPLS解决方案[RFC4761][RFC4762]中的分割地平线转发规则。当能够泛洪的PE(比如PEx)接收到未知的目标MAC地址时,它会泛洪帧。如果帧来自连接的CE,PEx必须在其作为DF的每个以太网段(属于该EVI)上发送该帧的副本,而不是在其接收帧的以太网段上。此外,PE必须向参与该EVPN实例的所有其他PE泛洪帧。另一方面,如果帧从另一个PE(比如PEy)到达,PEx必须在其为DF的每个以太网段(属于该EVI)上发送数据包的副本。PEx不得将帧发送给其他PE,因为PEy已经这样做了。拆分地平线转发规则适用于未知MAC地址。
Whether or not to flood packets to unknown destination MAC addresses should be an administrative choice, depending on how learning happens between CEs and PEs.
是否将数据包洪泛到未知的目标MAC地址应该是一个管理选择,这取决于CE和PEs之间的学习方式。
The PEs in a particular EVPN instance may use ingress replication using RSVP-TE P2P LSPs or LDP MP2P LSPs for sending unknown unicast traffic to other PEs. Or, they may use RSVP-TE P2MP or LDP P2MP for sending such traffic to other PEs.
特定EVPN实例中的PEs可以使用使用RSVP-TE P2P lsp或LDP MP2P lsp的入口复制来向其他PEs发送未知的单播流量。或者,他们可以使用RSVP-TE P2MP或LDP P2MP向其他PE发送此类流量。
If ingress replication is in use, the P-tunnel attribute, carried in the Inclusive Multicast Ethernet Tag routes for the EVPN instance, specifies the downstream label that the other PEs can use to send unknown unicast, multicast, or broadcast traffic for that EVPN instance to this particular PE.
如果正在使用入口复制,则EVPN实例的包含性多播以太网标记路由中携带的P-tunnel属性指定下游标签,其他PE可使用该标签将该EVPN实例的未知单播、多播或广播流量发送到此特定PE。
The PE that receives a packet with this particular MPLS label MUST treat the packet as a broadcast, multicast, or unknown unicast packet. Further, if the MAC address is a unicast MAC address, the PE MUST treat the packet as an unknown unicast packet.
接收具有此特定MPLS标签的数据包的PE必须将该数据包视为广播、多播或未知单播数据包。此外,如果MAC地址是单播MAC地址,则PE必须将该分组视为未知单播分组。
The procedures for using P2MP LSPs are very similar to the VPLS procedures described in [RFC7117]. The P-tunnel attribute used by a PE for sending unknown unicast, broadcast, or multicast traffic for a particular EVPN instance is advertised in the Inclusive Multicast Ethernet Tag route as described in Section 11 ("Handling of Multi-destination Traffic").
使用P2MP LSP的程序与[RFC7117]中描述的VPLS程序非常相似。PE用于发送特定EVPN实例的未知单播、广播或多播流量的P隧道属性在第11节(“多目的地流量的处理”)中描述的包容性多播以太网标记路由中公布。
The P-tunnel attribute specifies the P2MP LSP identifier. This is the equivalent of an Inclusive tree as described in [RFC7117]. Note that multiple Ethernet tags, which may be in different EVPN instances, may use the same P2MP LSP, using upstream labels [RFC7117]. This is the equivalent of an Aggregate Inclusive tree [RFC7117]. When P2MP LSPs are used for flooding unknown unicast traffic, packet reordering is possible.
P-tunnel属性指定P2MP LSP标识符。这相当于[RFC7117]中所述的包含树。注意,可能位于不同EVPN实例中的多个以太网标签可能使用相同的P2MP LSP,使用上游标签[RFC7117]。这相当于聚合包含树[RFC7117]。当P2MP LSP用于淹没未知单播流量时,数据包重新排序是可能的。
The PE that receives a packet on the P2MP LSP specified in the PMSI Tunnel attribute MUST treat the packet as a broadcast, multicast, or unknown unicast packet. Further, if the MAC address is a unicast MAC address, the PE MUST treat the packet as an unknown unicast packet.
在PMSI隧道属性中指定的P2MP LSP上接收数据包的PE必须将该数据包视为广播、多播或未知单播数据包。此外,如果MAC地址是单播MAC地址,则PE必须将该分组视为未知单播分组。
This section describes procedures for forwarding unicast packets by PEs, where such packets are received from either directly connected CEs or some other PEs.
本节描述PEs转发单播数据包的过程,其中此类数据包从直接连接的CEs或其他一些PEs接收。
When a PE receives a packet from a CE, on a given Ethernet Tag ID, it must first look up the source MAC address of the packet. In certain environments that enable MAC security, the source MAC address MAY be used to validate the host identity and determine that traffic from the host can be allowed into the network. Source MAC lookup MAY also be used for local MAC address learning.
当PE收到来自CE的数据包时,在给定的以太网标签ID上,它必须首先查找数据包的源MAC地址。在某些启用MAC安全性的环境中,源MAC地址可用于验证主机标识并确定允许来自主机的流量进入网络。源MAC查找也可用于本地MAC地址学习。
If the PE decides to forward the packet, the destination MAC address of the packet must be looked up. If the PE has received MAC address advertisements for this destination MAC address from one or more other PEs or has learned it from locally connected CEs, the MAC address is considered a known MAC address. Otherwise, it is considered an unknown MAC address.
如果PE决定转发数据包,则必须查找数据包的目标MAC地址。如果PE已从一个或多个其他PE接收到该目的地MAC地址的MAC地址播发,或已从本地连接的CE获悉该MAC地址,则该MAC地址被视为已知MAC地址。否则,它将被视为未知MAC地址。
For known MAC addresses, the PE forwards this packet to one of the remote PEs or to a locally attached CE. When forwarding to a remote PE, the packet is encapsulated in the EVPN MPLS label advertised by the remote PE, for that MAC address, and in the MPLS LSP label stack to reach the remote PE.
对于已知的MAC地址,PE将该数据包转发给一个远程PE或本地连接的CE。当转发到远程PE时,数据包被封装在远程PE为该MAC地址播发的EVPN MPLS标签中,并封装在MPLS LSP标签堆栈中以到达远程PE。
If the MAC address is unknown and if the administrative policy on the PE requires flooding of unknown unicast traffic, then:
如果MAC地址未知,并且PE上的管理策略要求未知单播流量泛滥,则:
- The PE MUST flood the packet to other PEs. The PE MUST first encapsulate the packet in the ESI MPLS label as described in Section 8.3. If ingress replication is used, the packet MUST be replicated to each remote PE, with the VPN label being an MPLS label determined as follows: This is the MPLS label advertised by the remote PE in a PMSI Tunnel attribute in the Inclusive Multicast Ethernet Tag route for a <MAC-VRF> or <MAC-VRF, Ethernet tag> combination.
- PE必须将数据包洪泛到其他PE。PE必须首先将数据包封装在ESI MPLS标签中,如第8.3节所述。如果使用入口复制,则必须将数据包复制到每个远程PE,VPN标签为MPLS标签,确定如下:这是远程PE在包含多播以太网标签路由中的PMSI隧道属性中为<MAC-VRF>或<MAC-VRF,以太网标签>组合播发的MPLS标签。
The Ethernet tag in the route may be the same as the Ethernet tag associated with the interface on which the ingress PE receives the packet. If P2MP LSPs are being used, the packet MUST be sent on the P2MP LSP of which the PE is the root, for the Ethernet tag in the EVPN instance. If the same P2MP LSP is used for all Ethernet tags, then all the PEs in the EVPN instance MUST be the leaves of the P2MP LSP. If a distinct P2MP LSP is used for a given Ethernet tag in the EVPN instance, then only the PEs in the Ethernet tag MUST be the leaves of the P2MP LSP. The packet MUST be encapsulated in the P2MP LSP label stack.
路由中的以太网标签可以与入口PE在其上接收分组的接口相关联的以太网标签相同。如果正在使用P2MP LSP,则必须在PE为根的P2MP LSP上发送数据包,用于EVPN实例中的以太网标记。如果所有以太网标签使用相同的P2MP LSP,则EVPN实例中的所有PE必须是P2MP LSP的叶子。如果EVPN实例中的给定以太网标记使用了不同的P2MP LSP,那么只有以太网标记中的PE必须是P2MP LSP的叶子。数据包必须封装在P2MP LSP标签堆栈中。
If the MAC address is unknown, then, if the administrative policy on the PE does not allow flooding of unknown unicast traffic:
如果MAC地址未知,则如果PE上的管理策略不允许未知单播流量泛滥:
- the PE MUST drop the packet.
- PE必须丢弃数据包。
This section describes the procedures for forwarding known and unknown unicast packets received from a remote PE.
本节描述转发从远程PE接收的已知和未知单播数据包的过程。
When a PE receives an MPLS packet from a remote PE, then, after processing the MPLS label stack, if the top MPLS label ends up being a P2MP LSP label associated with an EVPN instance or -- in the case of ingress replication -- the downstream label advertised in the P-tunnel attribute, and after performing the split-horizon procedures described in Section 8.3:
当PE从远程PE接收到MPLS数据包时,在处理MPLS标签堆栈之后,如果顶部MPLS标签最终是与EVPN实例关联的P2MP LSP标签,或者在入口复制的情况下,是在P隧道属性中通告的下游标签,在执行第8.3节所述的拆分地平线程序后:
- If the PE is the designated forwarder of BUM traffic on a particular set of ESIs for the Ethernet tag, the default behavior is for the PE to flood the packet on these ESIs. In other words, the default behavior is for the PE to assume that for BUM traffic it is not required to perform a destination MAC address lookup. As an option, the PE may perform a destination MAC lookup to flood the packet to only a subset of the CE interfaces in the Ethernet tag. For instance, the PE may decide to not flood a BUM packet on certain Ethernet segments even if it is the DF on the Ethernet segment, based on administrative policy.
- 如果PE是以太网标签特定ESI集上BUM流量的指定转发器,则默认行为是PE在这些ESI上泛洪数据包。换句话说,PE的默认行为是假设对于BUM流量,不需要执行目标MAC地址查找。作为一个选项,PE可以执行目的地MAC查找,以仅将分组泛洪到以太网标签中的CE接口的子集。例如,基于管理策略,PE可以决定不在某些以太网段上泛滥BUM分组,即使它是以太网段上的DF。
- If the PE is not the designated forwarder on any of the ESIs for the Ethernet tag, the default behavior is for it to drop the packet.
- 如果PE不是任何ESI上以太网标签的指定转发器,则默认行为是丢弃数据包。
If the top MPLS label ends up being an EVPN label that was advertised in the unicast MAC advertisements, then the PE either forwards the packet based on CE next-hop forwarding information associated with the label or does a destination MAC address lookup to forward the packet to a CE.
如果顶部MPLS标签最终是在单播MAC广告中广告的EVPN标签,则PE或者基于与标签相关联的CE下一跳转发信息转发分组,或者执行目的地MAC地址查找以将分组转发到CE。
This section specifies the load-balancing procedures for sending known unicast packets to a multihomed CE.
本节规定了将已知单播数据包发送到多址CE的负载平衡过程。
Whenever a remote PE imports a MAC/IP Advertisement route for a given <ESI, Ethernet tag> in a MAC-VRF, it MUST examine all imported Ethernet A-D routes for that ESI in order to determine the load-balancing characteristics of the Ethernet segment.
每当远程PE为MAC-VRF中的给定<ESI,Ethernet tag>导入MAC/IP播发路由时,它必须检查该ESI的所有导入以太网a-D路由,以确定以太网段的负载平衡特性。
For a given ES, if the remote PE has imported the set of Ethernet A-D per ES routes from at least one PE, where the "Single-Active" flag in the ESI Label extended community is set, then the remote PE MUST deduce that the ES is operating in Single-Active redundancy mode. As such, the MAC address will be reachable only via the PE announcing the associated MAC/IP Advertisement route -- this is referred to as the primary PE. The other PEs advertising the set of Ethernet A-D per ES routes for the same ES provide backup paths for that ES, in case the primary PE encounters a failure, and are referred to as backup PEs. It should be noted that the primary PE for a given <ES, VLAN> (or <ES, VLAN bundle>) is the DF for that <ES, VLAN> (or <ES, VLAN bundle>).
对于给定的ES,如果远程PE已从至少一个PE导入以太网a-D per ES路由集,其中设置了ESI标签扩展社区中的“单一活动”标志,则远程PE必须推断ES在单一活动冗余模式下运行。因此,MAC地址只能通过宣布相关MAC/IP播发路由的PE访问——这被称为主PE。在主PE发生故障的情况下,为同一ES提供以太网A-D per ES路由集广告的其他PE为该ES提供备份路径,称为备份PE。应该注意,给定的<ES,VLAN>(或<ES,VLAN bundle>)的主PE是该<ES,VLAN>(或<ES,VLAN bundle>)的DF。
If the primary PE encounters a failure, it MAY withdraw its set of Ethernet A-D per ES routes for the affected ES prior to withdrawing its set of MAC/IP Advertisement routes.
如果主PE遇到故障,则可在撤回其MAC/IP播发路由集之前,撤回其针对受影响ES的以太网a-D每ES路由集。
If there is only one backup PE for a given ES, the remote PE MAY use the primary PE's withdrawal of its set of Ethernet A-D per ES routes as a trigger to update its forwarding entries, for the associated MAC addresses, to point towards the backup PE. As the backup PE starts learning the MAC addresses over its attached ES, it will start sending MAC/IP Advertisement routes while the failed PE withdraws its routes. This mechanism minimizes the flooding of traffic during fail-over events.
如果给定ES只有一个备份PE,则远程PE可以使用主PE撤回其每ES路由的以太网a-D集作为触发器,以更新其转发条目(针对相关MAC地址)以指向备份PE。当备份PE开始通过其连接的ES学习MAC地址时,它将开始发送MAC/IP播发路由,而失败的PE将撤回其路由。此机制将故障转移事件期间的流量洪流降至最低。
If there is more than one backup PE for a given ES, the remote PE MUST use the primary PE's withdrawal of its set of Ethernet A-D per ES routes as a trigger to start flooding traffic for the associated MAC addresses (as long as flooding of unknown unicast packets is administratively allowed), as it is not possible to select a single backup PE.
如果给定ES有多个备份PE,则远程PE必须使用主PE提取其每ES的以太网a-D路由集作为触发,以开始泛洪相关MAC地址的通信量(只要管理上允许泛洪未知单播数据包),因为无法选择单个备份PE。
For a given ES, if the remote PE has imported the set of Ethernet A-D per ES routes from one or more PEs and none of them have the "Single-Active" flag in the ESI Label extended community set, then the remote PE MUST deduce that the ES is operating in All-Active redundancy mode. A remote PE that receives a MAC/IP Advertisement route with a non-reserved ESI SHOULD consider the advertised MAC address to be reachable via all PEs that have advertised reachability to that MAC address's EVI/ES via the combination of an Ethernet A-D per EVI route for that EVI/ES (and Ethernet tag, if applicable) AND an Ethernet A-D per ES route for that ES. The remote PE MUST use
对于给定的ES,如果远程PE已从一个或多个PE导入以太网a-D per ES路由集,且其中没有一个在ESI标签扩展社区集中具有“单一活动”标志,则远程PE必须推断ES在所有活动冗余模式下运行。接收非保留ESI的MAC/IP广告路由的远程PE应该考虑通过所有EPE的可到达的MAC地址来访问所述MAC地址,所述PES通过EVI/ES的每个EVI路由的以太网Ad的组合(以及以太网标签,如果适用)对MAC地址的EVI/ES进行广告可达性。以及每个ES路由用于该ES的以太网A-D。远程PE必须使用
received MAC/IP Advertisement routes and Ethernet A-D per EVI/per ES routes to construct the set of next hops for the advertised MAC address.
接收到的MAC/IP播发路由和以太网A-D per EVI/per ES路由,用于为播发的MAC地址构造下一跳集。
Each next hop comprises an MPLS label stack that is to be used by the egress PE to forward the packet. This label stack is determined as follows:
每个下一跳包括将由出口PE用于转发分组的MPLS标签栈。此标签堆栈的确定如下所示:
- If the next hop is constructed as a result of a MAC route, then this label stack MUST be used. However, if the MAC route doesn't exist for that PE, then the next hop and the MPLS label stack are constructed as a result of the Ethernet A-D routes. Note that the following description applies to determining the label stack for a particular next hop to reach a given PE, from which the remote PE has received and imported Ethernet A-D routes that have the same ESI and Ethernet tag as the ones present in the MAC advertisement. The Ethernet A-D routes mentioned in the following description refer to the ones imported from this given PE.
- 如果下一跳是由于MAC路由而构造的,则必须使用此标签堆栈。但是,如果该PE不存在MAC路由,则下一跳和MPLS标签堆栈将作为以太网a-D路由的结果构建。注意,以下描述适用于确定特定下一跳到达给定PE的标签堆栈,远程PE已从该给定PE接收并导入具有与MAC广告中存在的相同ESI和以太网标签的以太网a-D路由。以下描述中提到的以太网A-D路由是指从该给定PE导入的路由。
- If a set of Ethernet A-D per ES routes for that ES AND an Ethernet A-D route per EVI exist, only then must the label from that latter route be used.
- 如果存在该ES的一组以太网a-D每ES路由和一组以太网a-D每EVI路由,则必须使用后一个路由的标签。
The following example explains the above.
下面的示例解释了上述内容。
Consider a CE (CE1) that is dual-homed to two PEs (PE1 and PE2) on a LAG interface (ES1), and is sending packets with source MAC address MAC1 on VLAN1 (mapped to EVI1). A remote PE, say PE3, is able to learn that MAC1 is reachable via PE1 and PE2. Both PE1 and PE2 may advertise MAC1 in BGP if they receive packets with MAC1 from CE1. If this is not the case, and if MAC1 is advertised only by PE1, PE3 still considers MAC1 as reachable via both PE1 and PE2, as both PE1 and PE2 advertise a set of Ethernet A-D per ES routes for ES1 as well as an Ethernet A-D per EVI route for <EVI1, ES1>.
考虑在滞后接口(ES1)上对两个PES(PE1和PE2)进行双重归巢的CE(CE1),并且在VLAN1上发送源MAC地址MAC1的分组(映射到EVI1)。远程PE(如PE3)能够了解通过PE1和PE2可以访问MAC1。如果PE1和PE2从CE1接收到带有MAC1的数据包,则它们可以在BGP中公布MAC1。如果情况并非如此,并且如果MAC1仅由PE1发布,PE3仍然认为MAC1可以通过PE1和PE2访问,因为PE1和PE2都为ES1发布了一组每ES路由的以太网a-D,以及为<EVI1,ES1>发布了每EVI路由的以太网a-D。
The MPLS label stack to send the packets to PE1 is the MPLS LSP stack to get to PE1 (at the top of the stack) followed by the EVPN label advertised by PE1 for CE1's MAC.
将数据包发送到PE1的MPLS标签堆栈是到达PE1(在堆栈顶部)的MPLS LSP堆栈,然后是PE1为CE1的MAC播发的EVPN标签。
The MPLS label stack to send packets to PE2 is the MPLS LSP stack to get to PE2 (at the top of the stack) followed by the MPLS label in the Ethernet A-D route advertised by PE2 for <ES1, VLAN1>, if PE2 has not advertised MAC1 in BGP.
向PE2发送数据包的MPLS标签堆栈是到达PE2(在堆栈顶部)的MPLS LSP堆栈,如果PE2未在BGP中通告MAC1,则在PE2为<ES1,VLAN1>通告的以太网A-D路由中紧跟MPLS标签。
We will refer to these label stacks as MPLS next hops.
我们将这些标签栈称为MPLS下一跳。
The remote PE (PE3) can now load balance the traffic it receives from its CEs, destined for CE1, between PE1 and PE2. PE3 may use N-tuple flow information to hash traffic into one of the MPLS next hops for load balancing of IP traffic. Alternatively, PE3 may rely on the source MAC addresses for load balancing.
远程PE(PE3)现在可以在PE1和PE2之间平衡从其CEs(目的地为CE1)接收的流量。PE3可以使用N元组流信息将流量散列到MPLS下一跳中的一个,以实现IP流量的负载平衡。或者,PE3可以依赖源MAC地址进行负载平衡。
Note that once PE3 decides to send a particular packet to PE1 or PE2, it can pick one out of multiple possible paths to reach the particular remote PE using regular MPLS procedures. For instance, if the tunneling technology is based on RSVP-TE LSPs and PE3 decides to send a particular packet to PE1, then PE3 can choose from multiple RSVP-TE LSPs that have PE1 as their destination.
请注意,一旦PE3决定向PE1或PE2发送特定数据包,它就可以使用常规MPLS过程从多个可能路径中选择一个路径来到达特定的远程PE。例如,如果隧道技术基于RSVP-TE lsp,并且PE3决定向PE1发送特定分组,那么PE3可以从多个以PE1为目的地的RSVP-TE lsp中进行选择。
When PE1 or PE2 receives the packet destined for CE1 from PE3, if the packet is a known unicast, it is forwarded to CE1. If it is a BUM packet, then only one of PE1 or PE2 must forward the packet to the CE. Whether PE1 or PE2 forwards this packet to the CE is determined based on which of the two is the DF.
当PE1或PE2从PE3接收到目的地为CE1的分组时,如果该分组是已知的单播,则将其转发到CE1。如果是BUM数据包,则PE1或PE2中只有一个必须将数据包转发给CE。PE1或PE2是否将该分组转发给CE取决于两者中哪一个是DF。
A CE may be configured with more than one interface connected to different PEs or the same PE for load balancing, using a technology such as a LAG. The PE(s) and the CE can load balance traffic onto these interfaces using one of the following mechanisms.
CE可以配置多个连接到不同PE或相同PE的接口,以便使用LAG等技术进行负载平衡。PE和CE可以使用以下机制之一将流量负载平衡到这些接口上。
Consider that the PEs perform data-plane learning for local MAC addresses learned from local CEs. This enables the PE(s) to learn a particular MAC address and associate it with one or more interfaces, if the technology between the PE and the CE supports multipathing. The PEs can now load balance traffic destined to that MAC address on the multiple interfaces.
考虑PES执行从本地CES学习的本地MAC地址的数据平面学习。如果PE和CE之间的技术支持多路径,则这使PE能够了解特定MAC地址并将其与一个或多个接口关联。PEs现在可以在多个接口上对发送到该MAC地址的流量进行负载平衡。
Whether the CE can load balance traffic that it generates on the multiple interfaces is dependent on the CE implementation.
CE是否能够在多个接口上生成负载平衡流量取决于CE实现。
The CE can be a host that advertises the same MAC address using a control protocol on all interfaces. This enables the PE(s) to learn the host's MAC address and associate it with all interfaces. The PEs can now load balance traffic destined to the host on all these interfaces. The host can also load balance the traffic it generates onto these interfaces, and the PE that receives the traffic employs EVPN forwarding procedures to forward the traffic.
CE可以是在所有接口上使用控制协议播发相同MAC地址的主机。这使PE能够了解主机的MAC地址并将其与所有接口关联。PEs现在可以在所有这些接口上对发送到主机的流量进行负载平衡。主机还可以负载平衡它在这些接口上生成的流量,接收流量的PE使用EVPN转发过程转发流量。
It is possible for a given host or end-station (as defined by its MAC address) to move from one Ethernet segment to another; this is referred to as 'MAC Mobility' or 'MAC move', and it is different from the multihoming situation in which a given MAC address is reachable via multiple PEs for the same Ethernet segment. In a MAC move, there would be two sets of MAC/IP Advertisement routes -- one set with the new Ethernet segment and one set with the previous Ethernet segment -- and the MAC address would appear to be reachable via each of these segments.
给定的主机或终端站(由其MAC地址定义)可以从一个以太网段移动到另一个以太网段;这被称为“MAC移动”或“MAC移动”,与多归属情况不同,在多归属情况下,给定的MAC地址可通过同一以太网段的多个PE访问。在MAC移动中,将有两组MAC/IP广告路由——一组带有新的以太网段,另一组带有以前的以太网段——并且MAC地址似乎可以通过这些段中的每一段访问。
In order to allow all of the PEs in the EVPN instance to correctly determine the current location of the MAC address, all advertisements of it being reachable via the previous Ethernet segment MUST be withdrawn by the PEs, for the previous Ethernet segment, that had advertised it.
为了允许EVPN实例中的所有PE正确确定MAC地址的当前位置,必须由已发布的前一个以太网段的PEs撤销通过前一个以太网段可访问的该MAC地址的所有发布。
If local learning is performed using the data plane, these PEs will not be able to detect that the MAC address has moved to another Ethernet segment, and the receipt of MAC/IP Advertisement routes, with the MAC Mobility extended community attribute, from other PEs serves as the trigger for these PEs to withdraw their advertisements. If local learning is performed using the control or management planes, these interactions serve as the trigger for these PEs to withdraw their advertisements.
如果使用数据平面执行本地学习,这些PE将无法检测到MAC地址已移动到另一个以太网段,并且从其他PE接收到具有MAC移动扩展社区属性的MAC/IP播发路由将作为这些PE撤回播发的触发器。如果使用控制或管理平面执行本地学习,则这些交互将触发这些PE撤销其广告。
In a situation where there are multiple moves of a given MAC, possibly between the same two Ethernet segments, there may be multiple withdrawals and re-advertisements. In order to ensure that all PEs in the EVPN instance receive all of these correctly through the intervening BGP infrastructure, introducing a sequence number into the MAC Mobility extended community attribute is necessary.
在给定MAC的多个移动(可能在相同的两个以太网段之间)的情况下,可能存在多个提取和重新播发。为了确保EVPN实例中的所有PE通过介入BGP基础设施正确接收所有这些,有必要在MAC移动扩展社区属性中引入序列号。
In order to process mobility events correctly, an implementation MUST handle scenarios in which sequence number wraparound occurs.
为了正确处理移动性事件,实现必须处理发生序号环绕的场景。
Every MAC mobility event for a given MAC address will contain a sequence number that is set using the following rules:
给定MAC地址的每个MAC移动事件将包含使用以下规则设置的序列号:
- A PE advertising a MAC address for the first time advertises it with no MAC Mobility extended community attribute.
- 首次播发MAC地址的PE在没有MAC移动扩展社区属性的情况下播发MAC地址。
- A PE detecting a locally attached MAC address for which it had previously received a MAC/IP Advertisement route with a different Ethernet segment identifier advertises the MAC address in a MAC/IP Advertisement route tagged with a MAC Mobility extended community attribute with a sequence number one greater than the sequence
- 检测到其先前接收到具有不同以太网段标识符的MAC/IP播发路由的本地附加MAC地址的PE在标记有MAC移动性扩展社区属性的MAC/IP播发路由中播发MAC地址,该MAC地址的序列号大于该序列号1
number in the MAC Mobility extended community attribute of the received MAC/IP Advertisement route. In the case of the first mobility event for a given MAC address, where the received MAC/IP Advertisement route does not carry a MAC Mobility extended community attribute, the value of the sequence number in the received route is assumed to be 0 for the purpose of this processing.
接收到的MAC/IP播发路由的MAC移动扩展社区属性中的编号。在给定MAC地址的第一移动事件的情况下,在接收到的MAC/IP广告路由不携带MAC移动扩展社区属性的情况下,为了该处理的目的,假设接收到的路由中的序列号的值为0。
- A PE detecting a locally attached MAC address for which it had previously received a MAC/IP Advertisement route with the same non-zero Ethernet segment identifier advertises it with:
- 检测到本地连接的MAC地址的PE,其先前已接收到具有相同非零以太网段标识符的MAC/IP播发路由,并通过以下方式播发:
1. no MAC Mobility extended community attribute, if the received route did not carry said attribute.
1. 如果接收到的路由没有携带所述属性,则没有MAC移动扩展社区属性。
2. a MAC Mobility extended community attribute with the sequence number equal to the highest of the sequence number(s) in the received MAC/IP Advertisement route(s), if the received route(s) is (are) tagged with a MAC Mobility extended community attribute.
2. 如果接收到的路由被标记有MAC移动扩展社区属性,则序列号等于接收到的MAC/IP广告路由中序列号的最高值的MAC移动扩展社区属性。
- A PE detecting a locally attached MAC address for which it had previously received a MAC/IP Advertisement route with the same zero Ethernet segment identifier (single-homed scenarios) advertises it with a MAC Mobility extended community attribute with the sequence number set properly. In the case of single-homed scenarios, there is no need for ESI comparison. ESI comparison is done for multihoming in order to prevent false detection of MAC moves among the PEs attached to the same multihomed site.
- PE检测到一个本地连接的MAC地址,其先前已接收到具有相同零以太网段标识符的MAC/IP播发路由(单宿场景),并使用MAC移动性扩展社区属性(序列号设置正确)播发该地址。在单宿场景中,不需要进行ESI比较。对多宿进行ESI比较,以防止错误检测连接到同一多宿站点的PE之间的MAC移动。
A PE receiving a MAC/IP Advertisement route for a MAC address with a different Ethernet segment identifier and a higher sequence number than that which it had previously advertised withdraws its MAC/IP Advertisement route. If two (or more) PEs advertise the same MAC address with the same sequence number but different Ethernet segment identifiers, a PE that receives these routes selects the route advertised by the PE with the lowest IP address as the best route. If the PE is the originator of the MAC route and it receives the same MAC address with the same sequence number that it generated, it will compare its own IP address with the IP address of the remote PE and will select the lowest IP. If its own route is not the best one, it will withdraw the route.
接收到MAC地址的MAC/IP播发路由且该MAC地址具有不同的以太网段标识符和比其先前播发的序列号更高的序列号的PE撤回其MAC/IP播发路由。如果两个(或多个)PE用相同的序列号但不同的以太网段标识符播发相同的MAC地址,则接收这些路由的PE将选择由具有最低IP地址的PE播发的路由作为最佳路由。如果PE是MAC路由的发起人,并且它接收到与生成的序列号相同的MAC地址,它将比较自己的IP地址与远程PE的IP地址,并选择最低的IP地址。如果它自己的路线不是最好的,它将撤回该路线。
A situation may arise where the same MAC address is learned by different PEs in the same VLAN because of two (or more) hosts being misconfigured with the same (duplicate) MAC address. In such a situation, the traffic originating from these hosts would trigger continuous MAC moves among the PEs attached to these hosts. It is important to recognize such a situation and avoid incrementing the sequence number (in the MAC Mobility extended community attribute) to infinity. In order to remedy such a situation, a PE that detects a MAC mobility event via local learning starts an M-second timer (with a default value of M = 180), and if it detects N MAC moves before the timer expires (with a default value of N = 5), it concludes that a duplicate-MAC situation has occurred. The PE MUST alert the operator and stop sending and processing any BGP MAC/IP Advertisement routes for that MAC address until a corrective action is taken by the operator. The values of M and N MUST be configurable to allow for flexibility in operator control. Note that the other PEs in the EVPN instance will forward the traffic for the duplicate MAC address to one of the PEs advertising the duplicate MAC address.
可能会出现这样的情况:由于两台(或多台)主机错误配置了相同(重复)MAC地址,同一VLAN中的不同PE学习了相同的MAC地址。在这种情况下,来自这些主机的流量将触发连接到这些主机的PE之间的连续MAC移动。认识到这种情况并避免将序列号(在MAC移动扩展社区属性中)增加到无穷大是很重要的。为了补救这种情况,通过本地学习检测MAC移动事件的PE启动M秒计时器(默认值为M=180),并且如果它在计时器到期之前检测到N个MAC移动(默认值为N=5),则它得出结论,重复的MAC情况已经发生。PE必须提醒运营商,并停止发送和处理该MAC地址的任何BGP MAC/IP播发路由,直到运营商采取纠正措施。M和N的值必须可配置,以允许操作员控制的灵活性。请注意,EVPN实例中的其他PE会将重复MAC地址的流量转发给其中一个公布重复MAC地址的PE。
There are scenarios in which it is desired to configure some MAC addresses as static so that they are not subjected to MAC moves. In such scenarios, these MAC addresses are advertised with a MAC Mobility extended community where the static flag is set to 1 and the sequence number is set to zero. If a PE receives such advertisements and later learns the same MAC address(es) via local learning, then the PE MUST alert the operator.
在某些情况下,需要将某些MAC地址配置为静态,以便它们不受MAC移动的影响。在这种情况下,这些MAC地址通过MAC移动扩展社区进行广告,其中静态标志设置为1,序列号设置为零。如果PE收到此类广告,并随后通过本地学习学习到相同的MAC地址,则PE必须提醒操作员。
The PEs in a particular EVPN instance may use ingress replication or P2MP LSPs to send multicast traffic to other PEs.
特定EVPN实例中的PEs可以使用入口复制或P2MP lsp向其他PEs发送多播通信量。
The PEs may use ingress replication for flooding BUM traffic as described in Section 11 ("Handling of Multi-destination Traffic"). A given broadcast packet must be sent to all the remote PEs. However, a given multicast packet for a multicast flow may be sent to only a subset of the PEs. Specifically, a given multicast flow may be sent to only those PEs that have receivers that are interested in the multicast flow. Determining which of the PEs have receivers for a given multicast flow is done using explicit tracking per [RFC7117].
PEs可使用入口复制来淹没BUM流量,如第11节(“多目的地流量的处理”)所述。必须向所有远程PE发送给定的广播数据包。然而,多播流的给定多播分组可以仅发送到PEs的子集。具体地,可以仅将给定的多播流发送给具有对多播流感兴趣的接收器的那些pe。根据[RFC7117]使用显式跟踪确定哪些PE具有给定多播流的接收器。
A PE may use an "Inclusive" tree for sending a BUM packet. This terminology is borrowed from [RFC7117].
PE可以使用“包含”树来发送BUM数据包。该术语借用自[RFC7117]。
A variety of transport technologies may be used in the service provider (SP) network. For Inclusive P-multicast trees, these transport technologies include point-to-multipoint LSPs created by RSVP-TE or Multipoint LDP (mLDP).
服务提供商(SP)网络中可以使用多种传输技术。对于包容性P多播树,这些传输技术包括由RSVP-TE或多点LDP(mLDP)创建的点对多点LSP。
An Inclusive tree allows the use of a single multicast distribution tree, referred to as an Inclusive P-multicast tree, in the SP network to carry all the multicast traffic from a specified set of EVPN instances on a given PE. A particular P-multicast tree can be set up to carry the traffic originated by sites belonging to a single EVPN instance, or to carry the traffic originated by sites belonging to several EVPN instances. The ability to carry the traffic of more than one EVPN instance on the same tree is termed 'Aggregation', and the tree is called an Aggregate Inclusive P-multicast tree or Aggregate Inclusive tree for short. The Aggregate Inclusive tree needs to include every PE that is a member of any of the EVPN instances that are using the tree. This implies that a PE may receive BUM traffic even if it doesn't have any receivers that are interested in receiving that traffic.
包容性树允许在SP网络中使用单个多播分发树(称为包容性P多播树),以承载来自给定PE上指定的一组EVPN实例的所有多播流量。可以建立特定的P-多播树来承载由属于单个EVPN实例的站点发起的流量,或者承载由属于多个EVPN实例的站点发起的流量。在同一棵树上承载多个EVPN实例的流量的能力被称为“聚合”,该树被称为聚合包容性P多播树或简称为聚合包容性树。聚合包含树需要包括作为使用该树的任何EVPN实例的成员的每个PE。这意味着PE可能会接收BUM流量,即使它没有任何对接收该流量感兴趣的接收器。
An Inclusive or Aggregate Inclusive tree as defined in this document is a P2MP tree. A P2MP tree is used to carry traffic only for EVPN CEs that are connected to the PE that is the root of the tree.
本文档中定义的包含树或聚合包含树是P2MP树。P2MP树仅用于承载连接到树根PE的EVPN CE的流量。
The procedures for signaling an Inclusive tree are the same as those in [RFC7117], with the VPLS A-D route replaced with the Inclusive Multicast Ethernet Tag route. The P-tunnel attribute [RFC7117] for an Inclusive tree is advertised with the Inclusive Multicast Ethernet Tag route as described in Section 11 ("Handling of Multi-destination Traffic"). Note that for an Aggregate Inclusive tree, a PE can "aggregate" multiple EVPN instances on the same P2MP LSP using upstream labels. The procedures for aggregation are the same as those described in [RFC7117], with VPLS A-D routes replaced by EVPN Inclusive Multicast Ethernet Tag routes.
向包含树发送信号的过程与[RFC7117]中的过程相同,VPLS A-D路由替换为包含多播以太网标记路由。如第11节(“多目的地流量的处理”)所述,包容性树的P隧道属性[RFC7117]通过包容性多播以太网标记路由进行通告。请注意,对于聚合包含树,PE可以使用上游标签“聚合”同一P2MP LSP上的多个EVPN实例。聚合过程与[RFC7117]中描述的过程相同,VPLS A-D路由被EVPN包含的多播以太网标记路由替换。
This section describes failure recovery from different types of network failures.
本节介绍从不同类型的网络故障中恢复故障。
The use of existing MPLS fast-reroute mechanisms can provide failure recovery on the order of 50 ms, in the event of transit link and node failures in the infrastructure that connects the PEs.
在连接PEs的基础设施中发生传输链路和节点故障的情况下,使用现有MPLS快速重路由机制可以提供大约50毫秒的故障恢复。
Consider a host CE1 that is dual-homed to PE1 and PE2. If PE1 fails, a remote PE, PE3, can discover this based on the failure of the BGP session. This failure detection can be in the sub-second range if Bidirectional Forwarding Detection (BFD) is used to detect BGP session failures. PE3 can update its forwarding state to start sending all traffic for CE1 to only PE2.
考虑一个宿主CE1,它是PE1和PE2的双重归宿。如果PE1失败,远程PE PE3可以根据BGP会话的失败来发现这一点。如果使用双向转发检测(BFD)检测BGP会话故障,则此故障检测可以在亚秒范围内。PE3可以更新其转发状态,以开始仅向PE2发送CE1的所有流量。
If the connectivity between the multihomed CE and one of the PEs to which it is attached fails, the PE MUST withdraw the set of Ethernet A-D per ES routes that had been previously advertised for that ES. This enables the remote PEs to remove the MPLS next hop to this particular PE from the set of MPLS next hops that can be used to forward traffic to the CE. When the MAC entry on the PE ages out, the PE MUST withdraw the MAC address from BGP.
如果多宿CE与其所连接的其中一个PE之间的连接出现故障,则该PE必须撤回先前为该ES播发的以太网A-D per ES路由集。这使得远程PE能够从可用于将流量转发到CE的MPLS下一跳集合中移除到该特定PE的MPLS下一跳。当PE上的MAC项过期时,PE必须从BGP中提取MAC地址。
When an Ethernet tag is decommissioned on an Ethernet segment, then the PE MUST withdraw the Ethernet A-D per EVI route(s) announced for the <ESI, Ethernet tags> that are impacted by the decommissioning. In addition, the PE MUST also withdraw the MAC/IP Advertisement routes that are impacted by the decommissioning.
当以太网段上的以太网标签停用时,PE必须根据为受停用影响的<ESI,Ethernet tags>宣布的EVI路由撤回以太网A-D。此外,PE还必须撤回受退役影响的MAC/IP广告路由。
The Ethernet A-D per ES routes should be used by an implementation to optimize the withdrawal of MAC/IP Advertisement routes. When a PE receives a withdrawal of a particular Ethernet A-D route from an advertising PE, it SHOULD consider all the MAC/IP Advertisement routes that are learned from the same ESI as in the Ethernet A-D route from the advertising PE as having been withdrawn. This optimizes the network convergence times in the event of PE-to-CE failures.
实施应使用以太网A-D per ES路由来优化MAC/IP广告路由的撤回。当PE从广告PE接收到特定的以太网A -D路由的退出时,它应该考虑从相同的ESI中学习的所有MAC / IP广告路由,如从已被撤回的广告PE中的以太网A- D路由中所学到的。这优化了PE到CE故障时的网络收敛时间。
In a MAC address, if the value of the first nibble (bits 8 through 5) of the most significant octet of the destination MAC address (which follows the last MPLS label) happens to be 0x4 or 0x6, then the Ethernet frame can be misinterpreted as an IPv4 or IPv6 packet by intermediate P nodes performing ECMP based on deep packet inspection, thus resulting in load balancing packets belonging to the same flow on different ECMP paths and subjecting those packets to different delays. Therefore, packets belonging to the same flow can arrive at the destination out of order. This out-of-order delivery can happen during steady state in the absence of any failures, resulting in significant impact on network operations.
在MAC地址中,如果目标MAC地址(位于最后一个MPLS标签之后)的最高有效八位字节的第一个半字节(比特8到5)的值恰好为0x4或0x6,则中间P节点基于深度数据包检查执行ECMP,可能会将以太网帧误解为IPv4或IPv6数据包,从而导致在不同ECMP路径上属于相同流的负载平衡数据包,并使这些数据包受到不同的延迟。因此,属于同一流的数据包可能会无序地到达目的地。这种无序交付可能发生在没有任何故障的稳定状态下,对网络运行造成重大影响。
In order to avoid any such misordering, the following rules are applied:
为避免任何此类错误排序,适用以下规则:
- If a network uses deep packet inspection for its ECMP, then the "Preferred PW MPLS Control Word" [RFC4385] SHOULD be used with the value 0 (e.g., a 4-octet field with a value of zero) when sending EVPN-encapsulated packets over an MP2P LSP.
- 如果网络对其ECMP使用深度数据包检查,则在通过MP2P LSP发送EVPN封装的数据包时,“首选PW MPLS控制字”[RFC4385]应与值0一起使用(例如,值为零的4个八位组字段)。
- If a network uses entropy labels [RFC6790], then the control word SHOULD NOT be used when sending EVPN-encapsulated packets over an MP2P LSP.
- 如果网络使用熵标签[RFC6790],则在通过MP2P LSP发送EVPN封装的数据包时不应使用控制字。
- When sending EVPN-encapsulated packets over a P2MP LSP or P2P LSP, then the control word SHOULD NOT be used.
- 当通过P2MP LSP或P2P LSP发送EVPN封装的数据包时,不应使用控制字。
Security considerations discussed in [RFC4761] and [RFC4762] apply to this document for MAC learning in the data plane over an Attachment Circuit (AC) and for flooding of unknown unicast and ARP messages over the MPLS/IP core. Security considerations discussed in [RFC4364] apply to this document for MAC learning in the control plane over the MPLS/IP core. This section describes additional considerations.
[RFC4761]和[RFC4762]中讨论的安全注意事项适用于本文档中连接电路(AC)上数据平面中的MAC学习,以及MPLS/IP核心上未知单播和ARP消息的泛滥。[RFC4364]中讨论的安全注意事项适用于本文档,用于MPLS/IP核心上控制平面中的MAC学习。本节介绍其他注意事项。
As mentioned in [RFC4761], there are two aspects to achieving data privacy and protecting against denial-of-service attacks in a VPN: securing the control plane and protecting the forwarding path. Compromise of the control plane could result in a PE sending customer data belonging to some EVPN to another EVPN, or black-holing EVPN customer data, or even sending it to an eavesdropper, none of which are acceptable from a data privacy point of view. In addition, compromise of the control plane could provide opportunities for
如[RFC4761]所述,在VPN中实现数据隐私和防止拒绝服务攻击有两个方面:保护控制平面和保护转发路径。控制平面的泄露可能导致PE将属于某个EVPN的客户数据发送给另一个EVPN,或对EVPN客户数据进行黑洞处理,甚至将其发送给窃听者,从数据隐私的角度来看,这些都是不可接受的。此外,控制平面的折衷可能提供以下机会:
unauthorized EVPN data usage (e.g., exploiting traffic replication within a multicast tree to amplify a denial-of-service attack based on sending large amounts of traffic).
未经授权的EVPN数据使用(例如,利用多播树中的流量复制来放大基于发送大量流量的拒绝服务攻击)。
The mechanisms in this document use BGP for the control plane. Hence, techniques such as those discussed in [RFC5925] help authenticate BGP messages, making it harder to spoof updates (which can be used to divert EVPN traffic to the wrong EVPN instance) or withdrawals (denial-of-service attacks). In the multi-AS backbone options (b) and (c) [RFC4364], this also means protecting the inter-AS BGP sessions between the Autonomous System Border Routers (ASBRs), the PEs, or the Route Reflectors.
本文档中的机制使用BGP作为控制平面。因此,[RFC5925]中讨论的技术有助于验证BGP消息,从而使欺骗更新(可用于将EVPN流量转移到错误的EVPN实例)或撤回(拒绝服务攻击)变得更加困难。在多AS主干选项(b)和(c)[RFC4364]中,这也意味着保护自治系统边界路由器(ASBR)、PEs或路由反射器之间的AS间BGP会话。
Further discussion of security considerations for BGP may be found in the BGP specification itself [RFC4271] and in the security analysis for BGP [RFC4272]. The original discussion of the use of the TCP MD5 signature option to protect BGP sessions is found in [RFC5925], while [RFC6952] includes an analysis of BGP keying and authentication issues.
BGP安全注意事项的进一步讨论可在BGP规范本身[RFC4271]和BGP安全分析[RFC4272]中找到。关于使用TCP MD5签名选项保护BGP会话的原始讨论见[RFC5925],而[RFC6952]包括对BGP密钥和身份验证问题的分析。
Note that [RFC5925] will not help in keeping MPLS labels private -- knowing the labels, one can eavesdrop on EVPN traffic. Such eavesdropping additionally requires access to the data path within an SP network. Users of VPN services are expected to take appropriate precautions (such as encryption) to protect the data exchanged over a VPN.
注意,[RFC5925]将无助于保持MPLS标签的私有性——知道标签后,可以窃听EVPN流量。这种窃听还需要访问SP网络中的数据路径。VPN服务的用户应采取适当的预防措施(如加密),以保护通过VPN交换的数据。
One of the requirements for protecting the data plane is that the MPLS labels be accepted only from valid interfaces. For a PE, valid interfaces comprise links from other routers in the PE's own AS. For an ASBR, valid interfaces comprise links from other routers in the ASBR's own AS, and links from other ASBRs in ASes that have instances of a given EVPN. It is especially important in the case of multi-AS EVPN instances that one accept EVPN packets only from valid interfaces.
保护数据平面的要求之一是只能从有效接口接受MPLS标签。对于PE,有效接口包括来自PE自身AS中其他路由器的链路。对于ASBR,有效接口包括来自ASBR自身AS中其他路由器的链路,以及来自具有给定EVPN实例的ASE中其他ASBR的链路。在多AS EVPN实例的情况下,仅接受来自有效接口的EVPN数据包尤为重要。
It is also important to help limit malicious traffic into a network for an impostor MAC address. The mechanism described in Section 15.1 shows how duplicate MAC addresses can be detected and continuous false MAC mobility can be prevented. The mechanism described in Section 15.2 shows how MAC addresses can be pinned to a given Ethernet segment, such that if they appear behind any other Ethernet segments, the traffic for those MAC addresses can be prevented from entering the EVPN network from the other Ethernet segments.
对于冒名顶替者MAC地址,帮助限制进入网络的恶意流量也很重要。第15.1节中描述的机制说明了如何检测重复的MAC地址,以及如何防止连续的错误MAC移动。第15.2节中描述的机制显示了如何将MAC地址固定到给定的以太网段,这样,如果MAC地址出现在任何其他以太网段后面,则可以防止这些MAC地址的通信量从其他以太网段进入EVPN网络。
This document defines a new NLRI, called "EVPN", to be carried in BGP using multiprotocol extensions. This NLRI uses the existing AFI of 25 (L2VPN). IANA has assigned BGP EVPNs a SAFI value of 70.
本文档定义了一个新的NLRI,称为“EVPN”,将使用多协议扩展在BGP中携带。该NLRI使用现有的AFI 25(L2VPN)。IANA已将BGP EVPN的SAFI值指定为70。
IANA has allocated the following EVPN Extended Community sub-types in [RFC7153], and this document is the only reference for them.
IANA已在[RFC7153]中分配了以下EVPN扩展社区子类型,本文档是它们的唯一参考。
0x00 MAC Mobility [RFC7432]
0x01 ESI Label [RFC7432]
0x02 ES-Import Route Target [RFC7432]
0x00 MAC Mobility [RFC7432]
0x01 ESI Label [RFC7432]
0x02 ES-Import Route Target [RFC7432]
This document creates a registry called "EVPN Route Types". New registrations will be made through the "RFC Required" procedure defined in [RFC5226]. The registry has a maximum value of 255. Initial registrations are as follows:
本文档创建了一个名为“EVPN路由类型”的注册表。新的注册将通过[RFC5226]中定义的“需要RFC”程序进行。注册表的最大值为255。初步登记如下:
0 Reserved [RFC7432]
1 Ethernet Auto-discovery [RFC7432]
2 MAC/IP Advertisement [RFC7432]
3 Inclusive Multicast Ethernet Tag [RFC7432]
4 Ethernet Segment [RFC7432]
0 Reserved [RFC7432]
1 Ethernet Auto-discovery [RFC7432]
2 MAC/IP Advertisement [RFC7432]
3 Inclusive Multicast Ethernet Tag [RFC7432]
4 Ethernet Segment [RFC7432]
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A Border Gateway Protocol 4 (BGP-4)", RFC 4271, January 2006, <http://www.rfc-editor.org/info/rfc4271>.
[RFC4271]Rekhter,Y.,Ed.,Li,T.,Ed.,和S.Hares,Ed.,“边境网关协议4(BGP-4)”,RFC 42712006年1月<http://www.rfc-editor.org/info/rfc4271>.
[RFC4360] Sangli, S., Tappan, D., and Y. Rekhter, "BGP Extended Communities Attribute", RFC 4360, February 2006, <http://www.rfc-editor.org/info/rfc4360>.
[RFC4360]Sangli,S.,Tappan,D.和Y.Rekhter,“BGP扩展社区属性”,RFC 4360,2006年2月<http://www.rfc-editor.org/info/rfc4360>.
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006, <http://www.rfc-editor.org/info/rfc4364>.
[RFC4364]Rosen,E.和Y.Rekhter,“BGP/MPLS IP虚拟专用网络(VPN)”,RFC 4364,2006年2月<http://www.rfc-editor.org/info/rfc4364>.
[RFC4760] Bates, T., Chandra, R., Katz, D., and Y. Rekhter, "Multiprotocol Extensions for BGP-4", RFC 4760, January 2007, <http://www.rfc-editor.org/info/rfc4760>.
[RFC4760]Bates,T.,Chandra,R.,Katz,D.,和Y.Rekhter,“BGP-4的多协议扩展”,RFC 4760,2007年1月<http://www.rfc-editor.org/info/rfc4760>.
[RFC4761] Kompella, K., Ed., and Y. Rekhter, Ed., "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", RFC 4761, January 2007, <http://www.rfc-editor.org/info/rfc4761>.
[RFC4761]Kompella,K.,Ed.,和Y.Rekhter,Ed.,“使用BGP进行自动发现和信令的虚拟专用LAN服务(VPLS)”,RFC 4761,2007年1月<http://www.rfc-editor.org/info/rfc4761>.
[RFC4762] Lasserre, M., Ed., and V. Kompella, Ed., "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007, <http://www.rfc-editor.org/info/rfc4762>.
[RFC4762]Lasserre,M.,Ed.,和V.Kompella,Ed.,“使用标签分发协议(LDP)信令的虚拟专用LAN服务(VPLS)”,RFC 4762,2007年1月<http://www.rfc-editor.org/info/rfc4762>.
[RFC7153] Rosen, E. and Y. Rekhter, "IANA Registries for BGP Extended Communities", RFC 7153, March 2014, <http://www.rfc-editor.org/info/rfc7153>.
[RFC7153]Rosen,E.和Y.Rekhter,“BGP扩展社区的IANA注册”,RFC 7153,2014年3月<http://www.rfc-editor.org/info/rfc7153>.
[802.1D-REV] "IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Bridges", IEEE Std. 802.1D, June 2004.
[802.1D-REV]“局域网和城域网IEEE标准-媒体访问控制(MAC)网桥”,IEEE标准802.1D,2004年6月。
[802.1Q] "IEEE Standard for Local and metropolitan area networks - Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks", IEEE Std 802.1Q(tm), 2014 Edition, November 2014.
[802.1Q]“局域网和城域网IEEE标准-媒体访问控制(MAC)网桥和虚拟桥接局域网”,IEEE标准802.1Q(tm),2014年版,2014年11月。
[RFC4272] Murphy, S., "BGP Security Vulnerabilities Analysis", RFC 4272, January 2006, <http://www.rfc-editor.org/info/rfc4272>.
[RFC4272]Murphy,S.,“BGP安全漏洞分析”,RFC 42722006年1月<http://www.rfc-editor.org/info/rfc4272>.
[RFC4385] Bryant, S., Swallow, G., Martini, L., and D. McPherson, "Pseudowire Emulation Edge-to-Edge (PWE3) Control Word for Use over an MPLS PSN", RFC 4385, February 2006, <http://www.rfc-editor.org/info/rfc4385>.
[RFC4385]Bryant,S.,Swallow,G.,Martini,L.,和D.McPherson,“用于MPLS PSN的伪线仿真边到边(PWE3)控制字”,RFC 43852006年2月<http://www.rfc-editor.org/info/rfc4385>.
[RFC4664] Andersson, L., Ed., and E. Rosen, Ed., "Framework for Layer 2 Virtual Private Networks (L2VPNs)", RFC 4664, September 2006, <http://www.rfc-editor.org/info/rfc4664>.
[RFC4664]Andersson,L.,Ed.,和E.Rosen,Ed.,“第二层虚拟专用网络(L2VPN)框架”,RFC 4664,2006年9月<http://www.rfc-editor.org/info/rfc4664>.
[RFC4684] Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk, R., Patel, K., and J. Guichard, "Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs)", RFC 4684, November 2006, <http://www.rfc-editor.org/info/rfc4684>.
[RFC4684]Marques,P.,Bonica,R.,Fang,L.,Martini,L.,Raszuk,R.,Patel,K.,和J.Guichard,“边界网关协议/多协议标签交换(BGP/MPLS)互联网协议(IP)虚拟专用网络(VPN)的受限路由分布”,RFC 46842006年11月<http://www.rfc-editor.org/info/rfc4684>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.
[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.
[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, June 2010, <http://www.rfc-editor.org/info/rfc5925>.
[RFC5925]Touch,J.,Mankin,A.,和R.Bonica,“TCP认证选项”,RFC 59252010年6月<http://www.rfc-editor.org/info/rfc5925>.
[RFC6514] Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP Encodings and Procedures for Multicast in MPLS/BGP IP VPNs", RFC 6514, February 2012, <http://www.rfc-editor.org/info/rfc6514>.
[RFC6514]Aggarwal,R.,Rosen,E.,Morin,T.,和Y.Rekhter,“MPLS/BGP IP VPN中的BGP编码和多播过程”,RFC 6514,2012年2月<http://www.rfc-editor.org/info/rfc6514>.
[RFC6790] Kompella, K., Drake, J., Amante, S., Henderickx, W., and L. Yong, "The Use of Entropy Labels in MPLS Forwarding", RFC 6790, November 2012, <http://www.rfc-editor.org/info/rfc6790>.
[RFC6790]Kompella,K.,Drake,J.,Amante,S.,Henderickx,W.,和L.Yong,“MPLS转发中熵标签的使用”,RFC 67902012年11月<http://www.rfc-editor.org/info/rfc6790>.
[RFC6952] Jethanandani, M., Patel, K., and L. Zheng, "Analysis of BGP, LDP, PCEP, and MSDP Issues According to the Keying and Authentication for Routing Protocols (KARP) Design Guide", RFC 6952, May 2013, <http://www.rfc-editor.org/info/rfc6952>.
[RFC6952]Jethanandani,M.,Patel,K.,和L.Zheng,“根据路由协议键控和认证(KARP)设计指南分析BGP,LDP,PCEP和MSDP问题”,RFC 6952,2013年5月<http://www.rfc-editor.org/info/rfc6952>.
[RFC7117] Aggarwal, R., Ed., Kamite, Y., Fang, L., Rekhter, Y., and C. Kodeboniya, "Multicast in Virtual Private LAN Service (VPLS)", RFC 7117, February 2014, <http://www.rfc-editor.org/info/rfc7117>.
[RFC7117]Aggarwal,R.,Ed.,Kamite,Y.,Fang,L.,Rekhter,Y.,和C.Kodeboniya,“虚拟专用局域网服务(VPLS)中的多播”,RFC 71172014年2月<http://www.rfc-editor.org/info/rfc7117>.
[RFC7209] Sajassi, A., Aggarwal, R., Uttaro, J., Bitar, N., Henderickx, W., and A. Isaac, "Requirements for Ethernet VPN (EVPN)", RFC 7209, May 2014, <http://www.rfc-editor.org/info/rfc7209>.
[RFC7209]Sajassi,A.,Aggarwal,R.,Uttaro,J.,Bitar,N.,Henderickx,W.,和A.Isaac,“以太网VPN(EVPN)的要求”,RFC 7209,2014年5月<http://www.rfc-editor.org/info/rfc7209>.
Acknowledgements
致谢
Special thanks to Yakov Rekhter for reviewing this document several times and providing valuable comments, and for his very engaging discussions on several topics of this document that helped shape this document. We would also like to thank Pedro Marques, Kaushik Ghosh, Nischal Sheth, Robert Raszuk, Amit Shukla, and Nadeem Mohammed for discussions that helped shape this document. We would also like to thank Han Nguyen for his comments and support of this work. We would also like to thank Steve Kensil and Reshad Rahman for their reviews. We would like to thank Jorge Rabadan for his contribution to Section 5 of this document. We would like to thank Thomas Morin for his review of this document and his contribution of Section 8.6. Many thanks to Jakob Heitz for his help to improve several sections of this document.
特别感谢Yakov Rekhter对本文件进行了多次审查,并提供了宝贵的意见,以及他就本文件的几个主题进行了非常有意义的讨论,这些讨论有助于形成本文件。我们还要感谢Pedro Marques、Kaushik Ghosh、Nischal Sheth、Robert Raszuk、Amit Shukla和Nadeem Mohammed的讨论,这些讨论有助于形成本文件。我们还要感谢韩阮对这项工作的评论和支持。我们还要感谢Steve Kensil和Reshad Rahman的评论。我们要感谢豪尔赫·拉巴丹对本文件第5节的贡献。我们感谢Thomas Morin对本文件的审查以及他对第8.6节的贡献。非常感谢Jakob Heitz帮助改进本文档的几个部分。
We would also like to thank Clarence Filsfils, Dennis Cai, Quaizar Vohra, Kireeti Kompella, and Apurva Mehta for their contributions to this document.
我们还要感谢Clarence Filsfils、Dennis Cai、Quaizar Vohra、Kireeti Kompella和Apurva Mehta对本文件的贡献。
Last but not least, special thanks to Giles Heron (our WG chair) for his detailed review of this document in preparation for WG Last Call and for making many valuable suggestions.
最后但并非最不重要的一点是,特别感谢Giles Heron(我们的工作组主席)为准备工作组最后一次电话会议对本文件进行了详细审查,并提出了许多有价值的建议。
Contributors
贡献者
In addition to the authors listed on the front page, the following co-authors have also contributed to this document:
除了头版上列出的作者外,以下共同作者也对本文件作出了贡献:
Keyur Patel Samer Salam Sami Boutros Cisco
科尤尔·帕特尔·萨梅尔·萨拉姆·萨米·布特罗斯·思科
Yakov Rekhter Ravi Shekhar Juniper Networks
Yakov Rekhter Ravi Shekhar Juniper网络
Florin Balus Nuage Networks
Florin Balus Nuage网络
Authors' Addresses
作者地址
Ali Sajassi (editor) Cisco EMail: sajassi@cisco.com
Ali Sajassi(编辑)Cisco电子邮件:sajassi@cisco.com
Rahul Aggarwal Arktan EMail: raggarwa_1@yahoo.com
Rahul Aggarwal Arktan电子邮件:raggarwa_1@yahoo.com
Nabil Bitar Verizon Communications EMail : nabil.n.bitar@verizon.com
Nabil Bitar Verizon通信电子邮件:Nabil.n。bitar@verizon.com
Aldrin Isaac Bloomberg EMail: aisaac71@bloomberg.net
Aldrin Isaac Bloomberg电子邮件:aisaac71@bloomberg.net
James Uttaro AT&T EMail: uttaro@att.com
James Uttaro AT&T电子邮件:uttaro@att.com
John Drake Juniper Networks EMail: jdrake@juniper.net
John Drake Juniper Networks电子邮件:jdrake@juniper.net
Wim Henderickx Alcatel-Lucent EMail: wim.henderickx@alcatel-lucent.com
Wim亨德里克斯阿尔卡特朗讯电子邮件:Wim。henderickx@alcatel-朗讯网