Updates on EVPN BUM Procedures
draft-ietf-bess-evpn-bum-procedure-updates-14

The shepherd writeup is over two years old.  I wonder if it would be worth reviewing.  Also, questions 7 and 8 have the same answer, but they're asking different things.

Terms like "MVPN" and "ASBR" are commonly used.  I realize Section 1 says:

   It is expected that audience is familiar with EVPN and MVPN concepts
   and terminologies.

Still, I think it's conventional to expand key acronyms upon first use.  EVPN is expanded in the Abstract, for example.  I think this would be helpful to some readers a little foreign to the topic.

"SMET A-D" is defined in Section 1, but then not used anywhere in this document.

** I support Lars Eggert’s DISCUSS position.  I have come to the same conclusion as the GENART reviewer (Paul Kyzivat).  It isn’t clear what this document is updating.

-- The document header and abstract explicitly say that RC7432 is updated.  However, I can’t find a clear explanation of how the next in this documents updates RFC7432

-- Section 5.1. is titled as “Changes to Section 7.2.2 of [RFC7117]” and changes behavior in RFC7117, but RFC7117 is not being updated (according to the header and abstract).

** Section 9.
   They do not introduce new security concerns besides what have been
   discussed in [RFC6514], [RFC7117], [RFC7432] and [RFC7524].

Which parts of these security considerations specifically apply here.  For example, RFC7524 and RFC7432 makes references to MPLS mechanisms (which seem out of scope here).  Additionally, it appears some of the guidance across these documents is directed at securing generic EVPN technology – this is helpful, but please be clear about this case.  What specific guidance is relevant to the procedures for handling BUM traffic?

Much thanks to Scott Bradner for the OpsDir review (-09), discussions and then re-review of -11. Jeffrey has agreed to change the SHOULD at the ned of S5.3.1 to a MUST (see OpsDir thread), and I'm balloting NoObj with the assumption that that will happen.


Thanks again to Scott and the authors; I think that the comments since -09 have noticeably improved the document.

Thanks for working on this document. Thanks to Gorry Fairhurst for his TSVART review and to the authors for addressing the review comments.

Here, I strongly support Lars's discuss as I also have hard time understanding the relation towards the updates to RFC 7432 and to RFC 7117 and RFC 7524. The explanation given in the section 2 is not good enough.

Most of my confusions arose from the way updates/changes/clarifications done to RFC 7117 and RFC 7524 without describing their relation to RFC 7432 in this document. Hence to resolve this my suggestion will be to -

* list the updates made to RFC 7432
* describe the relation among RFC 7432, RFC7117, RFC 7524 in the respective sections where the changes/updates/clarifications are done. Section 5.2 is a good example for this.

I hope this helps.

Thank you for the work put into this document. 

Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education).

Special thanks to Zheng Zhang for his shepherd's write-up about the WG consensus.

I hope that this helps to improve the document,

Regards,

-éric

-- Section 3 --

It is a little unclear whether the first list of values are applicable to the 'route type' field. The reader can only guess when reading the pre-amble to the 2nd list.

-- Section 5.1 --
The text in this section appears to also update RFC 7117: "The following bullet in Section 7.2.2.2 of [RFC7117]: ... s changed to the following when applied to EVPN:". Should this document also formally update RFC 7117 ?

Thanks for helping me understand that my previous discuss point is a non-issue!
My original COMMENT section is preserved, unchanged, below.

Section 1

   It is expected that audience is familiar with EVPN and MVPN concepts
   and terminologies.  For convenience, the following terms are briefly

Please provide references for EVPN and MVPN that would serve as entry
points for gaining such familiarity.  E.g., RFCs 7432 and 6513/6514.

   explained.

I suggest including PMSI Tunnel Attribute in this list, especially since
RFC 6514 does not actually use the PTA acronym.

Section 2.1

   There is a difference between MVPN and VPLS multicast inter-as
   segmentation.  For simplicity, EVPN will use the same procedures as
   in MVPN.  All ASBRs can re-advertise their choice of the best route.

While it is defensible to rely on the stated expectation that the reader
is familiar with EVPN and MVPN concepts (hmm, which does not actually
include VPLS concepts?), it would be appreciated to include some
indication of the nature of the difference, before stating which variant
EVPN will use.

   For inter-area segmentation, [RFC7524] requires the use of Inter-area
   P2MP Segmented Next-Hop Extended Community (S-NH-EC), and the setting
   of "Leaf Information Required" L flag in PTA in certain situations.
   Either of these could be optional in case of EVPN.  Removing these

"Could be"?  It sometimes is and sometimes isn't?  When is it still
mandatory?

Section 2.1.1

   For example, an MVPN/VPLS/EVPN network may span multiple providers
   and Inter-AS Option-B has to be used, in which the end-to-end

Is this "option (b)" of §7.2 of RFC 7117?  Regardless, a specific
reference seems in order.

   Another advantage of the smaller region is smaller BIER sub-domains.
   In this new multicast architecture BIER [RFC8279], packets carry a

RFC 8279 was published just about four years ago.  Does that still
qualify as "new"?  (I honestly am not sure, given the distribution of
time from -00 to RFC.)

Section 3

   The "Route Type specific" field of the type 9 and type 10 EVPN NLRIs
   starts with a type 1 RD, whose Administrator sub-field MUST match
   that of the RD in all non-Leaf A-D (Section 3.3) EVPN routes from the
   same advertising router for a given EVI.

Is the requirement really so specific as "everything except Leaf A-D"?
What if some new type is allocated that also doesn't start with an RD?
Is it safe to say that any type that does have an RD must meet this
criterion?

Section 4

   The optional optimizations specified for MVPN in [RFC8534] are also
   applicable to EVPN when the S-PMSI/Leaf A-D routes procedures are
   used for EVPN selective multicast forwarding.

Are we going to need a
draft-ietf-something-bum-procedure-further-updates in another five years
to perform the same type of "gap filling" that this document is doing
for how RFC 7432 referred to the RFC 7117 procedures?

Section 5.1

   The above VPLS behavior requires complicated VPLS specific procedures
   for the ASBRs to reach agreement.  For EVPN, a different approach is
   used and the above quoted text is not applicable to EVPN.

What about the text we didn't quote, that places MUST-level requirement
on the "best route selection procedures" that determine whether a given
ASBR re-advertises the route within its own AS?

      "The PMSI Tunnel attribute MUST specify the tunnel for the segment.
      If and only if, in order to establish the tunnel, the ASBR needs to
      know the leaves of the tree, then the ASBR MUST set the L flag to
      1 in the PTA to trigger Leaf A-D routes from egress PEs and
      downstream ASBRs. It MUST be (auto-)configured with an import RT,
      which controls acceptance of leaf A-D routes by the ASBR."

It seems like we might want to make some further statement about what
scope that import RT is expected to limit acceptance of the route to.

Section 5.2

   considered as leaves (as proxies for those PEs in other ASes).  Note
   that in case of Ingress Replication, when an ASBR re-advertises IMET
   A-D routes to IBGP peers, it MUST advertise the same label for all
   those for the same Ethernet Tag ID and the same EVI.  When an ingress

This seems like an eminently reasonable thing to require.  I wonder if
it's worth saying a little more about why it is required, though -- what
breaks if you don't do this?

   PE builds its flooding list, multiple routes might have the same
   (nexthop, label) tuple and they MUST only be added as a single branch
   in the flooding list.

I'm not entirely confident that I could implement this behavior for the
flooding list right now.  On the other hand, I also haven't written any
BGP code, so maybe it's expected that I couldn't implement it, but it
still seems like this might be glossing over some details.

Section 5.3

   o  An egress PE sends Leaf A-D routes in response to I-PMSI routes,
      if the PTA has the L flag set (by the re-advertising ASBRs).

I don't think I understand the parenthetical.  Which previous text is it
intending to refer to?

Additionally, while we mention in the first paragraph of §5.2 the RFC
7432 requirement to not set the L flag in IMET A-D routes, I don't see
where we lift that requirement for the segmented procedures.  The change
in §5.1 to let the ASBR set the L flag does not seem constructed in a
way that lifts the requirement from §11.2 of RFC7432.

   To address this backward compatibility problem, the following
   procedure can be used (see Section 6.2 for per-PE/AS/region I-PMSI
   A-D routes):

Can be used, but is in no way mandatory, not even to implement?  That's
rather surprising.

   o  The ASBRs in an AS originate per-region I-PMSI A-D routes and
      advertise to their external peers to advertise tunnels used to
      carry traffic from the local AS to other ASes.  Depending on the

This may or may not just be a grammar nit: *what* do the ASBRs advertise
to their external peers to advertise tunnels?  (Are we just missing
"them" for "advertise them"?)

Section 6.3

   [RFC7524] specifies the use of S-NH-EC because it does not allow ABRs
   to change the BGP next hop when they re-advertise I/S-PMSI A-D routes

I failed to find any place where RFC 7524 used the string "S-NH-EC", and
suggest writing out "Segmented Next-Hop Extended Community" somewhere.

Section 9

I would posit that at least some of the security considerations from RFC
6513 are relevant here, in addition to the (already mentioned) 6514
considerations.

Section 12.1

I do not think that RFC 7988 needs to be classified as normative; we
reference it only once, in an example; RFCs 4875 and 6388 are used in
the same way for the same example, but are classified as informative.

Section 12.2

I don't see what's different between RFCs 6513 and 6514 to make the
latter normative while the former is informative -- they are referenced
in largely the same places, and often.

NITS

Abstract

   This document specifies procedure updates for broadcast, unknown
   unicast, and multicast (BUM) traffic in Ethernet VPNs (EVPN),

I'd suggest NEW:

 This document specifies updated procedures for handling broadcast,
 unknown unicast, and multicast (BUM) traffic in Ethernet VPNs (EVPN),

Section 1

   o  IMET A-D route [RFC7432]: Inclusive Multicast Ethernet Tag A-D
      route.  The EVPN equivalent of MVPN Intra-AS I-PMSI A-D route.

I would say that a de novo explanation is likely to be of more general
applicability than a dense MVPN reference.  Perhaps "Advertised by PEs
to enable reception of BUM traffic for a given VLAN" or similar?

   o  SMET A-D route [I-D.ietf-bess-evpn-igmp-mld-proxy]: Selective
      Multicast Ethernet Tag A-D route.  The EVPN equivalent of MVPN
      Leaf A-D route but unsolicited and untargeted.

Likewise, this might be something like "Advertised by PEs to indicate
that the indicated BUM traffic should be sent to the advertising PE."

Section 2

   [RFC7117] specifies procedures for Multicast in Virtual Private LAN
   Service (VPLS Multicast) using both inclusive tunnels and selective
   tunnels with or without inter-as segmentation, similar to Multicast
   VPN (MVPN) procedures specified in [RFC6513] and [RFC6514].

s/to Multicast/to the Multicast/

Section 2.1.1

   Segmentation can also be used to divide an AS/area to smaller
   regions, so that control plane state and/or forwarding plane state/

s/to smaller/into smaller/

Section 4

   of egress PEs for selective forwarding with BIER).  An NVE proxies
   the IGMP/MLD state that it learns on its ACs to (C-S,C-G) or
   (C-*,C-G) SMET routes and advertises to other NVEs, and a receiving

I think s/and/that it/

   NVE converts the SMET routes back to IGMP/MLD messages and send them

s/send/sends/

Section 5.3

   o  An ingress PE uses the Next Hop instead of Originating Router's IP
      Address to determine leaves for the I-PMSI tunnel.

It was not previously required to use Originating Router's IP Address,
so maybe s/instead of/and not use/.

Section 6.1

   changes the next hop to its own address and changes PTA to specify
   the tunnel type/identification in the neighboring region 3.  Now the

I'm not sure that we ever explicitly named the region.  We implicitly do
in the following figure that says "segment 3", but the number and string
"region" don't seem paired anywhere directly.

Section 6.2

   propagated to other regions.  If multiple RBRs are connected to a
   region, then each will advertise such a route, with the same route
   key (Section 3.1).  Similar to the per-PE I-PMSI A-D routes, RBRs/PEs

Mention of route key seems to be in §3.3, not 3.1.

Section 6.3

   NH-EC.  The advantage of this is that neither ingress nor egress PEs
   need to understand/use S-NH-EC, and consistent procedure (based on
   BGP next hop) is used for both inter-as and inter-region
   segmentation.

s/consistent/a consistent/

Section 7

   including Ingress Replication.  Via means outside the scope of this
   document, PEs know that ESI labels are from DCB and existing multi-
   homing procedures work as is, whether a multi-homed Ethernet Segment
   spans across segmentation regions or not.

I'm not sure this is a well-formed sentence.  Is it supposed to be a
list?  Or just two things that PEs know OOB: (ESI labels are from
existing multi-homing procedures work as is) and (whether or not a
multi-homed Ethernet Segment spans across segmentation regions)?

Thanks to Gorry Fairhurst for the TSVART review.

I see no transport issues. I'm trusting others on the non-transport aspects, as it's mostly opaque to me as a non-expert.