Updates on EVPN BUM Procedures
draft-ietf-bess-evpn-bum-procedure-updates-14
Yes
(Martin Vigoureux)
No Objection
Erik Kline
(Lars Eggert)
Note: This ballot was opened for revision 10 and is now closed.
Erik Kline
No Objection
Murray Kucherawy
(was Discuss)
No Objection
Comment
(2021-10-20)
Sent for earlier
The shepherd writeup is over two years old. I wonder if it would be worth reviewing. Also, questions 7 and 8 have the same answer, but they're asking different things. Terms like "MVPN" and "ASBR" are commonly used. I realize Section 1 says: It is expected that audience is familiar with EVPN and MVPN concepts and terminologies. Still, I think it's conventional to expand key acronyms upon first use. EVPN is expanded in the Abstract, for example. I think this would be helpful to some readers a little foreign to the topic. "SMET A-D" is defined in Section 1, but then not used anywhere in this document.
Roman Danyliw
No Objection
Comment
(2021-10-19 for -11)
Sent
** I support Lars Eggert’s DISCUSS position. I have come to the same conclusion as the GENART reviewer (Paul Kyzivat). It isn’t clear what this document is updating. -- The document header and abstract explicitly say that RC7432 is updated. However, I can’t find a clear explanation of how the next in this documents updates RFC7432 -- Section 5.1. is titled as “Changes to Section 7.2.2 of [RFC7117]” and changes behavior in RFC7117, but RFC7117 is not being updated (according to the header and abstract). ** Section 9. They do not introduce new security concerns besides what have been discussed in [RFC6514], [RFC7117], [RFC7432] and [RFC7524]. Which parts of these security considerations specifically apply here. For example, RFC7524 and RFC7432 makes references to MPLS mechanisms (which seem out of scope here). Additionally, it appears some of the guidance across these documents is directed at securing generic EVPN technology – this is helpful, but please be clear about this case. What specific guidance is relevant to the procedures for handling BUM traffic?
Warren Kumari
No Objection
Comment
(2021-10-20 for -11)
Sent
Much thanks to Scott Bradner for the OpsDir review (-09), discussions and then re-review of -11. Jeffrey has agreed to change the SHOULD at the ned of S5.3.1 to a MUST (see OpsDir thread), and I'm balloting NoObj with the assumption that that will happen. Thanks again to Scott and the authors; I think that the comments since -09 have noticeably improved the document.
Zaheduzzaman Sarker
No Objection
Comment
(2021-10-20 for -11)
Sent
Thanks for working on this document. Thanks to Gorry Fairhurst for his TSVART review and to the authors for addressing the review comments. Here, I strongly support Lars's discuss as I also have hard time understanding the relation towards the updates to RFC 7432 and to RFC 7117 and RFC 7524. The explanation given in the section 2 is not good enough. Most of my confusions arose from the way updates/changes/clarifications done to RFC 7117 and RFC 7524 without describing their relation to RFC 7432 in this document. Hence to resolve this my suggestion will be to - * list the updates made to RFC 7432 * describe the relation among RFC 7432, RFC7117, RFC 7524 in the respective sections where the changes/updates/clarifications are done. Section 5.2 is a good example for this. I hope this helps.
Éric Vyncke
No Objection
Comment
(2021-10-18 for -11)
Sent
Thank you for the work put into this document. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Zheng Zhang for his shepherd's write-up about the WG consensus. I hope that this helps to improve the document, Regards, -éric -- Section 3 -- It is a little unclear whether the first list of values are applicable to the 'route type' field. The reader can only guess when reading the pre-amble to the 2nd list. -- Section 5.1 -- The text in this section appears to also update RFC 7117: "The following bullet in Section 7.2.2.2 of [RFC7117]: ... s changed to the following when applied to EVPN:". Should this document also formally update RFC 7117 ?
Martin Vigoureux Former IESG member
Yes
Yes
(for -10)
Unknown
Benjamin Kaduk Former IESG member
(was Discuss)
No Objection
No Objection
(2021-10-21 for -11)
Sent for earlier
Thanks for helping me understand that my previous discuss point is a non-issue! My original COMMENT section is preserved, unchanged, below. Section 1 It is expected that audience is familiar with EVPN and MVPN concepts and terminologies. For convenience, the following terms are briefly Please provide references for EVPN and MVPN that would serve as entry points for gaining such familiarity. E.g., RFCs 7432 and 6513/6514. explained. I suggest including PMSI Tunnel Attribute in this list, especially since RFC 6514 does not actually use the PTA acronym. Section 2.1 There is a difference between MVPN and VPLS multicast inter-as segmentation. For simplicity, EVPN will use the same procedures as in MVPN. All ASBRs can re-advertise their choice of the best route. While it is defensible to rely on the stated expectation that the reader is familiar with EVPN and MVPN concepts (hmm, which does not actually include VPLS concepts?), it would be appreciated to include some indication of the nature of the difference, before stating which variant EVPN will use. For inter-area segmentation, [RFC7524] requires the use of Inter-area P2MP Segmented Next-Hop Extended Community (S-NH-EC), and the setting of "Leaf Information Required" L flag in PTA in certain situations. Either of these could be optional in case of EVPN. Removing these "Could be"? It sometimes is and sometimes isn't? When is it still mandatory? Section 2.1.1 For example, an MVPN/VPLS/EVPN network may span multiple providers and Inter-AS Option-B has to be used, in which the end-to-end Is this "option (b)" of §7.2 of RFC 7117? Regardless, a specific reference seems in order. Another advantage of the smaller region is smaller BIER sub-domains. In this new multicast architecture BIER [RFC8279], packets carry a RFC 8279 was published just about four years ago. Does that still qualify as "new"? (I honestly am not sure, given the distribution of time from -00 to RFC.) Section 3 The "Route Type specific" field of the type 9 and type 10 EVPN NLRIs starts with a type 1 RD, whose Administrator sub-field MUST match that of the RD in all non-Leaf A-D (Section 3.3) EVPN routes from the same advertising router for a given EVI. Is the requirement really so specific as "everything except Leaf A-D"? What if some new type is allocated that also doesn't start with an RD? Is it safe to say that any type that does have an RD must meet this criterion? Section 4 The optional optimizations specified for MVPN in [RFC8534] are also applicable to EVPN when the S-PMSI/Leaf A-D routes procedures are used for EVPN selective multicast forwarding. Are we going to need a draft-ietf-something-bum-procedure-further-updates in another five years to perform the same type of "gap filling" that this document is doing for how RFC 7432 referred to the RFC 7117 procedures? Section 5.1 The above VPLS behavior requires complicated VPLS specific procedures for the ASBRs to reach agreement. For EVPN, a different approach is used and the above quoted text is not applicable to EVPN. What about the text we didn't quote, that places MUST-level requirement on the "best route selection procedures" that determine whether a given ASBR re-advertises the route within its own AS? "The PMSI Tunnel attribute MUST specify the tunnel for the segment. If and only if, in order to establish the tunnel, the ASBR needs to know the leaves of the tree, then the ASBR MUST set the L flag to 1 in the PTA to trigger Leaf A-D routes from egress PEs and downstream ASBRs. It MUST be (auto-)configured with an import RT, which controls acceptance of leaf A-D routes by the ASBR." It seems like we might want to make some further statement about what scope that import RT is expected to limit acceptance of the route to. Section 5.2 considered as leaves (as proxies for those PEs in other ASes). Note that in case of Ingress Replication, when an ASBR re-advertises IMET A-D routes to IBGP peers, it MUST advertise the same label for all those for the same Ethernet Tag ID and the same EVI. When an ingress This seems like an eminently reasonable thing to require. I wonder if it's worth saying a little more about why it is required, though -- what breaks if you don't do this? PE builds its flooding list, multiple routes might have the same (nexthop, label) tuple and they MUST only be added as a single branch in the flooding list. I'm not entirely confident that I could implement this behavior for the flooding list right now. On the other hand, I also haven't written any BGP code, so maybe it's expected that I couldn't implement it, but it still seems like this might be glossing over some details. Section 5.3 o An egress PE sends Leaf A-D routes in response to I-PMSI routes, if the PTA has the L flag set (by the re-advertising ASBRs). I don't think I understand the parenthetical. Which previous text is it intending to refer to? Additionally, while we mention in the first paragraph of §5.2 the RFC 7432 requirement to not set the L flag in IMET A-D routes, I don't see where we lift that requirement for the segmented procedures. The change in §5.1 to let the ASBR set the L flag does not seem constructed in a way that lifts the requirement from §11.2 of RFC7432. To address this backward compatibility problem, the following procedure can be used (see Section 6.2 for per-PE/AS/region I-PMSI A-D routes): Can be used, but is in no way mandatory, not even to implement? That's rather surprising. o The ASBRs in an AS originate per-region I-PMSI A-D routes and advertise to their external peers to advertise tunnels used to carry traffic from the local AS to other ASes. Depending on the This may or may not just be a grammar nit: *what* do the ASBRs advertise to their external peers to advertise tunnels? (Are we just missing "them" for "advertise them"?) Section 6.3 [RFC7524] specifies the use of S-NH-EC because it does not allow ABRs to change the BGP next hop when they re-advertise I/S-PMSI A-D routes I failed to find any place where RFC 7524 used the string "S-NH-EC", and suggest writing out "Segmented Next-Hop Extended Community" somewhere. Section 9 I would posit that at least some of the security considerations from RFC 6513 are relevant here, in addition to the (already mentioned) 6514 considerations. Section 12.1 I do not think that RFC 7988 needs to be classified as normative; we reference it only once, in an example; RFCs 4875 and 6388 are used in the same way for the same example, but are classified as informative. Section 12.2 I don't see what's different between RFCs 6513 and 6514 to make the latter normative while the former is informative -- they are referenced in largely the same places, and often. NITS Abstract This document specifies procedure updates for broadcast, unknown unicast, and multicast (BUM) traffic in Ethernet VPNs (EVPN), I'd suggest NEW: This document specifies updated procedures for handling broadcast, unknown unicast, and multicast (BUM) traffic in Ethernet VPNs (EVPN), Section 1 o IMET A-D route [RFC7432]: Inclusive Multicast Ethernet Tag A-D route. The EVPN equivalent of MVPN Intra-AS I-PMSI A-D route. I would say that a de novo explanation is likely to be of more general applicability than a dense MVPN reference. Perhaps "Advertised by PEs to enable reception of BUM traffic for a given VLAN" or similar? o SMET A-D route [I-D.ietf-bess-evpn-igmp-mld-proxy]: Selective Multicast Ethernet Tag A-D route. The EVPN equivalent of MVPN Leaf A-D route but unsolicited and untargeted. Likewise, this might be something like "Advertised by PEs to indicate that the indicated BUM traffic should be sent to the advertising PE." Section 2 [RFC7117] specifies procedures for Multicast in Virtual Private LAN Service (VPLS Multicast) using both inclusive tunnels and selective tunnels with or without inter-as segmentation, similar to Multicast VPN (MVPN) procedures specified in [RFC6513] and [RFC6514]. s/to Multicast/to the Multicast/ Section 2.1.1 Segmentation can also be used to divide an AS/area to smaller regions, so that control plane state and/or forwarding plane state/ s/to smaller/into smaller/ Section 4 of egress PEs for selective forwarding with BIER). An NVE proxies the IGMP/MLD state that it learns on its ACs to (C-S,C-G) or (C-*,C-G) SMET routes and advertises to other NVEs, and a receiving I think s/and/that it/ NVE converts the SMET routes back to IGMP/MLD messages and send them s/send/sends/ Section 5.3 o An ingress PE uses the Next Hop instead of Originating Router's IP Address to determine leaves for the I-PMSI tunnel. It was not previously required to use Originating Router's IP Address, so maybe s/instead of/and not use/. Section 6.1 changes the next hop to its own address and changes PTA to specify the tunnel type/identification in the neighboring region 3. Now the I'm not sure that we ever explicitly named the region. We implicitly do in the following figure that says "segment 3", but the number and string "region" don't seem paired anywhere directly. Section 6.2 propagated to other regions. If multiple RBRs are connected to a region, then each will advertise such a route, with the same route key (Section 3.1). Similar to the per-PE I-PMSI A-D routes, RBRs/PEs Mention of route key seems to be in §3.3, not 3.1. Section 6.3 NH-EC. The advantage of this is that neither ingress nor egress PEs need to understand/use S-NH-EC, and consistent procedure (based on BGP next hop) is used for both inter-as and inter-region segmentation. s/consistent/a consistent/ Section 7 including Ingress Replication. Via means outside the scope of this document, PEs know that ESI labels are from DCB and existing multi- homing procedures work as is, whether a multi-homed Ethernet Segment spans across segmentation regions or not. I'm not sure this is a well-formed sentence. Is it supposed to be a list? Or just two things that PEs know OOB: (ESI labels are from existing multi-homing procedures work as is) and (whether or not a multi-homed Ethernet Segment spans across segmentation regions)?
Lars Eggert Former IESG member
(was Discuss)
No Objection
No Objection
()
Sent for earlier
Martin Duke Former IESG member
No Objection
No Objection
(2021-10-13 for -11)
Not sent
Thanks to Gorry Fairhurst for the TSVART review. I see no transport issues. I'm trusting others on the non-transport aspects, as it's mostly opaque to me as a non-expert.