Transparent Interconnection of Lots of Links (TRILL) Active-Active Edge Using Multiple MAC Attachments
RFC 7782
| Document | Type | RFC - Proposed Standard (February 2016; No errata) | |
|---|---|---|---|
| Authors | Mingui Zhang , Radia Perlman , Hongjun Zhai , Muhammad Durrani , Sujay Gupta | ||
| Last updated | 2018-12-20 | ||
| Replaces | draft-zhang-trill-aa-multi-attach | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Donald Eastlake | ||
| Shepherd write-up | Show (last changed 2015-08-13) | ||
| IESG | IESG state | RFC 7782 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Alia Atlas | ||
| Send notices to | (None) | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack | ||
Internet Engineering Task Force (IETF) M. Zhang
Request for Comments: 7782 Huawei
Category: Standards Track R. Perlman
ISSN: 2070-1721 EMC
H. Zhai
Astute Technology
M. Durrani
Cisco Systems
S. Gupta
IP Infusion
February 2016
Transparent Interconnection of Lots of Links (TRILL)
Active-Active Edge Using Multiple MAC Attachments
Abstract
TRILL (Transparent Interconnection of Lots of Links) active-active
service provides end stations with flow-level load balance and
resilience against link failures at the edge of TRILL campuses, as
described in RFC 7379.
This document specifies a method by which member RBridges (also
referred to as Routing Bridges or TRILL switches) in an active-active
edge RBridge group use their own nicknames as ingress RBridge
nicknames to encapsulate frames from attached end systems. Thus,
remote edge RBridges (who are not in the group) will see one host
Media Access Control (MAC) address being associated with the multiple
RBridges in the group. Such remote edge RBridges are required to
maintain all those associations (i.e., MAC attachments) and to not
flip-flop among them (as would occur prior to the implementation of
this specification). The design goals of this specification are
discussed herein.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7782.
Zhang, et al. Standards Track [Page 1]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Acronyms and Terminology ........................................4
3. Overview ........................................................5
4. Incremental Deployable Options ..................................6
4.1. Details of Option B ........................................7
4.1.1. Advertising Data Labels for Active-Active Edge ......7
4.1.2. Discovery of Active-Active Edge Members .............8
4.1.3. Advertising Learned MAC Addresses ...................9
4.2. Extended RBridge Capability Flags APPsub-TLV ..............11
5. Meeting the Design Goals .......................................12
5.1. No MAC Address Flip-Flopping (Normal Unicast Egress) ......12
5.2. Regular Unicast/Multicast Ingress .........................12
5.3. Correct Multicast Egress ..................................12
5.3.1. No Duplication (Single Exit Point) .................12
5.3.2. No Echo (Split Horizon) ............................13
5.4. No Black-Hole or Triangular Forwarding ....................14
5.5. Load Balance towards the AAE ..............................14
5.6. Scalability ...............................................14
6. E-L1FS Backward Compatibility ..................................15
7. Security Considerations ........................................15
8. IANA Considerations ............................................16
8.1. TRILL APPsub-TLVs .........................................16
8.2. Extended RBridge Capabilities Registry ....................16
8.3. Active-Active Flags .......................................17
9. References .....................................................17
9.1. Normative References ......................................17
9.2. Informative References ....................................19
Appendix A. Scenarios for Split Horizon ...........................20
Acknowledgments ...................................................21
Authors' Addresses ................................................22
Zhang, et al. Standards Track [Page 2]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
1. Introduction
As discussed in [RFC7379], in a TRILL (Transparent Interconnection of
Lots of Links) Active-Active Edge (AAE) topology, a Local
Active-Active Link Protocol (LAALP) -- for example, a Multi-Chassis
Link Aggregation (MC-LAG) bundle -- is used to connect multiple
RBridges (Routing Bridges or TRILL switches) to multi-port Customer
Equipment (CE), such as a switch, virtual switch (vSwitch), or
multi-port end station. A set of end nodes is attached in the case
of a switch or vSwitch. It is required that data traffic within a
specific VLAN from this end node set (including the multi-port
end-station case) can be ingressed and egressed by any of these
RBridges simultaneously. End systems in the set can spread their
traffic among these edge RBridges at the flow level. When a link
fails, end systems keep using the remaining links in the LAALP
without waiting for the convergence of TRILL, which provides
resilience to link failures.
Since a frame from each end node can be ingressed by any RBridge in
the local AAE group, a remote edge RBridge may observe multiple
attachment points (i.e., egress RBridges) for this end node. This
issue is known as "MAC address flip-flopping"; see [RFC7379] for a
discussion.
Per this document, AAE member RBridges use their own nicknames to
ingress frames into the TRILL campus. Remote edge RBridges are
required to keep multiple points of attachment per MAC address and
Data Label (VLAN or Fine-Grained Label [RFC7172]) attached to the
AAE. This addresses the MAC flip-flopping issue. Using this
solution, as specified in this document, in an AAE group does not
prohibit the use of other solutions in other AAE groups in the same
TRILL campus. For example, the specification in this document and
the specification in [RFC7781] could be simultaneously deployed for
different AAE groups in the same campus.
The main body of this document is organized as follows: Section 2
lists acronyms and terms. Section 3 describes the overview model.
Section 4 provides options for incremental deployment. Section 5
describes how this approach meets the design goals. Section 6
discusses backward compatibility. Section 7 covers security
considerations. Section 8 covers IANA considerations.
Zhang, et al. Standards Track [Page 3]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
2. Acronyms and Terminology
AAE: Active-Active Edge
Campus: A TRILL network consisting of TRILL switches, links, and
possibly bridges bounded by end stations and IP routers. For
TRILL, there is no "academic" implication in the name "campus".
CE: Customer Equipment (end station or bridge). The device can be
either physical or virtual equipment.
Data Label: VLAN or Fine-Grained Label (FGL)
DRNI: Distributed Resilient Network Interconnect. A link aggregation
specified in [802.1AX] that can provide an LAALP between (a) one,
two, or three CEs and (b) two or three RBridges.
E-L1FS: Extended Level 1 Flooding Scope
Edge RBridge: An RBridge providing end-station service on one or more
of its ports.
ESADI: End Station Address Distribution Information [RFC7357]
FGL: Fine-Grained Label [RFC7172]
FS-LSP: Flooding Scope Link State Protocol Data Unit
IS: Intermediate System [IS-IS]
IS-IS: Intermediate System to Intermediate System [IS-IS]
LAALP: Local Active-Active Link Protocol [RFC7379]. Any protocol
similar to MC-LAG (or DRNI) that runs in a distributed fashion on
a CE, on the links from that CE to a set of edge group RBridges,
and on those RBridges.
LSP: Link State PDU
MC-LAG: Multi-Chassis Link Aggregation. Proprietary extensions of
link aggregation [802.1AX] that can provide an LAALP between one
CE and two or more RBridges.
PDU: Protocol Data Unit
RBridge: A device implementing the TRILL protocol.
Zhang, et al. Standards Track [Page 4]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
TRILL: Transparent Interconnection of Lots of Links or Tunneled
Routing in the Link Layer [RFC6325] [RFC7177].
TRILL switch: An alternative name for an RBridge.
vSwitch: A virtual switch, such as a hypervisor, that also simulates
a bridge.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Familiarity with [RFC6325], [RFC6439], and [RFC7177] is assumed in
this document.
3. Overview
+-----+
| RB4 |
+----------+-----+----------+
| |
| |
| Rest of campus |
| |
| |
+-+-----+--+-----+--+-----+-+
| RB1 | | RB2 | | RB3 |
+-----\ +-----+ /-----+
\ | /
\ | /
|||LAALP1
|||
+---+
| B |
+---+
H1 H2 H3 H4: VLAN 10
Figure 1: An Example Topology for TRILL Active-Active Edge
Figure 1 shows an example network for TRILL AAE (see also Figure 1 in
[RFC7379]). In this figure, end nodes (H1, H2, H3, and H4) are
attached to a bridge (B) that communicates with multiple RBridges
(RB1, RB2, and RB3) via the LAALP. Suppose that RB4 is a "remote"
RBridge not in the AAE group in the TRILL campus. This connection
model is also applicable to the virtualized environment where the
physical bridge can be replaced with a vSwitch while those bare metal
hosts are replaced with virtual machines (VMs).
Zhang, et al. Standards Track [Page 5]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
For a frame received from its attached end node sets, a member
RBridge of the AAE group conforming to this document always
encapsulates that frame using its own nickname as the ingress
nickname, regardless of whether it is unicast or multicast.
With the two options specified below, even though remote RBridge RB4
will see multiple attachments for each MAC address from one of the
end nodes, MAC address flip-flopping will not cause any problems.
4. Incremental Deployable Options
This section specifies two options. Option A requires new hardware
support. Option B can be incrementally implemented throughout a
TRILL campus with common existing TRILL "fast path" hardware.
Further details on Option B are given in Section 4.1.
Option A:
A new capability announcement would appear in LSPs: "I can cope
with data-plane learning of multiple attachments for an end node."
This mode of operation is generally not supported by existing
TRILL fast path hardware. Only if all edge RBridges to which the
group has data connectivity -- and that are interested in any of
the Data Labels in which the AAE is interested -- announce this
capability can the AAE group safely use this approach. If all
such RBridges do not announce this "Option A" capability, then a
fallback would be needed, such as reverting from active-active to
active-standby operation or isolating the RBridges that would need
to support this capability but do not support it. Further details
for Option A are beyond the scope of this document, except that,
as described in Section 4.2, a bit is reserved to indicate support
for Option A, because a remote RBridge supporting Option A is
compatible with an AAE group using Option B.
Option B:
As pointed out in Section 4.2.6 of [RFC6325] and Section 5.3 of
[RFC7357], one MAC address may be persistently claimed to be
attached to multiple RBridges within the same Data Label in the
TRILL ESADI-LSPs. For Option B, AAE member RBridges make use of
the TRILL ESADI protocol to distribute multiple attachments of a
MAC address. Remote RBridges SHOULD disable data-plane MAC
learning for such multi-attached MAC addresses from TRILL Data
packet decapsulation, unless they also support Option A. The
ability to configure an RBridge to disable data-plane learning is
provided by the base TRILL protocol [RFC6325].
Zhang, et al. Standards Track [Page 6]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
4.1. Details of Option B
With Option B, the receiving edge RBridges MUST avoid flip-flop
errors for MAC addresses learned from the TRILL Data packet
decapsulation for the originating RBridge within these Data Labels.
It is RECOMMENDED that the receiving edge RBridge disable data-plane
MAC learning from TRILL Data packet decapsulation within those
advertised Data Labels for the originating RBridge, unless the
receiving RBridge also supports Option A. Alternative
implementations that produce the same expected behavior, i.e., the
receiving edge RBridge does not flip-flop among multiple MAC
attachments, are acceptable. For example, the confidence-level
mechanism as specified in [RFC6325] can be used. Let the receiving
edge RBridge give a prevailing confidence value (e.g., 0x21) to the
first MAC attachment learned from the data plane over others from the
TRILL Data packet decapsulation. The receiving edge RBridge will
stick to this MAC attachment until it is overridden by one learned
from the ESADI protocol [RFC7357]. The MAC attachment learned from
ESADI is set to have a higher confidence value (e.g., 0x80) to
override any alternative learning from the decapsulation of received
TRILL Data packets [RFC6325].
4.1.1. Advertising Data Labels for Active-Active Edge
An RBridge in an AAE group MUST participate in ESADI in Data Labels
enabled for its attached LAALPs. This document further registers two
data flags, which are used to advertise that the originating RBridge
supports and participates in an AAE. These two flags are allocated
from the Interested VLANs Flag Bits that appear in the Interested
VLANs and Spanning Tree Roots sub-TLV and the Interested Labels Flag
Bits that appear in the Interested Labels and Spanning Tree Roots
sub-TLV [RFC7176] (see Section 8.3). When these flags are set to 1,
the originating RBridge is advertising Data Labels for LAALPs rather
than plain LAN links.
Zhang, et al. Standards Track [Page 7]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
4.1.2. Discovery of Active-Active Edge Members
Remote edge RBridges need to discover RBridges in an AAE. This is
achieved by listening to the following "AA LAALP Group RBridges"
TRILL APPsub-TLV included in the TRILL GENINFO TLV in FS-LSPs
[RFC7780]:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = AA-LAALP-GROUP-RBRIDGES| (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sender Nickname | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LAALP ID Size | (1 byte)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+...+-+-+
| LAALP ID (k bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+...+-+-+
o Type: AA LAALP Group RBridges (TRILL APPsub-TLV type 252)
o Length: 3 + k
o Sender Nickname: The nickname the originating RBridge will use as
the ingress nickname. This field is useful because the
originating RBridge might own multiple nicknames.
o LAALP ID Size: The length, k, of the LAALP ID in bytes.
o LAALP ID: The ID of the LAALP, which is k bytes long. If the
LAALP is an MC-LAG or DRNI, it is the 8-byte ID, as specified in
Clause 6.3.2 of [802.1AX].
This APPsub-TLV is expected to rarely change, as it only does so in
cases of the creation or elimination of an AAE group, or of link
failure or restoration to the CE in such a group.
Zhang, et al. Standards Track [Page 8]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
4.1.3. Advertising Learned MAC Addresses
Whenever MAC addresses from the LAALP of this AAE are learned through
ingress or configuration, the originating RBridge MUST advertise
these MAC addresses using the MAC-Reachability TLV [RFC6165] via the
ESADI protocol [RFC7357]. The MAC-Reachability TLVs are composed in
a way that each TLV only contains MAC addresses of end nodes attached
to a single LAALP. Each such TLV is enclosed in a TRILL APPsub-TLV,
defined as follows:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = AA-LAALP-GROUP-MAC | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LAALP ID Size | (1 byte)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+...+-+-+
| LAALP ID (k bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+...+-+-+
| MAC-Reachability TLV (7 + 6*n bytes) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+...+-+-+
o Type: AA LAALP Group MAC (TRILL APPsub-TLV type 253)
o Length: The MAC-Reachability TLV [RFC6165] is contained in the
value field as a sub-TLV. The total number of bytes contained in
the value field is given by k + 8 + 6*n.
o LAALP ID Size: The length, k, of the LAALP ID in bytes.
o LAALP ID: The ID of the LAALP, which is k bytes long. Here, it
also serves as the identifier of the AAE. If the LAALP is an
MC-LAG (or DRNI), it is the 8-byte ID, as specified in
Clause 6.3.2 of [802.1AX].
o MAC-Reachability sub-TLV: The AA-LAALP-GROUP-MAC APPsub-TLV value
contains the MAC-Reachability TLV as a sub-TLV (see [RFC6165];
n is the number of MAC addresses present). As specified in
Section 2.2 of [RFC7356], the Type and Length fields of the
MAC-Reachability TLV are encoded as unsigned 16-bit integers. The
1-byte unsigned confidence value, along with these TLVs, SHOULD be
set to prevail over those MAC addresses learned from TRILL Data
decapsulation by remote edge RBridges.
This AA-LAALP-GROUP-MAC APPsub-TLV MUST be included in a TRILL
GENINFO TLV [RFC7357] in the ESADI-LSP. There may be more than one
occurrence of such TRILL APPsub-TLVs in one ESADI-LSP fragment.
Zhang, et al. Standards Track [Page 9]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
For those MAC addresses contained in an AA-LAALP-GROUP-MAC
APPsub-TLV, this document applies. Otherwise, [RFC7357] applies.
For example, an AAE member RBridge continues to enclose MAC addresses
learned from TRILL Data packet decapsulation in MAC-Reachability TLVs
as per [RFC6165] and advertise them using the ESADI protocol.
When the remote RBridge learns MAC addresses contained in the
AA-LAALP-GROUP-MAC APPsub-TLV via the ESADI protocol [RFC7357], it
sends the packets destined to these MAC addresses to the closest one
(the one to which the remote RBridge has the least-cost forwarding
path) of those RBridges in the AAE identified by the LAALP ID in the
AA-LAALP-GROUP-MAC APPsub-TLV. If there are multiple equal
least-cost member RBridges, the ingress RBridge is required to select
one of them in a pseudorandom way, as specified in Section 5.3 of
[RFC7357].
When another RBridge in the same AAE group receives an ESADI-LSP with
the AA-LAALP-GROUP-MAC APPsub-TLV, it also learns MAC addresses of
those end nodes served by the corresponding LAALP. These MAC
addresses SHOULD be learned as if those end nodes are locally
attached to this RBridge itself.
An AAE member RBridge MUST use the AA-LAALP-GROUP-MAC APPsub-TLV to
advertise in ESADI the MAC addresses learned from a plain local link
(a non-LAALP link) with Data Labels that happen to be covered by the
Data Labels of any attached LAALP. The reason is that MAC learning
from TRILL Data packet decapsulation within these Data Labels at the
remote edge RBridge has normally been disabled for this RBridge.
This APPsub-TLV changes whenever the MAC reachability situation for
the LAALP changes.
Zhang, et al. Standards Track [Page 10]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
4.2. Extended RBridge Capability Flags APPsub-TLV
The following Extended RBridge Capability Flags APPsub-TLV will be
included in E-L1FS FS-LSP fragment zero [RFC7780] as an APPsub-TLV of
the TRILL GENINFO TLV:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = EXTENDED-RBRIDGE-CAP | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Topology | (2 bytes)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|E|H| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved (continued) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
o Type: Extended RBridge Capability (TRILL APPsub-TLV type 254)
o Length: Set to 10.
o Topology: Indicates the topology to which the capabilities apply.
When this field is set to zero, either topologies are not in use
or the capabilities apply to all topologies [TRILL-MT].
o E: Bit 0 of the capability bits. When this bit is set, it
indicates that the originating RBridge acts as specified in
Option B above.
o H: Bit 1 of the capability bits. When this bit is set, it
indicates that the originating RBridge keeps multiple MAC
attachments learned from TRILL Data packet decapsulation with fast
path hardware; that is, it acts as specified in Option A above.
o Reserved: Flags extending from bit 2 through bit 63 of the
capability bits. Reserved for future use. These MUST be sent as
zero and ignored on receipt.
The Extended RBridge Capability Flags TRILL APPsub-TLV is used to
notify other RBridges as to whether the originating RBridge supports
the capability indicated by the E and H bits. For example, if the
E bit is set, it indicates that the originating RBridge will act as
defined in Option B. That is, it will disable the MAC learning from
TRILL Data packet decapsulation within Data Labels advertised by AAE
RBridges while waiting for the TRILL ESADI-LSPs to distribute the
{MAC, Nickname, Data Label} association. Meanwhile, this RBridge is
able to act as an AAE RBridge. It is required that MAC addresses
Zhang, et al. Standards Track [Page 11]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
learned from local LAALPs be advertised in TRILL ESADI-LSPs, using
the AA-LAALP-GROUP-MAC APPsub-TLV, which is defined in Section 4.1.3.
If an RBridge in an AAE group, as specified herein, observes a remote
RBridge interested in one or more of that AAE group's Data Labels and
the remote RBridge does not support, as indicated by its extended
capabilities, either Option A or Option B, then the AAE group MUST
fall back to active-standby mode.
This APPsub-TLV is expected to rarely change, as it only needs to be
updated when RBridge capabilities change, e.g., due to an upgrade or
reconfiguration.
5. Meeting the Design Goals
This section explores how this specification meets the major design
goals of AAE.
5.1. No MAC Address Flip-Flopping (Normal Unicast Egress)
Since all RBridges talking with the AAE RBridges in the campus are
able to see multiple attachments for one MAC address in ESADI
[RFC7357], a MAC address learned from one AAE member will not be
overwritten by the same MAC address learned from another AAE member.
Although multiple entries for this MAC address will be created, for
return traffic the remote RBridge is required to consistently use one
of the attachments for each MAC address rather than flip-flopping
among them (see Section 4.2.6 of [RFC6325] and Section 5.3 of
[RFC7357]).
5.2. Regular Unicast/Multicast Ingress
LAALP guarantees that each frame will be sent to the AAE via exactly
one uplink. RBridges in the AAE simply follow the process per
[RFC6325] to ingress the frame. For example, each RBridge uses its
own nickname as the ingress nickname to encapsulate the frame. In
such a scenario, each RBridge takes for granted that it is the
Appointed Forwarder for the VLANs enabled on the uplink of the LAALP.
5.3. Correct Multicast Egress
A fundamental design goal of AAE is that there must be no duplication
or forwarding loop.
5.3.1. No Duplication (Single Exit Point)
When multi-destination TRILL Data packets for a specific Data Label
are received from the campus, it is important that exactly one
RBridge out of the AAE group let through each multi-destination
Zhang, et al. Standards Track [Page 12]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
packet so that no duplication will happen. The LAALP will have
defined its selection function (using hashing or an election
algorithm) to designate a forwarder for a multi-destination frame.
Since AAE member RBridges support the LAALP, they are able to utilize
that selection function to determine the single exit point. If the
output of the selection function points to the port attached to the
receiving RBridge itself (i.e., the packet should be egressed out of
this node), the receiving RBridge MUST egress this packet for that
AAE group. Otherwise, the packet MUST NOT be egressed for that AAE
group. (For ports that lead to non-AAE links, the receiving RBridge
determines whether to egress the packet or not, according to
[RFC6325], which is updated by [RFC7172].)
5.3.2. No Echo (Split Horizon)
When a multi-destination frame originated from an LAALP is ingressed
by an RBridge of an AAE group, distributed to the TRILL network, and
then received by another RBridge in the same AAE group, it is
important that this receiving RBridge does not egress this frame back
to this LAALP. Otherwise, it will cause a forwarding loop (echo).
The well-known "split horizon" technique (as discussed in
Section 2.2.1 of [RFC1058]) is used to eliminate the echo issue.
RBridges in the AAE group need to perform split horizon based on the
ingress RBridge nickname plus the VLAN of the TRILL Data packet.
They need to set up per-port filtering lists consisting of the tuple
of <ingress nickname, VLAN>. Packets with information matching any
entry in the filtering list MUST NOT be egressed out of that port.
The information for such filters is obtained by listening to the
AA-LAALP-GROUP-RBRIDGES TRILL APPsub-TLVs, as defined in
Section 4.1.2. Note that all enabled VLANs MUST be consistent on all
ports connected to an LAALP. So, the enabled VLANs need not be
included in these TRILL APPsub-TLVs. They can be locally obtained
from the port attached to that LAALP. By parsing these APPsub-TLVs,
the receiving RBridge discovers all other RBridges connected to the
same LAALP. The Sender Nickname of the originating RBridge will be
added to the filtering list of the port attached to the LAALP. For
example, RB3 in Figure 1 will set up a filtering list that looks like
{<RB1, VLAN 10>, <RB2, VLAN 10>} on its port attached to LAALP1.
According to split horizon, TRILL Data packets within VLAN 10
ingressed by RB1 or RB2 will not be egressed out of this port.
When there are multiple LAALPs connected to the same RBridge, these
LAALPs may have VLANs that overlap. Here, a VLAN overlap means that
this VLAN ID is enabled by multiple LAALPs. A customer may require
that hosts within these overlapped VLANs communicate with each other.
Zhang, et al. Standards Track [Page 13]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
Appendix A provides several scenarios to explain how hosts
communicate within the overlapped VLANs and how split horizon
happens.
5.4. No Black-Hole or Triangular Forwarding
If a sub-link of the LAALP fails while remote RBridges continue to
send packets towards the failed port, a black-hole happens. If the
AAE member RBridge with that failed port starts to redirect the
packets to other member RBridges for delivery, triangular forwarding
occurs.
The member RBridge attached to the failed sub-link makes use of the
ESADI protocol to flush those MAC addresses affected by the failure,
as defined in Section 5.2 of [RFC7357]. After doing that, no packets
will be sent towards the failed port, and hence no black-hole will
happen. Nor will the member RBridge need to redirect packets to
other member RBridges; thus, triangular forwarding is avoided.
5.5. Load Balance towards the AAE
Since a remote RBridge can see multiple attachments of one MAC
address in ESADI, this remote RBridge can choose to spread the
traffic towards the AAE members on a per-flow basis. Each of them is
able to act as the egress point. In doing this, the forwarding paths
need not be limited to the least-cost path selection from the ingress
RBridge to the AAE RBridges. The traffic load from the remote
RBridge towards the AAE RBridges can be balanced based on a
pseudorandom selection method (see Section 4.1.3).
Note that the load-balance method adopted at a remote ingress RBridge
is not to replace the load-balance mechanism of LAALP. These two
load-spreading mechanisms should take effect separately.
5.6. Scalability
With Option A, multiple attachments need to be recorded for a MAC
address learned from AAE RBridges. More entries may be consumed in
the MAC learning table. However, MAC addresses attached to an LAALP
are usually only a small part of all MAC addresses in the whole TRILL
campus. As a result, the extra table memory space required by
multi-attached MAC addresses can usually be accommodated in an
RBridge's unused MAC table space.
Zhang, et al. Standards Track [Page 14]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
With Option B, remote RBridges will keep the multiple attachments of
a MAC address in the ESADI link-state databases, which are usually
maintained by software. In the MAC table, which is normally
implemented in hardware, an RBridge still establishes only one entry
for each MAC address.
6. E-L1FS Backward Compatibility
The Extended TLVs defined in Sections 4.1.2, 4.1.3, and 4.2 of this
document are to be used in an Extended Level 1 Flooding Scope
(E-L1FS) PDU [RFC7356] [RFC7780]. For those RBridges that do not
support E-L1FS, the EXTENDED-RBRIDGE-CAP TRILL APPsub-TLV will not be
sent out either, and MAC multi-attach active-active is not supported.
7. Security Considerations
For security considerations pertaining to extensions transported by
TRILL ESADI, see the Security Considerations section in [RFC7357].
For extensions not transported by TRILL ESADI, RBridges may be
configured to include the IS-IS Authentication TLV (10) in the IS-IS
PDUs to use IS-IS security [RFC5304] [RFC5310].
Since currently deployed LAALPs [RFC7379] are proprietary, security
over membership in, and internal management of, AAE groups is
proprietary. In environments where the above authentication is not
adopted, a rogue RBridge that insinuates itself into an AAE group can
disrupt end-station traffic flowing into or out of that group. For
example, if there are N RBridges in the group, it could typically
control 1/Nth of the traffic flowing out of that group and a similar
amount of unicast traffic flowing into that group.
For general TRILL security considerations, see [RFC6325].
Zhang, et al. Standards Track [Page 15]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
8. IANA Considerations
8.1. TRILL APPsub-TLVs
IANA has allocated three new types under the TRILL GENINFO TLV
[RFC7357] for the TRILL APPsub-TLVs defined in Sections 4.1.2, 4.1.3,
and 4.2 of this document. The following entries have been added to
the "TRILL APPsub-TLV Types under IS-IS TLV 251 Application
Identifier 1" registry on the TRILL Parameters IANA web page.
Type Name Reference
---- ---- ---------
252 AA-LAALP-GROUP-RBRIDGES RFC 7782
253 AA-LAALP-GROUP-MAC RFC 7782
254 EXTENDED-RBRIDGE-CAP RFC 7782
8.2. Extended RBridge Capabilities Registry
IANA has created a registry under the "Transparent
Interconnection of Lots of Links (TRILL) Parameters" registry
as follows:
Name: Extended RBridge Capabilities
Registration Procedure: Expert Review
Reference: RFC 7782
Bit Mnemonic Description Reference
---- -------- ----------- ---------
0 E Option B Support RFC 7782
1 H Option A Support RFC 7782
2-63 - Unassigned
Zhang, et al. Standards Track [Page 16]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
8.3. Active-Active Flags
IANA has allocated two flag bits, with mnemonic "AA", as follows:
One flag bit is allocated from the Interested VLANs Flag Bits.
Bit Mnemonic Description Reference
--- -------- ----------- ---------
16 AA VLANs for Active-Active RFC 7782
One flag bit is allocated from the Interested Labels Flag Bits.
Bit Mnemonic Description Reference
--- -------- ----------- ---------
4 AA FGLs for Active-Active RFC 7782
9. References
9.1. Normative References
[802.1AX] IEEE, "IEEE Standard for Local and metropolitan area
networks - Link Aggregation", IEEE Std 802.1AX-2014,
DOI 10.1109/IEEESTD.2014.7055197, December 2014.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC6165] Banerjee, A. and D. Ward, "Extensions to IS-IS for Layer-2
Systems", RFC 6165, DOI 10.17487/RFC6165, April 2011,
<http://www.rfc-editor.org/info/rfc6165>.
[RFC6325] Perlman, R., Eastlake 3rd, D., Dutt, D., Gai, S., and A.
Ghanwani, "Routing Bridges (RBridges): Base Protocol
Specification", RFC 6325, DOI 10.17487/RFC6325, July 2011,
<http://www.rfc-editor.org/info/rfc6325>.
[RFC6439] Perlman, R., Eastlake, D., Li, Y., Banerjee, A., and F.
Hu, "Routing Bridges (RBridges): Appointed Forwarders",
RFC 6439, DOI 10.17487/RFC6439, November 2011,
<http://www.rfc-editor.org/info/rfc6439>.
[RFC7172] Eastlake 3rd, D., Zhang, M., Agarwal, P., Perlman, R., and
D. Dutt, "Transparent Interconnection of Lots of Links
(TRILL): Fine-Grained Labeling", RFC 7172,
DOI 10.17487/RFC7172, May 2014,
<http://www.rfc-editor.org/info/rfc7172>.
Zhang, et al. Standards Track [Page 17]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
[RFC7176] Eastlake 3rd, D., Senevirathne, T., Ghanwani, A., Dutt,
D., and A. Banerjee, "Transparent Interconnection of Lots
of Links (TRILL) Use of IS-IS", RFC 7176,
DOI 10.17487/RFC7176, May 2014,
<http://www.rfc-editor.org/info/rfc7176>.
[RFC7177] Eastlake 3rd, D., Perlman, R., Ghanwani, A., Yang, H., and
V. Manral, "Transparent Interconnection of Lots of Links
(TRILL): Adjacency", RFC 7177, DOI 10.17487/RFC7177,
May 2014, <http://www.rfc-editor.org/info/rfc7177>.
[RFC7356] Ginsberg, L., Previdi, S., and Y. Yang, "IS-IS Flooding
Scope Link State PDUs (LSPs)", RFC 7356,
DOI 10.17487/RFC7356, September 2014,
<http://www.rfc-editor.org/info/rfc7356>.
[RFC7357] Zhai, H., Hu, F., Perlman, R., Eastlake 3rd, D., and O.
Stokes, "Transparent Interconnection of Lots of Links
(TRILL): End Station Address Distribution Information
(ESADI) Protocol", RFC 7357, DOI 10.17487/RFC7357,
September 2014, <http://www.rfc-editor.org/info/rfc7357>.
[RFC7780] Eastlake 3rd, D., Zhang, M., Perlman, R., Banerjee, A.,
Ghanwani, A., and S. Gupta, "Transparent Interconnection
of Lots of Links (TRILL): Clarifications, Corrections, and
Updates", RFC 7780, DOI 10.17487/RFC7780, February 2016,
<http://www.rfc-editor.org/info/rfc7780>.
Zhang, et al. Standards Track [Page 18]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
9.2. Informative References
[IS-IS] International Organization for Standardization,
"Information technology -- Telecommunications and
information exchange between systems -- Intermediate
System to Intermediate System intra-domain routeing
information exchange protocol for use in conjunction with
the protocol for providing the connectionless-mode network
service (ISO 8473)", ISO/IEC 10589:2002, Second Edition,
November 2002.
[RFC1058] Hedrick, C., "Routing Information Protocol", RFC 1058,
DOI 10.17487/RFC1058, June 1988,
<http://www.rfc-editor.org/info/rfc1058>.
[RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic
Authentication", RFC 5304, DOI 10.17487/RFC5304,
October 2008, <http://www.rfc-editor.org/info/rfc5304>.
[RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R.,
and M. Fanto, "IS-IS Generic Cryptographic
Authentication", RFC 5310, DOI 10.17487/RFC5310,
February 2009, <http://www.rfc-editor.org/info/rfc5310>.
[RFC7379] Li, Y., Hao, W., Perlman, R., Hudson, J., and H. Zhai,
"Problem Statement and Goals for Active-Active Connection
at the Transparent Interconnection of Lots of Links
(TRILL) Edge", RFC 7379, DOI 10.17487/RFC7379,
October 2014, <http://www.rfc-editor.org/info/rfc7379>.
[RFC7781] Zhai, H., Senevirathne, T., Perlman, R., Zhang, M., and Y.
Li, "Transparent Interconnection of Lots of Links (TRILL):
Pseudo-Nickname for Active-Active Access", RFC 7781,
DOI 10.17487/RFC7781, February 2016,
<http://www.rfc-editor.org/info/rfc7781>.
[TRILL-MT] Eastlake 3rd, D., Zhang, M., Banerjee, A., and V. Manral,
"TRILL: Multi-Topology", Work in Progress,
draft-ietf-trill-multi-topology-00, September 2015.
Zhang, et al. Standards Track [Page 19]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
Appendix A. Scenarios for Split Horizon
+------------------+ +------------------+ +------------------+
| RB1 | | RB2 | | RB3 |
+------------------+ +------------------+ +------------------+
L1 L2 L3 L1 L2 L3 L1 L2 L3
VL10-20 VL15-25 VL15 VL10-20 VL15-25 VL15 VL10-20 VL15-25 VL15
LAALP1 LAALP2 LAN LAALP1 LAALP2 LAN LAALP1 LAALP2 LAN
B1 B2 B10 B1 B2 B20 B1 B2 B30
Figure 2: An Example Topology to Explain Split Horizon
Suppose that RB1, RB2, and RB3 are the active-active group connecting
LAALP1 and LAALP2. LAALP1 and LAALP2 are connected to B1 and B2 at
their other ends. Suppose that all these RBridges use port L1 to
connect LAALP1 while they use port L2 to connect LAALP2. Assume that
all three L1 ports enable VLANs 10-20 while all three L2 ports enable
VLANs 15-25, so that there is an overlap of VLANs 15-20. A customer
may require that hosts within these overlapped VLANs communicate with
each other. That is, hosts attached to B1 in VLANs 15-20 need to
communicate with hosts attached to B2 in VLANs 15-20. Assume that
the remote plain RBridge RB4 also has hosts attached in VLANs 15-20
that need to communicate with those hosts in these VLANs attached to
B1 and B2.
There are two major requirements:
1. Frames ingressed from RB1-L1-VLANs 15-20 MUST NOT be egressed out
of ports RB2-L1 and RB3-L1.
2. At the same time, frames coming from B1-VLANs 15-20 should reach
B2-VLANs 15-20.
RB3 stores the information for split horizon on its ports L1 and L2.
On L1: {<ingress_nickname_RB1, VLANs 10-20>,
<ingress_nickname_RB2, VLANs 10-20>}.
On L2: {<ingress_nickname_RB1, VLANs 15-25>,
<ingress_nickname_RB2, VLANs 15-25>}.
Zhang, et al. Standards Track [Page 20]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
Five clarification scenarios follow:
a. Suppose that RB2 or RB3 receives a TRILL multi-destination data
packet with VLAN 15 and ingress_nickname_RB1. RB3 is the single
exit point (selected according to the hashing function of LAALP)
for this packet. On ports L1 and L2, RB3 has covered
<ingress_nickname_RB1, VLAN 15>, so that RB3 will not egress this
packet out of either L1 or L2. Here, "split horizon" happens.
Beforehand, RB1 obtains a native frame on port L1 from B1 in
VLAN 15. RB1 determines that it should be forwarded as a
multi-destination packet across the TRILL campus. Also, RB1
replicates this frame without TRILL encapsulation and sends it out
of port L2, so that B2 will get this frame.
b. Suppose that RB2 or RB3 receives a TRILL multi-destination data
packet with VLAN 15 and ingress_nickname_RB4. RB3 is the single
exit point. On ports L1 and L2, since RB3 has not stored any
tuple with ingress_nickname_RB4, RB3 will decapsulate the packet
and egress it out of both ports L1 and L2. So, both B1 and B2
will receive the frame.
c. Suppose that there is a plain LAN link port L3 on RB1, RB2, and
RB3, connecting to B10, B20, and B30, respectively. These L3
ports happen to be configured with VLAN 15. On port L3, RB2 and
RB3 store no information for split horizon for AAE (since this
port has not been configured to be in any LAALP). They will
egress the packet ingressed from RB1-L1 in VLAN 15.
d. If a packet is ingressed from RB1-L1 or RB1-L2 with VLAN 15,
port RB1-L3 will not egress packets with ingress_nickname_RB1.
RB1 needs to replicate this frame without encapsulation and sends
it out of port L3. This kind of "bounce" behavior for
multi-destination frames is just as specified in paragraph 3 of
Section 4.6.1.2 of [RFC6325].
e. If a packet is ingressed from RB1-L3, since RB1-L1 and RB1-L2
cannot egress packets with VLAN 15 and ingress_nickname_RB1, RB1
needs to replicate this frame without encapsulation and sends it
out of ports L1 and L2. (Also see paragraph 3 of Section 4.6.1.2
of [RFC6325].)
Acknowledgments
The authors would like to thank the following people for their
comments and suggestions: Andrew Qu, Donald Eastlake, Erik Nordmark,
Fangwei Hu, Liang Xia, Weiguo Hao, Yizhou Li, and Mukhtiar Shaikh.
Zhang, et al. Standards Track [Page 21]
RFC 7782 Multi-Attach for Active-Active Edge February 2016
Authors' Addresses
Mingui Zhang
Huawei Technologies
No. 156 Beiqing Rd., Haidian District
Beijing 100095
China
Email: zhangmingui@huawei.com
Radia Perlman
EMC
2010 256th Avenue NE, #200
Bellevue, WA 98007
United States
Email: radia@alum.mit.edu
Hongjun Zhai
Nanjing Astute Software Technology Co. Ltd
57 Andemen Avenue, Yuhuatai District
Nanjing, Jiangsu 210016
China
Email: honjun.zhai@tom.com
Muhammad Durrani
Cisco Systems
170 West Tasman Dr.
San Jose, CA 95134
United States
Email: mdurrani@cisco.com
Sujay Gupta
IP Infusion
RMZ Centennial
Mahadevapura Post
Bangalore 560048
India
Email: sujay.gupta@ipinfusion.com
Zhang, et al. Standards Track [Page 22]