www.huawei.com
Virtual Subnet : A L3VPN-based Subnet Extension Solution
draft-xu-l3vpn-virtual-subnet-01
Xiaohu Xu (Huawei) Susan Hares (Adara Networks) Yongbing Fan (China Telecom) Christian Jacquenet (Orange)
Truman Boyes (Bloomberg LP) Brendan Fee (Extreme Networks)
IETF88, Vancouver
Virtual Subnet at a Glance: Control Plane Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 1.1.1.2 Direct 1.1.1.3/32 PE-2 BGP 1.1.1.0/24 1.1.1.1 Direct
VPN Subnet: 1.1.1.0/24
Host B: 1.1.1.3/24
MPLS/IP Backbone
PE-1
DC #1
PE-2
Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 PE-1 BGP 1.1.1.3/32 1.1.1.3 Direct 1.1.1.0/24 1.1.1.1 Direct
Host A: 1.1.1.2/24
VRF: VRF:
DC #2
Host route distribution via L3VPN signaling
Host discovery based on ARP/ND/VDP etc.
11
3
2 2
Host route creation for local hosts.
1.1.1.1/24 1.1.1.1/24
Host route creation for local hosts.
Host discovery based on ARP/ND/VDP etc.
l Local CE hosts are discovered based on ARP/ND, VDP or even the interaction with the data center orchestration system.
l Host routes for local CE hosts are created automatically on PE routers and then propagated to remote PE routers via L3VPN signaling.
Virtual Subnet at a Glance: Data Plane
l PE routers acting as ARP proxies respond with their own MAC addresses to the ARP requests messages for remote CE hosts from local CE hosts.
l Intra-subnet traffic across data centers is forwarded according to the L3VPN forwarding process.
VPN Subnet: 1.1.1.0/24
Host B: 1.1.1.3/24
PE-1
DC #1
PE-2
Host A: 1.1.1.2/24
IP(A)->IP(B) VPN Label
Tunnel to PE-2
IP(A)->IP(B) VLAN ID
MAC(PE-2)->MAC(B)
DC #2
2Route
look-up
3
4
ARP Proxy
ARP Proxy
IP(A)->IP(B) VLAN ID
MAC(A)->MAC(PE-1) 1
Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 PE-1 BGP 1.1.1.3/32 1.1.1.3 Direct 1.1.1.0/24 1.1.1.1 Direct
Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 1.1.1.2 Direct 1.1.1.3/32 PE-2 BGP 1.1.1.0/24 1.1.1.1 Direct
VRF: VRF:
1.1.1.1/24 1.1.1.1/24
Route look-up
5
MPLS/IP Backbone
IP MAC IP(B) MAC(PE-1)
ARP Table:
0
VM (CE Host) Mobility
l The new PE router (i.e., PE-2) advertises a host route for the arriving VM upon receiving a notification of VM attachment (e.g., a gratuitous ARP ).
l The old PE router (i.e., PE-1) withdraws the host route for the moved VM after noticing the leave of that VM. Meanwhile, it would broadcast a gratuitous ARP on behalf of that CE host with source MAC address being one of its own.
VPN Subnet: 1.1.1.0/24
Host B 1.1.1.3/24
PE-1 PE-2
Host A 1.1.1.2/24
DC #1 DC #2
Gratuitous ARP
1
BGP route update for host C 3
Gratuitous ARP IP(C)->MAC(PE-1)
5
Create local host route for host C
2
Update host route for host C
4
0 Host C moves from DC#1 to DC#2
ARP Proxy
ARP Proxy
Host C 1.1.1.4/24
Host C 1.1.1.4/24
MPLS/IP Backbone 1.1.1.1/24 1.1.1.1/24
Confine MAC Learning, Flooding and Failure Domains
VPN Subnet: 1.1.1.0/24
MPLS/IP Backbone
MAC learning, Flooding and Failure
domain #1
DC #1 DC #2
IP(A)->IP(B) VLAN ID
MAC(PE-2)->MAC(B)
Host D Host B Host C Host A
IP(A)->IP(B) VLAN ID
MAC(A)->MAC(PE-1)
PE-1 ARP
Proxy
PE-2 ARP
Proxy DC Switch
DC Switch
l MAC learning domain is confined within data centers. Therefore, switches within data centers only need to learn MAC addresses of local CE hosts.
l Flooding and failure domains are confined within data centers. As such, multicast/broadcast protocol messages (e.g., ARP/DHCP/IGMP/STP/VRRP ) from customer networks are terminated on PE routers. In addition, no flood of unknown unicast across data centers.
MAC learning, Flooding and Failure
domain #2
Optimal Forwarding for North-South Traffic
VPN Subnet: 1.1.1.0/24 DC #1 DC #2
ARP Proxy
ARP Proxy
PE-3
PE-1 PE-2
Cloud User Prefix Next-hop Protocol 1.1.1.2/32 PE-1 BGP 1.1.1.3/32 PE-2 BGP 2.2.2.0/24 2.2.2.2 Direct 2.2.2.2/32 127.0.0.1 Direct
VRF:
Host B: 1.1.1.3/24 GW:1.1.1.1
Host A: 1.1.1.2/24 GW:1.1.1.1
MPLS/IP Backbone
VPN Subnet: 2.2.2.0/24
l Host routes for CE hosts within data centers are propagated to remote PE routers to which cloud users are connected. Therefore, north-to-south traffic would be delivered to the right data center without traffic tromboning.
l PE routers of each data center are default GWs. Therefore, south-to-north traffic would be forwarded to cloud users without traffic tromboning as well.
1.1.1.1/24 1.1.1.1/24
Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 1.1.1.2 Direct 1.1.1.3/32 PE-2 BGP 1.1.1.0/24 1.1.1.1 Direct 2.2.2.0/24 PE-3 BGP
VRF:
Prefix Next-hop Protocol 1.1.1.1/32 127.0.0.1 Direct 1.1.1.2/32 PE-1 BGP 1.1.1.3/32 1.1.1.3 Direct 1.1.1.0/24 1.1.1.1 Direct 2.2.2.0/24 PE-3 BGP
Considerations for Non-IP traffic
l Virtual Subnet is a Layer3 overlay in which IP traffic including both intra-subnet and inter-subnet would be forwarded at Layer3.
l To support non-IP traffic further, the unified L2/L3 overlay approach following the idea of “route all IP traffic, bridge non-IP traffic” could be considered (e.g., IP traffic is forwarded by using the Virtual Subnet while non-IP traffic is forwarded across Layer2 overlays (e.g., VPLS) .
Next Steps
l Implementations are already available.
l We co-authors believe this draft is ready for WG adoption.