Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt.

Similar presentations


Presentation on theme: "Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt."— Presentation transcript:

1 Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt

2 Changes over previous version

3 draft-nalawade-kapoor- tunnel-safi-03.txt 4 more TLVs specified –MPLS –IPSec –GRE in IPSec –L2TPv3 in IPSec Specified application and operation of MPLS VPNs over IP Tunnels Specified application and operation of MPLS VPNs over IPSec Tunnels

4 draft-kapoor-nalawade-idr- bgp-ssa-01.txt Length portion of the TLVs clarified Type field contains a Transitive bit that indicates the transitivity of a TLV IETF feedback accepted and the attribute made specific for use by the Tunnel SAFI

5 draft-kapoor-nalawade-idr- bgp-ssa-01.txt The SSA Attribute carries information about a given Tunnel in a set of one or more Tunnel TLVs Each TLV carries a Tunnel capability and information The Sender can express preference for a specific Tunnel type in each TLV This addresses the case where a receiving PE may understand only a subset of the Tunnel Capabilities Each TLV can be marked Transitive

6 Tunnel SAFI Applicability and Motivation

7 Tunnel SAFI Motivation PE-PE Connectivity via MPLS LSP may not be viable (no label path) Multicast VPN (awaiting MultiPoint-LSP models) Transit via non-MPLS domains Migrations between IP and MPLS BGP VPN Auto-Discovery of L2VPN and L3VPN Tunnels PE-PE Tunnels Preferred / Required PE-PE Protection of IP Tunnel with IPSec

8 PSN Multi-Point Tunnels ------- ------- | | | | | PE1 | | PE2 | | | | | --o-o-- ---o--- | | | | \ | \ ---------------------------- / \ \ / MP-LSP MP-GRE / \ \ / -------------------------- \ | \ | | | | ---o--- --o-o-- | | | | | PE3 | | PE4 | | | | | ------- ------- Two Tunnel Types: Multipoint LSP and Multipoint GRE -> PE1 and PE4 decision criteria must be defined PE1PE2 PE3PE4

9 Hybrid Intra-AS ------ ------ | | | | | PE1 | | PE2 | -----> | | | | | ---o--- | | ---o--- | | | | | |........ v v........ |.... |.. ------- -------.. |..--| | | |--.. IPtunnel. PSN. |ASBR1|---|ASBR2|. PSN. |..--| | | |--.. |.. ------- -------.. |.... |........ o o........ | | | ^ LABELS ^ | | --o-o-- | | ---o--- -----> | | | | | PE3 | | PE4 | | | | | ------- ------- Two Tunnel Types at ASBR1 and PE3: -> ASBR1 needs to implement NULL-LSP to ASBR2, IPt to PE1, LSP to PE3 -> PE3 needs to distinguish LSP to ASBR1 and IPt to PE1 PE1PE2 PE4PE3 ASBR 1 ASBR 2 PSN

10 Extended AS via IP ------- ------ | | | | | PE1 | | PE2 | ----> | | | | | --o-o-- | | ---o--- | | | | | | |........ v v........ |.... |.. ------ ------.. |..--| | | |--.. MPLS. PSN. |ASBR|-----|ASBR|. INET. |..--| | | |--.. |.. ------ ------.. |.... |........ O o........ | | | ^ ^ | | --o-o-- | | ---o--- |----> | | | | | PE3 | | PE4 | | | | | ------- ------- Two Tunnel Types: LSP Intra-domain, IPtunnel Inter- domain -> PE1 and PE3 must discern the tunnel type and tunnel endpoint for off net PE2 and PE4 PE2 PE4 PE3 ASBR 1 ASBR 2 PE1 PSNINET

11 Extended Inter-AS via IP ------- ------- | | | | | PE1 | | | | PE2 | ----> | | | | IPv4 ---> | | | --o--- | | | ---o--- | | | | | | | |........ v v v........ |.... |.. ------- -------.. |..--| | | |--.. MPLS. PSN. |ASBR1|----|ASBR2|. INET. |..--| | | |--.. |.. ------- -------.. |.... |....... o o o........ | | | ^ ^ ^ | | ---o--- | | | ---o--- ----> | | | | IPv4 ---> | | | PE3 | | | | PE4 | | | | | ------- ------- Type Tunnel Types: LSP and IPtunnel -> ASBR1 must discern LSP for Intra-domain and IPt for Inter-domain ASBR3 ASBR4PE3 ASBR 1 ASBR 2 PE1 PSNINET

12 Tunneling Issues Various Tunneling techniques between MPLS VPN PE –IPSec, LSP, MP-LSP, GRE, L2TPv3, IP, GRE+IPSec, … Synchronization Issue –Egress PE doesn’t know the capabilities of the Ingress PE –Ingress PE confirmation of the egress PE’s tunneling capability state Egress PE may have a subset of tunneling capabilities Tunnel type may have unique attributes Achieving this through manual configuration is impractical for scalable deployment

13 Tunneling Characteristics Tunneling is a PE capability Tunnel provides ‘connection’ to BGP Next Hop address Tunnel end-point: –MAY be the BGP Next-Hop Network Address (Unicast) –An alternate Network Address (Unicast or Multicast)

14 Tunnel Advertisement Goals VPN prefixes may have an affinity to a particular tunnel type (secured/non- secured) Undesirable to Establish an IGP inside the Tunnel (the BGP Next Hop is directly reachable via the tunnel end-point) Ingress PE may select an appropriate tunneling mechanism based on the following: –Tunnel end-point reachability –Egress PE capabilities –Egress PE preferences –Local preferences that may override the Egress PE preferences

15 Proposed Tunnel SAFI Attributes Distribution of –Tunnel Capabilities –Tunnel Attributes Tunnel Identifier Shared Tunnel Demultiplexor Tunnel Authentication Info (Keys, Cookies, IKE Identities) –Tunnel Preferences –Tunnel End-point Addresses –Etc.

16 Tunnel Capability Advertisement MP-EXT Capability –Advertised IPv4 or IPv6 Tunnel Capability for a specific AFI/SAFI BGP Next-hop Prefixes Advertised for Tunnel AFI/SAFI BGP SSA Attributes (now specific to the Tunnel SAFI) advertised to the peer

17 Applicability BGP Auto-Discovery (draft-ietf- l3vpn-bgpvpn-auto-06.txt): Minimal tunnel information in the VPN discovery process PE-PE IPSec (draft-ietf-l3vpn-ipsec- 2547-04.txt): Affinity of VRF to IPSec Tunnel Capability 2547bis via GRE/IP (draft-ietf- l3vpn-gre-ip-2547-04): Dynamic Establishment of Tunnels Multicast VPN (draft-ietf-l3vpn- 2547bis-mcast-00.txt): MVPN Tunnels

18 Proposal Accept as a Working Group Document


Download ppt "Tunnel SAFI draft-nalawade-kapoor-tunnel- safi-03.txt SSA Attribute draft-kapoor-nalawade-idr- bgp-ssa-01.txt."

Similar presentations


Ads by Google