1 / 18

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt. SSA Attribute draft-kapoor-nalawade-idr-bgp-ssa-01.txt. Changes over previous version. draft-nalawade-kapoor-tunnel-safi-03.txt. 4 more TLVs specified MPLS IPSec GRE in IPSec L2TPv3 in IPSec

gayora
Télécharger la présentation

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tunnel SAFIdraft-nalawade-kapoor-tunnel-safi-03.txt SSA Attribute draft-kapoor-nalawade-idr-bgp-ssa-01.txt

  2. Changes over previous version

  3. draft-nalawade-kapoor-tunnel-safi-03.txt • 4 more TLVs specified • MPLS • IPSec • GRE in IPSec • L2TPv3 in IPSec • Specified application and operation of MPLS VPNs over IP Tunnels • Specified application and operation of MPLS VPNs over IPSec Tunnels

  4. draft-kapoor-nalawade-idr-bgp-ssa-01.txt • Length portion of the TLVs clarified • Type field contains a Transitive bit that indicates the transitivity of a TLV • IETF feedback accepted and the attribute made specific for use by the Tunnel SAFI

  5. draft-kapoor-nalawade-idr-bgp-ssa-01.txt • The SSA Attribute carries information about a given Tunnel in a set of one or more Tunnel TLVs • Each TLV carries a Tunnel capability and information • The Sender can express preference for a specific Tunnel type in each TLV • This addresses the case where a receiving PE may understand only a subset of the Tunnel Capabilities • Each TLV can be marked Transitive

  6. Tunnel SAFI Applicability and Motivation

  7. Tunnel SAFI Motivation • PE-PE Connectivity via MPLS LSP may not be viable (no label path) • Multicast VPN (awaiting MultiPoint-LSP models) • Transit via non-MPLS domains • Migrations between IP and MPLS • BGP VPN Auto-Discovery of L2VPN and L3VPN Tunnels • PE-PE Tunnels Preferred / Required • PE-PE Protection of IP Tunnel with IPSec

  8. Multi-Point Tunnels ------- ------- | | | | | PE1 | | PE2 | | | | | --o-o-- ---o--- | || ||| | \| \ ----------------------------/ \ \/ MP-LSP MP-GRE / \ \ / -------------------------- \ | \ | || | | | | ---o--- --o-o-- | | | | | PE3 | | PE4| | | | | ------- ------- Two Tunnel Types: Multipoint LSP and Multipoint GRE -> PE1 and PE4 decision criteria must be defined PE1 PE2 PSN PE3 PE4

  9. Hybrid Intra-AS ------ ------ | | | | | PE1 | | PE2 | -----> | | <----IPtunnel MPLS-----> | | | ---o--- | | ---o--- | | | | | | ........ v v ........ | . . . . | . . ------- ------- . . | . .--| | | |--. . IPtunnel . PSN . |ASBR1|---|ASBR2| . PSN . | . .--| | | |--. . | . . ------- ------- . . | . . . . | ........ o<- BGP+ ->o ........ || | ^ LABELS ^ | | --o-o-- | | ---o--- ----->| | <---MPLS MPLS----> | | |PE3 | | PE4 | || | | ------- ------- Two Tunnel Types at ASBR1 and PE3: -> ASBR1 needs to implement NULL-LSP to ASBR2, IPt to PE1, LSP to PE3 -> PE3 needs to distinguish LSP to ASBR1 and IPt to PE1 PE1 PE2 PSN PSN ASBR 1 ASBR 2 PE3 PE4

  10. Extended AS via IP ------------- | | <----------IPt----------> | | | PE1 || PE2 | ----> | | <---MPLS IPv4 ---> | | | --o-o-- | | ---o--- | | | | | | | ........ v v ........ | . . . . | . . ------ ------ . . | . .--| | | |--. . MPLS . PSN . |ASBR|-----|ASBR| . INET . | . .--| | | |--. . | . . ------ ------ . . | . . . . | ........ O <- IPv4 -> o ........ | | | ^ ^ | | --o-o-- | | ---o--- |----> | | <--MPLS IPv4 ---> | | | PE3|| PE4 | | |<----------IPt----------> | | -------------- Two Tunnel Types: LSP Intra-domain, IPtunnel Inter-domain -> PE1 and PE3 must discern the tunnel type and tunnel endpoint for off net PE2 and PE4 PE1 PE2 PSN INET ASBR 1 ASBR 2 PE3 PE4

  11. Extended Inter-AS via IP ------- ------- | | <---MPLS ---IPt---------->| | | PE1 | | | | PE2 | ----> | | | | IPv4 ---> | | | --o--- | | | ---o--- | | | | | | | | ........ v v v ........ | . . . . | . . ------- ------- . . | . .--| | | |--. . MPLS . PSN . |ASBR1|----|ASBR2| . INET . | . .--| | | |--. . | . . ------- ------- . . | . . . . | ....... o o<-IPv4-> o ........ | | | ^ ^ ^ | | ---o--- | | | ---o--- ----> | | | | IPv4 ---> | | | PE3 | | | | PE4 | | | <--MPLS ---IPt---------->| | ------- ------- Type Tunnel Types: LSP and IPtunnel -> ASBR1 must discern LSP for Intra-domain and IPt for Inter-domain PE1 ASBR3 PSN INET ASBR 1 ASBR 2 PE3 ASBR4

  12. Tunneling Issues • Various Tunneling techniques between MPLS VPN PE • IPSec, LSP, MP-LSP, GRE, L2TPv3, IP, GRE+IPSec, … • Synchronization Issue • Egress PE doesn’t know the capabilities of the Ingress PE • Ingress PE confirmation of the egress PE’s tunneling capability state • Egress PE may have a subset of tunneling capabilities • Tunnel type may have unique attributes • Achieving this through manual configuration is impractical for scalable deployment

  13. Tunneling Characteristics • Tunneling is a PE capability • Tunnel provides ‘connection’ to BGP Next Hop address • Tunnel end-point: • MAY be the BGP Next-Hop Network Address (Unicast) • An alternate Network Address (Unicast or Multicast)

  14. Tunnel Advertisement Goals • VPN prefixes may have an affinity to a particular tunnel type (secured/non-secured) • Undesirable to Establish an IGP inside the Tunnel (the BGP Next Hop is directly reachable via the tunnel end-point) • Ingress PE may select an appropriate tunneling mechanism based on the following: • Tunnel end-point reachability • Egress PE capabilities • Egress PE preferences • Local preferences that may override the Egress PE preferences

  15. Proposed Tunnel SAFI Attributes • Distribution of • Tunnel Capabilities • Tunnel Attributes • Tunnel Identifier • Shared Tunnel Demultiplexor • Tunnel Authentication Info (Keys, Cookies, IKE Identities) • Tunnel Preferences • Tunnel End-point Addresses • Etc.

  16. Tunnel Capability Advertisement • MP-EXT Capability • Advertised IPv4 or IPv6 Tunnel Capability for a specific AFI/SAFI • BGP Next-hop Prefixes Advertised for Tunnel AFI/SAFI • BGP SSA Attributes (now specific to the Tunnel SAFI) advertised to the peer

  17. Applicability • BGP Auto-Discovery (draft-ietf-l3vpn-bgpvpn-auto-06.txt): Minimal tunnel information in the VPN discovery process • PE-PE IPSec (draft-ietf-l3vpn-ipsec-2547-04.txt): Affinity of VRF to IPSec Tunnel Capability • 2547bis via GRE/IP (draft-ietf-l3vpn-gre-ip-2547-04): Dynamic Establishment of Tunnels • Multicast VPN (draft-ietf-l3vpn-2547bis-mcast-00.txt): MVPN Tunnels

  18. Proposal • Accept as a Working Group Document

More Related