Tunnel safi draft nalawade kapoor tunnel safi 03 txt
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt PowerPoint PPT Presentation


  • 101 Views
  • Uploaded on
  • Presentation posted in: General

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt. SSA Attribute draft-kapoor-nalawade-idr-bgp-ssa-01.txt. Changes over previous version. draft-nalawade-kapoor-tunnel-safi-03.txt. 4 more TLVs specified MPLS IPSec GRE in IPSec L2TPv3 in IPSec

Download Presentation

Tunnel SAFI draft-nalawade-kapoor-tunnel-safi-03.txt

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Tunnel safi draft nalawade kapoor tunnel safi 03 txt

Tunnel SAFIdraft-nalawade-kapoor-tunnel-safi-03.txt

SSA Attribute

draft-kapoor-nalawade-idr-bgp-ssa-01.txt


Changes over previous version

Changes over previous version


Draft nalawade kapoor tunnel safi 03 txt

draft-nalawade-kapoor-tunnel-safi-03.txt

  • 4 more TLVs specified

    • MPLS

    • IPSec

    • GRE in IPSec

    • L2TPv3 in IPSec

  • Specified application and operation of MPLS VPNs over IP Tunnels

  • Specified application and operation of MPLS VPNs over IPSec Tunnels


Draft kapoor nalawade idr bgp ssa 01 txt

draft-kapoor-nalawade-idr-bgp-ssa-01.txt

  • Length portion of the TLVs clarified

  • Type field contains a Transitive bit that indicates the transitivity of a TLV

  • IETF feedback accepted and the attribute made specific for use by the Tunnel SAFI


Draft kapoor nalawade idr bgp ssa 01 txt1

draft-kapoor-nalawade-idr-bgp-ssa-01.txt

  • The SSA Attribute carries information about a given Tunnel in a set of one or more Tunnel TLVs

  • Each TLV carries a Tunnel capability and information

  • The Sender can express preference for a specific Tunnel type in each TLV

  • This addresses the case where a receiving PE may understand only a subset of the Tunnel Capabilities

  • Each TLV can be marked Transitive


Tunnel safi

Tunnel SAFI

Applicability and Motivation


Tunnel safi motivation

Tunnel SAFI Motivation

  • PE-PE Connectivity via MPLS LSP may not be viable (no label path)

    • Multicast VPN (awaiting MultiPoint-LSP models)

    • Transit via non-MPLS domains

    • Migrations between IP and MPLS

  • BGP VPN Auto-Discovery of L2VPN and L3VPN Tunnels

  • PE-PE Tunnels Preferred / Required

  • PE-PE Protection of IP Tunnel with IPSec


  • Multi point tunnels

    Multi-Point Tunnels

    ------- -------

    | | | |

    | PE1 | | PE2 |

    | | | |

    --o-o-- ---o---

    | ||

    |||

    | \|

    \ ----------------------------/

    \ \/

    MP-LSP MP-GRE

    / \ \

    / -------------------------- \

    | \ |

    || |

    | | |

    ---o--- --o-o--

    | | | |

    | PE3 | | PE4|

    | | | |

    ------- -------

    Two Tunnel Types: Multipoint LSP and Multipoint GRE

    -> PE1 and PE4 decision criteria must be defined

    PE1

    PE2

    PSN

    PE3

    PE4


    Hybrid intra as

    Hybrid Intra-AS

    ------ ------

    | | | |

    | PE1 | | PE2 |

    -----> | | <----IPtunnel MPLS-----> | |

    | ---o--- | | ---o---

    | | | | |

    | ........ v v ........

    | . . . .

    | . . ------- ------- . .

    | . .--| | | |--. .

    IPtunnel . PSN . |ASBR1|---|ASBR2| . PSN .

    | . .--| | | |--. .

    | . . ------- ------- . .

    | . . . .

    | ........ o<- BGP+ ->o ........

    || | ^ LABELS ^ |

    | --o-o-- | | ---o---

    ----->| | <---MPLS MPLS----> | |

    |PE3 | | PE4 |

    || | |

    ------- -------

    Two Tunnel Types at ASBR1 and PE3:

    -> ASBR1 needs to implement NULL-LSP to ASBR2, IPt to PE1, LSP to PE3

    -> PE3 needs to distinguish LSP to ASBR1 and IPt to PE1

    PE1

    PE2

    PSN

    PSN

    ASBR

    1

    ASBR

    2

    PE3

    PE4


    Extended as via ip

    Extended AS via IP

    -------------

    | | <----------IPt----------> | |

    | PE1 || PE2 |

    ----> | | <---MPLS IPv4 ---> | |

    | --o-o-- | | ---o---

    | | | | | |

    | ........ v v ........

    | . . . .

    | . . ------ ------ . .

    | . .--| | | |--. .

    MPLS . PSN . |ASBR|-----|ASBR| . INET .

    | . .--| | | |--. .

    | . . ------ ------ . .

    | . . . .

    | ........ O <- IPv4 -> o ........

    | | | ^ ^ |

    | --o-o-- | | ---o---

    |----> | | <--MPLS IPv4 ---> | |

    | PE3|| PE4 |

    | |<----------IPt----------> | |

    --------------

    Two Tunnel Types: LSP Intra-domain, IPtunnel Inter-domain

    -> PE1 and PE3 must discern the tunnel type and tunnel endpoint for off net PE2 and PE4

    PE1

    PE2

    PSN

    INET

    ASBR

    1

    ASBR

    2

    PE3

    PE4


    Extended inter as via ip

    Extended Inter-AS via IP

    ------- -------

    | | <---MPLS ---IPt---------->| |

    | PE1 | | | | PE2 |

    ----> | | | | IPv4 ---> | |

    | --o--- | | | ---o---

    | | | | | | |

    | ........ v v v ........

    | . . . .

    | . . ------- ------- . .

    | . .--| | | |--. .

    MPLS . PSN . |ASBR1|----|ASBR2| . INET .

    | . .--| | | |--. .

    | . . ------- ------- . .

    | . . . .

    | ....... o o<-IPv4-> o ........

    | | | ^ ^ ^ |

    | ---o--- | | | ---o---

    ----> | | | | IPv4 ---> | |

    | PE3 | | | | PE4 |

    | | <--MPLS ---IPt---------->| |

    ------- -------

    Type Tunnel Types: LSP and IPtunnel

    -> ASBR1 must discern LSP for Intra-domain and IPt for Inter-domain

    PE1

    ASBR3

    PSN

    INET

    ASBR

    1

    ASBR

    2

    PE3

    ASBR4


    Tunneling issues

    Tunneling Issues

    • Various Tunneling techniques between MPLS VPN PE

      • IPSec, LSP, MP-LSP, GRE, L2TPv3, IP, GRE+IPSec, …

    • Synchronization Issue

      • Egress PE doesn’t know the capabilities of the Ingress PE

      • Ingress PE confirmation of the egress PE’s tunneling capability state

    • Egress PE may have a subset of tunneling capabilities

    • Tunnel type may have unique attributes

    • Achieving this through manual configuration is impractical for scalable deployment


    Tunneling characteristics

    Tunneling Characteristics

    • Tunneling is a PE capability

    • Tunnel provides ‘connection’ to BGP Next Hop address

    • Tunnel end-point:

      • MAY be the BGP Next-Hop Network Address (Unicast)

      • An alternate Network Address (Unicast or Multicast)


    Tunnel advertisement goals

    Tunnel Advertisement Goals

    • VPN prefixes may have an affinity to a particular tunnel type (secured/non-secured)

    • Undesirable to Establish an IGP inside the Tunnel (the BGP Next Hop is directly reachable via the tunnel end-point)

    • Ingress PE may select an appropriate tunneling mechanism based on the following:

      • Tunnel end-point reachability

      • Egress PE capabilities

      • Egress PE preferences

      • Local preferences that may override the Egress PE preferences


    Proposed tunnel safi attributes

    Proposed Tunnel SAFI Attributes

    • Distribution of

      • Tunnel Capabilities

      • Tunnel Attributes

        • Tunnel Identifier

        • Shared Tunnel Demultiplexor

        • Tunnel Authentication Info (Keys, Cookies, IKE Identities)

      • Tunnel Preferences

      • Tunnel End-point Addresses

      • Etc.


    Tunnel capability advertisement

    Tunnel Capability Advertisement

    • MP-EXT Capability

      • Advertised IPv4 or IPv6 Tunnel Capability for a specific AFI/SAFI

    • BGP Next-hop Prefixes Advertised for Tunnel AFI/SAFI

    • BGP SSA Attributes (now specific to the Tunnel SAFI) advertised to the peer


    Applicability

    Applicability

    • BGP Auto-Discovery (draft-ietf-l3vpn-bgpvpn-auto-06.txt): Minimal tunnel information in the VPN discovery process

    • PE-PE IPSec (draft-ietf-l3vpn-ipsec-2547-04.txt): Affinity of VRF to IPSec Tunnel Capability

    • 2547bis via GRE/IP (draft-ietf-l3vpn-gre-ip-2547-04): Dynamic Establishment of Tunnels

    • Multicast VPN (draft-ietf-l3vpn-2547bis-mcast-00.txt): MVPN Tunnels


    Proposal

    Proposal

    • Accept as a Working Group Document


  • Login