Hello Authors of https://datatracker.ietf.org/doc/rfc8584/ and
https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery
I have a query regarding the following use-case which I could not find
supported with existing DF-election procedures.
Scenario:
All PE (Vtep1 and Vtep2 in below example) routers attached to same ES and both
act as DF.
This is a typical case of distributed firewall (active/active) across fabrics
(sites),
Where in, the preferred firewall is the one local to the site, whereas, upon
failure,
packets need to be redirected (over WAN, via DCI/VPN) towards the remote site
firewall.
The firewall-device is connected to it's first-hop vtep over the same
bridge-domain and same ESI.
All in all, it's an emulated multi-homing scenario.
This is scenario of distributed firewall devices host same MAC credentials.
Simplistic example :
There are two sites, SITE-1 and SITE-2 in the below diagram.
Traffic (including BUM) generated by Host1 (in SITE-1) (for a bridge-domain)
should run through site-local firewall instance (firewall_1) preferably.
Only in case of local-outage, the traffic should be send across over WAN to the
remote firewall (firewall_2).
Same should apply to traffic generated by Host2 (in SITE-2), wherein,
it should preferably run through the local firewall (firewall_2) and over a
failure should go over the WAN towards firewall_1.
Vtep1/2 learn the firewall MAC (MAC_F) as local learning and also from the
remote Vtep2/1.
But since both the learnings are over the same ESI, it should not lead to MAC
move.
Cometh the local firewall failure, Vteps (1 or 2) should start redirecting the
traffic to remote SITE.
Any ARP request (BUM traffic) for firewall credentials landing at either Vtep1
or Vtep2 should be flooded to network towards the local firewall.
SITE-1 | SITE-2
------------------------------------------------------
Host1 | Host2
| | |
Vtep1 == ==WAN====== Vtep2
| | |
Firewall _1 | Firewall_2
(MAC_F) (MAC_F)
Please let me know if there is a way out (with out) using existing standards.
Thanks
Saumya.
-----Original Message-----
From: BESS [mailto:bess-boun...@ietf.org] On Behalf Of internet-dra...@ietf.org
Sent: Tuesday, July 6, 2021 8:31 PM
To: i-d-annou...@ietf.org
Cc: bess@ietf.org
Subject: [bess] I-D Action: draft-ietf-bess-evpn-fast-df-recovery-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the BGP Enabled ServiceS WG of the IETF.
Title : Fast Recovery for EVPN DF Election
Authors : Patrice Brissette
Ali Sajassi
Luc Andre Burdet
John Drake
Jorge Rabadan
Filename : draft-ietf-bess-evpn-fast-df-recovery-02.txt
Pages : 11
Date : 2021-07-06
Abstract:
Ethernet Virtual Private Network (EVPN) solution provides Designated
Forwarder election procedures for multi-homing Ethernet Segments.
These procedures have been enhanced further by applying Highest
Random Weight (HRW) Algorithm for Designated Forwarded election in
order to avoid unnecessary DF status changes upon a failure. This
draft improves these procedures by providing a fast Designated
Forwarder (DF) election upon recovery of the failed link or node
associated with the multi-homing Ethernet Segment. The solution is
independent of number of EVIs associated with that Ethernet Segment
and it is performed via a simple signaling between the recovered PE
and each PEs in the multi-homing group.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-fast-df-recovery/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-fast-df-recovery-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-bess-evpn-fast-df-recovery-02
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
BESS mailing list
BESS@ietf.org
https://www.ietf.org/mailman/listinfo/bess
_______________________________________________
BESS mailing list
BESS@ietf.org
https://www.ietf.org/mailman/listinfo/bess
