Internet Engineering Task Force (IETF) R. Key, Ed. Request for Comments: 7387 Category: Informational L. Yong, Ed. ISSN: 2070-1721 Huawei S. Delord Telstra F. Jounay Orange CH L. Jin October 2014
Internet Engineering Task Force (IETF) R. Key, Ed. Request for Comments: 7387 Category: Informational L. Yong, Ed. ISSN: 2070-1721 Huawei S. Delord Telstra F. Jounay Orange CH L. Jin October 2014
A Framework for Ethernet Tree (E-Tree) Service over a Multiprotocol Label Switching (MPLS) Network
多协议标签交换(MPLS)网络上的以太网树(E-Tree)服务框架
Abstract
摘要
This document describes an Ethernet-Tree (E-Tree) solution framework for supporting the Metro Ethernet Forum (MEF) E-Tree service over a Multiprotocol Label Switching (MPLS) network. The objective is to provide a simple and effective approach to emulate E-Tree services in addition to Ethernet LAN (E-LAN) services on an existing MPLS network.
本文档描述了一个以太网树(E-Tree)解决方案框架,用于支持多协议标签交换(MPLS)网络上的城域以太网论坛(MEF)E-Tree服务。目的是提供一种简单有效的方法,在现有MPLS网络上模拟除以太网LAN(E-LAN)服务之外的E-Tree服务。
Status of This Memo
关于下段备忘
This document is not an Internet Standards Track specification; it is published for informational purposes.
本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7387.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7387.
Copyright Notice
版权公告
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2014 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。
Table of Contents
目录
1. Introduction ....................................................3 1.1. Terminology ................................................3 2. Overview ........................................................4 2.1. Ethernet Bridge Network ....................................4 2.2. MEF Multipoint Ethernet Services: E-LAN and E-Tree .........4 2.3. IETF L2VPN .................................................5 2.3.1. Virtual Private LAN Service (VPLS) ..................5 2.3.2. Ethernet VPN (EVPN) .................................5 2.3.3. Virtual Private Multicast Service (VPMS) ............6 3. E-Tree Architecture Reference Model .............................6 4. E-Tree Use Cases ................................................8 5. L2VPN Gaps for Emulating MEF E-Tree Service .....................9 5.1. No Differentiation on AC Role ..............................9 5.2. No AC Role Indication or Advertisement .....................9 5.3. Other Issues ...............................................9 6. Security Considerations ........................................10 7. References .....................................................11 7.1. Normative References ......................................11 7.2. Informative References ....................................11 Acknowledgments ...................................................12 Contributors ......................................................12 Authors' Addresses ................................................13
1. Introduction ....................................................3 1.1. Terminology ................................................3 2. Overview ........................................................4 2.1. Ethernet Bridge Network ....................................4 2.2. MEF Multipoint Ethernet Services: E-LAN and E-Tree .........4 2.3. IETF L2VPN .................................................5 2.3.1. Virtual Private LAN Service (VPLS) ..................5 2.3.2. Ethernet VPN (EVPN) .................................5 2.3.3. Virtual Private Multicast Service (VPMS) ............6 3. E-Tree Architecture Reference Model .............................6 4. E-Tree Use Cases ................................................8 5. L2VPN Gaps for Emulating MEF E-Tree Service .....................9 5.1. No Differentiation on AC Role ..............................9 5.2. No AC Role Indication or Advertisement .....................9 5.3. Other Issues ...............................................9 6. Security Considerations ........................................10 7. References .....................................................11 7.1. Normative References ......................................11 7.2. Informative References ....................................11 Acknowledgments ...................................................12 Contributors ......................................................12 Authors' Addresses ................................................13
This document describes an Ethernet-Tree (E-Tree) solution framework for supporting the Metro Ethernet Forum (MEF) E-Tree service over a Multiprotocol Label Switching (MPLS) network. The objective is to provide a simple and effective approach to emulate E-Tree services in addition to Ethernet LAN (E-LAN) services on an existing MPLS network.
本文档描述了一个以太网树(E-Tree)解决方案框架,用于支持多协议标签交换(MPLS)网络上的城域以太网论坛(MEF)E-Tree服务。目的是提供一种简单有效的方法,在现有MPLS网络上模拟除以太网LAN(E-LAN)服务之外的E-Tree服务。
This document extends the existing IETF-specified Layer 2 Virtual Private Network (L2VPN) framework [RFC4664] to provide the emulation of E-Tree services over an MPLS network. It specifies the E-Tree architecture reference model and describes the corresponding functional components. It also points out the gaps and required extension areas in existing L2VPN solutions such as Virtual Private LAN Service (VPLS) [RFC4761] [RFC4762] and Ethernet Virtual Private Network (EVPN) [EVPN] for supporting E-Tree services.
本文档扩展了现有IETF指定的第2层虚拟专用网络(L2VPN)框架[RFC4664],以提供MPLS网络上的E-Tree服务仿真。它指定了E-Tree架构参考模型,并描述了相应的功能组件。它还指出了现有L2VPN解决方案(如虚拟专用LAN服务(VPLS)[RFC4761][RFC4762]和以太网虚拟专用网络(EVPN)[EVPN]等)在支持电子树服务方面的差距和需要的扩展领域。
This document adopts all the terminologies defined in RFC 4664 [RFC4664], RFC 4761 [RFC4761], and RFC 4762 [RFC4762]. It also uses the following terms:
本文件采用RFC 4664[RFC4664]、RFC 4761[RFC4761]和RFC 4762[RFC4762]中定义的所有术语。它还使用以下术语:
Leaf Attachment Circuit (AC): An AC with Leaf role. An ingress Ethernet frame at a Leaf AC (Ethernet frame arriving over an AC at the Provider Edge (PE) of an MPLS network) can only be delivered to one or more Root ACs in an E-Tree service instance. An ingress Ethernet frame at a Leaf AC must not be delivered to any Leaf ACs in the E-Tree service instance.
叶片连接电路(AC):具有叶片角色的AC。叶AC处的入口以太网帧(通过MPLS网络的提供商边缘(PE)处的AC到达的以太网帧)只能传送到E-Tree服务实例中的一个或多个根AC。叶AC处的入口以太网帧不得传送到E-Tree服务实例中的任何叶AC。
Root AC: An AC with Root role. An ingress Ethernet frame at a Root AC can be delivered to one or more of the other ACs in the associated E-Tree service instance.
根AC:具有根角色的AC。根AC处的入口以太网帧可以传送到相关联的E-Tree服务实例中的一个或多个其他AC。
E-Tree: An Ethernet VPN service in which each AC is assigned the role of a Root or Leaf. The forwarding rules in an E-Tree are as follows:
E-Tree:一种以太网VPN服务,其中每个AC被分配根或叶的角色。E-Tree中的转发规则如下:
o The Root AC can communicate with other Root ACs and Leaf ACs.
o 根AC可以与其他根AC和叶AC通信。
o Leaf ACs can only communicate with Root ACs.
o 叶ACs只能与根ACs通信。
In this document, "Ethernet bridge network" refers to the Ethernet bridge/switch network defined in IEEE 802.1Q [IEEE802.1Q]. In a bridge network, a data frame is an Ethernet frame; data forwarding is based on destination Media Access Control (MAC) address; MAC reachability is learned in the data plane based on the source MAC address and the port (or tagged port) on which the frame arrives; and the MAC aging mechanism is used to remove inactive MAC addresses from the MAC forwarding table on an Ethernet switch.
在本文件中,“以太网桥网络”是指IEEE 802.1Q[IEEE802.1Q]中定义的以太网桥/交换机网络。在网桥网络中,数据帧是以太网帧;数据转发基于目标媒体访问控制(MAC)地址;基于源MAC地址和帧到达的端口(或标记端口),在数据平面中学习MAC可达性;MAC老化机制用于从以太网交换机上的MAC转发表中移除非活动MAC地址。
Data frames arriving at a switch may be destined to known unicast, unknown unicast, multicast, or broadcast MAC destinations. Unknown unicast, multicast, and broadcast frames are forwarded in a similar way, i.e., to every port except the ingress port on which the frame arrives. Multicast forwarding can be further constrained when using multicast control protocol snooping or using multicast MAC registration protocols [IEEE802.1Q].
到达交换机的数据帧可以发送到已知单播、未知单播、多播或广播MAC目的地。未知单播、多播和广播帧以类似的方式转发,即转发到除帧到达的入口端口之外的每个端口。当使用多播控制协议监听或使用多播MAC注册协议[IEEE802.1Q]时,多播转发可以进一步受到限制。
An Ethernet host receiving an Ethernet frame checks the destination address in the frame to decide whether it is the intended destination.
接收以太网帧的以太网主机检查帧中的目标地址,以确定它是否为预期目标。
MEF 6.1 [MEF6.1] defines two multipoint Ethernet Service types:
MEF 6.1[MEF6.1]定义了两种多点以太网服务类型:
o E-LAN (Ethernet LAN), a multipoint-to-multipoint service
o E-LAN(以太网LAN),一种多点对多点服务
o E-Tree (Ethernet Tree), a rooted-multipoint service
o E-Tree(以太网树),一种有根的多点服务
The MEF defines User-Network Interface (UNI) in a multipoint service as the Ethernet interface between Customer Equipment (CE) and a Provider Edge (PE), i.e., the PE can send and receive Ethernet frames to/from the CE. The MEF also defines UNI roles in a multipoint service. One role is Root, and another is Leaf.
MEF将多点服务中的用户网络接口(UNI)定义为客户设备(CE)和提供商边缘(PE)之间的以太网接口,即,PE可以向CE发送和接收以太网帧。MEF还定义了多点服务中的UNI角色。一个角色是根,另一个角色是叶。
Note that MEF UNI in a service is equivalent to the Attachment Circuit (AC) defined in L2VPN [RFC4664]. The Root AC and Leaf AC defined in this document are the same as the Root UNI and Leaf UNI as defined in MEF 10.3 [MEF10.3]. The terms "Root AC" and "Leaf AC" are used in the following MEF service description.
请注意,服务中的MEF UNI相当于L2VPN[RFC4664]中定义的连接电路(AC)。本文件中定义的根AC和叶AC与MEF 10.3[MEF10.3]中定义的根UNI和叶UNI相同。以下MEF服务描述中使用了术语“根AC”和“叶AC”。
For an E-LAN service, all ACs have the Root role, which means that any AC can communicate with other ACs in the service. The E-LAN service defined by the MEF may be implemented by IETF L2VPN solutions such as VPLS and EVPN [EVPN].
对于E-LAN服务,所有AC都具有根角色,这意味着任何AC都可以与服务中的其他AC通信。MEF定义的E-LAN服务可由IETF L2VPN解决方案(如VPLS和EVPN[EVPN])实现。
An E-Tree service has one or more Root ACs and at least two Leaf ACs. An E-Tree service supports communication among the roots and between a root and a leaf but prohibits communication among the leaves. Existing IETF L2VPN solutions can't support the E-Tree service. This document specifies the E-Tree architecture reference model that supports the E-Tree service defined by the MEF [MEF6.1]. Section 4 will discuss different E-Tree use cases.
E-Tree服务具有一个或多个根ACs和至少两个叶ACs。E-Tree服务支持根之间以及根与叶之间的通信,但禁止叶之间的通信。现有的IETF L2VPN解决方案无法支持E-Tree服务。本文档指定了支持MEF[MEF6.1]定义的E-Tree服务的E-Tree架构参考模型。第4节将讨论不同的E-Tree用例。
VPLS [RFC4761] [RFC4762] is an L2VPN solution that provides multipoint-to-multipoint Ethernet connectivity across IP/MPLS networks. VPLS emulates traditional Ethernet Virtual LAN (VLAN) services in MPLS networks and may support MEF E-LAN services.
VPLS[RFC4761][RFC4762]是一种L2VPN解决方案,可跨IP/MPLS网络提供多点到多点以太网连接。VPLS模拟MPLS网络中的传统以太网虚拟局域网(VLAN)服务,并可能支持MEF E-LAN服务。
A data frame in VPLS is an Ethernet frame. Data forwarding in a VPLS instance is based on the destination MAC address and the VLAN on which the frame arrives. MAC reachability learning is performed in the data plane based on the source address and the AC or pseudowire (PW) on which the frame arrives. MAC aging is the mechanism used to remove inactive MAC addresses from a VPLS switching instance (VSI) on a PE. VPLS supports forwarding for known unicast frames, as well as unknown unicast, broadcast, and multicast Ethernet frames.
VPLS中的数据帧是以太网帧。VPLS实例中的数据转发基于目标MAC地址和帧到达的VLAN。MAC可达性学习是基于源地址和帧到达的AC或伪线(PW)在数据平面中执行的。MAC老化是用于从PE上的VPLS交换实例(VSI)中删除非活动MAC地址的机制。VPLS支持已知单播帧以及未知单播、广播和多播以太网帧的转发。
Many service providers have deployed VPLS in their networks to provide L2VPN services to customers.
许多服务提供商在其网络中部署了VPL,以向客户提供L2VPN服务。
Ethernet VPN [EVPN] is an enhanced L2VPN solution that emulates an Ethernet LAN or virtual LAN(s) across MPLS networks.
以太网VPN[EVPN]是一种增强型L2VPN解决方案,它跨MPLS网络模拟以太网LAN或虚拟LAN。
EVPN supports active-active multihoming of CEs and uses the Multiprotocol Border Gateway Protocol (MP-BGP) control plane to advertise MAC address reachability from an ingress PE to egress PEs. Thus, a PE learns MAC addresses that are reachable over local ACs in the data plane and other MAC addresses reachable across the MPLS network over remote ACs via the EVPN MP-BGP control plane. As a result, EVPN aims to support large-scale L2VPN with better resiliency compared to VPLS.
EVPN支持CEs的主动-主动多宿主,并使用多协议边界网关协议(MP-BGP)控制平面来公布从入口PE到出口PE的MAC地址可达性。因此,PE学习可通过数据平面中的本地ACs访问的MAC地址,以及可通过EVPN MP-BGP控制平面通过远程ACs通过MPLS网络访问的其他MAC地址。因此,与VPLS相比,EVPN旨在支持具有更好弹性的大规模L2VPN。
EVPN is a relatively new technique and is still under development in the IETF L2VPN WG.
EVPN是一项相对较新的技术,IETF L2VPN工作组仍在开发中。
VPMS [VPMS] is an L2VPN solution that provides point-to-multipoint connectivity across MPLS networks and supports various attachment circuit (AC) types, including Frame Relay, ATM, Ethernet, PPP, etc.
VPMS[VPMS]是一种L2VPN解决方案,提供跨MPLS网络的点对多点连接,并支持各种连接电路(AC)类型,包括帧中继、ATM、以太网、PPP等。
In the case of Ethernet ACs, VPMS provides single coverage of receiver membership, i.e., there is no differentiation among multicast groups in one VPN. The destination address in the Ethernet frame is not used in data forwarding.
在以太网ACs的情况下,VPMS提供单一的接收器成员覆盖,即,在一个VPN中,多播组之间没有区别。以太网帧中的目标地址不用于数据转发。
VPMS supports unidirectional point-to-multipoint transport from a sender to multiple receivers and may support reverse transport in a point-to-point manner.
VPMS支持从发送方到多个接收方的单向点对多点传输,并可支持点对点方式的反向传输。
Figure 1 illustrates the E-Tree architecture reference model. Three Provider Edges -- PE1, PE2, and PE3 -- are shown in the figure. Each PE has a Virtual Service Instance (VSI) associated with an E-Tree service instance. A CE attaches to the VSI on a PE via an AC. Each AC must be configured with a Root or Leaf role. In Figure 1, AC1, AC2, AC5, AC6, AC9, and AC10 are Root ACs; AC3, AC4, AC7, AC8, AC11, and AC12 are Leaf ACs. This implies that a PE (local or remote) processes the Ethernet frames from CE01, CE02, etc., as if they originated from a Root AC, and it processes the Ethernet frames from CE03, CE04, etc., as if they originated from a Leaf AC.
图1说明了E-Tree架构参考模型。图中显示了三个提供者边缘——PE1、PE2和PE3。每个PE都有一个与E-Tree服务实例关联的虚拟服务实例(VSI)。CE通过AC连接到PE上的VSI。每个AC必须配置根或叶角色。在图1中,AC1、AC2、AC5、AC6、AC9和AC10是根ACs;AC3、AC4、AC7、AC8、AC11和AC12是叶ACs。这意味着PE(本地或远程)处理来自CE01、CE02等的以太网帧,就像它们源自根AC一样,并且它处理来自CE03、CE04等的以太网帧,就像它们源自叶AC一样。
Under this architecture model, the forwarding rules among the ACs, regardless of whether the sending AC and receiving AC are on the same PE or on different PEs, are described as follows:
在此架构模型下,ACs之间的转发规则,无论发送AC和接收AC是在同一个PE上还是在不同的PE上,描述如下:
o An egress frame (the frame to be transmitted over an AC) at an AC with Root role must be the result of an ingress frame at an AC (the frame received at an AC) that has Root or Leaf role and is attached to the same E-Tree service instance.
o 具有根角色的AC处的出口帧(通过AC传输的帧)必须是具有根或叶角色的AC处的入口帧(在AC处接收的帧)的结果,并且连接到相同的E-Tree服务实例。
o An egress frame at the AC with Leaf role must be the result of an ingress frame at an AC that has Root role and is attached to the same E-Tree service instance.
o 具有叶角色的AC处的出口帧必须是具有根角色且连接到同一E-Tree服务实例的AC处的入口帧的结果。
<------------E-Tree-----------> PE1+---------+ +---------+PE2 +----+ | +---+ | | +---+ | +----+ |CE01+----AC1----+--+ | | | | +--+----AC5----+CE05| +----+ (Root AC) | | V | | | | V | | (Root AC) +----+ +----+ | | | | | | | | +----+ |CE02+----AC2----+--+ | | | | +--+----AC6----+CE06| +----+ (Root AC) | | S +--+---------+--+ S | | (Root AC) +----+ +----+ | | | | | | | | +----+ |CE03+----AC3----+--+ | | | | +--+----AC7----+CE07| +----+ (Leaf AC) | | I | | | | I | | (Leaf AC) +----+ +----+ | | | | | | | | +----+ |CE04+----AC4----+--+ | | | | +--+----AC8----+CE08| +----+ (Leaf AC) | +-+-+ | | +-+-+ | (Leaf AC) +----+ +----+----+ +----+----+ | MPLS Core | | +----+----+ | | +-+-+ | +----+ | | | +--+----AC9----+CE09| | | | V | | (Root AC) +----+ | | | | | +----+ | | | +--+----AC10---+CE10| +--------------+--+ S | | (Root AC) +----+ | | | | +----+ | | +--+----AC11---+CE11| | | I | | (Leaf AC) +----+ | | | | +----+ | | +--+----AC12---+CE12| | +---+ | (Leaf AC) +----+ PE3 +---------+ <-------------E-Tree---------->
<------------E-Tree-----------> PE1+---------+ +---------+PE2 +----+ | +---+ | | +---+ | +----+ |CE01+----AC1----+--+ | | | | +--+----AC5----+CE05| +----+ (Root AC) | | V | | | | V | | (Root AC) +----+ +----+ | | | | | | | | +----+ |CE02+----AC2----+--+ | | | | +--+----AC6----+CE06| +----+ (Root AC) | | S +--+---------+--+ S | | (Root AC) +----+ +----+ | | | | | | | | +----+ |CE03+----AC3----+--+ | | | | +--+----AC7----+CE07| +----+ (Leaf AC) | | I | | | | I | | (Leaf AC) +----+ +----+ | | | | | | | | +----+ |CE04+----AC4----+--+ | | | | +--+----AC8----+CE08| +----+ (Leaf AC) | +-+-+ | | +-+-+ | (Leaf AC) +----+ +----+----+ +----+----+ | MPLS Core | | +----+----+ | | +-+-+ | +----+ | | | +--+----AC9----+CE09| | | | V | | (Root AC) +----+ | | | | | +----+ | | | +--+----AC10---+CE10| +--------------+--+ S | | (Root AC) +----+ | | | | +----+ | | +--+----AC11---+CE11| | | I | | (Leaf AC) +----+ | | | | +----+ | | +--+----AC12---+CE12| | +---+ | (Leaf AC) +----+ PE3 +---------+ <-------------E-Tree---------->
Figure 1: E-Tree Architecture Reference Model
图1:E-Tree架构参考模型
These rules apply to all frame types, i.e., known unicast, unknown unicast, broadcast, and multicast. For known unicast frames, forwarding in a VSI context is based on the destination MAC address.
这些规则适用于所有帧类型,即已知单播、未知单播、广播和多播。对于已知的单播帧,VSI上下文中的转发基于目标MAC地址。
A VSI on a PE corresponds to an E-Tree service instance and maintains a MAC forwarding table that is isolated from other VSI tables on the PE. It also keeps track of local AC roles. The VSI receives a frame from an AC or across the MPLS core, and it forwards the frame to another AC over which the destination is reachable according to the VSI forwarding table and forwarding rules described above. When the target AC is on a remote PE, the VSI forwards the frame to the remote PE over the MPLS core. Forwarding over the MPLS core will be dependent on the E-Tree solution. For instance, a solution may adopt PWs to mesh VSIs as in VPLS and to forward frames over VSIs subject
PE上的VSI对应于E-Tree服务实例,并维护与PE上的其他VSI表隔离的MAC转发表。它还跟踪本地AC角色。VSI从AC或通过MPLS核心接收帧,并根据上述VSI转发表和转发规则将该帧转发到另一AC,通过该AC可以到达目的地。当目标AC位于远程PE上时,VSI通过MPLS核心将帧转发给远程PE。通过MPLS核心的转发将取决于E-Tree解决方案。例如,解决方案可以采用PWs来像在VPLS中一样对VSI进行网格化,并在VSI上转发帧
to the E-Tree forwarding rules. Alternatively, a solution may adopt the EVPN forwarding paradigm constrained by the E-Tree forwarding rules. Thus, solutions that satisfy the E-Tree requirements could be extensions to VPLS and EVPN.
到E-Tree转发规则。或者,解决方案可以采用受E-树转发规则约束的EVPN转发范式。因此,满足E-Tree需求的解决方案可以是VPLS和EVPN的扩展。
In most use cases, an E-Tree service has only a few Root ACs (root CE sites) but many Leaf ACs (leaf CE sites). Furthermore, a PE may have only Root ACs or only Leaf ACs. Figure 1 provides a general E-Tree architecture model.
在大多数用例中,E-Tree服务只有几个根ACs(根CE站点),但有许多叶ACs(叶CE站点)。此外,PE可能只有根ACs或叶ACs。图1提供了一个通用的E-Tree体系结构模型。
Table 1 below presents some major use cases for E-Tree.
下表1给出了E-Tree的一些主要用例。
+---------------------------+--------------+------------+ | Use Case | Root AC | Leaf AC | +---+---------------------------+--------------+------------+ | 1 | Hub & Spoke VPN | Hub Site | Spoke Site | +---+---------------------------+--------------+------------+ | 2 | Wholesale Access | Customer's | Customer's | | | | Interconnect | Subscriber | +---+---------------------------+--------------+------------+ | 3 | Mobile Backhaul | RAN NC | RAN BS | +---+---------------------------+--------------+------------+ | 4 | IEEE 1588 PTPv2 [IEEE1588]| PTP Server | PTP Client | | | Clock Synchronization | | | +---+---------------------------+--------------+------------+ | 5 | Internet Access | BNG Router | Subscriber | | | Reference [TR-101] | | | +---+---------------------------+--------------+------------+ | 6 | Broadcast Video | Video Source | Subscriber | | | (unidirectional only) | | | +---+---------------------------+--------------+------------+ | 7 | Broadcast/Multicast Video | Video Source | Subscriber | | | plus Control Channel | | | +---+---------------------------+--------------+------------+ | 8 | Device Management | Management | Managed | | | | System | Device | +---+---------------------------+--------------+------------+
+---------------------------+--------------+------------+ | Use Case | Root AC | Leaf AC | +---+---------------------------+--------------+------------+ | 1 | Hub & Spoke VPN | Hub Site | Spoke Site | +---+---------------------------+--------------+------------+ | 2 | Wholesale Access | Customer's | Customer's | | | | Interconnect | Subscriber | +---+---------------------------+--------------+------------+ | 3 | Mobile Backhaul | RAN NC | RAN BS | +---+---------------------------+--------------+------------+ | 4 | IEEE 1588 PTPv2 [IEEE1588]| PTP Server | PTP Client | | | Clock Synchronization | | | +---+---------------------------+--------------+------------+ | 5 | Internet Access | BNG Router | Subscriber | | | Reference [TR-101] | | | +---+---------------------------+--------------+------------+ | 6 | Broadcast Video | Video Source | Subscriber | | | (unidirectional only) | | | +---+---------------------------+--------------+------------+ | 7 | Broadcast/Multicast Video | Video Source | Subscriber | | | plus Control Channel | | | +---+---------------------------+--------------+------------+ | 8 | Device Management | Management | Managed | | | | System | Device | +---+---------------------------+--------------+------------+
Where:
哪里:
RAN: Radio Access Network NC: Network Controller BS: Base Station PTP: Precision Time Protocol BNG: Broadband Network Gateway
RAN: Radio Access Network NC: Network Controller BS: Base Station PTP: Precision Time Protocol BNG: Broadband Network Gateway
Table 1: E-Tree Use Cases
表1:电子树用例
Common to all use cases, direct Layer 2 leaf-to-leaf communication is required to be prohibited. For mobile backhaul, this may not be valid for Long Term Evolution (LTE) X2 interfaces; an LTE X2 interface [LTE] enables communication between two evolved Node Bs (eNBs). E-Tree service is appropriate for such use cases.
所有用例都需要禁止直接的第2层叶对叶通信。对于移动回程,这可能对长期演进(LTE)X2接口无效;LTE X2接口LTE支持两个演进节点b(enb)之间的通信。E-Tree服务适用于此类用例。
Also common to the use cases mentioned above, there may be one or multiple Root ACs in one E-Tree service. The need for multiple Root ACs may be driven by a redundancy requirement or by having multiple serving sites. Whether a particular E-Tree service needs to support one or multiple Root ACs depends on the application.
同样对于上面提到的用例,在一个E-Tree服务中可能有一个或多个根ACs。对多个根ACs的需求可能由冗余需求或具有多个服务站点驱动。特定的E-Tree服务是否需要支持一个或多个根ACs取决于应用程序。
The MEF E-Tree service defines special forwarding rules that prohibit forwarding Ethernet frames among leaves. This poses some challenges to IETF L2VPN solutions such as VPLS and EVPN in emulating E-Tree service over an MPLS network. There are two major issues described in the following subsections.
MEF E-Tree服务定义了特殊的转发规则,禁止在叶子之间转发以太网帧。这对IETF L2VPN解决方案(如VPLS和EVPN)在MPLS网络上模拟E-Tree服务提出了一些挑战。以下小节描述了两个主要问题。
IP/MPLS L2VPN architecture has no distinct roles on Attachment Circuits (ACs) and supports any-to-any connectivity among all ACs. It does not have any mechanism to support forwarding constraints based on an AC role. However, the MEF E-Tree service defines two AC roles -- Root and Leaf -- and defines the forwarding rules based on the originating and receiving AC roles of a given frame.
IP/MPLS L2VPN体系结构在连接电路(ACs)上没有明确的角色,并且支持所有ACs之间的任意对任意连接。它没有任何机制支持基于AC角色的转发约束。然而,MEF E-Tree服务定义了两个AC角色——根角色和叶角色——并基于给定帧的发起和接收AC角色定义转发规则。
In an L2VPN, when a PE, say PE2, receives a frame from another PE, say PE1, over the MPLS core, PE2 does not know if the frame from PE1 is originated from a Root AC or Leaf AC. This causes the forwarding issue on PE2 because the E-Tree forwarding rules require that the forwarder must know the role of the frame origin, i.e., from Root AC or Leaf AC. This is specifically important when PE2 has both Root AC and Leaf AC attached to the VSI. E-Tree forwarding rules apply to all types of frames (known unicast destination, unknown unicast destination, multicast, and broadcast).
在L2VPN中,当一个PE(如PE2)通过MPLS核心从另一个PE(如PE1)接收到一个帧时,PE2不知道来自PE1的帧是源于根AC还是叶AC。这会导致PE2上的转发问题,因为E-Tree转发规则要求转发器必须知道帧源的角色,即。,来自根AC或叶AC。当PE2将根AC和叶AC连接到VSI时,这一点特别重要。E-Tree转发规则适用于所有类型的帧(已知单播目的地、未知单播目的地、多播和广播)。
Some desirable requirements for IETF E-Tree are specific to an IP/MPLS L2VPN implementation such as Leaf-only PE. A Leaf-only PE is a PE that only has Leaf AC(s) in an E-Tree service instance; thus, other PEs on the same E-Tree service instance do not necessarily forward the frames originated from a Leaf AC to the Leaf-only PE,
IETF E-Tree的一些理想要求特定于IP/MPLS L2VPN实现,如纯叶PE。纯叶PE是在E-Tree服务实例中仅具有叶AC的PE;因此,同一E-Tree服务实例上的其他PE不一定将源自叶AC的帧转发到仅叶PE,
which may save some network resources. It is also desirable for an E-Tree solution to work with existing PEs that support single-role ACs, where the role is equivalent to the root in an E-Tree service. These requirements are described in the E-Tree requirement document [RFC7152].
这样可以节省一些网络资源。E-Tree解决方案还需要与支持单角色ACs的现有PEs协作,其中角色相当于E-Tree服务中的根。这些需求在E-Tree需求文件[RFC7152]中进行了描述。
An E-Tree service may be deployed for security reasons to prohibit communication among sites (leaves). An E-Tree solution must enforce E-Tree forwarding constraints. The solution must also guarantee that Ethernet frames do not leak outside of the E-Tree service instance to which they belong.
出于安全原因,可以部署E-Tree服务,以禁止站点之间的通信(叶子)。E-Tree解决方案必须强制实施E-Tree转发约束。该解决方案还必须保证以太网帧不会泄漏到它们所属的E-Tree服务实例之外。
An E-Tree service prohibits communication among leaf sites but does not have knowledge of higher-layer security constraints. Therefore, in general, higher-layer applications cannot rely on E-Tree to provide security protection unless all security constraints are fully implemented by the E-Tree service.
E-Tree服务禁止叶站点之间的通信,但不了解更高层的安全约束。因此,一般来说,高层应用程序不能依赖E-Tree提供安全保护,除非E-Tree服务完全实现所有安全约束。
Enhancing L2VPN for E-Tree services inherits the same security issues described in the L2VPN framework document [RFC4664]. These relate to both control-plane and data-plane security issues that may arise in the following areas:
为E-Tree服务增强L2VPN继承了L2VPN框架文档[RFC4664]中描述的相同安全问题。这些问题涉及以下领域可能出现的控制平面和数据平面安全问题:
o issues fully contained in the provider network
o 提供商网络中完全包含的问题
o issues fully contained in the customer network
o 完全包含在客户网络中的问题
o issues in the customer-provider interface network
o 客户-提供商接口网络中的问题
The framework document has substantial discussions on the security issues and potential solutions to address them. An E-Tree solution must consider these issues and address them properly. VPLS [RFC4761] [RFC4762] and/or EVPN [EVPN] will likely be candidate solutions for an E-Tree service over an MPLS network. The security capabilities built into those solutions will be naturally adopted when supporting E-Tree. For details, see the Security Considerations sections in [RFC4761], [RFC4762], and [EVPN].
框架文件对安全问题和解决这些问题的潜在解决办法进行了实质性讨论。e-树解决方案必须考虑这些问题并正确地解决它们。VPLS[RFC4761][RFC4762]和/或EVPN[EVPN]很可能是MPLS网络上E-Tree服务的候选解决方案。在支持E-Tree时,这些解决方案中内置的安全功能自然会被采用。有关详细信息,请参阅[RFC4761]、[RFC4762]和[EVPN]中的安全注意事项部分。
[MEF6.1] Metro Ethernet Forum, "Ethernet Services Definitions - Phase 2", MEF 6.1, April 2008.
[MEF6.1]城域以太网论坛,“以太网服务定义-第2阶段”,MEF 6.12008年4月。
[MEF10.3] Metro Ethernet Forum, "Ethernet Service Attributes - Phase 3", MEF 10.3, October 2013.
[MEF10.3]城域以太网论坛,“以太网服务属性-第3阶段”,MEF 10.3,2013年10月。
[RFC4664] Andersson, L., Ed., and E. Rosen, Ed., "Framework for Layer 2 Virtual Private Networks (L2VPNs)", RFC 4664, September 2006, <http://www.rfc-editor.org/info/rfc4664>.
[RFC4664]Andersson,L.,Ed.,和E.Rosen,Ed.,“第二层虚拟专用网络(L2VPN)框架”,RFC 4664,2006年9月<http://www.rfc-editor.org/info/rfc4664>.
[RFC4761] Kompella, K., Ed., and Y. Rekhter, Ed., "Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling", RFC 4761, January 2007, <http://www.rfc-editor.org/info/rfc4761>.
[RFC4761]Kompella,K.,Ed.,和Y.Rekhter,Ed.,“使用BGP进行自动发现和信令的虚拟专用LAN服务(VPLS)”,RFC 4761,2007年1月<http://www.rfc-editor.org/info/rfc4761>.
[RFC4762] Lasserre, M., Ed., and V. Kompella, Ed., "Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling", RFC 4762, January 2007, <http://www.rfc-editor.org/info/rfc4762>.
[RFC4762]Lasserre,M.,Ed.,和V.Kompella,Ed.,“使用标签分发协议(LDP)信令的虚拟专用LAN服务(VPLS)”,RFC 4762,2007年1月<http://www.rfc-editor.org/info/rfc4762>.
[RFC7152] Key, R., Ed., DeLord, S., Jounay, F., Huang, L., Liu, Z., and M. Paul, "Requirements for Metro Ethernet Forum (MEF) Ethernet-Tree (E-Tree) Support in Layer 2 Virtual Private Network (L2VPN)", RFC 7152, March 2014, <http://www.rfc-editor.org/info/rfc7152>.
[RFC7152]Key,R.,Ed.,DeLord,S.,Jounay,F.,Huang,L.,Liu,Z.,和M.Paul,“第二层虚拟专用网络(L2VPN)中城域以太网论坛(MEF)以太网树(E-Tree)支持的要求”,RFC 7152,2014年3月<http://www.rfc-editor.org/info/rfc7152>.
[IEEE802.1Q] IEEE, "IEEE Standard for Local and metropolitan area networks -- Media Access Control (MAC) Bridges and Virtual Bridged Local Area", IEEE Std 802.1Q, 2011.
[IEEE802.1Q]IEEE,“局域网和城域网的IEEE标准——媒体访问控制(MAC)网桥和虚拟桥接局域网”,IEEE标准802.1Q,2011年。
[IEEE1588] IEEE, "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems", IEEE Std 1588, July 2008.
[IEEE1588]IEEE,“网络测量和控制系统精密时钟同步协议的IEEE标准”,IEEE Std 1588,2008年7月。
[LTE] 3GPP, "Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Universal Terrestrial Radio Access Network (E-UTRAN)", 3GPP TS 36.300 v11.2.0, July 2012.
[LTE]3GPP,“演进通用地面无线接入(E-UTRA)和演进通用地面无线接入网络(E-UTRA)”,3GPP TS 36.300 v11.2.012年7月。
[TR-101] Broadband Forum, "Migration to Ethernet-Based Broadband Aggregation", TR-101 Issue 2, July 2011.
[TR-101]宽带论坛,“向基于以太网的宽带聚合的迁移”,TR-101第2期,2011年7月。
[VPMS] Kamite, Y., Jounay, F., Niven-Jenkins, B., Brungard, D., and L. Jin, "Framework and Requirements for Virtual Private Multicast Service (VPMS)", Work in Progress, draft-ietf-l2vpn-vpms-frmwk-requirements-05, October 2012.
[VPMS]Kamite,Y.,Jounay,F.,Niven Jenkins,B.,Brungard,D.,和L.Jin,“虚拟专用多播服务(VPMS)的框架和要求”,正在进行的工作,草案-ietf-l2vpn-VPMS-frmwk-Requirements-052012年10月。
[EVPN] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A., and J. Uttaro, "BGP MPLS Based Ethernet VPN", Work in Progress, draft-ietf-l2vpn-evpn-11, October 2014.
[EVPN]Sajassi,A.,Ed.,Aggarwal,R.,Bitar,N.,Isaac,A.,和J.Uttaro,“基于BGP MPLS的以太网VPN”,正在进行的工作,草案-ietf-l2vpn-EVPN-11,2014年10月。
Acknowledgments
致谢
The authors would like to thank Nabil Bitar and Adrian Farrel for their detailed review and suggestions.
作者要感谢Nabil Bitar和Adrian Farrel的详细评论和建议。
Contributors
贡献者
The following people contributed significantly to this document.
以下人员对本文件做出了重大贡献。
Yuji Kamite NTT Communications Corporation Granpark Tower 3-4-1 Shibaura, Minato-ku Tokyo 108-8118, Japan
Yuji Kamite NTT Communications Corporation Granpark Tower 3-4-1 Shibaura,Minato ku东京108-8118
EMail: y.kamite@ntt.com
EMail: y.kamite@ntt.com
Wim Henderickx Alcatel-Lucent Copernicuslaan 50 2018 Antwerp, Belgium
Wim Henderickx Alcatel-Lucent Copernicuslaan 50 2018比利时安特卫普
EMail: wim.henderickx@alcatel-lucent.com
EMail: wim.henderickx@alcatel-lucent.com
Authors' Addresses
作者地址
Raymond Key (editor)
雷蒙德·基(编辑)
EMail: raymond.key@ieee.org
EMail: raymond.key@ieee.org
Lucy Yong (editor) Huawei USA
杨露西(编辑)华为美国
EMail: lucy.yong@huawei.com
EMail: lucy.yong@huawei.com
Simon Delord Telstra
西蒙德洛德电信
EMail: simon.delord@gmail.com
EMail: simon.delord@gmail.com
Frederic Jounay Orange CH 4 rue caudray 1020 Renens Switzerland
Frederic Jounay Orange CH 4 caudray路1020瑞士雷南
EMail: frederic.jounay@orange.ch
EMail: frederic.jounay@orange.ch
Lizhong Jin
金立中
EMail: lizho.jin@gmail.com
EMail: lizho.jin@gmail.com