The MPLS WG Archive
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]
another draft: draft-shah-mpls-l2vpn-reduce-00.txt
-
From: "Shah, Himanshu" <hshah@tenornetworks.com>
-
Date: Thu, 15 Mar 2001 18:01:32 -0500
Hello,
Another draft that uses extensions documented in
draft-shah-mpls-l2vpn-ext-00.txt.
Both of these drafts will be submitted when the
blackout lifts....
>From the abstract:
This document will describe how provider's edge router can reduce
the over-provisioning of resources and in some cases do away with
the range configuration so that new sites can be added to an
existing VPN topologies without incurring configuration changes to
other provider's edge routers in the VPN.
<<vpn-reduce.txt>>
Himanshu Shah
Tenor Networks
Acton, MA
Himanshu Shah
Internet Draft Tenor Networks
Draft-shah-l2vpn-mpls-reduce.txt
Expires: September 2001 March 2001
Reducing over-provisioning for MPLS based L2VPN
1.0 Status of this Memo
This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
2.0 Abstract
This document will describe how provider’s edge router can reduce
the over-provisioning of resources and in some cases do away with
the range configuration so that new sites can be added to an
existing VPN topologies without incurring configuration changes to
other provider’s edge routers in the VPN.
3.0 Overview
The draft-kompella-mpls-l2vpn-02.txt [MPLS] describes methodologies
by which layer 2 circuits can be mapped through MPLS tunnels to
remote sites that belong to the same VPN. It greatly reduces the
configuration and improves scalability through the use of LSP
hierarchical model. The reduction in configuration is partly based
on over-provisioning of the resources.
This aspect of over-provisioning of resources on an a priori basis
is problematic. This document proposes some models whereby resources
are committed in limited fashion, as and when the newer sites join
the existing VPN. These models require in some cases additional
configuration and add to distribution of information amongst PE
routers. However, the benefits compensate the drawbacks.
Shah Informational - Expires September 2001 1
�
Internet Draft draft-shah-mpls-l2vpn-reduce-00.txt March 2001
The service provider starts with some decisions on characteristics
of the offered VPN topologies; for instance whether VPN is full-mesh
or hub-and-spoke, how many sites would he consider safe to add
without additional configuration, the type of clients (i.e. routers
or switches), etc.
The proposed models are more beneficial in some topologies and less
in others.
4.0 Introduction
With the advent of extensions proposed in draft-shah-mpls-l2vpn-ext-
00.txt [MPLS-shah] to the base draft-kompella-mpls-l2vpn-02.txt
[MPLS], it is possible to articulate a model whereby the PE router
does not have to over-provision all the resources required for the
MPLS based layer 2 VPN.
The extension draft [shah], proposes a mechanism whereby, VPN
information can be distributed in fragments. Each fragment includes
the range of CE-ID that the advertising PE router is willing to
connect to. The total number of CE-ID the PE router would then
connect to, stems from the cumulating ranges of the CE-ID present in
each fragment.
5.0 Operations
The following sections describe how a service provider could offer
VPN services with varying configuration on the PE router and how
that relates to varying level of over-provisioning and other
benefits.
First a basic unit of VPN information is defined, followed by
actions performed on this unit.
5.1 VPN information set
A set for a given VPN and CE-ID is defined as a subset of VPN
information consisting of CE-Base, CE-Range and a set of PVCs and
interface information. CE-Ids that is greater than or equal to CE-
Base and less than CE-Range are considered to be the part of the
set. Combination of all the sets would then represent the entire
VPN information for a given CE-ID of a VPN on a PE router. Each set
for a given VPN + CE-ID is disjoint from other sets present for the
same VPN + CE-ID. They must never overlap. Also, CE-Range minus CE-
Base must be greater than or equal to one but never zero.
The VPN information set is either active or inactive. Active state
means that label resources have been allocated and the VPN
information set has been advertised. Inactive state indicates
existence of the set without label allocation and unadvertised
status. An active set becomes inactive when VPN information of the
set is withdrawn.
Shah Informational - Expires September 2001 2
�
Internet Draft draft-shah-mpls-l2vpn-reduce-00.txt March 2001
5.2 Set Activation
The VPN information set is considered activated when a range of
labels are allocated for the set. These labels do not have to be
contiguous for a whole set as shown in draft-shah-mpls-l2vpn-00.txt
[MPLS-shah]. However, the total number of labels allocated for the
set must match the CE-Range minus the CE-Base of the set. The set is
then advertised to remote PE peers in one or more fragments as
described in draft-shah-mpls-l2vpn-00.txt [MPLS-shah]. If the set
consists of more than one fragment, all the fragments must be
advertised before the set is considered active.
Also, note that when a PE router receives an advertisement, it must
send active set(s), which contain configured CE-ID and received CE-
ID.
The set is activated under following circumstances.
1. A set matching the local CE-ID
2. A received CE-ID matches one of the set (as allowed by the
color match), i.e. falls within CE-Base and CE-Range of the
local set for the VPN. It is quite possible that the received
set information may not contain the local CE-ID. This is OK. It
is expected that those remote PE peers whose sets contain the
sent local CE-ID, would respond with active sets that contain
the local CE-ID.
An activated set may not become active if all the label resources
could not be obtained or there were issues with advertisements.
5.3 Set Deactivation
The VPN information set is considered deactivated when the
advertisement of the set is withdrawn and the label resources are
freed. The set must be deactivated in its entirety. This means all
the fragments advertised for this set, must be withdrawn.
The set is deactivated for the reasons described in draft-kompella-
mpls-l2vpn-02.txt [MPLS]. The set can also be deactivated on a
periodic garbage collection basis when upon inspection found to hold
no received advertisements for the CE-ID present in the set from
remote PE peer and no local CE-ID matches the set either. To protect
against possible race conditions or excessive advertisements, one
should use least recently used type of algorithm with periodic
garbage collection.
5.4 Configuration options
Following configuration options describe various operational models
that offer varying benefits of reduction in over-provisioning
coupled with flexibility of adding newer sites with minimal to none
reconfiguration.
Shah Informational - Expires September 2001 3
�
Internet Draft draft-shah-mpls-l2vpn-reduce-00.txt March 2001
5.4.1 Option-1
In this model, service provider configures sets on each PE router
for a given VPN and a CE-ID. The PE router then locates the set that
contains the local CE-ID and allocates the resources for this set.
Initially, only the set containing the local CE-ID is advertised to
remote PE peers. When VPN information is received for a given VPN,
the received CE-ID is matched against the configured sets for the
VPN + CE-ID. If a set is found and is not active, the set is
activated by allocating the resources and sending out the new
advertisement.
The advantage of this model is that service provider controls the
range of CE-Ids that a particular PE router would admit. For
example, a given VPN has 50 sites and the customer wishes sub-VPN
cluster of CE-IDs 0 to 10 and 30 to 40. The service provider would
then configure PE routers connected to those CE that fall in these
ranges, with two sets of the VPN information. In this situation,
over-provisioning is limited to either one set or two sets (i.e. 20)
but not the full range (i.e. 50).
5.4.2 Option-2
In this model, service provider configures maximum range and an
increment value along with PVC and interface information in a PE
router for a given VPN and a CE-ID. The PE router then breaks the
range using the increment value into distinct sets with CE-Base, CE-
Range and the related PVC and interface information.
Initially, the local CE-ID is matched against the sets and the
matching set is activated. As and when VPN information from the
remote PE peers is received, the CE-ID is matched against the local
sets. The matching set is then activated, if not already, and a new
advertisement is sent with active sets that contain both the local
CE-ID and remote CE-ID. The remote PE reciprocates with same
processing yielding a new advertisement, if necessary.
This approach reduces the configuration significantly as compared to
option 1 but relies on color matching mechanisms to form sub-VPN
clusters or hub-and-spoke type of VPN topologies.
5.4.3 Option-3
In this model, only VPN, CE-ID and associated interface are
configured. A reasonable increment as a default is ascertained and
the maximum range is obtained based on the type of interface. For
instance, if the interface is frame relay, maximum assumed for 2-
byte DLCIs would be 992 (16 to 1008). Using the increment, sets are
created. Initially, only the set that contains the local CE-ID is
activated. Subsequently, as and when advertisement from remote PE is
received, the matching sets are activated.
Shah Informational - Expires September 2001 4
�
Internet Draft draft-shah-mpls-l2vpn-reduce-00.txt March 2001
This model offers maximum flexibility and minimum configuration.
However, it is applicable to limited number of customer topologies.
For instance, it is more suitable to customer edge devices that are
frame relay DTE devices and are capable of handling new DLCIs
activating in real time. Its narrow applicability, however, does not
necessarily diminish its advantages since topologies like frame
relay might be the most used topologies for MPLS based L2VPN
services.
By doing away with range configuration, new sites can be added
without having to worry about re-adjusting the ranges on existing PE
routers.
5.4.4 Option-4
In this model, service provider assumes the VPN topology to be in a
trusted environment. The PE router is configured for the role it
plays in the VPN topology. For instance, if the VPN is hub-and-spoke
and the PE router is a spoke, the range values configured in the
router are treated stricter than the PE routers that are hub. The
rest of the VPN information is configured as discussed earlier.
When a new spoke site is added, the advertisement processed on the
hub PE router differs from spoke PE router. If the received CE-ID
does not match any of the local sets on the hub site, PE router
would increase the range in chunks (as determined by configured
increments) until the CE-ID falls under one of the set. This set is
then activated.
The PE routers at the spoke site on the other hand would discard the
advertisement if the received CE-ID did not match any of the local
set.
In case of full-mesh VPN topologies, PE router processes the out-of-
scope advertisements like a hub PE router.
In this model, range is elastic (up to a point) for hub and full
mesh PE routers while stricter for spoke PE routers.
6.0 Conclusion
The various models described in this document allow PE routers to
allocate resources on a pay as you go basis. As and when newer sites
are added to the VPN, the existing PE routers may or may not have to
allocate additional resources based on whether the newer site falls
under the already allocated resources. When needed, resources are
allocated in small chunks rather than one big chunk.
However, there is a tradeoff between the over-provisioning and
scalability. In worst-case scenario, when the increments are of size
one, a greater number of VPN information sets are exchanged between
the PE routers but then over-provisioning is null. There is a
Shah Informational - Expires September 2001 5
�
Internet Draft draft-shah-mpls-l2vpn-reduce-00.txt March 2001
balance that a service provider can choose, having given all the
options.
7.0 Acknowledgements
Author would like to thank Xavier Briard and Bill Townsend for
reviewing the draft.
8.0 References
[MPLS] Kompella et al., "MPLS based Layer 2 VPNs", draft-kompella-
mpls-l2vpn-02.txt, November 2000.
[MPLS-shah] Shah et al., "Extensions to MPLS based Layer 2 VPNs",
draft-shah-l2vpn-ext-00.txt, March 2001
Author's Address
Himanshu Shah
Tenor Networks
100 Nagog Park
Acton, MA 01720
hshah@tenornetworks.com
Shah Informational - Expires September 2001 6
�
| |
|