EVPN multi-homing port-active load-balancing

Introduction EVPN, as per , provides all-active per flow load‑balancing for multi‑homing. It also defines single-active with service carving mode, where one of the PEs, in redundancy relationship, is active per service. While these two multi‑homing scenarios are most widely utilized in data center and service provider access networks, there are scenarios where active-standby per interface multi‑homing load‑balancing is useful and required. The main consideration for this mode of load‑balancing is the determinism of traffic forwarding through a specific interface rather than statistical per flow load‑balancing across multiple PEs providing multi‑homing. The determinism provided by active-standby per interface is also required for certain QOS features to work. While using this mode, customers also expect minimized convergence during failures. A new type of load‑balancing mode, port-active load‑balancing, is defined. This draft describes how the new load‑balancing mode can be supported via EVPN. The new mode may also be referred to as per interface active/standby.

MC-LAG Topology shows a MC-LAG multi‑homing topology where PE1 and PE2 are part of the same redundancy group providing multi‑homing to CE1 via interfaces I1 and I2. Interfaces I1 and I2 are members of a LAG running LACP protocol. The core, shown as IP or MPLS enabled, provides wide range of L2 and L3 services. MC-LAG multi‑homing functionality is decoupled from those services in the core and it focuses on providing multi‑homing to the CE. With per-port active/standby load‑balancing, only one of the two interface I1 or I2 would be in forwarding, the other interface will be in standby. This also implies that all services on the active interface are in active mode and all services on the standby interface operate in standby mode.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Multi-Chassis Link Aggregation When a CE is multi‑homed to a set of PE nodes using the Link Aggregation Control Protocol (LACP), the PEs must act as if they were a single LACP speaker for the Ethernet links to form and operate as a Link Aggregation Group (LAG). To achieve this, the PEs connected to the same multi‑homed CE must synchronize LACP configuration and operational data among them. Interchassis Communication Protocol (ICCP) has been used for that purpose. EVPN LAG simplifies greatly that solution. Along with the simplification come a few assumptions:

a CE device connected to multi‑homing PEs may have a single LAG with all its active links i.e. links in the LAG operate in all-active load‑balancing mode.
Same LACP parameters MUST be configured on peering PEs such as system id, port priority and port key.

Any discrepancies from this list are out of the scope of this document, as are mis-configuration and mis-wiring detection across peering PEs.

Port-active Load-balancing Procedure Following steps describe the proposed procedure with EVPN LAG to support port-active load‑balancing mode:

The Ethernet-Segment Identifier (ESI) MUST be assigned per access interface as described in , which may be auto derived or manually assigned. Access interface MAY be a Layer‑2 or Layer‑3 interface. The usage of ESI over Layer‑3 interface is newly described in this document.
Ethernet-Segment (ES) MUST be configured in port-active load‑balancing mode on peering PEs for specific access interface.
Peering PEs MAY exchange only Ethernet-Segment (ES) route (Route Type‑4) when ESI is configured on a Layer‑3 interface.
PEs in the redundancy group leverage the DF election defined in to determine which PE keeps the port in active mode and which one(s) keep it in standby mode. While the DF election defined in is per [ES, Ethernet Tag] granularity, for port-active mode of multi‑homing, the DF election is done per <ES>. The details of this algorithm are described in .
DF router MUST keep corresponding access interface in up and forwarding active state for that Ethernet-Segment
Non-DF routers will by default implement a bidirectional blocking scheme for all traffic in line with
Single-Active blocking scheme, albeit across all VLANS.
- Non-DF routers MAY bring and keep peering access interface attached to it in operational down state.
- If the interface is running LACP protocol, then the non-DF PE MAY also set the LACP state to OOS (Out of Sync) as opposed to interface state down. This allows for better convergence on standby to active transition.
For EVPN-VPWS service, the usage of primary/backup bits of EVPN Layer‑2 attributes extended community is highly recommended to achieve better convergence.

Designated Forwarder Algorithm to Elect per Port-active PE The ES routes, running in port-active load‑balancing mode, are advertised with the new Port Mode Load-Balancing capability in the DF Election Extended Community defined in . Moreover, the ES associated to the port leverages existing procedure of Single-Active, and signals Single-Active Multihomed site redundancy mode along with Ethernet-AD per-ES route (). Finally the ESI-label based split-horizon procedures in should be used to avoid transient echo'ed packets when Layer‑2 circuits are involved. The various algorithms for DF Election are discussed in Sections to for completeness, although the choice of algorithm in this solution doesn't affect complexity or performance as in other load-balancing modes.

Capability Flag defines a DF Election extended community, and a Bitmap field to encode "capabilities" to use with the DF election algorithm in the DF algorithm field. Bitmap (2 octets) is extended by the following value:

Amended Bitmap field in the DF Election Extended Community

Bit 0:: D bit or 'Don't Preempt' bit, as explained in .
Bit 1:: AC-DF Capability (AC-Influenced DF election), as explained in .
Bit 5:: (corresponds to Bit 29 of the DF Election Extended Community and it is defined by this document): 'Port Mode Load-Balancing' Capability (P bit hereafter), determines that the DF-Algorithm should be modified to consider the port ES only and not the Ethernet Tags.

Modulo-based Algorithm The default DF Election algorithm, or modulus-based algorithm as in and updated by , is used here, at the granularity of ES only. Given that ES-Import Route Target extended community may be auto-derived and directly inherits its auto-derived value from ESI bytes 1-6, many operators differentiate ESI primarily within these bytes. As a result, bytes 3‑6 are used to determine the designated forwarder using Modulo-based DF assignment, achieving good entropy during Modulo calculation across ESIs:
Assuming a redundancy group of N PE nodes, the PE with ordinal i is the DF for an <EE> when (Es mod N) = i, where Es represents bytes 3‑6 of that ESI.

HRW Algorithm Highest Random Weight (HRW) algorithm defined in MAY also be used and signaled, and modified to operate at the granularity of <ES> rather than per <ES, VLAN>. describes computing a 32 bit CRC over the concatenation of Ethernet Tag and ESI. For port-active load‑balancing mode, the Ethernet Tag is simply removed from the CRC computation. DF(Es) denotes the DF and BDF(Es) denote the BDF for the ESI es; Si is the IP address of PE i; and Weight is a function of Si, and Es.

DF(Es) = Si| Weight(Es, Si) >= Weight(Es, Sj), for all j. In the case of a tie, choose the PE whose IP address is numerically the least. Note that 0 <= i,j < number of PEs in the redundancy group.
BDF(Es) = Sk| Weight(Es, Si) >= Weight(Es, Sk), and Weight(Es, Sk) >= Weight(Es, Sj). In the case of a tie, choose the PE whose IP address is numerically the least.

Where:

DF(Es) is defined to be the address Si (index i) for which Weight(Es, Si) is the highest; 0 <= i < N-1.
BDF(Es) is defined as that PE with address Sk for which the computed Weight is the next highest after the Weight of the DF. j is the running index from 0 to N-1; i and k are selected values.

Preference-based DF Election When the new capability 'Port-Mode' is signaled, the algorithm is modified to consider the port only and not any associated Ethernet Tags. Furthermore, the "port-based" capability MUST be compatible with the "Don't Preempt" bit. When an interface recovers, a peering PE signaling D-bit will enable non-revertive behaviour at the port level.

AC-Influenced DF Election The AC-DF bit MUST be set to 0 when advertising Port Mode Load-Balancing capability (P=1). When an AC (sub-interface) goes down, it does not influence the DF election. The peer's Ethernet A-D per EVI is ignored in all Port Mode DF Election algorthms. Upon receiving AC-DF bit set (A=1) from a remote PE, it MUST be ignored when performing Port-Mode DF Election.

Convergence considerations To improve the convergence, upon failure and recovery, when port‑active load‑balancing mode is used, some advanced synchronization between peering PEs may be required. Port-active is challenging in a sense that the "standby" port is in down state. It takes some time to bring a "standby" port in up-state and settle the network. For IRB and L3 services, ARP / ND cache may be synchronized. Moreover, associated VRF tables may also be synchronized. For L2 services, MAC table synchronization may be considered. Finally, for members of a LAG running LACP the ability to set the "standby" port in "out-of-sync" state a.k.a "warm‑standby" can be leveraged.

Primary / Backup per Ethernet-Segment The EVPN Layer 2 Attributes Control Flags extended community SHOULD be advertised in Ethernet A-D per ES route for fast convergence. Only the P and B bits are relevant to this document, and only in the context of Ethernet A-D per ES routes:

When advertised, the EVPN Layer 2 Attributes Control Flags extended community SHALL have only P or B bits set and all other bits and fields MUST be zero.
A remote PE receiving the optional EVPN Layer 2 Attributes Control Flags extended community in Ethernet A-D per ES routes SHALL consider only P and B bits.

For EVPN Layer 2 Attributes Control Flags extended community sent and received in Ethernet A-D per EVI routes used in , and :

P and B bits received are overridden by "parent" bits on Ethernet A-D per ES above.
Other fields and bits of the extended community are used according to the procedures of those documents.

Backward Compatibility Implementations that comply with or only (i.e., implementations that predate this document) will not advertise the EVPN Layer 2 Attributes Control Flags extended community in Ethernet A-D per ES routes. That means that all remote PEs in the ES will not receive P and B bit per ES and will continue to receive and honour the P and B bits received in Ethernet A-D per EVI route(s). Similarly, an implementation that complies with or only and that receives an EVPN Layer 2 Attributes Control Flags extended community will ignore it and will continue to use the default path resolution algorithm.

Applicability A common deployment is to provide L2 or L3 service on the PEs providing multi‑homing. The services could be any L2 EVPN such as EVPN VPWS, EVPN , etc. L3 service could be in VPN context or in global routing context. When a PE provides first hop routing, EVPN IRB could also be deployed on the PEs. The mechanism defined in this document is used between the PEs providing L2 and/or L3 services, when per interface single-active load‑balancing is desired. A possible alternate solution is the one described in this draft is MC-LAG with ICCP active-standby redundancy. However, ICCP requires LDP to be enabled as a transport of ICCP messages. There are many scenarios where LDP is not required e.g. deployments with VXLAN or SRv6. The solution defined in this draft with EVPN does not mandate the need to use LDP or ICCP and is independent of the underlay encapsulation.

Overall Advantages The use of port-active multi‑homing brings the following benefits to EVPN networks:

Open standards based per interface single-active load‑balancing mechanism that eliminates the need to run ICCP and LDP (e.g. they may be running VXLAN or SRv6 in the network).
Agnostic of underlay technology (MPLS, VXLAN, SRv6) and associated services (L2, L3, Bridging, E-LINE, etc).
Provides a way to enable deterministic QOS over MC-LAG attachment circuits.
Fully compliant with , does not require any new protocol enhancement to existing EVPN RFCs.
Can leverage various DF election algorithms e.g. modulo, HRW, etc.
Replaces legacy MC-LAG ICCP-based solution, and offers following additional benefits:
- Efficiently supports 1+N redundancy mode (with EVPN using BGP RR) where as ICCP requires full mesh of LDP sessions among PEs in redundancy group.
- Fast convergence with mass-withdraw is possible with EVPN, no equivalent in ICCP.

IANA Considerations This document solicits the allocation of the following values:

Bit 5 in the DF Election Capabilities registry, with name "P" for Port Mode Load-Balancing.

Security Considerations The same Security Considerations described in and are valid for this document. By introducing a new capability, a new requirement for unanimity (or lack thereof) between PEs is added. Without consensus on the new DF election procedures and Port Mode, the DF election algorithm falls back to the default DF election as provided in and . This behavior could be exploited by an attacker that manages to modify the configuration of one PE in the ES so that the DF election algorithm and capabilities in all the PEs in the ES fall back to the default DF election. If that is the case, the PEs will be exposed to the same unfair load balancing, service disruption, and possibly black-holing or duplicate traffic mentioned in those documents and their security sections.

Acknowledgements The authors thank Anoop Ghanwani for his comments and suggestions and Stephane Litkowski for his careful review.