RBRIDGES and the Protocolrbridges TRILL and the TRILL PROTOCOL

October 2010 October 2010

RBRIDGES and the ProtocolRBridges TRILL AND THE TRILL PROTOCOL

rd 1 Donald E. Eastlake 3 Co-Chair, IETF TRILL Working Group [email protected], +1-508-333-2270 NOTE: October 2010

 This presentation is a high level technical overview. It is not possible to include all the RBridges and the ProtocolRBridges TRILL details in the specification documents.

 The -16 version of the TRILL base protocol specification was approved as an IETF standard on 15 March 2010. The protocol is being implemented by many companies.

2 CONTENTS October 2010

 Introduction

 TRILL Features and the ProtocolRBridges TRILL  TRILL Encapsulation and Header  Are RBridges Bridges or Routers?  How RBridges Work  Structure of RBridge Ports  RBridge Support of Data Center Bridging  Some Additional Details  Standardization Status  References 3 WHAT/WHY/WHO TRILL? October 2010

 What is TRILL?  TRILL is a new standard protocol to perform Layer 2 RBridges and the ProtocolRBridges TRILL bridging using IS-IS link state routing.

 Who invented TRILL?  Radia Perlman of Intel, the inventor of the Spanning Tree Protocol, a major contributor to link-state routing, and the inventor of DECnet Phase V from which IS-IS was copied.

4 WHAT/WHY/WHO TRILL? October 2010

 TRILL – TRansparent Interconnection of Lots of Links RBridges and the ProtocolRBridges TRILL  A standard specified by the IETF (Internet Engineering Task Force) TRILL Working Group co- chaired by rd  Donald E. Eastlake 3

 Erik Nordmark, Oracle  RBridge – Routing Bridge  A device which implements TRILL  RBridge Campus –  A network of RBridges, links, and any intervening

bridges, bounded by end stations / layer 3 routers. 5 WHAT/WHY/WHO TRILL? October 2010

 Basically a simple idea: RBridges and the ProtocolRBridges TRILL

 Encapsulate native frames in a transport header providing a hop count.

 Route the encapsulated frames using IS-IS.

 Decapsulate native frames before delivery.

6 WHY IS-IS FOR TRILL? October 2010

 The IS-IS (Intermediate System to Intermediate System) link state routing protocol was chosen RBridges and the ProtocolRBridges TRILL for TRILL over OSPF (Open Shortest Path First), the only other plausible candidate, for the following reasons:

 IS-IS runs directly at Layer 2. Thus no IP addresses are needed, as they are for OSPF, and IS-IS can run with zero configuration.  IS-IS uses a TLV (type, length, value) encoding which makes it easy to define and carry new types of data.

7 CONTENTS October 2010

 Introduction

FORWARDING October 2010

= end staon and the ProtocolRBridges TRILL B1

B3 B2

A three bridge network 9 OPTIMUM POINT-TO-POINT

FORWARDING October 2010

= end staon and the ProtocolRBridges TRILL B1

B3 B2

Spanning tree eliminates loops by disabling ports 10 OPTIMUM POINT-TO-POINT

FORWARDING October 2010

= end staon and the ProtocolRBridges TRILL RB1

RB3 RB2

A three RBridge network: better performance using all facilities 11 MULTI-PATHING October 2010

B1 RBridges and the ProtocolRBridges TRILL

B3 B2

= end staon

Bridges limit traffic to one path 12 MULTI-PATHING October 2010

RB1 RBridges and the ProtocolRBridges TRILL

RB3 RB2

RB4

= end staon RBridges support multi-path for higher throughput 13 MULTI-PATHING October 2010

B5 B6 B7 and the ProtocolRBridges TRILL

B1 B2 B3 B4

= end staon

Bridges limit traffic to one path 14 MULTI-PATHING October 2010

RB5 RB6 RB7 and the ProtocolRBridges TRILL

RB1 RB2 RB3 RB4

= end staon RBridges support multi-path for higher throughput 15 SOME OTHER TRILL FEATURES October 2010

 Compatible with classic bridges. RBridges can be incrementally deployed into a bridged LAN. RBridges and the ProtocolRBridges TRILL  Unicast forwarding tables at transit RBridges scale with the number of RBridges, not the number of end stations. Transit RBridges do not learn end station addresses.  A flexible options feature. RBridges know what options other RBridges support.  Globally optimized distribution of IP derived multicast.

16 A A A A A A A A A A A A October 2010 October 2010

GB GB GB GB RBridges and the ProtocolRBridges TRILL 1. Acme Power Plant Rapid Spanning Tree Protocol CB CB Domain Bridged Process Control GB GB Network

A = Access Bridge GB = aGreggaon A A A A A A Bridge CB = Core Bridge 17 A A A A A A A A A A A A October 2010 October 2010

GB GB GB GB RBridges and the ProtocolRBridges TRILL 1. Acme Power Plant Rapid Spanning Tree Protocol CB CB Domain Spanning Tree Eliminates Loops by GB GB Disabling Ports

A = Access Bridge GB = aGreggaon Bridge A A A A A A CB = Core Bridge 18 A A A A A A A A A A A A October 2010 October 2010

RSTP RSTP Domain Domain GB GB GB GB RBridges and the ProtocolRBridges TRILL

CRB CRB 1. Acme Power Plant

Process Control Network GB GB RSTP with RBridge Core Domain A = Access Bridge GB = aGreggaon A A A A A A Bridge CRB = Core RBridge 19 A A A A A A A A A A A A October 2010 October 2010

GRB GRB GRB GRB RBridges and the ProtocolRBridges TRILL

1. Acme Power Plant

Process Control Network GRB GRB with RBridge Mesh

A = Access Bridge GRB = aGreggaon A A A A A A RBridge 20 2. Acme Data

1:1 Backup October 2010 Wan Wan Router Router Center Network Distribution Bridges with Bridges must be able to handle 100% of the RBridges and the ProtocolRBridges TRILL load. Only 1 path Dist. Dist. Bridge Bridge available between any B = Head of Rack pair of “B”s. Bridge

B B B B B B B B B B B B B B B

21 N:1 Backup 2. Acme Data

Distribution Bridges need to Wan Wan Center Network October 2010 handle only 25% of the load. Router Router with RBridges Multiple available paths between “H”s. RBridges and the ProtocolRBridges TRILL Dist. Dist. Dist. Dist. Dist. RBridge RBridge RBridge RBridge RBridge H = Head of Rack RBridge

H H H H H H H H H H H H H H H

22 TRILL FEATURES October 2010

Bridges RBridges Routers and the ProtocolRBridges TRILL

 Transparency  Multi-pathing  Plug & Play  Optimal Paths  Virtual LANs  Rapid Fail Over  Frame Priorities  The safety of a TTL  Data Center Bridging  Options  Virtualization Support 23 CONTENTS October 2010

 Introduction

HEADER October 2010

 TRILL Data frames between RBridges are encapsulated in a local link header and TRILL RBridges and the ProtocolRBridges TRILL Header.  The local link header is addressed from the local source RBridge to the next hop RBridge for known unicast frames or to the All-RBridges multicast address for multidestination frames.  The TRILL header specifies the first/ingress RBridge and either the last/egress RBridge for known unicast frames or the distribution tree for multidestination frames.

25 FRAME TYPES October 2010

 Frame Type Names Used in TRILL RBridges and the ProtocolRBridges TRILL  TRILL IS-IS Frames – Used for control between RBridges.  TRILL Data Frames – Used for encapsulated native frames.  Layer 2 Control Frames – Bridging control, LLDP, MACSEC, etc. Never forwarded by RBridges.  Native Frames – All frames that are not TRILL or Layer 2 Control Frames.

26 FRAME TYPES, MORE DETAIL October 2010

 TRILL Frames – Ethernet local link encoding RBridges and the ProtocolRBridges TRILL  TRILL Data Frames – Have the TRILL Ethertype and are sent to a unicast address or, if multi-destination, to the All-RBridges multicast address.  TRILL Control frames – Have the L2-IS-IS Ethertype and are sent to the All-IS-IS-RBridges multicast address.  (TRILL Other frames – sent to a TRILL multicast address but not a TRILL Data or TRILL IS-IS frame. Not currently used.)

27 FRAME TYPES, MORE DETAIL October 2010

 Layer 2 Control Frames – Destination Address is 01-80-C2-00-00-00 to 01-80-C2-00-00-0F or 01-80- C2-00-00-21 and the ProtocolRBridges TRILL  High Level – BPDU (01-80-C2-00-00-00) & VLAN Registration (01-80-C2-00-00-21)

 RBridges handle these differently from bridges. The spanning tree protocol never runs through an RBridge but an RBridge port is not prohibited from participating in spanning tree as a leaf node.  Low Level – all other control frames

 An RBridge port may implement other Layer 2 protocols such as LLDP (Link Layer Discovery Protocol), 802.1X (Port Based Access Control), MACSEC (MAC Security), and the like. 28 TRILL ENCAPSULATION AND

HEADER October 2010

DA SA VLAN* TRILL Hdr Original Frame FCS RBridges and the ProtocolRBridges TRILL

Link Transport Original Frame with Header original VLAN

RBridge Ethernet RBridge One Cloud Two

29 * Link Transport VLAN need only be present if RBridges are connected by a bridged LAN or carrier Ethernet requiring a VLAN tag or the like. TRILL ENCAPSULATION AND

HEADER October 2010

 Assuming the link is Ethernet (IEEE 802.3) the encapsulation looks like: RBridges and the ProtocolRBridges TRILL 1. Outer Ethernet Header

 Source RBridge One, Destination RBridge Two 2. (Outer VLAN Tag if Necessary) 3. TRILL Header 4. Inner Ethernet Header

 Original Source and Destination Addresses 5. Mandatory Inner VLAN Tag 6. Original Payload 7. Frame Check Sequence (FCS)

30 TRILL UNICAST INGRESS October 2010 Input Nave Frame:

Dest MAC Src MAC VLAN1 Data FCS RBridges and the ProtocolRBridges TRILL

Look Up Egress, Next Hop DA & Output Port Output TRILL Data Frame: TTL=n Egress Ingress New DA SA VLAN2 Original Frame TRILL Header FCS

Link Transport Ingressing Original Frame with Header RBridge original VLAN 1 If initial VLAN tag not present, it will be added in encapsulation. 2 Outer VLAN tag (Designated VLAN) is a transport artifact and is only needed if RBridges are connected by a bridged LAN or carrier Ethernet requiring a 31 VLAN tag or the like. TRILL UNICAST TRANSIT October 2010 Incoming Link Transport Header Input TRILL Data Frame: TTL=n and the ProtocolRBridges TRILL DA SA VLAN1 TRILL Hdr ~Original Frame FCS Egress Ingress

Transit RBridge Look Up Next DA & Output Port

TTL=n-1 New DA SA VLAN1 TRILL Hdr ~Original Frame Egress Ingress FCS Output TRILL Data Frame: Outgoing Link 1 Input and output Outer VLANs can differ. The true Transport Header VLAN of the data is inside the Original frame. Outer VLAN only needed if RBridges are connected by a bridged 32 LAN or carrier Ethernet requiring a VLAN tag or the like. TRILL UNICAST EGRESS October 2010 Link Transport Egressing Header RBridge Input TRILL Data Frame: RBridges and the ProtocolRBridges TRILL DA SA VLAN1 TRILL Hdr Original Frame FCS Egress Ingress

Output Nave Frame:

Dest MAC Src MAC VLAN2 Data New FCS

Look Up Output Port

1 Outer VLAN only needed if RBridges are connected by a bridged LAN or carrier Ethernet requiring a VLAN tag or the like 2 Final native frame VLAN tag may be omitted depending on RBridge output 33 port configuration. TRILL ENCAPSULATION AND

HEADER October 2010

 TRILL Header – 8 bytes

TRILL Ethertype V R M OpLng Hop and the ProtocolRBridges TRILL

Egress RBridge Nickname Ingress RBridge Nickname

 Nicknames – auto-configured 16-bit campus local names for RBridges  V = Version (2 bits)  R = Reserved (2 bits)  M = Multi-Destination (1 bit)  OpLng = Length of TRILL Options  Hop = Hop Limit (6 bits) 34 TRILL ENCAPSULATION AND

HEADER October 2010

 Summary of reasons for encapsulation:  Provides a hop count to mitigate loop issues RBridges and the ProtocolRBridges TRILL  To hide the original source address to avoid confusing any bridges present as might happen if multi-pathing were in use  To direct unicast frames toward the egress RBridge so that forwarding tables in transit RBridges need only be sized with the number of RBridges in the campus, not the number of end stations  To provide a separate outer VLAN tag, when necessary, for forwarding traffic between RBridges, independent of the original VLAN of the frame 35 CONTENTS October 2010

 Introduction

OR ROUTERS? October 2010

 They are obviously Bridges because RBridges and the ProtocolRBridges TRILL  RBridges deliver unmodified frames from the source end station to the destination end station  RBridges can operate with zero configuration and auto-configure themselves  RBridges provide the restriction of frames to VLANs as IEEE 802.1Q-2005 bridges do  RBridges support frame priorities as IEEE 802.1Q-2005 bridges do  RBridges, by default, learn MAC addresses from the data plane 37 PEERING: ARE RBRIDGES BRIDGES

OR ROUTERS? October 2010

 They are obviously Routers because RBridges and the ProtocolRBridges TRILL  RBridges swap the outer addresses on each RBridge hop from the ingress RBridge to the egress RBridge  RBridges decrement a hop count in TRILL frames on each hop  RBridges use a routing protocol rather than the spanning tree protocol  RBridges optionally learn MAC addresses by distribution through the control plane  RBridges can act based on IP multicast control messages (IGMP, MLD, and MRD) and restrict the 38 distribution of IP derived multicast frames PEERING: ARE RBRIDGES BRIDGES

OR ROUTERS? October 2010

 Really, they are a new species, between IEEE 802.1 bridges and routers: RBridges and the ProtocolRBridges TRILL

Routers (plus servers and other end stations)

RBridges

Bridges

39 Hubs/Repeaters PEERING October 2010

 Direct Connection RBridges and the ProtocolRBridges TRILL

Peers Device Device

Connection

40 PEERING October 2010

 Former Situation RBridges and the ProtocolRBridges TRILL

Router / Router / Peers End End Station Station

Bridge Bridge(s) Non-Peers

41 PEERING October 2010

 Former Situation  Or perhaps RBridges and the ProtocolRBridges TRILL

Router / Peers Router / End End Station Station

Peers Customer Customer Bridge Bridge ? Bridge Non-Peers Provider 42 Bridge(s) PEERING October 2010

 With RBridges RBridges and the ProtocolRBridges TRILL

Router / Peers Router / End End Station Station

Peers Peers RBridge RBridge RBridge

Non-Peers

Bridge(s) Bridge(s) 43 CONTENTS October 2010

 Introduction

 RBridges find each other by exchanging TRILL IS-IS Hello frames. RBridges and the ProtocolRBridges TRILL  Like all TRILL control frames, TRILL Hellos are sent to the multicast address All-IS-IS-RBridges. They are transparently forwarded by bridges, dropped by end stations including routers, and are processed (but not forwarded) by RBridges.  TRILL Hellos are different from Layer 3 IS-IS LAN Hellos because they are small, unpadded, and support fragmentation of some information.  Separate MTU-probe and MTU-ack messages are available for MTU testing and determination.  Using the information exchanged in the Hellos, the RBridges on each link elect the Designated RBridge for that link (the link could be a bridged LAN). 45 HOW RBRIDGES WORK October 2010

 TRILL Hellos are unpadded and a maximum of 1470 bytes long to be sure RBridges can see each RBridges and the ProtocolRBridges TRILL other so you don’t get two Designated RBridges on the same link.

Low RBridge MTU RBridge One Dev Two

46 HOW RBRIDGES WORK October 2010

 RBridges use the IS-IS reliable flooding protocol so that each RBridge has a copy of the global “link state” database. and the ProtocolRBridges TRILL  The RBridge link state includes information beyond connectivity and link cost. Information such as VLAN connectivity, multicast listeners and multicast router attachment, claimed nickname(s), ingress-to-egress options supported, and the like.  The database is sufficient for each RBridge to independently and without further messages calculate optimal point-to-point paths for known unicast frames and the same distribution trees for multi-destination frames.

47 HOW RBRIDGES WORK October 2010

 The Designated RBridge specifies the Appointed Forwarder for each VLAN on the link (which may be itself) and the Designated VLAN for inter- and the ProtocolRBridges TRILL RBridge communication.  The Appointed Forwarder for VLAN-x on a link handles all native frames to/from that link in that VLAN.  It encapsulates frames from the link into a TRILL data frame. This is the ingress RBridge function.  It decapsulates native frames destined for the link from TRILL Data frames. This is the egress RBridge function. 48 WHY DESIGNATED VLAN? October 2010

 General links between RBridges have a Designated VLAN for inter-RBridge traffic. It is dictated by the Designated RBridge on the Link. and the ProtocolRBridges TRILL  For Point-to-Point links, no outer VLAN tag is needed on TRILL Data frames. For links configured as P2P, there is no Designated VLAN.  However, there are cases where an outer VLAN tag with the designated VLAN ID is essential:  Carrier Ethernet facilities on the link restrict VLAN.  The link is actually a bridged LAN with VLAN restrictions.

 The RBridge ports are configured to restrict VLANs. 49 HOW RBRIDGES WORK October 2010

 TRILL Data frames  That have known unicast ultimate destinations are RBridges and the ProtocolRBridges TRILL forwarded RBridge hop by RBridge hop toward the egress RBridge.  That are multi-destination frames (broadcast, multicast, and unknown destination unicast) are forwarded on a distribution tree selected by the ingress RBridge.

 For loop safety, a Reverse Path Forwarding Check is performed on multi-destination TRILL Data frames when received at each RBridge.

 Distribution trees should be pruned based on VLAN and multicast group. 50 VLANS October 2010

 TRILL tries hard to glue together all end stations in a particular VLAN within the campus. RBridges and the ProtocolRBridges TRILL  In an RBridge campus, any two end stations in the same VLAN that can each reach an RBridge will be able to communicate with each other.

 I.E., TRILL glues together any VLAN islands  Surveys of customers have found this to be generally desirable but there are instances where you want the same VLAN ID in different parts of your RBridge campus to be different or different VLAN IDs in different parts of the campus to be connected.

51 VLAN MAPPING FEATURE October 2010

 Optional feature: Divide the RBridge campus into regions such that VLANs (and priorities) can be RBridges and the ProtocolRBridges TRILL mapped or blocked at the inter-regional border RBridges.  RBridges internal to a region don’t need to do anything about it.  Since RBridge ports are 802.1Q ports, why doesn’t normal bridge port VLAN ID and priority mapping solve this problem?  Because TRILL encapsulation means that the inner VLAN tag VLAN ID and priority need to be changed if a TRILL Data frame is involved. 52 VLAN MAPPING FEATURE October 2010 West Region East Region RB1 RBridges and the ProtocolRBridges TRILL

RB2

RB3

53 VLAN MAPPING FEATURE October 2010

 Mapping at border RBridges is all that is needed for traffic to known unicast addresses. RBridges and the ProtocolRBridges TRILL  Each port is assigned a region and the inter-regional mapping configured.  For multi-destination frames, you need to do a little more to be sure all necessary frames get to border RBridges.  A border RBridge mapping VLAN X to VLAN Y must report connection to both VLANs so frames it needs to get won’t be prematurely pruned.  A border RBridge must report connection to a multicast router in each VLAN it is mapping so that 54 multicast frames won’t be prematurely pruned. VLAN MAPPING FEATURE October 2010

 The campus still operates as a single routing area. RBridges and the ProtocolRBridges TRILL  The mapping at a border has no effect on the computation or use of shortest paths, distribution trees or the like.

55 CONTENTS October 2010

 Introduction

Central Processing IS-IS, Mgmt., Etc. and the ProtocolRBridges TRILL

Switching fabric Port Logic Port Logic Port Logic Port Logic Port

Links to other devices. Could be 802.3 (Ethernet), 802.11 57 (Wi-Fi), PPP, … STRUCTURE OF AN RBRIDGE

PORT October 2010 Assumes an Ethernet (802.3) link. RBridge: Higher Level Processing (see next slide) Information and the ProtocolRBridges TRILL Frame & Info

RBridge: High Level Control Frame EISS Processing (BPDU, VRP) 802.1Q Port VLAN Processing ISS 802.1/802.3 Low Level Control Frame Processing, Port/Link Control Logic

802.3 802.3 Physical Interface 58 Link STRUCTURE OF AN RBRIDGE

PORT October 2010 Information Frame & Info RBridge: Inter-port Forwarding, IS-IS, Management, Etc. RBridges and the ProtocolRBridges TRILL TRILL data frames TRILL data and Encapsulation / TRILL IS-IS other TRILL Decapsulation Hello IS-IS frames Processing Processing

Appointed TRILL IS-IS Forwarder and Hello frames Inhibition Logic Native frames

Lower Level Processing (see previous slide) 59 CONTENTS October 2010

 Introduction