TRILL over IP dra�-ie�-trill-over-ip-02.txt
IETF 92, Dallas Margaret Wasserman [email protected] Dacheng Zhang, Donald Eastlake, Document Summary
• “TRILL over IP” treats an IP network as a link connec�ng TRILL switch ports, thus providing a method to connected TRILL sites into a single TRILL campus. • Two Scenarios are described in the dra� – Remote Office Scenario – IP Backbone Scenario • Specifies encapsula�on, security, and transport considera�ons including conges�on, MTU, fat flows, recursive ingress, …
March 2015 TRILL over IP 2 Changes from -01
• Changes primarily mo�vated by the hardware support required for high data rates: – Security: Use of IPsec instead of DTLS due to be�er hardware support available for IPsec. This change is in the current Version -02. – Encapsula�on: Use of alterna�ve encapsula�ons with be�er hardware support, planned for next version -03. • Also Sec�on 6 on Port Configura�on added in -02.
March 2015 TRILL over IP 3 Security
• Dra� now specifies IPsec ESP (Encapsula�ng Security Protocol) in Tunnel Mode. – Some details needs to be filled in such as • mandatory to implement crypto algorithms • details of default keying and key nego�a�on. – Use of ESP Tunnel Mode supports use of IPsec appliances separate from the actual RBridge port hardware.
RBridge RBridge TRILL over IPsec IP TRILL over IP Port with Security IP Port Security Rou�ng Appliance
March 2015 TRILL over IP 4 IPsec ESP in Tunnel Mode
Link Header IP Header Link Header TRILL over IP IP Header encapsula�on IPsec ESP TRILL Data or IS-IS IP Header Payload TRILL over IP Link Trailer encapsula�on TRILL Data or IS-IS Payload Without security With security Link Trailer
March 2015 TRILL over IP 5 Encapsula�on
• The current dra� only specifies direct UDP encapsula�on. But there is be�er fast path hardware support and more flexibility with other encapsula�ons such as VxLAN. – “UDP encapsula�on” is really TRILL over UDP over IP. TRILL Data versus IS-IS is indicated by des�na�on UDP socket. – “VxLAN encapsula�on” with current VxLAN [RFC7348] is really TRILL over Ethernet over VxLAN over UDP over IP. TRILL Data versus IS-IS is indicated by EtherType but the Ethernet DA&SA are 12 bytes of wasted space. – Other encapsula�ons are being developed in other working groups. We might op�onally use those but there is no proposal to develop an encapsula�on in the TRILL WG
March 2015 TRILL over IP 6 Encapsula�on
- Des�na�on Port dis�nguishes Link Header TRILL Data and TRILL IS-IS IP Header - Source Port Provides entropy UDP Header Link Header TRILL Data or TRILL IS-IS Payload IP Header Link Trailer UDP Header VxLAN Header
- Source Port Provides entropy Ethernet Header TRILL Data or TRILL - Ethertype dis�nguishes TRILL IS-IS Payload Data and TRILL IS-IS Link Trailer
March 2015 TRILL over IP 7 Encapsula�on • Proposal: – The ini�al mode for a TRILL over IP port would be to exchange Hellos and E-L1CS LSPs using UDP encapsula�on. • This is a small enough amount of traffic it can be done in so�ware. – What data encapsula�ons a port is willing to use, in priority order, can be adver�sed in Hellos or E-L1CS LSPs. Can vary between ports due to port hardware. – Data connec�vity (adjacency) is established if TRILL switches have a common supported and enabled encapsula�on. – A TRILL over IP port could also be configured to always use a specified encapsula�on for all TRILL communica�ons.
March 2015 TRILL over IP 8 Other Work Remaining
• Other work remaining includes: – QoS Considera�ons are absent (how to map TRILL packet priority to IP) – Middle Box Considera�ons sec�on is empty.
March 2015 TRILL over IP 9 Feedback? Ques�ons?
Back up slides
THE TRILL ENCAPSULATION ARCHITECTURE
March 2015 TRILL over IP 11 TRILL Link Encapsula�ons
• A TRILL link protocol encapsula�on needs to: – Get a TRILL