VPN L2 FAT Pseudowire
Introduction
Flow-Aware Transport pseudowire provide an mechanism to load balance each circuit over ECMP by hashing the tunneled IP headers into an MPLS Label (bottom of the stack).
FAT Pseudowire
- Usually pseudowires are not load-balanced and take the same path for the whole virtual circuit.
- Pseudowires that carry Gbps of traffic over single link can over-saturate them, being able to perform ECMP and prevent out of order packet delivery is a desired feature.
- RFC6391 introduces a concept of Flow Away Transport pesudowires, which can generate a hash of the tunneled packet's flow information. That hash called flow label is inserted as a MPLS label. By using an mpls label, the P routes don't need additional logic to support this feature as most of them look at the inner most label (bottom) as a parameter for the hash function.
- The hash function does not generate a reserved label (0-15).
- Without using Flow Aware Transport (FAT), a pseudowire will not be load-shared over MPLS, since the bottom label will be used for load-sharing and that label is the same for the all traffic traversing it.
- With the introduction of FAT a different bottom label is generated that is a hash of the encapsulated IP header information. If a pseudowire is encapsulating multiple IP src/dst pairs within the Ethernet frame, each pair could take a different path. The idea with that is now you can load-share a pseudowire over multiple MPLS links and still maintain the same order of packets based on the encapsulated IP src/dst.
- FAT does not change the way routers detect if it should use the bottom label or use the IPv4/IPv6 headers for load balancing. This is where the shortcut with MAC address starting with a 4 or a 6 comes into play. If a MPLS frames arrives, it will try to detect if it is encapsulating IP packet (first nibble value 4 or 6 after MPLS header) or a non IP packet such as Ethernet with a pseudowire. If a MAC address has a 6, it will think that the load balancing should occur on what it thinks are the IPv6 headers, but in reality the are offset by MAC headers.
- What the end results is that packets are load-shared over fields that constantly keep on changing which would the our of order delivery. The only way to fix that is by inserting a "control-word" header right after the MPLS header, which will always insert a 0 in place where it checks for 4 or 6. That way it will always use the flow label (bottom label) for load sharing irrelevant of what MAC addresses are used.
- In IOS-XR the options to configure the hashing function:
- src-dst-mac - load-balance flow src-dst-mac
- src-dst-ip - load-balance flow src-dst-ip
Additional Resources
RFC6391 Flow-Aware Transport of Pseudowires over an MPLS Packet Switched Network - IETF
ARS9k Loadbalancing Architecture and Characteristics - Cisco TAC
FAT and Entropy Labels - Amitsciscozone Google Wiki