The telecommunications industry is working on network virtualization solutions. One of the network virtualization solutions, named Ethernet Virtual Private Network (E-VPN), is under discussion in standardization organizations. As discussed in Internet Engineering Task Force (IETF) drafts “BGP MPLS Based Ethernet VPN” draft-ietf-12vpn-evpn and “Requirements for Ethernet VPN (E-VPN)” draft-ietf-12vpn-evpn-req, E-VPN requires extensions to the existing Internet Protocol (IP) and Multiprotocol Label Switching (MPLS) protocols. In addition to these extensions, E-VPN uses several building blocks from existing MPLS technologies.
FIG. 1 shows an overview of a Border Gateway Protocol (BGP) MPLS based E-VPN network 100. Provider Edge (PE) routers 102a and 102b are shown at the edge of a service provider's network 104 in communication with Customer Edge (CE) routers 106a and 106b in various customer networks 108 and 110. The service provider network 104 can also include Provider routers 112a, 112b, 112c and the customer networks 1108 and 110 can include customer routers 114a, 114b. According to the IETF drafts referenced above, Media Access Control (MAC) address learning between PEs can occur in the control plane using multi-protocol (MP) BGP.
In MAC address learning, the source MAC address of each received packet is stored in a MAC address table so that future packets destined for that address can be forwarded only to the interface (e.g. port number) where that address is located.
In E-VPN, a PE (e.g. 102a) will advertise the MAC addresses learned from the CEs (e.g. 106a) that are connected to them, along with an MPLS label, to other PEs (e.g. 102b) in the control plane using MP-BGP. However, learning between PEs and CEs can be done by whatever method is best suited to the CE, which can include data plane learning, IEEE 802.1x, Link Layer Discovery Protocol (LLDP), 802.1aq, Address Resolution Protocol (ARP), management plane or other protocols.
There are two scenarios for MAC address learning—MAC address learning for a new virtual machine (VM) and MAC mobility.
When a new VM is started in a CE, a new MAC address is allocated for that VM. The PE in a particular E-VPN learns the new VM MAC address via data plane learning or control signaling, such as Dynamic Host Configuration Protocol (DHCP) requests. The PE then constructs a BGP E-VPN MAC address advertisement message to advertise these MAC addresses using the MAC Advertisement route type in the E-VPN Network Layer Reachability Information (NLRI) to its peer PEs. Upon receiving the MAC Advertisement, a peer PE shall update its stored MAC address forwarding table accordingly. There is a possibility that a duplicate MAC address can be allocated to a new VM belonging to the same VLAN, but in different Ethernet segments, if there is no centralized MAC address management function in the network.
Alternatively, it is possible for a given host or VM (as defined by its MAC address) to move from one Ethernet segment to another. This is referred to as “MAC Mobility” or a “MAC move”. In a MAC move, there would be two sets of MAC Advertisement routes, one set with the new Ethernet segment and one set with the previous Ethernet segment, and the MAC address would appear to be reachable via each of these segments. In this case, the MAC Advertisement routes with the previous Ethernet segment should be withdrawn. There is a possibility that a given MAC address may move between two Ethernet segments multiple times within a short time period, in which case there may be multiple withdrawals and re-advertisements.
In both of the above described cases, there is a potential issue referred to as a MAC address duplication situation. The situation may arise where the same MAC address is learned by different PEs in the same VLAN because of two (or more hosts) being mis-configured with the same, duplicate MAC address. In this situation, the traffic originating from these hosts would trigger continuous MAC moves among the PEs attached to these hosts, which will be detected as the multiple movements. The related situation is that such a “duplicate” MAC address may be detected due to multiple MAC movements.
Therefore, it would be desirable to provide a system and method that obviate or mitigate the above described problems.