The RFC Archive
 The RFC Archive   RFC 9251   « Jump to any RFC number directly 
 RFC Home
Full RFC Index
Recent RFCs
RFC Standards
Best Current Practice
RFC Errata
1 April RFC



IETF RFC 9251



Last modified on Wednesday, June 22nd, 2022

Permanent link to RFC 9251
Search GitHub Wiki for RFC 9251
Show other RFCs mentioning RFC 9251





Internet Engineering Task Force (IETF)                        A. Sajassi
Request for Comments: 9251                                     S. Thoria
Category: Standards Track                                    M. Mishra
ISSN: 2070-1721                                            Cisco Systems
                                                                K. Patel
                                                                  Arrcus
                                                                J. Drake
                                                                  W. Lin
                                                        Juniper Networks
                                                               June 2022


    Internet Group Management Protocol (IGMP) and Multicast Listener
            Discovery (MLD) Proxies for Ethernet VPN (EVPN)

 Abstract

   This document describes how to support endpoints running the Internet
   Group Management Protocol (IGMP) or Multicast Listener Discovery
   (MLD) efficiently for the multicast services over an Ethernet VPN
   (EVPN) network by incorporating IGMP/MLD Proxy procedures on EVPN
   Provider Edges (PEs).

 Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/RFC 9251.

 Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Revised BSD License text as described in Section 4.e of the
   Trust Legal Provisions and are provided without warranty as described
   in the Revised BSD License.

 Table of Contents

   1.  Introduction
   2.  Specification of Requirements
   3.  Terminology
   4.  IGMP/MLD Proxy
     4.1.  Proxy Reporting
       4.1.1.  IGMP/MLD Membership Report Advertisement in BGP
       4.1.2.  IGMP/MLD Leave Group Advertisement in BGP
     4.2.  Proxy Querier
   5.  Operation
     5.1.  PE with Only Attached Hosts for a Given Subnet
     5.2.  PE with a Mix of Attached Hosts and a Multicast Source
     5.3.  PE with a Mix of Attached Hosts, a Multicast Source, and a
           Router
   6.  All-Active Multihoming
     6.1.  Local IGMP/MLD Membership Report Synchronization
     6.2.  Local IGMP/MLD Leave Group Synchronization
       6.2.1.  Remote Leave Group Synchronization
       6.2.2.  Common Leave Group Synchronization
     6.3.  Mass Withdraw of the Multicast Membership Report Synch
           Route in Case of Failure
   7.  Single-Active Multihoming
   8.  Selective Multicast Procedures for IR Tunnels
   9.  BGP Encoding
     9.1.  Selective Multicast Ethernet Tag Route
       9.1.1.  Constructing the Selective Multicast Ethernet Tag Route
       9.1.2.  Reconstructing IGMP/MLD Membership Reports from the
               Selective Multicast Route
       9.1.3.  Default Selective Multicast Route
     9.2.  Multicast Membership Report Synch Route
       9.2.1.  Constructing the Multicast Membership Report Synch
               Route
       9.2.2.  Reconstructing IGMP/MLD Membership Reports from a
               Multicast Membership Report Synch Route
     9.3.  Multicast Leave Synch Route
       9.3.1.  Constructing the Multicast Leave Synch Route
       9.3.2.  Reconstructing IGMP/MLD Leave from a Multicast Leave
               Synch Route
     9.4.  Multicast Flags Extended Community
     9.5.  EVI-RT Extended Community
     9.6.  Rewriting of RT ECs and EVI-RT ECs by ASBRs
     9.7.  BGP Error Handling
   10. IGMP Version 1 Membership Report
   11. Security Considerations
   12. IANA Considerations
     12.1.  EVPN Extended Community Sub-Types Registration
     12.2.  EVPN Route Types Registration
     12.3.  Multicast Flags Extended Community Registry
   13. References
     13.1.  Normative References
     13.2.  Informative References
   Acknowledgements
   Contributors
   Authors' Addresses

1.  Introduction

   In data center (DC) applications, a point of delivery (POD) can
   consist of a collection of servers supported by several top-of-rack
   (ToR) and spine switches.  This collection of servers and switches
   are self-contained and may have their own control protocol for intra-
   POD communication and orchestration.  However, EVPN is used as a
   standard way of inter-POD communication for both intra-DC and inter-
   DC.  A subnet can span across multiple PODs and DCs.  EVPN provides a
   robust multi-tenant solution with extensive multihoming capabilities
   to stretch a subnet (VLAN) across multiple PODs and DCs.  There can
   be many hosts (several hundreds) attached to a subnet that is
   stretched across several PODs and DCs.

   These hosts express their interests in multicast groups on a given
   subnet/VLAN by sending IGMP/MLD Membership Reports for their
   interested multicast group(s).  Furthermore, an IGMP/MLD router
   periodically sends Membership Queries to find out if there are hosts
   on that subnet that are still interested in receiving multicast
   traffic for that group.  The IGMP/MLD Proxy solution described in
   this document accomplishes three objectives:

   1.  Reduce flooding of IGMP/MLD messages: Just like the ARP/Neighbor
       Discovery (ND) suppression mechanism in EVPN to reduce the
       flooding of ARP messages over EVPN, it is also desired to have a
       mechanism to reduce the flooding of IGMP/MLD messages (both
       Queries and Membership Reports) in EVPN.

   2.  Distributed anycast multicast proxy: It is desirable for the EVPN
       network to act as a distributed anycast multicast router with
       respect to IGMP/MLD Proxy function for all the hosts attached to
       that subnet.

   3.  Selective multicast: This describes forwarding multicast traffic
       over the EVPN network such that it only gets forwarded to the PEs
       that have interests in the multicast group(s).  This document
       shows how this objective may be achieved when ingress replication
       is used to distribute the multicast traffic among the PEs.
       Procedures for supporting selective multicast using Point-to-
       Multipoint (P2MP) tunnels can be found in [EVPN-BUM].

   The first two objectives are achieved by using the IGMP/MLD Proxy on
   the PE.  The third objective is achieved by setting up a multicast
   tunnel among only the PEs that have interest in the multicast
   group(s) based on the trigger from IGMP/MLD Proxy processes.  The
   proposed solutions for each of these objectives are discussed in the
   following sections.

2.  Specification of Requirements

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC 2119] [RFC 8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Terminology

   AC:  Attachment Circuit

   All-Active Redundancy Mode:  When all PEs attached to an Ethernet
      segment are allowed to forward known unicast traffic to/from that
      Ethernet segment for a given VLAN, then the Ethernet segment is
      defined to be operating in All-Active redundancy mode.

   BD:  Broadcast Domain.  As per [RFC 7432], an EVPN instance (EVI)
      consists of a single BD or multiple BDs.  In case of a VLAN bundle
      and a VLAN-aware bundle service model, an EVI contains multiple
      BDs.  Also, in this document, BD and subnet are equivalent terms.

   DC:  Data Center

   ES:  Ethernet segment.  This is when a customer site (device or
      network) is connected to one or more PEs via a set of Ethernet
      links.

   ESI:  Ethernet Segment Identifier.  This is a unique non-zero
      identifier that identifies an Ethernet segment.

   Ethernet Tag:  It identifies a particular broadcast domain, e.g., a
      VLAN.  An EVPN instance consists of one or more broadcast domains.

   EVI:  EVPN Instance.  This spans the Provider Edge (PE) devices
      participating in that EVPN.

   EVPN:  Ethernet Virtual Private Network

   IGMP:  Internet Group Management Protocol

   IR:  Ingress Replication

   MLD:  Multicast Listener Discovery

   OIF:  Outgoing Interface for multicast.  It can be a physical
      interface, virtual interface, or tunnel.

   PE:  Provider Edge

   POD:  Point of Delivery

   S-PMSI:  Selective P-Multicast Service Interface.  This is a
      conceptual interface for a PE to send customer multicast traffic
      to some of the PEs in the same VPN.

   Single-Active Redundancy Mode:  When only a single PE, among all the
      PEs attached to an Ethernet segment, is allowed to forward traffic
      to/from that Ethernet segment for a given VLAN, then the Ethernet
      segment is defined to be operating in Single-Active redundancy
      mode.

   SMET:  Selective Multicast Ethernet Tag

   ToR:  Top of Rack

   This document also assumes familiarity with the terminology of
   [RFC 7432], [RFC 3376], and [RFC 2236].  When this document uses the
   term "IGMP Membership Report", the text equally applies to the MLD
   Membership Report.  Similarly, text for IGMPv2 applies to MLDv1, and
   text for IGMPv3 applies to MLDv2.  IGMP/MLD version encoding in the
   BGP update is stated in Section 9.

   It is important to note that when there is text considering whether a
   PE indicates support for IGMP proxying, the corresponding behavior
   has a natural analog for indicating support for MLD proxying, and the
   analogous requirements apply as well.

4.  IGMP/MLD Proxy

   The IGMP Proxy mechanism is used to reduce the flooding of IGMP
   messages over an EVPN network, similar to the ARP proxy used in
   reducing the flooding of ARP messages over EVPN.  It also provides a
   triggering mechanism for the PEs to set up their underlay multicast
   tunnels.  The IGMP Proxy mechanism consists of two components:

   1.  Proxy for IGMP Membership Reports

   2.  Proxy for IGMP Membership Queries

   The goal of IGMP and MLD proxying is to make the EVPN behave
   seamlessly for the tenant systems with respect to multicast
   operations while using a more efficient delivery system for signaling
   and delivery across the VPN.  Accordingly, group state must be
   tracked synchronously among the PEs serving the VPN, with join and
   leave events propagated to the peer PEs and each PE tracking the
   state of each of its peer PEs with respect to whether there are
   locally attached group members (and in some cases, senders), what
   version(s) of IGMP/MLD are in use for those locally attached group
   members, etc.  In order to perform this translation, each PE acts as
   an IGMP router for the locally attached domain, maintains the
   requisite state on locally attached nodes, sends periodic Membership
   Queries, etc.  The role of EVPN Selective Multicast Ethernet Tag
   (SMET) route propagation is to ensure that each PE's local state is
   propagated to the other PEs so that they share a consistent view of
   the overall IGMP Membership Request and Leave Group state.  It is
   important to note that the need to keep such local state can be
   triggered by either local IGMP traffic or BGP EVPN signaling.  In
   most cases, a local IGMP event will need to be signaled over EVPN,
   though state initiated by received EVPN traffic will not always need
   to be relayed to the locally attached domain.

4.1.  Proxy Reporting

   When IGMP is used between hosts and their first hop EVPN router (EVPN
   PE), proxy reporting is used by the EVPN PE to summarize (when
   possible) reports received from downstream hosts and propagate them
   in BGP to other PEs that are interested in the information.  This is
   done by terminating the IGMP Membership Reports in the first hop PE
   and translating and exchanging the relevant information among EVPN
   BGP speakers.  The information is again translated back to an IGMP
   message at the recipient EVPN speaker.  Thus, it helps create an IGMP
   overlay subnet using BGP.  In order to facilitate such an overlay,
   this document also defines a new EVPN route type Network Layer
   Reachability Information (NLRI) and the EVPN SMET route, along with
   its procedures to help exchange and register IGMP multicast groups;
   see Section 9.

4.1.1.  IGMP/MLD Membership Report Advertisement in BGP

   When a PE wants to advertise an IGMP Membership Report using the BGP
   EVPN route, it follows the proceeding rules (BGP encoding is stated
   in Section 9).  The first four rules are applicable to the originator
   PE, and the last three rules are applicable to remote PE processing
   SMET routes:

   Processing at the BGP route originator:

   1.  When the first hop PE receives IGMP Membership Reports belonging
       to the same IGMP version from different attached hosts for the
       same (*,G) or (S,G), it SHOULD send a single BGP message
       corresponding to the very first IGMP Membership Request (BGP
       update as soon as possible) for that (*,G) or (S,G).  This is
       because BGP is a stateful protocol, and no further transmission
       of the same report is needed.  If the IGMP Membership Request is
       for (*,G), then the Multicast Group Address MUST be sent along
       with the corresponding version flag (v2 or v3) set.  In case of
       IGMPv3, the exclude flag MUST also be set to indicate that no
       source IP address must be excluded (include all sources "*").  If
       the IGMP Membership Report is for (S,G), then besides setting the
       Multicast Group Address along with the v3 flag, the source IP
       address and the Include/Exclude (IE) flag MUST be set.  It should
       be noted that, when advertising the EVPN route for (S,G), the
       only valid version flag is v3 (v2 flags MUST be set to 0).

   2.  When the first hop PE receives an IGMPv3 Membership Report for
       (S,G) on a given BD, it MUST advertise the corresponding EVPN
       SMET route, regardless of whether the source (S) is attached to
       itself or not, in order to facilitate the source move in the
       future.

   3.  When the first hop PE receives an IGMP version-X Membership
       Report first for (*,G) and then later receives an IGMP version-Y
       Membership Report for the same (*,G), then it MUST re-advertise
       the same EVPN SMET route with the flag for version-Y set in
       addition to any previously set version flag(s).  In other words,
       the first hop PE MUST NOT withdraw the EVPN route before sending
       the new route because the Flags field is not part of BGP route
       key processing.

   4.  When the first hop PE receives an IGMP version-X Membership
       Report first for (*,G) and then later receives an IGMPv3
       Membership Report for the same Multicast Group Address but for a
       specific source address S, then the PE MUST advertise a new EVPN
       SMET route with the v3 flag set (and v2 reset).  The IE flag also
       needs to be set accordingly.  Since the source IP address is used
       as part of BGP route key processing, it is considered to be a new
       BGP route advertisement.  When different versions of IGMP
       Membership Report are received, the final state MUST be as per
       Section 5.1 of [RFC 3376].  At the end of the route processing,
       local and remote group record state MUST be as per Section 5.1 of
       [RFC 3376].

   Processing at the BGP route receiver:

   1.  When a PE receives an EVPN SMET route with more than one version
       flag set, it will generate the corresponding IGMP Report for
       (*,G) for each version specified in the Flags field.  With
       multiple version flags set, there must not be a source IP address
       in the received EVPN route.  If there is, then an error SHOULD be
       logged.  If the v3 flag is set (in addition to v2), then the IE
       flag MUST indicate "exclude".  If not, then an error SHOULD be
       logged.  The PE MUST generate an IGMP Membership Report for that
       (*,G) and each IGMP version in the version flag.

   2.  When a PE receives a list of EVPN SMET NLRIs in its BGP update
       message, each with a different source IP address and the same
       Multicast Group Address, and the version flag is set to v3, then
       the PE generates an IGMPv3 Membership Report with a record
       corresponding to the list of source IP addresses and the group
       address, along with the proper indication of inclusion/exclusion.

   3.  Upon receiving an EVPN SMET route(s) and before generating the
       corresponding IGMP Membership Request(s), the PE checks to see
       whether it has a Customer Edge (CE) multicast router for that BD
       on any of its ESs . The PE provides such a check by listening for
       PIM Hello messages on that AC, i.e., (ES,BD).  If the PE does
       have the router's ACs, then the generated IGMP Membership
       Request(s) is sent to those ACs.  If it doesn't have any of the
       router's ACs, then no IGMP Membership Request(s) needs to be
       generated.  This is because sending IGMP Membership Requests to
       other hosts can result in unintentionally preventing a host from
       joining a specific multicast group using IGMPv2, i.e., if the PE
       does not receive a Membership Report from the host, it will not
       forward multicast data to it.  Per [RFC 4541] , when an IGMPv2
       host receives a Membership Report for a group address that it
       intends to join, the host will suppress its own Membership Report
       for the same group, and if the PE does not receive an IGMP
       Membership Report from the host, it will not forward multicast
       data to it.  In other words, an IGMPv2 Membership Report MUST NOT
       be sent on an AC that does not lead to a CE multicast router.
       This message suppression is a requirement for IGMPv2 hosts.  This
       is not a problem for hosts running IGMPv3, because there is no
       suppression of IGMP Membership Reports.

4.1.2.  IGMP/MLD Leave Group Advertisement in BGP

   When a PE wants to withdraw an EVPN SMET route corresponding to an
   IGMPv2 Leave Group or IGMPv3 "Leave" equivalent message, it follows
   the rules below.  The first rule defines the procedure at the
   originator PE, and the last two rules talk about procedures at the
   remote PE:

   Processing at the BGP route originator:

   1.  When a PE receives an IGMPv2 Leave Group or its "Leave"
       equivalent message for IGMPv3 from its attached host, it checks
       to see if this host is the last host that is interested in this
       multicast group by sending a query for the multicast group.  If
       the host was indeed the last one (i.e., no responses are received
       for the query), then the PE MUST re-advertise the EVPN SMET route
       with the corresponding version flag reset.  If this is the last
       version flag to be reset, then instead of re-advertising the EVPN
       route with all version flags reset, the PE MUST withdraw the EVPN
       route for that (*,G).

   Processing at the BGP route receiver:

   1.  When a PE receives an EVPN SMET route for a given (*,G), it
       compares the received version flags from the route with its per-
       PE stored version flags.  If the PE finds that a version flag
       associated with the (*,G) for the remote PE is reset, then the PE
       MUST generate IGMP Leave for that (*,G) toward its local
       interface (if any), which is attached to the multicast router for
       that multicast group.  It should be noted that the received EVPN
       route MUST have at least one version flag set.  If all version
       flags are reset, it is an error because the PE should have
       received an EVPN route withdraw for the last version flag.  An
       error MUST be considered as a BGP error, and the PE MUST apply
       the "treat-as-withdraw" procedure per [RFC 7606].

   2.  When a PE receives an EVPN SMET route withdraw, it removes the
       remote PE from its OIF list for that multicast group, and if
       there are no more OIF entries for that multicast group (either
       locally or remotely), then the PE MUST stop responding to
       Membership Queries from the locally attached router (if any).  If
       there is a source for that multicast group, the PE stops sending
       multicast traffic for that source.

4.2.  Proxy Querier

   As mentioned in the previous sections, each PE MUST have proxy
   querier functionality for the following reasons:

   1.  to enable the collection of EVPN PEs providing Layer 2 Virtual
       Private Network (L2VPN) service to act as a distributed multicast
       router with an anycast IP address for all attached hosts in that
       subnet

   2.  to enable suppression of IGMP Membership Reports and Membership
       Queries over MPLS/IP core

5.  Operation

   Consider the EVPN network in Figure 1, where there is an EVPN
   instance configured across the PEs (namely PE1, PE2, and PE3).  Let's
   consider that this EVPN instance consists of a single bridge domain
   (single subnet) with all the hosts and sources and the multicast
   router connected to this subnet.  PE1 only has hosts (host denoted by
   Hx) connected to it.  PE2 has a mix of hosts and a multicast source.
   PE3 has a mix of hosts, a multicast source (source denoted by Sx),
   and a multicast router (router denoted by Rx).  Furthermore, let's
   consider that for (S1,G1), R1 is used as the multicast router.  The
   following subsections describe the IGMP Proxy operation in different
   PEs with regard to whether the locally attached devices for that
   subnet are:

   *  only hosts,

   *  a mix of hosts and a multicast source, or

   *  a mix of hosts, a multicast source, and a multicast router.

                             +--------------+
                             |              |
                             |              |
                      +----+ |              | +----+
       H1:(*,G1)v2 ---|    | |              | |    |---- H6(*,G1)v2
       H2:(*,G1)v2 ---| PE1| |   IP/MPLS    | | PE2|---- H7(S2,G2)v3
       H3:(*,G1)v3 ---|    | |   Network    | |    |---- S2
       H4:(S2,G2)v3 --|    | |              | |    |
                      +----+ |              | +----+
                             |              |
                      +----+ |              |
       H5:(S1,G1)v3 --|    | |              |
                S1 ---| PE3| |              |
                R1 ---|    | |              |
                      +----+ |              |
                             |              |
                             +--------------+

                           Figure 1: EVPN Network

5.1.  PE with Only Attached Hosts for a Given Subnet

   When PE1 receives an IGMPv2 Membership Report from H1, it does not
   forward this Membership Report to any of its other ports (for this
   subnet) because all these local ports are associated with the hosts.
   PE1 sends an EVPN SMET route corresponding to this Membership Report
   for (*,G1) and sets the v2 flag.  This EVPN route is received by PE2
   and PE3, which are the members of the same BD (i.e., same EVI in case
   of a VLAN-based service or EVI and VLAN in case of a VLAN-aware
   bundle service).  PE3 reconstructs the IGMPv2 Membership Report from
   this EVPN BGP route and only sends it to the port(s) with multicast
   routers attached to it (for that subnet).  In this example, PE3 sends
   the reconstructed IGMPv2 Membership Report for (*,G1) only to R1.
   Furthermore, even though PE2 receives the EVPN BGP route, it does not
   send it to any of its ports for that subnet (viz., ports associated
   with H6 and H7).

   When PE1 receives the second IGMPv2 Membership Report from H2 for the
   same multicast group (*,G1), it only adds that port to its OIF list,
   but it doesn't send any EVPN BGP routes because there is no change in
   information.  However, when it receives the IGMPv3 Membership Report
   from H3 for the same (*,G1), besides adding the corresponding port to
   its OIF list, it re-advertises the previously sent EVPN SMET route
   with the v3 and exclude flag set.

   Finally, when PE1 receives the IGMPv3 Membership Report from H4 for
   (S2,G2), it advertises a new EVPN SMET route corresponding to it.

5.2.  PE with a Mix of Attached Hosts and a Multicast Source

   The main difference in this case is that when PE2 receives the IGMPv3
   Membership Report from H7 for (S2,G2), it advertises it in BGP to
   support the source moving, even though PE2 knows that S2 is attached
   to its local AC.  PE2 adds the port associated with H7 to its OIF
   list for (S2,G2).  The processing for IGMPv2 received from H6 is the
   same as the IGMPv2 Membership Report described in the previous
   section.

5.3.  PE with a Mix of Attached Hosts, a Multicast Source, and a Router

   The main difference in this case relative to the previous two
   sections is that IGMPv2/v3 Membership Report messages received
   locally need to be sent to the port associated with router R1.
   Furthermore, the Membership Reports received via BGP (SMET) need to
   be passed to the R1 port but filtered for all other ports.

6.  All-Active Multihoming

   Because the Link Aggregation Group (LAG) flow hashing algorithm used
   by the CE is unknown at the PE, in an All-Active redundancy mode, it
   must be assumed that the CE can send a given IGMP message to any one
   of the multihomed PEs, either Designated Forwarder (DF) or non-DF,
   i.e., different IGMP Membership Request messages can arrive at
   different PEs in the redundancy group.  Furthermore, their
   corresponding Leave messages can arrive at PEs that are different
   from the ones that received the Membership Report.  Therefore, all
   PEs attached to a given Ethernet segment (ES) must coordinate the
   IGMP Membership Request and Leave Group (x,G) state, where x may be
   either "*" or a particular source S for each BD on that ES.  Each PE
   has a local copy of that state, and the EVPN signaling serves to
   synchronize that state across PEs.  This allows the DF for that
   (ES,BD) to correctly advertise or withdraw a SMET route for that
   (x,G) group in that BD when needed.  All-Active multihoming PEs for a
   given ES MUST support IGMP synchronization procedures described in
   this section if they need to perform IGMP Proxy for hosts connected
   to that ES.

6.1.  Local IGMP/MLD Membership Report Synchronization

   When a PE, either DF or non-DF, receives an IGMP Membership Report
   for (x,G) on a given multihomed ES operating in All-Active redundancy
   mode, it determines the BD to which the IGMP Membership Report
   belongs.  If the PE doesn't already have the local IGMP Membership
   Request (x,G) state for that BD on that ES, it MUST instantiate that
   local IGMP Membership Request (x,G) state and MUST advertise a BGP
   IGMP Membership Report Synch route for that (ES,BD).  The local IGMP
   Membership Request (x,G) state refers to the IGMP Membership Request
   (x,G) state that is created as a result of processing an IGMP
   Membership Report for (x,G).

   The IGMP Membership Report Synch route MUST carry the ES-Import Route
   Target (RT) for the ES on which the IGMP Membership Report was
   received.  Thus, it MUST only be imported by the PEs attached to that
   ES and not any other PEs.

   When a PE, either DF or non-DF, receives an IGMP Membership Report
   Synch route, it installs that route, and if it doesn't already have
   the IGMP Membership Request (x,G) state for that (ES,BD), it MUST
   instantiate that IGMP Membership Request (x,G) state, i.e., the IGMP
   Membership Request (x,G) state is the union of the local IGMP
   Membership Report (x,G) state and the installed IGMP Membership
   Report Synch route.  If the DF did not already advertise (originate)
   a SMET route for that (x,G) group in that BD, it MUST do so now.

   When a PE, either DF or non-DF, deletes its local IGMP Membership
   Request (x,G) state for that (ES,BD), it MUST withdraw its BGP IGMP
   Membership Report Synch route for that (ES,BD).

   When a PE, either DF or non-DF, receives the withdrawal of an IGMP
   Membership Report Synch route from another PE, it MUST remove that
   route.  When a PE has no local IGMP Membership Request (x,G) state
   and it has no installed IGMP Membership Report Synch routes, it MUST
   remove that IGMP Membership Request (x,G) state for that (ES,BD).  If
   the DF no longer has the IGMP Membership Request (x,G) state for that
   BD on any ES for which it is the DF, it MUST withdraw its SMET route
   for that (x,G) group in that BD.

   In other words, a PE advertises a SMET route for that (x,G) group in
   that BD when it has the IGMP Membership Request (x,G) state on at
   least one ES for which it is the DF, and it withdraws that SMET route
   when it does not have an IGMP Membership Request (x,G) state in that
   BD on any ES for which it is the DF.

6.2.  Local IGMP/MLD Leave Group Synchronization

   When a PE, either DF or non-DF, receives an IGMP Leave Group message
   for (x,G) from the attached CE on a given multihomed ES operating in
   All-Active redundancy mode, it determines the BD to which the IGMPv2
   Leave Group belongs.  Regardless of whether it has the IGMP
   Membership Request (x,G) state for that (ES,BD), it initiates the
   (x,G) leave group synchronization procedure, which consists of the
   following steps:

   1.  It computes the Maximum Response Time, which is the duration of
       the (x,G) leave group synchronization procedure.  This is the
       product of two locally configured values, Last Member Query Count
       and Last Member Query Interval (described in Section 3 of
       [RFC 2236]), plus a delta corresponding to the time it takes for a
       BGP advertisement to propagate between the PEs attached to the
       multihomed ES (delta is a consistently configured value on all
       PEs attached to the multihomed ES).

   2.  It starts the Maximum Response Time timer.  Note that the receipt
       of subsequent IGMP Leave Group messages or BGP Leave Synch routes
       for (x,G) do not change the value of a currently running Maximum
       Response Time timer and are ignored by the PE.

   3.  It initiates the Last Member Query procedure described in
       Section 3 of [RFC 2236]; viz., it sends a number of Group-Specific
       Query (x,G) messages (Last Member Query Count) at a fixed
       interval (Last Member Query Interval) to the attached CE.

   4.  It advertises an IGMP Leave Synch route for that (ES,BD).  This
       route notifies the other multihomed PEs attached to the given
       multihomed ES that it has initiated an (x,G) leave group
       synchronization procedure, i.e., it carries the ES-Import RT for
       the ES on which the IGMP Leave Group was received.  It also
       contains the Maximum Response Time.

   5.  When the Maximum Response Time timer expires, the PE that has
       advertised the IGMP Leave Synch route withdraws it.

6.2.1.  Remote Leave Group Synchronization

   When a PE, either DF or non-DF, receives an IGMP Leave Synch route,
   it installs that route and it starts a timer for (x,G) on the
   specified (ES,BD), whose value is set to the Maximum Response Time in
   the received IGMP Leave Synch route.  Note that the receipt of
   subsequent IGMPv2 Leave Group messages or BGP Leave Synch routes for
   (x,G) do not change the value of a currently running Maximum Response
   Time timer and are ignored by the PE.

6.2.2.  Common Leave Group Synchronization

   If a PE attached to the multihomed ES receives an IGMP Membership
   Report for (x,G) before the Maximum Response Time timer expires, it
   advertises a BGP IGMP Membership Report Synch route for that (ES,BD).
   If it doesn't already have the local IGMP Membership Request (x,G)
   state for that (ES,BD), it instantiates that local IGMP Membership
   Request (x,G) state.  If the DF is not currently advertising
   (originating) a SMET route for that (x,G) group in that BD, it does
   so now.

   If a PE attached to the multihomed ES receives an IGMP Membership
   Report Synch route for (x,G) before the Maximum Response Time timer
   expires, it installs that route, and if it doesn't already have the
   IGMP Membership Request (x,G) state for that BD on that ES, it
   instantiates that IGMP Membership Request (x,G) state.  If the DF has
   not already advertised (originated) a SMET route for that (x,G) group
   in that BD, it does so now.

   When the Maximum Response Time timer expires, a PE that has
   advertised an IGMP Leave Synch route withdraws it.  Any PE attached
   to the multihomed ES, which started the Maximum Response Time and has
   no local IGMP Membership Request (x,G) state and no installed IGMP
   Membership Report Synch routes, removes the IGMP Membership Request
   (x,G) state for that (ES,BD).  If the DF no longer has the IGMP
   Membership Request (x,G) state for that BD on any ES for which it is
   the DF, it withdraws its SMET route for that (x,G) group in that BD.

6.3.  Mass Withdraw of the Multicast Membership Report Synch Route in
      Case of Failure

   A PE that has received an IGMP Membership Request would have synced
   the IGMP Membership Report by the procedure defined in Section 6.1.
   If a PE with the local Membership Report state goes down or the PE to
   CE link goes down, it would lead to a mass withdraw of multicast
   routes.  Remote PEs (PEs where these routes were remote IGMP
   Membership Reports) SHOULD NOT remove the state immediately; instead,
   General Query SHOULD be generated to refresh the states.  There are
   several ways to detect failure at a peer, e.g., using IGP next-hop
   tracking or ES route withdraw.

7.  Single-Active Multihoming

   Note that to facilitate state synchronization after failover, the PEs
   attached to a multihomed ES operating in Single-Active redundancy
   mode SHOULD also coordinate the IGMP Membership Report (x,G) state.
   In this case, all IGMP Membership Report messages are received by the
   DF and distributed to the non-DF PEs using the procedures described
   above.

8.  Selective Multicast Procedures for IR Tunnels

   If an ingress PE uses ingress replication, then for a given (x,G)
   group in a given BD:

   1.  It sends (x,G) traffic to the set of PEs not supporting IGMP or
       MLD Proxies.  This set consists of any PE that has advertised an
       Inclusive Multicast Ethernet Tag (IMET) route for the BD without
       a Multicast Flags Extended Community or with a Multicast Flags
       Extended Community in which neither the IGMP Proxy support nor
       the MLD Proxy support flags are set.

   2.  It sends (x,G) traffic to the set of PEs supporting IGMP or MLD
       Proxies and has listeners for that (x,G) group in that BD.  This
       set consists of any PE that has advertised an IMET route for the
       BD with a Multicast Flags Extended Community in which the IGMP
       Proxy support and/or the MLD Proxy support flags are set and that
       has advertised a SMET route for that (x,G) group in that BD.

9.  BGP Encoding

   This document defines three new BGP EVPN routes to carry IGMP
   Membership Reports.  The route types are known as:

   6 -  Selective Multicast Ethernet Tag Route

   7 -  Multicast Membership Report Synch Route

   8 -  Multicast Leave Synch Route

   The detailed encoding and procedures for these route types are
   described in subsequent sections.

9.1.  Selective Multicast Ethernet Tag Route

   A SMET route-type-specific EVPN NLRI consists of the following:

                 +---------------------------------------+
                 |  RD (8 octets)                        |
                 +---------------------------------------+
                 |  Ethernet Tag ID (4 octets)           |
                 +---------------------------------------+
                 |  Multicast Source Length (1 octet)    |
                 +---------------------------------------+
                 |  Multicast Source Address (variable)  |
                 +---------------------------------------+
                 |  Multicast Group Length (1 octet)     |
                 +---------------------------------------+
                 |  Multicast Group Address (Variable)   |
                 +---------------------------------------+
                 |  Originator Router Length (1 octet)   |
                 +---------------------------------------+
                 |  Originator Router Address (variable) |
                 +---------------------------------------+
                 |  Flags (1 octet)                      |
                 +---------------------------------------+

   For the purpose of BGP route key processing, all the fields are
   considered to be part of the prefix in the NLRI, except for the
   1-octet Flags field.  The Flags fields are defined as follows:

                           0  1  2  3  4  5  6  7
                         +--+--+--+--+--+--+--+--+
                         | reserved  |IE|v3|v2|v1|
                         +--+--+--+--+--+--+--+--+

   *  The least significant bit (bit 7) indicates support for IGMP
      version 1.  Since IGMPv1 is being deprecated, the sender MUST set
      it to 0 for IGMP and the receiver MUST ignore it.

   *  The second least significant bit (bit 6) indicates support for
      IGMP version 2.

   *  The third least significant bit (bit 5) indicates support for IGMP
      version 3.

   *  The fourth least significant bit (bit 4) indicates whether the
      (S,G) information carried within the route type is of an Include
      Group type (bit value 0) or an Exclude Group type (bit value 1).
      The Exclude Group type bit MUST be ignored if bit 5 is not set.

   *  This EVPN route type is used to carry tenant IGMP multicast group
      information.  The Flags field assists in distributing the IGMP
      Membership Report of a given host for a given multicast route.
      The version bits help associate the IGMP version of receivers
      participating within the EVPN domain.

   *  The IE bit helps in creating filters for a given multicast route.

   *  If the route is used for IPv6 (MLD), then bit 7 indicates support
      for MLD version 1.  The second least significant bit (bit 6)
      indicates support for MLD version 2.  Since there is no MLD
      version 3, in case of IPv6 routes, the third least significant bit
      MUST be 0.  In case of IPv6 routes, the fourth least significant
      bit MUST be ignored if bit 6 is not set.

   *  Reserved bits MUST be set to 0 by the sender, and the receiver
      MUST ignore the Reserved bits.

9.1.1.  Constructing the Selective Multicast Ethernet Tag Route

   This section describes the procedures used to construct the SMET
   route.

   The Route Distinguisher (RD) SHOULD be a Type 1 RD [RFC 4364].  The
   value field comprises an IP address of the PE (typically, the
   loopback address), followed by a number unique to the PE.

   The Ethernet Tag ID MUST be set, as per the procedure defined in
   [RFC 7432].

   The Multicast Source Length MUST be set to the length of the
   Multicast Source Address in bits.  If the Multicast Source Address
   field contains an IPv4 address, then the value of the Multicast
   Source Length field is 32.  If the Multicast Source Address field
   contains an IPv6 address, then the value of the Multicast Source
   Length field is 128.  In case of a (*,G) Membership Report, the
   Multicast Source Length is set to 0.

   The Multicast Source Address is the source IP address from the IGMP
   Membership Report.  In case of a (*,G) Membership Report, this field
   is not used.

   The Multicast Group Length MUST be set to the length of the Multicast
   Group Address in bits.  If the Multicast Group Address field contains
   an IPv4 address, then the value of the Multicast Group Length field
   is 32.  If the Multicast Group Address field contains an IPv6
   address, then the value of the Multicast Group Length field is 128.

   The Multicast Group Address is the group address from the IGMP or MLD
   Membership Report.

   The Originator Router Length is the length of the Originator Router
   Address in bits.

   The Originator Router Address is the IP address of the router
   originating this route.  The SMET Originator Router IP address MUST
   match that of the IMET (or S-PMSI Authentic Data (AD)) route
   originated for the same EVI by the same downstream PE.

   The Flags field indicates the version of IGMP from which the
   Membership Report was received.  It also indicates whether the
   multicast group had the Include/Exclude bit set.

   Reserved bits MUST be set to 0.  They can be defined by other
   documents in the future.

   IGMP is used to receive group membership information from hosts by
   Top-of-the-Rack (ToR) switches.  Upon receiving the host's expression
   of interest in a particular group membership, this information is
   then forwarded using the SMET route.  The NLRI also keeps track of
   the receiver's IGMP version and any source filtering for a given
   group membership.  All EVPN SMET routes are announced per EVI Route
   Target extended communities (EVI-RT ECs).

9.1.2.  Reconstructing IGMP/MLD Membership Reports from the Selective
        Multicast Route

   This section describes the procedures used to reconstruct IGMP/MLD
   Membership Reports from the SMET route.

   *  If the Multicast Group Length is 32, the route is translated to
      the IGMP Membership Request.  If the Multicast Group Length is
      128, the route is translated to an MLD Membership Request.

   *  The Multicast Group Address field is translated to the IGMP/MLD
      group address.

   *  If the Multicast Source Length is set to 0, it is translated to
      any source (*).  If the Multicast Source Length is non-zero, the
      Multicast Source Address field is translated to the IGMP/MLD
      source address.

   *  If flag bit 7 is set, it translates the Membership Report to be
      IGMPv1 or MLDv1.

   *  If flag bit 6 is set, it translates the Membership Report to be
      IGMPv2 or MLDv2.

   *  Flag bit 5 is only valid for the IGMP Membership Report; if it is
      set, it translates to the IGMPv3 report.

   *  If the IE flag is set, it translates to the IGMP/MLD Exclude mode
      Membership Report.  If the IE flag is not set (0), it translates
      to the Include mode Membership Report.

9.1.3.  Default Selective Multicast Route

   If there is a multicast router connected behind the EVPN domain, the
   PE MAY originate a default SMET (*,*) to get all multicast traffic in
   the domain.

                             +--------------+
                             |              |
                             |              |
                             |              | +----+
                             |              | |    |---- H1(*,G1)v2
                             |   IP/MPLS    | | PE1|---- H2(S2,G2)v3
                             |   Network    | |    |---- S2
                             |              | |    |
                             |              | +----+
                             |              |
                      +----+ |              |
      +----+          |    | |              |
      |    |    S1 ---| PE2| |              |
      |PIM |----R1 ---|    | |              |
      |ASM |          +----+ |              |
      |    |                 |              |
      +----+                 +--------------+

             Figure 2: Multicast Router behind the EVPN Domain

   Consider the EVPN network in Figure 2, where there is an EVPN
   instance configured across the PEs.  Let's consider that PE2 is
   connected to multicast router R1 and there is a network running PIM
   ASM behind R1.  If there are receivers behind the PIM ASM network,
   the PIM Join would be forwarded to the PIM Rendezvous Point (RP).  If
   receivers behind the PIM ASM network are interested in a multicast
   flow originated by multicast source S2 (behind PE1), it is necessary
   for PE2 to receive multicast traffic.  In this case, PE2 MUST
   originate a (*,*) SMET route to receive all of the multicast traffic
   in the EVPN domain.  To generate wildcard (*,*) routes, the procedure
   from [RFC 6625] MUST be used.

9.2.  Multicast Membership Report Synch Route

   This EVPN route type is used to coordinate the IGMP Membership Report
   (x,G) state for a given BD between the PEs attached to a given ES
   operating in All-Active (or Single-Active) redundancy mode, and it
   consists of the following:

           +--------------------------------------------------+
           |  RD (8 octets)                                   |
           +--------------------------------------------------+
           |  Ethernet Segment Identifier (10 octets)         |
           +--------------------------------------------------+
           |  Ethernet Tag ID  (4 octets)                     |
           +--------------------------------------------------+
           |  Multicast Source Length (1 octet)               |
           +--------------------------------------------------+
           |  Multicast Source Address (variable)             |
           +--------------------------------------------------+
           |  Multicast Group Length (1 octet)                |
           +--------------------------------------------------+
           |  Multicast Group Address (Variable)              |
           +--------------------------------------------------+
           |  Originator Router Length (1 octet)              |
           +--------------------------------------------------+
           |  Originator Router Address (variable)            |
           +--------------------------------------------------+
           |  Flags (1 octet)                                 |
           +--------------------------------------------------+

   For the purpose of BGP route key processing, all the fields are
   considered to be part of the prefix in the NLRI, except for the
   1-octet Flags field, whose fields are defined as follows:

                           0  1  2  3  4  5  6  7
                         +--+--+--+--+--+--+--+--+
                         | reserved  |IE|v3|v2|v1|
                         +--+--+--+--+--+--+--+--+

   *  The least significant bit (bit 7) indicates support for IGMP
      version 1.

   *  The second least significant bit (bit 6) indicates support for
      IGMP version 2.

   *  The third least significant bit (bit 5) indicates support for IGMP
      version 3.

   *  The fourth least significant bit (bit 4) indicates whether the (S,
      G) information carried within the route type is of an Include
      Group type (bit value 0) or an Exclude Group type (bit value 1).
      The Exclude Group type bit MUST be ignored if bit 5 is not set.

   *  Reserved bits MUST be set to 0.

   The Flags field assists in distributing the IGMP Membership Report of
   a given host for a given multicast route.  The version bits help
   associate the IGMP version of receivers participating within the EVPN
   domain.  The Include/Exclude bit helps in creating filters for a
   given multicast route.

   If the route is being prepared for IPv6 (MLD), then bit 7 indicates
   support for MLD version 1.  The second least significant bit (bit 6)
   indicates support for MLD version 2.  Since there is no MLD version
   3, in case of the IPv6 route, the third least significant bit MUST be
   0.  In case of the IPv6 route, the fourth least significant bit MUST
   be ignored if bit 6 is not set.

9.2.1.  Constructing the Multicast Membership Report Synch Route

   This section describes the procedures used to construct the IGMP
   Membership Report Synch route.  Support for these route types is
   optional.  If a PE does not support this route, then it MUST NOT
   indicate that it supports "IGMP Proxy" in the Multicast Flags
   Extended Community for the EVIs corresponding to its multihomed ESs.

   An IGMP Membership Report Synch route MUST carry exactly one ES-
   Import Route Target extended community, i.e., the one that
   corresponds to the ES on which the IGMP Membership Report was
   received.  It MUST also carry exactly one EVI-RT EC, i.e., the one
   that corresponds to the EVI on which the IGMP Membership Report was
   received.  See Section 9.5 for details on how to encode and construct
   the EVI-RT EC.

   The RD SHOULD be Type 1 [RFC 4364].  The value field comprises an IP
   address of the PE (typically, the loopback address), followed by a
   number unique to the PE.

   The Ethernet Segment Identifier (ESI) MUST be set to the 10-octet
   value defined for the ES.

   The Ethernet Tag ID MUST be set, as per the procedure defined in
   [RFC 7432].

   The Multicast Source Length MUST be set to the length of the
   Multicast Source Address in bits.  If the Multicast Source field
   contains an IPv4 address, then the value of the Multicast Source
   Length field is 32.  If the Multicast Source field contains an IPv6
   address, then the value of the Multicast Source Length field is 128.
   In case of a (*,G) Membership Report, the Multicast Source Length is
   set to 0.

   The Multicast Source is the source IP address of the IGMP Membership
   Report.  In case of a (*,G) Membership Report, this field does not
   exist.

   The Multicast Group Length MUST be set to the length of the Multicast
   Group Address in bits.  If the Multicast Group field contains an IPv4
   address, then the value of the Multicast Group Length field is 32.
   If the Multicast Group field contains an IPv6 address, then the value
   of the Multicast Group Length field is 128.

   The Multicast Group is the group address of the IGMP Membership
   Report.

   The Originator Router Length is the length of the Originator Router
   Address in bits.

   The Originator Router Address is the IP address of the router
   originating the prefix.

   The Flags field indicates the version of IGMP from which the
   Membership Report was received.  It also indicates whether the
   multicast group had the Include/Exclude bit set.

   Reserved bits MUST be set to 0.

9.2.2.  Reconstructing IGMP/MLD Membership Reports from a Multicast
        Membership Report Synch Route

   This section describes the procedures used to reconstruct IGMP/MLD
   Membership Reports from the Multicast Membership Report Synch route.

   *  If the Multicast Group Length is 32, the route is translated to
      the IGMP Membership Request.  If the Multicast Group Length is
      128, the route is translated to an MLD Membership Request.

   *  The Multicast Group Address field is translated to the IGMP/MLD
      group address.

   *  If the Multicast Source Length is set to 0, it is translated to
      any source (*).  If the Multicast Source Length is non-zero, the
      Multicast Source Address field is translated to the IGMP/MLD
      source address.

   *  If flag bit 7 is set, it translates the Membership Report to be
      IGMPv1 or MLDv1.

   *  If flag bit 6 is set, it translates the Membership Report to be
      IGMPv2 or MLDv2.

   *  Flag bit 5 is only valid for the IGMP Membership Report; if it is
      set, it translates to the IGMPv3 report.

   *  If the IE flag is set, it translates to the IGMP/MLD Exclude mode
      Membership Report.  If the IE flag is not set (0), it translates
      to the Include mode Membership Report.

9.3.  Multicast Leave Synch Route

   This EVPN route type is used to coordinate the IGMP Leave Group (x,G)
   state for a given BD between the PEs attached to a given ES operating
   in an All-Active (or Single-Active) redundancy mode, and it consists
   of the following:

           +--------------------------------------------------+
           |  RD (8 octets)                                   |
           +--------------------------------------------------+
           |  Ethernet Segment Identifier (10 octets)         |
           +--------------------------------------------------+
           |  Ethernet Tag ID  (4 octets)                     |
           +--------------------------------------------------+
           |  Multicast Source Length (1 octet)               |
           +--------------------------------------------------+
           |  Multicast Source Address (variable)             |
           +--------------------------------------------------+
           |  Multicast Group Length (1 octet)                |
           +--------------------------------------------------+
           |  Multicast Group Address (Variable)              |
           +--------------------------------------------------+
           |  Originator Router Length (1 octet)              |
           +--------------------------------------------------+
           |  Originator Router Address (variable)            |
           +--------------------------------------------------+
           |  Reserved (4 octets)                             |
           +--------------------------------------------------+
           |  Maximum Response Time (1 octet)                 |
           +--------------------------------------------------+
           |  Flags (1 octet)                                 |
           +--------------------------------------------------+

   For the purpose of BGP route key processing, all the fields are
   considered to be part of the prefix in the NLRI, except for the
   Reserved, Maximum Response Time, and 1-octet Flags fields, which are
   defined as follows:

                           0  1  2  3  4  5  6  7
                         +--+--+--+--+--+--+--+--+
                         | reserved  |IE|v3|v2|v1|
                         +--+--+--+--+--+--+--+--+

   *  The least significant bit (bit 7) indicates support for IGMP
      version 1.

   *  The second least significant bit (bit 6) indicates support for
      IGMP version 2.

   *  The third least significant bit (bit 5) indicates support for IGMP
      version 3.

   *  The fourth least significant bit (bit 4) indicates whether the (S,
      G) information carried within the route type is of an Include
      Group type (bit value 0) or an Exclude Group type (bit value 1).
      The Exclude Group type bit MUST be ignored if bit 5 is not set.

   *  Reserved bits MUST be set to 0.  They can be defined by other
      documents in the future.

   The Flags field assists in distributing the IGMP Membership Report of
   a given host for a given multicast route.  The version bits help
   associate the IGMP version of the receivers participating within the
   EVPN domain.  The Include/Exclude bit helps in creating filters for a
   given multicast route.

   If the route is being prepared for IPv6 (MLD), then bit 7 indicates
   support for MLD version 1.  The second least significant bit (bit 6)
   indicates support for MLD version 2.  Since there is no MLD version
   3, in case of the IPv6 route, the third least significant bit MUST be
   0.  In case of the IPv6 route, the fourth least significant bit MUST
   be ignored if bit 6 is not set.

   Reserved bits in the flag MUST be set to 0.  They can be defined by
   other documents in the future.

9.3.1.  Constructing the Multicast Leave Synch Route

   This section describes the procedures used to construct the IGMP
   Leave Synch route.  Support for these route types is optional.  If a
   PE does not support this route, then it MUST NOT indicate that it
   supports "IGMP Proxy" in the Multicast Flags Extended Community for
   the EVIs corresponding to its multihomed Ethernet segments.

   An IGMP Leave Synch route MUST carry exactly one ES-Import Route
   Target extended community, i.e., the one that corresponds to the ES
   on which the IGMP Leave was received.  It MUST also carry exactly one
   EVI-RT EC, i.e., the one that corresponds to the EVI on which the
   IGMP Leave was received.  See Section 9.5 for details on how to form
   the EVI-RT EC.

   The RD SHOULD be Type 1 [RFC 4364].  The value field comprises an IP
   address of the PE (typically, the loopback address), followed by a
   number unique to the PE.

   The ESI MUST be set to the 10-octet value defined for the ES.

   The Ethernet Tag ID MUST be set, as per the procedure defined in
   [RFC 7432].

   The Multicast Source Length MUST be set to the length of the
   Multicast Source Address in bits.  If the Multicast Source field
   contains an IPv4 address, then the value of the Multicast Source
   Length field is 32.  If the Multicast Source field contains an IPv6
   address, then the value of the Multicast Source Length field is 128.
   In case of a (*,G) Membership Report, the Multicast Source Length is
   set to 0.

   The Multicast Source is the source IP address of the IGMP Membership
   Report.  In case of a (*,G) Membership Report, this field does not
   exist.

   The Multicast Group Length MUST be set to the length of the Multicast
   Group Address in bits.  If the Multicast Group field contains an IPv4
   address, then the value of the Multicast Group Length field is 32.
   If the Multicast Group field contains an IPv6 address, then the value
   of the Multicast Group Length field is 128.

   The Multicast Group is the group address of the IGMP Membership
   Report.

   The Originator Router Length is the length of the Originator Router
   Address in bits.

   The Originator Router Address is the IP address of the router
   originating the prefix.

   The Reserved field is not part of the route key.  The originator MUST
   set the Reserved field to 0; the receiver SHOULD ignore it, and if it
   needs to be propagated, it MUST propagate it unchanged.

   The Maximum Response Time is the value to be used while sending a
   query, as defined in [RFC 2236].

   The Flags field indicates the version of IGMP from which the
   Membership Report was received.  It also indicates whether the
   multicast group had an Include/Exclude bit set.

9.3.2.  Reconstructing IGMP/MLD Leave from a Multicast Leave Synch Route

   This section describes the procedures used to reconstruct IGMP/MLD
   Leave from the Multicast Leave Synch route.

   *  If the Multicast Group Length is 32, the route is translated to
      IGMP Leave.  If the Multicast Group Length is 128, the route is
      translated to MLD Leave.

   *  The Multicast Group Address field is translated to an IGMP/MLD
      group address.

   *  If the Multicast Source Length is set to 0, it is translated to
      any source (*).  If the Multicast Source Length is non-zero, the
      Multicast Source Address field is translated to the IGMP/MLD
      source address.

   *  If flag bit 7 is set, it translates the Membership Report to be
      IGMPv1 or MLDv1.

   *  If flag bit 6 is set, it translates the Membership Report to be
      IGMPv2 or MLDv2.

   *  Flag bit 5 is only valid for the IGMP Membership Report; if it is
      set, it translates to the IGMPv3 report.

   *  If the IE flag is set, it translates to the IGMP/MLD Exclude mode
      Leave.  If the IE flag is not set (0), it translates to the
      Include mode Leave.

9.4.  Multicast Flags Extended Community

   The Multicast Flags Extended Community is a new EVPN Extended
   Community.  EVPN Extended Communities are transitive extended
   communities with a Type Value of 0x06.  IANA has assigned 0x09 to
   Multicast Flags Extended Community in the "EVPN Extended Community
   Sub-Types" subregistry.

   A PE that supports IGMP and/or the MLD Proxy on a given BD MUST
   attach this extended community to the IMET route it advertises for
   that BD, and it MUST set the IGMP and/or MLD Proxy Support flags to
   1.  Note that a PE compliant with [RFC 7432] will not advertise this
   extended community, so its absence indicates that the advertising PE
   does not support either IGMP or MLD Proxies.

   The advertisement of this extended community enables a more efficient
   multicast tunnel setup from the source PE specially for ingress
   replication, i.e., if an egress PE supports the IGMP Proxy but
   doesn't have any interest in a given (x,G), it advertises its IGMP
   Proxy capability using this extended community, but it does not
   advertise any SMET route for that (x,G).  When the source PE (ingress
   PE) receives such advertisements from the egress PE, it does not
   replicate the multicast traffic to that egress PE; however, it does
   replicate the multicast traffic to the egress PEs that don't
   advertise such capability, even if they don't have any interests in
   that (x,G).

   A Multicast Flags Extended Community is encoded as an 8-octet value
   as follows:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type=0x06     |Sub-Type=0x09  |     Flags (2 Octets)      |M|I|
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                           Reserved=0                          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The low-order (least significant) 2 bits are defined as the "IGMP
   Proxy Support" and "MLD Proxy Support" bits (see Section 12.3.  The
   absence of this extended community also means that the PE does not
   support the IGMP Proxy, where:

   *  The Type is 0x06, as registered with IANA for EVPN Extended
      Communities.

   *  The Sub-Type is 0x09.

   *  Flags are 2-octet values.

      -  Bit 15 (shown as I) defines IGMP Proxy Support.  The value of 1
         for bit 15 means that the PE supports the IGMP Proxy.  The
         value of 0 for bit 15 means that the PE does not support the
         IGMP Proxy.

      -  Bit 14 (shown as M) defines MLD Proxy Support.  The value of 1
         for bit 14 means that the PE supports the MLD Proxy.  The value
         of 0 for bit 14 means that the PE does not support the MLD
         Proxy.

      -  Bits 0 to 13 are reserved for the future.  The sender MUST set
         it to 0, and the receiver MUST ignore it.

   *  Reserved bits are set to 0.  The sender MUST set it to 0, and the
      receiver MUST ignore it.

   If a router does not support this specification, it MUST NOT add the
   Multicast Flags Extended Community in the BGP route.  When a router
   receives a BGP update, if both M and I flags are 0, the router MUST
   treat this update as malformed.  The receiver of such an update MUST
   ignore the extended community.

9.5.  EVI-RT Extended Community

   In EVPN, every EVI is associated with one or more Route Targets.
   These RTs serve two functions:

   1.  Distribution control: RTs control the distribution of the routes.
       If a route carries the RT associated with a particular EVI, it
       will be distributed to all the PEs on which that EVI exists.

   2.  EVI identification: Once a route has been received by a
       particular PE, the RT is used to identify the EVI to which it
       applies.

   An IGMP Membership Report Synch or IGMP Leave Synch route is
   associated with a particular combination of ES and EVI.  These routes
   need to be distributed only to PEs that are attached to the
   associated ES.  Therefore, these routes carry the ES-Import RT for
   that ES.

   Since an IGMP Membership Report Synch or IGMP Leave Synch route does
   not need to be distributed to all the PEs on which the associated EVI
   exists, these routes cannot carry the RT associated with that EVI.
   Therefore, when such a route arrives at a particular PE, the route's
   RTs cannot be used to identify the EVI to which the route applies.
   Some other means of associating the route with an EVI must be used.

   This document specifies four new ECs that can be used to identify the
   EVI with which a route is associated but do not have any effect on
   the distribution of the route.  These new ECs are known as "Type 0
   EVI-RT EC", "Type 1 EVI-RT EC", "Type 2 EVI-RT EC", and "Type 3 EVI-
   RT EC".

   1.  A Type 0 EVI-RT EC is an EVPN EC (type 6) of sub-type 0xA.

   2.  A Type 1 EVI-RT EC is an EVPN EC (type 6) of sub-type 0xB.

   3.  A Type 2 EVI-RT EC is an EVPN EC (type 6) of sub-type 0xC.

   4.  A Type 3 EVI-RT EC is an EVPN EC (type 6) of sub-type 0xD

   Each IGMP Membership Report Synch or IGMP Leave Synch route MUST
   carry exactly one EVI-RT EC.  The EVI-RT EC carried by a particular
   route is constructed as follows.  Each such route is the result of
   having received an IGMP Membership Report or an IGMP Leave message
   from a particular BD.  The route is said to be associated with that
   BD.  For each BD, there is a corresponding RT that is used to ensure
   that routes "about" that BD are distributed to all PEs attached to
   that BD.  So suppose a given IGMP Membership Report Synch or Leave
   Synch route is associated with a given BD, say BD1, and suppose that
   the corresponding RT for BD1 is RT1.  Then:

   *  If RT1 is a Transitive Two-Octet AS-specific EC, then the EVI-RT
      EC carried by the route is a Type 0 EVI-RT EC.  The value field of
      the Type 0 EVI-RT EC is identical to the value field of RT1.

   *  If RT1 is a Transitive IPv4-Address-specific EC, then the EVI-RT
      EC carried by the route is a Type 1 EVI-RT EC.  The value field of
      the Type 1 EVI-RT EC is identical to the value field of RT1.

   *  If RT1 is a Transitive Four-Octet AS-specific EC, then the EVI-RT
      EC carried by the route is a Type 2 EVI-RT EC.  The value field of
      the Type 2 EVI-RT EC is identical to the value field of RT1.

   *  If RT1 is a Transitive IPv6-Address-specific EC, then the EVI-RT
      EC carried by the route is a Type 3 EVI-RT EC.  The value field of
      the Type 3 EVI-RT EC is identical to the value field of RT1.

   An IGMP Membership Report Synch or Leave Synch route MUST carry
   exactly one EVI-RT EC.

   Suppose a PE receives a particular IGMP Membership Report Synch or
   IGMP Leave Synch route, say R1, and suppose that R1 carries an ES-
   Import RT that is one of the PE's Import RTs.  If R1 has no EVI-RT EC
   or has more than one EVI-RT EC, the PE MUST apply the "treat-as-
   withdraw" procedure per [RFC 7606].

   Note that an EVI-RT EC is not a Route Target extended community, is
   not visible to the RT Constrain mechanism [RFC 4684], and is not
   intended to influence the propagation of routes by BGP.

                          1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | Type=0x06     |  Sub-Type=n   |       RT associated with EVI  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |             RT associated with the EVI  (cont.)               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The value of "n" is 0x0A, 0x0B, 0x0C, or 0x0D, corresponding to EVI-
   RT types 0, 1, 2, or 3, respectively.

9.6.  Rewriting of RT ECs and EVI-RT ECs by ASBRs

   There are certain situations in which an ES is attached to a set of
   PEs that are not all in the same AS, or not all operated by the same
   provider.  In this situation, the RT that corresponds to a particular
   EVI may be different in each AS.  If a route is propagated from AS1
   to AS2, an ASBR at the AS1/AS2 border may be configured with a policy
   that replaces the EVI RTs for AS1 with the corresponding EVI RTs for
   AS2.  This is known as RT-rewriting.

   If an ASBR is configured to perform RT-rewriting of the EVI RTs in
   EVPN routes, it MUST be configured to perform RT-rewriting of the
   corresponding EVI-RT extended communities in IGMP Join Synch and IGMP
   Leave Synch Routes.

9.7.  BGP Error Handling

   If a received BGP update contains Flags not in accordance with the
   IGMP/MLD version-X expectation, the PE MUST apply the "treat-as-
   withdraw" procedure per [RFC 7606].

   If a received BGP update is malformed such that BGP route keys cannot
   be extracted, then the BGP update MUST be considered invalid.  The
   receiving PE MUST apply the "session reset" procedure per [RFC 7606].

10.  IGMP Version 1 Membership Report

   This document does not provide any detail about IGMPv1 processing.
   Implementations are expected to only use IGMPv2 and above for IPv4
   and MLDv1 and above for IPv6.  IGMPv1 routes are considered invalid,
   and the PE MUST apply the "treat-as-withdraw" procedure per
   [RFC 7606].

11.  Security Considerations

   This document describes a means to efficiently operate IGMP and MLD
   on a subnet constructed across multiple PODs or DCs via an EVPN
   solution.  The security considerations for the operation of the
   underlying EVPN and BGP substrates are described in [RFC 7432], and
   specific multicast considerations are outlined in [RFC 6513] and
   [RFC 6514].  The EVPN and associated IGMP Proxy provides a single
   broadcast domain so the same security considerations of IGMPv2
   [RFC 2236], IGMPv3 [RFC 3376], MLD [RFC 2710], or MLDv2 [RFC 3810] apply.

12.  IANA Considerations

12.1.  EVPN Extended Community Sub-Types Registration

   IANA has allocated the following codepoints in the "EVPN Extended
   Community Sub-Types" subregistry under the "Border Gateway Protocol
   (BGP) Extended Communities" registry.

    +================+====================================+===========+
    | Sub-Type Value | Name                               | Reference |
    +================+====================================+===========+
    | 0x09           | Multicast Flags Extended Community | RFC 9251  |
    +----------------+------------------------------------+-----------+
    | 0x0A           | EVI-RT Type 0                      | RFC 9251  |
    +----------------+------------------------------------+-----------+
    | 0x0B           | EVI-RT Type 1                      | RFC 9251  |
    +----------------+------------------------------------+-----------+
    | 0x0C           | EVI-RT Type 2                      | RFC 9251  |
    +----------------+------------------------------------+-----------+
    | 0x0D           | EVI-RT Type 3                      | RFC 9251  |
    +----------------+------------------------------------+-----------+

           Table 1: EVPN Extended Community Sub-Types Subregistry
                            Allocated Codepoints

12.2.  EVPN Route Types Registration

   IANA has allocated the following EVPN route types in the "EVPN Route
   Types" subregistry.

   6 -  Selective Multicast Ethernet Tag Route

   7 -  Multicast Membership Report Synch Route

   8 -  Multicast Leave Synch Route

12.3.  Multicast Flags Extended Community Registry

   IANA has created and now maintains a new subregistry called
   "Multicast Flags Extended Community" under the "Border Gateway
   Protocol (BGP) Extended Communities" registry.  The registration
   procedure is First Come First Served [RFC 8126].  For the 16-bit Flags
   field, the bits are numbered 0-15, from high order to low order.  The
   registry was initialized as follows:

       +======+====================+===========+===================+
       | Bit  | Name               | Reference | Change Controller |
       +======+====================+===========+===================+
       | 0-13 | Unassigned         |           |                   |
       +------+--------------------+-----------+-------------------+
       | 14   | MLD Proxy Support  | RFC 9251  | IETF              |
       +------+--------------------+-----------+-------------------+
       | 15   | IGMP Proxy Support | RFC 9251  | IETF              |
       +------+--------------------+-----------+-------------------+

                Table 2: Multicast Flags Extended Community

13.  References

13.1.  Normative References

   [RFC 2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC 2119, March 1997,
              <https://www.rfc-editor.org/info/RFC 2119>.

   [RFC 2236]  Fenner, W., "Internet Group Management Protocol, Version
              2", RFC 2236, DOI 10.17487/RFC 2236, November 1997,
              <https://www.rfc-editor.org/info/RFC 2236>.

   [RFC 2710]  Deering, S., Fenner, W., and B. Haberman, "Multicast
              Listener Discovery (MLD) for IPv6", RFC 2710,
              DOI 10.17487/RFC 2710, October 1999,
              <https://www.rfc-editor.org/info/RFC 2710>.

   [RFC 3376]  Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A.
              Thyagarajan, "Internet Group Management Protocol, Version
              3", RFC 3376, DOI 10.17487/RFC 3376, October 2002,
              <https://www.rfc-editor.org/info/RFC 3376>.

   [RFC 3810]  Vida, R., Ed. and L. Costa, Ed., "Multicast Listener
              Discovery Version 2 (MLDv2) for IPv6", RFC 3810,
              DOI 10.17487/RFC 3810, June 2004,
              <https://www.rfc-editor.org/info/RFC 3810>.

   [RFC 4364]  Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
              Networks (VPNs)", RFC 4364, DOI 10.17487/RFC 4364, February
              2006, <https://www.rfc-editor.org/info/RFC 4364>.

   [RFC 4684]  Marques, P., Bonica, R., Fang, L., Martini, L., Raszuk,
              R., Patel, K., and J. Guichard, "Constrained Route
              Distribution for Border Gateway Protocol/MultiProtocol
              Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual
              Private Networks (VPNs)", RFC 4684, DOI 10.17487/RFC 4684,
              November 2006, <https://www.rfc-editor.org/info/RFC 4684>.

   [RFC 6513]  Rosen, E., Ed. and R. Aggarwal, Ed., "Multicast in MPLS/
              BGP IP VPNs", RFC 6513, DOI 10.17487/RFC 6513, February
              2012, <https://www.rfc-editor.org/info/RFC 6513>.

   [RFC 6514]  Aggarwal, R., Rosen, E., Morin, T., and Y. Rekhter, "BGP
              Encodings and Procedures for Multicast in MPLS/BGP IP
              VPNs", RFC 6514, DOI 10.17487/RFC 6514, February 2012,
              <https://www.rfc-editor.org/info/RFC 6514>.

   [RFC 6625]  Rosen, E., Ed., Rekhter, Y., Ed., Hendrickx, W., and R.
              Qiu, "Wildcards in Multicast VPN Auto-Discovery Routes",
              RFC 6625, DOI 10.17487/RFC 6625, May 2012,
              <https://www.rfc-editor.org/info/RFC 6625>.

   [RFC 7432]  Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
              Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
              Ethernet VPN", RFC 7432, DOI 10.17487/RFC 7432, February
              2015, <https://www.rfc-editor.org/info/RFC 7432>.

   [RFC 7606]  Chen, E., Ed., Scudder, J., Ed., Mohapatra, P., and K.
              Patel, "Revised Error Handling for BGP UPDATE Messages",
              RFC 7606, DOI 10.17487/RFC 7606, August 2015,
              <https://www.rfc-editor.org/info/RFC 7606>.

   [RFC 8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC 8174,
              May 2017, <https://www.rfc-editor.org/info/RFC 8174>.

13.2.  Informative References

   [EVPN-BUM] Zhang, Z., Lin, W., Rabadan, J., Patel, K., and A.
              Sajassi, "Updates on EVPN BUM Procedures", Work in
              Progress, Internet-Draft, draft-ietf-bess-evpn-bum-
              procedure-updates-14, 18 November 2021,
              <https://datatracker.ietf.org/doc/html/draft-ietf-bess-
              evpn-bum-procedure-updates-14>.

   [RFC 4541]  Christensen, M., Kimball, K., and F. Solensky,
              "Considerations for Internet Group Management Protocol
              (IGMP) and Multicast Listener Discovery (MLD) Snooping
              Switches", RFC 4541, DOI 10.17487/RFC 4541, May 2006,
              <https://www.rfc-editor.org/info/RFC 4541>.

   [RFC 8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC 8126, June 2017,
              <https://www.rfc-editor.org/info/RFC 8126>.

Acknowledgements

   The authors would like to thank Stephane Litkowski, Jorge Rabadan,
   Anoop Ghanwani, Jeffrey Haas, Krishna Muddenahally Ananthamurthy, and
   Swadesh Agrawal for their reviews and valuable comments.

Contributors

   Derek Yeung
   Arrcus
   Email: derek@arrcus.com


Authors' Addresses

   Ali Sajassi
   Cisco Systems
   821 Alder Drive
   Milpitas, CA 95035
   United States of America
   Email: sajassi@cisco.com


   Samir Thoria
   Cisco Systems
   821 Alder Drive
   Milpitas, CA 95035
   United States of America
   Email: sthoria@cisco.com


   Mankamana Mishra
   Cisco Systems
   821 Alder Drive
   Milpitas, CA 95035
   United States of America
   Email: mankamis@cisco.com


   Keyur Patel
   Arrcus
   United States of America
   Email: keyur@arrcus.com


   John Drake
   Juniper Networks
   Email: jdrake@juniper.net


   Wen Lin
   Juniper Networks
   Email: wlin@juniper.net



RFC TOTAL SIZE: 78148 bytes
PUBLICATION DATE: Wednesday, June 22nd, 2022
LEGAL RIGHTS: The IETF Trust (see BCP 78)      


RFC-ARCHIVE.ORG

© RFC 9251: The IETF Trust, Wednesday, June 22nd, 2022
© the RFC Archive, 2024, RFC-Archive.org
Maintainer: J. Tunnissen

Privacy Statement