IETF Logo Mail Archive

Re: [dc] draft-khasnabish-vmmi-problems-00.txt

"Ashish Dalela (adalela)" <adalela@cisco.com> Fri, 20 January 2012 04:26 UTC

Return-Path: <adalela@cisco.com>
X-Original-To: dc@ietfa.amsl.com
Delivered-To: dc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2A2921F8525 for <dc@ietfa.amsl.com>; Thu, 19 Jan 2012 20:26:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Level:
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0giJ70GlUEI for <dc@ietfa.amsl.com>; Thu, 19 Jan 2012 20:26:19 -0800 (PST)
Received: from bgl-iport-1.cisco.com (bgl-iport-1.cisco.com [72.163.197.25]) by ietfa.amsl.com (Postfix) with ESMTP id C8D7D21F853F for <dc@ietf.org>; Thu, 19 Jan 2012 20:26:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=adalela@cisco.com; l=3735; q=dns/txt; s=iport; t=1327033579; x=1328243179; h=mime-version:content-transfer-encoding:subject:date: message-id:in-reply-to:references:from:to; bh=oCVwqNztC7C9oRHvMA83C7p1LU0xx7pYRvR8GZAFJ1E=; b=TSE0izY1KKA2LifiBOSm80uPvhfhR0WU7SUXlybqpDWFZm2ikpls60DL KZHey6Iiasujlv87ZRwdnFvrEZNH9sJpLba8UbCt1E5o+gamm1ehKhy1O zOFY34izqNKzoKHrXGfVUiwsANnQTqpGRcoC4Wi7jHS4aIRjqFKII7ShT M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqAEAIfrGE9Io8UY/2dsb2JhbABDrHuCA4FyAQEBAwEBAQEPAR0KNBcEAgEIEQQBAQEKBhcBBgEmHwkIAQEEAQoICBqHWgiaQQGePgSJNzYBBVABBAcBCwECAQEIAQEBA0kKSoFoVxYBAQECgkdjBIg5nzA
X-IronPort-AV: E=Sophos;i="4.71,539,1320624000"; d="scan'208";a="3802289"
Received: from vla196-nat.cisco.com (HELO bgl-core-2.cisco.com) ([72.163.197.24]) by bgl-iport-1.cisco.com with ESMTP; 20 Jan 2012 04:26:17 +0000
Received: from xbh-bgl-411.cisco.com (xbh-bgl-411.cisco.com [72.163.129.201]) by bgl-core-2.cisco.com (8.14.3/8.14.3) with ESMTP id q0K4QHbs014268; Fri, 20 Jan 2012 04:26:17 GMT
Received: from xmb-bgl-416.cisco.com ([72.163.129.212]) by xbh-bgl-411.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 20 Jan 2012 09:56:17 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 20 Jan 2012 09:56:15 +0530
Message-ID: <618BE8B40039924EB9AED233D4A09C5102CB2330@XMB-BGL-416.cisco.com>
In-Reply-To: <4F18CE61.6030002@gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dc] draft-khasnabish-vmmi-problems-00.txt
Thread-Index: AczXGXuf66KXNblyQxmY8Rn5XCnJLwAD+9yQ
References: <CAH==cJxfmae0u0bSF4cn_haLgY1T-vnw2102PApzYtj5Aty=GQ@mail.gmail.com><CANtnpwhFJ746ooi9GUCxfBqsOXu14hDka0D9inhh5pPq3U_ZTA@mail.gmail.com><201201171540.q0HFeNan008591@cichlid.raleigh.ibm.com><CANtnpwjexDPazOXLYHHjn3+JDi-o49Bv5ptDExAZHAA8Ra2m-A@mail.gmail.com><201201191419.q0JEJTLF010649@cichlid.raleigh.ibm.com> <1326989277.2513.4.camel@ecliptic.extremenetworks.com> <618BE8B40039924EB9AED233D4A09C5102CB2291@XMB-BGL-416.cisco.com><406B8B5D-E1E5-4DF4-8DE2-D7D2A699430A@asgaard.org> <4F18CE61.6030002@gmail.com>
From: "Ashish Dalela (adalela)" <adalela@cisco.com>
To: Melinda Shore <melinda.shore@gmail.com>, dc@ietf.org
X-OriginalArrivalTime: 20 Jan 2012 04:26:17.0344 (UTC) FILETIME=[A711F800:01CCD72B]
Subject: Re: [dc] draft-khasnabish-vmmi-problems-00.txt
X-BeenThere: dc@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF Data Center Mailing List <dc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dc>, <mailto:dc-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dc>
List-Post: <mailto:dc@ietf.org>
List-Help: <mailto:dc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dc>, <mailto:dc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jan 2012 04:26:20 -0000

>> I'm similarly unclear on what these distinctions actually are.  It
>> seems to me that in either case (network vs. "hypervisor") we're
really
>> talking about tunnel endpoints.  Can someone state clearly what
>> the difference is in practice?

Tunnel endpoint creation needs a control plane (you don't to be
configuring tunnel end-points manually).

What kind of control plane would you run in the hypervisor? Network type
of control plane that has link-state or distance vector association? Or,
something that interacts with a management controller? People will
prefer the management type of interaction, as you can't have every
hypervisor interact with the network control plane, because it will
inject too many network devices, and break the control plane scale
problem.

As an example, a L2 over L3 needs to map a VLAN to a multicast group.
How do you know which multicast group is available? If the multicast
group creation is happening across many hypervisors, how do these
hypervisors coordinate the multicast group publishing between them? They
have to run PIM?

And, what do you do when a VM talks to a physical server (that doesn't
have a hypervisor). Terminate the encapsulation in the network access?
If yes, how does the network access know which encapsulation to
terminate, and which ones not to terminate? That needs an additional
control plane between a hypervisor to the network that says - "I'm a
hypervisor and I have decided to do XYZ type of encapsulation within
myself, but host targets PQR are unaware of this scheme, and I need you
to do the needful on my behalf". This additional control plane has to
now propagate to the other endpoint.

Then there are issues about QoS, Bandwidth, Security etc. E.g. VM-One
and VM-Two belong to different tenants, but sit on the same hypervisor.
VM-One and VM-Two have different QoS, Bandwidth needs, but they have the
same tunnel. How do I distinguish between them based on the tunnel? In
fact, if the tenant isolation is in the hypervisor, then the underlying
network has no clue which tenant needs what policy. 

So, in short, yes they are both tunnel endpoints. But, when you start to
worry about the control plane needed to automate these tunnels, there
are many differences between network and hypervisor approaches.

Thanks, Ashish


-----Original Message-----
From: dc-bounces@ietf.org [mailto:dc-bounces@ietf.org] On Behalf Of
Melinda Shore
Sent: Friday, January 20, 2012 7:46 AM
To: dc@ietf.org
Subject: Re: [dc] draft-khasnabish-vmmi-problems-00.txt

On 01/19/2012 05:11 PM, Christopher LILJENSTOLPE wrote:
> 	I agree with some subset of L2-in-L2, L2-in-L3, and L3-in-L3
encaps.
 > I'm not sure what we mean by network vs hypervisor based encaps.  Do
 > we really want to have a different encap depending on where it's
 > originated or terminated?  Anyone see problems with this if one end
 > of the connection is an appliance (and connected to, say a switch)
 > and one end that's a hypervisor guest?  When folks were asking for a
 > small subset (where small is 1<=n<=3 maybe) I didn't think that they
 > were saying that this was a set of two, one for hypervisors, and one
 > for "network elements" what ever that might mean (I would tend to
 > view a hypervisor switch as an element in the network)

I'm similarly unclear on what these distinctions actually are.  It
seems to me that in either case (network vs. "hypervisor") we're really
talking about tunnel endpoints.  Can someone state clearly what
the difference is in practice?

Thanks,

Melinda
_______________________________________________
dc mailing list
dc@ietf.org
https://www.ietf.org/mailman/listinfo/dc

v2.23.0 | Report a Bug | By Email