IETF Logo Mail Archive

Questions: WG Review: Network Virtualization Overlays (nvo3) - 23-Apr-2012 update

"Adrian Farrel" <adrian@olddog.co.uk> Tue, 24 April 2012 20:05 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BC7911E8088; Tue, 24 Apr 2012 13:05:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.492
X-Spam-Level:
X-Spam-Status: No, score=-2.492 tagged_above=-999 required=5 tests=[AWL=0.107, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bT6eE4gGurDF; Tue, 24 Apr 2012 13:05:01 -0700 (PDT)
Received: from asmtp2.iomartmail.com (asmtp2.iomartmail.com [62.128.201.249]) by ietfa.amsl.com (Postfix) with ESMTP id 253A411E808F; Tue, 24 Apr 2012 13:05:00 -0700 (PDT)
Received: from asmtp2.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id q3OK4v0F019279; Tue, 24 Apr 2012 21:04:57 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp2.iomartmail.com (8.13.8/8.13.8) with ESMTP id q3OK4ugE019273 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 24 Apr 2012 21:04:57 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: stbryant@cisco.com, nvo3@ietf.org
Subject: Questions: WG Review: Network Virtualization Overlays (nvo3) - 23-Apr-2012 update
Date: Tue, 24 Apr 2012 21:04:55 +0100
Message-ID: <03fe01cd2255$853351f0$8f99f5d0$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac0iVX5eOGV5tpicQcCsTd+gCTCZuQ==
Content-Language: en-gb
Cc: iesg@ietf.org, 'IETF Discussion' <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2012 20:05:02 -0000

Hi,

A couple of questions of some substance below.

> Support for multi-tenancy has become a core requirement of data centers
> (DCs), especially in the context of data centers supporting virtualized
> hosts known as virtual machines (VMs). Two key requirements needed
> to support multi-tenancy are traffic isolation, so that a tenant's
> traffic is not visible to any other tenant, and address independence,
> so that one tenant's addressing does not collide with other tenants
> addressing schemes or with addresses used within the data center itself.
> Another key requirement is to support the placement and migration of
> VMs anywhere within the data center, without being limited by DC
> network constraints such as the IP subnet boundaries of the
> underlying DC network.
> 
> An NVO3 solution (known here as a Data Center Virtual Private
> Network (DCVPN)) is a VPN that is viable across a scaling range of
> a few thousand VMs to several million VMs running on greater
> than 100K physical servers. It thus has good scaling properties
> from relatively small networks to networks with several million
> DCVPN endpoints and hundreds of thousands of DCVPNs within a
> single administrative domain.
> 
> Note that although this charter uses the term VM throughout, NVO3 must
> also support connectivity to traditional hosts e.g. hosts that do not
> have hypervisors.
> 
> NVO3 will consider approaches to multi-tenancy that reside at the
> network layer rather than using traditional isolation mechanisms

I know we have been dancing around this and there is a lot of paranoia. It is
clear that we mean that no IETF technology will be excluded from consideration a
priori. This may be sensitive because the PWE3 charter (which had to handle a
similar question) explicitly called out IP and MPLS. I can't think of a better
way of saying what the text says other than "network layer" but perhaps, for the
avoidance of doubt, Stewart could put an email in the archive that says "I
confirm that the phrase 'network layer' in the context of the NVO3 charter does
not exclude MPLS." Then (hopefully) we can all move along and do the real work
:-)

> that rely on the underlying layer 2 technology (e.g., VLANs).
> The NVO3 WG will determine which types of  service are needed by typical
> DC deployments (for example, IP and/or Ethernet).
> 
> NVO3 will document the problem statement, the applicability, and an
> architectural framework for DCVPNs within a data center
> environment. Within this framework, functional blocks will be defined to
> allow the dynamic attachment / detachment of VMs to their DCVPN,
> and the interconnection of elements of the DCVPNs over
> the underlying physical network. This will support the delivery
> of packets to the destination VM, and provide the network functions
> required for the migration of VMs within the network in a
> sub-second timeframe.

This has been discussed a bit, but I still can't believe that it won't cause
contention down the line. The term "migration" will mean different things to
different people and some will expect it to mean the picking up of one active
operational environment and its transportation to run in a different place. We
need to be clear whether we mean simply that the "re-registration" of a VM at a
different location and the associated "convergence" of the network is intended
to be sub-second, or whether it is the whole transportation of the VM.

I don't have an immediate suggestion for wording around this other than to say
that the bald word "migration" is not enough.

> Based on this framework, the NVO3 WG will develop requirements for both
> control plane protocol(s) and data plane encapsulation format(s), 

I find this rather clumsy and suggest:

Based on this framework, the NVO3 WG will develop requirements for control plane
protocols and data plane encapsulation formats, 

> and
> perform a gap analysis of existing candidate mechanisms. In addition
> to functional and architectural requirements, the NVO3 WG will develop
> management, operational, maintenance, troubleshooting, security and
> OAM protocol requirements.
> 
> The NVO3 WG will investigate the interconnection of the DCVPNs
> and their tenants with non-NVO3 IP network(s) to determine if
> any specific work is needed.

I can see how this might give rise to requirements and architectural work. I am
not clear what "determine if any specific work is needed" because that may
substantially depend on which solutions have been selected. Perhaps replacement
text...

The NVO3 WG will investigate the interconnection of the DCVPNs and their tenants
with non-NVO3 IP networks, and will document any additional requirements and
architectural functions.

> The NVO3 WG will write the following informational RFCs, which
> must be substantially complete before rechartering can be
> considered:

"substantially complete" is sufficiently subjective to risk a riot at some point
in the future!
Can we be more precise with some well-known process step such as WG last call or
publication request.
I do not believe that rechartering at that point would take more than a couple
of weeks, so it is not as though the WG will grind to a halt for a season.

>      Problem Statement
>      Framework document
>      Control plane requirements document
>      Data plane requirements document
>      Operational Requirements
>      Gap Analysis

I see how the three requirements documents have been arrived at from the text in
the previous paragraphs. Where does Security fit in? Is it distributed amongst
the three documents? If so, why were operational requirements not similarly
distributed?

> Driven by the requirements and consistent with the gap analysis,
> the NVO3 WG may request being rechartered to document solutions
> consisting of one or more data plane encapsulations and
> control plane protocols as applicable.  Any documented solutions
> will use existing IETF protocols if suitable. Otherwise,
> the NVO3 WG may propose the development of new IETF protocols,
> or the writing of an applicability statement for a non-IETF
> protocol.

s/a non-IETF protocol/non-IETF protocols/

[snip]

Thanks,
Adrian

v2.23.0 | Report a Bug | By Email