Re: VPN4DC Scope
Derick Winkworth <ccie15672@yahoo.com> Tue, 08 November 2011 02:12 UTC
Return-Path: <ccie15672@yahoo.com>
X-Original-To: l3vpn@ietfa.amsl.com
Delivered-To: l3vpn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAD471F0C52 for <l3vpn@ietfa.amsl.com>; Mon, 7 Nov 2011 18:12:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.326
X-Spam-Level:
X-Spam-Status: No, score=0.326 tagged_above=-999 required=5 tests=[AWL=-0.135, BAYES_20=-0.74, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, J_CHICKENPOX_32=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IUKbpCuijkOY for <l3vpn@ietfa.amsl.com>; Mon, 7 Nov 2011 18:12:27 -0800 (PST)
Received: from nm17.bullet.mail.bf1.yahoo.com (nm17.bullet.mail.bf1.yahoo.com [98.139.212.176]) by ietfa.amsl.com (Postfix) with SMTP id 4BB8C1F0C54 for <l3vpn@ietf.org>; Mon, 7 Nov 2011 18:12:24 -0800 (PST)
Received: from [98.139.212.145] by nm17.bullet.mail.bf1.yahoo.com with NNFMP; 08 Nov 2011 02:12:21 -0000
Received: from [98.139.212.244] by tm2.bullet.mail.bf1.yahoo.com with NNFMP; 08 Nov 2011 02:12:21 -0000
Received: from [127.0.0.1] by omp1053.mail.bf1.yahoo.com with NNFMP; 08 Nov 2011 02:12:21 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 177878.84415.bm@omp1053.mail.bf1.yahoo.com
Received: (qmail 58173 invoked by uid 60001); 8 Nov 2011 02:12:21 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1320718341; bh=V9WGOov1N0XpD+tDNpTxOfPpBtLDWnfBmpeYDky5YiI=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=hY6ZXMPcLVDRtdA6GrQUkscsJVDK/BwMWneebPo2Azu9cDT+xB0+TvdaGh3kweNkf3sgLol3uU+5+3mCNEwGxqND3hUXGeabf0lHmJZuY//JJs7GPeOpo51oiIm3/PBYRKKCMMYat+DFGHf0V3TfvlEoibH7cMUgN60215Y3/10=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ktD5ddg0kAbJJ8RrRc7ZhJ+5BSkGo/Q9QMtdv30D95VSHTA4ql2ZwYPJ0VyB05OZRUw9X69xSvCeVTenWvN2FJrqW4glrxASfGWqwCIXgOfmYzkPz196vL6SJ0amjlZ5IdvmT5GTRzqCEvKrh7Hz/JOhCng9R/RnelGk4C3X5JE=;
X-YMail-OSG: v1u4GwQVM1mti_8nPoBrh3umFR2It6q29nwhj1pIk1eBLe9 zI0_4nsOo3F01bCQp8J5.arPhGCQe4ZXdPrbohsxP1.hVumul9cq1S21uM8K iBv90K0k0B6AIfXFDzjLQsqAaXFTtJXEtaokCBvhCo.qhG2jaziPgshAUtUU z4XPcjQC5fPsJxYx5qBnaY4VeE5DpKd17CpiquSXUr_mBHZ2PDD97NpfbEvq t66he7AK9P3Gy7GnNRRDtQ1Hs0goV8fObp67uWton7ryGSqS2IPGa_X8VJVx RWyxihVQYnbqO5Xda1AG5WAUVFIHfJqUX1Z370sGIe4yv1XTsSStZ2oTYe4o PziUY3l2p_SuxYNPKJ0VNIX1C1aNcOjgrcyUF7PYb9afzGg7DQ5BWsGWpV0i BjajOiXlzpZnBd3AV3UDXXA2sAv0X9QA0RJpsqQ.OgEqK3OWdV49b76fbyed sPWiNFXZJvFdFIxmWLCpUoCgKY1dNuzA-
Received: from [76.194.43.66] by web161801.mail.bf1.yahoo.com via HTTP; Mon, 07 Nov 2011 18:12:21 PST
X-Mailer: YahooMailWebService/0.8.114.317681
References: <238542D917511A45B6B8AA806E875E25073CAAF1@XMB-RCD-201.cisco.com> <2691CE0099834E4A9C5044EEC662BB9D118DE89B@dfweml506-mbx> <1320625150.80915.YahooMailNeo@web161802.mail.bf1.yahoo.com> <2691CE0099834E4A9C5044EEC662BB9D118DEAD0@dfweml506-mbx>
Message-ID: <1320718341.28927.YahooMailNeo@web161801.mail.bf1.yahoo.com>
Date: Mon, 07 Nov 2011 18:12:21 -0800
From: Derick Winkworth <ccie15672@yahoo.com>
Subject: Re: VPN4DC Scope
To: "l3vpn@ietf.org" <l3vpn@ietf.org>
In-Reply-To: <2691CE0099834E4A9C5044EEC662BB9D118DEAD0@dfweml506-mbx>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1882999342-394671999-1320718341=:28927"
X-BeenThere: l3vpn@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Derick Winkworth <ccie15672@yahoo.com>
List-Id: <l3vpn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/l3vpn>
List-Post: <mailto:l3vpn@ietf.org>
List-Help: <mailto:l3vpn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/l3vpn>, <mailto:l3vpn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2011 02:12:29 -0000
Lucy: ---------- In VDCS, some DCs are owned by customer and some by DC provider DC. It is not practical to require customer private datacenter to implement L2/L3VPN for getting a VDCS service. ----------- The customer is not required to manage their own MPLS network (i.e., label-switching 'P' nodes and 'PE' nodes). However, in the scenario we are proposing the customer would be using an L3VPN service provided by an SP such as Verizon or twTelecom (i.e., the customer has CE devices in their locations connecting to service-provider's PE devices over a circuit). Derick ________________________________ From: Lucy yong <lucy.yong@huawei.com> To: Derick Winkworth <ccie15672@yahoo.com>; Luyuan Fang (lufang) <lufang@cisco.com>; "l3vpn@ietf.org" <l3vpn@ietf.org> Sent: Monday, November 7, 2011 10:04 AM Subject: RE: VPN4DC Scope Derick and Luyuan, The newer draft has one requirement for extending VPNs into datacenter networks with L2/L3VPN, and a large portion of requirements for using VPN gateway for VPN extension into datacenter. We should include VPN gateway case in the scope too. In VDCS, some DCs are owned by customer and some by DC provider DC. It is not practical to require customer private datacenter to implement L2/L3VPN for getting a VDCS service. Thanks, Lucy From:Derick Winkworth [mailto:ccie15672@yahoo.com] Sent: Sunday, November 06, 2011 6:19 PM To: Lucy yong; Luyuan Fang (lufang); l3vpn@ietf.org Subject: Re: VPN4DC Scope Lucy: That draft is older, try: http://tools.ietf.org/html/draft-so-vdcs-02 Derick ________________________________ From:Lucy yong <lucy.yong@huawei.com> To: Luyuan Fang (lufang) <lufang@cisco.com>; "l3vpn@ietf.org" <l3vpn@ietf.org> Sent: Sunday, November 6, 2011 12:45 PM Subject: RE: VPN4DC Scope Luyuan, I don’t think this matches VPN4DC objective and requirements. (draft-so-vpn4dc) The draft objective is to enhance network service provider L3VPN services for Enterprise DCs and Provider DC interconnection. Enterprise can use virtual resources in Provider DC as if the resources are in its own datacenter and run Enterprise intranet applications. It does not constraint any architecture in Enterprise DC and Provider DC. The in-band signaling capability for host joining a L3VPN in a service provider network does not mean the DC that host resides need to implement L3VPN. The proposals you put here aims on extending L3VPN technologies into DC or DC VM virtual networks. Will this be network service providers’ requirement or DC providers’ requirement? I don’t see such requirement anywhere. Today, Enterprise DC rarely implement L3VPN as well as DC provider. For getting some virtual resources in Provider DC, why does Enterprise need to change their DC architecture? Do I miss something? I agree that DC VPN or DC VM virtual network are potential subject to work on, but this is not what VPN4DC target for. Are we changing the direction? Regards, Lucy From:l3vpn-bounces@ietf.org [mailto:l3vpn-bounces@ietf.org] On Behalf Of Luyuan Fang (lufang) Sent: Saturday, November 05, 2011 1:25 AM To: l3vpn@ietf.org Subject: VPN4DC Scope Dear colleagues, Thank you all for the constructive discussion/suggestions over the last few weeks on VPN4DC. I think we observed good interests/enthusiasm on solving the problems in this space. We need to narrow down the scope as the next step. I summarized the proposals sent on the list as the following: 1. Leverage BGP/MPLS VPN technologies, extending it with l3vpn signaling protocols into DC VM virtual networks. 2. Using BGP/MPLS VPN exactly ‘as it is’ into DC VM virtual networks 3. Extending/creating any IP VPN technologies into DC 4. Extending/creating or reuse/managing security protocols for DC connections, including encryption, key distribution, key management 5. Extending/creating or reuse L2VPN based technologies into DC Some of you prefer to focus on one of the options, while others like to include multiple options. Here is my observation and thought. 1 – It seems a common denominator. Did not hear no on this. It is exactly the problem Derick wanting to solve, it is Ning’s starting point, and it is included in the requirements drafts. 2 – It does not need to create or extend protocols, should go to Operation and Management Area for any ops issues and best practice. 3 - The scope looks big to me, the list is potentially very long. 4 - If new encryption algorithm, better key distribution mechanism are needed, the work should go to Security Area; if nothing new, ops issues go to Operation and Management Area. 5 - L2VPN for DC work should go to L2VPN WG, it is defined in L2VPN charter. Thanks, Luyuan
- VPN4DC Scope Luyuan Fang (lufang)
- RE: VPN4DC Scope Lucy yong
- Re: VPN4DC Scope Derick Winkworth
- RE: VPN4DC Scope Yudelei
- RE: VPN4DC Scope Lucy yong
- Re: VPN4DC Scope Pedro Marques
- RE: VPN4DC Scope Lucy yong
- Re: VPN4DC Scope Pedro Marques
- RE: RE: VPN4DC Scope So, Ning
- Re: VPN4DC Scope Robert Raszuk
- Re: VPN4DC Scope Derick Winkworth
- Re: VPN4DC Scope Derick Winkworth
- Re: VPN4DC Scope robert@raszuk.net
- Re: VPN4DC Scope robert@raszuk.net
- Re: VPN4DC Scope Derick Winkworth
- Re: VPN4DC Scope Ben Niven-Jenkins
- Re: VPN4DC Scope Robert Raszuk