Re: [mpls] Need your feedback on extending MPLS network to Cloud DC for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement

Gyan Mishra <hayabusagsm@gmail.com> Sat, 11 February 2023 19:01 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48EB4C15153F; Sat, 11 Feb 2023 11:01:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHxaRY9cgEGd; Sat, 11 Feb 2023 11:01:32 -0800 (PST)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E2CAC14F6EB; Sat, 11 Feb 2023 11:01:32 -0800 (PST)
Received: by mail-qt1-x832.google.com with SMTP id 5so9581170qtp.9; Sat, 11 Feb 2023 11:01:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=XUwe8+ZcKjqX0LorhfT8q0CmU8kovm0zdppsHpNeTW8=; b=XNKIuPkuIJbxOAwFIT7+aik6sM7VG66anrNCHRth8mQ8dB+1miSixMHYGlKtJPA93I gPJPOjgn+eCGwustDyN/bTKJHYoo7LPpUxTtvcAeoatEMxyF8fn36/yhdQIzACOl2cDY 2hTs79I/x1J8HLuW/vOyZFUsXd5xLEfghegroRs6DenxuCvZRCmA9Qpyakxhi/IIVep0 8LJcy4Ed1akYLO375ekGcEcJGHGcAq4rCWK2iQp/k5yTxKZCmw+nco/P42cle9EC74cN PGxpYXkRl+/8AR9+PHi/m4VRNOmrsdxumQOK5Sb2qCKd0sfui0sjzi9J+6sHB2yu9ayW J9WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XUwe8+ZcKjqX0LorhfT8q0CmU8kovm0zdppsHpNeTW8=; b=LT1QIYqL0U/Dm/pULGHeVdulSW0gfkQq+y6z9nO8OSVLFBOzhwWhbY4GJa/BjE/P1Z cBK504dEWA9EMZP63WHZ4BQlbVoKhaRxuSf6wy12Tn5BNmfRjadGOeourzU2gb0IjSM1 1GJgzU0goXPpDR3CaUMy+SgOmgTKYM0U8LUtRCgshrxzVSoQF46fW7Mc1+7jN5MNxwab RQLvrqCjfSHQYetPeXJ2ZW2p5uhm63aePOml0dOG/+ghdjNZOffHEyps1JNB5MvwbOzJ cHkFD6h0C+Rcb0/O/yaIE161tTfbeUzBYr7nZZ3NRAAVWuhyprYYugG7+Icc5xWsdOdg g7qQ==
X-Gm-Message-State: AO0yUKX9GA2jA/Fa9fMitNL1BmqtR+WlvBTsBJC9wYOhzHb+kfA66LS2 cqQVqs0H35Q3o4/IqeXXUsc8Hze1VLr8edHDdLu9OSiy
X-Google-Smtp-Source: AK7set9miouZ5nklWvBgJE++NWWFxtwhoM75xpH/waU5E44STTHJnVlqgsoF98okpVFEKtOcOMF7RStpY4ehfRrpEm0=
X-Received: by 2002:a05:622a:296:b0:3b8:6781:50ac with SMTP id z22-20020a05622a029600b003b8678150acmr2900362qtw.140.1676142091404; Sat, 11 Feb 2023 11:01:31 -0800 (PST)
MIME-Version: 1.0
References: <CO1PR13MB49205414F4D43B26111F3FAC85CE9@CO1PR13MB4920.namprd13.prod.outlook.com> <PH0PR13MB492204BF215F2E094961726685D39@PH0PR13MB4922.namprd13.prod.outlook.com> <PH0PR13MB4922F952433503182C7715C685D39@PH0PR13MB4922.namprd13.prod.outlook.com> <CO1PR13MB492053DEA56658E3A1C4849C85DA9@CO1PR13MB4920.namprd13.prod.outlook.com>
In-Reply-To: <CO1PR13MB492053DEA56658E3A1C4849C85DA9@CO1PR13MB4920.namprd13.prod.outlook.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Sat, 11 Feb 2023 14:01:20 -0500
Message-ID: <CABNhwV3WMWbtPwfvNk3ept2DvR5nddKcnQ_2nGgZ6-eiiioc_w@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@futurewei.com>
Cc: "mpls@ietf.org" <mpls@ietf.org>, "rtgwg@ietf.org" <rtgwg@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f38b3b05f4713d18"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mpls/7E3bsVVHEPxHMgyvxmoWl4n9TG0>
Subject: Re: [mpls] Need your feedback on extending MPLS network to Cloud DC for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Feb 2023 19:01:36 -0000

Hi Linda

My experience with telco cloud to Hyperscaler IT cloud via CXP COLO
exchange point to CSPs such as AWS, GCP, Azure, OCP etc, the CXPs have
direct access to all the local CSPs within close proximity to the public
cloud DC.  When creating the CSP VPC account and provisioning of the VPC,
the VPCs for the account are provisioned in availability zones xyz within
that local CSP POP.  So the VPCs are local to that CSP and not spread
across other DC availability zones within other CSP  DC across their
backbone AFAIK.

So I don’t think you would run into the problem described in the above case.

I think in provisioning the VPCs if you have a single regional attachment
via CXP COLO  to the CSP, then you may want to spread the VPCs across all
the CSP DC within the CSP internal network.  So maybe in this case you may
need to attach the meta data for the Geo location information for optimal
routing.

I think this may have been an issue prior to CXP COLOs becoming popular for
multi cloud hybrid cloud for telco’s which gives you the proximity routing
directly to all the multi cloud CSP POPs.

However if you have multiple region based  connections via CXP to CSP then
you can keep the VPCs and advertisements local within the CSP POPs local DC
set availability zone.  Don’t have to rely on the Geo metadata.

Kind Regards

Gyan

On Sun, Feb 5, 2023 at 10:51 PM Linda Dunbar <linda.dunbar@futurewei.com>
wrote:

>
>
> MPLS experts:
>
>
>
> Section 4.3 of
> https://datatracker.ietf.org/doc/draft-ietf-rtgwg-net2cloud-problem-statement/
>  describes the behavior of extending MPLS based VPNs to Hybrid Cloud DCs
> for enterprises’ workloads hosted in Cloud DCs.
>
>
>
> We really appreciate your feedback on this description.
>
>
>
>
> 4.3.  Extending MPLS-based VPNs to Hybrid Cloud DCs
>
> Traditional MPLS-based VPNs have been widely deployed as an effective way
> to support businesses and organizations that require network performance
> and reliability. MPLS shifted the burden of managing a VPN service from
> enterprises to service providers. The CPEs attached to MPLS VPNs are
> simpler and less expensive because they do not need to manage routes to
> remote sites; they pass all outbound traffic to the MPLS VPN PEs to which
> the CPEs are attached (albeit multi-homing scenarios require more
> processing logic on CPEs).  MPLS has addressed the problems of scale,
> availability, and fast recovery from network faults, and incorporated
> traffic-engineering capabilities.
>
> However, traditional MPLS-based VPN solutions are sub-optimized for
> dynamically connecting to workloads/applications in cloud DCs. The Provider
> Edge (PE) nodes of the enterprise’s VPNs might not have direct connections
> to the third-party cloud DCs used by the enterprise to provide easy access
> to its end users. When the user base changes, the enterprise’s
> workloads/applications may be migrated to a new cloud DC location closest
> to the new user base. The existing MPLS VPN provider might not have PEs at
> the new location. Deploying PEs routers at new locations is not trivial,
> which defeats one of the benefits of Clouds’ geographically diverse
> locations allowing workloads to be as close to their end-users as possible.
>
> To mitigate those problems, IPsec tunnels can be used to dynamically
> connecting MPLS PEs with the desired Cloud DCs. As MPLS VPN provide more
> secure and higher quality services, it is desirable to locate the PEs with
> the least cost (including routing distance and capacity cost) for the
> dynamic IPsec tunnels to the Cloud DC GW.
>
> An enterprise can connect to multiple Cloud DC locations and establish
> different BGP peers with Cloud GW routers at different locations. As
> multiple Cloud DCs are interconnected by the Cloud provider's own internal
> network, the Cloud GW BGP session might advertise all of the prefixes of
> the enterprise's VPC, regardless of which Cloud DC a given prefix is
> actually in. This can result in inefficient routing for the end-to-end data
> path. To get around this problem, virtual routers in Cloud DCs can be used
> to attach metadata (e.g., GENEVE header or IPv6 optional header) to
> indicate Geo-location of the Cloud DCs.
>
>
>
> -------------------------------------
>
> Thank you very much
>
> Linda Dunbar
>
>
> _______________________________________________
> rtgwg mailing list
> rtgwg@ietf.org
> https://www.ietf.org/mailman/listinfo/rtgwg
>
-- 

<http://www.verizon.com/>

*Gyan Mishra*

*Network Solutions A**rchitect *

*Email gyan.s.mishra@verizon.com <gyan.s.mishra@verizon.com>*



*M 301 502-1347*