Re: [nvo3-dt-encap] [nvo3] Encap draft published by design team

Tom Herbert <tom@herbertland.com> Thu, 09 February 2017 20:35 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: nvo3-dt-encap@ietfa.amsl.com
Delivered-To: nvo3-dt-encap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 010F1129461 for <nvo3-dt-encap@ietfa.amsl.com>; Thu, 9 Feb 2017 12:35:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYV0aFtMJH_z for <nvo3-dt-encap@ietfa.amsl.com>; Thu, 9 Feb 2017 12:35:16 -0800 (PST)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9767129582 for <nvo3-dt-encap@ietf.org>; Thu, 9 Feb 2017 12:35:01 -0800 (PST)
Received: by mail-qt0-x229.google.com with SMTP id x49so15700989qtc.2 for <nvo3-dt-encap@ietf.org>; Thu, 09 Feb 2017 12:35:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Syet9OgBq9CoNYebbAn+7+pnGuIyv+0SAJ1gNQRe14A=; b=HcA0JdVZhPM5a3+7SGK7r595MR4VVCPfRd4YIQwcWUUvtOXJUtRor8dZjmE+5G478c 6l5LgB1Ljbncp1GVHS7BLOZTb4/lItaEsanAz1rKQF4QbQmJINLfDv88YhMhBl2MuY5H vBen9dYRnbnreJQEiJKl/DVtsZNf+pCgoAcpbtvw6Yrrq/Vw0PDqDN5WrES0+tXYAfTA XuEBlvTT5TsXusijO515g6q/1oUijlUNeQJ5oBI9NY/R3X6KSOxu+KXY7aeivm5i/Nns 5+GYExuM8uVv7l5mG/52DqMhf6xl0K1c/LJTTqVMbJfLroc7+riEOcuwyv0kM4d/Kww9 DzQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Syet9OgBq9CoNYebbAn+7+pnGuIyv+0SAJ1gNQRe14A=; b=nCNL8iWJ987t2QXR9j3qhchs/09my4VwvSJDdSCjgUhldum2+gSi4NPuOvFvJ3dV7N OADHGv52hr35iNnN4j7T5UnLfgE2tiqRAA006onK1DeHq5/wMwk9bBQ+Nv7dZyEr2wmc 2BP3BINfBBOJPp4Rr6twEvA6f5osuTMmVGmEgPovfeCDBZ2vDsF+gIqLA8KMHv4NRyOC eugSY6gnGiLQqfljvi5EA8RkFHCQyAFXYX7mYP6K31dI0JzgiYWpyA6RuaZijE0wOVAm yYWK/Y6X2YYmy9nRQRvJnGup8FOosptwd90/krtWCCb/fj7yABjuTpnT335iffXb/XdM ADOw==
X-Gm-Message-State: AMke39ljQrkvKqG+UtkEg8o/i9sCUqZ/X6gDpj46EWot7MF/Zhv0p1U/4um4LQeGhWuIzLC0G7ZpP6XQmg/L4g==
X-Received: by 10.200.46.162 with SMTP id h31mr4636247qta.164.1486672500958; Thu, 09 Feb 2017 12:35:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.43.227 with HTTP; Thu, 9 Feb 2017 12:35:00 -0800 (PST)
In-Reply-To: <CA+C0YO0yz4KBe=w+EXHVBA=XWErRAtTzdCNsca7h-BjJ2Bwdxg@mail.gmail.com>
References: <CA+C0YO0yz4KBe=w+EXHVBA=XWErRAtTzdCNsca7h-BjJ2Bwdxg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 9 Feb 2017 12:35:00 -0800
Message-ID: <CALx6S37AeS8QEtm1SJsFe9dAnEoCdPZodPJyr7jfYxxEnM040g@mail.gmail.com>
To: Sam Aldrin <aldrin.ietf@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/nvo3-dt-encap/ZpJf868K42e3ka9dPlt6C_XptAA>
Cc: "nvo3@ietf.org" <nvo3@ietf.org>, nvo3-chairs@ietf.org, nvo3-dt-encap@ietf.org
Subject: Re: [nvo3-dt-encap] [nvo3] Encap draft published by design team
X-BeenThere: nvo3-dt-encap@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Private mailing list for internal NVO3 Encapsulation Design Team discussions <nvo3-dt-encap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3-dt-encap>, <mailto:nvo3-dt-encap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nvo3-dt-encap/>
List-Post: <mailto:nvo3-dt-encap@ietf.org>
List-Help: <mailto:nvo3-dt-encap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3-dt-encap>, <mailto:nvo3-dt-encap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 20:35:18 -0000

On Thu, Feb 9, 2017 at 9:03 AM, Sam Aldrin <aldrin.ietf@gmail.com> wrote:
> Hello NVo3 WG,
>
> NVo3 Design Team for encap has put in quite a bit of effort to meet, discuss
> and hashout various requirements and issues and coming up with a draft on
> proposed encap. Thanks to all who have participated and made it possible.
>
> This document could be found at
> URL:
> https://www.ietf.org/internet-drafts/draft-dt-nvo3-encap-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-dt-nvo3-encap/
> Htmlized:       https://tools.ietf.org/html/draft-dt-nvo3-encap-00
>
> Kindly go through the document and review thoroughly and provide your
> comments.
> This will enable DT to close any issues or pending gaps.
>
The Security Considerations section needs content. First and foremost,
in a multi-tenant data center ensuring strict isolation between
different tenants traffic seems fundamental and the mechanisms for
doing that should be explicit in the description of an encapsulation.
Bear in mind that when we use UDP for encapsulation there is typically
nothing in a host to prevent an unprivileged application from spoofing
well formed nvo3 packets and sending them to arbitrary destinations
(this is harder to do with other protocols such as TCP or GRE). A
24-bit VNI is not sufficient to provide any guarantee of virtual
network isolation.

Tom

> cheers
> Sam & Matthew
>
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3
>