Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
Tom Herbert <therbert@google.com> Mon, 17 March 2014 01:51 UTC
Return-Path: <therbert@google.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15D331A033F for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:51:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.925
X-Spam-Level:
X-Spam-Status: No, score=-1.925 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7XauQpKiMFtV for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:51:55 -0700 (PDT)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8171A0356 for <nvo3@ietf.org>; Sun, 16 Mar 2014 18:51:54 -0700 (PDT)
Received: by mail-ig0-f181.google.com with SMTP id h18so4244326igc.2 for <nvo3@ietf.org>; Sun, 16 Mar 2014 18:51:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=e03lXOCaxtZXpSvseQoGKPVjE/GrwGeSRQp0YU+oR+c=; b=cgN0ROPhfRpondGZP225zPWFJYtKsAmth+i49GID9iLPQ2YvUY1CuXAJk8CRYpfkHQ Ytgir8OsThS+MK2EDEtzU2KcOTj6/6NmCdwOpUuih2VRL2W4LFahm+0Op2SliF+k8RN8 l+02h2dePw1DlutkpePjpVB//setRtczbS3cVgIWFRC++s9RY5uEHQT7iASBIB8BTLHT Oc8/d3LKbY+emb7tMrI0Q4hwX69yZ4/TATlxv3vmmx/bVXZvVVzu6XhX4cv21nlDED0J 9KvdGZjmKnQA/OMAbXfxyg+/ZBxqDMq9EEqPm6fNnRvbpjvSNuH4BjebQbgZvkUZEyaE 298Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=e03lXOCaxtZXpSvseQoGKPVjE/GrwGeSRQp0YU+oR+c=; b=TrVs8+b0rZAAa91zK1bGBv2/ZzAcWEsHcPfln0+9N4wRt1AanAfs9dGtPgB/5fdfO4 ZTxEfPJIGPu1TYwkcluX65THkutzsb8KbshfDjGm27Jf4pfWylEIgXaVmLVdfoaJ1V+k 1uRG2MUSsPtIs/HlMrnXE0fkWwmCix1dcBMBNN2qFgxW8Q4z1ghhAm0JT/2BiXwlnlBl Olb0lYYZospQ9OxgiYdK5e6r0ub06Lh4A8Vnr1WKuZZZ7HfasBTMK2N5D0othiDTcvtX k0fIu/Fu+FiY3NGQMOACydDFxhnITnS50JuIsQSuAPBtGYriA7q0v09rYqbmLaMhqfc9 //Qw==
X-Gm-Message-State: ALoCoQmoHqGcqpoDLKJ+swpGI01NImbuZ9eMEEowKPBUiqp0L49uCZSoPd2xQrL1l9axfSIo3Yt6TvFRQ+8vWAEtTeanUtenQIUX/9X+W3PI7HBagINJR0kfsxSSRI6dP7YA1IxhBTLrDaZ7HFImP2qjwy4vdDqt5MJVhY/J6VPBIN8AJR8EVCqr3fN0Y8vE9eH3meY9uTQU
MIME-Version: 1.0
X-Received: by 10.50.136.136 with SMTP id qa8mr9086113igb.48.1395021107030; Sun, 16 Mar 2014 18:51:47 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Sun, 16 Mar 2014 18:51:46 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Sun, 16 Mar 2014 18:51:46 -0700 (PDT)
In-Reply-To: <8063A2F3-A423-434B-AF27-63D77ABDC77E@broadcom.com>
References: <2691CE0099834E4A9C5044EEC662BB9D45354603@dfweml701-chm.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF632A2BAD1@eusaamb107.ericsson.se> <026b01cf4108$9e58b070$db0a1150$@riw.us> <F10451DB-7C6E-4ED1-ABC0-37E8B3CD80FD@gmail.com> <5C5D3148-261D-4428-AC6B-AAAD4436D048@lucidvision.com> <E6C17D2345AC7A45B7D054D407AA205C39241E6A@eusaamb105.ericsson.se> <FA034207-A9BB-40BB-B052-6CBDAD8D8809@gmail.com> <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com> <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com> <8063A2F3-A423-434B-AF27-63D77ABDC77E@broadcom.com>
Date: Sun, 16 Mar 2014 18:51:46 -0700
Message-ID: <CA+mtBx9qvsDkQWmiPnC6s4Yu-Xkcm83NtWHiNdjKsmz2NO5G+A@mail.gmail.com>
From: Tom Herbert <therbert@google.com>
To: Shahram Davari <davari@broadcom.com>
Content-Type: multipart/alternative; boundary="089e01536f8c8a095404f4c3a980"
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/1__PqU80oE81XWayR20HaKcLMXo
Cc: draft-gross-geneve@tools.ietf.org, David Allan I <david.i.allan@ericsson.com>, Thomas D Nadeau <tnadeau@lucidvision.com>, "<nvo3@ietf.org>" <nvo3@ietf.org>, Lucy yong <lucy.yong@huawei.com>, Russ White <russw@riw.us>, Dino Farinacci <farinacci@gmail.com>, Eric Gray <eric.gray@ericsson.com>
Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 01:51:58 -0000
On Mar 16, 2014 6:12 PM, "Shahram Davari" <davari@broadcom.com> wrote: > > Tom > > There are 2 drafts that propose changes to VXLAN and NVGRE. Is there any requirements that is not addressed by those drafts? > Which drafts are you referring to? > Regards, > Shahram > > > > On Mar 16, 2014, at 3:24 PM, "Tom Herbert" <therbert@google.com> wrote: > > > > On Sun, Mar 16, 2014 at 2:22 PM, Thomas D Nadeau > > <tnadeau@lucidvision.com> wrote: > >> that's kind of what you and russ were saying (and I agreeing): iteration, evolution and refinement have often proven better than revolution. > > Iteration, evolution, and refinement are key and in fact this is > > precisely a core rationale in GUE and geneve. We need the ability to > > scale and adapt the data center to changing needs and threats, this is > > the requirement. This translates into a requirement for extensible > > protocols that we can modify and evolve as needed and in short > > turnaround time. > > > > The example that I give in security: what if next week the latest > > Snowden revelations expose some security hole in our data center-- if > > this hole can be addressed by adding a token to my packets, then I > > want to guarantee I retain the capability to do this. It's not > > acceptable that I'd have to go back to standards to change this, and > > neither is swapping out new hardware just because I extended a > > protocol. > > > > I agree that modifying existing protocols would be the best direction > > but that is going to require a real proposal which we can measure > > against (no one has suggested a reasonable alternative). In lieu of > > modifying an existing protocol, developing a a new one based on known > > techniques and mechanisms is prudent. > > > > Tom > > > >> Tom > >> > >> > >>> On Mar 16, 2014, at 15:59, Dino Farinacci <farinacci@gmail.com> wrote: > >>> > >>> Maybe the power struggle should not focus so much on WHAT is delivered but HOW it is developed and delivered. > >>> > >>> A thought offered to me recently from a close friend. > >>> > >>> Dino > >>> > >>>> On Mar 16, 2014, at 12:56 PM, David Allan I < david.i.allan@ericsson.com> wrote: > >>>> > >>>> The actual examples cited are artifacts of an industry power structure that may not apply in this case, as far as past performance predicting future outcomes.... > >>>> > >>>> D > >>>> > >>>> -----Original Message----- > >>>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Thomas D Nadeau > >>>> Sent: Sunday, March 16, 2014 9:10 AM > >>>> To: Dino Farinacci > >>>> Cc: Russ White; <draft-gross-geneve@tools.ietf.org>; <nvo3@ietf.org>; Lucy yong; Eric Gray > >>>> Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap > >>>> > >>>> This road is littered with many examples in recent history of new alternatives presenting the dream of "a new encap/protocol will fix everything" such as crldp, PBT and PBB-TE. let's not make this mistake if we can help it... > >>>> > >>>> Tom > >>>> > >>>> > >>>>> On Mar 16, 2014, at 11:48, Dino Farinacci <farinacci@gmail.com> wrote: > >>>>> > >>>>> Decades of experience tells us what Russ says below. Those who choose to ignore are bound to repeat ... > >>>>> > >>>>> Dino > >>>>> > >>>>>> On Mar 16, 2014, at 4:12 AM, "Russ White" <russw@riw.us> wrote: > >>>>>> > >>>>>> > >>>>>>> 3) create a new encapsulation that meets requirements - and find out > >>>>>>> that the > >>>>>>> industry doesn't entirely switch over to the new (read untried > >>>>>>> and > >>>>>> possibly > >>>>>>> immature) encapsulation, existing deployed alternatives are > >>>>>> documented > >>>>>>> in > >>>>>>> some (possibly non-standard) way and we incur the costs > >>>>>>> associated > >>>>>> with > >>>>>>> living with three alternatives additional encapsulations until > >>>>>>> such > >>>>>> time (if > >>>>>>> ever) > >>>>>>> when the DCN industry settles on fewer (possibly as few as one) > >>>>>> choices, > >>>>>>> and > >>>>>>> we move on. > >>>>>> > >>>>>> This is, in fact, the most likely result... Vendors would need to > >>>>>> remove support for the old encaps over time, which isn't going to > >>>>>> happen so long as someone is actually using them, which means support > >>>>>> will still be in code, which means new people will start using them, which means... > >>>>>> > >>>>>> There is also a cost in security when it comes to defining new encap > >>>>>> types we often don't consider -- it's one more tunnel type that needs > >>>>>> to be accounted for by middle boxes, network hardening routines, etc. > >>>>>> For every new encap we create, we also create a lot of work in the > >>>>>> security world in tracking vulnerabilities, understanding the semantics of the protocol, etc. > >>>>>> > >>>>>> The right answer, IMHO, is to modify, rather than creating a new encap. > >>>>>> > >>>>>> :-) > >>>>>> > >>>>>> Russ > >>>>>> > >>>>>> _______________________________________________ > >>>>>> nvo3 mailing list > >>>>>> nvo3@ietf.org > >>>>>> https://www.ietf.org/mailman/listinfo/nvo3 > >>>>> > >>>>> _______________________________________________ > >>>>> nvo3 mailing list > >>>>> nvo3@ietf.org > >>>>> https://www.ietf.org/mailman/listinfo/nvo3 > >>>> > >>>> _______________________________________________ > >>>> nvo3 mailing list > >>>> nvo3@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/nvo3 > >> > >> _______________________________________________ > >> nvo3 mailing list > >> nvo3@ietf.org > >> https://www.ietf.org/mailman/listinfo/nvo3 > > > > _______________________________________________ > > nvo3 mailing list > > nvo3@ietf.org > > https://www.ietf.org/mailman/listinfo/nvo3
- [nvo3] enhancing VXLAN/NVGRE vs creating an new e… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Sam Aldrin
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Eric Gray
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Russ White
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… David Allan I
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… AshwoodsmithPeter
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Zhou, Han
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Greg Mirsky