IETF Logo Mail Archive

Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap

Shahram Davari <davari@broadcom.com> Mon, 17 March 2014 01:12 UTC

Return-Path: <davari@broadcom.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2701A033C for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:12:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPd6jhzxj8lo for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:12:52 -0700 (PDT)
Received: from mail-gw1-out.broadcom.com (mail-gw1-out.broadcom.com [216.31.210.62]) by ietfa.amsl.com (Postfix) with ESMTP id 900531A0339 for <nvo3@ietf.org>; Sun, 16 Mar 2014 18:12:52 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.97,666,1389772800"; d="scan'208";a="20035826"
Received: from irvexchcas07.broadcom.com (HELO IRVEXCHCAS07.corp.ad.broadcom.com) ([10.9.208.55]) by mail-gw1-out.broadcom.com with ESMTP; 16 Mar 2014 19:00:02 -0700
Received: from SJEXCHCAS03.corp.ad.broadcom.com (10.16.203.8) by IRVEXCHCAS07.corp.ad.broadcom.com (10.9.208.55) with Microsoft SMTP Server (TLS) id 14.3.174.1; Sun, 16 Mar 2014 18:12:44 -0700
Received: from SJEXCHMB12.corp.ad.broadcom.com ([fe80::bc15:c1e1:c29a:36f7]) by SJEXCHCAS03.corp.ad.broadcom.com ([::1]) with mapi id 14.03.0174.001; Sun, 16 Mar 2014 18:12:44 -0700
From: Shahram Davari <davari@broadcom.com>
To: Tom Herbert <therbert@google.com>
Thread-Topic: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
Thread-Index: Ac88fq0JnPKTKSBTSHS+g+U+5AkGfgACXT9AAS7J44AACaSHgAAAvPKAAAfspYAAABgkgAAC6HaAAAIo+wD//7muRA==
Date: Mon, 17 Mar 2014 01:12:43 +0000
Message-ID: <8063A2F3-A423-434B-AF27-63D77ABDC77E@broadcom.com>
References: <2691CE0099834E4A9C5044EEC662BB9D45354603@dfweml701-chm.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF632A2BAD1@eusaamb107.ericsson.se> <026b01cf4108$9e58b070$db0a1150$@riw.us> <F10451DB-7C6E-4ED1-ABC0-37E8B3CD80FD@gmail.com> <5C5D3148-261D-4428-AC6B-AAAD4436D048@lucidvision.com> <E6C17D2345AC7A45B7D054D407AA205C39241E6A@eusaamb105.ericsson.se> <FA034207-A9BB-40BB-B052-6CBDAD8D8809@gmail.com> <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>, <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
In-Reply-To: <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/C0YKoMKhi2sL1SMPl5AE4lUqvEY
Cc: Thomas D Nadeau <tnadeau@lucidvision.com>, David Allan I <david.i.allan@ericsson.com>, "<draft-gross-geneve@tools.ietf.org>" <draft-gross-geneve@tools.ietf.org>, "<nvo3@ietf.org>" <nvo3@ietf.org>, Lucy yong <lucy.yong@huawei.com>, Russ White <russw@riw.us>, Dino Farinacci <farinacci@gmail.com>, Eric Gray <eric.gray@ericsson.com>
Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 01:12:55 -0000

Tom

There are 2 drafts that propose changes to VXLAN and NVGRE. Is there any requirements that is not addressed by those drafts? 

Regards,
Shahram


> On Mar 16, 2014, at 3:24 PM, "Tom Herbert" <therbert@google.com> wrote:
> 
> On Sun, Mar 16, 2014 at 2:22 PM, Thomas D Nadeau
> <tnadeau@lucidvision.com> wrote:
>> that's kind of what you and russ were saying (and I agreeing): iteration, evolution and refinement have often proven better than revolution.
> Iteration, evolution, and refinement are key and in fact this is
> precisely a core rationale in GUE and geneve. We need the ability to
> scale and adapt the data center to changing needs and threats, this is
> the requirement. This translates into a requirement for extensible
> protocols that we can modify and evolve as needed and in short
> turnaround time.
> 
> The example that I give in security: what if next week the latest
> Snowden revelations expose some security hole in our data center-- if
> this hole can be addressed by adding a token to my packets, then I
> want to guarantee I retain the capability to do this. It's not
> acceptable that I'd have to go back to standards to change this, and
> neither is swapping out new hardware just because I extended a
> protocol.
> 
> I agree that modifying existing protocols would be the best direction
> but that is going to require a real proposal which we can measure
> against (no one has suggested a reasonable alternative). In lieu of
> modifying an existing protocol, developing a a new one based on known
> techniques and mechanisms is prudent.
> 
> Tom
> 
>> Tom
>> 
>> 
>>> On Mar 16, 2014, at 15:59, Dino Farinacci <farinacci@gmail.com> wrote:
>>> 
>>> Maybe the power struggle should not focus so much on WHAT is delivered but HOW it is developed and delivered.
>>> 
>>> A thought offered to me recently from a close friend.
>>> 
>>> Dino
>>> 
>>>> On Mar 16, 2014, at 12:56 PM, David Allan I <david.i.allan@ericsson.com> wrote:
>>>> 
>>>> The actual examples cited are artifacts of an industry power structure that may not apply in this case, as far as past performance predicting future outcomes....
>>>> 
>>>> D
>>>> 
>>>> -----Original Message-----
>>>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Thomas D Nadeau
>>>> Sent: Sunday, March 16, 2014 9:10 AM
>>>> To: Dino Farinacci
>>>> Cc: Russ White; <draft-gross-geneve@tools.ietf.org>; <nvo3@ietf.org>; Lucy yong; Eric Gray
>>>> Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
>>>> 
>>>> This road is littered with many examples in recent history of new alternatives presenting the dream of "a new encap/protocol will fix everything" such as crldp, PBT and PBB-TE. let's not make this mistake if we can help it...
>>>> 
>>>> Tom
>>>> 
>>>> 
>>>>> On Mar 16, 2014, at 11:48, Dino Farinacci <farinacci@gmail.com> wrote:
>>>>> 
>>>>> Decades of experience tells us what Russ says below. Those who choose to ignore are bound to repeat ...
>>>>> 
>>>>> Dino
>>>>> 
>>>>>> On Mar 16, 2014, at 4:12 AM, "Russ White" <russw@riw.us> wrote:
>>>>>> 
>>>>>> 
>>>>>>> 3) create a new encapsulation that meets requirements - and find out
>>>>>>> that the
>>>>>>> industry doesn't entirely switch over to the new (read untried
>>>>>>> and
>>>>>> possibly
>>>>>>> immature) encapsulation, existing deployed alternatives are
>>>>>> documented
>>>>>>> in
>>>>>>> some (possibly non-standard) way and we incur the costs
>>>>>>> associated
>>>>>> with
>>>>>>> living with three alternatives additional encapsulations until
>>>>>>> such
>>>>>> time (if
>>>>>>> ever)
>>>>>>> when the DCN industry settles on fewer (possibly as few as one)
>>>>>> choices,
>>>>>>> and
>>>>>>> we move on.
>>>>>> 
>>>>>> This is, in fact, the most likely result... Vendors would need to
>>>>>> remove support for the old encaps over time, which isn't going to
>>>>>> happen so long as someone is actually using them, which means support
>>>>>> will still be in code, which means new people will start using them, which means...
>>>>>> 
>>>>>> There is also a cost in security when it comes to defining new encap
>>>>>> types we often don't consider -- it's one more tunnel type that needs
>>>>>> to be accounted for by middle boxes, network hardening routines, etc.
>>>>>> For every new encap we create, we also create a lot of work in the
>>>>>> security world in tracking vulnerabilities, understanding the semantics of the protocol, etc.
>>>>>> 
>>>>>> The right answer, IMHO, is to modify, rather than creating a new encap.
>>>>>> 
>>>>>> :-)
>>>>>> 
>>>>>> Russ
>>>>>> 
>>>>>> _______________________________________________
>>>>>> nvo3 mailing list
>>>>>> nvo3@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/nvo3
>>>>> 
>>>>> _______________________________________________
>>>>> nvo3 mailing list
>>>>> nvo3@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/nvo3
>>>> 
>>>> _______________________________________________
>>>> nvo3 mailing list
>>>> nvo3@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/nvo3
>> 
>> _______________________________________________
>> nvo3 mailing list
>> nvo3@ietf.org
>> https://www.ietf.org/mailman/listinfo/nvo3
> 
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email