Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
Shahram Davari <davari@broadcom.com> Mon, 17 March 2014 01:12 UTC
Return-Path: <davari@broadcom.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC2701A033C for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:12:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dPd6jhzxj8lo for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 18:12:52 -0700 (PDT)
Received: from mail-gw1-out.broadcom.com (mail-gw1-out.broadcom.com [216.31.210.62]) by ietfa.amsl.com (Postfix) with ESMTP id 900531A0339 for <nvo3@ietf.org>; Sun, 16 Mar 2014 18:12:52 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.97,666,1389772800"; d="scan'208";a="20035826"
Received: from irvexchcas07.broadcom.com (HELO IRVEXCHCAS07.corp.ad.broadcom.com) ([10.9.208.55]) by mail-gw1-out.broadcom.com with ESMTP; 16 Mar 2014 19:00:02 -0700
Received: from SJEXCHCAS03.corp.ad.broadcom.com (10.16.203.8) by IRVEXCHCAS07.corp.ad.broadcom.com (10.9.208.55) with Microsoft SMTP Server (TLS) id 14.3.174.1; Sun, 16 Mar 2014 18:12:44 -0700
Received: from SJEXCHMB12.corp.ad.broadcom.com ([fe80::bc15:c1e1:c29a:36f7]) by SJEXCHCAS03.corp.ad.broadcom.com ([::1]) with mapi id 14.03.0174.001; Sun, 16 Mar 2014 18:12:44 -0700
From: Shahram Davari <davari@broadcom.com>
To: Tom Herbert <therbert@google.com>
Thread-Topic: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
Thread-Index: Ac88fq0JnPKTKSBTSHS+g+U+5AkGfgACXT9AAS7J44AACaSHgAAAvPKAAAfspYAAABgkgAAC6HaAAAIo+wD//7muRA==
Date: Mon, 17 Mar 2014 01:12:43 +0000
Message-ID: <8063A2F3-A423-434B-AF27-63D77ABDC77E@broadcom.com>
References: <2691CE0099834E4A9C5044EEC662BB9D45354603@dfweml701-chm.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF632A2BAD1@eusaamb107.ericsson.se> <026b01cf4108$9e58b070$db0a1150$@riw.us> <F10451DB-7C6E-4ED1-ABC0-37E8B3CD80FD@gmail.com> <5C5D3148-261D-4428-AC6B-AAAD4436D048@lucidvision.com> <E6C17D2345AC7A45B7D054D407AA205C39241E6A@eusaamb105.ericsson.se> <FA034207-A9BB-40BB-B052-6CBDAD8D8809@gmail.com> <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>, <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
In-Reply-To: <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/C0YKoMKhi2sL1SMPl5AE4lUqvEY
Cc: Thomas D Nadeau <tnadeau@lucidvision.com>, David Allan I <david.i.allan@ericsson.com>, "<draft-gross-geneve@tools.ietf.org>" <draft-gross-geneve@tools.ietf.org>, "<nvo3@ietf.org>" <nvo3@ietf.org>, Lucy yong <lucy.yong@huawei.com>, Russ White <russw@riw.us>, Dino Farinacci <farinacci@gmail.com>, Eric Gray <eric.gray@ericsson.com>
Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 01:12:55 -0000
Tom There are 2 drafts that propose changes to VXLAN and NVGRE. Is there any requirements that is not addressed by those drafts? Regards, Shahram > On Mar 16, 2014, at 3:24 PM, "Tom Herbert" <therbert@google.com> wrote: > > On Sun, Mar 16, 2014 at 2:22 PM, Thomas D Nadeau > <tnadeau@lucidvision.com> wrote: >> that's kind of what you and russ were saying (and I agreeing): iteration, evolution and refinement have often proven better than revolution. > Iteration, evolution, and refinement are key and in fact this is > precisely a core rationale in GUE and geneve. We need the ability to > scale and adapt the data center to changing needs and threats, this is > the requirement. This translates into a requirement for extensible > protocols that we can modify and evolve as needed and in short > turnaround time. > > The example that I give in security: what if next week the latest > Snowden revelations expose some security hole in our data center-- if > this hole can be addressed by adding a token to my packets, then I > want to guarantee I retain the capability to do this. It's not > acceptable that I'd have to go back to standards to change this, and > neither is swapping out new hardware just because I extended a > protocol. > > I agree that modifying existing protocols would be the best direction > but that is going to require a real proposal which we can measure > against (no one has suggested a reasonable alternative). In lieu of > modifying an existing protocol, developing a a new one based on known > techniques and mechanisms is prudent. > > Tom > >> Tom >> >> >>> On Mar 16, 2014, at 15:59, Dino Farinacci <farinacci@gmail.com> wrote: >>> >>> Maybe the power struggle should not focus so much on WHAT is delivered but HOW it is developed and delivered. >>> >>> A thought offered to me recently from a close friend. >>> >>> Dino >>> >>>> On Mar 16, 2014, at 12:56 PM, David Allan I <david.i.allan@ericsson.com> wrote: >>>> >>>> The actual examples cited are artifacts of an industry power structure that may not apply in this case, as far as past performance predicting future outcomes.... >>>> >>>> D >>>> >>>> -----Original Message----- >>>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Thomas D Nadeau >>>> Sent: Sunday, March 16, 2014 9:10 AM >>>> To: Dino Farinacci >>>> Cc: Russ White; <draft-gross-geneve@tools.ietf.org>; <nvo3@ietf.org>; Lucy yong; Eric Gray >>>> Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap >>>> >>>> This road is littered with many examples in recent history of new alternatives presenting the dream of "a new encap/protocol will fix everything" such as crldp, PBT and PBB-TE. let's not make this mistake if we can help it... >>>> >>>> Tom >>>> >>>> >>>>> On Mar 16, 2014, at 11:48, Dino Farinacci <farinacci@gmail.com> wrote: >>>>> >>>>> Decades of experience tells us what Russ says below. Those who choose to ignore are bound to repeat ... >>>>> >>>>> Dino >>>>> >>>>>> On Mar 16, 2014, at 4:12 AM, "Russ White" <russw@riw.us> wrote: >>>>>> >>>>>> >>>>>>> 3) create a new encapsulation that meets requirements - and find out >>>>>>> that the >>>>>>> industry doesn't entirely switch over to the new (read untried >>>>>>> and >>>>>> possibly >>>>>>> immature) encapsulation, existing deployed alternatives are >>>>>> documented >>>>>>> in >>>>>>> some (possibly non-standard) way and we incur the costs >>>>>>> associated >>>>>> with >>>>>>> living with three alternatives additional encapsulations until >>>>>>> such >>>>>> time (if >>>>>>> ever) >>>>>>> when the DCN industry settles on fewer (possibly as few as one) >>>>>> choices, >>>>>>> and >>>>>>> we move on. >>>>>> >>>>>> This is, in fact, the most likely result... Vendors would need to >>>>>> remove support for the old encaps over time, which isn't going to >>>>>> happen so long as someone is actually using them, which means support >>>>>> will still be in code, which means new people will start using them, which means... >>>>>> >>>>>> There is also a cost in security when it comes to defining new encap >>>>>> types we often don't consider -- it's one more tunnel type that needs >>>>>> to be accounted for by middle boxes, network hardening routines, etc. >>>>>> For every new encap we create, we also create a lot of work in the >>>>>> security world in tracking vulnerabilities, understanding the semantics of the protocol, etc. >>>>>> >>>>>> The right answer, IMHO, is to modify, rather than creating a new encap. >>>>>> >>>>>> :-) >>>>>> >>>>>> Russ >>>>>> >>>>>> _______________________________________________ >>>>>> nvo3 mailing list >>>>>> nvo3@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/nvo3 >>>>> >>>>> _______________________________________________ >>>>> nvo3 mailing list >>>>> nvo3@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/nvo3 >>>> >>>> _______________________________________________ >>>> nvo3 mailing list >>>> nvo3@ietf.org >>>> https://www.ietf.org/mailman/listinfo/nvo3 >> >> _______________________________________________ >> nvo3 mailing list >> nvo3@ietf.org >> https://www.ietf.org/mailman/listinfo/nvo3 > > _______________________________________________ > nvo3 mailing list > nvo3@ietf.org > https://www.ietf.org/mailman/listinfo/nvo3
- [nvo3] enhancing VXLAN/NVGRE vs creating an new e… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Sam Aldrin
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Eric Gray
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Russ White
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… David Allan I
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… AshwoodsmithPeter
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Zhou, Han
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Greg Mirsky