IETF Logo Mail Archive

Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap

Tom Herbert <therbert@google.com> Sun, 16 March 2014 22:24 UTC

Return-Path: <therbert@google.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ECAE1A0328 for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 15:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIszLq4eHy5B for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 15:24:32 -0700 (PDT)
Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCFD1A01A0 for <nvo3@ietf.org>; Sun, 16 Mar 2014 15:24:32 -0700 (PDT)
Received: by mail-ig0-f173.google.com with SMTP id t19so3951923igi.0 for <nvo3@ietf.org>; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3gfAjt2CZNosX1ehtj5chf8XTR5a+89HFuq79x/y2zg=; b=HWcn/0PSVbIaaTcj2tK+z3ufdxQQWuRH2olakHpqBA/EJG6D3tr60vmcH1JqmmW9ir 4s3twlwimKJX+DYgJIgl4ofBp0KNhRfcbiE6Eo6jZtRlPgB6ri+pHnb+C6D1UitL9cvK GOYl+zfC9hRy0tKgPxNxDUZ/8An6MNzBqQ4UuIbe0iQjm8tWm1PMlJVOIy3DDNRNY0BG /iTGtlPrgI6rBXkueoI6F8+r/ibbw71gGYKBlPNMyJvfkDevqZgPea9+EkbWlE/TVelb hEWF6zYw6HQomyltUoeuP0qpAK7SOPg7aKzv5FoDps1acVuUijRlxMf9HPyGGXIdoN5/ kDsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3gfAjt2CZNosX1ehtj5chf8XTR5a+89HFuq79x/y2zg=; b=Ah7tZOWB3xL3je59CR2FMhI7oZJY82l0RqYqyFN4d6+kyVJK5u76zDGnqxZnDYBVTF ugOb0Lplx+dLOR1TiPnJSkmMoueBjO/zoL88vYWHNIgM2EmXBsF0h94RqJ0He0j7EjgO eJTAx2DO/xWdoeRIX5Emn+vKOa0oXyr3u0MxxJwKh4eC5WBXbos0YiKNf7wk1uL4tOCN uTDl5G9JGw1yLnoZI5OlhRAELaDVPDi0whCfmiFyeV0I19cyzzh3b4oUs/n7p5SYT829 dhVkZT2Ex9MsJur4q7I3I2u/AxjRClnUbQqRCobWu7Jd3FGU0nHJm8nki0yJZzlWjb+q yUaQ==
X-Gm-Message-State: ALoCoQnOQ3JwQ/RT+8I6B+0vUQ4u1ajbsse4T9qb1hVuAnuF3dfWGhsomhUwdMyNF/aPT+tRiU/bO5yHA1cjRK9W1tNVpzB5p5EhnhD/gj5W5IzsbhrCHNygHIXDa/nm1VJwLUfn+6ieYV4SBzoanN11r2H1n3Ke2qG6zUVHYd5NbffjaDxuG/AC8cpU2C4cZDkm1Ple+YRY
MIME-Version: 1.0
X-Received: by 10.50.109.130 with SMTP id hs2mr8346985igb.29.1395008664317; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
In-Reply-To: <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>
References: <2691CE0099834E4A9C5044EEC662BB9D45354603@dfweml701-chm.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF632A2BAD1@eusaamb107.ericsson.se> <026b01cf4108$9e58b070$db0a1150$@riw.us> <F10451DB-7C6E-4ED1-ABC0-37E8B3CD80FD@gmail.com> <5C5D3148-261D-4428-AC6B-AAAD4436D048@lucidvision.com> <E6C17D2345AC7A45B7D054D407AA205C39241E6A@eusaamb105.ericsson.se> <FA034207-A9BB-40BB-B052-6CBDAD8D8809@gmail.com> <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>
Date: Sun, 16 Mar 2014 15:24:24 -0700
Message-ID: <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
From: Tom Herbert <therbert@google.com>
To: Thomas D Nadeau <tnadeau@lucidvision.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/GZ5JzIEda87uXRCFgzcKCwwbp4c
Cc: "<draft-gross-geneve@tools.ietf.org>" <draft-gross-geneve@tools.ietf.org>, David Allan I <david.i.allan@ericsson.com>, "<nvo3@ietf.org>" <nvo3@ietf.org>, Lucy yong <lucy.yong@huawei.com>, Russ White <russw@riw.us>, Dino Farinacci <farinacci@gmail.com>, Eric Gray <eric.gray@ericsson.com>
Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 22:24:34 -0000

On Sun, Mar 16, 2014 at 2:22 PM, Thomas D Nadeau
<tnadeau@lucidvision.com> wrote:
> that's kind of what you and russ were saying (and I agreeing): iteration, evolution and refinement have often proven better than revolution.
>
Iteration, evolution, and refinement are key and in fact this is
precisely a core rationale in GUE and geneve. We need the ability to
scale and adapt the data center to changing needs and threats, this is
the requirement. This translates into a requirement for extensible
protocols that we can modify and evolve as needed and in short
turnaround time.

The example that I give in security: what if next week the latest
Snowden revelations expose some security hole in our data center-- if
this hole can be addressed by adding a token to my packets, then I
want to guarantee I retain the capability to do this. It's not
acceptable that I'd have to go back to standards to change this, and
neither is swapping out new hardware just because I extended a
protocol.

I agree that modifying existing protocols would be the best direction
but that is going to require a real proposal which we can measure
against (no one has suggested a reasonable alternative). In lieu of
modifying an existing protocol, developing a a new one based on known
techniques and mechanisms is prudent.

Tom

> Tom
>
>
>> On Mar 16, 2014, at 15:59, Dino Farinacci <farinacci@gmail.com> wrote:
>>
>> Maybe the power struggle should not focus so much on WHAT is delivered but HOW it is developed and delivered.
>>
>> A thought offered to me recently from a close friend.
>>
>> Dino
>>
>>> On Mar 16, 2014, at 12:56 PM, David Allan I <david.i.allan@ericsson.com> wrote:
>>>
>>> The actual examples cited are artifacts of an industry power structure that may not apply in this case, as far as past performance predicting future outcomes....
>>>
>>> D
>>>
>>> -----Original Message-----
>>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Thomas D Nadeau
>>> Sent: Sunday, March 16, 2014 9:10 AM
>>> To: Dino Farinacci
>>> Cc: Russ White; <draft-gross-geneve@tools.ietf.org>; <nvo3@ietf.org>; Lucy yong; Eric Gray
>>> Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
>>>
>>> This road is littered with many examples in recent history of new alternatives presenting the dream of "a new encap/protocol will fix everything" such as crldp, PBT and PBB-TE. let's not make this mistake if we can help it...
>>>
>>> Tom
>>>
>>>
>>>> On Mar 16, 2014, at 11:48, Dino Farinacci <farinacci@gmail.com> wrote:
>>>>
>>>> Decades of experience tells us what Russ says below. Those who choose to ignore are bound to repeat ...
>>>>
>>>> Dino
>>>>
>>>>> On Mar 16, 2014, at 4:12 AM, "Russ White" <russw@riw.us> wrote:
>>>>>
>>>>>
>>>>>> 3) create a new encapsulation that meets requirements - and find out
>>>>>> that the
>>>>>>  industry doesn't entirely switch over to the new (read untried
>>>>>> and
>>>>> possibly
>>>>>>  immature) encapsulation, existing deployed alternatives are
>>>>> documented
>>>>>> in
>>>>>>  some (possibly non-standard) way and we incur the costs
>>>>>> associated
>>>>> with
>>>>>>  living with three alternatives additional encapsulations until
>>>>>> such
>>>>> time (if
>>>>>> ever)
>>>>>>  when the DCN industry settles on fewer (possibly as few as one)
>>>>> choices,
>>>>>> and
>>>>>>  we move on.
>>>>>
>>>>> This is, in fact, the most likely result... Vendors would need to
>>>>> remove support for the old encaps over time, which isn't going to
>>>>> happen so long as someone is actually using them, which means support
>>>>> will still be in code, which means new people will start using them, which means...
>>>>>
>>>>> There is also a cost in security when it comes to defining new encap
>>>>> types we often don't consider -- it's one more tunnel type that needs
>>>>> to be accounted for by middle boxes, network hardening routines, etc.
>>>>> For every new encap we create, we also create a lot of work in the
>>>>> security world in tracking vulnerabilities, understanding the semantics of the protocol, etc.
>>>>>
>>>>> The right answer, IMHO, is to modify, rather than creating a new encap.
>>>>>
>>>>> :-)
>>>>>
>>>>> Russ
>>>>>
>>>>> _______________________________________________
>>>>> nvo3 mailing list
>>>>> nvo3@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/nvo3
>>>>
>>>> _______________________________________________
>>>> nvo3 mailing list
>>>> nvo3@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/nvo3
>>>
>>> _______________________________________________
>>> nvo3 mailing list
>>> nvo3@ietf.org
>>> https://www.ietf.org/mailman/listinfo/nvo3
>>
>
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email