Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
Tom Herbert <therbert@google.com> Sun, 16 March 2014 22:24 UTC
Return-Path: <therbert@google.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ECAE1A0328 for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 15:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.926
X-Spam-Level:
X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIszLq4eHy5B for <nvo3@ietfa.amsl.com>; Sun, 16 Mar 2014 15:24:32 -0700 (PDT)
Received: from mail-ig0-x22d.google.com (mail-ig0-x22d.google.com [IPv6:2607:f8b0:4001:c05::22d]) by ietfa.amsl.com (Postfix) with ESMTP id 3BCFD1A01A0 for <nvo3@ietf.org>; Sun, 16 Mar 2014 15:24:32 -0700 (PDT)
Received: by mail-ig0-f173.google.com with SMTP id t19so3951923igi.0 for <nvo3@ietf.org>; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3gfAjt2CZNosX1ehtj5chf8XTR5a+89HFuq79x/y2zg=; b=HWcn/0PSVbIaaTcj2tK+z3ufdxQQWuRH2olakHpqBA/EJG6D3tr60vmcH1JqmmW9ir 4s3twlwimKJX+DYgJIgl4ofBp0KNhRfcbiE6Eo6jZtRlPgB6ri+pHnb+C6D1UitL9cvK GOYl+zfC9hRy0tKgPxNxDUZ/8An6MNzBqQ4UuIbe0iQjm8tWm1PMlJVOIy3DDNRNY0BG /iTGtlPrgI6rBXkueoI6F8+r/ibbw71gGYKBlPNMyJvfkDevqZgPea9+EkbWlE/TVelb hEWF6zYw6HQomyltUoeuP0qpAK7SOPg7aKzv5FoDps1acVuUijRlxMf9HPyGGXIdoN5/ kDsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3gfAjt2CZNosX1ehtj5chf8XTR5a+89HFuq79x/y2zg=; b=Ah7tZOWB3xL3je59CR2FMhI7oZJY82l0RqYqyFN4d6+kyVJK5u76zDGnqxZnDYBVTF ugOb0Lplx+dLOR1TiPnJSkmMoueBjO/zoL88vYWHNIgM2EmXBsF0h94RqJ0He0j7EjgO eJTAx2DO/xWdoeRIX5Emn+vKOa0oXyr3u0MxxJwKh4eC5WBXbos0YiKNf7wk1uL4tOCN uTDl5G9JGw1yLnoZI5OlhRAELaDVPDi0whCfmiFyeV0I19cyzzh3b4oUs/n7p5SYT829 dhVkZT2Ex9MsJur4q7I3I2u/AxjRClnUbQqRCobWu7Jd3FGU0nHJm8nki0yJZzlWjb+q yUaQ==
X-Gm-Message-State: ALoCoQnOQ3JwQ/RT+8I6B+0vUQ4u1ajbsse4T9qb1hVuAnuF3dfWGhsomhUwdMyNF/aPT+tRiU/bO5yHA1cjRK9W1tNVpzB5p5EhnhD/gj5W5IzsbhrCHNygHIXDa/nm1VJwLUfn+6ieYV4SBzoanN11r2H1n3Ke2qG6zUVHYd5NbffjaDxuG/AC8cpU2C4cZDkm1Ple+YRY
MIME-Version: 1.0
X-Received: by 10.50.109.130 with SMTP id hs2mr8346985igb.29.1395008664317; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
Received: by 10.64.148.98 with HTTP; Sun, 16 Mar 2014 15:24:24 -0700 (PDT)
In-Reply-To: <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>
References: <2691CE0099834E4A9C5044EEC662BB9D45354603@dfweml701-chm.china.huawei.com> <48E1A67CB9CA044EADFEAB87D814BFF632A2BAD1@eusaamb107.ericsson.se> <026b01cf4108$9e58b070$db0a1150$@riw.us> <F10451DB-7C6E-4ED1-ABC0-37E8B3CD80FD@gmail.com> <5C5D3148-261D-4428-AC6B-AAAD4436D048@lucidvision.com> <E6C17D2345AC7A45B7D054D407AA205C39241E6A@eusaamb105.ericsson.se> <FA034207-A9BB-40BB-B052-6CBDAD8D8809@gmail.com> <9BD986A7-A11E-4BF4-8CAC-172A744E7FAE@lucidvision.com>
Date: Sun, 16 Mar 2014 15:24:24 -0700
Message-ID: <CA+mtBx-+LH9+orNEV7gNU0GniG6dRrMS0h+WdfWG+ctDYk1B6w@mail.gmail.com>
From: Tom Herbert <therbert@google.com>
To: Thomas D Nadeau <tnadeau@lucidvision.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/nvo3/GZ5JzIEda87uXRCFgzcKCwwbp4c
Cc: "<draft-gross-geneve@tools.ietf.org>" <draft-gross-geneve@tools.ietf.org>, David Allan I <david.i.allan@ericsson.com>, "<nvo3@ietf.org>" <nvo3@ietf.org>, Lucy yong <lucy.yong@huawei.com>, Russ White <russw@riw.us>, Dino Farinacci <farinacci@gmail.com>, Eric Gray <eric.gray@ericsson.com>
Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Network Virtualization Overlays \(NVO3\) Working Group" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3/>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 22:24:34 -0000
On Sun, Mar 16, 2014 at 2:22 PM, Thomas D Nadeau <tnadeau@lucidvision.com> wrote: > that's kind of what you and russ were saying (and I agreeing): iteration, evolution and refinement have often proven better than revolution. > Iteration, evolution, and refinement are key and in fact this is precisely a core rationale in GUE and geneve. We need the ability to scale and adapt the data center to changing needs and threats, this is the requirement. This translates into a requirement for extensible protocols that we can modify and evolve as needed and in short turnaround time. The example that I give in security: what if next week the latest Snowden revelations expose some security hole in our data center-- if this hole can be addressed by adding a token to my packets, then I want to guarantee I retain the capability to do this. It's not acceptable that I'd have to go back to standards to change this, and neither is swapping out new hardware just because I extended a protocol. I agree that modifying existing protocols would be the best direction but that is going to require a real proposal which we can measure against (no one has suggested a reasonable alternative). In lieu of modifying an existing protocol, developing a a new one based on known techniques and mechanisms is prudent. Tom > Tom > > >> On Mar 16, 2014, at 15:59, Dino Farinacci <farinacci@gmail.com> wrote: >> >> Maybe the power struggle should not focus so much on WHAT is delivered but HOW it is developed and delivered. >> >> A thought offered to me recently from a close friend. >> >> Dino >> >>> On Mar 16, 2014, at 12:56 PM, David Allan I <david.i.allan@ericsson.com> wrote: >>> >>> The actual examples cited are artifacts of an industry power structure that may not apply in this case, as far as past performance predicting future outcomes.... >>> >>> D >>> >>> -----Original Message----- >>> From: nvo3 [mailto:nvo3-bounces@ietf.org] On Behalf Of Thomas D Nadeau >>> Sent: Sunday, March 16, 2014 9:10 AM >>> To: Dino Farinacci >>> Cc: Russ White; <draft-gross-geneve@tools.ietf.org>; <nvo3@ietf.org>; Lucy yong; Eric Gray >>> Subject: Re: [nvo3] enhancing VXLAN/NVGRE vs creating an new encap >>> >>> This road is littered with many examples in recent history of new alternatives presenting the dream of "a new encap/protocol will fix everything" such as crldp, PBT and PBB-TE. let's not make this mistake if we can help it... >>> >>> Tom >>> >>> >>>> On Mar 16, 2014, at 11:48, Dino Farinacci <farinacci@gmail.com> wrote: >>>> >>>> Decades of experience tells us what Russ says below. Those who choose to ignore are bound to repeat ... >>>> >>>> Dino >>>> >>>>> On Mar 16, 2014, at 4:12 AM, "Russ White" <russw@riw.us> wrote: >>>>> >>>>> >>>>>> 3) create a new encapsulation that meets requirements - and find out >>>>>> that the >>>>>> industry doesn't entirely switch over to the new (read untried >>>>>> and >>>>> possibly >>>>>> immature) encapsulation, existing deployed alternatives are >>>>> documented >>>>>> in >>>>>> some (possibly non-standard) way and we incur the costs >>>>>> associated >>>>> with >>>>>> living with three alternatives additional encapsulations until >>>>>> such >>>>> time (if >>>>>> ever) >>>>>> when the DCN industry settles on fewer (possibly as few as one) >>>>> choices, >>>>>> and >>>>>> we move on. >>>>> >>>>> This is, in fact, the most likely result... Vendors would need to >>>>> remove support for the old encaps over time, which isn't going to >>>>> happen so long as someone is actually using them, which means support >>>>> will still be in code, which means new people will start using them, which means... >>>>> >>>>> There is also a cost in security when it comes to defining new encap >>>>> types we often don't consider -- it's one more tunnel type that needs >>>>> to be accounted for by middle boxes, network hardening routines, etc. >>>>> For every new encap we create, we also create a lot of work in the >>>>> security world in tracking vulnerabilities, understanding the semantics of the protocol, etc. >>>>> >>>>> The right answer, IMHO, is to modify, rather than creating a new encap. >>>>> >>>>> :-) >>>>> >>>>> Russ >>>>> >>>>> _______________________________________________ >>>>> nvo3 mailing list >>>>> nvo3@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/nvo3 >>>> >>>> _______________________________________________ >>>> nvo3 mailing list >>>> nvo3@ietf.org >>>> https://www.ietf.org/mailman/listinfo/nvo3 >>> >>> _______________________________________________ >>> nvo3 mailing list >>> nvo3@ietf.org >>> https://www.ietf.org/mailman/listinfo/nvo3 >> > > _______________________________________________ > nvo3 mailing list > nvo3@ietf.org > https://www.ietf.org/mailman/listinfo/nvo3
- [nvo3] enhancing VXLAN/NVGRE vs creating an new e… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Sam Aldrin
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Eric Gray
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Lucy yong
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Russ White
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… David Allan I
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Thomas D Nadeau
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Shahram Davari
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Tom Herbert
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Anton Ivanov (antivano)
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… AshwoodsmithPeter
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Zhou, Han
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Dino Farinacci
- Re: [nvo3] enhancing VXLAN/NVGRE vs creating an n… Greg Mirsky