IETF Logo Mail Archive

Re: [nvo3] Comments on draft-kompella-nvo3-server2nve

"NAPIERALA, MARIA H" <mn1921@att.com> Tue, 17 July 2012 16:07 UTC

Return-Path: <mn1921@att.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69ED421F865D for <nvo3@ietfa.amsl.com>; Tue, 17 Jul 2012 09:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.169
X-Spam-Level:
X-Spam-Status: No, score=-106.169 tagged_above=-999 required=5 tests=[AWL=0.430, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RhcV7rprrdWL for <nvo3@ietfa.amsl.com>; Tue, 17 Jul 2012 09:07:03 -0700 (PDT)
Received: from nbfkord-smmo04.seg.att.com (nbfkord-smmo04.seg.att.com [209.65.160.86]) by ietfa.amsl.com (Postfix) with ESMTP id 3009321F8496 for <nvo3@ietf.org>; Tue, 17 Jul 2012 09:07:03 -0700 (PDT)
Received: from unknown [144.160.20.145] (EHLO mlpd192.enaf.sfdc.sbc.com) by nbfkord-smmo04.seg.att.com(mxl_mta-6.11.0-10) over TLS secured channel with ESMTP id 6dd85005.0.541345.00-381.1485991.nbfkord-smmo04.seg.att.com (envelope-from <mn1921@att.com>); Tue, 17 Jul 2012 16:07:51 +0000 (UTC)
X-MXL-Hash: 50058dd70fe6879b-78d4cd121295e73dd7bb7b6477f5a214d6842099
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q6HG7o2o005333 for <nvo3@ietf.org>; Tue, 17 Jul 2012 12:07:50 -0400
Received: from sflint01.pst.cso.att.com (sflint01.pst.cso.att.com [144.154.234.228]) by mlpd192.enaf.sfdc.sbc.com (8.14.5/8.14.5) with ESMTP id q6HG7etp005234 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <nvo3@ietf.org>; Tue, 17 Jul 2012 12:07:45 -0400
Received: from MISOUT7MSGHUB9B.ITServices.sbc.com (misout7msghub9b.itservices.sbc.com [144.151.223.72]) by sflint01.pst.cso.att.com (RSA Interceptor) for <nvo3@ietf.org>; Tue, 17 Jul 2012 12:07:28 -0400
Received: from MISOUT7MSGUSR9I.ITServices.sbc.com ([144.151.223.56]) by MISOUT7MSGHUB9B.ITServices.sbc.com ([144.151.223.72]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 12:07:27 -0400
From: "NAPIERALA, MARIA H" <mn1921@att.com>
To: "nvo3@ietf.org" <nvo3@ietf.org>
Thread-Topic: [nvo3] Comments on draft-kompella-nvo3-server2nve
Thread-Index: Ac1hMkT4SAJO1lOZRkKyedt+yICUBAAJ/3cAALbjySA=
Date: Tue, 17 Jul 2012 16:07:26 +0000
Message-ID: <1D70D757A2C9D54D83B4CBD7625FA80EB69759@MISOUT7MSGUSR9I.ITServices.sbc.com>
References: <8D3D17ACE214DC429325B2B98F3AE71208D3B64B@MX15A.corp.emc.com> <50008968.4070300@raszuk.net>
In-Reply-To: <50008968.4070300@raszuk.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.70.230.42]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-RSA-Inspected: yes
X-RSA-Classifications: public
X-Spam: [F=0.2000000000; CM=0.500; S=0.200(2010122901)]
X-MAIL-FROM: <mn1921@att.com>
X-SOURCE-IP: [144.160.20.145]
X-AnalysisOut: [v=1.0 c=1 a=WHjBNRapP48A:10 a=5fT0KbTSoJIA:10 a=ofMgfj31e3]
X-AnalysisOut: [cA:10 a=BLceEmwcHowA:10 a=kj9zAlcOel0A:10 a=ZRNLZ4dFUbCvG8]
X-AnalysisOut: [UMqPvVAA==:17 a=48vgC7mUAAAA:8 a=qjkT5h8hAAAA:8 a=aIPuHJIg]
X-AnalysisOut: [k6P8hdLIY80A:9 a=CjuIK1q_8ugA:10 a=lZB815dzVvQA:10 a=h3cjk]
X-AnalysisOut: [nQ5MXFAQwMZ:21 a=MtKATxNB9l_RWZ6i:21]
Subject: Re: [nvo3] Comments on draft-kompella-nvo3-server2nve
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "L2 \"Network Virtualization Over L3\" overlay discussion list \(nvo3\)" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 16:07:04 -0000

I also have a similar fundamental issue with this document.  The document seems to be dictating provisioning process for a VM. What service/cloud computing providers need are the building blocks, i.e. standard APIs and protocols to create and manage virtual networks in cloud computing environment. Most of those APIs already exist (e.g., OpenStack REST API, IF-MAP API, etc.). How to put the solution blocks together will be individually decided by the providers. There already exist OpenStack Tenant/Project and Quantum Project that allow creation and management of Virtual Networks. There are many available Quantum plugins. Actually, such models are proven to scale and have been already used by many large cloud computing providers. As Robert said, let's not "reinvent the wheel".

Besides this fundamental issue (which, in fact, makes any other comments less relevant) I would like to point out the following:

Section 1.
   "This document focuses on the case where the network elements in Step
   4 are not co-resident with the server, and shows how the provisioning
   in Step 4 can be replaced by signaling between server and network,"

Allowing network elements to signal provisioning information directly to each other is not a secure approach, especially if one of those elements is carrying guest workloads. It is especially insecure if the signaling protocol used cannot be authenticated. It is much more secure to delegate such coordination to a management system. Hence, devoting entire draft to this single, narrow issue, which for majority, especially large Service or Cloud Providers would be irrelevant, seems to miss the mark.
It is much more relevant to address the case where NVE is in the end-system and to address the signaling used between the end-system and its controller.

Section 2.3
   "There are several options for protocols to use to signal the above
   messages.  One could invent a new protocol for this purpose.  One
   could reuse existing protocols, among them LLDP, XMPP, HTTP REST, and
   VDP [VDP], a new protocol standardized for the purposes of signaling
   a VM's network parameters from server to lNVE"

I don't think that these protocols should be listed as "equal". There are major differences between them from security, extensibility, and applicability point of view.

Section 3
    "DCVPNs may be realized using BGP-based VPNs, for example, BGP/MPLS
     "VPNs ([RFC4364]),"

This approach is addressed in draft-fang-vpn4dc-problem-statement-01.


> -----Original Message-----
> From: nvo3-bounces@ietf.org [mailto:nvo3-bounces@ietf.org] On Behalf Of
> Robert Raszuk
> Sent: Friday, July 13, 2012 4:48 PM
> To: nvo3@ietf.org
> Subject: Re: [nvo3] Comments on draft-kompella-nvo3-server2nve
> 
> All,
> 
> Since we are starting to discuss this document I have one fundamental
> comment/question.
> 
> The part of it's abstract says:
> 
>     This document proposes a "single-touch" approach for provisioning
> the
>     networking parameters related to Virtual Machine creation,
> migration
>     and termination on servers.
> 
> I would like to observe that in the tenant data center VMs are only a
> small part of the tenant network.
> 
> Single-touch is of course great idea and that is why extension to one
> of
> the common and very popular data center orchestration environments
> (openstack) developed a module called Quantum.
> 
> This module is exactly targeting to not only provision networking
> parameters to VMs but also to other network appliances including
> virtual
> routers, firewalls, loadbalancers etc .. which are part of the tenant
> DC
> network.
> 
> Ref: http://wiki.openstack.org/Quantum
> 
> So I would like to ask the authors of the draft-kompella-nvo3-
> server2nve
> why there is the an attempt to reinvent the wheel and how far they are
> going to maintain the vision of "single-touch" considering that much
> broader aspect of this has been already solved ?
> 
> Best regards,
> R.
> 
> PS. I am perfectly fine to hear that NVO3 does not want to adopt any
> work which is done outside of IETF. However I think that such message
> needs to be clearly weighted against current deployments as well as
> existing market adoption of such solutions.
> 
> 
> _______________________________________________
> nvo3 mailing list
> nvo3@ietf.org
> https://www.ietf.org/mailman/listinfo/nvo3

v2.23.0 | Report a Bug | By Email