Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft)
"Luyuan Fang (lufang)" <lufang@cisco.com> Wed, 11 July 2012 15:51 UTC
Return-Path: <lufang@cisco.com>
X-Original-To: nvo3@ietfa.amsl.com
Delivered-To: nvo3@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3393611E80ED for <nvo3@ietfa.amsl.com>; Wed, 11 Jul 2012 08:51:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.842
X-Spam-Level:
X-Spam-Status: No, score=-8.842 tagged_above=-999 required=5 tests=[AWL=-0.596, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GtTax+kGBy5P for <nvo3@ietfa.amsl.com>; Wed, 11 Jul 2012 08:51:29 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id E0FC011E80E8 for <nvo3@ietf.org>; Wed, 11 Jul 2012 08:51:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lufang@cisco.com; l=4808; q=dns/txt; s=iport; t=1342021920; x=1343231520; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=jakhfF2Lo6jYVwLbpW0+sTMYYVl2c+fD4NY426VUylY=; b=b+Yd0M78xQEa0BuCrVZmmKxFTVlt0lZcyWyj0iT1h7I4tF191zZFMQi7 gXdbUtcT8NtleegNGGbLqvfYR0vyYea4tHHYf4Gl+OMv6Fm7ZjFFgmN6v U293TfOlx2an+oHG91FElP0EyL9SEzHTdacZuzigXNJ/0JUJeI+vCzpGr w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAE+g/U+tJV2d/2dsb2JhbABFhWewX4EfgQeCIAEBAQQSASFFDAQCAQgRBAEBBQYdBQICMBQJCAIEAQ0FCBqHawudR40TCJMHgRyKJBuEPTZgA5ZMjQ6BZoJf
X-IronPort-AV: E=Sophos;i="4.77,567,1336348800"; d="scan'208";a="100855980"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-6.cisco.com with ESMTP; 11 Jul 2012 15:51:59 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id q6BFpxPx012747 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 11 Jul 2012 15:51:59 GMT
Received: from xmb-rcd-x03.cisco.com ([169.254.7.117]) by xhc-aln-x06.cisco.com ([173.36.12.80]) with mapi id 14.02.0298.004; Wed, 11 Jul 2012 10:51:59 -0500
From: "Luyuan Fang (lufang)" <lufang@cisco.com>
To: Lucy yong <lucy.yong@huawei.com>, Thomas Narten <narten@us.ibm.com>
Thread-Topic: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft)
Thread-Index: AQHNX2zYiLHNSSkd+k63EqMinbwOjJckgKiA//+4v+A=
Date: Wed, 11 Jul 2012 15:51:38 +0000
Message-ID: <0DB8F45437AB844CBB5102F807A0AD9301B663@xmb-rcd-x03.cisco.com>
References: <8D3D17ACE214DC429325B2B98F3AE71208D3B170@MX15A.corp.emc.com> <CC223B30.188BE%kreeger@cisco.com> <0DB8F45437AB844CBB5102F807A0AD9301B093@xmb-rcd-x03.cisco.com> <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE0752ED29@szxeml525-mbs.china.huawei.com> <0DB8F45437AB844CBB5102F807A0AD9301B12F@xmb-rcd-x03.cisco.com> <201207111354.q6BDspBU027084@cichlid.raleigh.ibm.com> <2691CE0099834E4A9C5044EEC662BB9D3BA9EE88@dfweml505-mbx>
In-Reply-To: <2691CE0099834E4A9C5044EEC662BB9D3BA9EE88@dfweml505-mbx>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.85.195]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19032.005
x-tm-as-result: No--49.941900-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "nvo3@ietf.org" <nvo3@ietf.org>
Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft)
X-BeenThere: nvo3@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "L2 \"Network Virtualization Over L3\" overlay discussion list \(nvo3\)" <nvo3.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nvo3>, <mailto:nvo3-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nvo3>
List-Post: <mailto:nvo3@ietf.org>
List-Help: <mailto:nvo3-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nvo3>, <mailto:nvo3-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2012 15:51:30 -0000
Lucy, Thanks for the notes, that is more or less the way I see it too. Thomas, Also look Larry's reply yesterday: "the idea of using VDP or a VDP-like protocol is to communicate between the end-system and and external NVE. If the NVE is embedded in the end-system, then there is not need for an on-the-wire protocol." I believe Larry is right. Luyuan > -----Original Message----- > From: Lucy yong [mailto:lucy.yong@huawei.com] > Sent: Wednesday, July 11, 2012 11:00 AM > To: Thomas Narten; Luyuan Fang (lufang) > Cc: nvo3@ietf.org > Subject: RE: [nvo3] TES-NVE attach/detach protocol security (mobility- > issues draft) > > Here is my 2 cents for the L3VN case. > > If an NVE is on a server and TESs are VMs on the server, TES-NVE > attach/detach is configured by DC operators. When VM is power-on, the > NVE populates it in the forwarding table; When VM is power-off, the NVE > removes it from the table. The forwarding between the NVE and TESs is > simply an internal table lookup and delivery process on the server. If > an NVE is on ToR, TESs may be either non-virtualized servers or a > vSwitch on virtualized servers; the routing between NVE and TESs may > use Petro's proposal or run a routing protocol such as OSPF per a VN; > The forwarding between two is like [RFC4364]. > > Lucy > > -----Original Message----- > From: nvo3-bounces@ietf.org [mailto:nvo3-bounces@ietf.org] On Behalf Of > Thomas Narten > Sent: Wednesday, July 11, 2012 8:55 AM > To: Luyuan Fang (lufang) > Cc: nvo3@ietf.org > Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility- > issues draft) > > "Luyuan Fang (lufang)" <lufang@cisco.com> writes: > > > My understanding VDP is a discovery protocol for bridgingâ? > > Note: VDP stands for VSI Discovery and Configuration Protocol (though > the "configuration" part is often dropped). > > It does more than just "discover". E.g., see > http://blog.ioshints.info/2011/05/edge-virtual-bridging-evb-8021qbg- > eases.html > > > One of the most interesting parts of EVB is the VSI Discovery and > > Configuration Protocol (VDP). Using VDP, the EVB station (host) can > > inform the adjacent EVB Bridge (access switch) before a VM is > deployed > > (started or moved). The host can also tell the switch which VLAN the > > VM needs and which MAC address (or set of MAC addresses) the VM uses. > > Blasting through the VLAN limits (4K VLANs allowed by 802.1Q), the > VDP > > supports 4-byte long Group ID, which can be mapped dynamically into > > different access VLANs on as-needed basis (this is a recent addendum > > to 802.1Qbg and probably allows nice interworking with I-SID field in > > PBB/SPB). > > Also, see draft-gu-nvo3-overlay-cp-arch-00.txt and draft-gu-nvo3-tes- > nve-mechanism-00.txt which has text on VDP. > > If anyone can point the WG to a good overview/summary of what VDP does, > that would be helpful. > > > If you are using pure l3 end-system to end-system, there is no > > bridging, there is no need for VDP. > > I'm not sure about that. > > When you say L3 TES, what is the interface between the NVE and TES? My > assumption is that it is still L2, even if the service provided is L3. > You'd ignore the L2 stuff (mostly), but most VMs are already set up to > send L2 packets on their interfaces. > > Also VDP is between the Hypervisor and NVE. Thus, it may still be > needed, even if the service provided to the TES is L3 only. > > Thomas
- [nvo3] Comments on draft-dunbar-nvo3-overlay-mobi… Guyingjie (Yingjie)
- Re: [nvo3] Comments on draft-dunbar-nvo3-overlay-… Linda Dunbar
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- [nvo3] TES-NVE attach/detach protocol security (m… david.black
- Re: [nvo3] TES-NVE attach/detach protocol securit… Stiliadis, Dimitrios (Dimitri)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Linda Dunbar
- Re: [nvo3] TES-NVE attach/detach protocol securit… david.black
- Re: [nvo3] TES-NVE attach/detach protocol securit… david.black
- Re: [nvo3] TES-NVE attach/detach protocol securit… Stiliadis, Dimitrios (Dimitri)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Xuxiaohu
- Re: [nvo3] TES-NVE attach/detach protocol securit… wei.yinxing
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… wei.yinxing
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Xuxiaohu
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Melinda Shore
- Re: [nvo3] TES-NVE attach/detach protocol securit… wei.yinxing
- Re: [nvo3] TES-NVE attach/detach protocol securit… wei.yinxing
- Re: [nvo3] TES-NVE attach/detach protocol securit… wei.yinxing
- Re: [nvo3] TES-NVE attach/detach protocol securit… Thomas Narten
- Re: [nvo3] TES-NVE attach/detach protocol securit… Thomas Narten
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Lucy yong
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Lucy yong
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Melinda Shore
- Re: [nvo3] TES-NVE attach/detach protocol securit… Paul Unbehagen
- Re: [nvo3] TES-NVE attach/detach protocol securit… Luyuan Fang (lufang)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Thomas Narten
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… Lucy yong
- Re: [nvo3] TES-NVE attach/detach protocol securit… david.black
- Re: [nvo3] TES-NVE attach/detach protocol securit… Larry Kreeger (kreeger)
- [nvo3] 答复: TES-NVE attach/detach protocol securit… Xuxiaohu
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… Xuxiaohu
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… david.black
- [nvo3] 答复: TES-NVE attach/detach protocol securit… Xuxiaohu
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- [nvo3] 答复: TES-NVE attach/detach protocol securit… Guyingjie (Yingjie)
- Re: [nvo3] TES-NVE attach/detach protocol securit… david.black
- Re: [nvo3] TES-NVE attach/detach protocol securit… Linda Dunbar
- Re: [nvo3] 答复: TES-NVE attach/detach protocol sec… Aldrin Isaac
- [nvo3] 答复: 答复: TES-NVE attach/detach protocol sec… Guyingjie (Yingjie)
- Re: [nvo3] TES-NVE attach/detach protocol securit… Linda Dunbar
- Re: [nvo3] TES-NVE attach/detach protocol securit… Linda Dunbar
- Re: [nvo3] TES-NVE attach/detach protocol securit… Kireeti Kompella
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… NAPIERALA, MARIA H
- Re: [nvo3] TES-NVE attach/detach protocol securit… Anoop Ghanwani
- [nvo3] 答复: TES-NVE attach/detach protocol securit… Guyingjie (Yingjie)