Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft)

["Luyuan Fang (lufang)" <lufang@cisco.com>]

Lucy,
Thanks for the notes, that is more or less the way I see it too. 

Thomas,
Also look Larry's reply yesterday: "the idea of using VDP or a VDP-like protocol is to communicate between the end-system and and external NVE.  If the NVE is embedded in the end-system, then there is not need for an on-the-wire protocol."
I believe Larry is right.

Luyuan

> -----Original Message-----
> From: Lucy yong [mailto:lucy.yong@huawei.com]
> Sent: Wednesday, July 11, 2012 11:00 AM
> To: Thomas Narten; Luyuan Fang (lufang)
> Cc: nvo3@ietf.org
> Subject: RE: [nvo3] TES-NVE attach/detach protocol security (mobility-
> issues draft)
> 
> Here is my 2 cents for the L3VN case.
> 
> If an NVE is on a server and TESs are VMs on the server, TES-NVE
> attach/detach is configured by DC operators. When VM is power-on, the
> NVE populates it in the forwarding table; When VM is power-off, the NVE
> removes it from the table. The forwarding between the NVE and TESs is
> simply an internal table lookup and delivery process on the server. If
> an NVE is on ToR, TESs may be either non-virtualized servers or a
> vSwitch on virtualized servers; the routing between NVE and TESs may
> use Petro's proposal or run a routing protocol such as OSPF per a VN;
> The forwarding between two is like [RFC4364].
> 
> Lucy
> 
> -----Original Message-----
> From: nvo3-bounces@ietf.org [mailto:nvo3-bounces@ietf.org] On Behalf Of
> Thomas Narten
> Sent: Wednesday, July 11, 2012 8:55 AM
> To: Luyuan Fang (lufang)
> Cc: nvo3@ietf.org
> Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility-
> issues draft)
> 
> "Luyuan Fang (lufang)" <lufang@cisco.com> writes:
> 
> > My understanding VDP is a discovery protocol for bridging�
> 
> Note: VDP stands for VSI Discovery and Configuration Protocol (though
> the "configuration" part is often dropped).
> 
> It does more than just "discover". E.g., see
> http://blog.ioshints.info/2011/05/edge-virtual-bridging-evb-8021qbg-
> eases.html
> 
> > One of the most interesting parts of EVB is the VSI Discovery and
> > Configuration Protocol (VDP). Using VDP, the EVB station (host) can
> > inform the adjacent EVB Bridge (access switch) before a VM is
> deployed
> > (started or moved). The host can also tell the switch which VLAN the
> > VM needs and which MAC address (or set of MAC addresses) the VM uses.
> > Blasting through the VLAN limits (4K VLANs allowed by 802.1Q), the
> VDP
> > supports 4-byte long Group ID, which can be mapped dynamically into
> > different access VLANs on as-needed basis (this is a recent addendum
> > to 802.1Qbg and probably allows nice interworking with I-SID field in
> > PBB/SPB).
> 
> Also, see draft-gu-nvo3-overlay-cp-arch-00.txt  and draft-gu-nvo3-tes-
> nve-mechanism-00.txt which has text on VDP.
> 
> If anyone can point the WG to a good overview/summary of what VDP does,
> that would be helpful.
> 
> > If you are using pure l3 end-system to end-system, there is no
> > bridging, there is no need for VDP.
> 
> I'm not sure about that.
> 
> When you say L3 TES, what is the interface between the NVE and TES? My
> assumption is that it is still L2, even if the service provided is L3.
> You'd ignore the L2 stuff (mostly), but most VMs are already set up to
> send L2 packets on their interfaces.
> 
> Also VDP is between the Hypervisor and NVE. Thus, it may still be
> needed, even if the service provided to the TES is L3 only.
> 
> Thomas