[sami] 答复: Trying to figure out where we are

["Yingjie Gu(yingjie)" <guyingjie@huawei.com>]

Hi Thomas and all,

We are making effort on a use case draft now, and will present it at early
Sep.




Best Regards
Gu Yingjie

-----邮件原件-----
发件人: Thomas Narten [mailto:narten@us.ibm.com] 
发送时间: 2011年8月25日 乐乐21:11
收件人: Yingjie Gu(yingjie)
抄送: 'zhangyunfei'; 'Melinda Shore'; sami@ietf.org
主题: Re: [sami] Trying to figure out where we are

"Yingjie Gu(yingjie)" <guyingjie@huawei.com> writes:

> In previous mail discussion, there are questions on why should VM be
> migrated.

I think we should take it as a given that VMs move around. People do
that today, we all see the value.

> And also, in the side meeting at Quebec, people want to learn the use case
> from real scenario.

Yes. looking at specific scenarios allows us to ask the question of
whether the scenario is realistic and corresponds to what operators
actual do today (or want to do), or whether it is just a theoretical
problem (in which case it's very questionable whether the IETF should
do work.)

> I guess Yunfei's use case could be an answer to that.

See my previous posting, I don't understand what use case this is yet.

> Here are some of the states that I can see on the devices that need to be
> migrated.

> 1. States on switches:
> 1.1  DHCP snooping table on ports;

How often does DHCP snooping take place in data centers? In other
words, is this a real problem, or a theoretical one?

> 1.2  IGMP snooping table on ports;

I think we need to outline some specific scenarios that describe what
the problem actually is here. Who is doing snooping, why, and why a VM
move leaves something not working.

> 1.3  Dynamic ACL which is created by traffic or authentication;

A specific scenario  would be helpful here. Both so I can understand
the details of the problem,  and so we can discuss whether the
scenario is a real problem in existing datacenters today, or just a
theoretical problem.

> 2. States on FW
> 2.1  TCP Connect States
> 2.2  Dynamic ACL

Same as above.


> 3. States on LB
> 3.1  Connect States.
> 3.2  Session States.

Same as above.

> 4. States on IPS/IDS.
> 4.1 Cumulative data

Same as above.

> We can think about two scenarios:
> 1. VM migrate within the subnet under the same FW/LB/IPS. In this case,
> states also migrate under the same FW/LB/IPS etc.
> States need to be migrated include 1.1, 1.2, 1.3.

Before we spend a lot of time on this, we need to establish that there
are actual real scenarios that correspond to real problems happening
in data centers today. If a problem is just theoretical, it becomes
very unclear whether the IETF should do any work (at this time).

I am not interested in discussing solutions, or even the problem in
much detail, if there is no compelling scenario motivating the
problems for which solutions are being considred.

Thomas