IETF Logo Mail Archive

Re: [sami] A new draft on state migration use cases is submitted.

Linda Dunbar <linda.dunbar@huawei.com> Mon, 10 October 2011 20:45 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: sami@ietfa.amsl.com
Delivered-To: sami@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ED3521F8C7C for <sami@ietfa.amsl.com>; Mon, 10 Oct 2011 13:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRn+CONxH3rE for <sami@ietfa.amsl.com>; Mon, 10 Oct 2011 13:45:52 -0700 (PDT)
Received: from usaga04-in.huawei.com (usaga04-in.huawei.com [206.16.17.180]) by ietfa.amsl.com (Postfix) with ESMTP id 34C7421F8C6A for <sami@ietf.org>; Mon, 10 Oct 2011 13:45:52 -0700 (PDT)
Received: from huawei.com (usaga04-in [172.18.4.101]) by usaga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSV002OFB0E5O@usaga04-in.huawei.com> for sami@ietf.org; Mon, 10 Oct 2011 15:45:51 -0500 (CDT)
Received: from dfweml202-edg.china.huawei.com ([172.18.4.104]) by usaga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LSV00N9MB0D3M@usaga04-in.huawei.com> for sami@ietf.org; Mon, 10 Oct 2011 15:45:50 -0500 (CDT)
Received: from DFWEML402-HUB.china.huawei.com (10.193.5.102) by dfweml202-edg.china.huawei.com (172.18.9.108) with Microsoft SMTP Server (TLS) id 14.1.270.1; Mon, 10 Oct 2011 13:45:50 -0700
Received: from DFWEML506-MBX.china.huawei.com ([10.124.31.111]) by DFWEML402-HUB.china.huawei.com ([::1]) with mapi id 14.01.0270.001; Mon, 10 Oct 2011 13:45:39 -0700
Date: Mon, 10 Oct 2011 20:45:39 +0000
From: Linda Dunbar <linda.dunbar@huawei.com>
In-reply-to: <2CE4AB2F9CD06543A3F2B0FE76661E12125C85F9@fzex.ruijie.com.cn>
X-Originating-IP: [10.47.139.108]
To: "刘茗(研六 福州)" <lium@ruijie.com.cn>, "Yingjie Gu(yingjie)" <guyingjie@huawei.com>, 'Juergen Schoenwaelder' <j.schoenwaelder@jacobs-university.de>
Message-id: <4A95BA014132FF49AE685FAB4B9F17F61209F3D1@dfweml506-mbx>
MIME-version: 1.0
Content-type: text/plain; charset="utf-8"
Content-language: en-US
Content-transfer-encoding: base64
Accept-Language: en-US
Thread-topic: [sami] A new draft on state migration use cases is submitted.
Thread-index: AQHMgdvJusSHqGlyAkCWTLPzhBKd/JV0g+YAgAAnLwCAAJ2KAIAA2a2A///oKQA=
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
References: <CAB+71L3btz_h8Lkm9jW-WHUeS4=K-Jq-r9mmX94=NdHiepkJ-Q@mail.gmail.com> <2CE4AB2F9CD06543A3F2B0FE76661E12125C8295@fzex.ruijie.com.cn> <20111009160138.GB99820@elstar.local> <000601cc86eb$829967f0$87cc37d0$@com> <2CE4AB2F9CD06543A3F2B0FE76661E12125C85F9@fzex.ruijie.com.cn>
Cc: 'A tao' <yangjingtao@gmail.com>, "sami@ietf.org" <sami@ietf.org>
Subject: Re: [sami] A new draft on state migration use cases is submitted.
X-BeenThere: sami@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: State Migration <sami.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sami>, <mailto:sami-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sami>
List-Post: <mailto:sami@ietf.org>
List-Help: <mailto:sami-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sami>, <mailto:sami-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2011 20:45:53 -0000

Tao, 

That is an interesting description. Can you elaborate a little bit on pros and cons of hypervisor CPU taken by the security vs. the extra processing on switches? 

Linda 

> -----Original Message-----
> From: sami-bounces@ietf.org [mailto:sami-bounces@ietf.org] On Behalf Of
> 刘茗(研六 福州)
> Sent: Monday, October 10, 2011 9:25 AM
> To: Yingjie Gu(yingjie); 'Juergen Schoenwaelder'
> Cc: 'A tao'; sami@ietf.org
> Subject: Re: [sami] A new draft on state migration use cases is
> submitted.
> 
> Dear  Yingjie,
> 
> Yes, you got my point. Our customers deploy the virtualization in order
> to improve the utility of hardware resources, especially the CPU . But
> the security policy executed by the hypervisor will consume the CPU
> resource without money back. So if the switches can migrate the
> security policy across the physical machine, it will make more money
> back.
> 
> Oh, I forgot introducing myself. My name is Ming Liu. I'm  a product
> manager from a network product vendor in China mainland and in charge
> of solutions and products for Data Center. And our customers include
> government, universities, ICP and so on .
> 
> -----Original Message-----
> From: Yingjie Gu(yingjie) [mailto:guyingjie@huawei.com]
> Sent: Monday, October 10, 2011 9:25 AM
> To: 'Juergen Schoenwaelder'; 刘茗(研六 福州)
> Cc: 'A tao'; sami@ietf.org
> Subject: Re: [sami] A new draft on state migration use cases is
> submitted.
> 
> Ming, you'd better introduce yourself :)
> 
> My understanding of these words is that, instead of deploying ACLs on
> Hypervisor and try to migrate ACLs between Hypervisors, the customer
> would like the ACLs be deployed on switches and migrate ACLs between
> switches.
> 
> Is this what you mean, Ming?
> 
> 
> Best Regards
> Gu Yingjie
> 
> -----邮件原件-----
> 发件人: sami-bounces@ietf.org [mailto:sami-bounces@ietf.org] 代表
> Juergen Schoenwaelder
> 发送时间: 2011年10月10日 乐乐0:02
> 收件人: 刘茗(研六 福州)
> 抄送: A tao; sami@ietf.org
> 主题: Re: [sami] A new draft on state migration use cases is submitted.
> 
> On Sun, Oct 09, 2011 at 01:41:24PM +0000, 刘茗(研六 福州) wrote:
> > One of our customers, the leader of online shopping provider in china,
> have the same requirement.  They run VMs on the power x86 machine with
> KVM hypervisor. For some security reasons, they applied the ACLs
> through the Linux’s IPtable running on the Hypervisor. But when the VM
> floating , the IPtable profile can not be migrated to the other machine.
> So they hope the switch can replace the IPTable  and can migrates the
> ACL profiles for the VM when floating .
> 
> The switches really have nothing to do with ACLs sitting in the
> hypervisor. Making the switches responsible for migrating the ACLs
> seems broken to me.
> 
> /js
> 
> --
> Juergen Schoenwaelder           Jacobs University Bremen gGmbH
> Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
> Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>
> _______________________________________________
> sami mailing list
> sami@ietf.org
> https://www.ietf.org/mailman/listinfo/sami
> 
> _______________________________________________
> sami mailing list
> sami@ietf.org
> https://www.ietf.org/mailman/listinfo/sami

v2.23.0 | Report a Bug | By Email