Re: [sami] Bringing new work into the IETF
<david.black@emc.com> Mon, 22 August 2011 14:16 UTC
Return-Path: <david.black@emc.com>
X-Original-To: sami@ietfa.amsl.com
Delivered-To: sami@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E6121F8B38 for <sami@ietfa.amsl.com>; Mon, 22 Aug 2011 07:16:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.471
X-Spam-Level:
X-Spam-Status: No, score=-106.471 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vtsnp2OX+sPa for <sami@ietfa.amsl.com>; Mon, 22 Aug 2011 07:16:47 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by ietfa.amsl.com (Postfix) with ESMTP id 4558A21F8B2B for <sami@ietf.org>; Mon, 22 Aug 2011 07:16:46 -0700 (PDT)
Received: from hop04-l1d11-si03.isus.emc.com (HOP04-L1D11-SI03.isus.emc.com [10.254.111.23]) by mexforward.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p7MEHoZh026282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Aug 2011 10:17:50 -0400
Received: from mailhub.lss.emc.com (mailhub.lss.emc.com [10.254.221.251]) by hop04-l1d11-si03.isus.emc.com (RSA Interceptor); Mon, 22 Aug 2011 10:17:36 -0400
Received: from mxhub28.corp.emc.com (mxhub28.corp.emc.com [10.254.110.184]) by mailhub.lss.emc.com (Switch-3.4.3/Switch-3.4.3) with ESMTP id p7MEHKXJ032376; Mon, 22 Aug 2011 10:17:35 -0400
Received: from mx14a.corp.emc.com ([169.254.1.245]) by mxhub28.corp.emc.com ([10.254.110.184]) with mapi; Mon, 22 Aug 2011 10:16:26 -0400
From: david.black@emc.com
To: melinda.shore@gmail.com, sami@ietf.org
Date: Mon, 22 Aug 2011 10:16:25 -0400
Thread-Topic: [sami] Bringing new work into the IETF
Thread-Index: AcxepFcgBFzX3RG1RE+vwpnvfbABAACLYplQ
Message-ID: <7C4DFCE962635144B8FAE8CA11D0BF1E0589672343@MX14A.corp.emc.com>
References: <004c01cc57ec$7f602ed0$7e208c70$@com> <20110811074034.GA12533@elstar.local> <005701cc5806$03cd8370$0b688a50$@com> <4A95BA014132FF49AE685FAB4B9F17F605189C80@dfweml504-mbx.china.huawei.com> <006001cc5cbb$de6c48e0$9b44daa0$@com> <6665BC1FEA04AB47B1F75FA641C43BC08146326D@FHDP1LUMXC7V41.us.one.verizon.com> <004b01cc5d9e$c7015130$5503f390$@com> <CDDE62FF82604D09B92836C30BE7AD07@davidPC> <6665BC1FEA04AB47B1F75FA641C43BC0814DB910@FHDP1LUMXC7V41.us.one.verizon.com> <4E4EB603.7080903@gmail.com>
In-Reply-To: <4E4EB603.7080903@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EMM-MHVC: 1
Subject: Re: [sami] Bringing new work into the IETF
X-BeenThere: sami@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: State Migration <sami.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sami>, <mailto:sami-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sami>
List-Post: <mailto:sami@ietf.org>
List-Help: <mailto:sami-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sami>, <mailto:sami-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2011 14:16:48 -0000
Hi Melinda, > I've mostly been appalled by how stuff (I initially typed "work," > realized that that was not correct, and "stuff" is the only thing > I could come up with to describe what's under discussion) related to > clouds/data centers has been brought to the IETF. There's never > been a clear statement of need for a specific piece of work, no > requirements, just fishing for something that someone might possibly > be able to get a publication out of. I concur with that viewpoint. The former "clouds" mailing list was a time-sink that I had to pay attention to. > The service migration stuff struck me as different, because for > better or worse there's a lot of flow-coupled state inside the > network, often related to security but sometimes related to > transport optimization, policy routing, etc. How to move > that when live network sessions move is a real problem, and one > that's hard to solve. I also agree with this - there is an actual state migration problem in here struggling to get out. > Unfortunately you guys totally blew that > one out of the water when you reframed this as 1) moving VMs, > and 2) moving them within the same subnet. If this is really, > truly, honestly what you want to do, you're going to start to > identify specific use cases and pieces of state that you think > will need to be transferred. The only thing I can come up with > is address/port mappings in switches, and honestly that's not > very compelling. This piece of email from Ning continues the > vagueness and really doesn't provide any information that might > help evaluate the work on its technical merit. Ah, that I can help with ... ;-). If one restricts a subnet to a physical L2 subnet, I think your conclusion has a lot of merit (I reserve the right to quibble later, but this message is about something else ...). OTOH, L2 connectivity is being provided over L3 infrastructure where one may not expect it - examples of technologies that can do that include GRE, L2TP and OTV. For OTV, see draft-hasmit-otv-03, http://datatracker.ietf.org/doc/draft-hasmit-otv/ - that's a good place to start as it contains a lot of worked-out details for stretching L2 connectivity over L3 carrier infrastructure. Live migration of a virtual machine across this sort of stretched L2 connectivity is an important use case, because it's interesting (yes, people really do want to do this), and the VM's L2 and L3 addresses can't change during the migration. To a first approximation, changing any of the VM's addresses makes the VM migration non- transparent and disruptive courtesy of things like ARP caches in other VMs. One of the first things that is often done when stretching L2 subnets in this fashion is to distribute the L3 default gateway. If one moves a VM from San Jose, CA to San Francisco, CA (about 50mi), one would prefer to hand off that VM's traffic to/from the (public) Internet to an ISP in San Francisco, as opposed to hauling it back to San Jose (the latter is colloquially referred to as "hairpinning"). If it helps to understand the scenario, assume that the AS that encompasses the San Francisco and San Jose facilities (and the connection between them) is multi-homed to different ISPs in San Francisco and San Jose. The good news is that routing protocols don't like hairpinning, and will try to move the traffic to use the ISP connection in San Francisco. The bad news is that there's a stateful inspection firewall on the ISP connection in San Jose that contains things like TCP state. Hence moving the VM's TCP connections to San Francisco results in trying to use the corresponding stateful inspection firewall on the ISP connection in San Francisco, which has no state for those TCP connections, and hence bit buckets all of their packets. That would be bad, and the result is that the middlebox (firewall) requires that the TCP connections be hairpinned back to San Jose even though the routing protocols are perfectly capable of optimizing that hairpinning away via the ISP in San Francisco. So, I'm confident that there's a real problem in here, but I also strongly encourage re-reading Dave Harrington's message that started this "Bringing new work ..." thread, because it outlines some important practical considerations about whether the IETF can usefully solve this problem. To put those concerns bluntly: If we built "it", would anyone "come"? Thanks, --David > -----Original Message----- > From: sami-bounces@ietf.org [mailto:sami-bounces@ietf.org] On Behalf Of Melinda Shore > Sent: Friday, August 19, 2011 3:14 PM > To: sami@ietf.org > Subject: Re: [sami] Bringing new work into the IETF > > On 08/19/2011 08:54 AM, So, Ning wrote: > > [ ... ] > > Telecom service provider such as Verizon have significant business > > with enterprises and government agencies. One significant cloud > > service business for that market in the foreseeable future is to > > host overflow/expansion capacity for the enterprise/government > > data centers. That means the provider data centers will have to > > be multi-tenant in nature with seamless inter-working with the > > customer data centers. There are quite a few (I cannot number them) > > hypervisors out there in the market today, and the customers I know > > have all of them (although usually each customer has one or two > > hypervisors only). Without standardization means the provider > > data center has to have all of the hypervisors in each and every > > data center in order to provide the services, and it also means > > the server/network capacity in the provider data centers are > > dedicated per Hypervisor without capacity sharing. > > You guys are being asked for a technical discussion of what's > being proposed. This is marketing. > > I've mostly been appalled by how stuff (I initially typed "work," > realized that that was not correct, and "stuff" is the only thing > I could come up with to describe what's under discussion) related to > clouds/data centers has been brought to the IETF. There's never > been a clear statement of need for a specific piece of work, no > requirements, just fishing for something that someone might possibly > be able to get a publication out of. > > The service migration stuff struck me as different, because for > better or worse there's a lot of flow-coupled state inside the > network, often related to security but sometimes related to > transport optimization, policy routing, etc. How to move > that when live network sessions move is a real problem, and one > that's hard to solve. Unfortunately you guys totally blew that > one out of the water when you reframed this as 1) moving VMs, > and 2) moving them within the same subnet. If this is really, > truly, honestly what you want to do, you're going to start to > identify specific use cases and pieces of state that you think > will need to be transferred. The only thing I can come up with > is address/port mappings in switches, and honestly that's not > very compelling. This piece of email from Ning continues the > vagueness and really doesn't provide any information that might > help evaluate the work on its technical merit. > > Melinda Shore > _______________________________________________ > sami mailing list > sami@ietf.org > https://www.ietf.org/mailman/listinfo/sami
- [sami] Welcome to SAMI and something you may like… Yingjie Gu(yingjie)
- Re: [sami] Welcome to SAMI and something you may … Juergen Schoenwaelder
- Re: [sami] Welcome to SAMI and something you may … Yingjie Gu(yingjie)
- Re: [sami] Welcome to SAMI and something you may … Linda Dunbar
- Re: [sami] Welcome to SAMI and something you may … Yingjie Gu(yingjie)
- Re: [sami] Welcome to SAMI and something you may … So, Ning
- Re: [sami] Welcome to SAMI and something you may … Melinda Shore
- Re: [sami] Welcome to SAMI and something you may … Yingjie Gu(yingjie)
- Re: [sami] Welcome to SAMI and something you may … Yingjie Gu(yingjie)
- Re: [sami] Welcome to SAMI and something you may … So, Ning
- Re: [sami] Welcome to SAMI and something you may … Melinda Shore
- [sami] Scope [was Re: Welcome to SAMI and somethi… Melinda Shore
- Re: [sami] Bringing new work into the IETF Yingjie Gu(yingjie)
- [sami] Bringing new work into the IETF David Harrington
- Re: [sami] Bringing new work into the IETF Melinda Shore
- Re: [sami] Bringing new work into the IETF Thomas Narten
- Re: [sami] Welcome to SAMI and something you may … Juergen Schoenwaelder
- Re: [sami] Bringing new work into the IETF So, Ning
- Re: [sami] Bringing new work into the IETF Melinda Shore
- Re: [sami] Bringing new work into the IETF Thomas Narten
- Re: [sami] Bringing new work into the IETF So, Ning
- Re: [sami] Bringing new work into the IETF david.black
- [sami] 答复: Trying to figure out where we are Yingjie Gu(yingjie)
- Re: [sami] Bringing new work into the IETF Melinda Shore
- Re: [sami] Bringing new work into the IETF Benson Schliesser
- Re: [sami] Bringing new work into the IETF So, Ning
- Re: [sami] Welcome to SAMI and something you may … Warren Kumari
- [sami] Trying to figure out where we are Melinda Shore
- Re: [sami] Trying to figure out where we are Yingjie Gu(yingjie)
- Re: [sami] Trying to figure out where we are zhangyunfei
- Re: [sami] Trying to figure out where we are Thomas Narten
- Re: [sami] Trying to figure out where we are Jamal Hadi Salim
- Re: [sami] Trying to figure out where we are Yingjie Gu(yingjie)
- Re: [sami] Trying to figure out where we are Thomas Narten
- Re: [sami] Trying to figure out where we are Warren Kumari