[secdir] [new-work] WG Review: Network Virtualization Overlays (nvo3)

IESG Secretary <iesg-secretary@ietf.org> Tue, 17 April 2012 16:47 UTC

Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5085D11E80CE; Tue, 17 Apr 2012 09:47:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1334681279; bh=GWK3Re4c8u5welztv2ChSGLwtJssAKOcHjpIHB5fQFk=; h=MIME-Version:From:To:Message-ID:Date:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=V7SiWMu/+SXbOTNgPrUv07VfO8LuyhdTbROnnRInYYd4UQxLgmrIr0pG0OVLAoUOX 82UfvXCHu/3Uw2KMaRyWPPxMYq5Uk0TlyXFePL1XvJwoOiQO1OopRWC646YObyd7Oj aG40hWu2x3lN6bcAIvtiHSlk7ACIC6bTpqx4TIwo=
X-Original-To: new-work@ietfa.amsl.com
Delivered-To: new-work@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E40911E80CE; Tue, 17 Apr 2012 09:47:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.561
X-Spam-Level:
X-Spam-Status: No, score=-102.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqHsrjbrPGsC; Tue, 17 Apr 2012 09:47:58 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 754BC11E80CC; Tue, 17 Apr 2012 09:47:58 -0700 (PDT)
MIME-Version: 1.0
From: IESG Secretary <iesg-secretary@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120417164758.21917.5204.idtracker@ietfa.amsl.com>
Date: Tue, 17 Apr 2012 09:47:58 -0700
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: new-work-bounces@ietf.org
Errors-To: new-work-bounces@ietf.org
X-Mailman-Approved-At: Tue, 17 Apr 2012 10:24:15 -0700
Subject: [secdir] [new-work] WG Review: Network Virtualization Overlays (nvo3)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2012 16:47:59 -0000

A new IETF working group has been proposed in the Routing Area.  The IESG has not made any determination as yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by Tuesday, April 24, 2012.                             

Network Virtualization Overlays (nvo3)
-----------------------------------------
Status: Proposed Working Group
Last Updated: 2012-04-13

Chair(s):
 TBD

Routing Area Director(s):
 Stewart Bryant <stbryant@cisco.com>
 Adrian Farrel <adrian@olddog.co.uk>

Routing Area Advisor:
 Stewart Bryant <stbryant@cisco.com>

Internet Area Advisor:
 TBD

Operations Area Advisor:
 TBD

Mailing Lists: 
 Address:	nvo3@ietf.org
 To Subscribe:	https://www.ietf.org/mailman/listinfo/nvo3
 Archive:	http://www.ietf.org/mail-archive/web/nvo3/

Description of Working Group:

Support for  multi-tenancy has become a core requirement of data centers
(DCs), especially in the context of data centers supporting virtualized
hosts known as virtual machines (VMs).  Two key requirements needed
to support multi-tenancy are traffic isolation, so that a tenant's
traffic is not visible to any other tenant, and address independence,
so that one tenant's addressing does not collide with other tenants
addressing schemes or with addresses used within the data center itself.
Another key requirement is to support the placement and migration of
VMs anywhere within the data center, without being limited by DC
network constraints such as the IP subnet boundaries of the
underlying DC network.

An NVO3 solution (known here as a Data Center Virtual Private
Network (DCVPN)) is a VPN that is viable across a scaling range of
a few thousand VMs to several million VMs running on greater
than 100K physical servers. It thus has good scaling properties
from relativly small networks to networks with several million
DCVPN endpoints and hundreds of thousands DCVPNs within a
single administrative domain.

Note that although this charter uses the term VM throughout, NVO3 must
also support connectivity to traditional hosts e.g. hosts that do not
have hypervisors.

NVO3 will develop an approach to multi-tenancy that uses a
Layer 3 encapsulation rather than relying on
traditional L2 isolation mechanisms (e.g., VLANs) to support
multi-tenancy. The approach will provide an emulated Ethernet
service capable of satisfying typical data center deployments.

NVO3 will document the problem statement, the applicability, and an
architectural framework for DCVPNs within a data center
environment. Within this framework, functional blocks will be defined to
allow the dynamic attachment / detachment of VMs to their DCVPN,
and the interconnection of elements of the DCVPNs over
the underlying physical network. This will support delivery of packets
to the destination VM, and provide the network functions required for
the migration of VMs within the network in a sub-second timeframe.

Based on this framework, the WG will develop requirements for both
control plane protocol(s) and data plane encapsulation format(s), and
perform a gap analysis of existing candidate mechanisms. In addition
to functional and architectural requirements, NVO3 will develop 
management, operational, OAM, maintenance, troubleshooting, and security requirements.

The WG will investigate the interconnection of the DCVPNs
and their tenants with non-NVO3 IP network(s) to determine if
any specific work is needed.

The NVO3 will write the following informational RFCs, which
must be substantially complete before rechartering can be
considered:
    Problem Statement
    Framework document
    Control plane requirements document
    Data plane requirements document
    Operational Requirements
    Gap Analysis

Driven by the requirements and consistent with the gap analysis,
the WG may request being rechartered to document solutions
consisting of one or more data plane encapsulations and
control plane protocols as applicable.  Any documented
solutions will use existing mechanisms if suitable, or
will develop new mechanisms if necessary.

If the WG anticipates the adoption  of the technologies of
another SDO, such as the IEEE, as part of the solution, it
will liaise with that SDO to ensure the compatibility of
the approach.


Milestones:

Dec 2012 Problem Statement submitted for IESG review
Dec 2012 Framework document submitted for IESG review
Dec 2012 Control plane requirements submitted for IESG review
Dec 2012 Data plane requirements submitted for IESG review
Dec 2012 Operational Requirements submitted for IESG review
Dec 2012 Gap Analysis submitted for IESG review
Dec 2012 Recharter or close Working Group
_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work