Hi Maria and Luyuan,

I read through this document. It is well written document. I have some comments 
and questions as follow.


*         In section 2.2., it requires that in end-system environment,  the PE 
forwarding function should decouple from PE control function (physically) but 
does not make any requirement on the interworking between  two functions. Do 
you expect the proprietary implementation in this interworking is acceptable  
or have to be a standardized interworking solution? I suggest mentioning this 
decoupling also enables some "centralized/distributed"  combined control plane 
solution, which may fit the DC environment better.

*         Section 3.3 IP subnet support. Could you elaborate how you want to 
group virtual resources into IP subnets? Do you mean Sp may want the resources 
that run VoIP on one IP subnet and the resources that run video on another IP 
subnets regardless where the resources locate?  What does  "user defined IP 
subnet" mean? Please give an example.

*         Text:
   A collection of virtual resources might provide external or
   internal services. Such collection may serve an external "customer"
   or internal "tenant" to whom a Service Provider provides
   service(s). In MPLS/BGP VPN terminology a collection of virtual
   resources dedicated to a process or application corresponds to a
   VPN.
   -end. The first sentence means cloud service. The resources include compute, 
storage, network appliance, and networking. It is not clear to me what the 
second sentence mean?


*         Text: -VM or application end-point should be able to directly access
      multiple VPNs without a need to traverse a gateway. -end.
   In this case, does it use the same IP address or different IP address when 
accessing different VPNs? Please clarify.


*         In section 5, suggest to add one advantage, it makes IP mobility 
easier because the decoupling eliminates the physical network limitation in 
supporting the mobility

*         Text: the virtual service itself must be delivered to an
   end-system such that switching elements connecting the end-system
   to the encap/decap device are not aware of the virtual topology.
-end. This is about local access between CE and PE, right? This is always the 
case. Do you expect the payload to be encapsulated in local access too? Why 
state it in this section?

*         Regarding to section 7.1, Do you require that the end system to 
support LDP and RSVP-TE in order to support the end-system VPN?

*         In Section 8, what is the midpoint router? The first hop router, or 
gateway router, or any LSR? Describe from one end-system to another end system 
do not make this clear because PE may be on the end-system or may not.

*         In section 9, what does "abstracting the externally visible network 
address from ..." mean?

*         In section 10, text:
   The inter-connection of end-system VPNs with traditional VPNs
   requires an integrated control plane and unified orchestration of
   network and end-system resources. -end.
   What does that mean? Do you want to say interworking between traditional 
control plane in WAN and orchestration system in DC?



*         There is no any requirement on a gateway usage. Do you expect no 
gateway at all in end system VPN? Do we need NAT, firewall in end system VPN?

*         The document does not use the requirement language to describe the 
requirement. "MUST", "SHOULD", etc.

Look forward to hearing from you on these.

Cheers,
Lucy

Reply via email to