Hi Petro and other co-authors, Here are some comments.
The draft provides an IP VPN service solution to end-system virtual interface. But, IMHO, it is not a network virtualization solution. The network virtualization in NVO3 or industry has more ingredients besides providing IP VN. Do you have a plan to extend this solution for the network virtualization? If not, suggest distinguishing two. This solution essential is having network-based access control, which could make VM mobility solution very hard. Because the network has to give the access permission first to the new site first. Using VPN/Route Target concept provides VPN route path control also results in quite complex import/export RT policies configuration. People may not realize that yet. The solution further pretty relies on egress assigned local label for VN traffic segregation in data plane and facilities egress local forwarding process. IMO: this solution principal is quite different from industry vision on cloud applications, virtualization, enabling a cloud application in a full virtualized environment although it may fit some cloud applications. Like to hear your opinion on this. Text: BGP also optimizes the route distribution for sparse events. The Route Target Constraint [RFC4684] extension, builds an optimal distribution tree for message propagation based on VPN membership. Comments: This method optimized the route distribution for interested VPN sites, not interested end-system virtual network interface. In a virtualization environment, caching interested virtual network interfaces at the forwarder is valuable for the scalability. What is the point in the given example? "As an example consider a topology in which 100 End-System Route Servers are deployed in a network each serving a subset of the VPN forwarding elements...". It is obvious if using more End-System Route Servers, each server will serve less number of clients? Text: From an IP address assignment point of view, a virtual network interface is addressed out of the virtual IP topology and associated with a "closed user group" or VPN, while the physical interface of the machine is addressed in the network infrastructure topology. The statement is not clear to me. Does it mean that IP address separation between the VN and physical network? Text: Both static and dynamic IP address allocation can be supported. The later assumes that the VPN Forwarder implements a DHCP relay or DHCP proxy functionality. Does this mean to assign an IP address to virtual network interface? The solution also require IP configuration on the client side of the interface. This means that the solution requires the special configuration on guest OS, is that right? Have any end-system vender implemented this solution? Do you also plan to address multicast support in the solution? The draft uses both virtual interface and virtual network interface, suggest making the consistency. The draft should define the end-system in the terminology. Look forward to discussing with you more on the solution in YVR. Regards, Lucy
