Adrin, Thanks for sharing the nice design figure.
A few comments to the figure: 1) what about VMs (or TES) in DC which are connected by IPSec? If you purchase Private Virtual Networks from Amazon's EC2, you can only connect to your VPC (VMs) via IPSec. 2) What about the VMs under your "Overlay Module" which are not part of L3VPN or L2VPN? Are they terminated by the GW or terminated at the "Overlay Module"? 3) In your picture, L3VNI/L2VNI are all terminated at the Overlay Modules. Do you mean that L3VPN/L2VPN encapsulations are actually done by the "overlay module"? If yes, then existing L3VPN/L2VPN mechanisms or solutions are already defined. What else is needed then? Linda Dunbar From: [email protected] [mailto:[email protected]] On Behalf Of Aldrin Isaac Sent: Monday, July 02, 2012 9:29 PM To: LASSERRE, MARC (MARC); [email protected] Cc: [email protected]; Lucy yong; Aldrin Isaac Subject: Re: [nvo3] call for adoption: draft-lasserre-nvo3-framework-02 (resending from my correct mailto email with minor edits) Hi Marc/David, I've attached a "proof-of-concept" design to express the points I have raised. Hopefully a picture is worth a thousand words. It is a PDF file since I simply don't have the time to draw it as ascii art. The illustration tries to capture (1) multiple VN per VNI (and relatedly, single interface on TES) and (2) VNIF. In this POC the L2-based subnet comprise of 3 VNs to force VMs to remain in their availability zone (DC) but allows them to communicate with other subnets or Internet via gateways in both DC (with preference for local DC). This illustration could represent a single tenant of a cloud DC provider or infrastructure owned and operated by an enterprise. The illustration also tries to capture a more mobile L3-based VN where routing information is in the form of host-routes with aggregation of those routes at the gateways. Best -- aldrin
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
