Hi, Regarding IPSec to connect to VMs; are you referring to providing IPSec as a method to provide secure connectivity to the VMs in a DC? Or are you interested is describing connectivity between VMs in a private cloud and VMs in EC2 via VPC?
Either can be accomplished by connecting an IPSec tunnel and associated routes into the L3VPN Access Mesh or L3VPN Interconnect Mesh. Kind regards, Truman On Tue, Jul 3, 2012 at 3:58 PM, Linda Dunbar <[email protected]>wrote: > Adrin, **** > > ** ** > > Thanks for sharing the nice design figure. **** > > ** ** > > A few comments to the figure: **** > > **1) **what about VMs (or TES) in DC which are connected by IPSec? > If you purchase Private Virtual Networks from Amazon’s EC2, you can only > connect to your VPC (VMs) via IPSec. **** > > **2) **What about the VMs under your “Overlay Module” which are not > part of L3VPN or L2VPN? Are they terminated by the GW or terminated at the > “Overlay Module”? **** > > **3) **In your picture, L3VNI/L2VNI are all terminated at the > Overlay Modules. Do you mean that L3VPN/L2VPN encapsulations are actually > done by the “overlay module”? If yes, then existing L3VPN/L2VPN > mechanisms or solutions are already defined. What else is needed then? ** > ** > > ** ** > > Linda Dunbar**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Aldrin Isaac > *Sent:* Monday, July 02, 2012 9:29 PM > *To:* LASSERRE, MARC (MARC); [email protected] > *Cc:* [email protected]; Lucy yong; Aldrin Isaac > *Subject:* Re: [nvo3] call for adoption: draft-lasserre-nvo3-framework-02* > *** > > ** ** > > (resending from my correct mailto email with minor edits)**** > > ** ** > > ** ** > > Hi Marc/David,**** > > ** ** > > I've attached a "proof-of-concept" design to express the points I have > raised. Hopefully a picture is worth a thousand words. It is a PDF file > since I simply don't have the time to draw it as ascii art.**** > > ** ** > > The illustration tries to capture (1) multiple VN per VNI (and relatedly, > single interface on TES) and (2) VNIF. In this POC the L2-based subnet > comprise of 3 VNs to force VMs to remain in their availability zone (DC) > but allows them to communicate with other subnets or Internet via gateways > in both DC (with preference for local DC). This illustration could > represent a single tenant of a cloud DC provider or infrastructure owned > and operated by an enterprise.**** > > ** ** > > The illustration also tries to capture a more mobile L3-based VN where > routing information is in the form of host-routes with aggregation of those > routes at the gateways.**** > > ** ** > > Best -- aldrin**** > > ** ** > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 > >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
