Thomas, It is still not correct, sorry have to say it again.
> "... a single router supports multiple "virtual routers", each using its own > forwarding table, i.e., one tied to a specific tenant or VPN." - No. VPN with multiple VRFs on a PE does not imply "virtual router" implementation. "virtual router" means different kind of partition. VRFs are not required to be on separate virtual routers. > "The combination of virtual router functionality and data plane separation > provides address and traffic isolation for individual tenants." - No, VPN does not provide traffic separation within the network (besides forwarding to the right CE/tenant), it only provides route isolation. > "With BGP/MPLS VPNs, MPLS encapsulation is used to provide tenant separation > across the transport "underlay" network between PEs." - No. VPN label (inner label) is used for VPN/tenant separation, not the MPLS encap (outer label). I think we need to discuss if we should keep separate docs., we can take care this topic; or merge if WG thinks better that way. Really appreciate your effort in trying... But we need to get it right, in a more efficient way. Luyuan > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Thomas Narten > Sent: Thursday, July 05, 2012 4:23 PM > To: [email protected] > Subject: [nvo3] VRF text (take 3) in draft-narten-nvo3-overlay-problem- > statement-02.txt > > Here is another cut at the VRF text. Thanks to both the on-list and > off-list comments/discussion. Hopefully third time's the charm! :-) > > <t> > In the case of IP networks, many routers provide a virtual > routing and forwarding capability whereby a single > router supports multiple "virtual routers", each using its > own forwarding table, i.e., one tied to a specific tenant or > VPN. Each forwarding table instance is populated separately > via routing protocols, and adjacent routers encapsulate > traffic in such a way that the data plane identifies the > tenant or VPN that traffic belongs to. The combination of > virtual router functionality and data plane separation > provides address and traffic isolation for individual > tenants. > </t> > > <t> > Virtual routing and forwarding is also used on PEs as part > of providing BGP/MPLS VPN > service <xref target="RFC4364"></xref>. With BGP/MPLS VPNs, > MPLS encapsulation is used to provide tenant separation > across the transport "underlay" network between PEs. When > PEs are connected by MPLS paths, control plane protocols > (e.g., LDP <xref target="RFC5036"></xref>) are used to set > up the data path between PEs. Whether native MPLS paths or > MPLs over GRE encapsulation is > used <xref target="RFC4023"></xref>, BGP distributes the > necessary labels among PEs for tenant separation. > </t> > > Thomas > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
