Luyuan, I'm sorry but you're seriously misreading Thomas's new text ...
> > "... a single router supports multiple "virtual routers", each using its own > forwarding table, i.e., one tied to a specific tenant or VPN." > - No. VPN with multiple VRFs on a PE does not imply "virtual router" That statement is correct as written, because it describes widely available functionality on L2/L3 (Ethernet/IP) data center switches. The assumption that the statement is about "VRFs" and "PE" in BFGP/MPLS VPNS is incorrect. > > "The combination of virtual router functionality and data plane separation > provides address and traffic isolation for individual tenants." > - No, VPN does not provide traffic separation within the network (besides > forwarding to the right CE/tenant), it only provides route isolation. That's likewise incorrect; the VPN acronym was deliberately not used in this new text because it concerns data center network switches (routers), not VPNs. > > "With BGP/MPLS VPNs, MPLS encapsulation is used to provide tenant separation > across the transport "underlay" network between PEs." > - No. VPN label (inner label) is used for VPN/tenant separation, not the MPLS > encap (outer label). That "VPN label" is part of the MPLS label stack, unless I've seriously missed something. Thanks, --David > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Luyuan > Fang (lufang) > Sent: Thursday, July 05, 2012 6:49 PM > To: Thomas Narten; [email protected] > Subject: Re: [nvo3] VRF text (take 3) in draft-narten-nvo3-overlay-problem- > statement-02.txt > > Thomas, > > It is still not correct, sorry have to say it again. > > > "... a single router supports multiple "virtual routers", each using its own > forwarding table, i.e., one tied to a specific tenant or VPN." > - No. VPN with multiple VRFs on a PE does not imply "virtual router" > implementation. "virtual router" means different kind of partition. VRFs are > not required to be on separate virtual routers. > > > "The combination of virtual router functionality and data plane separation > provides address and traffic isolation for individual tenants." > - No, VPN does not provide traffic separation within the network (besides > forwarding to the right CE/tenant), it only provides route isolation. > > > "With BGP/MPLS VPNs, MPLS encapsulation is used to provide tenant separation > across the transport "underlay" network between PEs." > - No. VPN label (inner label) is used for VPN/tenant separation, not the MPLS > encap (outer label). > > I think we need to discuss if we should keep separate docs., we can take care > this topic; or merge if WG thinks better that way. > Really appreciate your effort in trying... But we need to get it right, in a > more efficient way. > > Luyuan > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Thomas Narten > > Sent: Thursday, July 05, 2012 4:23 PM > > To: [email protected] > > Subject: [nvo3] VRF text (take 3) in draft-narten-nvo3-overlay-problem- > > statement-02.txt > > > > Here is another cut at the VRF text. Thanks to both the on-list and > > off-list comments/discussion. Hopefully third time's the charm! :-) > > > > <t> > > In the case of IP networks, many routers provide a virtual > > routing and forwarding capability whereby a single > > router supports multiple "virtual routers", each using its > > own forwarding table, i.e., one tied to a specific tenant or > > VPN. Each forwarding table instance is populated separately > > via routing protocols, and adjacent routers encapsulate > > traffic in such a way that the data plane identifies the > > tenant or VPN that traffic belongs to. The combination of > > virtual router functionality and data plane separation > > provides address and traffic isolation for individual > > tenants. > > </t> > > > > <t> > > Virtual routing and forwarding is also used on PEs as part > > of providing BGP/MPLS VPN > > service <xref target="RFC4364"></xref>. With BGP/MPLS VPNs, > > MPLS encapsulation is used to provide tenant separation > > across the transport "underlay" network between PEs. When > > PEs are connected by MPLS paths, control plane protocols > > (e.g., LDP <xref target="RFC5036"></xref>) are used to set > > up the data path between PEs. Whether native MPLS paths or > > MPLs over GRE encapsulation is > > used <xref target="RFC4023"></xref>, BGP distributes the > > necessary labels among PEs for tenant separation. > > </t> > > > > Thomas > > > > _______________________________________________ > > nvo3 mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/nvo3 > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
