Hi Thomas, I can see where the phrase "Virtual network and underlying infrastructure" can be interpreted differently. It would be good for Yinxing to clarify. My interpretation was that he meant "The NVEs and underlying infrastructure".
Certainly the traffic within a given virtual network is tenant traffic and should not be trusted and must be isolated from the underlying network, but the implementation/administration of a virtual network is done by data center administrators (not the tenants). - Larry On 7/11/12 6:58 AM, "Thomas Narten" <[email protected]> wrote: >[email protected] writes: > >> There may exist different cases: >> >> Case 1: Virtual network and underlying infrastructure belong to the >> same DC operator, In this case, the underlying infra can be >> trusted > >Can you clarify a bit? When you say "virtual network", isn't that the >tenant network, which by definition is separate from the DC operator >network? I would assume that the VN and underlying infrastructure >never trust each other. > >> Case 2: Virtual network and underlying infrastructure belong to >> different DC operators, In this case, different operator may >> have different security policies. So the underlying infra can >> be considered as Untrusted. > >I would assuem this is the case we care about. > >Thomas > >_______________________________________________ >nvo3 mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
