Tom, I am a bit confused in your comments. DC operators own and manage both Server devices and networks devices. When they construct a VN by using their devices for a tenant, why a VN and underlying network has to be considered as Untrusted? What do I miss here?
>From the tenant perspective, they just run the applications on the VN and do >not aware of underlying network existence, the trust/untrust does not exist >between the tenant and underlying network. IMO: the nvo3 work is to make the >VN be trusted by a tenant. Regards, Lucy -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Thomas Narten Sent: Wednesday, July 11, 2012 8:59 AM To: [email protected] Cc: [email protected] Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues draft) [email protected] writes: > There may exist different cases: > > Case 1: Virtual network and underlying infrastructure belong to the > same DC operator, In this case, the underlying infra can be > trusted Can you clarify a bit? When you say "virtual network", isn't that the tenant network, which by definition is separate from the DC operator network? I would assume that the VN and underlying infrastructure never trust each other. > Case 2: Virtual network and underlying infrastructure belong to > different DC operators, In this case, different operator may > have different security policies. So the underlying infra can > be considered as Untrusted. I would assuem this is the case we care about. Thomas _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
