> From: Larry Kreeger (kreeger) [mailto:[email protected]] > Sent: Wednesday, July 11, 2012 2:06 PM > To: Luyuan Fang (lufang); Paul Unbehagen; NAPIERALA, MARIA H > Cc: Thomas Narten; [email protected]; Lucy yong > Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility- > issues draft) > > On 7/11/12 10:28 AM, "Luyuan Fang (lufang)" <[email protected]> wrote: > > >Thomas, Larry, Lucy, Maria, and Paul,
<snip> > >3) If NVE and TES are not in the same physical device, TES to NVE > using > >L2, then VDP or VDP-like protocol plays important role for discovery > and > >more. > > I'm not sure why you differentiate the cases of L2 and L3. The tenant > VN > traffic on the wire between the Hypervisor and the Access switch/router > needs to be differentiated (since TESs from different tenants could be > present on the same hypervisor), so some kind of tag (like a locally > significant VLAN tag) needs to be negotiated with the NVE across that > wire, Correct. In the "end-system L3VPN" proposal the virtual interface within a given end-system is identified by the combination of the physical interface MAC address and 802.1Q tag. This tag is unique only within the end-system. The first-hop router (NVE) responds to all ARP requests from the end-system and performs IP lookup on every packet. MAC address of the guest OS is not on the wire. _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
