> -----邮件原件----- > 发件人: [email protected] [mailto:[email protected]] 代表 > NAPIERALA, MARIA H > 发送时间: 2012年7月12日 11:03 > 收件人: Larry Kreeger (kreeger); Luyuan Fang (lufang); Paul Unbehagen > 抄送: Thomas Narten; [email protected]; Lucy yong > 主题: Re: [nvo3] TES-NVE attach/detach protocol security (mobility-issues > draft) > > > From: Larry Kreeger (kreeger) [mailto:[email protected]] > > Sent: Wednesday, July 11, 2012 2:06 PM > > To: Luyuan Fang (lufang); Paul Unbehagen; NAPIERALA, MARIA H > > Cc: Thomas Narten; [email protected]; Lucy yong > > Subject: Re: [nvo3] TES-NVE attach/detach protocol security (mobility- > > issues draft) > > > > On 7/11/12 10:28 AM, "Luyuan Fang (lufang)" <[email protected]> wrote: > > > > >Thomas, Larry, Lucy, Maria, and Paul, > > <snip> > > > >3) If NVE and TES are not in the same physical device, TES to NVE > > using > > >L2, then VDP or VDP-like protocol plays important role for discovery > > and > > >more. > > > > I'm not sure why you differentiate the cases of L2 and L3. The tenant > > VN > > traffic on the wire between the Hypervisor and the Access switch/router > > needs to be differentiated (since TESs from different tenants could be > > present on the same hypervisor), so some kind of tag (like a locally > > significant VLAN tag) needs to be negotiated with the NVE across that > > wire, > > Correct. In the "end-system L3VPN" proposal the virtual interface within a > given end-system is identified by the combination of the physical interface > MAC > address and 802.1Q tag. This tag is unique only within the end-system. The > first-hop router (NVE) responds to all ARP requests from the end-system and > performs IP lookup on every packet. MAC address of the guest OS is not on the > wire.
Hi Maria, I guess the current "end-system L3VPN" proposal should belong to case 1, rather than case 3 where NVE and TES are not in the same physical device, unless the "end-system L3VPN" makes some changes as follows: XMPP is only used as a signaling of VM attachment/detachment events between hypervisors and ToRs, rather than as a replacement of BGP-based L3VPN signaling. In this way, the NVE functionality (i.e., L3VPN PE) is performed on the ToRs, rather than on the end-systems. Best regards, Xiaohu > > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
