Much as I'd love to get rid of traffic trombones, we might have to live with dedicated L4-7 appliances (physical or virtual) and associated trombones to satisfy the whims of security/compliance auditors (PCI comes to mind).
On a more technical note, firewalls are be easy (more so if they don't do deep packet inspection), but architecting a scalable distributed load balancer w/o traffic trombones might be an interesting task. Ivan > -----Original Message----- > From: Melinda Shore [mailto:[email protected]] > Sent: Monday, July 23, 2012 6:37 PM > To: Ivan Pepelnjak > Cc: [email protected] > Subject: Re: [nvo3] server2nve signaling: VM migration > > On 7/23/12 8:33 AM, Ivan Pepelnjak wrote: > > Network state needs to be migrated only if the hypervisor (or a kernel > > plug-in) provides the service (example: VMware vShield App/Zones, > > Juniper VGW, Xen OpenFlow-based filters). If you use physical or > > virtual appliances connected to a virtual L2 or L3 segment, then > > there's no need to move the state, as the appliance (where the state > > is) hasn't moved. > > Only in a tromboning topology, which we're trying to avoid. > > Melinda _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
