From: Stiliadis, Dimitrios (Dimitri) [mailto:[email protected]] [...] > >In any case, regardless of whether we're considering VMs or bare-metal > >servers, in the simplest scenario the server-to-NVE connection is a > >point-to-point link, usually without VLAN tagging. > > Unfortunately not always. If the NVE is the ToR and the server is part > of a blade system, the server-to-NVE connection is actually multiplexed.
Ignoring for the moment that data centers that would benefit most from NVO3 supposedly don't over-appreciate blade servers - if the server-to-ToR switch connection is multiplexed, then there must be an active element in the blade enclosure. Usually it's a switch. Is there a good reason that switch couldn't be a NVE, but a ToR switch could be? > Same holds for "fabric extender" type of architectures. Fabric extenders using 802.1BR or the S-component of 802.1Qbg present every server NIC as a separate interface to the controlling bridge (ToR switch). > One could require that the NVE must always be one hop away and in a p2p > connection, but this would limit options. It would also make the whole setup a lot more secure, as the NVE could reliably enforce per-VM/server security policy. Once you mix traffic sourced from multiple VMs/servers into a VLAN, it's impossible to enforce reliable per-server security. > Also, if you want to consider multi-homed servers to dual NVEs, there > are some additional complexities to consider, especially if we are > looking for active/active configurations. So maybe we'd finally get a standard version of MLAG? Would be about time ;) [...] > Yes, VLAN hand offs are perfectly fine and cover most cases, and I don't > think they require a p2p link. See above. Ivan _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
