A comment on the security draft that came up during discussion of draft-kreeger-nvo3-hypervisor-nve-cp-01. Resending with this subject so those interested in the security draft don't miss it.
In 5.1, the signaling to the NVE to help it follow VM state and migration shouldn't be from the TS. It should be from the hypervisor. The key therefore should be a hypervisor key, not a tenant or TS key. See an excerpt from the other email below. <snip> LK> Our goal is the make the implementation of the VN completely hidden from the TS (VM). There should be no requirement to modify the TS to participate in address advertisement. There is also an issue of trust, we should try to avoid trusting a TS to advertise its address. <PAT> Larry, I agree, but the NVO3 Security draft which has the following in 5.1 isn't consistent with this: "Apart from data traffics, the NVE and the TSes also need to exchange signaling messages in order to facilitate, e.g., VM online detection, VM migration detection, or auto-provisioning/ service discovery [I-D.ietf-nvo3-framework]." The messages for these purposes should be between the NVE and the hypervisor, not the NVE and the TS. LK> I agree with you, Pat (and disagree with this statement in the security draft). We should avoid trusting Tenant Systems. Furthermore, I don't see how a TS implemented as a VM would have any idea whether it was being migrated. Maybe this is just a terminology issue because it seems like the signaling mentioned would be performed by a hypervisor, not a VM. _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
