On 10/03/14 22:42, Erik Nordmark wrote: > On 3/4/14 11:18 PM, Anton Ivanov (antivano) wrote: >> The "security key" portion needs to go to SFC for definition where it >> belongs. The security meaning needs are real security use case and >> security assessment. Otherwise it is RFC 3514 just expanded to an >> arbitrarily large size of [do no] evil. Lots and Lots of "evil" bits >> aligned on a 32 bit boundary. Nice... > Anton, > > I'm trying to understand your argument. > > As I understand in GUE the security parameter is there to provide > additional assurance for the VNID. The NVO3 VNID is part of the GUE > proposed NVO3 encapsulation and most (all?) of the other potential > encapsulation forms. It seems odd to have the VNID be part of an NVO3 > header while the cookie/hash to provide better assurance of the > content of the VNID field be part of a service chaining header. > If you do that, shouldn't the VNID also be moved out from NVO3 to SFC?
Two possible points of view here both leading to the same result: 1. Security key is an optional parameter and is of interest only to some (not all) architecture elements. In that case we can have it specified in the SFC. No need for a new protocol 2. Secuirity key is an optional parameter of interest to all architecture elements. In that case we already have the protocol - it is called L2TPv3 and it has had an RFC status for 10 years now. No need for a new protocol. In either case result == "no need for new protocol" Here is a virtual network implementation (as per the amendments we suggested to the nvo3 architecture) of the protocol: http://lists.gnu.org/archive/html/qemu-devel/2014-03/msg01790.html Alternatively, you can configure the tunnels as endpoints for containers, OVS, Linux Bridge or any other switch on a Linux platform. You can also configure most routers as a NVE. If you want you can go and do all of your datacenter switching on a hardware router of your choice today. The NPU support is there. A. > > Regards, > Erik > > > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 > -- "If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Paul Neal "Red" Adair A. R. Ivanov E-mail: [email protected] _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
