Hi, Lucy,
On 8/27/2016 2:17 AM, Lucy yong wrote:
>
> /Hi Allan, Joe, et al,/
>
> / /
>
> /Regarding the structure concern in Section 4, I propose to split two
> cases into two sections: 1) Supporting Multiple Technologies 2) DC
> application with multiple virtual networks, i.e. DMZ case. Draft
> already explains why both cases are useful./
>
> / /
>
> /The use case in Section 4.2 (-08) is described with a problem, i.e.
> using subnet. It should be “A tenant network is configured with
> multiple subnetworks”; the example is to show that some subnetworks
> may be configured as an L2VN while another is configured as L3.
> /
>
I'm confused by this description. L3 subnets are contiguous address
ranges that are reachable from each other without use of a router (i.e.,
without decrementing the TTL).
L3 doesn't care whether the L2 is virtual or not.
> /The motivation of such configuration is that, within DC, L2 is the
> often way for VMs connections, however, BIG L2 broadcast domains
> across DC sites can cause a concern in terms of WAN security,
> scalability, etc. /
>
There are many ways to address L2 (virtual or not) scale and security,
including proxy ARP servers local to each physical site.
> /Therefore, an L3VN is configured to interconnect DC L2VNs over a WAN.
> IMO: this is different from the DMZ intent./
>
A DMZ is not necessarily related to a subnet at all.
> //
>
> / /
>
> /If we agree that this is valuable and important case to document, we
> can keep it. If not, we can simply remove the case (we have enough use
> cases here //J//). Please let me know./
>
> / /
>
> /Attached is the revised version accordingly. Please review and help
> to improve it where necessary. /
>
I found the text in the draft in Sec 4.3 confusing along the lines
mentioned above. The doc needs to be more clear about what it means when
using the term subnet, and this should be the L3 definition.
Some notes below, embedded in a copy of that text:
> 4.3. Tenant Network with Multiple Subnetworks
>
> A tenant network may be configured with multiple subnetworks. One
change to:
multiple Internet subnets, as defined in RFC1812.
> example, when a tenant network are across multiple DC sites, DC
> operators may configure an L2VN within each DC site and an L3VN over
change to:
within each DC site interconnected by routers (gateways) as an L3VN over
> WANs for the network. The motivation for this configuration is that
> L2VN is a common way connecting VMs within a DC; however a big
>
>
>
> Yong, et al. [Page 9]
> �
> Internet-Draft NVO3 Use Case August 2016
>
> broadcast domain across multiple DC sites and WAN networks raises
across multiple DC sites and spanning wide area distances over WAN
networks raises
> security and scalability concerns. Alternative is to use an L3VN to
> interconnect these L2VNs at DC sites,
I don't understand the above. That is the same solution as the first
example you have given.
You either have one L2VN that spans DCs or separate L2VNs. Those
separate L2VNs are L3 subnets, which - by definition - need a gateway in
order to be connected together as a network.
Joe
Joe
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
