Hi Joe, See inline below.
From: Joe Touch [mailto:[email protected]] Sent: Monday, August 29, 2016 5:25 PM To: Lucy yong; David Allan I; [email protected]; Bocci, Matthew (Nokia - GB) Subject: Re: Call for interest on NVO3 use case draft Hi, Lucy, On 8/29/2016 3:03 PM, Lucy yong wrote: Hi Joe, Please see my comments inline below. From: Joe Touch [mailto:[email protected]] Sent: Monday, August 29, 2016 4:40 PM To: Lucy yong; David Allan I; [email protected]<mailto:[email protected]>; Bocci, Matthew (Nokia - GB) Subject: Re: Call for interest on NVO3 use case draft Hi, Lucy, On 8/27/2016 2:17 AM, Lucy yong wrote: Hi Allan, Joe, et al, Regarding the structure concern in Section 4, I propose to split two cases into two sections: 1) Supporting Multiple Technologies 2) DC application with multiple virtual networks, i.e. DMZ case. Draft already explains why both cases are useful. The use case in Section 4.2 (-08) is described with a problem, i.e. using subnet. It should be “A tenant network is configured with multiple subnetworks”; the example is to show that some subnetworks may be configured as an L2VN while another is configured as L3. I'm confused by this description. L3 subnets are contiguous address ranges that are reachable from each other without use of a router (i.e., without decrementing the TTL). L3 doesn't care whether the L2 is virtual or not. [Lucy] Could you pls look at the Section 4.3 in attached version and will that description a bit clear to you? I did, but it is not clear. You have multiple L2s that are interconnected without using an L3 router. I don't understand what that means. The motivation of such configuration is that, within DC, L2 is the often way for VMs connections, however, BIG L2 broadcast domains across DC sites can cause a concern in terms of WAN security, scalability, etc. There are many ways to address L2 (virtual or not) scale and security, including proxy ARP servers local to each physical site. [Lucy] Right. Here gives one NV03 implementation example. No intention to list all of them. Agree there are many ways to address security and scale concerns. Therefore, an L3VN is configured to interconnect DC L2VNs over a WAN. IMO: this is different from the DMZ intent. A DMZ is not necessarily related to a subnet at all. [Lucy] right, DMZ is described in the attached version in Section 4.2. please take a look. OK ( though that definition should use the term "subnet" and focus on addresses, not whether it is a single computer or not. [Lucy] agree. If we agree that this is valuable and important case to document, we can keep it. If not, we can simply remove the case (we have enough use cases here ☺). Please let me know. Attached is the revised version accordingly. Please review and help to improve it where necessary. I found the text in the draft in Sec 4.3 confusing along the lines mentioned above. The doc needs to be more clear about what it means when using the term subnet, and this should be the L3 definition. [Lucy] you mean subnetwork = subnet. I mean that you need to cite RFC1812 and be clear that this is a set of adjacent addresses that can be represented by an L3 mask and whose components are all interconnected without need for an L3 gateway. [Lucy] Agree if we describe this case. Pls see below. Some notes below, embedded in a copy of that text: 4.3. Tenant Network with Multiple Subnetworks A tenant network may be configured with multiple subnetworks. One change to: multiple Internet subnets, as defined in RFC1812. [Lucy] Do they have to be subnets, i.e. under one network mask? L3VN can learn the routes from DC, no reason to limit to all routes from a DC under one subnet although operator may design that way. Each subnet is under one net mask (by definition of subnet). [Lucy] yes That means one route per subnet AND that the L3VN needs to connect to each subnet. [Lucy] A operator can design in this way too. However, 4.3 is not targeted for this case. That was my description mistake. If that's not the case, then you have a different model (more like BGP), but then you're no longer talking about subnets inside the DC anymore. [Lucy] Yes, BGP is what operator to use for this case. Sorry to make that confusion. Any suggestion to describe the case? example, when a tenant network are across multiple DC sites, DC operators may configure an L2VN within each DC site and an L3VN over change to: within each DC site interconnected by routers (gateways) as an L3VN over WANs for the network. The motivation for this configuration is that L2VN is a common way connecting VMs within a DC; however a big [Lucy] I will take your text. Does this mean you are OK with this use case? Sure. Thanks, Lucy Yong, et al. [Page 9] Internet-Draft NVO3 Use Case August 2016 broadcast domain across multiple DC sites and WAN networks raises across multiple DC sites and spanning wide area distances over WAN networks raises security and scalability concerns. Alternative is to use an L3VN to interconnect these L2VNs at DC sites, I don't understand the above. That is the same solution as the first example you have given. You either have one L2VN that spans DCs or separate L2VNs. Those separate L2VNs are L3 subnets, which - by definition - need a gateway in order to be connected together as a network. [Lucy] From tenant perspective, it gets one L2VPN, however operator can construct multiple L2VNs and L3VN to achieve it. Make a sense? Lucy Joe Joe
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
