David, Jon, Larry, Marc, and Thomas: One of our implantation engineers asked a question about the Section 5.4 Distributed Inter-VN Gateways. Hope you can help with the answer.
The Section 5.4 states: "Explicit gateways could be the central point for such enforcement, with all inter-VN traffic forwarded to such gateways for processing. Alternatively, the NVA can provide such information directly to NVEs by either providing a mapping for a target Tenant System (TS) on another VN or indicating that such communication is disallowed by policy." "The NVO3 architecture supports distributed gateways for the case of inter-VN communication. Such support requires that NVO3 control protocols include mechanisms for the maintenance and distribution of policy information about what type of cross-VN communication is allowed so that NVEs acting as distributed gateways can tunnel traffic from one VN to another as appropriate." The question is: if NVE doesn't have the up-to-date policies for some VMs attached (most likely the newly moved-in VMs), should NVE forward the data frames to the "Default Gateway" (as the time needed to query the NVA for the needed policy might take too long)? It is almost like what is described in the "Split-NVE Control Plane Requirements" (draft-ietf-nvo3-hpvr2nve-cp-req-06) with the interpretation of "tGateway" being on the NVE and "nGateway" on the centralized Gateway. Any answer is greatly appreciated. Linda Dunbar
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
