Well I don't remember what was intended but I can say what I would expect as a User
1.) a default policy must exist so that any VMs that appear out of or in lack of a policy be put into that default policy group. 2.) a default policy group that exists in a group of policies that allow for distributed gateways, should itself default to a multiple gateway policy as it is the base or default policy that reflects a group of distributed gateway participants. However this seems to me to be more implementation territory an not something necessary to standardize. Jon > On Apr 17, 2017, at 4:26 PM, Linda Dunbar <[email protected]> wrote: > > David, Jon, Larry, Marc, and Thomas: > > One of our implantation engineers asked a question about the Section 5.4 > Distributed Inter-VN Gateways. Hope you can help with the answer. > > The Section 5.4 states: > “Explicit gateways could be the central > point for such enforcement, with all inter-VN traffic forwarded to > such gateways for processing. Alternatively, the NVA can provide > such information directly to NVEs by either providing a mapping for a > target Tenant System (TS) on another VN or indicating that such > communication is disallowed by policy.” > > “The NVO3 architecture supports distributed gateways for the case of > inter-VN communication. Such support requires that NVO3 control > protocols include mechanisms for the maintenance and distribution of > policy information about what type of cross-VN communication is > allowed so that NVEs acting as distributed gateways can tunnel > traffic from one VN to another as appropriate.” > > > The question is: if NVE doesn’t have the up-to-date policies for some VMs > attached (most likely the newly moved-in VMs), should NVE forward the data > frames to the “Default Gateway” (as the time needed to query the NVA for the > needed policy might take too long)? > > It is almost like what is described in the “Split-NVE Control Plane > Requirements” (draft-ietf-nvo3-hpvr2nve-cp-req-06) with the interpretation of > “tGateway” being on the NVE and “nGateway” on the centralized Gateway. > > Any answer is greatly appreciated. > > Linda Dunbar > >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
