-------------------------------------------------------------------------- Network Virtualization Overlays (NVO3) Working Group IETF 84 - Meeting Minutes Location: Regency C, Hyatt Regency, Vancouver, BC, Canada Time: 31-Jul-2012, 0900-1130 Agenda: https://datatracker.ietf.org/meeting/84/agenda/nvo3/ Chairs: Benson Schliesser (bensons@queuefull.net) & Matthew Bocci (matthew.bocci@alcatel-lucent.com) Note-takers: Christian Martin, Martin Vigoureaux, Sam Aldrin -------------------------------------------------------------------------- -------------------------------------------------------------------------- Meeting Administrivia (chairs - 05 min) -------------------------------------------------------------------------- - Note Well - Blue Sheets - Agenda bash - Status update - Mention of IEEE work -------------------------------------------------------------------------- VPN for Data Centers Problem Statement (Maria Napierala - 10 min) draft-fang-vpn4dc-problem-statement -------------------------------------------------------------------------- Problems: - VLAN limitation - Scaling issue with dataplane with MAC learining and flooding - Tenant isolation and collision issue - VM mobility issue - Focus on large scale IP only datacenter - In large DC, majority of traffic is inter-subnet - VPN traffic is end to end and not bridged. Characteristics: - Traffic isolation - Large scale deployments - interVPN-traffic policy support - Support Live migration Comparision with other problem statements: - Focus on L3 - Focus on east-west traffic Summary: - Large scale DC - Asking for adoption -------------------------------------------------------------------------- Problem Statement (Thomas Narten - 10 min)

 draft-narten-nvo3-overlay-problem-statement -------------------------------------------------------------------------- Presented history on how we got here. Removed confusion of biased approach to one solution over the other. Relationship with VPN4DC document: - Held discussions with authors - Identified some specific issues within the draft - Ensure L2VPN and L3VPN related work is equally covered - Waiting for vpn4dc to suggest text Next steps: - Close identified issues - Strongly suggest WG adoption and move forward. -------------------------------------------------------------------------- Progressing the problem statement discussion (Chairs - 25 min)
 -------------------------------------------------------------------------- - Who read both drafts? - Which draft is better? - What are the specific open issues Kireeti Kompella: Discussion over mailing list, server to TOR, is that work done in the WG? Like to have a concrete picture before going over the problems. Better to have a useful background to the problem. Benson Schliesser: The chairs are in agreement that we should have a single problem statement and a single framework. Thomas Narten: Yes, there is room for work to be done. Good to have the information. It should be in the framework. Benson Schliesser: VM provisioning is not our focus but context information might be useful Pat Thaler: How the VM is setup like that will be good to be in Problem Statement. There is no restriction of one VLAN per VM. Would be helpful to include in the FW what the architecture needs to serve. But, need to more accurately detail any Ethernet limitations. With IEEE 802 co-chair hat on. Comments about 4k VLAN limitation don't accurately reflect latest IEEE specs Stewart Bryant: Pat's statement is definitive Linda Dunbar: indeed no limitation on 1VM/1VLAN Pat Thaler: agree about flooding point may be valid, but we need to focus on good reasons rather than create additional noise Benson Schliesser: about the 4k limit, that might not be always true. Pointing to a problem does not mean there is no solution to it. But we must try to use language that doesn't misrepresent when talking about problem statement Linda Dunbar: 802.1 has long had VLAN learning Pat Thaler: possibly but that should not be a driver for a L3 solution Manuel ?? (DT): There is lot of assumption about VLAN limits etc. What is the best starting point for converged problem statement? What is to be done to cover all the problems? VPN4DC is good starting point ??: Avoid VLAN issues as problems. Do not agree that bridging is not involved and is too restrictive Joel Halpern: have ready both drafts. we should avoid comments on vlan space. no point in that. as far as L2 vs L3, L3 only might be too restrictive. there should be one comprehensive solution Maria Napierala: we are not suggesting that L3 should be the only solution but the solution we (vpn4dc authors) are looking at Joel Halpern: if "we" is NVO3 then too restrictive Maria Napierala: a PS that would cover both solutions (L2 and L3) would be too complex Joel Halpern: the PS should be silent about that Benson Schliesser: we recognize disagreement here Thomas Narten: our document says we need to provide L2 service and L3 service could be 1 solution, 2 solutions Maria Napierala: L3 is one of the solutions. ??: Problem statement should not be restrictive only to L3. Should not include solution in problem statement. Dino Farinacci: If non-ip traffic, L2 solution should be included Thomas: we need to provide L2 service Stewart Bryant: the PS should reflect accurately the charter Dino Farinacci: what about FC? Stewart Bryant: if genuine need, we'll fix that. FCoE traffic is over Ethernet, so is covered. Linda Dunbar: What are we debating? In order to cross subnets, can use IP to talk Maria Napierala: that is called routing Linda Dunbar: should have two separate drafts for L2 and L3 Eric Gray: all of the discussions about the potential limitations on L2 are not relevant, likely to be wrong, why are they there? We need not justify L2 is needed. This is IETF. Paul Unbehagen: Don't think of a tenant solely as a customer. Lot of missing use cases. Focusing on VPN is important. More inclined VPN draft Dave Mcdyson: Able to understand Narten draft as it has more details and terminology, than Framework or VPN4DC draft. WG needs more education on DC operator terminology. We need more use cases. One major issue with Narten draft doesn't address external VPN reachability in a tenancy. Routing is not the right terminology for describing the issue. Luyuan Fang: We reached out to Thomas, but Thomas disagreed to merge. Ning So: Previous draft has use cases and problem statements. IETF has both L2 and L3 tracks involved. Combining together may not be fruitful. Both have a different perspective. Oil and water don't mix. Combining both L2 and L3 drafts is not a good thing as IETF has both L2 and L3. Thomas Morin: Hidden assumption behind second question. May be easier to clarify whether there should be an L2 AND an L3 solution, or if we are bound to one solution only. Might be easier if you clarify the goals of the group to have a single or two solutions. Maria Napierala: I agree Benson Schliesser: We do not know completely. Thomas Morin: said, differently is it meaningful to do gap analysis between a L2 PS and a L3 technology? Matthew Bocci: We are not saying that we need one solution that deals with L2 and L3. Thomas Narten: discussion on which solution and where is premature Keeteti: Not focus on L2 limitations, instead on what L2 could solve. Clarifying what L2 and L3 problems could be solved. That is the biggest problem to be solved. Kireeti Kompella: focus on problems on layer 2, not all L2 perceived shortcomings. Disagree with Eric on L2 focus in IETF. Adding L2 and L3 both to draft-narten is useful. Eugene ?? (MS): The issue is not L2 or L3. Customers say they want IP. But that is loaded - they also want L2. 75-80% of traffic is intra-DC, but not clear if it is intra-subnet or inter-subnet. We shouldn't marry scope of the PS to this distinction. Intra-subnet and inter-subnet is more of optimization issues. Be clear on what L2 and L3 problems are being solved. Thomas draft is more clearer. Dave Allan: Thomas draft is clearer. Subnets in relation to overlays don't make sense because aggregation is gone. Nabil Bitar: We should have one problem statement to solve both L2 and L3. Solutions can be separate. Maria Napierala: Need to address problem clearly. Nabil Bitar: Let us capture the problem clearly as we are not talking about solution. Chris Wright: Thomas draft is more generic. VPN4DC is overly specific. Stewart Bryant: Who would like to have single problem draft – overwhelming majority for single draft. Benson Schliesser: who has read the two documents? amongst those: who thinks draft-narten is good start? who thinks draft-fang / vpn4dc is good start? (slight advantage to draft-narten) Matthew Bocci: who think a brand new doc is needed? result: a few hands -------------------------------------------------------------------------- Framework (Marc Lasserre - 10 min) draft-lasserre-nvo3-framework -------------------------------------------------------------------------- - Updates since last version - Open issues: * Combined L2 and L3 service type * VN to VNI mapping (e.g. 1-to-1) - Next steps: WG doc? -------------------------------------------------------------------------- Progressing the framework (Chairs - 25 min)
 -------------------------------------------------------------------------- Dave McDyson: Map the terminology to the problem statement. Still issues are there and not ready for WG draft David Black: A comment on terminology – take a look at IEEE VSI terminology, is more helpful than TES, for example. Kireeti Kompella: Terms are new, we don't always use the same terminology. Mapping with IEEE terms would be useful. In general it is pretty good. Linda Dunbar: Did not address inter-subnet communication. Focused on L2. Marc Lasserre: there is section detailing that. Thomas Narten: Need Framework document. Both should be worked in parallel. George Swallow: Draft still needs work. Excellent base document to be made WG draft. Nabil Bitar: As authors we did lot of work to be L2 and L3 agnostic. We worked hard to describe functional objects that are L2/L3 independent. Idea is to describe the functions without specifying something specific. FW describes functions to accomplish this task. Susan Hares: Read the draft. But could not understand the specifics within the draft. Agree with Dave Mcdyson. Thomas Morin: Terminology could be harmonized. Dave McDyson: We do not want two FW docs. Changed mind after hearing other comments and request adoption of problem statement and FW doc. Chairs: who have read? (result 1/3 of room) out of which: who think good basis? (approx same) out of which: who think not good basis (no hands) -------------------------------------------------------------------------- Data Plane Requirements (Marc Lasserre - 10 min)

 draft-bl-nvo3-dataplane-requirements -------------------------------------------------------------------------- - Purpose of the draft is to specify all the dataplane requirements. - VNI types: L2 and L3 VNI - For L2: VNI, DP and CP learning - For L3: routing based learning - Updated the changes made in 01 version. Dave McDyson: Does trombone routing to destination address or overlay address? Need clarification. Kireeti Kompella: What is the intent of the entropy statement? Marc Lasserre: that we should have enough entropy by looking at the overlay header. but does not preclude looking deeper. Dave Black: seems to say that there should be an encaps based on a service Marc Lasserre: it is a should. but cases for which it is a should that should be clarified Florin Balus: as editor of that section, if description on QoS not enough would welcome inputs. -------------------------------------------------------------------------- Issues of Mobility in DC Overlay network (Linda Dunbar - 05 min)

 draft-dunbar-nvo3-overlay-mobility-issues -------------------------------------------------------------------------- - Giving highlights of the merged draft - Detailed major issues of VM mobility in overlay environment. -------------------------------------------------------------------------- Signaling to Simplify NV Provisioning (Thomas Morin - 10 min) draft-kompella-nvo3-server2nve -------------------------------------------------------------------------- How to do server to TOR signaling. Goals: - single touch point - No awareness for cloud OS regd DC network Main proposal is signaling between server and TOR switch Next steps: - need for documenting requirements James Kemp: Why cloud OS is not interested in VM placement? Linda Dunbar: Cloud OS is abstract. Use case of managing VM should be made aware for profile validation. -------------------------------------------------------------------------- Requirements on TES-NVE interface and Control Plane (Yingjie Gu - 10 min) draft-gu-nvo3-tes-nve-mechanism
draft-gu-nvo3-overlay-cp-arch -------------------------------------------------------------------------- Location of NVE is not identified. Could locate at TOR or hypervisor etc. Detailed the functionality reqs of NVE. There exists more than one way to fulfill the assistance to NVE. Luyuan Fang: There is no one way to do this. Several options/alternates for VDP - IP can use XMPP for example, L2 can use LLDP. Yingjie Gu: It is just TLV model and not tied to L2. Chris Wright: appreciate assoc/disassoc, but the port profile semantics are hard for implementers. Chairs: Out of time. Take it to the mailing list -------------------------------------------------------------------------- NVO3 operational requirements (Peter Ashwood Smith - 10 min)

 draft-ashwood-nvo3-operational-requirement -------------------------------------------------------------------------- - This is needed and proactive work. - Taken requirements form RFC6316 - Next steps: Add/Remove requirements. Needs email debate. Florin Balus: Is it L2 or L2 and L3 Peter Ashwood-Smith: Started off with L2. Will eventually be incorporating L3 as well. -------------------------------------------------------------------------- Use Cases for DC Network Virtualization Overlays (Lucy Yong - 05 min) draft-mity-nvo3-use-case -------------------------------------------------------------------------- - 3 use cases for virtual networks - NVO3 brings the ability of building IP application in a virtual environment - Welcome comments and request adoption. -------------------------------------------------------------------------- Analysis of Security Threats/Requiremens for NVO3 (Yinxing Wei - 05 min)

 draft-wei-nvo3-security-framework -------------------------------------------------------------------------- - Presented security framework. - Potential attack points present in VN’s - Security considerations - Lack of security framework for NVo3. - Request WG adoption -------------------------------------------------------------------------- L3 address considerations for NVO3 (Sheng Jiang - 05 min)

 draft-carpenter-nvo3-addressing -------------------------------------------------------------------------- (No-show) -------------------------------------------------------------------------- Accessing Cloud Services (Yaakov Stein - 05 min) draft-stein-cloud-access -------------------------------------------------------------------------- - Most cloud networking talks about intra and inter DC/ - What about the access segment? - Joint network+cloud to be provided by NSP. -------------------------------------------------------------------------- END --------------------------------------------------------------------------