**Agenda
* Agenda Bashing   (1 minute)
* RG Status  (5 minutes)
http://www.ietf.org/proceedings/78/slides/VNRG-1.pdf

R is for Research
RG status
  key issue for today: "virtual" versus "logical"

Upcoming IAB review
  each rg is eval by IAB.    will be review tomorrow am for vnrg

joe: purpose of meeting.  past meetings had to date... had preso
on individual projects.  shying away from that, purpose of group is
not workshop, but way for community doing projects to find commonalities
and differences in work.  why posted q's to list, get away from
prosos of individuual projects, and toward common lang, common structure
doesn't mean need common structure
but find out where overlap and where we don't.  and so not reinventing
thigns.


* Network virtualization: What? Why? How? Challenges? (Didier Colle) - 10 minutes
http://www.ietf.org/proceedings/78/slides/VNRG-0.pdf
--
network virtualization: what
  doesn't correspond 1-1 to real
--
network virtualization framework (pic)
   two nets with own control plane
   have edge devices connected. to single or mult instances
   gateways between instances
   at bottom substrates from which can have virt nets
   and whole virt network management 
--
virtualization layer 
  pic of how things relate to each other

  logical versus virtual
    logical - decouple from impl
    virtual - you're own collection forming a network.
--
virtual resource

--
why net virtualization
   more cost efficient because huge substrate
   [not sure I understand economy of scope]
   survivability...
--
why (2)
   leave decision about "horizontal" interfaces to virtual instances
--
challenges
  virtual-logica-physical level.  so multiple translations
  at data plane want to operate at wire speed - bake in indirections

  isolation & security. should be guaranteed that can't access of
  resources of another one. (or affect)

  when need dedicated bw
--
challenges(2)

  who to blame is something that needs to be looked at

  abstract virtual resource propoerties?

  how move from one instance to another
--
questions
  ITU-T FG on future networks  virtual Infrastructures / Networks
    should we align with activities?


joe: aaron - comment on ITU-T FG
"it's your group"

we are not creating standards
would like to involve folks from them
but no alignment required or suggested

aaron: heard about this activity a year ago.  at the time, not working
on standards.  maybe changed.  if they are doing standards, has nothing
to do with what works in IETF.

know about chair of this. doesn't look like standards.  problem statmetn
NEC

songine john/ETRI: discussion in stockholm.  IRTF is not standards org body
ISOC policy doesn't apply to vmrg.

afaik, scope of ITU-T is different.  so will participate in both activities.
[missed what he said]

afalk:  on fault isolation/accountability.  when virtualize networks
fault diagnosis becomes a problem.  if virtual and stops working, with
isolation extremely hard to figure out where problem is.
perhaps a future item for this group to look at
areas to help fault diagnosis.

joe w/no hat: interesting thing about virt networks... gives you
an opportunity too.  harder to find, but running over existing net
so have communications channel and can find things out.

yuri yemchenko(?) uva: rep gysers project, had preso last time.
have moved to develop architecture.  your vision also developed
over last ietf.  see logical abstraction layer.  only part
of actual virtualization.  talk aobut such components as network
after abstrction, need to do composition.  but to this...
not sure if in scope of IETF, but more conceptual, service oriented
approach.  are a number of solutions that use methods.
service oriented approach + tools
virtualiztaion logical abstraction and compositions.

 


* Network Virtualization – Results and Challenges (Martin Röhricht) - 10 minutes
http://www.ietf.org/proceedings/78/slides/VNRG-2.pdf
--
results of earlier research project.
4WARD.

created architectureal framework that can be used in commercial seetting
involving buisiness roles.
infra provider - virt net provider - network operator
use terminology from framework as starting point for further discussions

--
example solution - virtual link setup
--
lessons learned / open issues

need detailed topology description
need to define inter-domain/cross-provider interfaces
security is a must, and must be built-in
  confidentiality?
  want abstraction so won't interfere.  
  but open issue

joe: clarifying q
if not including end users.  not full end-to-end virtualization
how does this differ from exsiting VPN work.  lots of stuff there
virtualized network in core of net, people tethered off and pull together.
if don't include users how distinguish this from that.

VPNs are one part of solution.  
fixed addreses used to attech might be differnet.

roland: did not exclude end users, still belong to virtual net
but exclude from topology description.
may be mobile users and dynamics.

joe (as individual)
trying to differentiate, not in picture, or attach separately after the
fact.  if attach separately, think is more like vpn

would like to understand difference between VPN and virt networks.

cannot have host that is member of 2 vpns at same time, not ture of virtual networks.  my acid test.

john buford: on 4ward arch.
[missed particular question]

roland: only impl parts of arch. no directly running service on top of this
iptv distn net is a scenario.
could be anything other than services based on IP.




* Definition and Perspective of Virtual Networks (Sangjin Jeong) - 10 minutes
http://www.ietf.org/proceedings/78/slides/VNRG-3.pdf

key properties of VNs
  partitioning (of resources)
  isolation
  abstraction
aggregation hasn't been called out, but think key property to differentiate vn from other technologies.

joe: historical point.  key properties of vns were listed as requirement.
aggregation is intended to be variant of abstraction.  is included, just
not required.
--
what is vn

displayed, based on comments from didier.

uses logical resource.
think lpvpn doc described well (now withdrawn), so imported description
draft-ietf-l3vpn-vpn-vr-03.


--
key compoenents for VNs
--
what are vns used for
--
key challenges
--
open issues

terminology... network virtualization vs. virtual networks
and ml discussion

monique marrow: struggling between
virtual networks
vlans
vpns
where do you put all of that.  talk about these interchangeably
before talk about federation of multiple vn's need to have comon
definition of what these are.

afalk: the logical resource has same mechanism as physical resource
is it a virtual network, if expose ckt oriented service on packet-oriented network.  answer no, using this deifnition.
virtual network like virtual os.  virtualization layer so feel like running
on real stuff. but running in virtual layer.  would provide you

joe/no hat: talked about virt on list.  logical allwos you to decouple
from the physical.  virtual implies logical.  logical does not imply virtual.
can run many vmware on system, or vrrp, lots of routers that have no direct correlation to physical.  could be aggregagtion, split, or combo, don't care.

to me have always had one definition of virutal network.
a network composed of tunnels.  VPN is not VN, doesn't go out to end
not necessarily tnnels
VLAN is close, but not exact.
some of stuff xbone virt network
violin
the mbone is virt network
what they were doing, connecting things together with tunnel

so if have logical resource, taht terminates a tunnel, also a virtual resource
if doesn't terminate a tunnel, not vn.

hwo I keep this distinct.  others may disagree.

have to make distinction.  if we can't together make distinction
between VLAN VPN and VN, then stop.
think have different concerns, goal.

ships in the night end to end all the way out.

yuri: abstraction/aggregation
can aggregation is part of abstraction
but if more dynamic process to create/provision on demand
pool of resources
abstract represent
then compose them
then deploy all control interfaces/control plane.

joe/chair: oint of text up there, doesn't differentiate about deployment
it's a property of deployed system 
not intended to differentiate between three

can abstract something as subset/superset.

don't agree
can have host names
some properties hidden fromuser doing aggregation/composition.

pool of phys resources
abstract logical representation
after compose to create vn, still need to do config during
stage of deployment.

this is properties of network
not steps compoenent to go through steps to be part of a vn.

to become part of a vn, multiple phases, this lang isn't intended to express that.

also...  virtual->logical  doesn't mean have to make logical then virtual.
could happen togehter.

difference between simple defn of virtual netwokr
and provisioning process
provisioning may change property of elemetns.

joe: point to discuss: aspect of provisionin as what it means to be part of vn.





* Common problems/challenges in VN (Dimitri Papadimitriou) - 10 minutes
--
Abstraction

actions w/o complexity
--
virtualization
--
3 challenges... indrection, monitoring, accessability/binding

indirection
--
indirection: aggregation/pooling
--
indirection: virtual router
--
indirection: challenges
--
reservation-monitoring chain

need to account for utilization of reources being composed
--
monitoring: challenge(1)
...accuracy...
loops between inaccurate resource monitoring and reservation systems?

--
monitoring: challenge(2)
--
accessability and binding performance
--
challenge: which edge

things in host to allow it to participate
or smart boundary
--
open questions

are these sufficient and well formed?


afalk: do you agree with joe's point that VLAN and VPN not virt network
yes.
attachment point and accessability is major difference from VPN and VN

joe/nohat: indirection requires mapping. and mapping happens in tunnel encap
where info is provided this id matches to that id
can put in shim headers, or translations, or... give the net effect encap.
doesn't have to occur, but has to happen

afalk: still fuzzy on this.  crisp as part of arch.  maybe list of use cases
is X a virtual network.  yes/no/why.
mpls, tmpls...

lots of head shaking

q: is n or p box type of substare (slide 8)
??? [missed this]

yuri: last slide.[10]
monitoring-reservation chain.  isn't that provisioning of network

say reservation chain because is request or query coming in
doesn't impact way virtical communicaitons

decoupling both
might have uniformity 
each of pools of resoruces, may have own ways of communication
and enabling segmentation, and monitoring of segmented resources

where homogeneity
horizontally need more interoperabilty
virtically what functionality is required and how to impl

yuri: still, during reservation consider different options.
e.g. change 20/80 to 30/70
yes dynamic is ok.

yuri: issue is that reservation might have two states. commit/confirm
which means blocking resources.
does reservation block resources?  yes [i think]
blocking properties of resources that may change

find if have good solution must fix or deploy.
[I personally don't really understand yuri's point/concern/... --mjz]




http://www.ietf.org/mail-archive/web/vnrg/current/msg00200.html
* open discussions to clarify the questions:

and 
- proposition that VNs defined by tunnels
- and distinction between logical and virt discussed so far

monique: not to be repetitive, but
emphasize importance of taxonomy/use cases.  what is encap?  what comprises it.
to actually define virt network concepts.

yep, plan on that, see charter.

dimitri: introduce point of associations.  what are associated resources
not just termination point of traffic comes in,but traffic in and assocated th.

joe: must define what edge is.  virt net interface?  process? connection?

must differentiate self from: applications or p2p nets composed of tcp tunnels (or are they included?)
and terminology largely out of planetlab, "slices".  my view as individual: that's what I would normally call virtual network and processes at edge
challenges with that model, process is member of only one virtual network.

association: data structures and processing


joe: about mapping of resources
certain amount of that.  certain amount of resv that mayor maynot be supported
process virtualization... does not reserve 20% of processor when start up word.
so not sure that need explicit reservation (or % reserv)

dimitri: but at certain point in time need binding.

need certain things to do virtualization
like a process table
another is perfromance.  "that's optional".
or ranked priority system.  optional.

must talk about what mandatory resources erquired to do virtualization.

afalk: the openflow guys hae a notion of partitioning networks that
does not involve tunneling, where an end system in provisioinging of
(being concrete)  switch attached to host, forwarding table is set up
so different controllers have access to different part of header space.

so bcast messages aren't bacast, but go to x y z
port 80 goes j
port 25 goes l
no tunnels
and participate in multile networks
but provisioining pov, is virtualized

confused approach, but different than tunneling
but still feels very much like virtual network.

joe: openflow model, in terminology here, "highly logical"
supports lots of logical comnponents, but not necc. virtual.

right words are not uses tunnel, but behaves "as if" tunnel

joe bannister a long time ago.
ckt/pkt.  ckt has packet haeader info encoded in physical location
wire on which it exists.  just a spatial encoding of header
rest is just data

where's tunnel in openflow network
header is implicit that it is on that port
so could have implicit tunnelling if on spearate physical ports

but can think of lots of stuff to do with openflow that doesnt' do it.
(behave that way?)

dider: as if it would be tunnel is true
look at openflow, and flowvisor, it's forcing that physical port
can have operlapping addr spaces
what makes virtual and not just pure logical

afalk: agree, lots of things can do with OF besdie that.
don't have to use FV.  once doing measurement, everything goes...

joe
should have preso on openflow.

never found *needed* of to do virtual networks.
if tunnel.  then don't have to redirect.
but maybe openflow device can help me emulate tunnel.

afalk: agree not necessary.  but performance, and want
to understand.  something tied to hardware helps.

dino: running IGP on site, ospf.  runs on phys interfaces, builds routing table
configure GRE tunnel, ospf runs on it.  build new routes learned that way.

don't think of tunnel as anything.  a way of making logical out of real
think of network as being logical or real.
using a tunnel to connect the base network
dont' have e2e virtual network
is logical abstraction, not virtual.

virtual network, everything is tunneled.

can't tunnle *everythin* then can't realize tunnel

tunnel from end swithc or you to me?
doesn't matter.

[? missed.]

slide should define logical versus virtal so hae it.

dider: wondering about tunnels. and definition of virtual network.
in addition to tunnle, possibility to have control over
thing that tunnel runs over
not just having pure tunnels.

joe: a network composed soley of tunnels, that deosn't reach
anywhere base network didn't reach.
don't consider IP as a tunnel over ethernet.

don't know that I would require control to go over same path.

is a full network with data plane, management plaine, security plane, control plane.

yuri: related q  should a virt net have own control & mgmt plane.
just said yes

has own pieces, maybe not all, but...
doesn't rely on another net for those pieces

demitri: why segment between management and control?
historically
control plane - protocol signalling
management plane - status info & configuration

is a fuzzy line.

if I use ospf or bgp, control plane.
if use snmp, but load routes statically, management plane
have same effect.

should we segment planes before define what is in each.

dimitri: want to concentrte on functions

and if it exists, run over tunnels.
can have things that dont' run over tunnels
provisioining

afalk: not going to argue, but dont' think agree...
but a different point.  limiting the scope of a virt netwokr
so it does not extend beyond the scope of the phys net underneath.
right?

think so as individual. how is this not IP over eth.

afalk
lot of work in federating different networks
virtual networks with srvices that run end to end over federation
ti's a lot of what IP does
do this at lower layers.  closer connection to phys substrate
that's all excluded by that test.
to me federation of virt networks is also virt network.

virt implies layering
but layering not imploy virtualiztion

why trying to exclude IP over eth

afalk agree with intent.  but who owns and operats substrate is not layering question.  agree with goal, don't like test

joe
1. do you agree with goal
2. if you agree with goal, what's right text

one of reasons why didn't want to circulate document
is didn't want to work out text, but agree fundimental issues

erik noordmark: on test.
a few racks on phys etherent
- substrate, phys netowrk
set of tunnels, is that VN?
as I understand it, yes

joe: yes.
router allows you to jump over ethernet
what I dno't think a virt net should allow you to do

hopping over a firewall is just building a link, not a virtual network

VLAN could be a vritual network, depending on how used
but prefer such that host identifying what packets not port
don't think one vlan at a time is true virt end to end

defintion of federations of nets

jung ? /etri: agree with joes definition except for tunneling
don't agree on current goal
would see extension.  federation of heterogeneous networks
different virtual entworks
should include that.

other communities investigating new 

joe/hat: purpose of a RG is (in my opinion) not a workshop
find commonalities/differences
not here to converge on any one thing necessarily
however, believe value in consensus is to say what we are NOT
if we cannot say that, just leave

if federation is something that should be included, how does that
not include anything.

talk on list.
once put federation in bag, think ip on eth is virt network
then not sure

roland: second what aaron said.  prob with defn, what is base network.
on slides different substrate nets operated by different net providers
can have virt network that spans different providers

joe as individual: difference between federated and virtual
not saying federated is not useful
federation may be layered network
added a common interworking layer across whole thing
not sure if virtual network or not.

and distinguish between federation of different virtual networks.

using federated in different ways, so need to define that too

aaron: one of really useful things about virtual networks
puts control of vn to different party than substrate.
I'm thinking of virtual net that crosses infra
owned by different parties

makes interesting to other peopl.
bring up new services
pilot new technologies

joe: confused over years by a lot of work in l2vpn and l3vpn world
distinction between compoents based on "provider" or "customer"
shouldn't have to look at who paid for deivce to see how it works.

....
if only reason to separate is political layer...

afalk: who has control is architectural issue.  

NAT.  puts control of what is in my network to me.

changes to arch that have implications on control
BGP AS boundaries
NATting

construct a tunnel, ethernet to atm netowrk
...
way federate this, use IP, not

run next to it, not virtual
run over it, must


in GENI, stitching. taking a virtual network in region A and one in region B
and connecting them.  not dynamic.

v6 over v4 to somewhere, then v6 over v4 to her
still virtual and virtual

v6 over v4, then v6 over ethernet, don't call that federated
virtual networks, it's a gateway.  a regular router.

afalk: virtual networks part, letting someone else have control
federated networks part, need to stitch together.

dino: believe VLAN over IP networ, is that virtual?
yes
ok. then worried about how to get packets from one place to another

ip over ethnert not
etherenet over ip virt
? over ipv6 virt
inconsistent.

better to define more coarsely.
control and where it's done.

vpn connection back to ISI, virtual.  arp or subnets, be able to get to them
others here can't

to get packet from inside isi
to get thru phys internet
have to participate in underlying control and management
stuff on top, connecting to subnets.

if detailed definition, not true
vitualization in eye of beholder

if ip over eth vitual, then don't need vnrg

test can't be who paid bills, can't test on network
want something objective

can do inside machine

dino: two endpoints talk to each other
underlying don't participate
can view as virtual, is an overlay.

is tcp conn virt network.  yes
then don't need virtual networking

belive there is something different about vn
don't believe tcp or ip over eth is.

1. if x over x vituatl
   if y over x when is it, or virt

martin: same ip addr/port nubmer again.

want to definitely recurse

joe: other requiremetns
recursion
revisitation: properties of abstractoin
if go back to node more than once, can tell that youv'e done so

erik: eth-over internet to atm net
what is base network.
thought was whole internet. but...

set of ethernet switches
looks similar to set of routers at L3

perhaps restricted subset of nodes.
whether vlan, or ip-over-ip, can use whatever IP addr I want.  w
maybe that's what makes virtualization differnet.

dimitri: x/x, y/x.  who is defining relationship from x to y
who takes control?  delegation of control is critical to understand

not just horizontal, is vertical we need to have as part of definition.
would like to help withthat.

yuri: started working on gyser? project, on demand provisioning
one key thing, provisioning workflow.
property definition as management.

joe/hat: important to define what VN is first
then *how* build

if only way to define *what* s by *how*, then include
would prefer not the case.

applying for RG in OGF
on demand services provisioing
will have bof in october in BRU


preference not to include in this rg until necessary.

OGF is open if wan tto participate, please do.

dimitri: isn't construction related to waht are VNs sued for.

not a scientifically created list of questions. 
find out where people stand.
if know what targeting, ahve a better sense of wha tdefining.

common and different uses, and then common and differnent approaches
and acid tests for them.

at end... motivation for caring.
  what is hard part here.
  what is research.

for RG, common and different imnportant. and then people that are interested in
same thing, catalyze them.

although not intending to create comprehensive list.

afalk: suprised no talk on these questions.
done it before
[not writing down joe's defn]

abstraction and separation are usefulness
interaction of dynamic routing & provisioning can happen on hosts
single level of tunnel/indirect insufficient

key challenge - multipoint tunnels

view of virtual networks is view of virt memory.
I don't want VM.  I need to run fast.
today, can't find device that doesn't support
it's cheap
want what provides us
so willing to take hit

same reasons want virtual networks.

afalk: ok, now comment:
inherent in your model, is that network is IP datagrams
many people thinking of other things.
  router isn't necessarily fundimental
  revisitation might not make sense in those models
   
  rg is broader in scpe than IP
  so hope that taxonomy and ...

taxonomy was packet centric.  but think can translate into circuits (see above)
and just as much of a reason to do revisitation in ckt network

afalk: but homogeneity of what means to be a network

yes

afalk: but dismissed some of interest in defining scope around operational
issues/constraints.  fundimentally economic
vns used for constructing separate services that a single entity can control that crosses multiple operators infra.