< draft-ietf-nvo3-use-case-06.txt   draft-ietf-nvo3-use-case-07.txt >
skipping to change at page 1, line 13 skipping to change at page 1, line 13
Internet Draft Huawei Internet Draft Huawei
Category: Informational M. Toy Category: Informational M. Toy
Comcast Comcast
A. Isaac A. Isaac
Bloomberg Bloomberg
V. Manral V. Manral
Ionos Networks Ionos Networks
L. Dunbar L. Dunbar
Huawei Huawei
Expires: February 2016 August 4, 2015 Expires: April 2016 October 16, 2015
Use Cases for Data Center Network Virtualization Overlays Use Cases for Data Center Network Virtualization Overlays
draft-ietf-nvo3-use-case-06 draft-ietf-nvo3-use-case-07
Abstract Abstract
This document describes Data Center (DC) Network Virtualization over This document describes Data Center (DC) Network Virtualization over
Layer 3 (NVO3) use cases that can be deployed in various data Layer 3 (NVO3) use cases that can be deployed in various data
centers and serve to different applications. centers and serve different applications.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79. the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 46 skipping to change at page 1, line 46
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 5, 2016. This Internet-Draft will expire on April 18, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 26 skipping to change at page 2, line 26
document must include Simplified BSD License text as described in document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License. warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
1.1. Terminology...............................................4 1.1. Terminology...............................................4
2. Basic Virtual Networks in a Data Center........................4 2. Basic Virtual Networks in a Data Center........................4
3. DC Virtual Network and External Network Interconnection........6 3. DC Virtual Network and External Network Interconnection........6
3.1. DC Virtual Network Access via Internet....................6 3.1. DC Virtual Network Access via the Internet................6
3.2. DC VN and SP WAN VPN Interconnection......................7 3.2. DC VN and SP WAN VPN Interconnection......................7
4. DC Applications Using NVO3.....................................8 4. DC Applications Using NVO3.....................................8
4.1. Supporting Multiple Technologies and Applications.........8 4.1. Supporting Multiple Technologies and Applications.........9
4.2. Tenant Network with Multiple Subnets......................9 4.2. Tenant Network with Multiple Subnets......................9
4.3. Virtualized Data Center (vDC)............................11 4.3. Virtualized Data Center (vDC)............................11
5. Summary.......................................................12 5. Summary.......................................................12
6. Security Considerations.......................................13 6. Security Considerations.......................................13
7. IANA Considerations...........................................13 7. IANA Considerations...........................................13
8. References....................................................13 8. References....................................................13
8.1. Normative References.....................................13 8.1. Normative References.....................................13
8.2. Informative References...................................13 8.2. Informative References...................................13
Contributors.....................................................14 Contributors.....................................................14
Acknowledgements.................................................15 Acknowledgements.................................................15
Authors' Addresses...............................................15 Authors' Addresses...............................................15
1. Introduction 1. Introduction
Server Virtualization has changed the Information Technology (IT) Server Virtualization has changed the Information Technology (IT)
industry in terms of the efficiency, cost, and speed of providing a industry in terms of the efficiency, cost, and speed of providing
new applications and/or services. However traditional Data Center new applications and/or services such as cloud applications. However
(DC) networks have some limits in supporting cloud applications and traditional Data Center (DC) networks have some limits in supporting
multi tenant networks [RFC7364]. The goal of Network Virtualization cloud applications and multi tenant networks [RFC7364]. The goal of
Overlays in DC is to decouple the communication among tenant systems Network Virtualization Overlays in the DC is to decouple the
from DC physical infrastructure networks and to allow one physical communication among tenant systems from DC physical infrastructure
network infrastructure to provide: networks and to allow one physical network infrastructure to provide:
o Multi-tenant virtual networks and traffic isolation among the o Multi-tenant virtual networks and traffic isolation among the
virtual networks over the same physical network. virtual networks over the same physical network.
o Independent address spaces in individual virtual networks such as o Independent address spaces in individual virtual networks such as
MAC, IP, TCP/UDP etc. MAC, IP, TCP/UDP etc.
o Flexible Virtual Machines (VM) and/or workload placement o Flexible Virtual Machines (VM) and/or workload placement
including the ability to move them from server to server without including the ability to move them from one server to another
requiring VM address and configuration change and the ability without requiring VM address and configuration changes, and the
doing a hot move with no disruption to the live application ability to perform a "hot move" with no disruption to the live
running on VMs. application running on VMs.
These characteristics of NVO3 help address the issues that cloud These characteristics of NVO3 help address the issues that cloud
applications face in Data Centers [RFC7364]. applications face in Data Centers [RFC7364].
An NVO3 network can interconnect with another physical network, i.e., An NVO3 network may interconnect with another NVO3 virtual network,
not the physical network that the NVO3 network is over. For example: or another physical network (i.e., not the physical network that the
1) DCs that migrate toward NVO3 solution will be done in steps; 2) NVO3 network is over), via a gateway. The use case examples for the
many DC applications serve to Internet cloud users who are on latter are: 1) DCs that migrate toward an NVO3 solution will be done
physical networks; 3) some applications are CPU bound such as Big in steps, where a portion of tenant systems in a VN is on
Data analytics and may not run on virtualized resources. virtualized servers while others exist on a LAN. 2) many DC
applications serve to Internet users who are on physical networks; 3)
some applications are CPU bound, such as Big Data analytics, and may
not run on virtualized resources. Some inter-VN policies can be
enforced at the gateway.
This document describes general NVO3 use cases that apply to various This document describes general NVO3 use cases that apply to various
data centers. Three types of the use cases described here are: data centers. Three types of the use cases described in this
document are:
o Basic NVO3 virtual networks in a DC (Section 2). All Tenant o Basic NVO3 virtual networks in a DC (Section 2). All Tenant
Systems (TS) in virtual networks are located within one DC. The Systems (TS) in the virtual network are located within the same
individual virtual networks can be either Layer 2 (L2) or Layer 3 DC. The individual virtual networks can be either Layer 2 (L2) or
(L3). The number of virtual networks supported by NVO3 in a DC is Layer 3 (L3). The number of NVO3 virtual networks in a DC is much
much higher than what traditional VLAN based virtual networks higher than what traditional VLAN based virtual networks [IEEE
[IEEE 802.1Q] can support. This case is often referred as to the 802.1Q] can support. This case is often referred as to the DC
DC East-West traffic. East-West traffic.
o Virtual networks that span across multiple Data Centers and/or to o Virtual networks that span across multiple Data Centers and/or to
customer premises, i.e., a virtual network that connects some customer premises, i.e., an NVO3 virtual network where some
tenant systems in a DC interconnects another virtual or physical tenant systems in a DC attach to interconnects another virtual or
network outside the data center. An enterprise customer may use a physical network outside the data center. An enterprise customer
traditional carrier VPN or an IPsec tunnel over Internet to may use a traditional carrier VPN or an IPsec tunnel over the
communicate its systems in the DC. This is described in Section 3. Internet to communicate with its systems in the DC. This is
described in Section 3.
o DC applications or services that may use NVO3 (Section 4). Three o DC applications or services require an advanced network that
scenarios are described: 1) use NVO3 and other network contains several NVO3 virtual networks that are interconnected by
technologies to build a tenant network; 2) construct several the gateways. Three scenarios are described in Section 4: 1)
virtual networks as a tenant network; 3) apply NVO3 to a using NVO3 and other network technologies to build a tenant
virtualized DC (vDC). network; 2) constructing several virtual networks as a tenant
network; 3) applying NVO3 to a virtualized DC (vDC).
The document uses the architecture reference model defined in The document uses the architecture reference model defined in
[RFC7365] to describe the use cases. [RFC7365] to describe the use cases.
1.1. Terminology 1.1. Terminology
This document uses the terminologies defined in [RFC7365] and This document uses the terminologies defined in [RFC7365] and
[RFC4364]. Some additional terms used in the document are listed [RFC4364]. Some additional terms used in the document are listed
here. here.
DMZ: Demilitarized Zone. A computer or small sub-network that sits DMZ: Demilitarized Zone. A computer or small sub-network that sits
between a trusted internal network, such as a corporate private LAN, between a trusted internal network, such as a corporate private LAN,
and an un-trusted external network, such as the public Internet. and an un-trusted external network, such as the public Internet.
DNS: Domain Name Service DNS: Domain Name Service [RFC1035]
NAT: Network Address Translation NAT: Network Address Translation [RFC1631]
Note that a virtual network in this document is a virtual network in Note that a virtual network in this document refers to an NVO3
DC that is implemented with NVO3 technology. virtual network in a DC [RFC7365].
2. Basic Virtual Networks in a Data Center 2. Basic Virtual Networks in a Data Center
A virtual network in a DC enables a communication among Tenant A virtual network in a DC enables communications among Tenant
Systems (TS). A TS can be a physical server/device or a virtual Systems (TS). A TS can be a physical server/device or a virtual
machine (VM) on a server, i.e., end-device [RFC7365]. A Network machine (VM) on a server, i.e., end-device [RFC7365]. A Network
Virtual Edge (NVE) can be co-located with a TS, i.e., on a same end- Virtual Edge (NVE) can be co-located with a TS, i.e., on the same
device, or reside on a different device, e.g., a top of rack switch end-device, or reside on a different device, e.g., a top of rack
(ToR). A virtual network has a virtual network identifier (can be switch (ToR). A virtual network has a virtual network identifier
global unique or local significant at NVEs). (can be globally unique or locally significant at NVEs).
Tenant Systems attached to the same NVE may belong to the same or Tenant Systems attached to the same NVE may belong to the same or
different virtual networks. An NVE provides tenant traffic different virtual networks. An NVE provides tenant traffic
forwarding/encapsulation and obtains tenant systems reachability forwarding/encapsulation and obtains tenant systems reachability
information from Network Virtualization Authority (NVA)[NVO3ARCH]. information from a Network Virtualization Authority (NVA)[NVO3ARCH].
DC operators can construct multiple separate virtual networks, and
DC operators can construct many virtual networks that have no provide each with own address space.
communication in between at all. In this case, each virtual network
can have its own address spaces such as MAC and IP. DC operators can
also construct multiple virtual networks in a way so that the
policies are enforced when the TSs in one virtual network
communicate with the TSs in other virtual networks. This is referred
to as Distributed Gateway [NVO3ARCH].
A Tenant System can be configured with one or multiple addresses and
participate in multiple virtual networks, i.e., use the same or
different address in different virtual networks. For examples, a
Tenant System can be a NAT GW or a firewall and connect to more than
one virtual network.
Network Virtualization Overlay in this context means that a virtual Network Virtualization Overlay in this context means that a virtual
network is implemented with an overlay technology, i.e., tenant network is implemented with an overlay technology, i.e., within a DC
traffic is encapsulated at its local NVE and carried by a tunnel that has IP infrastructure, tenant traffic is encapsulated at its
over DC IP network to another NVE where the packet is decapsulated local NVE and carried by a tunnel to another NVE where the packet is
prior to sending to a target tenant system. This architecture decapsulated and sent to a target tenant system. This architecture
decouples tenant system address space and configuration from the decouples tenant system address space and configuration from the
infrastructure's, which brings a great flexibility for VM placement infrastructure's, which provides great flexibility for VM placement
and mobility. The technology results the transit nodes in the and mobility. It also means that the transit nodes in the
infrastructure not aware of the existence of the virtual networks. infrastructure are not aware of the existence of the virtual
One tunnel may carry the traffic belonging to different virtual networks and tenant systems attached to the virtual networks. The
tunneled packets are carried as regular IP packets and are sent to
NVEs. One tunnel may carry the traffic belonging to multiple virtual
networks; a virtual network identifier is used for traffic networks; a virtual network identifier is used for traffic
demultiplexing. demultiplexing. A tunnel encapsulation protocol is necessary for NVE
to encapsulate the packets from Tenant Systems and encode other
information on the tunneled packets to support NVO3 implementation.
A virtual network may be an L2 or L3 domain. The TSs attached to an A virtual network implemented by NVO3 may be an L2 or L3 domain. The
NVE can belong to different virtual networks that are either in L2 virtual network can carry unicast traffic and/or multicast,
or L3. A virtual network can carry unicast traffic and/or broadcast/unknown (for L2 only) traffic from/to tenant systems.
broadcast/multicast/unknown traffic from/to tenant systems. There There are several ways to transport virtual network BUM traffic
are several ways to transport virtual network BUM traffic
[NVO3MCAST]. [NVO3MCAST].
It is worth to mention two distinct cases regarding to NVE location. It is worth mentioning two distinct cases regarding to NVE location.
The first is that TSs and an NVE are co-located on a same end device, The first is where TSs and an NVE are co-located on a single end
which means that the NVE can be aware of the TS state at any time host/device, which means that the NVE can be aware of the TS's state
via internal API. The second is that TSs and an NVE reside on at any time via an internal API. The second is where TSs and an NVE
different devices that connect via a wire; in this case, a protocol are not co-located, with the NVE residing on a network device; in
is necessary for NVE to know TS state [NVO3HYVR2NVE]. this case, a protocol is necessary to allow the NVE to be aware of
the TS's state [NVO3HYVR2NVE].
One virtual network can provide connectivity to many TSs that attach One virtual network can provide connectivity to many TSs that attach
to many different NVEs in a DC. TS dynamic placement and mobility to many different NVEs in a DC. TS dynamic placement and mobility
results in frequent changes of the binding between a TS and an NVE. results in frequent changes of the binding between a TS and an NVE.
The TS reachbility update mechanisms need be fast enough so that the
updates do not cause any service interruption. The capability of The TS reachability update mechanisms need be fast enough so that
supporting many TSs in a virtual network and many more virtual the updates do not cause any communication disruption/interruption.
networks in a DC is critical for NVO3 solution. The capability of supporting many TSs in a virtual network and many
more virtual networks in a DC is critical for the NVO3 solution.
If a virtual network spans across multiple DC sites, one design is If a virtual network spans across multiple DC sites, one design is
to allow the network seamlessly to span across the sites without DC to allow the network to seamlessly span across the sites without DC
gateway routers' termination. In this case, the tunnel between a gateway routers' termination. In this case, the tunnel between a
pair of NVEs can be carried within other intermediate tunnels of the pair of NVEs can be carried within other intermediate tunnels over
Internet or other WANs, or the intra DC and inter DC tunnels can be the Internet or other WANs, or the intra DC and inter DC tunnels can
stitched together to form a tunnel between the pair of NVEs that are be stitched together to form a tunnel between the pair of NVEs that
in different DC sites. Both cases will form one virtual network are in different DC sites. Both cases will form one virtual network
across multiple DC sites. across multiple DC sites.
3. DC Virtual Network and External Network Interconnection 3. DC Virtual Network and External Network Interconnection
For customers (an enterprise or individuals) who utilize DC Many customers (an enterprise or individuals) who utilize a DC
provider's compute and storage resources to run their applications, provider's compute and storage resources to run their applications
they need to access their systems hosted in a DC through Internet or need to access their systems hosted in a DC through Internet or
Service Providers' Wide Area Networks (WAN). A DC provider can Service Providers' Wide Area Networks (WAN). A DC provider can
construct a virtual network that provides the connectivity to all construct a virtual network that provides connectivity to all the
the resources designated for a customer and allows the customer to resources designated for a customer and allows the customer to
access their resources via a virtual gateway (vGW). This, in turn, access the resources via a virtual gateway (vGW). This, in turn,
becomes the case of interconnecting a DC virtual network and the becomes the case of interconnecting a DC virtual network and the
network at customer site(s) via Internet or WANs. Two use cases are network at customer site(s) via the Internet or WANs. Two use cases
described here. are described here.
3.1. DC Virtual Network Access via Internet 3.1. DC Virtual Network Access via the Internet
A customer can connect to a DC virtual network via Internet in a A customer can connect to a DC virtual network via the Internet in a
secure way. Figure 1 illustrates this case. A virtual network is secure way. Figure 1 illustrates this case. The DC virtual network
configured on NVE1 and NVE2 and two NVEs are connected via an IP has an instance at NVE1 and NVE2 and the two NVEs are connected via
tunnel in the Data Center. A set of tenant systems are attached to an IP tunnel in the Data Center. A set of tenant systems are
NVE1 on a server. The NVE2 resides on a DC Gateway device. NVE2 attached to NVE1 on a server. NVE2 resides on a DC Gateway device.
terminates the tunnel and uses the VNID on the packet to pass the NVE2 terminates the tunnel and uses the VNID on the packet to pass
packet to the corresponding vGW entity on the DC GW. A customer can the packet to the corresponding vGW entity on the DC GW (the vGW is
access their systems, i.e., TS1 or TSn, in the DC via Internet by the default gateway for the virtual network). A customer can access
using IPsec tunnel [RFC4301]. The IPsec tunnel is configured between their systems, i.e., TS1 or TSn, in the DC via the Internet by using
the vGW and the customer gateway at customer site. Either static an IPsec tunnel [RFC4301]. The IPsec tunnel is configured between
route or iBGP may be used for routes update. The vGW provides IPsec the vGW and the customer gateway at the customer site. Either a
functionality such as authentication scheme and encryption; iBGP static route or iBGP may be used for prefix advertisement. The vGW
protocol is carried within the IPsec tunnel. Some vGW features are provides IPsec functionality such as authentication scheme and
listed below: encryption; iBGP protocol traffic is carried within the IPsec tunnel.
Some vGW features are listed below:
o The vGW maintains the TS/NVE mappings and advertises the TS
prefix to the customer via static route or iBGP.
o Some vGW functions such as firewall and load balancer can be o Some vGW functions such as firewall and load balancer can be
performed by locally attached network appliance devices. performed by locally attached network appliance devices.
o The virtual network in DC may use different address space than o If the virtual network in the DC uses different address space
external users, then vGW needs to provide the NAT function. than external users, then the vGW needs to provide the NAT
function.
o More than one IPsec tunnels can be configured for the redundancy. o More than one IPsec tunnel can be configured for redundancy.
o vGW can be implemented on a server or VM. In this case, IP o The vGW can be implemented on a server or VM. In this case, IP
tunnels or IPsec tunnels can be used over DC infrastructure. tunnels or IPsec tunnels can be used over the DC infrastructure.
o DC operators need to construct a vGW for each customer. o DC operators need to construct a vGW for each customer.
Server+---------------+ Server+---------------+
| TS1 TSn | | TS1 TSn |
| |...| | | |...| |
| +-+---+-+ | Customer Site | +-+---+-+ | Customer Site
| | NVE1 | | +-----+ | | NVE1 | | +-----+
| +---+---+ | | CGW | | +---+---+ | | CGW |
+------+--------+ +--+--+ +------+--------+ +--+--+
skipping to change at page 7, line 34 skipping to change at page 7, line 41
| | NVE2 | | .-.' * ) | | NVE2 | | .-.' * )
| +---+---+ | ( * Internet ) | +---+---+ | ( * Internet )
| +---+---+. | ( * / | +---+---+. | ( * /
| | vGW | * * * * * * * * '-' '-' | | vGW | * * * * * * * * '-' '-'
| +-------+ | | IPsec \../ \.--/' | +-------+ | | IPsec \../ \.--/'
| +--------+ | Tunnel | +--------+ | Tunnel
+----------------+ +----------------+
DC Provider Site DC Provider Site
Figure 1 - DC Virtual Network Access via Internet Figure 1 - DC Virtual Network Access via the Internet
3.2. DC VN and SP WAN VPN Interconnection 3.2. DC VN and SP WAN VPN Interconnection
In this case, an Enterprise customer wants to use Service Provider In this case, an Enterprise customer wants to use a Service Provider
(SP) WAN VPN [RFC4364] [RFC7432] to interconnect its sites and a (SP) WAN VPN [RFC4364] [RFC7432] to interconnect its sites with a
virtual network in DC site. Service Provider constructs a VPN for virtual network in a DC site. The Service Provider constructs a VPN
the enterprise customer. Each enterprise site peers with a SP PE. for the enterprise customer. Each enterprise site peers with an SP
The DC Provider and VPN Service Provider can build a DC virtual PE. The DC Provider and VPN Service Provider can build a DC virtual
network (VN) and VPN independently and interconnects the VN and VPN network (VN) and VPN independently, and then interconnect them via a
via a local link or a tunnel between DC GW and WAN PE devices. The local link, or a tunnel between the DC GW and WAN PE devices. The
control plan interconnection options between the VN and VPN are control plane interconnection options between the DC and WAN are
described in RFC4364 [RFC4364]. In Option A with VRF-LITE [VRF-LITE], described in RFC4364 [RFC4364]. Using Option A with VRF-LITE [VRF-
both ASBRs, i.e., DC GW and SP PE, maintain a routing/forwarding LITE], both ASBRs, i.e., DC GW and SP PE, maintain a
table, and perform the table lookup in forwarding. In Option B, DC routing/forwarding table (VRF). Using Option B, the DC ASBR and SP
ASBR and SP ASBR do not maintain the forwarding table, it only ASBR do not maintain the VRF table; they only maintain the VN and
maintains the VN and VPN identifier mapping, and swap the VPN identifier mappings, i.e., label mapping, and swap the label on
identifiers on the packet in the forwarding process. Both option A the packets in the forwarding process. Both option A and B allow VN
and B requires tunnel termination. In option C, the VN and VPN use and VPN using own identifier and two identifiers are mapped at DC GW.
the same identifier, and Both ASBRs perform the tunnel stitching, With option C, the VN and VPN use the same identifier and both ASBRs
i.e., change the tunnel end points. Each option has pros/cons (see perform the tunnel stitching, i.e., tunnel segment mapping. Each
RFC4364) and has been deployed in SP networks depending on the option has pros/cons [RFC4364] and has been deployed in SP networks
applications. The BGP protocols can be used in these options for depending on the applications in use. BGP is used with these options
route distribution. Note that if the DC is the SP Data Center, the for route distribution between DCs and SP WANs. Note that if the DC
DC GW and SP PE in this case can be merged into one device that is the SP's Data Center, the DC GW and SP PE in this case can be
performs the interworking of the VN and VPN. merged into one device that performs the interworking of the VN and
VPN within an AS.
This configuration allows the enterprise networks communicating to The configurations above allow the enterprise networks to
the tenant systems attached to the VN in a DC provider site without communicate with the tenant systems attached to the VN in a DC
interfering with DC provider underlying physical networks and other without interfering with the DC provider's underlying physical
virtual networks in the DC. The enterprise can use its own address networks and other virtual networks. The enterprise can use its own
space in the VN. The DC provider can manage which VM and storage address space in the VN. The DC provider can manage which VM and
attaching to the VN. The enterprise customer manages what storage elements attach to the VN. The enterprise customer manages
applications to run on the VMs in the VN without the knowledge of which applications run on the VMs in the VN without knowing the
VMs location in the DC. (See Section 4 for more) location of the VMs in the DC. (See Section 4 for more)
Furthermore, in this use case, the DC operator can move the VMs Furthermore, in this use case, the DC operator can move the VMs
assigned to the enterprise from one sever to another in the DC assigned to the enterprise from one sever to another in the DC
without the enterprise customer awareness, i.e., no impact on the without the enterprise customer being aware, i.e., with no impact on
enterprise 'live' applications running these resources. Such the enterprise's 'live' applications. Such advanced technologies
advanced technologies bring DC providers great benefits in offering bring DC providers great benefits in offering cloud services, but
cloud applications but add some requirements for NVO3 [RFC7364] as add some requirements for NVO3 [RFC7364] as well.
well.
4. DC Applications Using NVO3 4. DC Applications Using NVO3
NVO3 technology brings DC operators the flexibility in designing and NVO3 technology provides DC operators with the flexibility in
deploying different applications in an end-to-end virtualization designing and deploying different applications in an end-to-end
overlay environment, where the operators no longer need to worry virtualization overlay environment. Operators no longer need to
about the constraints of the DC physical network configuration when worry about the constraints of the DC physical network configuration
creating VMs and configuring a virtual network. DC provider may use when creating VMs and configuring a virtual network. A DC provider
NVO3 in various ways and also use it in the conjunction with other may use NVO3 in various ways, in conjunction with other physical
physical networks in DC for a reason. This section just highlights networks and/or virtual networks in the DC for a reason. This
some use cases. section highlights some use cases for this goal.
4.1. Supporting Multiple Technologies and Applications 4.1. Supporting Multiple Technologies and Applications
Most likely servers deployed in a large data center are rolled in at Servers deployed in a large data center are often installed at
different times and may have different capacities/features. Some different times, and may have different capabilities/features. Some
servers may be virtualized, some may not; some may be equipped with servers may be virtualized, while others may not; some may be
virtual switches, some may not. For the ones equipped with equipped with virtual switches, while others may not. For the
hypervisor based virtual switches, some may support VxLAN [RFC7348] servers equipped with Hypervisor-based virtual switches, some may
encapsulation, some may support NVGRE encapsulation [NVGRE], and support VxLAN [RFC7348] encapsulation, some may support NVGRE
some may not support any types of encapsulation. To construct a encapsulation [RFC7637], and some may not support any encapsulation.
tenant network among these servers and the ToR switches, operators To construct a tenant network among these servers and the ToR
can construct one NVO3 virtual network and one traditional VLAN switches, operators can construct one traditional VLAN network and
network; or two virtual networks that one uses VxLAN encapsulation two virtual networks where one uses VxLAN encapsulation and the
and another uses NVGRE. other uses NVGRE, and interconnect these three networks via a
gateway or virtual GW. The GW performs packet
In these cases, a gateway device or virtual GW is used to encapsulation/decapsulation translation between the networks.
participate in two virtual networks. It performs the packet
encapsulation/decapsulation translation and may also perform address
translation, and etc.
A data center may be also constructed with multi-tier zones. Each A data center may be also constructed with multi-tier zones, where
zone has different access permissions and runs different each zone has different access permissions and runs different
applications. For example, the three-tier zone design has a front applications. For example, the three-tier zone design has a front
zone (Web tier) with Web applications, a mid zone (application tier) zone (Web tier) with Web applications, a mid zone (application tier)
with service applications such as payment and booking, and a back where service applications such as credit payment or ticket booking
zone (database tier) with Data. External users are only able to run, and a back zone (database tier) with Data. External users are
communicate with the Web application in the front zone. In this case, only able to communicate with the Web application in the front zone.
the communication between the zones must pass through the security In this case, communications between the zones must pass through the
GW/firewall. One virtual network can be configured in each zone and security GW/firewall. One virtual network can be configured in each
a GW is used to interconnect two virtual networks, i.e., two zones. zone and a GW can be used to interconnect two virtual networks, i.e.,
If individual zones use the different implementations, the GW needs two zones. If the virtual network in individual zones uses the
to support these implementations as well. different implementations, the GW needs to support these
implementations as well.
4.2. Tenant Network with Multiple Subnets 4.2. Tenant Network with Multiple Subnets
A tenant network may contain multiple subnets. The DC physical A tenant network may contain multiple subnets. The DC physical
network needs to support the connectivity for many tenant networks. network needs to support the connectivity for many such tenant
The inter-subnet policies may be placed at some designated gateway networks. In some cases, the inter-subnet policies can be placed at
devices only. Such design requires the inter-subnet traffic to be designated gateway devices. Such a design requires the inter-subnet
sent to one of the gateways first for the policy checking, which may traffic to be sent to one of the gateway devices first for the
cause traffic hairpin at the gateway in a DC. It is desirable that policy checking, which may cause traffic to "hairpin" at the gateway
an NVE can hold some policies and be able to forward inter-subnet in a DC. It is desirable for an NVE to be able to hold some policies
traffic directly. To reduce NVE burden, the hybrid design may be and be able to forward the inter-subnet traffic directly. To reduce
deployed, i.e., an NVE can perform forwarding for the selected the burden on the NVE, a hybrid design may be deployed, i.e., an NVE
inter-subnets and the designated GW performs for the rest. For can perform forwarding for selected inter-subnets while the
example, each NVE performs inter-subnet forwarding for a tenant, and designated GW performs forwarding for the rest. For example, each
the designated GW is used for inter-subnet traffic from/to the NVE performs inter-subnet forwarding for intra-DC traffic while the
different tenant networks. designated GW is used for traffic to/from a remote DC.
A tenant network may span across multiple Data Centers that are in A tenant network may span across multiple Data Centers that are at
difference locations. DC operators may configure an L2 VN within different locations. DC operators may configure an L2 VN within each
each DC and an L3 VN between DCs for a tenant network. For this DC and an L3 VN between DCs for a tenant network. For this
configuration, the virtual L2/L3 gateway can be implemented on DC GW configuration, the virtual L2/L3 gateway can be implemented on the
device. Figure 2 illustrates this configuration. DC GW device. Figure 2 illustrates this configuration.
Figure 2 depicts two DC sites. The site A constructs one L2 VN, say Figure 2 depicts two DC sites. Site A constructs one L2 VN, say
L2VNa, on NVE1, NVE2, and NVE3. NVE1 and NVE2 reside on the servers L2VNa, on NVE1, NVE2, and NVE5. NVE1 and NVE2 reside on the servers
which host multiple tenant systems. NVE3 resides on the DC GW device. which host multiple tenant systems. NVE5 resides on the DC GW device.
The site Z has similar configuration with L2VNz on NVE3, NVE4, and Site Z has similar configuration, with L2VNz on NVE3, NVE4, and NVE6.
NVE6. One L3 VN, say L3VNx, is configured on the NVE5 at site A and An L3 VN, L3VNx, is configured on NVE5 at Site A and the NVE6 at
the NVE6 at site Z. An internal Virtual Interface of Routing and Site Z. An internal Virtual Interface of Routing and Bridging (VIRB)
Bridging (VIRB) is used between L2VNI and L3VNI on NVE5 and NVE6, is used between the L2VNI and L3VNI on NVE5 and NVE6, respectively.
respectively. The L2VNI is the MAC/NVE mapping table and the L3VNI The L2VNI requires the MAC/NVE mapping table and the L3VNI requires
is the IP prefix/NVE mapping table. A packet to the NVE5 from L2VNa the IP prefix/NVE mapping table. A packet arriving at NVE5 from
will be decapsulated and converted into an IP packet and then L2VNa will be decapsulated, converted into an IP packet, and then
encapsulated and sent to the site Z. The policies can be checked at encapsulated and sent to Site Z. A packet to NVE5 from L3VNx will be
VIRB. decapsulated, converted into a MAC frame, and then encapsulated and
sent within Site A. The ARP protocol [RFC826] can be used to get the
MAC address for an IP address in the L2VNa. The policies can be
checked at the VIRB.
Note that the L2VNa, L2VNz, and L3VNx in Figure 2 are NVO3 virtual Note that L2VNa, L2VNz, and L3VNx in Figure 2 are NVO3 virtual
networks. networks.
NVE5/DCGW+------------+ +-----------+ NVE6/DCGW NVE5/DCGW+------------+ +-----------+ NVE6/DCGW
| +-----+ | '''''''''''''''' | +-----+ | | +-----+ | '''''''''''''''' | +-----+ |
| |L3VNI+----+' L3VNx '+---+L3VNI| | | |L3VNI+----+' L3VNx '+---+L3VNI| |
| +--+--+ | '''''''''''''''' | +--+--+ | | +--+--+ | '''''''''''''''' | +--+--+ |
| |VIRB | | VIRB| | | |VIRB | | VIRB| |
| +--+---+ | | +---+--+ | | +--+--+ | | +--+--+ |
| |L2VNIs| | | |L2VNIs| | | |L2VNI| | | |L2VNI| |
| +--+---+ | | +---+--+ | | +--+--+ | | +--+--+ |
+----+-------+ +------+----+ +----+-------+ +------+----+
''''|'''''''''' ''''''|''''''' ''''|'''''''''' ''''''|'''''''
' L2VNa ' ' L2VNz ' ' L2VNa ' ' L2VNz '
NVE1/S ''/'''''''''\'' NVE2/S NVE3/S'''/'''''''\'' NVE4/S NVE1/S ''/'''''''''\'' NVE2/S NVE3/S'''/'''''''\'' NVE4/S
+-----+---+ +----+----+ +------+--+ +----+----+ +-----+---+ +----+----+ +------+--+ +----+----+
| +--+--+ | | +--+--+ | | +---+-+ | | +--+--+ | | +--+--+ | | +--+--+ | | +---+-+ | | +--+--+ |
| |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| |
| ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ |
+--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+
|...| |...| |...| |...| |...| |...| |...| |...|
skipping to change at page 10, line 41 skipping to change at page 11, line 4
' L2VNa ' ' L2VNz ' ' L2VNa ' ' L2VNz '
NVE1/S ''/'''''''''\'' NVE2/S NVE3/S'''/'''''''\'' NVE4/S NVE1/S ''/'''''''''\'' NVE2/S NVE3/S'''/'''''''\'' NVE4/S
+-----+---+ +----+----+ +------+--+ +----+----+ +-----+---+ +----+----+ +------+--+ +----+----+
| +--+--+ | | +--+--+ | | +---+-+ | | +--+--+ | | +--+--+ | | +--+--+ | | +---+-+ | | +--+--+ |
| |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| | | |L2VNI| |
| ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ | | ++---++ |
+--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+ +--+---+--+
|...| |...| |...| |...| |...| |...| |...| |...|
Tenant Systems Tenant Systems Tenant Systems Tenant Systems
DC Site A DC Site Z DC Site A DC Site Z
Figure 2 - Tenant Virtual Network with Bridging/Routing Figure 2 - Tenant Virtual Network with Bridging/Routing
4.3. Virtualized Data Center (vDC) 4.3. Virtualized Data Center (vDC)
An Enterprise Data Center today may deploy routers, switches, and An Enterprise Data Center today may deploy routers, switches, and
network appliance devices to construct its internal network, DMZ, network appliance devices to construct its internal network, DMZ,
and external network access; it may have many servers and storage and external network access; it may have many servers and storage
running various applications. With NVO3 technology, a DC Provider running various applications. With NVO3 technology, a DC Provider
can construct a virtualized DC over its DC infrastructure and offer can construct a virtualized DC over its physical DC infrastructure
a virtual DC service to enterprise customers. A vDC at DC Provider and offer a virtual DC service to enterprise customers. A vDC at the
site provides the same capability as a physical DC at the customer DC Provider site provides the same capability as a physical DC at
site. A customer manages what and how applications to run in its the customer site. A customer manages their own applications running
vDC. DC Provider can further offer different network service in their vDC. A DC Provider can further offer different network
functions to a vDC. The network service functions may include service functions to the customer. The network service functions may
firewall, DNS, load balancer, gateway, and etc. include firewall, DNS, load balancer, gateway, etc.
Figure 3 below illustrates one scenario. For the simple Figure 3 below illustrates one such scenario. For simplicity, it
illustration, it only shows the L3 VN or L2 VN in abstraction. In only shows the L3 VN or L2 VN in abstraction. In this example, the
this example, DC Provider operators create several L2 VNs (L2VNx, DC Provider operators create several L2 VNs (L2VNx, L2VNy, L2VNz) to
L2VNy, L2VNz) to group the tenant systems together per application group the tenant systems together on a per-application basis, and
basis, create one L3 VN, e.g., VNa for the internal routing. A one L3 VN (L3VNa) for the internal routing. A network firewall and
network function, firewall and gateway, runs on a VM or server that gateway runs on a VM or server that connects to L3VNa and is used
connects to the L3VNa and is used for inbound and outbound traffic for inbound and outbound traffic processing. A load balancer (LB) is
process. A load balancer (LB) is used in L2 VNx. A VPN is also built used in L2VNx. A VPN is also built between the gateway and
between the gateway and enterprise router. Enterprise customer runs enterprise router. The Enterprise customer runs Web/Mail/Voice
Web/Mail/Voice applications on VMs at the provider DC site that can applications on VMs at the provider DC site which may be spread
spread out on many servers; the users at Enterprise site access the across many servers. The users at the Enterprise site access the
applications running in the provider DC site via the VPN; Internet applications running in the provider DC site via the VPN; Internet
users access these applications via the gateway/firewall at the users access these applications via the gateway/firewall at the
provider DC. provider DC.
Enterprise customer decides which applications are accessed by The Enterprise customer decides which applications should be
intranet only and which by both intranet and extranet and configures accessible only via the intranet and which should be assessable via
the proper security policy and gateway function at firewall/gateway. both the intranet and Internet, and configures the proper security
Furthermore an enterprise customer may want multi-zones in a vDC policy and gateway function at the firewall/gateway. Furthermore, an
(See section 4.1) for the security and/or set different QoS levels enterprise customer may want multi-zones in a vDC (See section 4.1)
for the different applications. for the security and/or the ability to set different QoS levels for
the different applications.
The vDC use case requires the NVO3 solution to provide the DC The vDC use case requires the NVO3 solution to provide DC operators
operators an easy and quick way to create a VN and NVEs for any vDC with an easy and quick way to create a VN and NVEs for any vDC
design, to allocate TSs and assign TSs to the corresponding VN, and design, to allocate TSs and assign TSs to the corresponding VN, and
to illustrate vDC topology and manage/configure individual elements to illustrate vDC topology and manage/configure individual elements
in the vDC via the vDC topology. in the vDC in a secure way.
Internet ^ Internet Internet ^ Internet
| |
^ +--+---+ ^ +--+---+
| | GW | | | GW |
| +--+---+ | +--+---+
| | | |
+-------+--------+ +--+---+ +-------+--------+ +--+---+
|Firewall/Gateway+--- VPN-----+router| |Firewall/Gateway+--- VPN-----+router|
+-------+--------+ +-+--+-+ +-------+--------+ +-+--+-+
| | | | | |
...+.... |..| ...+.... |..|
+-------: L3 VNa :---------+ LANs +-------: L3 VNa :---------+ LANs
+-+-+ ........ | +-+-+ ........ |
|LB | | | Enterprise Site |LB | | | Enterprise Site
+-+-+ | | +-+-+ | |
...+... ...+... ...+... ...+... ...+... ...+...
: L2VNx : : L2VNy : : L2VNx : : L2VNx : : L2VNy : : L2VNz :
....... ....... ....... ....... ....... .......
|..| |..| |..| |..| |..| |..|
| | | | | | | | | | | |
Web Apps Mail Apps VoIP Apps Web Apps Mail Apps VoIP Apps
Provider DC Site Provider DC Site
Figure 3 - Virtual Data Center (vDC) Figure 3 - Virtual Data Center (vDC)
5. Summary 5. Summary
This document describes some general potential use cases of NVO3 in This document describes some general and potential NVO3 use cases in
DCs. The combination of these cases will give operators flexibility DCs. The combination of these cases will give operators the
and capability to design more sophisticated cases for various cloud flexibility and capability to design more sophisticated cases for
applications. various cloud applications.
DC services may vary from infrastructure as a service (IaaS), DC services may vary, from infrastructure as a service (IaaS), to
platform as a service (PaaS), to software as a service (SaaS), in platform as a service (PaaS), to software as a service (SaaS).
which NVO3 virtual networks are just a portion of such services. In these services, NVO3 virtual networks are just a portion of such
services.
NVO3 uses tunnel technique so that two NVEs appear as one hop to NVO3 uses tunnel techniques to deliver VN traffic over an IP network.
each other in a virtual network. Many tunneling technologies can A tunnel encapsulation protocol is necessary. An NVO3 tunnel may in
serve this function. The tunneling may in turn be tunneled over turn be tunneled over other intermediate tunnels over the Internet
other intermediate tunnels over the Internet or other WANs. or other WANs.
A DC virtual network may be accessed by external users in a secure An NVO3 virtual network in a DC may be accessed by external users in
way. Many existing technologies can help achieve this. a secure way. Many existing technologies can help achieve this.
NVO3 implementations may vary. Some DC operators prefer to use NVO3 implementations may vary. Some DC operators prefer to use a
centralized controller to manage tenant system reachbility in a centralized controller to manage tenant system reachability in a
virtual network, other prefer to use distributed protocols to virtual network, while other operators prefer to use distribution
advertise the tenant system location, i.e., NVE location. When a protocols to advertise the tenant system location, i.e., NVE
tenant network spans across multiple DCs and WANs, each network location. When a tenant network spans across multiple DCs and WANs,
administration domain may use different methods to distribute the each network administration domain may use different methods to
tenant system locations. Both control plane and data plane distribute the tenant system locations. Both control plane and data
interworking are necessary. plane interworking are necessary.
6. Security Considerations 6. Security Considerations
Security is a concern. DC operators need to provide a tenant a Security is a concern. DC operators need to provide a tenant with a
secured virtual network, which means one tenant's traffic isolated secured virtual network, which means one tenant's traffic is
from other tenant's traffic and non-tenant's traffic; they also need isolated from other tenants' traffic as well as from non-tenants'
to prevent DC underlying network from any tenant application traffic. DC operators also need to prevent against a tenant
attacking through the tenant virtual network or one tenant application attacking their underlying DC network through the
application attacking another tenant application via DC tenant's virtual network; further, they need to protect against a
tenant application attacking another tenant application via the DC
infrastructure network. For example, a tenant application attempts infrastructure network. For example, a tenant application attempts
to generate a large volume of traffic to overload DC underlying to generate a large volume of traffic to overload the DC's
network. The NVO3 solution has to address these issues. underlying network. An NVO3 solution has to address these issues.
7. IANA Considerations 7. IANA Considerations
This document does not request any action from IANA. This document does not request any action from IANA.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC7364] Narten, T., et al "Problem Statement: Overlays for Network [RFC7364] Narten, T., et al "Problem Statement: Overlays for Network
skipping to change at page 14, line 5 skipping to change at page 14, line 9
8.2. Informative References 8.2. Informative References
[IEEE 802.1Q] IEEE, "IEEE Standard for Local and metropolitan area [IEEE 802.1Q] IEEE, "IEEE Standard for Local and metropolitan area
networks -- Media Access Control (MAC) Bridges and Virtual networks -- Media Access Control (MAC) Bridges and Virtual
Bridged Local Area", IEEE Std 802.1Q, 2011. Bridged Local Area", IEEE Std 802.1Q, 2011.
[NVO3HYVR2NVE] Li, Y., et al, "Hypervisor to NVE Control Plane [NVO3HYVR2NVE] Li, Y., et al, "Hypervisor to NVE Control Plane
Requirements", draft-ietf-nvo3-hpvr2nve-cp-req-01, work in Requirements", draft-ietf-nvo3-hpvr2nve-cp-req-01, work in
progress. progress.
[NVGRE] Sridharan, M., "NVGRE: Network Virtualization using Generic
Routing Encapsulation", draft-sridharan-virtualization-
nvgre-07, work in progress.
[NVO3ARCH] Black, D., et al, "An Architecture for Overlay Networks [NVO3ARCH] Black, D., et al, "An Architecture for Overlay Networks
(NVO3)", draft-ietf-nvo3-arch-02, work in progress. (NVO3)", draft-ietf-nvo3-arch-02, work in progress.
[NVO3MCAST] Ghanwani, A., "Framework of Supporting Applications [NVO3MCAST] Ghanwani, A., "Framework of Supporting Applications
Specific Multicast in NVO3", draft-ghanwani-nvo3-app- Specific Multicast in NVO3", draft-ghanwani-nvo3-app-
mcast-framework-02, work in progress. mcast-framework-02, work in progress.
[RFC1035] Mockapetris, P., "DOMAIN NAMES - Implementation and
Specification", RFC1035, November 1987.
[RFC1631] Egevang, K., Francis, P., "The IP network Address
Translator (NAT)", RFC1631, May 1994.
[RFC4301] Kent, S., "Security Architecture for the Internet [RFC4301] Kent, S., "Security Architecture for the Internet
Protocol", rfc4301, December 2005 Protocol", rfc4301, December 2005
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private
Networks (VPNs)", RFC 4364, February 2006. Networks (VPNs)", RFC 4364, February 2006.
[RFC7348] Mahalingam,M., Dutt, D., ific Multicast in etc "VXLAN: A [RFC7348] Mahalingam,M., Dutt, D., ific Multicast in etc "VXLAN: A
Framework for Overlaying Virtualized Layer 2 Networks over Framework for Overlaying Virtualized Layer 2 Networks over
Layer 3 Networks", RFC7348 August 2014. Layer 3 Networks", RFC7348 August 2014.
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A. and [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A. and
J. Uttaro, "BGP MPLS Based Ethernet VPN", RFC7432, J. Uttaro, "BGP MPLS Based Ethernet VPN", RFC7432,
February 2015 February 2015
[RFC7637] Garg, P., and Wang, Y., "NVGRE: Network Virtualization
using Generic Routing Encapsulation", RFC7637, Sept. 2015.
[VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com [VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com
Contributors Contributors
Vinay Bannai Vinay Bannai
PayPal PayPal
2211 N. First St, 2211 N. First St,
San Jose, CA 95131 San Jose, CA 95131
Phone: +1-408-967-7784 Phone: +1-408-967-7784
Email: vbannai@paypal.com Email: vbannai@paypal.com
skipping to change at page 14, line 40 skipping to change at page 15, line 4
[VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com [VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com
Contributors Contributors
Vinay Bannai Vinay Bannai
PayPal PayPal
2211 N. First St, 2211 N. First St,
San Jose, CA 95131 San Jose, CA 95131
Phone: +1-408-967-7784 Phone: +1-408-967-7784
Email: vbannai@paypal.com Email: vbannai@paypal.com
Ram Krishnan Ram Krishnan
Brocade Communications Brocade Communications
San Jose, CA 95134 San Jose, CA 95134
Phone: +1-408-406-7890 Phone: +1-408-406-7890
Email: ramk@brocade.com Email: ramk@brocade.com
Kieran Milne
Juniper Networks
1133 Innovation Way
Sunnyvale, CA 94089
Phone: +1-408-745-2000
Email: kmilne@juniper.net
Acknowledgements Acknowledgements
Authors like to thank Sue Hares, Young Lee, David Black, Pedro Authors like to thank Sue Hares, Young Lee, David Black, Pedro
Marques, Mike McBride, David McDysan, Randy Bush, Uma Chunduri, and Marques, Mike McBride, David McDysan, Randy Bush, Uma Chunduri, and
Eric Gray for the review, comments, and suggestions. Eric Gray for the review, comments, and suggestions.
Authors' Addresses Authors' Addresses
Lucy Yong Lucy Yong
Huawei Technologies Huawei Technologies
 End of changes. 67 change blocks. 
287 lines changed or deleted 306 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/