idnits 2.17.1 draft-ietf-nvo3-use-case-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 3, 2016) is 2759 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-17) exists of draft-ietf-nvo3-hpvr2nve-cp-req-05 Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group L. Yong 2 Internet Draft L. Dunbar 3 Category: Informational Huawei 4 M. Toy 6 A. Isaac 7 Juniper Networks 8 V. Manral 9 Ionos Networks 11 Expires: April 2017 October 3, 2016 13 Use Cases for Data Center Network Virtualization Overlays 15 draft-ietf-nvo3-use-case-11 17 Abstract 19 This document describes data center network virtualization over 20 layer (NVO3) use cases that can be deployed in various data centers 21 and serve different applications. 23 Status of this Memo 25 This Internet-Draft is submitted to IETF in full conformance with 26 the provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six 34 months and may be updated, replaced, or obsoleted by other documents 35 at any time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/ietf/1id-abstracts.txt. 41 The list of Internet-Draft Shadow Directories can be accessed at 42 http://www.ietf.org/shadow.html. 44 This Internet-Draft will expire on April 3, 2017. 46 Copyright Notice 48 Copyright (c) 2016 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with 56 respect to this document. Code Components extracted from this 57 document must include Simplified BSD License text as described in 58 Section 4.e of the Trust Legal Provisions and are provided without 59 warranty as described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction...................................................3 64 1.1. Terminology...............................................4 65 2. Basic NVO3 Networks............................................5 66 3. DC NVO3 Network and External Network Interconnection...........6 67 3.1. DC NVO3 Network Access via the Internet...................6 68 3.2. DC NVO3 Network and SP WAN VPN Interconnection............8 69 4. DC Applications Using NVO3.....................................8 70 4.1. Supporting Multiple Technologies..........................9 71 4.2. DC Application with Multiple Virtual Networks.............9 72 4.3. Virtual Data Center (vDC)................................10 73 5. Summary.......................................................12 74 6. Security Considerations.......................................12 75 7. IANA Considerations...........................................12 76 8. References....................................................13 77 8.1. Normative References.....................................13 78 8.2. Informative References...................................13 79 Contributors.....................................................14 80 Acknowledgements.................................................14 81 Authors' Addresses...............................................14 83 1. Introduction 85 Server virtualization has changed the Information Technology (IT) 86 industry in terms of the efficiency, cost, and speed of providing 87 new applications and/or services such as cloud applications. However 88 traditional data center (DC) networks have some limits in supporting 89 cloud applications and multi tenant networks [RFC7364]. The goal of 90 data center network virtualization overlay (NVO3) network is to 91 decouple the communication among tenant systems from DC physical 92 infrastructure networks and to allow one physical network 93 infrastructure to provide: 95 o Multi-tenant virtual networks and traffic isolation among the 96 virtual networks over the same physical network. 98 o Independent address spaces in individual virtual networks such as 99 MAC, IP, TCP/UDP etc. 101 o Flexible Virtual Machines (VM) and/or workload placement 102 including the ability to move them from one server to another 103 without requiring VM address and configuration changes, and the 104 ability to perform a "hot move" with no disruption to the live 105 application running on VMs. 107 These characteristics of NVO3 help address the issues that cloud 108 applications face in Data Centers [RFC7364]. 110 An NVO3 network may interconnect with another NVO3 network on the 111 same physical network, or another physical network (i.e., not the 112 physical network that the NVO3 network is over), via a gateway. The 113 use case examples for the latter are: 1) DCs that migrate toward an 114 NVO3 solution will be done in steps, where a portion of tenant 115 systems in a VN is on virtualized servers while others exist on a 116 LAN. 2) many DC applications serve to Internet users who are on 117 physical networks; 3) some applications are CPU bound, such as Big 118 Data analytics, and may not run on virtualized resources. Some 119 inter-VN policies can be enforced at the gateway. 121 This document describes general NVO3 use cases that apply to various 122 data centers. The use cases described here represent DC provider's 123 interests and vision for their cloud services. The document groups 124 the use cases into three categories from simple to advance in term 125 of implementation. However the implementations of these use cases 126 are outside the scope of this document. These three categories are 127 highlighted below: 129 o Basic NVO3 networks (Section 2). All Tenant Systems (TS) in the 130 network are located within the same DC. The individual networks 131 can be either Layer 2 (L2) or Layer 3 (L3). The number of NVO3 132 networks in a DC is much higher than what traditional VLAN based 133 virtual networks [IEEE 802.1Q] can support. This case is often 134 referred as to the DC East-West traffic. 136 o A virtual network that spans across multiple Data Centers and/or 137 to customer premises where NVO3 networks are constructed and 138 interconnect another virtual or physical network outside the data 139 center. An enterprise customer may use a traditional carrier VPN 140 or an IPsec tunnel over the Internet to communicate with its 141 systems in the DC. This is described in Section 3. 143 o DC applications or services require an advanced network that 144 contains several NVO3 networks that are interconnected by the 145 gateways. Three scenarios are described in Section 4: 1) 146 supporting multiple technologies; 2) constructing several virtual 147 networks as a tenant network; 3) applying NVO3 to a virtual Data 148 Center (vDC). 150 The document uses the architecture reference model defined in 151 [RFC7365] to describe the use cases. 153 1.1. Terminology 155 This document uses the terminologies defined in [RFC7365] and 156 [RFC4364]. Some additional terms used in the document are listed 157 here. 159 DMZ: Demilitarized Zone. A computer or small sub-network that sits 160 between a trusted internal network, such as a corporate private LAN, 161 and an un-trusted external network, such as the public Internet. 163 DNS: Domain Name Service [RFC1035] 165 DC Operator: A role who is responsible to construct and manage cloud 166 service instances in their life-cycle and manage DC infrastructure 167 that runs these cloud instances. 169 DC Provider: A company that uses its DC infrastructure to offer 170 cloud services to its customers. 172 NAT: Network Address Translation [RFC3022] 174 vGW: virtual Gateway; a gateway component used for an NVO3 virtual 175 network to interconnect with another virtual/physical network. 177 2. Basic NVO3 Networks 179 An NVO3 network provides communications among Tenant Systems (TS) in 180 a DC. A TS can be a physical server/device or a virtual machine (VM) 181 on a server, i.e., end-device [RFC7365]. A DC provider often uses 182 NVO3 networks for its internal applications in which each 183 application runs on many VMs or physical services and requires 184 application segregation. 186 A Network Virtual Edge (NVE) is an NVO3 architecture component 187 [RFC7365]]. It is responsible to forward and encapsulate the NVO3 188 traffic in outbound direction; and decapsulate and forward the NVO3 189 traffic in inbound direction [NVO3ARCH]. A Network Virtualization 190 Authority (NVA) is another NVO3 architecture component [RFC7365]. An 191 NVE obtains the reachability information of tenant systems in a NVO3 192 network from the NVA. The tenant systems attached to the same NVE 193 may belong to a same or different NVO3 networks. 195 The network virtualization overlay in this context means that a 196 virtual network is implemented with an overlay technology, i.e., 197 within a DC, NVO3 traffic is encapsulated at an NVE and carried by a 198 tunnel to another NVE where the packet is decapsulated and sent to a 199 target tenant system [NVO3ARCH]. This architecture decouples a NVO3 200 network construction from the DC physical network configuration, 201 which provides the flexibility for VM placement and mobility. It 202 also means that the nodes in the infrastructure network (except 203 tunnel end point nodes) carry encapsulated NVO3 traffic but not 204 aware of the existence of NVO3 networks. In the architecture 205 [NVO3ARCH], one tunnel can carry NVO3 traffic belonging to different 206 NVO3 networks; a virtual network identifier is used in an NVO3 207 encapsulation protocol to differentiate NVO3 traffic. 209 An NVO3 network may be an L2 or L3 domain. The network provides 210 switching (L2) or routing (L3) capability to support host (i.e. 211 tenent systems) communications. An NVO3 network may required to 212 carry unicast traffic and/or multicast, broadcast/unknown (for L2 213 only) traffic from/to tenant systems. There are several ways to 214 transport NVO3 network BUM traffic [NVO3MCAST]. 216 It is worth mentioning two distinct cases regarding to NVE location. 217 The first is where TSs and an NVE are co-located on a single end 218 host/device, which means that the NVE can be aware of the TS's state 219 at any time via an internal API. The second is where TSs and an NVE 220 are not co-located, with the NVE residing on a network device; in 221 this case, a protocol is necessary to allow the NVE to be aware of 222 the TS's state [NVO3HYVR2NVE]. 224 One NVO3 network can provide connectivity to many TSs that attach to 225 many different NVEs in a DC. TS dynamic placement and mobility 226 results in frequent changes of the binding between a TS and an NVE. 227 The TS reachability update mechanisms need be fast enough so that 228 the updates do not cause any communication disruption/interruption. 229 The capability of supporting many TSs in a virtual network and many 230 more virtual networks in a DC is critical for the NVO3 solution. 232 If a virtual network spans across multiple DC sites, one design 233 using NVO3 is to allow the network to seamlessly span across the 234 sites without DC gateway routers' termination. In this case, the 235 tunnel between a pair of NVEs can be carried within other 236 intermediate tunnels over the Internet or other WANs, or an intra DC 237 tunnel and inter DC tunnel(s) can be stitched together to form an 238 end-to-end tunnel between the pair of NVEs that are in different DC 239 sites. Both cases will form one virtual network across multiple DC 240 sites. 242 3. DC NVO3 Network and External Network Interconnection 244 Many customers (an enterprise or individuals) who utilize a DC 245 provider's compute and storage resources to run their applications 246 need to access their systems hosted in a DC through Internet or 247 Service Providers' Wide Area Networks (WAN). A DC provider can 248 construct a NVO3 network that provides connectivity to all the 249 resources designated for a customer and allows the customer to 250 access the resources via a virtual gateway (vGW). This, in turn, 251 becomes the case of interconnecting an NVO3 network and the virtual 252 private network (VPN) on the Internet or wide-area networks (WAN). 253 Note that a VPN is not implemented by NVO3 solution. Two use cases 254 are described here. 256 3.1. DC NVO3 Network Access via the Internet 258 A customer can connect to an NVO3 network via the Internet in a 259 secure way. Figure 1 illustrates an example of this case. The NVO3 260 network has an instance at NVE1 and NVE2 and the two NVEs are 261 connected via an IP tunnel in the Data Center. A set of tenant 262 systems are attached to NVE1 on a server. NVE2 resides on a DC 263 Gateway device. NVE2 terminates the tunnel and uses the VNID on the 264 packet to pass the packet to the corresponding vGW entity on the DC 265 GW (the vGW is the default gateway for the virtual network). A 266 customer can access their systems, i.e., TS1 or TSn, in the DC via 267 the Internet by using an IPsec tunnel [RFC4301]. The IPsec tunnel is 268 configured between the vGW and the customer gateway at the customer 269 site. Either a static route or iBGP may be used for prefix 270 advertisement. The vGW provides IPsec functionality such as 271 authentication scheme and encryption; iBGP protocol traffic is 272 carried within the IPsec tunnel. Some vGW features are listed below: 274 o The vGW maintains the TS/NVE mappings and advertises the TS 275 prefix to the customer via static route or iBGP. 277 o Some vGW functions such as firewall and load balancer can be 278 performed by locally attached network appliance devices. 280 o If the NVO3 network uses different address space than external 281 users, then the vGW needs to provide the NAT function. 283 o More than one IPsec tunnel can be configured for redundancy. 285 o The vGW can be implemented on a server or VM. In this case, IP 286 tunnels or IPsec tunnels can be used over the DC infrastructure. 288 o DC operators need to construct a vGW for each customer. 290 Server+---------------+ 291 | TS1 TSn | 292 | |...| | 293 | +-+---+-+ | Customer Site 294 | | NVE1 | | +-----+ 295 | +---+---+ | | CGW | 296 +------+--------+ +--+--+ 297 | * 298 L3 Tunnel * 299 | * 300 DC GW +------+---------+ .--. .--. 301 | +---+---+ | ( '* '.--. 302 | | NVE2 | | .-.' * ) 303 | +---+---+ | ( * Internet ) 304 | +---+---+. | ( * / 305 | | vGW | * * * * * * * * '-' '-' 306 | +-------+ | | IPsec \../ \.--/' 307 | +--------+ | Tunnel 308 +----------------+ 310 DC Provider Site 312 Figure 1 - DC Virtual Network Access via the Internet 314 3.2. DC NVO3 Network and SP WAN VPN Interconnection 316 In this case, an Enterprise customer wants to use a Service Provider 317 (SP) WAN VPN [RFC4364] [RFC7432] to interconnect its sites with an 318 NVO3 network in a DC site. The Service Provider constructs a VPN for 319 the enterprise customer. Each enterprise site peers with an SP PE. 320 The DC Provider and VPN Service Provider can build an NVO3 network 321 and a WAN VPN independently, and then interconnect them via a local 322 link, or a tunnel between the DC GW and WAN PE devices. The control 323 plane interconnection options between the DC and WAN are described 324 in RFC4364 [RFC4364]. Using Option A with VRF-LITE [VRF-LITE], both 325 ASBRs, i.e., DC GW and SP PE, maintain a routing/forwarding table 326 (VRF). Using Option B, the DC ASBR and SP ASBR do not maintain the 327 VRF table; they only maintain the NVO3 network and VPN identifier 328 mappings, i.e., label mapping, and swap the label on the packets in 329 the forwarding process. Both option A and B allow the NVO3 network 330 and VPN using own identifier and two identifiers are mapped at DC GW. 331 With option C, the VN and VPN use the same identifier and both ASBRs 332 perform the tunnel stitching, i.e., tunnel segment mapping. Each 333 option has pros/cons [RFC4364] and has been deployed in SP networks 334 depending on the applications in use. BGP is used with these options 335 for route distribution between DCs and SP WANs. Note that if the DC 336 is the SP's Data Center, the DC GW and SP PE in this case can be 337 merged into one device that performs the interworking of the VN and 338 VPN within an AS. 340 The configurations above allow the enterprise networks to 341 communicate with the tenant systems attached to the NVO3 network in 342 the DC without interfering with the DC provider's underlying 343 physical networks and other NVO3 networks in the DC. The enterprise 344 can use its own address space in the NVO3 network. The DC provider 345 can manage which VM and storage elements attach to the NVO3 network. 346 The enterprise customer manages which applications run on the VMs 347 without knowing the location of the VMs in the DC. (See Section 4 348 for more) 350 Furthermore, in this use case, the DC operator can move the VMs 351 assigned to the enterprise from one sever to another in the DC 352 without the enterprise customer being aware, i.e., with no impact on 353 the enterprise's 'live' applications. Such advanced technologies 354 bring DC providers great benefits in offering cloud services, but 355 add some requirements for NVO3 [RFC7364] as well. 357 4. DC Applications Using NVO3 359 NVO3 technology provides DC operators with the flexibility in 360 designing and deploying different applications in an end-to-end 361 virtualization overlay environment. The operators no longer need to 362 worry about the constraints of the DC physical network configuration 363 when creating VMs and configuring a network to connect them. A DC 364 provider may use NVO3 in various ways, in conjunction with other 365 physical networks and/or virtual networks in the DC for a reason. 366 This section highlights some use cases for this goal. 368 4.1. Supporting Multiple Technologies 370 Servers deployed in a large data center are often installed at 371 different times, and may have different capabilities/features. Some 372 servers may be virtualized, while others may not; some may be 373 equipped with virtual switches, while others may not. For the 374 servers equipped with Hypervisor-based virtual switches, some may 375 support VxLAN [RFC7348] encapsulation, some may support NVGRE 376 encapsulation [RFC7637], and some may not support any encapsulation. 377 To construct a tenant network among these servers and the ToR 378 switches, operators can construct one traditional VLAN network and 379 two virtual networks where one uses VxLAN encapsulation and the 380 other uses NVGRE, and interconnect these three networks via a 381 gateway or virtual GW. The GW performs packet 382 encapsulation/decapsulation translation between the networks. 384 Another case is that some software of a tenant is high CPU and 385 memory consumption, which only makes a sense to run on metal servers; 386 other software of the tenant may be good to run on VMs. However 387 provider DC infrastructure is configured to use NVO3 to connect to 388 VMs and VLAN [IEEE802.1Q] connect to metal services. The tenant 389 network requires interworking between NVO3 and traditional VLAN. 391 4.2. DC Application with Multiple Virtual Networks 393 A DC application may necessarily be constructed with multi-tier 394 zones, where each zone has different access permissions and runs 395 different applications. For example, a three-tier zone design has a 396 front zone (Web tier) with Web applications, a mid zone (application 397 tier) where service applications such as credit payment or ticket 398 booking run, and a back zone (database tier) with Data. External 399 users are only able to communicate with the Web application in the 400 front zone; the back zone can only receive traffic from the 401 application zone. In this case, communications between the zones 402 must pass through a GW/firewall. Each zone can be implemented by one 403 NVO3 network and a GW/firewall can be used to between two NVO3 404 networks, i.e., two zones. As a result, a tunnel carrying NVO3 405 network traffic must be terminated at the GW/firewall where the NVO3 406 traffic is processed. 408 4.3. Virtual Data Center (vDC) 410 An enterprise data center today may deploy routers, switches, and 411 network appliance devices to construct its internal network, DMZ, 412 and external network access; it may have many servers and storage 413 running various applications. With NVO3 technology, a DC Provider 414 can construct a virtual Data Center (vDC) over its physical DC 415 infrastructure and offer a virtual Data Center service to enterprise 416 customers. A vDC at the DC Provider site provides the same 417 capability as the physical DC at a customer site. A customer manages 418 its own applications running in its vDC. A DC Provider can further 419 offer different network service functions to the customer. The 420 network service functions may include firewall, DNS, load balancer, 421 gateway, etc. 423 Figure 2 below illustrates one such scenario at service abstraction 424 level. In this example, the vDC contains several L2 VNs (L2VNx, 425 L2VNy, L2VNz) to group the tenant systems together on a per- 426 application basis, and one L3 VN (L3VNa) for the internal routing. A 427 network firewall and gateway runs on a VM or server that connects to 428 L3VNa and is used for inbound and outbound traffic processing. A 429 load balancer (LB) is used in L2VNx. A VPN is also built between the 430 gateway and enterprise router. An Enterprise customer runs 431 Web/Mail/Voice applications on VMs within the vDC. The users at the 432 Enterprise site access the applications running in the vDC via the 433 VPN; Internet users access these applications via the 434 gateway/firewall at the provider DC site. 436 Internet ^ Internet 437 | 438 ^ +--+---+ 439 | | GW | 440 | +--+---+ 441 | | 442 +-------+--------+ +--+---+ 443 |Firewall/Gateway+--- VPN-----+router| 444 +-------+--------+ +-+--+-+ 445 | | | 446 ...+.... |..| 447 +-------: L3 VNa :---------+ LANs 448 +-+-+ ........ | 449 |LB | | | Enterprise Site 450 +-+-+ | | 451 ...+... ...+... ...+... 452 : L2VNx : : L2VNy : : L2VNz : 453 ....... ....... ....... 454 |..| |..| |..| 455 | | | | | | 456 Web App. Mail App. VoIP App. 458 Provider DC Site 460 Figure 2 - Virtual Data Center Abstraction View 462 The enterprise customer decides which applications should be 463 accessible only via the intranet and which should be assessable via 464 both the intranet and Internet, and configures the proper security 465 policy and gateway function at the firewall/gateway. Furthermore, an 466 enterprise customer may want multi-zones in a vDC (See section 4.2) 467 for the security and/or the ability to set different QoS levels for 468 the different applications. 470 The vDC use case requires an NVO3 solution to provide DC operators 471 with an easy and quick way to create an NVO3 network and NVEs for 472 any vDC design, to allocate TSs and assign TSs to the corresponding 473 NVO3 network, and to illustrate vDC topology and manage/configure 474 individual elements in the vDC in a secure way. 476 5. Summary 478 This document describes some general and potential NVO3 use cases in 479 DCs. The combination of these cases will give operators the 480 flexibility and capability to design more sophisticated cases for 481 various cloud applications. 483 DC services may vary, from infrastructure as a service (IaaS), to 484 platform as a service (PaaS), to software as a service (SaaS). 485 In these services, NVO3 networks are just a portion of such services. 487 NVO3 uses tunnel techniques to deliver NVO3 traffic over DC physical 488 infrastructure network. A tunnel encapsulation protocol is 489 necessary. An NVO3 tunnel may in turn be tunneled over other 490 intermediate tunnels over the Internet or other WANs. 492 An NVO3 network in a DC may be accessed by external users in a 493 secure way. Many existing technologies can help achieve this. 495 6. Security Considerations 497 Security is a concern. DC operators need to provide a tenant with a 498 secured virtual network, which means one tenant's traffic is 499 isolated from other tenants' traffic as well as from underlay 500 networks. DC operators also need to prevent against a tenant 501 application attacking their underlay DC network; further, they need 502 to protect against a tenant application attacking another tenant 503 application via the DC infrastructure network. For example, a tenant 504 application attempts to generate a large volume of traffic to 505 overload the DC's underlying network. An NVO3 solution has to 506 address these issues. 508 7. IANA Considerations 510 This document does not request any action from IANA. 512 8. References 514 8.1. Normative References 516 [RFC7364] Narten, T., et al "Problem Statement: Overlays for Network 517 Virtualization", RFC7364, October 2014. 519 [RFC7365] Lasserre, M., Motin, T., and et al, "Framework for DC 520 Network Virtualization", RFC7365, October 2014. 522 8.2. Informative References 524 [IEEE802.1Q] IEEE, "IEEE Standard for Local and metropolitan area 525 networks -- Media Access Control (MAC) Bridges and Virtual 526 Bridged Local Area", IEEE Std 802.1Q, 2011. 528 [NVO3HYVR2NVE] Li, Y., et al, "Hypervisor to NVE Control Plane 529 Requirements", draft-ietf-nvo3-hpvr2nve-cp-req-05, work in 530 progress. 532 [NVO3ARCH] Black, D., et al, "An Architecture for Overlay Networks 533 (NVO3)", draft-ietf-nvo3-arch-08, work in progress. 535 [NVO3MCAST] Ghanwani, A., "Framework of Supporting Applications 536 Specific Multicast in NVO3", draft-ghanwani-nvo3-app- 537 mcast-framework-02, work in progress. 539 [RFC1035] Mockapetris, P., "DOMAIN NAMES - Implementation and 540 Specification", RFC1035, November 1987. 542 [RFC3022] Srisuresh, P. and Egevang, K., "Traditional IP Network 543 Address Translator (Traditional NAT)", RFC3022, January 544 2001. 546 [RFC4301] Kent, S., "Security Architecture for the Internet 547 Protocol", rfc4301, December 2005 549 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 550 Networks (VPNs)", RFC 4364, February 2006. 552 [RFC7348] Mahalingam,M., Dutt, D., ific Multicast in etc "VXLAN: A 553 Framework for Overlaying Virtualized Layer 2 Networks over 554 Layer 3 Networks", RFC7348 August 2014. 556 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A. and 557 J. Uttaro, "BGP MPLS Based Ethernet VPN", RFC7432, 558 February 2015 560 [RFC7637] Garg, P., and Wang, Y., "NVGRE: Network Virtualization 561 using Generic Routing Encapsulation", RFC7637, Sept. 2015. 563 [VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com 565 Contributors 567 Vinay Bannai 568 PayPal 569 2211 N. First St, 570 San Jose, CA 95131 571 Phone: +1-408-967-7784 572 Email: vbannai@paypal.com 574 Ram Krishnan 575 Brocade Communications 576 San Jose, CA 95134 577 Phone: +1-408-406-7890 578 Email: ramk@brocade.com 580 Kieran Milne 581 Juniper Networks 582 1133 Innovation Way 583 Sunnyvale, CA 94089 584 Phone: +1-408-745-2000 585 Email: kmilne@juniper.net 587 Acknowledgements 589 Authors like to thank Sue Hares, Young Lee, David Black, Pedro 590 Marques, Mike McBride, David McDysan, Randy Bush, Uma Chunduri, Eric 591 Gray, David Allan, Joe Touch, Olufemi Komolafe, and Matthew Bocci 592 for the review, comments, and suggestions. 594 Authors' Addresses 596 Lucy Yong 597 Huawei Technologies 599 Phone: +1-918-808-1918 600 Email: lucy.yong@huawei.com 601 Linda Dunbar 602 Huawei Technologies, 603 5340 Legacy Dr. 604 Plano, TX 75025 US 606 Phone: +1-469-277-5840 607 Email: linda.dunbar@huawei.com 609 Mehmet Toy 611 Phone : +1-856-792-2801 612 E-mail : mtoy054@yahoo.com 614 Aldrin Isaac 615 Juniper Networks 616 E-mail: aldrin.isaac@gmail.com 618 Vishwas Manral 620 Email: vishwas@ionosnetworks.com