100 likes | 297 Views
IP/MPLS VPN Protocol GAP Analysis For NVO3 draft-hy-nvo3-vpn-protocol-gap-analysis-01. Lucy Yong Susan Hares September 20, 2012 Boston. About this Draft. Analyze IPMPLS L2/L3VPN protocol applicability and gaps for NVO3 Intend to stay at neutral regarding
E N D
IP/MPLS VPN Protocol GAP AnalysisFor NVO3draft-hy-nvo3-vpn-protocol-gap-analysis-01 Lucy Yong Susan Hares September 20, 2012 Boston
About this Draft • Analyze IPMPLS L2/L3VPN protocol applicability and gaps for NVO3 • Intend to stay at neutral regarding • Should extend and/or simplify the VPN protocols or • Develop a new protocol solution for NVO3 • The document is organized: • IP/MPLS L2/L3 VPN Highlight • L2/L3 VPN for NVO3 • L2/L3 VPN for Inter DC connection when NVO3 is used • Operator Aspects IETF NVO3 BOF - Paris
IP/MPLS VPN Highlight iBGP • IP/MPLS VPN may be L2 or L3 based • Provide the L2 or L3 connectivity among CE sites • One PE may support multiple VPNs that are at L2 or L3 • VPN traffic is isolated from others & decoupled from backbone network • Allows customer to use own address space and address family • Carry both unicast and multicast traffic • L3VPN supports gateway function and policy, may span across multi ASes • CE may be a network site or LANs in general (maybe a host too) • PE must be a member in a VPN if the CE needs be in the VPN • VPN may use multiple control plane protocols • L2VPN: BGP, LDP, data plane learning • L3VPN: iBGP, OSPF, eBGP, RIP, Static Route • LSP Tunnel: LDP, RSVP-TE (or GRE IP tunnel) OSPF eBGP Static PE PE CE CE LSP Tunnel IP/MPLS L3VPN Model NVO3 Interim Meeting Boston
What NVO3 Ask • Many NVOs are built on a common infrastructure with: • Traffic isolation among one another • Independent address space in each and isolated from infrastructure’s • Flexible VM placement and move from one server to another without physical network limitation (no change on VM addresses when move) • No Communication b/w an end system in an overlay and a transport underlay • Scalability, security • An NVO may be L2 or L3 based where: • The End System (TES) may be VM or Server • Network Virtual Edge (NVE ) may be on Server or ToR • Server may run as a host or a network edge in DC underlying network • Interwork with other NVO instances • Allow external user to access an NVO VM VM VM NVO1 VM UN TES TES VM VM NVE NVE Tunnel TES TES NVO2 NVO3 Model DC Site NVO3 Interim Meeting Boston
Quick Comparison Assumption: TES <-> CE, NVE <-> PE , Tunnel b/w NVEs <-> Tunnel b/w PEs Notation: Support ( √ ), May Support (≤) , Not Support(×) , Not Apply (≠) NVO3 Interim Meeting Boston
Quick Comparison Cont. Notation: Support ( √ ), May Support (≤) , Not Support(×) , Not Apply (≠) Clearly, commons and gaps exist between IP/MPLS VPN and NVO3 requirements Sum: √ (10), ≤ (7), × (4), ≠ (3) NVO3 Interim Meeting Boston
VPN Interconnect DC Underlay Networks • IP/MPLS VPN interconnects DC underlay networks • VPN does not have the visibility of any overlay networks • PE connects to DC GW (as CE) via a local interface or sub-interface • PE may run OSPF, eBGP, etc, CE peers with PE only, not remote CEs • This enables an NVO to span across DC sites w/o a gateway • Overlay tunnels are built between any pair of NVEs directly • NVO control plane runs independently from VPN control plane • This does not add any new requirement to IP/MPLS VPN VM VM VM VM VM NVO1 NVO1 VM VM VM IP/MPLS VPN UN UN GW PE GW PE VM VM VM NVO3 NVO2 DC Site A DC Site B NVO3 Interim Meeting Boston
DC NVO Access via a VPN • DC NVO may be accessed via an IP/MPLS VPN • VPN connects DC NVO and Enterprise sites • PE maypeer with Enterprise sites • VPN CP needs to interwork with NVO CP and Enterprise CP • A logical gateway is necessaryat a DC GW • Be the member of DC NVO and terminate NVO tunnels • May perform routing, NAT, policy, firewall functions • PE may perform some gateway function too • DC GW and PE may be configured with many NVOs for diff. customers • This may require VPN enhancement • Interworking with NVO Control Plane, and support VM mobility VM VM GW NVO PE PE IP/MPLS VPN VM Enterprise Site 1 VM VM DC Site A PE VM VM GW NVO VM WAN VM Enterprise Site 2 DC Site B NVO3 Interim Meeting Boston
Acknowledgements • Authors like to thank Aldrin Isaac, Ivan Pepeinjak, Yakov Rekhter, John Drake, Joe Halpern, and others on the mailing list for their valuable inputs. NVO3 Interim Meeting Boston
Next Step • Welcome comments and suggestions draft-hy-nvo3-vpn-protocol-gap-analysis-01 NVO3 Interim Meeting Boston