l3vpn - Wednesday, 16 November 2011

l3vpn

l3vpn@jabber.ietf.org

Wednesday, 16 November 2011< ^ >

Room Configuration

GMT+0
[07:08:26] Stewart Bryant joins the room
[07:15:01] marshall joins the room
[07:15:24] <marshall> Session today is focused on l3vpn work
[07:15:31] <marshall> sorry vpn4dc work
[07:15:38] <marshall> NOT normal L3VPN work
[07:15:49] <marshall> although we may get to normal business if there is time
[07:16:05] <marshall> I will be jabber scribing this session
[07:16:06] tplunke\40jabber.org joins the room
[07:16:26] <marshall> Next
[07:16:28] <marshall> Ping
[07:16:30] Daniel King joins the room
[07:17:07] <marshall> Ping : I will be leading the discussion for VPN4DC
[07:17:17] <marshall> this work has been ongoing for work
[07:17:27] <marshall> with lots of feedback from service providers
[07:17:47] <marshall> if you go though the drafs many people have looked at problem from different angles
[07:18:03] <marshall> there is too much work to go one by one
[07:18:38] <marshall> where we are : in the last few years, service offered by network providers and data reach customers through enterprises
[07:19:05] <marshall> l3vpn used for connections to enterprises as well as within data centers
[07:19:21] <marshall> we are talking about how to interconnect things together
[07:19:26] Milo joins the room
[07:19:53] <marshall> we have to go from network to storage to servers
[07:20:54] <marshall> need to deal with security and authentication - users going over vpn from enterprise need more security
[07:21:26] <marshall> Next - Ning So from Verizon
[07:21:35] <marshall> High level set of requirements
[07:21:36] hoyaj@jabber.org joins the room
[07:21:54] <marshall> contributing are people from large providers
[07:22:25] <marshall> with interest in connecting L3VPN networks and leveraging deployed infrastructure to deploy services into the data center
[07:22:46] <marshall> 2 drafts so far from the telco Service Providers perspecitive
[07:23:00] <marshall> I will address high level telco perspective
[07:23:20] <marshall> first, we have to have any host to any host connectivity using WAN L3VPN
[07:23:39] <marshall> end host in a datacenter joining a VRF in a near real time manner
[07:24:18] <marshall> today, DC hosts can be provisioned into a VPN, but in a slower and proprietary fashion, not in near real time
[07:24:55] <marshall> so anyhost to anyhost connectivity within a VRF and within a data center
[07:25:34] <marshall> host address assignment control - in provider data centers, overflow type service host address assignment has to be controled by the enterprise
[07:25:41] <marshall> to allow a seamless transistion
[07:26:03] <marshall> OAM interworking is also important - 1.1731 style for example
[07:26:26] <marshall> Next requirements are service related, services built on top of connectivity
[07:26:46] <marshall> 2 services - computing related, virtual machines, virtual data centers
[07:26:58] <marshall> automatic provisioning and service initiation
[07:27:05] <marshall> migration policy control etc
[07:27:19] <marshall> second is the storage type of services
[07:27:28] <marshall> content replication control etc
[07:27:30] <marshall> next page
[07:27:43] <marshall> Inter-data center network requrements
[07:28:18] <marshall> todays VPN few a VRF as a good way to separate traffic
[07:28:30] <marshall> want to extend that separation into the datacenter
[07:28:59] <marshall> if VMs don't belong to your VRF, they don't know you exist, so attacks become much less
[07:29:16] <marshall> I have listed a lot of requirments here - some cannot be met in phase 1
[07:29:33] <marshall> next page
[07:29:38] <marshall> security requirements
[07:29:48] <marshall> auto-config requirements
[07:30:03] <marshall> we need to continue to solicit additional input
[07:30:16] <marshall> but this has been reviewed by many telco SP already
[07:30:22] <marshall> NEXT
[07:31:14] <marshall> We are saying that there are problems - IP connectivity
[07:31:24] <marshall> many people have worked on this for 3 months or more
[07:31:38] <marshall> many technologies can support this, but we are looking into Layer 3
[07:31:45] <marshall> MPLS, any IP technology
[07:31:47] <marshall> next slide
[07:32:00] <marshall> What is the scope ?
[07:32:19] <marshall> Service provider connect to enterprise or cloud provider
[07:32:25] <marshall> can chain 2 or 3 together
[07:32:34] <marshall> might encounter technology hybrids
[07:32:41] <marshall> some areas have MPLS some might not
[07:32:52] <marshall> IPSec is in scope, but there are other technologies
[07:33:00] <marshall> next slide
[07:33:30] <marshall> we have many combinations - we did not say where the DC demarkation was
[07:34:05] <marshall> another example - we want connection, authentication, security in a very dynamic
[07:34:09] <marshall> environment
[07:34:22] <marshall> we are NOT talking about solutions, just problem
[07:34:50] <marshall> Monday night we had a great bar bof in a restaurant - with 16 people
[07:34:53] <marshall> round table
[07:35:00] <marshall> end conclusion
[07:35:18] <marshall> we want to focus on any to any VPN connectivity at layer 3
[07:35:45] <marshall> hybrid solutions can become commonplace
[07:35:54] <marshall> interDC and intraDC are both in scope
[07:36:24] <marshall> one item we have not worked out - to map resources to VPN
[07:36:34] <marshall> lots of discussion with SDN folks
[07:36:45] <marshall> need for collaborative work
[07:37:06] <marshall> fuzzy part is multicast and L3/L2 hybrid
[07:37:35] <marshall> is traditional multicast needed in a 100,000 + host datacenter
[07:37:48] <marshall> we want to start without MC but keep it in mind
[07:37:57] <marshall> but to keep it in mind
[07:38:30] <marshall> Layer 2/ Layer 3 keeps coming up
[07:38:43] <marshall> out of scope is basic Layer functions and encryption
[07:38:47] <marshall> next slide
[07:39:36] <marshall> Ben : Second half of agenda is the general discussion
[07:39:52] <marshall> Ben : You mentioned hybrid solutions ?
[07:40:03] <marshall> Hybrid solutions means 2 things
[07:40:19] <marshall> one is different L3 technologies
[07:40:23] <marshall> other is L2/L3
[07:40:31] <marshall> which is not in scope at the present
[07:41:16] <marshall> Dave : What is different in a DC environment from a conventional L3VPN
[07:41:48] <marshall> have a no man's land that could be layer 2 that we may have to look at
[07:42:31] <marshall> making sure that that VM is connected with a virtual gateway -
[07:42:54] <marshall> A : Use as much existing technology as we can
[07:44:10] <marshall> Paul : I wanted to add to the point Ping was providers. The relality is that enterprises don't participate much here, but they also have this problem
[07:44:57] <marshall> another case is when they are buying resources and want to extend the DC to another DC
[07:45:25] <marshall> Igor : 3 claryifying questions - are you including VXLAN and GRE
[07:45:55] narten joins the room
[07:45:57] <marshall> My understanding is that they are layer 2 and layer 3 - any layer 2 only we are not interested in
[07:46:28] <marshall> Igor: Are we talking about using L3VPN to do disk management ?
[07:46:54] <marshall> Ping : Those disks can be viewed as VRF attached disks
[07:47:53] <marshall> Some requirements we can do immediately, some are wish lists, we absolutely cannot address immediately
[07:48:23] <marshall> Igor : Some of this problems are addressed immediately by existing non-L3VPN solutions
[07:49:00] <marshall> Ping ; where the current solutions fall short - a near real time solition is needed
[07:49:16] <marshall> also, many solutiions today are over the top and proprietary
[07:49:37] <marshall> those are costly and difficult to deploy
[07:50:50] <marshall> Igor : I want to disgree - these solutions scale much better
[07:51:28] <marshall> Ben : Layer 3 VPN is being used in it's widest possible sense
[07:51:44] Bill joins the room
[07:52:00] <marshall> Mark L : It is obvious that there is a mix of L2 and L3 solutions needed
[07:53:43] <marshall> Stewart : We are not going to make the decision today, we are going to take this off and later figure out how whether this is done in zero one or several WG
[07:54:10] <marshall> Everet (Google) - Over the top is slow is a a canard. It need not be
[07:54:43] <marshall> Greg White : A question in terms of scope - is this considering VM to VM within a datacerter
[07:54:45] <marshall> ?
[07:54:58] <marshall> Is that within scope ?
[07:55:15] <marshall> A: It's within scope - intra and inter datacenter
[07:55:21] <marshall> Ping : Two comments
[07:55:51] <marshall> Hybrid Solutions are likely and should be comnsidered
[07:56:33] <marshall> two, regarding Over the top - comparing tradition telco DC interoperating with an enterprise DC - these are
[07:56:38] <marshall> very different environments
[07:57:00] <marshall> We cannot say to enterprise, to interconnect with me, you have to do this, this and this
[07:57:39] <marshall> Chris : I cannot disagree with your statement more
[07:58:32] <marshall> If I have access to meta data I can connect to weird enterprise datacenter configuration - I am assuming that we talking about over the top as the control plan
[07:58:55] <marshall> everything in the datacenter has a reasonably uniform view of the outside world
[07:59:19] <marshall> the over the top guys, not just SAAS but IOS, do it much faster than us
[08:00:18] <marshall> Paul : The point of a lot of this is simplifying - the set of customers that exist today are not the environment - this is much broader
[08:00:46] <marshall> As we talk about scaling this, Layer 2 is just as important than Layer 3
[08:01:16] <marshall> QED (?) : I am seeing the same thing here as I did in armd, where the WG charter is too small
[08:01:34] <marshall> Steward : We are gathering information to structure the right WG
[08:01:50] <marshall> Igor : "Customer scum?
[08:02:20] <marshall> We are dancing arond - we are trying to solve the problem from the bottom up, which is a bad way to do it
[08:02:58] <marshall> people do this with Open Flow - again, not L3VPN. We are trying to phrase the problem in a way that
[08:03:15] <marshall> please read the open staff quantum requirements - there are people who have solved the problem
[08:04:07] <marshall> Ron Bonica : When I walked into this room, I thought we would be talking about 4334 updates
[08:04:09] <marshall> we are not
[08:04:18] <marshall> we are talking about operational models
[08:04:29] <marshall> we need to bring that discussion into ops area
[08:04:54] <marshall> Here, we should only be talking about routing issues
[08:05:11] <marshall> A: It does impact protocol, it's not ops
[08:06:03] <marshall> Dave Harrington : I came into this WG because we had a BOF request
[08:06:29] <marshall> there were people who thought this it appeared to be covered by the charter of L3VPN
[08:06:35] <marshall> that's why it is being discussed here
[08:07:28] <marshall> David Harrington : we much prefer the term "side meeting"
[08:08:28] <marshall> Tom : There is an SDN bof that is going to discuss this problem from the over the top angle
[08:09:50] <marshall> Thomas : I want to define the bigger problem The goal is not to that lL3vpn is the soltuion
[08:11:08] <marshall> We need to find an efficient way to bypass ? - that might be within the scope of L3VPN
[08:12:03] hoyaj@jabber.org leaves the room
[08:12:06] <marshall> Are we trying to recreate everything networking that Amazon EC2 provides, or tie everything into a L3VPN
[08:13:34] Daniel King leaves the room
[08:13:47] Bill leaves the room: Computer went to sleep
[08:14:10] <marshall> Ben : Raise your hand if you have read the problem statement (2/3 up)
[08:14:41] Stewart Bryant leaves the room
[08:14:45] narten leaves the room
[08:14:46] <marshall> raise your hand if you think that the IETF should work on this - 2/3
[08:15:03] Milo leaves the room
[08:15:23] marshall leaves the room
[08:18:33] tplunke\40jabber.org leaves the room
[08:36:28] marshall joins the room
[08:42:05] Bill joins the room
[08:49:21] Stewart Bryant joins the room
[09:06:24] marshall leaves the room
[09:37:10] Stewart Bryant leaves the room
[09:47:14] Stewart Bryant joins the room
[09:49:18] Stewart Bryant leaves the room
[10:01:54] Stewart Bryant joins the room
[10:03:55] Stewart Bryant leaves the room
[10:25:43] Bill leaves the room: Computer went to sleep
[14:04:10] Stewart Bryant joins the room
[15:05:41] Stewart Bryant leaves the room
[15:06:01] Stewart Bryant joins the room
[15:06:02] Stewart Bryant leaves the room
[22:33:38] Bill joins the room
[23:14:23] Bill leaves the room