draft-ietf-nvo3-hpvr2nve-cp-req-01.txt   draft-ietf-nvo3-hpvr2nve-cp-req-02.txt 
NVO3 Working Group Yizhou Li NVO3 Working Group Yizhou Li
INTERNET-DRAFT Lucy Yong INTERNET-DRAFT Lucy Yong
Intended Status: Informational Huawei Technologies Intended Status: Informational Huawei Technologies
Lawrence Kreeger Lawrence Kreeger
Cisco Cisco
Thomas Narten Thomas Narten
IBM IBM
David Black David Black
EMC EMC
Expires: May 22, 2015 November 18, 2014 Expires: August 13, 2015 February 9, 2015
Hypervisor to NVE Control Plane Requirements Hypervisor to NVE Control Plane Requirements
draft-ietf-nvo3-hpvr2nve-cp-req-01 draft-ietf-nvo3-hpvr2nve-cp-req-02
Abstract Abstract
In a Split-NVE architructure, the functions of the NVE are split In a Split-NVE architructure, the functions of the NVE are split
across the hypervisor/container on a server and an external network across the hypervisor/container on a server and an external network
equipment which is called an external NVE. A control plane equipment which is called an external NVE. A control plane
protocol(s) between a hypervisor and its associated external NVE(s) protocol(s) between a hypervisor and its associated external NVE(s)
is used for the hypervisor to distribute its virtual machine is used for the hypervisor to distribute its virtual machine
networking state to the external NVE(s) for further handling. This networking state to the external NVE(s) for further handling. This
document illustrates the functionality required by this type of document illustrates the functionality required by this type of
skipping to change at page 2, line 37 skipping to change at page 2, line 37
2. VM Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . 7 2. VM Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1 VM Creation Event . . . . . . . . . . . . . . . . . . . . . 7 2.1 VM Creation Event . . . . . . . . . . . . . . . . . . . . . 7
2.2 VM Live Migration Event . . . . . . . . . . . . . . . . . . 8 2.2 VM Live Migration Event . . . . . . . . . . . . . . . . . . 8
2.3 VM Termination Event . . . . . . . . . . . . . . . . . . . . 9 2.3 VM Termination Event . . . . . . . . . . . . . . . . . . . . 9
2.4 VM Pause, Suspension and Resumption Events . . . . . . . . . 9 2.4 VM Pause, Suspension and Resumption Events . . . . . . . . . 9
3. Hypervisor-to-NVE Control Plane Protocol Functionality . . . . 9 3. Hypervisor-to-NVE Control Plane Protocol Functionality . . . . 9
3.1 VN connect and Disconnect . . . . . . . . . . . . . . . . . 10 3.1 VN connect and Disconnect . . . . . . . . . . . . . . . . . 10
3.2 TSI Associate and Activate . . . . . . . . . . . . . . . . . 11 3.2 TSI Associate and Activate . . . . . . . . . . . . . . . . . 11
3.3 TSI Disassociate and Deactivate . . . . . . . . . . . . . . 14 3.3 TSI Disassociate and Deactivate . . . . . . . . . . . . . . 14
4. Hypervisor-to-NVE Control Plane Protocol Requirements . . . . . 15 4. Hypervisor-to-NVE Control Plane Protocol Requirements . . . . . 15
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 16 5. VDP Applicability and Enhancement Needs . . . . . . . . . . . . 16
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 17 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 18
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 18
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18
8.1 Normative References . . . . . . . . . . . . . . . . . . . 17 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
8.2 Informative References . . . . . . . . . . . . . . . . . . 17 8.1 Normative References . . . . . . . . . . . . . . . . . . . 19
8.2 Informative References . . . . . . . . . . . . . . . . . . 19
Appendix A. IEEE 802.1Qbg VDP Illustration (For information Appendix A. IEEE 802.1Qbg VDP Illustration (For information
only) . . . . . . . . . . . . . . . . . . . . . . . . . . 18 only) . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
In the Split-NVE architecture shown in Figure 1, the functionality of In the Split-NVE architecture shown in Figure 1, the functionality of
the NVE is split across an end device supporting virtualization and the NVE is split across an end device supporting virtualization and
an external network device which is called an external NVE. The an external network device which is called an external NVE. The
portion of the NVE functionality located on the hypervisor/container portion of the NVE functionality located on the hypervisor/container
is called the tNVE and the portion located on the external NVE is is called the tNVE and the portion located on the external NVE is
called the nNVE in this document. Overlay encapsulation/decapsulation called the nNVE in this document. Overlay encapsulation/decapsulation
functions are normally off-loaded to the nNVE on the external NVE. functions are normally off-loaded to the nNVE on the external NVE.
skipping to change at page 16, line 36 skipping to change at page 16, line 36
Req-11: The protocol MUST allow the External NVE to authenticate the Req-11: The protocol MUST allow the External NVE to authenticate the
End Device connected. End Device connected.
Req-12: The protocol MUST be able to run over L2 links between the Req-12: The protocol MUST be able to run over L2 links between the
End Device and its External NVE. End Device and its External NVE.
Req-13: The protocol SHOULD support the End Device indicating if an Req-13: The protocol SHOULD support the End Device indicating if an
associate or activate request from it results from a VM hot migration associate or activate request from it results from a VM hot migration
event. event.
VDP [IEEE 802.1Qbg] is a candidate protocol running on layer 2. 5. VDP Applicability and Enhancement Needs
Appendix A illustrates VDP for reader's information. It requires
extensions to fulfill the requirements in this document.
5. Security Considerations Virtual Station Interface (VSI) Discovery and Configuration Protocol
(VDP) [IEEE 802.1Qbg] can be the control plane protocol running
between the hypervisor and the external NVE. Appendix A illustrates
VDP for reader's information.
VDP facilitates the automatic discovery and configuration for Edge
Virtual Bridging (EVB) station and Edge Virtual Bridging (EVB)
bridge. EVB station is normally an end station running multiple VMs.
It is conceptually equivalent to hypervisor in this document. And EVB
bridge is conceptually equivalent to the external NVE.
VDP is able to pre-associate/associate/de-associate a VSI on EVB
station to a port on the EVB bridge. VSI is approximately the concept
of a virtual port a VM connects to the hypervisor in this document
context. The EVB station and the EVB bridge can reach the agreement
on VLAN ID(s) assigned to a VSI via VDP message exchange. Other
configuration parameters can be exchanged via VDP as well. VDP is
carried over Edge Control Protocol(ECP) [IEEE8021Qbg] which provides
a reliable transportation over a layer 2 network.
VDP protocol needs some extensions to fulfill the requirements listed
in this document. Table 1 shows the needed extensions and/or
clarifications in NVO3 context.
+------+-----------+-----------------------------------------------+
| Req | VDP | remarks |
| | supported?| |
+------+-----------+-----------------------------------------------+
| Req-1| |Needs extension. Dest MAC can be a specific |
+------+ Partially |unicast MAC besides Nearest Customer Bridge |
| Req-2| |group MAC |
+------+-----------+-----------------------------------------------+
| Req-3| |Needs clarification and extension for link |
| | |aggregation support. |
+------+ Partially |For req-4, (pre-)associate status needs to be |
| Req-4| |synchronized on all NVE ports. |
+------+-----------+-----------------------------------------------+
| Req-5| Yes |VN is indicated by GroupID |
+------+-----------+-----------------------------------------------+
| Req-6| Yes |Bridge sends De-Associate |
+------+-----------+------------------------+----------------------+
| Req-7| Yes |VID==NULL in request and bridge returns the |
| | |assigned value in response |
+------+-----------+------------------------+----------------------+
| | | requirements | VDP equivalence |
| | +------------------------+----------------------+
| | | associate/disassociate|pre-asso/de-associate |
| Req-8| Partially | activate/deactivate |associate/de-associate|
| | +------------------------+----------------------|
| | |Needs extension to allow associate->pre-assoc |
+------+-----------+------------------------+----------------------+
| Req-9| Yes | VDP bridge initiates de-associate |
+------+-----------+-----------------------------------------------+
|Req-10| Partially |Needs extension for IPv4/IPv6 address |
+------+-----------+-----------------------------------------------+
|Req-11| No |Needs extension for authentication |
+------+-----------+-----------------------------------------------+
|Req-12| Yes |L2 protocol naturally |
+------+-----------+-----------------------------------------------+
| | |M bit for migrated VM on destination hypervisor|
| | |and S bit for that on source hypervisor. |
|Req-13| Partially |It is indistinguishable when M/S is 0 between |
| | |no guidance and events not caused by migration |
| | |where NVE may act differently. Needs extension |
| | |to clearly define them. |
+------+-----------+-----------------------------------------------+
Table 1 Compare VDP with the requirements
Simply adding the ability to carry layer 3 addresses, VDP can serve
the Hypervisor-to-NVE control plane functions pretty well. Other
extensions are the improvement of the protocol capabilities for
better fit in NVO3 network.
6. Security Considerations
NVEs must ensure that only properly authorized Tenant Systems are NVEs must ensure that only properly authorized Tenant Systems are
allowed to join and become a part of any specific Virtual Network. In allowed to join and become a part of any specific Virtual Network. In
addition, NVEs will need appropriate mechanisms to ensure that any addition, NVEs will need appropriate mechanisms to ensure that any
hypervisor wishing to use the services of an NVE are properly hypervisor wishing to use the services of an NVE are properly
authorized to do so. One design point is whether the hypervisor authorized to do so. One design point is whether the hypervisor
should supply the NVE with necessary information (e.g., VM addresses, should supply the NVE with necessary information (e.g., VM addresses,
VN information, or other parameters) that the NVE uses directly, or VN information, or other parameters) that the NVE uses directly, or
whether the hypervisor should only supply a VN ID and an identifier whether the hypervisor should only supply a VN ID and an identifier
for the associated VM (e.g., its MAC address), with the NVE using for the associated VM (e.g., its MAC address), with the NVE using
that information to obtain the information needed to validate the that information to obtain the information needed to validate the
hypervisor-provided parameters or obtain related parameters in a hypervisor-provided parameters or obtain related parameters in a
secure manner. secure manner.
6. IANA Considerations 7. IANA Considerations
No IANA action is required. RFC Editor: please delete this section No IANA action is required. RFC Editor: please delete this section
before publication. before publication.
7. Acknowledgements 8. Acknowledgements
This document was initiated and merged from the drafts draft-kreeger- This document was initiated and merged from the drafts draft-kreeger-
nvo3-hypervisor-nve-cp, draft-gu-nvo3-tes-nve-mechanism and draft- nvo3-hypervisor-nve-cp, draft-gu-nvo3-tes-nve-mechanism and draft-
kompella-nvo3-server2nve. Thanks to all the co-authors and kompella-nvo3-server2nve. Thanks to all the co-authors and
contributing members of those drafts. contributing members of those drafts.
The authors would like to specially thank Jon Hudson for his generous The authors would like to specially thank Jon Hudson for his generous
help in improving the readability of this document. help in improving the readability of this document.
8. References 8. References
 End of changes. 8 change blocks. 
16 lines changed or deleted 89 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/