Wouldn't the decision to do L2 or L3 service be based on the inner frame fields i.e. destination MAC/IP in the inner frame? Similar to how switches/routers process packets i.e. based on frame's destination MAC and destination IP address (if present)?
IMHO, Thomas's original text (pasted below) describes this quite well and concisely. >> <t> >> A virtual network can also provide a combined L2 and L3 >> service to tenants. In such cases, a tenant sends and >> receives both L2 and L3 packets. An NVE recieving packets >> from a TS determines the type of service to be applied to >> the packet on a per-packet basis as indicated by the >> packet's destination MAC address as provided by the TS. If >> the MAC address corresponds to that of an L3 router (as >> determined by the NVE), traffic is given L3 >> semantics. Otherwise, the packet is given L2 service >> semantics. A combined L2/L3 service presents no special >> considerations for NVO3, other than packets received from a >> tenant must be classified as to what type of service they >> are to be given before they can be processed. >> </t> Pankaj -----Original Message----- From: nvo3 [mailto:[email protected]] On Behalf Of Vivek Kumar Sent: Wednesday, November 20, 2013 11:30 AM To: Larry Kreeger (kreeger); Lucy yong; Erik Nordmark; Thomas Narten Cc: [email protected]; Linda Dunbar Subject: Re: [nvo3] Fwd: Arch: proposed text for Combined L2/L3 Service Hi Larry, Consider following diagram . TS1->NVE1->L3 network ->NVE2->TS2 . Now , I can have L2/L3 services between TS attached to NVE1 and NVE2 . Lucy comment clearly explains how NVE1 will detect whether to perform L2 or L3 services for Tenant frame . My question is when NVE2 decapsulates the packet , how it will know which service to provide . Let me know if I am still not clear. Regards, Vivek -----Original Message----- From: Larry Kreeger (kreeger) [mailto:[email protected]] Sent: Wednesday, November 20, 2013 10:45 AM To: Vivek Kumar; Lucy yong; Erik Nordmark; Thomas Narten Cc: [email protected]; Linda Dunbar Subject: Re: [nvo3] Fwd: Arch: proposed text for Combined L2/L3 Service Hi Vivek, Can you explain what you mean? We are discussing the service provided to the TS. How would it look different to the TS for "L2 serviced or L3 serviced when decapsulating"? Thanks, Larry On 11/19/13 9:07 PM, "Vivek Kumar" <[email protected]> wrote: >Hi Lucy , > One comment regarding your statement . It should also be specified how >to detect if Tenant Frame has to be L2 serviced or L3 serviced when >decapsulating NVO3 overlay header . > >Regards, >Vivek > > >-----Original Message----- >From: nvo3 [mailto:[email protected]] On Behalf Of Lucy yong >Sent: Wednesday, November 20, 2013 9:12 AM >To: Erik Nordmark; Thomas Narten >Cc: [email protected]; Linda Dunbar >Subject: Re: [nvo3] Fwd: Arch: proposed text for Combined L2/L3 Service > >Erik, > >Good point. L2 service provides a broadcast domain. Whether the >broadcast/multicast packet should be sent to another VN is depend on >inter VN policy. It is possible. When the broadcast/multicast packet >deliver to the L3 router too. If the policy allows the >broadcast/multicast to broadcast to another VN, L3 router will forward >the packet to another VN with the same DMAC. If the policy does not >allow, L3 router will drop the packet. > >You are right, if dMAC is broadcast/multicast address, it should send to >L3 router for the further process. I change the text to following. > > A tenant network may require both L2 and L3 > services, i.e. the packets from a tenant may get L2 and/or L3 >treatment. > An NVE receiving packets from a TS determines the type of >service to be applied to > the packet on a per-packet basis and as indicated by the > destination MAC address on the packet. If > the MAC address corresponds to that of an L3 router (as > determined by the NVE) traffic is given L3 > semantics with inter-VN policy. When an NVE receives a >broadcast/multicast packet, > it should be processed by the L3 router. Depending on the >inter-VN policy, > the broadcast/multicast may be allowed or prohibited. >Otherwise, the packet is given L2 > semantics. Thus the packet from a tenant must contain IP header >(as well > as Ethernet header) . A combined L2/L3 service presents no >special > considerations for NVO3, other than packets received from a > tenant must be classified as to what type of service they > are to be given before they can be processed. > > >Thanks, >Lucy > > >-----Original Message----- >From: Erik Nordmark [mailto:[email protected]] >Sent: Tuesday, November 19, 2013 6:56 PM >To: Lucy yong; Thomas Narten >Cc: [email protected]; Linda Dunbar >Subject: Re: [nvo3] Fwd: Arch: proposed text for Combined L2/L3 Service > >Lucy, > >What would the rules be for multicast packets? >Such packets are not addressed to a router's MAC address but instead the >router receives all of them and processes them based on the L3 multicast >FIB. > >(For products which implement both L2 and L3 the processing of multicast >depends on whether the input port is L2 or L3, and in some cases that >will result in both bridging the packet out other L2 ports, and >forwarding the packet out other L3 (virtual) ports.) > >Thus AFAICT the multicast rules can't depend on the destination MAC >address to determine whether L2 or L3 service should be applied. > > Erik > >On 11/19/13 4:20 PM, Lucy yong wrote: >> Hi Thomas, >> >> How about the following text: >> >> A tenant network may require both L2 and L3 >> services, i.e. the packets from a tenant may get L2 and/or >> L3 treatment. >> >> An NVE receiving packets from a TS determines the type of >> service to be applied to >> the packet on a per-packet basis and as indicated by the >> destination MAC address on the packet. If >> the MAC address corresponds to that of an L3 router (as >> determined by the NVE), traffic is given L3 >> semantics. Otherwise, the packet is given L2 >> semantics. Thus the packet from a tenant must contain IP >> header (as well >> >> as Ethernet header) . A combined L2/L3 service presents no >> special >> considerations for NVO3, other than packets received from a >> tenant must be classified as to what type of service they >> are to be given before they can be processed. >> >> Comment: should we use a tenant system (TS) or a tenant in the text to >> make consistency? >> >> Regards, >> >> Lucy >> >> ---------- Forwarded message ---------- >> From: *Thomas Narten* <[email protected] <mailto:[email protected]>> >> Date: Mon, Nov 18, 2013 at 3:25 PM >> Subject: [nvo3] Arch: proposed text for Combined L2/L3 Service >> To: [email protected] <mailto:[email protected]> >> >> >> There has been some discussion on the list about whether or not to >> have a combined L2/L3 service. Here is proposed text for the >> architecture document: >> >> <t> >> A virtual network can also provide a combined L2 and L3 >> service to tenants. In such cases, a tenant sends and >> receives both L2 and L3 packets. An NVE recieving packets >> from a TS determines the type of service to be applied to >> the packet on a per-packet basis as indicated by the >> packet's destination MAC address as provided by the TS. If >> the MAC address corresponds to that of an L3 router (as >> determined by the NVE), traffic is given L3 >> semantics. Otherwise, the packet is given L2 service >> semantics. A combined L2/L3 service presents no special >> considerations for NVO3, other than packets received from a >> tenant must be classified as to what type of service they >> are to be given before they can be processed. >> </t> >> >> This text would go at the end of Section 3.1 "VN Service (L2 and L3)". >> >> Make sense? >> >> Additional thinking behind this (taken from mail within the DT): >> >> > FWIW, I think that there are separate issues here. One is simply > >> describing what we mean by a combined L2/L3 service. That is what my >> > text was trying to do. The thinking is if the service definition is >> > clear and simple, supporting it in NVO3 is not a problem. I.e., it's >> > not really much different to provide a combined service than if you >> > offer an L2 or L3 service. And the service semantics for combined > >> L2/L3 are easy to understand and explain. That is goodness. :-) > > >> Whether and how it makes sense to have distributed gateways in a > >> combined service is a separate matter. What I'd like to be able to do >> > here (if we need to say anything at all) is be able to say that if a >> > distributed GW makes sense for L2 service, then having an L2 > >> distributed GW for the L2 traffic would make sense in the combined > >> service case too. Ditto for L3 service. >> > >> > A key point is that having a combined service is pretty much the >> same > as taking the two separate L2 and L3 services and combining >> them into > one implementation. There is nothing really "special" >> about this that > would complicate the overall architecture. Where >> we can easily get > into trouble is if we start defining a combined >> service as has special > cases that have to be dealt with that don't >> appear when you have only > L2 or only L3 service semantics. >> >> Thomas >> >> _______________________________________________ >> nvo3 mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/nvo3 >> >> >> >> _______________________________________________ >> nvo3 mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/nvo3 >> > >_______________________________________________ >nvo3 mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/nvo3 > > >_______________________________________________ >nvo3 mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3 _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
