For NVGRE, the 24-bit was chosen, to keep few reserved bits in the Key fields for future use and 24-bit ID seemed enough, which we ended up reclaiming for FlowId in a future revision.
I am not sure I understand why reserve bits are needed for categorizing the networks. Isn't it possible to use the range? in any case, I don't have a good reason for 24-bit vs 32-bit vs 64-bit, beside the fact that 24-bit seemed good enough and so far we haven't heard any problems with it, at least, in the context of NVGRE. As you mention, if obfuscation based security is needed, even 32-bits won't be sufficient. I don't believe we are trying to solve the security problem of snooping VNI. However, if it needs to be solved, one option is to use IPsec or some other encryption to make the header completely opaque to the transit network as described in the NVGRE draft. Pankaj ________________________________________ From: Tom Herbert <[email protected]> Sent: Sunday, February 16, 2014 3:51 To: Pankaj Garg Cc: [email protected] Subject: Re: [nvo3] FW: New Version Notification for draft-gross-geneve-00.txt I have a general question on vsid, vnid's. nvgre, vxlan, and now Geneve all define a 24 bit virtual network identifier in their packet formats. What is so magical about this size? I can understand that nvgre needs to not use full 32 bits in keyid and wants some bits for flow hash, but UDP based encapsulations should not have that consideration. While on paper these might allow 16M ids, in practice even a moderately large deployment will want to do hierarchical allocation, reserve some high order bits for special classes (like "trusted", "internal", etc.), and might do masked block assignments for customers-- so with 24 bits we may be facing future scaling issues. In GUE we defined a 32 bit vnid which should allow more scaling, but if we need to obfuscate the vni for things like security then even that might not be large enough! Thanks, Tom On Fri, Feb 14, 2014 at 4:22 PM, Pankaj Garg <[email protected]> wrote: > As a co-author on this draft, feedback is requested. > > Sent from my Windows Phone > ________________________________ > From: [email protected] > Sent: 2/15/2014 4:05 AM > To: T.Sridhar; Ilango Ganga; Jesse Gross; Ilango Ganga; Pankaj Garg; Chris > Wright; Pankaj Garg; Chris Wright; T. Sridhar; Jesse Gross > Subject: New Version Notification for draft-gross-geneve-00.txt > > > A new version of I-D, draft-gross-geneve-00.txt > has been successfully submitted by Jesse Gross and posted to the > IETF repository. > > Name: draft-gross-geneve > Revision: 00 > Title: Geneve: Generic Network Virtualization Encapsulation > Document date: 2014-02-14 > Group: Individual Submission > Pages: 23 > URL: > http://www.ietf.org/internet-drafts/draft-gross-geneve-00.txt > Status: https://datatracker.ietf.org/doc/draft-gross-geneve/ > Htmlized: http://tools.ietf.org/html/draft-gross-geneve-00 > > > Abstract: > Network virtualization involves the cooperation of devices with a > wide variety of capabilities such as software and hardware tunnel > endpoints, transit fabrics, and centralized control clusters. As a > result of their role in tying together different elements in the > system, the requirements on tunnels are influenced by all of these > components. Flexibility is therefore the most important aspect of a > tunnel protocol if it is keep pace with the evolution of the system. > This draft describes Geneve, a protocol designed to recognize and > accommodate these changing capabilities and needs. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > _______________________________________________ > nvo3 mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/nvo3 > _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
