Cutting this down to make it easier to track remaining issues...
On 8/29/2016 3:42 PM, Lucy yong wrote: > > Some notes below, embedded in a copy of that text: > > 4.3. Tenant Network with Multiple Subnetworks > > A tenant network may be configured with multiple subnetworks. One > > change to: > > multiple Internet subnets, as defined in RFC1812. > > */[Lucy] Do they have to be subnets, i.e. under one network mask? L3VN > can learn the routes from DC, no reason to limit to all routes from a > DC under one subnet although operator may design that way./* > > Each subnet is under one net mask (by definition of subnet). > > */[Lucy] yes/*// > > > > That means one route per subnet AND that the L3VN needs to connect to > each subnet. > > */[Lucy] A operator can design in this way too. However, 4.3 is not > targeted for this case. That was my description mistake. /* > OK. > *//* > > If that's not the case, then you have a different model (more like > BGP), but then you're no longer talking about subnets inside the DC > anymore. > > */[Lucy] Yes, BGP is what operator to use for this case. Sorry to make > that confusion. Any suggestion to describe the case? /* > That's not a subnet. That's creating an AS - otherwise, BGP won't peer with the DC network. > ...The motivation for this configuration is that > > L2VN is a common way connecting VMs within a DC; however a big > > broadcast domain across multiple DC sites and WAN networks raises > > across multiple DC sites and spanning wide area distances over WAN > networks raises > security and scalability concerns. Alternative is to use an L3VN to > interconnect these L2VNs at DC sites, > > > I don't understand the above. That is the same solution as the first > example you have given. > > You either have one L2VN that spans DCs or separate L2VNs. Those > separate L2VNs are L3 subnets, which - by definition - need a gateway > in order to be connected together as a network. > > */[Lucy] From tenant perspective, it gets one L2VPN, however operator > can construct multiple L2VNs and L3VN to achieve it. Make a sense?/* > >From a tenant perspective, if they get an L2VPN, they can neither see nor know how it happens. If it's L2 over L3, that creates a lot of problems - i.e., you're basically restoring exactly the broadcast domain you thought you were getting rid of. If the L2 involves multiple L2s, something has to tie them together (an L3) or you're layering (L2 over L2). The former is what I already described above (it's an L3 net, not an L2 net), and if it's the latter, it's still just one L2 net with all of the broadcast problems. So whatever this is, it needs to be explained more clearly IMO. Joe
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
