Network Virtualization Overlay Use Cases Lucy Yong, Mehmet Toy, Aldrin Isaac, Vishwas Manral, Linda Dunbar September 20, 2012 Boston draft-mity-nvo3-use-case

Generalized Use Cases for NVOs The purpose of this draft is to present general use cases for NVOs that can help validate the NVO3 framework and requirements as well as help in the development of solutions. 1.Basic Network Virtualization Overlay (NVO) 2.Interworking Network Virtualization Edges (NVE) 3.Internetworking NVO Instances 4.Federating NVO3 Autonomous Systems September 20, 2012 NVO3 Interim Meeting Boston 2

March 28, 2012IETF NVO3 BOF - Paris3 Generic Illustration

Before we begin … NVO Assumptions – Members of an NVO instance do not communicate via an intermediate gateway – End systems in an overlay must not be able to communicate with the transport underlay A Network Virtualization Overlay (NVO) instance may be L2 or L3 based – L2 NVO instances used where support for non-IP protocols (VRRP, firewall HA, etc) is required. Mimic dot1Q VLAN. – L3 NVO instances used for applications that have no dependencies on non-IP protocols or to exchange Internetwork routes. September 20, 2012 NVO3 Interim Meeting Boston 4

Before we begin … NVO Gateways – A gateway is used at interconnection point between NVO instances – One GW may host many logical GWs – A logical GW entity on a GW for an NVO performs the gateway functions -- Routing, NAT, Firewall, IPSEC, etc September 20, 2012 NVO3 Interim Meeting Boston 5

Basic NVO Any NVO instance can be on any NVE within an NVO3 Autonomous System – Logical network and physical network are decoupled Operators want to optimize physical infrastructure independently of network structures created for the purpose of multi-tenancy, security, isolation, network services, etc. – Flexible end-system placement Move VM on demand from one system to another for capacity management, performance or maintenance of underlying physical systems September 20, 2012 NVO3 Interim Meeting Boston 6

Basic NVO Single NVO3 Autonomous System can span multiple DC that are privately connected or connected via IP-based or LAN-based VPN service Migration from an old DC to a new DC Load migration from one DC to another  The overlay tunnels of an NVO connect NVE directly across sites.  Direct communication between NVO instance members (TES) across sites without an intermediate GW September 20, 2012 NVO3 Interim Meeting Boston 7

Interworking NVE One form of NVE interworks with other forms of NVE – NVE may exist in hypervisor or in ToR VM communicates with a physical machine within the same NVO instance WITHOUT a gateway – NVE may be from different vendors or platforms Replacement of one product with another WITHOUT the need for a gateway One product has desirable features (ex: low latency) which are leveraged for a subset of NVO instance members September 20, 2012 NVO3 Interim Meeting Boston 8

Interworking NVE NVE coexists with “traditional” network functionality – ToR may support both NVO3 and non NVO3 networks Leverage existing ToRs for NVO3 VNs Support hardware-based native multicast to some end systems Support hardware-based low latency to some end systems September 20, 2012 NVO3 Interim Meeting Boston 9

Interworking NVE NVE interworks with “traditional” network functionality – CUG may span NVO3 and non NVO3 virtual network Migration of subnet from dot1q VLAN to NVO instance using an NVE gateway. September 20, 2012 NVO3 Interim Meeting Boston 10

Internetworking NVO Instances Internetworking NVO instances within an NVO3 AS using gateways – A single tenant can have multiple NVO instances where members of one NVO instance need to communicate with members of another NVO instance. NVO instances have routers (or VRFs), firewalls, load-balancers, NAT, IDS/IPS or other network service device between one NVO instance and another Tenant wishes to create logical network structures that mimic a traditional network structure within an NVO3 infrastructure.  May be facilitated through gateway provided by NVO3 infrastructure provider September 20, 2012 NVO3 Interim Meeting Boston 11

Internetworking NVO Instances Internetworking NVO instances within an NVO3 AS using gateways (contd) – Tenants can interconnect their NVO instances for B2B communication  This may use similar gateway elements as those used for inter- NVO instance connectivity within the same tenant and operated by tenants but would require a TES owned by one tenant to “have a leg” in an NVO instance owned by the other.  May be facilitated through gateway provided by NVO3 infrastructure provider September 20, 2012 NVO3 Interim Meeting Boston 12

NVO access from outside NVO3 domain via gateways ̶NVO access via Internet ̶NVO access via a managed VPN ̶NVO access via private line ̶This may use similar gateway elements as those used for inter- NVO instance connectivity within the same tenant and operated by tenants ̶May be facilitated through gateway provided by NVO3 infrastructure provider Internetworking NVO Instances September 20, 2012 NVO3 Interim Meeting Boston 13

Federating NVO3 Autonomous Systems September 20, 2012 NVO3 Interim Meeting Boston 14 Federating AS managed by single Operator Multiple AS used to manage risk of single AS failure Multiple AS based on region  Preserve single-touch automation  Direct tunnels or stitched tunnels Federating AS managed by different Operators  Need use case requirements and examples

Next Step Welcome comments and suggestions Authors request adopting the draft as WG draft September 20, 2012 NVO3 Interim Meeting Boston 15

Acknowledgements Authors like to thank Sue Hares, Young Lee, David Black, Pedro Marques, Mike McBride, David McDysan, and Randy Bush for the review, comments, and inputs. September 20, 2012 NVO3 Interim Meeting Boston 16