idnits 2.17.00 (12 Aug 2021) /tmp/idnits36549/draft-ietf-nvo3-use-case-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 8, 2016) is 1990 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: draft-ietf-nvo3-hpvr2nve-cp-req has been published as RFC 8394 == Outdated reference: draft-ietf-nvo3-arch has been published as RFC 8014 == Outdated reference: draft-ietf-nvo3-mcast-framework has been published as RFC 8293 Summary: 0 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group L. Yong 2 Internet Draft L. Dunbar 3 Category: Informational Huawei 4 M. Toy 5 Verizon 6 A. Isaac 7 Juniper Networks 8 V. Manral 9 Ionos Networks 11 Expires: June 2017 December 8, 2016 13 Use Cases for Data Center Network Virtualization Overlay Networks 15 draft-ietf-nvo3-use-case-14 17 Abstract 19 This document describes data center network virtualization overlay 20 (NVO3) network use cases that can be deployed in various data 21 centers and serve different data center applications. 23 Status of this Memo 25 This Internet-Draft is submitted to IETF in full conformance with 26 the provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF), its areas, and its working groups. Note that 30 other groups may also distribute working documents as Internet- 31 Drafts. 33 Internet-Drafts are draft documents valid for a maximum of six 34 months and may be updated, replaced, or obsoleted by other documents 35 at any time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 The list of current Internet-Drafts can be accessed at 39 http://www.ietf.org/ietf/1id-abstracts.txt. 41 The list of Internet-Draft Shadow Directories can be accessed at 42 http://www.ietf.org/shadow.html. 44 This Internet-Draft will expire on June 8, 2017. 46 Copyright Notice 48 Copyright (c) 2016 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (http://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with 56 respect to this document. Code Components extracted from this 57 document must include Simplified BSD License text as described in 58 Section 4.e of the Trust Legal Provisions and are provided without 59 warranty as described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction...................................................3 64 1.1. Terminology...............................................4 65 2. Basic NVO3 Networks............................................5 66 3. DC NVO3 Network and External Network Interconnection...........6 67 3.1. DC NVO3 Network Access via the Internet...................6 68 3.2. DC NVO3 Network and SP WAN VPN Interconnection............8 69 4. DC Applications Using NVO3.....................................8 70 4.1. Supporting Multiple Technologies..........................9 71 4.2. DC Application with Multiple Virtual Networks.............9 72 4.3. Virtual Data Center (vDC)................................10 73 5. Summary.......................................................12 74 6. Security Considerations.......................................12 75 7. IANA Considerations...........................................12 76 8. Informative References........................................13 77 Contributors.....................................................14 78 Acknowledgements.................................................14 79 Authors' Addresses...............................................14 81 1. Introduction 83 Server virtualization has changed the Information Technology (IT) 84 industry in terms of the efficiency, cost, and speed of providing 85 new applications and/or services such as cloud applications. However 86 traditional data center (DC) networks have some limits in supporting 87 cloud applications and multi tenant networks [RFC7364]. The goal of 88 data center network virtualization overlay (NVO3) networks is to 89 decouple the communication among tenant systems from DC physical 90 infrastructure networks and to allow one physical network 91 infrastructure: 93 o Carry many NVO3 networks and isolate different NVO3 network 94 traffic on a physical network that carries NVO3 network traffic. 96 o Independent address spaces in individual NVO3 networks such as 97 MAC, IP, TCP/UDP etc. 99 o Flexible Virtual Machines (VM) and/or workload placement 100 including the ability to move them from one server to another 101 without requiring VM address changes and physical infrastructure 102 network configuration changes, and the ability to perform a "hot 103 move" with no disruption to the live application running on VMs. 105 These characteristics of NVO3 networks help address the issues that 106 cloud applications face in data centers [RFC7364]. 108 An NVO3 network may interconnect with another NVO3 network on the 109 same physical network, or another physical network (i.e., not the 110 physical network that the NVO3 network is carried over), via a 111 gateway. The use case examples for the latter are: 1) DCs that 112 migrate toward an NVO3 solution will be done in steps, where a 113 portion of tenant systems in a VN is on virtualized servers while 114 others exist on a LAN. 2) many DC applications serve to Internet 115 users who are on physical networks; 3) some applications are CPU 116 bound, such as Big Data analytics, and may not run on virtualized 117 resources. Some inter-VN policies can be enforced at the gateway. 119 This document describes general NVO3 network use cases that apply to 120 various data centers. The use cases described here represent DC 121 provider's interests and vision for their cloud services. The 122 document groups the use cases into three categories from simple to 123 advance in term of implementation. However the implementations of 124 these use cases are outside the scope of this document. These three 125 categories are highlighted below: 127 o Basic NVO3 networks (Section 2). All Tenant Systems (TS) in the 128 network are located within the same DC. The individual networks 129 can be either Layer 2 (L2) or Layer 3 (L3). The number of NVO3 130 networks in a DC is much higher than what traditional VLAN based 131 virtual networks [IEEE 802.1Q] can support. This case is often 132 referred as to the DC East-West traffic. 134 o A virtual network that spans across multiple Data Centers and/or 135 to customer premises where NVO3 networks are constructed and 136 interconnect another virtual or physical network outside the data 137 center. An enterprise customer may use a traditional carrier VPN 138 or an IPsec tunnel over the Internet to communicate with its 139 systems in the DC. This is described in Section 3. 141 o DC applications or services require an advanced network that 142 contains several NVO3 networks that are interconnected by the 143 gateways. Three scenarios are described in Section 4: 1) 144 supporting multiple technologies; 2) constructing several virtual 145 networks as a tenant network; 3) applying NVO3 to a virtual Data 146 Center (vDC). 148 The document uses the architecture reference model defined in 149 [RFC7365] to describe the use cases. 151 1.1. Terminology 153 This document uses the terminologies defined in [RFC7365] and 154 [RFC4364]. Some additional terms used in the document are listed 155 here. 157 DMZ: Demilitarized Zone. A computer or small sub-network that sits 158 between a trusted internal network, such as a corporate private LAN, 159 and an un-trusted external network, such as the public Internet. 161 DNS: Domain Name Service [RFC1035] 163 DC Operator: A role who is responsible to construct and manage cloud 164 service instances in their life-cycle and manage DC infrastructure 165 that runs these cloud instances. 167 DC Provider: A company that uses its DC infrastructure to offer 168 cloud services to its customers. 170 NAT: Network Address Translation [RFC3022] 172 vGW: virtual Gateway; a gateway component used for an NVO3 virtual 173 network to interconnect with another virtual/physical network. 175 2. Basic NVO3 Networks 177 An NVO3 network provides communications among Tenant Systems (TS) in 178 a DC. A TS can be a physical server/device or a virtual machine (VM) 179 on a server, i.e., end-device [RFC7365]. A DC provider often uses 180 NVO3 networks for its internal applications in which each 181 application runs on many VMs or physical services and requires 182 application segregation. 184 A Network Virtual Edge (NVE) is an NVO3 architecture component 185 [RFC7365]]. It is responsible to forward and encapsulate the NVO3 186 traffic in outbound direction; and decapsulate and forward the NVO3 187 traffic in inbound direction [NVO3ARCH]. A Network Virtualization 188 Authority (NVA) is another NVO3 architecture component [RFC7365]. An 189 NVE obtains the reachability information of tenant systems in a NVO3 190 network from the NVA. The tenant systems attached to the same NVE 191 may belong to a same or different NVO3 networks. 193 The network virtualization overlay in this context means that a 194 virtual network is implemented with an overlay technology, i.e., 195 within a DC, NVO3 traffic is encapsulated at an NVE and carried by a 196 tunnel to another NVE where the packet is decapsulated and sent to a 197 target tenant system [NVO3ARCH]. This architecture decouples a NVO3 198 network construction from the DC physical network configuration, 199 which provides the flexibility for VM placement and mobility. It 200 also means that the nodes in the infrastructure network (except 201 tunnel end point nodes) carry encapsulated NVO3 traffic but not 202 aware of the existence of NVO3 networks. In the architecture 203 [NVO3ARCH], one tunnel can carry NVO3 traffic belonging to different 204 NVO3 networks; a virtual network identifier is used in an NVO3 205 encapsulation protocol to differentiate NVO3 traffic. 207 An NVO3 network may be an L2 or L3 domain. The network provides 208 switching (L2) or routing (L3) capability to support host (i.e. 209 tenent systems) communications. An NVO3 network may required to 210 carry unicast traffic and/or multicast, broadcast/unknown (for L2 211 only) traffic from/to tenant systems. There are several ways to 212 transport NVO3 network BUM traffic [NVO3MCAST]. 214 It is worth mentioning two distinct cases regarding to NVE location. 215 The first is where TSs and an NVE are co-located on a single end 216 host/device, which means that the NVE can be aware of the TS's state 217 at any time via an internal API. The second is where TSs and an NVE 218 are not co-located, with the NVE residing on a network device; in 219 this case, a protocol is necessary to allow the NVE to be aware of 220 the TS's state [NVO3HYVR2NVE]. 222 One NVO3 network can provide connectivity to many TSs that attach to 223 many different NVEs in a DC. TS dynamic placement and mobility 224 results in frequent changes of the binding between a TS and an NVE. 225 The TS reachability update mechanisms need be fast enough so that 226 the updates do not cause any communication disruption/interruption. 227 The capability of supporting many TSs in a virtual network and many 228 more virtual networks in a DC is critical for the NVO3 solution. 230 If a virtual network spans across multiple DC sites, one design 231 using NVO3 is to allow the network to seamlessly span across the 232 sites without DC gateway routers' termination. In this case, the 233 tunnel between a pair of NVEs can be carried within other 234 intermediate tunnels over the Internet or other WANs, or an intra DC 235 tunnel and inter DC tunnel(s) can be stitched together to form an 236 end-to-end tunnel between the pair of NVEs that are in different DC 237 sites. Both cases will form one virtual network across multiple DC 238 sites. 240 3. DC NVO3 Network and External Network Interconnection 242 Many customers (an enterprise or individuals) who utilize a DC 243 provider's compute and storage resources to run their applications 244 need to access their systems hosted in a DC through Internet or 245 Service Providers' Wide Area Networks (WAN). A DC provider can 246 construct a NVO3 network that provides connectivity to all the 247 resources designated for a customer and allows the customer to 248 access the resources via a virtual gateway (vGW). This, in turn, 249 becomes the case of interconnecting an NVO3 network and the virtual 250 private network (VPN) on the Internet or wide-area networks (WAN). 251 Note that a VPN is not implemented by NVO3 solution. Two use cases 252 are described here. 254 3.1. DC NVO3 Network Access via the Internet 256 A customer can connect to an NVO3 network via the Internet in a 257 secure way. Figure 1 illustrates an example of this case. The NVO3 258 network has an instance at NVE1 and NVE2 and the two NVEs are 259 connected via an IP tunnel in the Data Center. A set of tenant 260 systems are attached to NVE1 on a server. NVE2 resides on a DC 261 Gateway device. NVE2 terminates the tunnel and uses the VNID on the 262 packet to pass the packet to the corresponding vGW entity on the DC 263 GW (the vGW is the default gateway for the virtual network). A 264 customer can access their systems, i.e., TS1 or TSn, in the DC via 265 the Internet by using an IPsec tunnel [RFC4301]. The IPsec tunnel is 266 configured between the vGW and the customer gateway at the customer 267 site. Either a static route or iBGP may be used for prefix 268 advertisement. The vGW provides IPsec functionality such as 269 authentication scheme and encryption; iBGP protocol traffic is 270 carried within the IPsec tunnel. Some vGW features are listed below: 272 o The vGW maintains the TS/NVE mappings and advertises the TS 273 prefix to the customer via static route or iBGP. 275 o Some vGW functions such as firewall and load balancer can be 276 performed by locally attached network appliance devices. 278 o If the NVO3 network uses different address space than external 279 users, then the vGW needs to provide the NAT function. 281 o More than one IPsec tunnel can be configured for redundancy. 283 o The vGW can be implemented on a server or VM. In this case, IP 284 tunnels or IPsec tunnels can be used over the DC infrastructure. 286 o DC operators need to construct a vGW for each customer. 288 Server+---------------+ 289 | TS1 TSn | 290 | |...| | 291 | +-+---+-+ | Customer Site 292 | | NVE1 | | +-----+ 293 | +---+---+ | | CGW | 294 +------+--------+ +--+--+ 295 | * 296 L3 Tunnel * 297 | * 298 DC GW +------+---------+ .--. .--. 299 | +---+---+ | ( '* '.--. 300 | | NVE2 | | .-.' * ) 301 | +---+---+ | ( * Internet ) 302 | +---+---+. | ( * / 303 | | vGW | * * * * * * * * '-' '-' 304 | +-------+ | | IPsec \../ \.--/' 305 | +--------+ | Tunnel 306 +----------------+ 308 DC Provider Site 310 Figure 1 - DC Virtual Network Access via the Internet 312 3.2. DC NVO3 Network and SP WAN VPN Interconnection 314 In this case, an Enterprise customer wants to use a Service Provider 315 (SP) WAN VPN [RFC4364] [RFC7432] to interconnect its sites with an 316 NVO3 network in a DC site. The Service Provider constructs a VPN for 317 the enterprise customer. Each enterprise site peers with an SP PE. 318 The DC Provider and VPN Service Provider can build an NVO3 network 319 and a WAN VPN independently, and then interconnect them via a local 320 link, or a tunnel between the DC GW and WAN PE devices. The control 321 plane interconnection options between the DC and WAN are described 322 in RFC4364 [RFC4364]. Using Option A with VRF-LITE [VRF-LITE], both 323 ASBRs, i.e., DC GW and SP PE, maintain a routing/forwarding table 324 (VRF). Using Option B, the DC ASBR and SP ASBR do not maintain the 325 VRF table; they only maintain the NVO3 network and VPN identifier 326 mappings, i.e., label mapping, and swap the label on the packets in 327 the forwarding process. Both option A and B allow the NVO3 network 328 and VPN using own identifier and two identifiers are mapped at DC GW. 329 With option C, the VN and VPN use the same identifier and both ASBRs 330 perform the tunnel stitching, i.e., tunnel segment mapping. Each 331 option has pros/cons [RFC4364] and has been deployed in SP networks 332 depending on the applications in use. BGP is used with these options 333 for route distribution between DCs and SP WANs. Note that if the DC 334 is the SP's Data Center, the DC GW and SP PE in this case can be 335 merged into one device that performs the interworking of the VN and 336 VPN within an AS. 338 The configurations above allow the enterprise networks to 339 communicate with the tenant systems attached to the NVO3 network in 340 the DC without interfering with the DC provider's underlying 341 physical networks and other NVO3 networks in the DC. The enterprise 342 can use its own address space in the NVO3 network. The DC provider 343 can manage which VM and storage elements attach to the NVO3 network. 344 The enterprise customer manages which applications run on the VMs 345 without knowing the location of the VMs in the DC. (See Section 4 346 for more) 348 Furthermore, in this use case, the DC operator can move the VMs 349 assigned to the enterprise from one sever to another in the DC 350 without the enterprise customer being aware, i.e., with no impact on 351 the enterprise's 'live' applications. Such advanced technologies 352 bring DC providers great benefits in offering cloud services, but 353 add some requirements for NVO3 [RFC7364] as well. 355 4. DC Applications Using NVO3 357 NVO3 technology provides DC operators with the flexibility in 358 designing and deploying different applications in an end-to-end 359 virtualization overlay environment. The operators no longer need to 360 worry about the constraints of the DC physical network configuration 361 when creating VMs and configuring a network to connect them. A DC 362 provider may use NVO3 in various ways, in conjunction with other 363 physical networks and/or virtual networks in the DC for a reason. 364 This section highlights some use cases for this goal. 366 4.1. Supporting Multiple Technologies 368 Servers deployed in a large data center are often installed at 369 different times, and may have different capabilities/features. Some 370 servers may be virtualized, while others may not; some may be 371 equipped with virtual switches, while others may not. For the 372 servers equipped with Hypervisor-based virtual switches, some may 373 support VxLAN [RFC7348] encapsulation, some may support NVGRE 374 encapsulation [RFC7637], and some may not support any encapsulation. 375 To construct a tenant network among these servers and the ToR 376 switches, operators can construct one traditional VLAN network and 377 two virtual networks where one uses VxLAN encapsulation and the 378 other uses NVGRE, and interconnect these three networks via a 379 gateway or virtual GW. The GW performs packet 380 encapsulation/decapsulation translation between the networks. 382 Another case is that some software of a tenant is high CPU and 383 memory consumption, which only makes a sense to run on metal servers; 384 other software of the tenant may be good to run on VMs. However 385 provider DC infrastructure is configured to use NVO3 to connect to 386 VMs and VLAN [IEEE802.1Q] connect to metal services. The tenant 387 network requires interworking between NVO3 and traditional VLAN. 389 4.2. DC Application with Multiple Virtual Networks 391 A DC application may necessarily be constructed with multi-tier 392 zones, where each zone has different access permissions and runs 393 different applications. For example, a three-tier zone design has a 394 front zone (Web tier) with Web applications, a mid zone (application 395 tier) where service applications such as credit payment or ticket 396 booking run, and a back zone (database tier) with Data. External 397 users are only able to communicate with the Web application in the 398 front zone; the back zone can only receive traffic from the 399 application zone. In this case, communications between the zones 400 must pass through a GW/firewall. Each zone can be implemented by one 401 NVO3 network and a GW/firewall can be used to between two NVO3 402 networks, i.e., two zones. As a result, a tunnel carrying NVO3 403 network traffic must be terminated at the GW/firewall where the NVO3 404 traffic is processed. 406 4.3. Virtual Data Center (vDC) 408 An enterprise data center today may deploy routers, switches, and 409 network appliance devices to construct its internal network, DMZ, 410 and external network access; it may have many servers and storage 411 running various applications. With NVO3 technology, a DC Provider 412 can construct a virtual Data Center (vDC) over its physical DC 413 infrastructure and offer a virtual Data Center service to enterprise 414 customers. A vDC at the DC Provider site provides the same 415 capability as the physical DC at a customer site. A customer manages 416 its own applications running in its vDC. A DC Provider can further 417 offer different network service functions to the customer. The 418 network service functions may include firewall, DNS, load balancer, 419 gateway, etc. 421 Figure 2 below illustrates one such scenario at service abstraction 422 level. In this example, the vDC contains several L2 VNs (L2VNx, 423 L2VNy, L2VNz) to group the tenant systems together on a per- 424 application basis, and one L3 VN (L3VNa) for the internal routing. A 425 network firewall and gateway runs on a VM or server that connects to 426 L3VNa and is used for inbound and outbound traffic processing. A 427 load balancer (LB) is used in L2VNx. A VPN is also built between the 428 gateway and enterprise router. An Enterprise customer runs 429 Web/Mail/Voice applications on VMs within the vDC. The users at the 430 Enterprise site access the applications running in the vDC via the 431 VPN; Internet users access these applications via the 432 gateway/firewall at the provider DC site. 434 Internet ^ Internet 435 | 436 ^ +--+---+ 437 | | GW | 438 | +--+---+ 439 | | 440 +-------+--------+ +--+---+ 441 |Firewall/Gateway+--- VPN-----+router| 442 +-------+--------+ +-+--+-+ 443 | | | 444 ...+.... |..| 445 +-------: L3 VNa :---------+ LANs 446 +-+-+ ........ | 447 |LB | | | Enterprise Site 448 +-+-+ | | 449 ...+... ...+... ...+... 450 : L2VNx : : L2VNy : : L2VNz : 451 ....... ....... ....... 452 |..| |..| |..| 453 | | | | | | 454 Web App. Mail App. VoIP App. 456 Provider DC Site 458 Figure 2 - Virtual Data Center Abstraction View 460 The enterprise customer decides which applications should be 461 accessible only via the intranet and which should be assessable via 462 both the intranet and Internet, and configures the proper security 463 policy and gateway function at the firewall/gateway. Furthermore, an 464 enterprise customer may want multi-zones in a vDC (See section 4.2) 465 for the security and/or the ability to set different QoS levels for 466 the different applications. 468 The vDC use case requires an NVO3 solution to provide DC operators 469 with an easy and quick way to create an NVO3 network and NVEs for 470 any vDC design, to allocate TSs and assign TSs to the corresponding 471 NVO3 network, and to illustrate vDC topology and manage/configure 472 individual elements in the vDC in a secure way. 474 5. Summary 476 This document describes some general and potential NVO3 use cases in 477 DCs. The combination of these cases will give operators the 478 flexibility and capability to design more sophisticated cases for 479 various cloud applications. 481 DC services may vary, from infrastructure as a service (IaaS), to 482 platform as a service (PaaS), to software as a service (SaaS). 483 In these services, NVO3 networks are just a portion of such services. 485 NVO3 uses tunnel techniques to deliver NVO3 traffic over DC physical 486 infrastructure network. A tunnel encapsulation protocol is 487 necessary. An NVO3 tunnel may in turn be tunneled over other 488 intermediate tunnels over the Internet or other WANs. 490 An NVO3 network in a DC may be accessed by external users in a 491 secure way. Many existing technologies can help achieve this. 493 6. Security Considerations 495 Security is a concern. DC operators need to provide a tenant with a 496 secured virtual network, which means one tenant's traffic is 497 isolated from other tenants' traffic as well as from underlay 498 networks. DC operators also need to prevent against a tenant 499 application attacking their underlay DC network; further, they need 500 to protect against a tenant application attacking another tenant 501 application via the DC infrastructure network. For example, a tenant 502 application attempts to generate a large volume of traffic to 503 overload the DC's underlying network. An NVO3 solution has to 504 address these issues. 506 7. IANA Considerations 508 This document does not request any action from IANA. 510 8. Informative References 512 [IEEE802.1Q] IEEE, "IEEE Standard for Local and metropolitan area 513 networks -- Media Access Control (MAC) Bridges and Virtual 514 Bridged Local Area", IEEE Std 802.1Q, 2011. 516 [NVO3HYVR2NVE] Li, Y., et al, "Hypervisor to NVE Control Plane 517 Requirements", draft-ietf-nvo3-hpvr2nve-cp-req-05, work in 518 progress. 520 [NVO3ARCH] Black, D., et al, "An Architecture for Overlay Networks 521 (NVO3)", draft-ietf-nvo3-arch-08, work in progress. 523 [NVO3MCAST] Ghanwani, A., Dunbar, L., et al, "A Framework for 524 Multicast in Network Virtualization Overlays", draft-ietf- 525 nvo3-mcast-framework-05, work in progress. 527 [RFC1035] Mockapetris, P., "DOMAIN NAMES - Implementation and 528 Specification", RFC1035, November 1987. 530 [RFC3022] Srisuresh, P. and Egevang, K., "Traditional IP Network 531 Address Translator (Traditional NAT)", RFC3022, January 532 2001. 534 [RFC4301] Kent, S., "Security Architecture for the Internet 535 Protocol", rfc4301, December 2005 537 [RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private 538 Networks (VPNs)", RFC 4364, February 2006. 540 [RFC7348] Mahalingam, M., Dutt, D., et al, "Virtual eXtensible Local 541 Area Network (VXLAN): A Framework for Overlaying 542 Virtualized Layer 2 Networks over Layer 3 Networks", 543 RFC7348 August 2014. 545 [RFC7364] Narten, T., et al "Problem Statement: Overlays for Network 546 Virtualization", RFC7364, October 2014. 548 [RFC7365] Lasserre, M., Motin, T., et al, "Framework for DC Network 549 Virtualization", RFC7365, October 2014. 551 [RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A. and 552 J. Uttaro, "BGP MPLS Based Ethernet VPN", RFC7432, 553 February 2015 555 [RFC7637] Garg, P., and Wang, Y., "NVGRE: Network Virtualization 556 using Generic Routing Encapsulation", RFC7637, Sept. 2015. 558 [VRF-LITE] Cisco, "Configuring VRF-lite", http://www.cisco.com 560 Contributors 562 Vinay Bannai 563 PayPal 564 2211 N. First St, 565 San Jose, CA 95131 566 Phone: +1-408-967-7784 567 Email: vbannai@paypal.com 569 Ram Krishnan 570 Brocade Communications 571 San Jose, CA 95134 572 Phone: +1-408-406-7890 573 Email: ramk@brocade.com 575 Kieran Milne 576 Juniper Networks 577 1133 Innovation Way 578 Sunnyvale, CA 94089 579 Phone: +1-408-745-2000 580 Email: kmilne@juniper.net 582 Acknowledgements 584 Authors like to thank Sue Hares, Young Lee, David Black, Pedro 585 Marques, Mike McBride, David McDysan, Randy Bush, Uma Chunduri, Eric 586 Gray, David Allan, Joe Touch, Olufemi Komolafe, and Matthew Bocci 587 for the review, comments, and suggestions. 589 Authors' Addresses 591 Lucy Yong 592 Huawei Technologies 594 Phone: +1-918-808-1918 595 Email: lucy.yong@huawei.com 597 Linda Dunbar 598 Huawei Technologies, 599 5340 Legacy Dr. 600 Plano, TX 75025 US 602 Phone: +1-469-277-5840 603 Email: linda.dunbar@huawei.com 605 Mehmet Toy 606 Verizon 607 Phone : +1-856-792-2801 608 E-mail : mtoy054@yahoo.com 610 Aldrin Isaac 611 Juniper Networks 612 E-mail: aldrin.isaac@gmail.com 614 Vishwas Manral 616 Email: vishwas@ionosnetworks.com