Ali, Just follow up with my question in the BESS WG session. Your draft introduced two Tunnel Types in 5.1: ESP-Transport and ESP-in-UDP Transport as below.
When standard IP Encapsulating Security Payload (ESP) is used (without outer UDP header) for encryption of NVO packets, it is used in transport mode as depicted below. When such encapsulation is used, for BGP signaling, the Tunnel Type of Tunnel Encapsulation TLV is set to ESP-Transport and the Tunnel Type of Encapsulation Extended Community is set to NVO encapsulation type (e.g., VxLAN, GENEVE, GPE, etc.). This implies that the customer packets are first encapsulated using NVO encapsulation type and then it is further encapsulated & encrypted using ESP-Transport mode. Question 1: Are you assuming that using IPsec Transport mode? Instead of IPsec Tunnel mode? Question 2: Your Figure 3 has two encodings, which one is "ESP-Transport", which one is "ESP-in-UDP"? Question 3: The NVO encapsulation (VxLAN, GENEVE, GRE) can also be inside the IPsec ESP tunnel. In that case, which type is used? Thanks, Linda
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
