never heard of it ;-) I believe the first draft is documenting a solution implemented by VMware. At least this is my understanding of it. The second one is using a packet format for a Geneve option that looks like AH. I actually do not really see how this could "re-use" IPsec implementation while it is heavily inspired from IPsec.
Note also that the current discussion on Geneve is on the security requirements, so discussion is currently put on hold for these draft. That said, I am happy to have feed backs and one or other proposed solutions. Yours, Daniel On Thu, Jul 12, 2018 at 10:08 AM, Paul Wouters <[email protected]> wrote: > > I was pointed to two drafts about using IPsec for transporting virtual > machine network traffic. Specifically, its use of AH is what I'm a > little concerned about, as I was hoping the IPsecME WG could start work > soon at obsoleting AH and recommend ESP-null for the remaining use cases. > > IPsec over Geneve Encapsulation > https://tools.ietf.org/html/draft-boutros-nvo3-ipsec-over-geneve-01 > > Geneve Header Authentication Option (GAO) > https://tools.ietf.org/html/draft-mglt-nvo3-geneve-authentic > ation-option-00 > > Is anyone aware of any other existing or planned deployments of AH? > > Paul > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec >
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
