On 3/21/14 9:25 AM, Tom Herbert wrote:
7) In a large network bit errors, HW failures, SW bugs are common occurrences. It's problematic that in VXLAN and nvgre even a single bit error in the vni could misdirect a packet to the wrong VM (no CRC or checksum protects vni).
Tom,
It sounds like we need some approach to be able to avoid misdelivering packets if there is a bit error in the vni field. I suspect there might be multiple approaches (UDP-lite covering the NVO3 header, header checksum field in the NVO3 header).
But my high-level question is whether the security requirements will be such that you are likely to want to use IPsec. If so adding a checksum over the vni wouldn't be needed.
Regards, Erik _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
