On Thu, May 1, 2014 at 3:20 PM, Joe Touch <[email protected]> wrote: > > > On 4/30/2014 2:23 PM, Behcet Sarikaya wrote: > >> Here is what VXLAN says on tunneled traffic: >> >> Tunneled traffic over the IP network can be secured with traditional >> security mechanisms like IPsec that authenticate and optionally >> encrypt VXLAN traffic. This will, of course, need to be coupled with >> an authentication infrastructure for authorized endpoints to obtain >> and distribute credentials. >> >> Based on this, UDP checksum text seems to be consistent, no? >> > > No; the UDP checksum is not for authetication. It is an error check. > > The only party that can decide to make the UDP checksum optional when > using IPv4 is the source - by inserting zero. > > It's not the receiver's choice to ignore that checksum if it's not zero. > That's where this doc breaks the current standards. > > The important point in the above text that I quoted was encryption being optional not about authentication. So checksum would be zero if the payload is encrypted and non-zero if it is not not and both cases are possible.
Behcet > Joe >
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
