Just one comment... On Oct 23, 2014, at 8:35 AM, Tom Herbert <[email protected]> wrote:
>> >> Security: could we re-use IPSEC ESP/AH ? In tunnel mode as we would add >> already an underlay IPv4/IPv6 header? >> (I'm no expert in this area but why not re-using other peoples work) > Interoperability with IPSEC should also be a requirement. Assuming > that an encapsulation header is still needed, there are two possible > use cases: apply ESP/AH on outer packet or apply ESP/AH to inner > packet where the IPSEC header is between network overlay header and > inner IP header, The second is needed if we want to keep the network > virtualization of the packet visible to the network (e.g. firewall by > VNID). 110% agree. More and more conversations with customers are turning to security & encryption concerns. IPSEC support/interoperability for me is a requirement Jon _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
