Hi Tom,
>The Security Considerations section needs content. First and foremost, >in a multi-tenant data center ensuring strict isolation between >different tenants traffic seems fundamental and the mechanisms for >doing that should be explicit in the description of an encapsulation. >Bear in mind that when we use UDP for encapsulation there is typically >nothing in a host to prevent an unprivileged application from spoofing >well formed nvo3 packets and sending them to arbitrary destinations >(this is harder to do with other protocols such as TCP or GRE). A >24-bit VNI is not sufficient to provide any guarantee of virtual >network isolation. Can you please elaborate more on why 24- bit is not sufficient to provide network isolation? We have the section 6.2.2 on security and integrity that we borrowed the text you supplied for it’s content. We can refer in the security considerations to the 6.2.2 section? Is this what you are looking for? Thanks, Sami > >Tom _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
