Hi, Please the following drafts addressing Geneve security. [1] and [2] seems to me the most relevant to get the whole picture.
Any comment or feed back are welcome! Yours, Daniel - Geneve Protocol Security Requirements [1]. which describes what are the security requirements for the Geneve protocol. - Geneve Header Authentication Option (GAO) [2] describes an option to authenticate a Geneve packet exchanged between NVE. The authentication includes the Geneve Fixed Header, a optional set of Geneve Options as well as a optional portion of the Geneve Payload. - Geneve Header Encryption Option (GEO) [3] describes an option to encrypt a Geneve packet exchanged between NVE. The encryption includes the Geneve Fixed Header, an optional set of Geneve Options as well as an optional portion of the Geneve Payload. - Geneve Security Architecture [4] describes how to administrate various security policies, that being able to assign different policies to different flows on the Geneve overlay network. [1] https://datatracker.ietf.org/doc/draft-mglt-nvo3-geneve-security-requirements/ [2] https://datatracker.ietf.org/doc/draft-mglt-nvo3-geneve-authentication-option/ [3] https://datatracker.ietf.org/doc/draft-mglt-nvo3-geneve-encryption-option/ [4] https://datatracker.ietf.org/doc/draft-mglt-nvo3-geneve-security-architecture/
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
