Kathleen Moriarty has entered the following ballot position for
draft-ietf-nvo3-use-case-15: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
Kathleen Moriarty has entered the following ballot position for
draft-ietf-nvo3-hpvr2nve-cp-req-15: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please
[yz].
>
> Rgds,
> Yizhou
>
> -Original Message-
> From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com]
> Sent: Thursday, February 22, 2018 12:07 PM
> To: The IESG
> Cc: draft-ietf-nvo3-hpvr2nve-cp-...@ietf.org; Matthew Bocci
> ; nvo3-cha...@ietf.o
Hello,
I just read through draft-ietf-nvo3-geneve, sorry I am out-of-cycle in the
review process, but it looks like it has not started IETF last call yet. I
have what's really just a nit and request for a little more text.
Section 4.3.1
The value of the UDP checksum is overstated. The text sho
ible with en-to-end security
> (IPsec, DTLS) to protect Geneve NVE-to-NVE communications. The document
> defines Transit Devices that intercept on-path packets of an NVE-to-NVE
> communications, which is not possible with DTLS or IPsec.
>
> Yours,
> Daniel
>
>
pful to have the full security
considerations understood. I appreciate you adding it in the draft.
I'll respond to other messages in the thread and apologize for my delay.
Best regards,
Kathleen
>
>
> Thanks,
>
> Ilango
>
>
>
>
>
> *From:* nvo3 [mailto:nvo3-boun
gt;In order to provide integrity of Geneve headers, options and payload,
>>>>>for example to avoid mis-delivery of payload to different tenant
>>>>>systems in case of data corruption, outer UDP checksum SHOULD be used
>>>>>with Geneve when tra
t;
>>
>>
>>
>>An operator MAY choose to
>>
>>disable UDP checksum and use zero checksum if Geneve packet integrity
>>
>>is provided by other data integrity mechanisms such as IPsec or
>>
>>additional checksums or if one
Hello,
Thank you for a well written document! I know I am late to be offering
comments, but with a quick read, I think calling out the ability to tamper
with or alter packets should be made in the second sentence of the security
considerations section. You do have the relevant text on integrity