By the way, I think the tunneled IP header could be used to for an ipsec gateway to forward the packets to the associated VTEP, if we need to consider the scenarios where the ipsec gateway and the VTEP are not co-located.
Cheers Dacheng 发件人: Michael Shieh <[email protected]> 日期: 2015年6月3日 星期三 上午6:59 至: Tom Herbert <[email protected]> 抄送: David Mozes <[email protected]>, Xuxiaohu <[email protected]>, "[email protected]" <[email protected]>, Liuyuanjiao <[email protected]> 主题: Re: [nvo3] VxLAN Security Consideration sorry for the typo. yes transport mode, to save another tunneled IP header. - Michael On Tue, Jun 2, 2015 at 3:57 PM, Tom Herbert <[email protected]> wrote: > On Tue, Jun 2, 2015 at 11:51 AM, Michael Shieh <[email protected]> wrote: >> > How about using IPsec with transparent mode? the security model has been >> > proven in the field. >> > > Do you mean transport mode? > >> > - Michael >> > >> > >> > On Tue, Jun 2, 2015 at 8:33 AM, David Mozes <[email protected]> wrote: >>> >> >>> >> Agree >>> >> >>> >> >>> >> >>> >> From: nvo3 [mailto:[email protected]] On Behalf Of Liuyuanjiao >>> >> Sent: Tuesday, June 02, 2015 6:03 PM >>> >> To: [email protected] >>> >> Cc: Xuxiaohu; Liuyuanjiao >>> >> Subject: [nvo3] VxLAN Security Consideration >>> >> >>> >> >>> >> >>> >> Dear fellows: >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> Now, in the VxLAN environment, there is no specific Security >>> >> method to protect the VxLAN packet in the middle network. >>> >> >>> >> >>> >> >>> >> The middle network is not controlled by customer and the service >>> >> provider, it’s provided by 3nd company, so the environment is not >>> trusted, >>> >> we need to encrypt the VxLAN packets or VxLAN payload for our user data. >>> >> >>> >> Currently, no such specific method, I think we need to provide one >>> way >>> >> to resolve it. >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> Best Regards >>> >> >>> >> Liu Yuanjiao >>> >> >>> >> >>> >> _______________________________________________ >>> >> nvo3 mailing list >>> >> [email protected] >>> >> https://www.ietf.org/mailman/listinfo/nvo3 >>> >> >> > >> > >> > This message is for the designated and authorized recipient only and may >> > contain privileged, proprietary, confidential or otherwise private >> > information relating to vArmour Networks, Inc. and is the sole property of >> > vArmour Networks, Inc. Any views or opinions expressed are solely those of >> > the author and do not necessarily represent those of vArmour Networks, Inc. >> > If you have received this message in error, or if you are not authorized to >> > receive it, please notify the sender immediately and delete the original >> > message and any attachments from your system immediately. If you are not a >> > designated or authorized recipient, any other use or retention of this >> > message or its contents is prohibited. >> > >> > _______________________________________________ >> > nvo3 mailing list >> > [email protected] >> > https://www.ietf.org/mailman/listinfo/nvo3 >> > This message is for the designated and authorized recipient only and may contain privileged, proprietary, confidential or otherwise private information relating to vArmour Networks, Inc. and is the sole property of vArmour Networks, Inc. Any views or opinions expressed are solely those of the author and do not necessarily represent those of vArmour Networks, Inc. If you have received this message in error, or if you are not authorized to receive it, please notify the sender immediately and delete the original message and any attachments from your system immediately. If you are not a designated or authorized recipient, any other use or retention of this message or its contents is prohibited. _______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
_______________________________________________ nvo3 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nvo3
