On 7/29/16 12:16 PM, Dino Farinacci wrote:
My major objections are lack of security and extensibility.
I don't know if this helps your security concern but the LISP WG has
draft-ietf-lisp-crypto that is supported by the LISP encapsulating
header.
VXLAN-GPE also had a goal to make VXLAN and LISP converge on a similar
header at the same time as having more demux options. This is why, at
the same time VXLAN-GPE was created, the LISP-GPE header was also
created.
So if the LISP control-plane is used for these data-planes, then key
exchange, encryption, and authentication can be supported for all the
header formats above.
All that needs to be spec'ed is to allocate 2 bits from the *-GPE
headers for a key-id field.
or use the appropriate shim header in combination with VXLAN-GPE as
defined today.
Fabio
Dino
_______________________________________________
nvo3 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nvo3
