[ovs-dev] encrypting only some traffic (was: OVN: Encrypt tunnel traffic with IPsec)
blp at ovn.org
Mon Jun 25 22:32:17 UTC 2018
On Mon, Jun 25, 2018 at 03:14:06PM -0700, Ansis Atteka wrote:
> On Mon, 25 Jun 2018 at 15:06, Qiuyu Xiao <qiuyu.xiao.qyx at gmail.com> wrote:
> > Thanks for your comments!
> > > For #1 and #2 you would not need skb mark at all. Are you considering these
> > > two approaches as well?
> > My current proposal will implement #1. #2 is also a nice feature to have! To enable #2, the northbound and southbound database can include information that dictate which pair of transport nodes requires encryption. Then the OVN controller can set tunnel options accordingly.
> If your current proposal is #1 and/or #2 then can you explain one more
> time why skb_mark is even needed?
It's not needed for #1 or #2. We're thinking ahead.
More information about the dev