[ovs-discuss] Multiple IPSEC bridges

Ansis ansisatteka at gmail.com
Fri Sep 13 17:52:12 UTC 2019


On Fri, 13 Sep 2019 at 01:26, Benjamin <benjamin.reis at vates.fr> wrote:
>
> Hello,
>
> Is it possible to have multiple bridges using IPSEC/GRE tunnels with
> same configuration?
IIRC, it is not possible to create multiple IPsec tunnels of same
flavor (in your case GRE) between the same two endpoints.

This limitation kinda comes from Linux IPsec stack. While ip-xfrm man
page mentions that it is possible for IPsec stack to match on GRE key,
there is not way to match on Geneve, VXLAN, STT and other protocols
the same way. So since we could not implement this in uniform manner
across all transport protocols, then we did not bother to implement
that for GRE either.


> For now, creating one works fine but as soon as I create a 2nd none
> works, there's no active connections and no error in logs.
> I'm using `options:key` to allow having multiple GRE tunnels with same
> configuration.
>
> Thanks
> Benjamin Reis
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


More information about the discuss mailing list