[ovs-discuss] Multiple IPSEC bridges
Benjamin
benjamin.reis at vates.fr
Mon Sep 16 07:17:58 UTC 2019
If no multiple tunnels with IPSEC, is it possible to multiplex multiple
networks into one IPSEC tunnels?
Without IPSEC I use the 'options:key' field to differentiate different
networks in a single tunnel. Is there a similar mechanism with IPSEC.
>
>
> Le 13/09/2019 à 19:52, Ansis a écrit :
>> On Fri, 13 Sep 2019 at 01:26, Benjamin <benjamin.reis at vates.fr> wrote:
>>> Hello,
>>>
>>> Is it possible to have multiple bridges using IPSEC/GRE tunnels with
>>> same configuration?
>> IIRC, it is not possible to create multiple IPsec tunnels of same
>> flavor (in your case GRE) between the same two endpoints.
>>
>> This limitation kinda comes from Linux IPsec stack. While ip-xfrm man
>> page mentions that it is possible for IPsec stack to match on GRE key,
>> there is not way to match on Geneve, VXLAN, STT and other protocols
>> the same way. So since we could not implement this in uniform manner
>> across all transport protocols, then we did not bother to implement
>> that for GRE either.
>>
>>
>>> For now, creating one works fine but as soon as I create a 2nd none
>>> works, there's no active connections and no error in logs.
>>> I'm using `options:key` to allow having multiple GRE tunnels with same
>>> configuration.
>>>
>>> Thanks
>>> Benjamin Reis
>>> _______________________________________________
>>> discuss mailing list
>>> discuss at openvswitch.org
>>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
More information about the discuss
mailing list