Linda Dunbar <[email protected]> wrote: > The primary scenario for the proposed authentication method is from draft-ietf-rtgwg-multi-segment-sdwan > where an additional header (GENEVE Encapsulation [RFC8926]) is added to > the encrypted payload to steer packets through underlay networks. In > these scenarios, the underlay network edge nodes do not decrypt and > re-encrypt the payloads. The header information is used for optimizing > packet forwarding in underlay networks and, therefore, resides outside > the IPsec ESP header.
So, why is this an IPsec problem/concern? -- Michael Richardson <[email protected]>, Sandelman Software Works -= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
