Closed skitt closed 3 years ago
nyechiel
commented
4 years ago Per further discussion, IPsec VPN without encryption is also a good option we should consider. This boils down to supporting different config options per cable driver which is a subset of submariner-io/enhancements#67
nyechiel
commented
4 years ago Per conversation with Paul Wouters (Libreswan maintainer), these are some options to consider:
Generally, with modern NICs/CPUs, setting ESP to null is not recommend; aes_gcm128 is the most efficient option, and should result in same throughput as esp-null. Here is the relevant GCM RFC for more context: https://tools.ietf.org/html/rfc4106
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.
nyechiel
commented
4 years ago bump
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.
skitt
commented
3 years ago This is still relevant.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.
tpantelis
commented
3 years ago bump
What would you like to be added:
Support for unencrypted connections between clusters.
Why is this needed:
All current cable drivers involve encrypting content, which is great for privacy but involves some overhead. On private connections, it would be useful to enable unencrypted connections, for example using IP-on-IP or VxLAN.
Work items: