Epic: support encryption-less connections between clusters #674
Comments
|
Per further discussion, IPsec VPN without encryption is also a good option we should consider. This boils down to supporting different config options per cable driver which is a subset of submariner-io/enhancements#67 |
|
Per conversation with Paul Wouters (Libreswan maintainer), these are some options to consider:
Generally, with modern NICs/CPUs, setting ESP to null is not recommend; aes_gcm128 is the most efficient option, and should result in same throughput as esp-null. Here is the relevant GCM RFC for more context: https://tools.ietf.org/html/rfc4106 |
|
This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions. |
|
bump |
|
This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions. |
|
This is still relevant. |
nyechiel
changed the title
|
This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions. |
|
bump |
nyechiel
added
priority:high
size:large
What would you like to be added:
Support for unencrypted connections between clusters.
Why is this needed:
All current cable drivers involve encrypting content, which is great for privacy but involves some overhead. On private connections, it would be useful to enable unencrypted connections, for example using IP-on-IP or VxLAN.
Work items:
The text was updated successfully, but these errors were encountered: