[Swan] FYI: IPsec Transport Mode kernel bug takes out cluster

D. Hugh Redelmeier hugh at mimosa.com
Sat May 9 04:11:15 EEST 2015


| From: Paul Wouters <paul at nohats.ca>

| An interesting series of bugs that involves IPsec Transport Mode and AES-NI
| and end
| up taking down a cluster.
| 
| http://www.pagerduty.com/blog/the-discovery-of-apache-zookeepers-poison-packet/

I don't understand the details of AES-NI vs Zen.  Is it just that the
AES-NI is emulated incorrectly by Zen in ParaVirtualization mode?
(HVM means Hardware Virtual Machine.)


More information about the Swan mailing list