[Swan] vxlan support
Paul Wouters
paul at nohats.ca
Tue Jan 23 17:30:48 UTC 2018
On Tue, 23 Jan 2018, Sowmini Varadhan wrote:
> vxlan tunnels an L2 frame over udp. (rfc 7348)
Ahh. I see.
> are you planning on applying ipsec to the vxlan'ed frame?
>
> If yes, you'd have to set up your swan tunnel config for something like
>
> leftprotoport=udp/4789
> and
> rightprotoport=udp/4789
>
> (you'd need 2 tunnels per peering pair)
Why two? Are both peers using an ephemeral souce port? If it is port
4789 to port 4789, wouldn't one tunnel be enough?
Paul
More information about the Swan
mailing list