Geneve Header Encryption Option (GEO)daniel.migault@ericsson.com
Routing
NVO3This document describes the Geneve Encryption Option
(GEO). This option enables a Geneve forwarding element to encrypt
the Geneve Header with selected associated Geneve Options as well as a
portion of the Geneve Payload.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .For generic format of the Geneve Options is defined in . The following values are expected:
Option Class: 0x0000Type: C is unset as the GEO can simply be ignored by a NVE or a
transit node. The GSP will prevent to accept a GOA that is mandated by
the GSP and that has not been validated. R is set to 0.Length: This document only considers the algorithms recommended by
ENCR_AES_GCM_16 or
ENCR_CHACHA20_POLY1305. These algorithms are defined in and .GEO is a termination Geneve Option. The encrypted Geneve Options and
portion of the encrypted Geneve Payload are appended to the Geneve Header.
They are not encoded as an Geneve Option.There are no IANA consideration for this document.Geneve Security RequirementsGeneve Security Architecture