diff options
| author | Mark Gray <mark.d.gray@redhat.com> | 2020-09-16 05:19:35 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2020-09-16 17:41:38 -0700 |
| commit | 34beb21594519ce64a55a498c2fe7d567bc1ca20 (patch) | |
| tree | 6f42f7006b65f4562d0605a23fb855e1f3e9fd92 /drivers/net/hyperv | |
| parent | 5f1ab0f493f81517a7b47d859cd5d32e6af1eb9f (diff) | |
geneve: add transport ports in route lookup for geneve
This patch adds transport ports information for route lookup so that
IPsec can select Geneve tunnel traffic to do encryption. This is
needed for OVS/OVN IPsec with encrypted Geneve tunnels.
This can be tested by configuring a host-host VPN using an IKE
daemon and specifying port numbers. For example, for an
Openswan-type configuration, the following parameters should be
configured on both hosts and IPsec set up as-per normal:
$ cat /etc/ipsec.conf
conn in
...
left=$IP1
right=$IP2
...
leftprotoport=udp/6081
rightprotoport=udp
...
conn out
...
left=$IP1
right=$IP2
...
leftprotoport=udp
rightprotoport=udp/6081
...
The tunnel can then be setup using "ip" on both hosts (but
changing the relevant IP addresses):
$ ip link add tun type geneve id 1000 remote $IP2
$ ip addr add 192.168.0.1/24 dev tun
$ ip link set tun up
This can then be tested by pinging from $IP1:
$ ping 192.168.0.2
Without this patch the traffic is unencrypted on the wire.
Fixes: 2d07dc79fe04 ("geneve: add initial netdev driver for GENEVE tunnels")
Signed-off-by: Qiuyu Xiao <qiuyu.xiao.qyx@gmail.com>
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/hyperv')
0 files changed, 0 insertions, 0 deletions