This presentation will talk about the design and implementation of encrypting OVN tunnel traffic with IPSEC.
First, we will present an OVS-IPSEC daemon which adds IPSEC support for OVS tunnels, including GRE, STT, VXLAN, and GENEVE. This daemon provides a unified and user-friendly interface to configure IPSEC tunnels with different IKE daemons (StrongSwan and LibreSwan). It also supports three authentication methods (pre-shared key, self-signed certificate, and CA-signed certificate) to meet different deployment requirements.
Then, we will explain how OVN uses OVS-IPSEC daemon to encrypt its GENEVE tunnel traffic. We will show a demo on configuring and enabling