Skip to main content

Geneve Security Requirements

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Daniel Migault , Sami Boutros , Dan Wing , Suresh Krishnan
Last updated 2019-09-01 (Latest revision 2019-02-28)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The document defines the security requirements to protect tenants overlay traffic against security threats from the NVO3 network components that are interconnected with tunnels implemented using Generic Network Virtualization Encapsulation (Geneve). The document provides two sets of security requirements: 1. requirements to evaluate the data plane security of a given deployment of Geneve overlay. Such requirements are intended to Geneve overlay provider to evaluate a given deployment. 2. requirement a security mechanism need to fulfill to secure any deployment of Geneve overlay deployment


Daniel Migault
Sami Boutros
Dan Wing
Suresh Krishnan

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)