Geneve Security Requirements

Document Type Expired Internet-Draft (individual)
Authors Daniel Migault  , Sami Boutros  , Dan Wing  , Suresh Krishnan 
Last updated 2019-09-01 (latest revision 2019-02-28)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The document defines the security requirements to protect tenants overlay traffic against security threats from the NVO3 network components that are interconnected with tunnels implemented using Generic Network Virtualization Encapsulation (Geneve). The document provides two sets of security requirements: 1. requirements to evaluate the data plane security of a given deployment of Geneve overlay. Such requirements are intended to Geneve overlay provider to evaluate a given deployment. 2. requirement a security mechanism need to fulfill to secure any deployment of Geneve overlay deployment


Daniel Migault (
Sami Boutros (unknown-email-Sami-Boutros)
Dan Wing (
Suresh Krishnan (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)