Apologies if this is a stupid question, but I haven’t found it addressed anywhere:
What are the trade-offs of using IPSec versus the VXLan managed network implementations? So far all I’ve been able to glean from various GitHub issues is that VXLan performs faster but loses the inherent encryption between hosts.
VXLan allows you to set up networks programmatically at a low cost, and does support encryption as an option to the overlay driver. (Look up the --opt encrypted
argument to network create
. )
IPSec is a protocol for protecting traffic in terms of detecting changes and/or encrypting the data payload, and works in either a direct or tunneled mode. It does not require encryption, and can be used without the data
At the end of the day they are really two different technologies targeting different use cases.
Could you elaborate on the differing use cases? Ours is that we are on a shared network so we want RANCHER to provide encrypted comms for all our intracontainer environment. Thanks
I’d have to agree. I get that the first reply is technically correct, but in Rancher it appears I’m given two distinct options: VXLan or IPSec. If I have two things to choose from I need some background regarding why there are two options and in what cases I should use each one.