East-West Overlay Encryption with IPSEC Example

VXLAN can be used to provide direct layer 2 connectivity between entities over a routed path. L3 (BGP based) datacenter fabric designs make use of overlay and virtualized networks to more flexibly meet application needs and requirements.

IPsec can be used to encrypt overlay encapsulations such as VXLAN. Whether crossing a shared/public line or implementing hybrid cloud connectivity solutions, IPsec encryption on a DPU can be entirely transparent to the application and impose no performance penalty with hardware acceleration.

In this example, Strongswan provides the IPsec control plane and key management for encrypting VXLAN tunnels between two hosts: