Re: community feedback on removing non-encrypted support from consul-release
|
Amit Kumar Gupta
Hey Aaron,
toggle quoted message
Show quoted text
That's a good point. We have done some internal stress-testing at scale with IPsec and with consul happening to be in encrypted mode. The data generally showed that this had negligible impact on things involving consul. What are the chances you could validate this in one of your environments with IPsec and secure consul, to get another data point? Also, do you have a summary of where sensitive information is being transmitted over NATS? Is it just traffic involving DEA/HM9k? Are you running Diego, and do you still see sensitive info despite being on the Diego backend? You may also be interested to know that the DEA & HM9k team is working on moving a lot of traffic from NATS to HTTPS: https://www.pivotaltracker.com/n/projects/900612 Cheers, Amit Gupta, Pivotal CF Infrastructure team PM On Sat, Feb 6, 2016 at 5:26 PM, aaron_huber <aaron.m.huber(a)intel.com> wrote:
The only thought I have is that for some of us that are doing network level |
|
|