tunnelled migration

[Caitlin Bestler]

Andrew Cathrow wrote:

> While I agree that a vlan should be enough, and that's their purpose we've learned from downstream
> customers that this isn't enough and their security teams require all traffic to be encrypted.

Leaving the issue to the network layer allows each customer to easily control the quality of encryption
used for each tunnel. When you do encryption at the application layer the user has to learn how to
exercise whatever options you allow for each and every application.