Talking about performance: An ACL that can limit its looks to
a single place in the IP header (i.e., with translation) can
likely be more efficient that an ACL that needs to look into
an inner IP header behind a pair of LISP and UDP headers.
JD: In any map & encap scheme, won't a transit space router have to
deal with a multiplicity of packet formats (e.g., both encapsulated
and
non-encapsulated packets) and won't it be a performance hit to figure
out a packet's format and then look for the correct fields within it?