[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Granularity of authentication in swIPe
Phil,
The scenarios I envision that might require lots of SAIDs are
ones in which IPSP is implemented at one routers for large
organizations. An organization may elect to assign a different SAID
for each (ultimate) source-destination address pair. But SAIDs must
be unique on a S/D basis between the IPSP implementation points, in
this case the routers. Thus there could be a need for many SAIDs
between a pair of IPSP-capable routers. If the hosts behind the
routers are allowed to ask for finer granularity associations, e.g.,
per TCP connection, then the number could grow even more.
Steve
Follow-Ups:
References: