[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: proposed changes to ISAKMP/Oakley
> > Even ID_IPV4_ADDR_SUBNET is only a slight improvement for sites with large
> > numbers of networks behind their security gateways.
>
> Thanks to the wonders of CIDR, things generally aren't as bad as you imply.
The historical IETF RFCs were quite clear that CIDR should not be viewed
as a long term solution for routing scalability issues. So, if we are
going to use 'long standing tradition' as a basis for design requirements
(as we are reading in this thread) then CIDR should not be mentally
coupled or technically coupled with IPSEC.
-Tim
References: