[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revised drafts -- Arch, AH, ESP
> From: Harald Koch <chk@tor.securecomputing.com>
> Actually, I think I understand the confusion now. Mobile-IP and VPNs have
> completely different ideas about the definition and use of IP-in-IP tunnels.
>
> I think of VPN-style tunnels as the logical equivalent of a Layer 2 Link
> between two systems, and it should be treated as such. The TTL processing
> requirements for feeding IP packets into Layer 2 interfaces are clearly
> defined as in my previous message.
>
Whereas, I have been coming from the tunnels designed by Phil Karn and
others to tie together the AMPRnet over the Internet, which I attempted
to generalize combined with JI's doctoral work on mobility and Fred
Goldstein's RSPF (and Moy's OSPF, ISIS, etc, etc, etc).
Standing on the shoulders of giants, it was my generalization that
tunnels for for VPNs and mobility _both_ have the _same_ definition and
use, emulating a layer 3 hop, rather than a layer 2 non-hop. It seems
pretty clear (to me) that a hop is involved. That is, tunnels are
internet routing constructs, not link-layer constructs.
But then, I've no stomach for L2TP either, and have turned down a couple
contract offers....
Unfortunately, with the lack of any consistent architechural vision, we
(the IETF) now have many inconsistent ways of doing the same things.
While many have implemented RFC-1853 (which explicitly mentions its use
for security), others have implemented RFC-2003 (which only claims to be
for mobile-ip).
So, given our track record, there is no particular reason to make
changes to the Arch draft before publication. It's only another
proposed standard that does not comply with full standards. We have
plenty of those....
WSimpson@UMich.edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32