RE: comments on VPN framework document

[Richard Draves <richdr@microsoft.com>]

> link        - a communication facility or medium over which nodes
>               can communicate at the link layer, i.e., the layer
>               immediately below IP.  Examples are Ethernets
>               (simple or bridged), PPP links, X.25, Frame Relay,
>               or ATM networks as well as internet (or higher)
>               layer "tunnels", such as tunnels over IPv4 or IPv6
>               itself.
> 
> interface   - a node's attachment to a link.

These definitions leave open the question of whether Neighbor Discovery (in
whole or in part) should be operational over the link. For example, in the
Carpenter/Jung "6-over-4" draft (in which IPv6 uses IPv4 as a virtual link
layer), Neighbor Discovery in all its aspects is operational. With
"configured tunnels" (a different technique that also tunnels v6 packets via
v4), Neighbor Discovery is not operational. Implementations must agree on
what aspects of ND will operate over the (virtual) link, or they will not
interoperate.

> > I believe that in 
> > practice, it is not
> > possible to implement tunnel-mode SAs as virtual interfaces.
> 
> I know of implementations that do use tunnel mode SAs as 
> virtual interfaces. Whether this is easy or hard depends
> primarily on where you are starting from. 

Are these IPv6 implementations? If so, do they implement any aspects of
Neighbor Discovery on those virtual interfaces? If they do, they might not
interoperate with other implementations. (For example if the "virtual
interface" implementation uses Neighbor Unreachability Detection over the
tunnel and the other side does not respond appropriately.)

Rich

---

• Prev by Date: RE: comments on VPN framework document
• Next by Date: Re: comments on VPN framework document
• Prev by thread: RE: comments on VPN framework document
• Next by thread: Re: comments on VPN framework document
• Index(es):
  • Main
  • Thread