[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Anycast
> If an Anycast utilizes a Unicast address, how would a client system know to
> treat it any differently than a Unicast (i.e., use a Mutilcast group key
> management server instead of ISAKMP). For Multicast addresses, the address
> type is clearly an indicator. For Anycast, is it presumed that the security
> policy must identitify it as such?
1. This seems like a decision to be made at the application level; it's
not part of the security policy at the IP layer.
2. The IKE umbrella can certainly be stretched to include multicast
group keys. I'd think that the location of a server would be
part of directory services that the application used in order to
find out about the session in the first place. That information
would be passed to IKE as part of the API call for opening
a multicast session as a participant.
Hilarie
References: