[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anycast



>  If an Anycast utilizes a Unicast address, how would a client system know to
>  treat it any differently than a Unicast (i.e., use a Mutilcast group key
>  management server instead of ISAKMP).  For Multicast addresses, the address
>  type is clearly an indicator.  For Anycast, is it presumed that the security
>  policy must identitify it as such?

1. This seems like a decision to be made at the application level; it's
   not part of the security policy at the IP layer.

2. The IKE umbrella can certainly be stretched to include multicast
   group keys.  I'd think that the location of a server would be
   part of directory services that the application used in order to
   find out about the session in the first place.  That information
   would be passed to IKE as part of the API call for opening
   a multicast session as a participant.

Hilarie



References: