[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for IP Peer protocol



Waters, Stephen writes:
 > 
 > This is an old existing thread that has a bad subject line..
 > 
 > Paul,
 > 
 > What I'm suggesting is that we construct a draft to propose a generic
 > IP Peer Protocol that can be used to negotiate between IP Peers.  I'm
 > suggesting that this protocol is general purpose enough to be easily
 > added to over time and an initial use would be to allow IP peers to
 >  negotiate which IPCOMP algorithm will be used.
 >
 > It would be useful for IP peers to be able to negotiate IPCOMP without
 > using IKE. IKE is over the top if you want to just negotiate which
 > compression algorithm you are going to use.

Yes.  We could trade a decrease in the resident size of software on
IP-only IPComp nodes for an increase in the resident size and
complexity of software (including UI and docs) on IPSec/IKE nodes
which wish to communicate with them.  I may be overemphasizing the
hit, but it's not free.

In the event that you're not proposing a pure IP-IP solution, I have
the following observations:

Supporting two mechanisms to negotiate IPComp between IPSec/IKE hosts
is not desireable.  Moving IPComp negotiation out of IKE into an IPPP
would not make things any easier.  The order of convergence between
IPPP/IPComp and IKE would be significant and would affect the the
encapsulation of traffic flowing into an SPD, which could result in
unpredictable variations in traffic propagation.  Removing the
ambiguity by forcing IPPP to finish before IKE begins would be a
non-starter.

Jim Dunham
OpenROUTE Networks, Inc.

 <Remainder of original mail deleted>