[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: redundancy
It would work the same way as a non-IPSEC tunnel or regular routing
would work. Either the route it is "hard coded," in which case C will
always choose e.g. A over B, or it is dynamic, in which case C will
choose e.g. A over B but notice when it loses contact with A and then
switch to B. This notification can probably be done via something
like BGP or RIP within the tunnel.
So, basically, I think this is outside the scope of IPSEC. This is
more of a routing issue within an IPSEC/tunnel framework.
-derek
Matt Field <MFIELD@securenet.com.au> writes:
>
> Hi,
>
> Can anyone illustrate if and how ipsec could handle multiple ipsec
> gateways to a single network. I have come accross the following
> scenario:
>
> ----------------------------------------- Network 1
> |
> | D
> --------------
> | |
> | |
> A B
> | |
> | |
> \ /
> \ /
> \ /
> C
> |
> ----------------------------------------- Network 2
>
> Network 1 has D which is a Front End Processor (FEP) that performs some
> kind of load balancing that may route packets either through ipsec
> gateways A or B. C is an ipsec gateway on a remote network. The
> problem is, if tunnels are created beween gateways A-C and B-C, then
> when C receives a packet from Network 2 for network 1, how does
> determine which SA to use since the destination address is behind both
> gateways?
>
> My guess is that this is an implementation detail and outside the scope
> of IPSEC but any thoughts on this would be useful.
>
> regards,
>
> Matt Field
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available
References:
- redundancy
- From: Matt Field <MFIELD@securenet.com.au>