[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC tunnels for LAN-to-LAN interop issue
Dan Harkins wrote:
>
> It seems to me that the whole problem described in this thread exists
> because routing protocols that assume their peers are 1 hop away are
> being used-- e.g. the multicast addresses used for OSPF and RIP are
> from the "local segment usage only" range. So the problem becomes how
> to tunnel these packets to hide this from the protocol, which would go
> away if the protocol did not have this requirement.
>
> So let me ask again, what is the problem with BGP? There would be no
> need for any bizarre tunneling scheme and the BGP session can be protected
> with transport mode IPSec if you're concerned about that (no need for
> the ambiguity of "is transport-mode protected IPIP actually tunnel mode?").
>
> BGP sounds like the right tool for the right job here. No need to short
> circuit the IPSec access control mechanisms nor add unnecessary headers (as
> Steve K noted) to the packets. And, most importantly, it achieves the goal.
>
> Dan.
Howdy ()
If BGP routes to a next hop which is more than one hop away, then BGP
requires that the IGP be able to resolve the intermetiate next hops and
you are back where you started.
--
####################################
# Ricky Charlet
# (510) 795-6903
# rcharlet@redcreek.com
####################################
end Howdy;
Follow-Ups:
References: