[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Summary of transport mode use in overlay nets
To follow-up on the earlier discussion of the use
of transport mode for overlay networks, the following I-D was
submitted on Friday. While I didn't get an ACK, I also didn't
get a NACK either :-)
It describes our use of IPSEC transport mode in the X-Bone.
Until it is available 'at the usual places', it can be obtained at:
http://www.isi.edu/touch/pubs/ipsec-vpn-00.txt
(FYI - 'ipsec' in the proposed filename refers to the protocol, not the
WG)
I hope to discuss this further in Adelaide.
-- Joe
INTERNET-DRAFT Joe Touch and Lars Eggert
draft-touch-ipsec-vpn-00.txt USC/ISI
March 10, 2000
Expires: Sept. 10, 2000
Use of IPSEC Transport Mode for Virtual Networks
Abstract
This document addresses the use of IPSEC to secure the virtual links
of an overlay network. It addresses how IPSEC tunnel mode can
conflict with dynamic routing in an overlay, due to the dependence of
both the security association (SA) and the IP tunnel encapsulation
header on the header of the incoming packet. An alternative is
proposed, where IP tunnel encapsulation occurs as a separate initial
step, followed by IPSEC transport mode on the result. The tunnel
header is determined by the source header, and the SA is determined
by the tunnel header. The result is consistent with dynamic routing
in the overlay. This document discusses this alternative, and its
impact on IPSEC.
--
Follow-Ups: