[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Summary of transport mode use in overlay nets



To follow-up on the earlier discussion of the use
of transport mode for overlay networks, the following I-D was 
submitted on Friday. While I didn't get an ACK, I also didn't 
get a NACK either :-) 

It describes our use of IPSEC transport mode in the X-Bone.
Until it is available 'at the usual places', it can be obtained at:

	http://www.isi.edu/touch/pubs/ipsec-vpn-00.txt

(FYI - 'ipsec' in the proposed filename refers to the protocol, not the
WG)

I hope to discuss this further in Adelaide.

-- Joe


INTERNET-DRAFT                                 Joe Touch and Lars Eggert
draft-touch-ipsec-vpn-00.txt                                     USC/ISI
                                                          March 10, 2000
                                                 Expires: Sept. 10, 2000
 
            Use of IPSEC Transport Mode for Virtual Networks
 
Abstract
 
   This document addresses the use of IPSEC to secure the virtual links
   of an overlay network. It addresses how IPSEC tunnel mode can
   conflict with dynamic routing in an overlay, due to the dependence of
   both the security association (SA) and the IP tunnel encapsulation
   header on the header of the incoming packet. An alternative is
   proposed, where IP tunnel encapsulation occurs as a separate initial
   step, followed by IPSEC transport mode on the result. The tunnel
   header is determined by the source header, and the SA is determined
   by the tunnel header. The result is consistent with dynamic routing
   in the overlay. This document discusses this alternative, and its
   impact on IPSEC.
 
--


Follow-Ups: