[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> configuration rather stresses the expressive capabilities of SNMP, to say
> the least.  COPS-PR is probably a much better way to configure IPsec than

Personally, I don't think the representation mechanisms are the issue. There are
several MIBs for configuring IPsec though they are private, we have one too. It
is possible, though there is no getting around the fact that IPsec configuration
is complicated.

But: If we would actually get down to discussing the MIB or the PIB or the
whatever for configuring IPsec, I believe we'd see many arguments exactly
how the policies etc. are to be represented and exactly what can be configured,
which parameters are mandatory for all implementations, at what level the configurations
are presented and so on. Much more discussions than in the case of the monitoring
MIBs, which have been redesigned multiple times.

It would be interesting to compare the configuration MIB approach and the IPsec
policy WG approach. If the latter reaches a consensus on a schema for IPsec policy,
perhaps the same schema could be represented in multiple ways, as an LDAP database,
as a textual language, as COPS PIB, as an SNMP MIB, ...?

Jari Arkko