[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Replacing private lines with tunnels
>>>>> "Sanjai" == Sanjai Narain <narain@research.telcordia.com> writes:
Sanjai> connectivity between the gateway routers. Now suppose the private
Sanjai> lines are replaced by IPSec tunnels. Then any-to-any connectivity
Sanjai> will be lost. This is because router interfaces at tunnel
Sanjai> endpoints will, in general, not belong to the same subnet, so
Sanjai> OSPF won't work.
If you are saying that OSPF does not work when one uses unnumebered PPP
links, then I guess you are right. I don't see why that should be the case.
There are IPsec implementations that actually have interfaces for the
tunnels. NRL's was one. Recent implementations have abandoned this, claiming
scalability reasons.
Sanjai> So, what can be done to restore any-to-any connectivity between
Sanjai> the gateway routers? In particular, do people implement a form of
Sanjai> static routing over tunnels, i.e., direct the traffic coming out
Sanjai> of one tunnel into another?
Some do.
] Out and about in Ottawa. hmmm... beer. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [