[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Placement of IPSec...



hello all,

What Mr.Arvind says is true for BIS implementation of 
IPSec.The major issue in BIS implementation is duplicaiton 
of effort.It requires implementing most of the features of 
the network layer, such as fragmentation and route 
tables.Duplicating functionality leads to undesired 
complications and it becomes more difficult to handle 
issues such as fragmentation,PMTU and routing.

BIW implementation is one of the two types of router 
implementation along with the native implementation.
In BIW ,IPSec is implemented in a device that is attached 
to the physical interface of the router.This device 
normally does not run any routing algorithm but is used 
only to secure packets.So here no duplication of 
effort is required for fragmentation and route tables.

But BIW is not a long term solution as it is not viable to 
have a device attached to every interface of the router.

Another issue with router implementation is IPSec contexts.
As the router has to store huge routing tables and normally 
does not have huge disks for virtual memory support, 
maintaining too many IPSec contexts is an issue.

i may be wrong so plz. correct me if i am wrong.
thanks in advance