[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Placement of IPSec...
What Mr.Arvind says is true for BIS implementation of
IPSec.The major issue in BIS implementation is duplicaiton
of effort.It requires implementing most of the features of
the network layer, such as fragmentation and route
tables.Duplicating functionality leads to undesired
complications and it becomes more difficult to handle
issues such as fragmentation,PMTU and routing.
BIW implementation is one of the two types of router
implementation along with the native implementation.
In BIW ,IPSec is implemented in a device that is attached
to the physical interface of the router.This device
normally does not run any routing algorithm but is used
only to secure packets.So here no duplication of
effort is required for fragmentation and route tables.
But BIW is not a long term solution as it is not viable to
have a device attached to every interface of the router.
Another issue with router implementation is IPSec contexts.
As the router has to store huge routing tables and normally
does not have huge disks for virtual memory support,
maintaining too many IPSec contexts is an issue.
i may be wrong so plz. correct me if i am wrong.
thanks in advance