[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: inbound vs outbound?
>one need not lookup a packet in the SPD twice. An IPsec-protected
>packet arriving from the Internet and directed to a system behind an
>SG is lookup up once in the SAD, to map it to an SA, and the
>processed packet is then lookup up in the SPD to ensure that it is
>consistent with the SA via which it was received.
Consider the case that there is a tunnel from router A to router B
where packets of class P are transmitted. When the packets arrive
at router B, some of them, say subclass P1, are forward to a lan
directly. Others, say subclass P2, are tunneled to router C.
I don't think only one consult of SPD can achieve it.
Dong Xiaohu
sleepy-cat@263.net