[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: ipsec in tunnel mode and dynamic routing
>You should not use IPsec on a hop-by-hop basis. Assuming A and D are
>your Security Gateways, all packets should be encrypted between A and
>D, regardless of the path they take.
>In other words, a packet arrives at A from X for Y. A knows that
>it has to get to D, so it tunnels the packet to D, which can go
>via either B or C (which is unimportant). Then D decapsulates
>the packet and sends it on the Y.
>If C goes down, you re-route via B.
ok this is right and I understand it, but the hop-by-hop basis example
is made in the draft.
Only, I want to understand the problems that arise when you use both
ipsec and dynamic routing.
In the draft it's explained only if you assume a hop by hop situation.
Is this the only situation
in whch problems arise?
Gerardo
Follow-Ups: