[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ipsec in tunnel mode and dynamic routing

To: Derek Atkins <warlord@mit.edu>
Subject: RE: ipsec in tunnel mode and dynamic routing
From: Giaretta Gerardo <Gerardo.Giaretta@TILAB.COM>
Date: Mon, 19 Nov 2001 16:54:01 +0100
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcFxDrval+QYM8uWQyS45hEekLRpkQAAMasA
Thread-Topic: ipsec in tunnel mode and dynamic routing


>You should not use IPsec on a hop-by-hop basis.  Assuming A and D are
>your Security Gateways, all packets should be encrypted between A and
>D, regardless of the path they take.

>In other words, a packet arrives at A from X for Y.  A knows that
>it has to get to D, so it tunnels the packet to D, which can go
>via either B or C (which is unimportant).  Then D decapsulates
>the packet and sends it on the Y.

>If C goes down, you re-route via B.



ok this is right and I understand it, but the hop-by-hop basis example
is made in the draft. 
Only, I want to understand the problems that arise when you use both
ipsec and dynamic routing.
In the draft it's explained only if you assume a hop by hop situation.
Is this the only situation
in whch problems arise?

	Gerardo

Follow-Ups:

Re: ipsec in tunnel mode and dynamic routing

From: Derek Atkins <warlord@mit.edu>

Prev by Date: draft-ietf-ipsec-ike-modp-groups-03.txt
Next by Date: SOI: preshared
Prev by thread: Re: ipsec in tunnel mode and dynamic routing
Next by thread: Re: ipsec in tunnel mode and dynamic routing
Index(es):
- Main
- Thread