[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: routing and outbound.
Hi.
Thanks for your detailed answer.
I want to undrestand sequence of inbound , outbound
and routing in a hub-and-spoke system.
you told
>"In the cases you mention you assume that
routing has to be
>performed once. That may not be necessarily valid. It
all depends
>on your design."
now, in hub-and-spoke configuration how many
routing iteration required.
also you told
>Other possibility could be you receive a packet
on an IPsec enabled
>interface. It goes through inbound IPsec
processing. Comes out and gets
>routed to another interface. Depending on
whether the outgoing interface
>is IPsec enabled or not the packet
goes through another round of IPsec
>processing and routing. That would
be close to case 2- you mentioned.
you mean after inbound , routing and outbound it
may be need for another routing iteration again ? now what happens if another
interface choosed after these new routing phase ?
clearly I want to undrestand sequnce of IPSEC
process and routing when a hub-and-spoke mentioned ?
thanks before
mahdavi
----- Original Message -----
Sent: Monday, November 26, 2001 7:11
AM
Subject: Re: routing and outbound.
A packet would go
through both inbound and outbound ipsec processing only
if a
tunnel is being terminated at the router and a new tunnel is being initiated
from the router on the same packet stream. I would guess this would
constitute
a hop by hop IPsec.
Typically, you would perform:
Inbound processing, Routing OR
Outbound processing, Routing
In the cases you mention you assume that routing has to be
performed once. That may not be necessarily valid. It all depends
on
your design.
One possibility could be that SPD rule processing tells
you whether
(Inbound or Outbound) IPsec processing is needed or whether
Routing
is needed. Here you could get by with just one routing iteration.
Other possibility could be you receive a packet on an IPsec
enabled
interface. It goes through inbound IPsec processing. Comes out and
gets
routed to another interface. Depending on whether the outgoing
interface
is IPsec enabled or not the packet goes through another round of
IPsec
processing and routing. That would be close to case 2- you
mentioned.
I am sure there are other ways to do it too.
Then
nesting of tunnels can add another complexity to take care of.
--Atul
In a message dated 11/25/2001 4:59:13 PM Eastern Standard Time,
mahdavi110@yahoo.com writes:
References: