[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multicast and anycast addresses and policy selectors
Hello!
Is it required to support use of anycast and multicast addresses as
source
IP address policy selectors in IPsec implementations?
RFC2401 specifies that the source IP address selector must support
anycast
and multicast addresses:
- Source IP Address(es) (IPv4 or IPv6): this may be a single IP
address (unicast, anycast, broadcast (IPv4 only), or multicast
group), range of addresses (high and low values inclusive),
address + mask, or a wildcard address. The last three are used
to support more than one source system sharing the same SA
(e.g., behind a security gateway or in a multihomed host).
[REQUIRED for all implementations]
RFC2373 specifies that source IP address must not be anycast or
multicast
address:
o An anycast address must not be used as the source address of an
IPv6 packet.
Multicast addresses must not be used as source addresses in IPv6
packets or appear in any routing header.
/Juha Ollila