[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: Addresses in traffic selectors in IKEv2

To: "Casey Carr" <kcarr@nc.rr.com>
Subject: Re: RE: Addresses in traffic selectors in IKEv2
From: Charles Lynn <clynn@bbn.com>
Date: Tue, 19 Mar 2002 12:16:19 -0500 (EST)
Cc: <dracca@quarrytech.com>, <msa@burp.tkv.asdf.org>, "<kent@bbn.com>" <andrew.krywaniuk@alcatel.com>, <paul.hoffman@vpnc.org>, <ipsec@lists.tislabs.com>
In-Reply-To: <LGEPIDKIMCMEJMAHEKALEEDDCIAA.kcarr@nc.rr.com>
Sender: owner-ipsec@lists.tislabs.com

Hi Casey,

This question is for all the folks who take issue with ranges, not just you.

> We are not supporting ranges in our implementation for this same reason.

Since there is an easily implemented 1-to-1 mapping between a range and
the set of prefixes that represent the same range, why is supporting
ranges (in the protocol exchanges) a problem?

If an admin needs to express a range, I think it would be more concise
in the protocol, and probably in the SPD, and also less prone to admin
typo syndrome to say a.b.c.d-e.f.g.h than to have the admin type in
all the corresponding prefixes.

Granted one would then have a one-to-many mapping between SPD/SAD and
one's CAM; the alternative would be multiple SPD/SAD entries pointing
a single CAM entry -- seems like that would take more memory than one
SPD/SAD and a list.

Can someone point out what points I an overlooking?

Charlie

References:
- RE: Addresses in traffic selectors in IKEv2
  - From: "Casey Carr" <kcarr@nc.rr.com>

Prev by Date: Re: Addresses in traffic selectors in IKEv2
Next by Date: Re: Choosing between IKEv2 and JFK
Prev by thread: Re: Addresses in traffic selectors in IKEv2
Next by thread: RE: Addresses in traffic selectors in IKEv2
Index(es):
- Date
- Thread