Re: Is TS agreement necessary?

[Kalyan Bade <kalyan@juniper.net>]

> >  > >If an IPsec tunnel can be implemented in an interoperable manner to look
> >  > >like a virtual point-to-point link, it can have a lot of benefits. The
> >  > >IPsec secured virtual point-to-point link can be made visible to the
> >>  >routing protocols, and we can run routing on that link to automatically
> >>  >get the resiliency and all the other benefits provided by routing. No need
> >>  >to run keepalives or DPDs, which only provide information of connectivity
> >>  >to the IPsec gateways, and provide no information about the connectivity
> >>  >to the traffic destination. We can route multicast traffic across the
> >>  >point-to-point link too. Yes, we loose the limited access control that
> >>  >IPsec provides, but any serious deployment would not soley depend on the
> >>  >access control provided by IPsec.

I have seen customers asking for, what Chinna has mentioned above. Treat
the IPsec tunnel as a point-to-point interface and let the routing
protocols/MPLS uses it as an interface in its code. Infact they want to
treat IPsec exactly as an IP-in-IP tunnel or a GRE tunnel (tunnel MPLS
packets too, treating them as some transport data). This could always be
done by treating the phase-2 identities as 0/0. Any comments on the
above approach.

Thanks,
Kalyan.