[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is TS agreement necessary?
> > > >If an IPsec tunnel can be implemented in an interoperable manner to look
> > > >like a virtual point-to-point link, it can have a lot of benefits. The
> > > >IPsec secured virtual point-to-point link can be made visible to the
> >> >routing protocols, and we can run routing on that link to automatically
> >> >get the resiliency and all the other benefits provided by routing. No need
> >> >to run keepalives or DPDs, which only provide information of connectivity
> >> >to the IPsec gateways, and provide no information about the connectivity
> >> >to the traffic destination. We can route multicast traffic across the
> >> >point-to-point link too. Yes, we loose the limited access control that
> >> >IPsec provides, but any serious deployment would not soley depend on the
> >> >access control provided by IPsec.
I have seen customers asking for, what Chinna has mentioned above. Treat
the IPsec tunnel as a point-to-point interface and let the routing
protocols/MPLS uses it as an interface in its code. Infact they want to
treat IPsec exactly as an IP-in-IP tunnel or a GRE tunnel (tunnel MPLS
packets too, treating them as some transport data). This could always be
done by treating the phase-2 identities as 0/0. Any comments on the
above approach.
Thanks,
Kalyan.