[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-gupta-ospf-ospfv3-auth-01.txt
> In the process if revising 2401, we are trying to better address the
> issues of when routing is done relative to SA lookup and how
> interfaces or virtual interfaces fit into the processing model.
>
> As for the text immediately above (section 7) if you want
> per-interface SAs, then you have to determine how they are different
> in terms that IPsec cares about. One model we have discussed is to
> invoke an abstract routing/forwarding function before the SPD lookup
> and have it return the ID of a virtual interface. then that ID would
> be used to select the appropriate SPD (which we all agree is
> per-interface) for SA selection. That, I think, would meet your
> requirements.
Looks like it would. We were thinking that it was the responsibility of underlying
layers to mark the packets with the virtual interface ID.
This again goes to the generic IPsec implementation details. So, I would not like
to mention this in this draft.
I will modify section 7 of the draft to the new text in the next revision.
Thanks...
regards
Mukesh