[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modefg considered harmful

To: Derek Atkins <derek@ihtfp.com>
Subject: Re: Modefg considered harmful
From: "Scott G. Kelly" <scott@airespace.com>
Date: Wed, 12 Feb 2003 10:01:44 -0800
CC: Van Aken Dirk <VanAkenD@thmulti.com>, ipsec@lists.tislabs.com
Organization: airespace
References: <421CB3B9B2D2F645B548D213C0A90E5501168A6C@TMM_EDGMSMSG01> <sjmu1f9cslh.fsf@kikki.mit.edu>
Sender: owner-ipsec@lists.tislabs.com

Derek Atkins wrote:
> 
> Similarly, I see nothing wrong with ModeCfg just configuring the IP
> Address, and then using DHCP to obtain all the other configuration
> once the network is up.  Indeed, modecfg could even provide the dhcp
> address ;)
> 

I have come to think that this probably represents the best solution. If
the Cfg payload provides the same parameters as IPCP does, then
configuration can proceed similarly to other remote access mechanisms.
And as Darren pointed out, the remote client can talk directly to the
DHCP server. This obviates the need for dhcp relay on the sgw, though if
Derek isn't alone in desiring the same IP address inside and outside,
then there must be some coordination between IKE and the DHCP server
(e.g. dhcp proxy), or else there will be ease of use and scalability
issues. 

I think there is something to be said for approximating the
functionality of existing remote access configuration models (e.g.
ppp/l2tp).

Scott

References:
- RE: Modefg considered harmful
  - From: Van Aken Dirk <VanAkenD@thmulti.com>
- Re: Modefg considered harmful
  - From: "Derek Atkins" <derek@ihtfp.com>

Prev by Date: Re: a proposal of address management for IKEv2
Next by Date: Re: Modefg considered harmful
Prev by thread: Re: Modefg considered harmful
Next by thread: RE: Modefg considered harmful
Index(es):
- Date
- Thread