Re: revised IPsec processing model: Q: VID and forwarding function

[Joe Touch <touch@ISI.EDU>]

Stephen Kent wrote:
> At 9:09 -0700 7/19/03, Ricky Charlet wrote:
> 
>> Hello,
>>
>>     I'm trying to understand the motivations for VIDs and explicit 
>> forwarding function separation. Currently, I am guessing (based on 
>> your first paragraph) that these new features enable PPVPNs and/or 
>> overlay networks. If so, how so? If not, what new functionality is 
>> enabled by these features?
> 
> 
> There was a long series of off-list and post-WG meetings discussions 
> involving folks had expressed concern over how to modify IPsec 
> processing to better accommodate PPVPNs and overlay nets. The grouops 
> included  Mark Duffy, Greg Lebovitz, and Joe Touch I developed this 
> model and vetted it with this group some months ago.

FYI (all):

At best, only the basic concept of doing a forwarding lookup was 
presented during a brief conversation at the Atlanta IETF; I cannot 
speak for the others, but this thread was the first I've seen of this 
proposal, and we certainly were not involved in developing it, or 
participating in a "long series" of meetings about it.

I would not consider it 'vetted', but rather proposed at best. Even at 
that time Lars Eggert and I expressed significant concerns about this 
proposal.

A brief summary of some of those concerns, to the extent that we could 
address them absent a detailed proposal, was discussed in section 4.1.3 
as "Alternative 3" of the final update of our ID on the issue of support 
for dynamic routing in IPsec (draft-touch-ipsec-vpn-05.txt).

Joe