[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: revised IPsec processing model: Q: VID and forwarding function
- To: Stephen Kent <kent@bbn.com>
- Subject: Re: revised IPsec processing model: Q: VID and forwarding function
- From: Joe Touch <touch@ISI.EDU>
- Date: Mon, 04 Aug 2003 13:29:53 -0700
- CC: Ricky Charlet <rcharlet@speakeasy.net>, ipsec mailingList <ipsec@lists.tislabs.com>
- In-Reply-To: <p05210607bb41b765706a@[128.89.89.40]>
- References: <682DFC4C-BA03-11D7-B9FF-00039349B0FC@speakeasy.net> <p05210607bb41b765706a@[128.89.89.40]>
- Sender: owner-ipsec@lists.tislabs.com
- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030507
Stephen Kent wrote:
> At 9:09 -0700 7/19/03, Ricky Charlet wrote:
>
>> Hello,
>>
>> I'm trying to understand the motivations for VIDs and explicit
>> forwarding function separation. Currently, I am guessing (based on
>> your first paragraph) that these new features enable PPVPNs and/or
>> overlay networks. If so, how so? If not, what new functionality is
>> enabled by these features?
>
>
> There was a long series of off-list and post-WG meetings discussions
> involving folks had expressed concern over how to modify IPsec
> processing to better accommodate PPVPNs and overlay nets. The grouops
> included Mark Duffy, Greg Lebovitz, and Joe Touch I developed this
> model and vetted it with this group some months ago.
FYI (all):
At best, only the basic concept of doing a forwarding lookup was
presented during a brief conversation at the Atlanta IETF; I cannot
speak for the others, but this thread was the first I've seen of this
proposal, and we certainly were not involved in developing it, or
participating in a "long series" of meetings about it.
I would not consider it 'vetted', but rather proposed at best. Even at
that time Lars Eggert and I expressed significant concerns about this
proposal.
A brief summary of some of those concerns, to the extent that we could
address them absent a detailed proposal, was discussed in section 4.1.3
as "Alternative 3" of the final update of our ID on the issue of support
for dynamic routing in IPsec (draft-touch-ipsec-vpn-05.txt).
Joe