[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC tunnels for LAN-to-LAN interop issue



Hi Sudeep,

Thanks - very interesting stuff. The NBMA scheme looks useful.
Cheers, Steve.

-----Original Message-----
From: Sudeep_Khuraijam@3com.com [mailto:Sudeep_Khuraijam@3com.com]
Sent: Wednesday, September 01, 1999 10:20 AM
To: Waters, Stephen
Cc: Paul Koning; ipsec@lists.tislabs.com; ebomarsi@xedia.com
Subject: RE: IPSEC tunnels for LAN-to-LAN interop issue




Steve,

I read some of the mail on this thread and I can summarize a few points.
We support OSPF, RIPv1&2,  & Integrated ISIS on a virtual port with IPIP
IPSec
tunnel mode (with policy tied to the virtual port).
The implementation allows different policies(& SAs) for different traffic
type
to the same peer.  However commonly lumping all the traffic
including routing traffic under one generic policy and one SA is also
possible
for simplicity and most widely used.
Of course QOS with TOS mapping and class based queueing etc. is supported on
the
VPN box which addresses the QOS along the path.

An IPIP Virtual Port is treated as a Point to Point link in the context of
OSPF
unless you define it as a Point to Multi Point in which
case it will be treated as a NBMA link.  The latter is useful if one desires
to
define one Virtual Port that connects to
say thousands of remote SGWs (With all the inner SGW VP IP addresses
belonging
to one SUBnet emulating an NBMA network).
 Thus one can get away by defining one virtual port and one policy for all
the
remote sites if so desired at the minimum or
individual definitions if granularity is the choice.
Also the IPIP virtual port can be used without any SPDs such that one can
tunnel
across a shared IP infrastrucure.
You will find that is also useful in repairing partitioned areas, extending
areas, in OSPF etc.

We also support the above IP routing protocols plus most all multiprotocol
and
their routing protocols using L2TP or PPTP
Virtual port IPSec Transport mode on the underlying physical port.

/sudeep