[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSEC tunnels for LAN-to-LAN interop issue
Thanks - very interesting stuff. The NBMA scheme looks useful.
From: Sudeep_Khuraijam@3com.com [mailto:Sudeep_Khuraijam@3com.com]
Sent: Wednesday, September 01, 1999 10:20 AM
To: Waters, Stephen
Cc: Paul Koning; firstname.lastname@example.org; email@example.com
Subject: RE: IPSEC tunnels for LAN-to-LAN interop issue
I read some of the mail on this thread and I can summarize a few points.
We support OSPF, RIPv1&2, & Integrated ISIS on a virtual port with IPIP
tunnel mode (with policy tied to the virtual port).
The implementation allows different policies(& SAs) for different traffic
to the same peer. However commonly lumping all the traffic
including routing traffic under one generic policy and one SA is also
for simplicity and most widely used.
Of course QOS with TOS mapping and class based queueing etc. is supported on
VPN box which addresses the QOS along the path.
An IPIP Virtual Port is treated as a Point to Point link in the context of
unless you define it as a Point to Multi Point in which
case it will be treated as a NBMA link. The latter is useful if one desires
define one Virtual Port that connects to
say thousands of remote SGWs (With all the inner SGW VP IP addresses
to one SUBnet emulating an NBMA network).
Thus one can get away by defining one virtual port and one policy for all
remote sites if so desired at the minimum or
individual definitions if granularity is the choice.
Also the IPIP virtual port can be used without any SPDs such that one can
across a shared IP infrastrucure.
You will find that is also useful in repairing partitioned areas, extending
areas, in OSPF etc.
We also support the above IP routing protocols plus most all multiprotocol
their routing protocols using L2TP or PPTP
Virtual port IPSec Transport mode on the underlying physical port.