[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Gateway discovery



Title: Gateway discovery

Hi,
Can someone please explain me who will discover which gateway in the following scenario and why?

(This case is taken from Appendix B of draft-ietf-ipsp-spp-00.txt)

  admin. boundary                       admin. boundary
 -----------------                ---------------------------
 |               |                |          admin. boundary|
 |               |                |          ---------------|
 |      Q1       |       Q2       |      Q3  |             ||
 |  H1 ---- SG1 ---- (Internet) --- SG2 ---- | SG3 --- H2  ||
 |      R3   |   |       R2       |  |   R1  |  |          ||
 |          PS1  |                | PS2      | PS3         ||
 |               |                |          ---------------|
 -----------------                ---------------------------
                     ESP Tunnel
             |=======================|
                     ESP Tunnel
     |========================================|
                    ESP Transport
     |================================================|

     |==| = security association required by policy
     ---- = connectivity (or if so labeled, administrative boundary)
     Hx   = host x
     SGx  = security gateway x
     PSx  = policy server x
     Qx   = query x
     Rx   = reply x

     The following entities have these policies for a communication
     between H1 and H2 for UDP port 79:

     H1:  requires an ESP Transport SA with H2
     PS1: requires an ESP Tunnel SA between SG1 and SG2
     PS2: requires an ESP Tunnel SA between SG1 and SG2
     PS3: requires an ESP Tunnel SA between H1 and SG3
     H2:  requires an ESP Transport SA with H1

     PS1, PS2, PS3 also have policies allowing ESP to pass through
     their respective Security Gateways.

Thanks and regards,
Murali