Panwei (William) wrote:
> Hi Michael,
>> > At yesterday's meeting, I think people basically understood and >
>> accepted the problem statement itself, but also raised different >
>> ideas regarding to the solutions. We'll try to do more analysis > and
>> comparison of
Hi Michael,
> > At yesterday's meeting, I think people basically understood and
> > accepted the problem statement itself, but also raised different
> > ideas regarding to the solutions. We'll try to do more analysis
> > and comparison of possible solutions,
Panwei \(William\) wrote:
> At yesterday's meeting, I think people basically understood and
> accepted the problem statement itself, but also raised different ideas
> regarding to the solutions. We'll try to do more analysis and
> comparison of possible solutions, including what
s!
Wei PAN (潘伟)
> -Original Message-
> From: Steffen Klassert
> Sent: Friday, March 15, 2024 5:31 PM
> To: Paul Wouters
> Cc: Panwei (William) ; ipsec@ietf.org WG
>
> Subject: Re: [IPsec] I-D Action:
> draft-he-ipsecme-vpn-shared-ipsecsa-00.txt
On Mon, Mar 11, 2024 at 11:36:03AM -0400, Paul Wouters wrote:
> On Mon, 11 Mar 2024, Panwei (William) wrote:
>
> > Indeed, splitting the 32-bit SPI into two sub-fields, the VPN ID sub-field
> > and SPI sub-field, may also be one option. This solution doesn't need to
> > change the ESP packet
On Mon, 11 Mar 2024, Panwei (William) wrote:
Indeed, splitting the 32-bit SPI into two sub-fields, the VPN ID sub-field and
SPI sub-field, may also be one option. This solution doesn't need to change the
ESP packet format, but it also has some disadvantages.
The first one is the scalable
Hi Paul,
Thanks for your quick comments. But I'm sorry for the late response due to I
was out of the office for a few days.
> I can see how you want an extra SPD selector for the VPN ID - but
> maybe call it Namespace ID or something else as VPN ID is confusing.
Thanks for pointing out
Initial thought while having morning coffee.
I can see how you want an extra SPD selector for the VPN ID - but maybe call it
Namespace ID or something else as VPN ID is confusing.
Your gateway that needs to support say 256 VPN IDs could split up its SPI range
so it can detect which VPN to
Hi folks,
We've encountered a real problem when using IPsec in the Multi-VPN environment.
We find that separate IPsec tunnels (i.e., different IKE SAs and different
Child SAs) are needed for each VPN to distingue the traffic from different VPNs.
But, due to the number of peer devices and the