Ali:
>From draft-sajassi-bess-secure-evpn: <https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn-03#section-6> 6 BGP Encoding This document defines two new Tunnel Types along with its associated sub-TLVs for The Tunnel Encapsulation Attribute [TUNNEL-ENCAP <https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn-03#ref-TUNNEL-EN CAP> ]. These tunnel types correspond to ESP-Transport and ESP-in-UDP-Transport as described in section 4 <https://tools.ietf.org/html/draft-sajassi-bess-secure-evpn-03#section-4> . The following sub-TLVs apply to both tunnel types unless stated otherwise. 1. Why are you specifying 2 new tunnel types? What makes these special? What in the use of the tunnel encapsulation draft does not support for the inner and outer tunnel requires you to specify a ESP-Transport and ESP-in-UDP-Transport? [see section 5.1 of your draft] 2. What IPSEC security information is unique to the EVPN solution that is not general? Section 4 of draft-sajassi-bess-secure-evpn-03.txt describes the IPSEC DIM and security policies on in the following case: a) you need to send IPSEC information - via RR mesh b) you have policies that you want to use the [draft-carrell-ipsecme-controller-ike-00.txt] c) you want on demand re-keying d) "policy" - undefined on #a) there are multiple BGP IPsec proposal using the RR mesh on #b) can you tell me what is unique about [draft-carrell-ipsecme-controller-ike-00.txt] on #c) isn't on-demand re-keying a desire to prevent DDOS that is a good feature for all IPsec? On #d) policy is normal for all IPsec Thank you, Sue
_______________________________________________ BESS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bess
