Dave and Brian, The first sentence of the Section 6 of draft-carrel-ipsecme-controller-ike-00 states that IPsec device distributes to a controller the associated policy to create IPsec.
In a SD-WAN deployment with Controller Managed IPsec, i.e. all SD-WAN edges being controlled by the Controller (which includes the "IPsec Configuration Server"), can we eliminate the step for Devices to "choose the correct policy" and to distribute DIM? Basically eliminate the step of requiring SD-WAN edges to distribute the IKEv2 payloads of [ID, [N(INITIAL_CONTACT),] KE, Ni]? Thanks, Linda Dunbar
_______________________________________________ I2nsf mailing list I2nsf@ietf.org https://www.ietf.org/mailman/listinfo/i2nsf
