I just came across this draft and there seem to be quite a bit of overlap in the problems to be solved between this draft and the draft I submitted last month titled "Problem Statement for Dynamic Secure Interconnect". Here is a link to the draft: http://tools.ietf.org/html/draft-ko-dsi-problem-statement-00
Dynamic Secure Interconnect examines the problems and challenges associated with the process of setting up secure interconnections between authorized network nodes. The network nodes can be located anywhere in a private or public network, directly connected or behind one or more levels of NAT. Setting up a secure interconnection in this environment entails the resolution of various issues such as authentication, peer discovery, virtual network address management, and connection parameters determination. I would be interested in getting together to discuss the problem associated with creating large scale mesh VPNs. Someone suggested Wednesday evening. That works for me. But I am open to other time slots as well. Mike ----- Original Message ----- 发件人: [email protected] [mailto:[email protected]] 代表 Yoav Nir 发送时间: 2011年10月14日 13:24 收件人: [email protected] 主题: [IPsec] New -00 draft: Creating Large Scale Mesh VPNs Problem Statement Hi all For years, one of the barriers to the adoption of IPsec was that configuration didn't scale. With thousands of peers, the PAD and SPD would become unwieldy, so even where IPsec was deployed it was often built in hub-and-spoke configurations, not because policy demanded this, but because it was more convenient to configure. Individual vendors have incompatible solutions for this, but they only work with that vendor's products, and within the same administrative domain. In this draft, we are proposing that the IPsecME working group take on a working item to first define the problem, and then offer solutions that will make IPsec scale better and in an inter-operable way. We plan to hold a side meeting in Taipei, and we welcome comments both before and at that meeting. Yoav http://www.ietf.org/id/draft-nir-ipsecme-p2p-00.txt http://tools.ietf.org/html/draft-nir-ipsecme-p2p-00 _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
