On 16 Nov 2011, at 01:57, Praveen Sathyanarayan wrote:
> Couple of clarification here. Juniper implementation of AC-VPN does not do
> GRE over IPSec. It is IPSec alone for implementation (Route based VPN).
> Yes, AC-VPN uses NHRP to do resolution just like DM-VPN. But in AC-VPN
> there are proprietary messages. It uses standard messages, but has many
> proprietary payloads. We believe NHRP is *necessary* but not *sufficient*.
> Also the way Hub download PAD/SPD to spokes (so that they can talk to each
> other directly) is not standard.
thank you for clarifying!
> We believe, there is a requirement for standard so that we can interop
> with other vendors.
I think I can agree with that.
fred
> -- Praveen
>
>
>
> On 11/15/11 7:26 AM, "Yoav Nir" <[email protected]> wrote:
>
>
> On Nov 15, 2011, at 10:52 PM, Michael Richardson wrote:
>
>>
>>>>>>> "Mark" == Mark Boltz <[email protected]> writes:
>> Mark> With all due respect to Cisco, the larger problem we're trying
>> Mark> to address, is in part the fact that DMVPN and ACVPN are
>> Mark> vendor specific implementations. And the goal of the
>> Mark> implementation we're seeking is *large scale* P2P VPNs.
>>
>> Assume that they are available on a wide variety of platforms, what is
>> broken in the technology?
>
> I don't know, but I've been told
> that ACVPN and DMVPN both rely on NHRP and GRE tunnels. I have also heard
> (and please someone correct me if I'm wrong) that they don't interoperate.
> So the tools are apparently not enough.
>
>> Mark> Picture a hypothetical where a larger interest desires an
>> Mark> IPsec VPN, in, say the airline industry. We're talking about
>> Mark> several thousand aircraft from several manufacturers. All in
>>
>> We've been through all of this 15 years ago with AIAG's ANX.
>
> You really want to tout that experience as a success story?
>
> _______________________________________________
> IPsec mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/ipsec
>
>
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
