Hi Tero,

[clipped]

> And why would routing protocols need to use WESP, I would assume 
> they use ESP-NULL instead. In addition if you use manual keying 

Sigh. We've gone through this before I think on the KARP mailing list (am not 
sure though).

Routing protocols could "potentially" use WESP since they need to prioritize 
certain control protocols over the other protocol packets (like OSPF hellos and 
acks over other OSPF packets). Using WESP just makes deep inspection easy. One 
could argue that routers know that incoming ESP-NULL packets are not 
"encrypted" since they are the end points, however, that means that routers 
need to install filter rules per SPI values, which is not scalable. So, while 
ESP-NULL *would* work, WESP just makes it a tad easier.

Cheers, Manav
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to