On Chris' new use case, I don't think that's a new use case. I think it's a requirement that spans all the use cases. The solution must be able to handle network topology changes. But we're not into requirements yet. Use cases first.
Thanks, Steve > -----Original Message----- > From: Ulliott, Chris [mailto:[email protected]] > Sent: Monday, March 12, 2012 7:16 PM > To: '[email protected]'; Stephen Hanna > Cc: '[email protected]' > Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED > > Classification:UNCLASSIFIED > > Good catch! > > I've also thought of an additional use case, as I extend / change a > network within a data centre etc, it would be helpful if the crypto > gateway could learn of the new networks (through routing perhaps) and > make them available through the encrypted tunnels. > > Chris > > [This message has been sent by a mobile device] > > ----- Original Message ----- > From: Mike Sullenberger [mailto:[email protected]] > Sent: Monday, March 12, 2012 10:56 PM > To: [email protected] <[email protected]> > Cc: [email protected] <[email protected]>; Ulliott, Chris > Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED > > Steve, > > I do not think changing the name to "Dynamic Mesh VPN" is a good idea. > The first thing that is going to happen is that it is going to be > shortened to "DMVPN" and then we have conflict with Cisco DMVPN, which > would be confusing and also "DMVPN" is a registered trademark. It > would be best to use some other synonym for "Dynamic Mesh". > > Mike. > > >Upon reflection, I can see how "Point to Point VPNs" is problematic > >as a description of the problem. Really it's more about dynamically > >creating SAs so that any endpoint or gateway can communicate directly > >with any other, as permitted by policy. And how can we do this in a > >manageable manner in a large-scale environment where endpoints are > >mobile and configurations and policies change often? > > > >So "Dynamic Mesh VPNs" is fine with me. Whatever the WG feels is best. > > > >Thanks, > > > >Steve > > > >> -----Original Message----- > >> From: [email protected] [mailto:[email protected]] On > Behalf > >> Of Ulliott, Chris > >> Sent: Wednesday, March 07, 2012 4:53 PM > >> To: '[email protected]' > >> Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED > >> > >> Classification:UNCLASSIFIED > >> > >> How about "dynamic mesh VPNs" as a title as I think the dynamic part > is > >> key here and probably an important aspect of the use cases. > >> > >> Chris > >> > >> [This message has been sent by a mobile device] > >> > >> ----- Original Message ----- > >> From: Yaron Sheffer [mailto:[email protected]] > >> Sent: Wednesday, March 07, 2012 09:17 PM > >> To: IPsecme WG <[email protected]> > >> Subject: [IPsec] P2P VPN draft > >> > >> Hi Steve, > >> > >> a few initial comments. > >> > >> * The draft is short and clear. Thanks for that! > >> * I have a problem with the title (and even more, with the "file > >> name" of the draft). P2P is usually perceived as peer-to-peer, > >> which skews the discussion towards one particular use case, that > >> of endpoint-to-endpoint. I suggest to use "Mesh IPsec VPN" > instead. > >> * I am unclear about 2.2: so what if you "suddenly need to > exchange a > >> lot of data". How is it different from normal IP traffic load > >> management? The text is simply too vague here. Ideally, should > we > >> expect the traffic to migrate to other gateways? To go directly > >> between endpoints? To establish priorities on existing gateways? > >> > >> Thanks, > >> > >> Yaron > > > +------------------------------------------------+ > | Mike Sullenberger; DSE | > | [email protected] .:|:.:|:. | > | Customer Advocacy CISCO | > +------------------------------------------------+ > > *********************************************************************** > ***** > Communications with GCHQ may be monitored and/or recorded > for system efficiency and other lawful purposes. Any views or > opinions expressed in this e-mail do not necessarily reflect GCHQ > policy. This email, and any attachments, is intended for the > attention of the addressee(s) only. Its unauthorised use, > disclosure, storage or copying is not permitted. If you are not the > intended recipient, please notify [email protected]. > > This information is exempt from disclosure under the Freedom of > Information Act 2000 and may be subject to exemption under > other UK information legislation. Refer disclosure requests to > GCHQ on 01242 221491 ext 30306 (non-secure) or email > [email protected] > > *********************************************************************** > ***** > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless > Worldwide in partnership with MessageLabs. (CCTM Certificate Number > 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored > and/or recorded for legal purposes. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
