As Tero pointed out, some of the use cases don't end up in a full mesh, because sometimes administrators really want a trunk, so the end result could be a mesh among nodes in the same organization, and a trunk to another. Maybe even a partial mesh (with "secondary nodes" behind particularly bad NAT devices connecting to one of many "primary nodes")
So perhaps the name should not include the word "mesh". How about "dynamic discovery VPN" (DD-VPN)? _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
