Hi,
I would like to start off by trying to resolve the issue. The notes from
the IETF are attached below.
Description:Some admins prefer a star topology so they can inspect traffic.
They may not want to use this technology.
Detail arguments: My take is similar to what Yaron and Yaov seem to state.
There is no reason to exclude star topology at all from the Problem
statement/ requirements document. In fact both the proprietary solutions I
know of allow for such a topology. I however understand that some of the
functionality on the Hub (of the star) could be achieved by using PFP flags
in the SPD entry.
Suggested Resolution: State in the document that Star topology is not
excluded from the solution. The problem of configuration is however mainly
limited to the Hub. For every spoke added/ deleted/ modified the
configuration on the Hub needs to be changed, which is not desirable. May
be update Section 3.2 with the same too.
Thanks,
Vishwas
===========================================================
Notes from meeting minutes:
# 219 Star topology as an admin choice
People don't need to use this if they don't want
to
Say this in the security considerations
Yoav Nir:
Has to be a requirement that any solution
can
implement different policies
Yaron Sheffer:
Agrees with Yoav, maybe becomes a use case
Take this to the list
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
