Hi,
Description: Direct endpoint-to-endpoint connectivity may not be possible.
Should gateways figure things out completely or just punt endpoints to a
closer gateway?
Detail Arguments: As Izaac and John Lesser pointed out this is more of a
routing issue. Though current solutions do not allow such connectivity
unless through a hub, I think from the security plane, we should not
preclude such connectivity. This could be achieved either transparently (no
IPsec component except the SPD involved), or by stitching tunnel traffic.
Suggested Resolutions: Specify explicitly that issues around direct
connectivity between endpoints are more of a Routing issue. However IPsec
should not prevent such a connectivity model.
Thanks,
Vishwas
=======================================================
Meeting notes:
# 213 In use case 2.1, direct endpoint-to-endpoint
connectivity
may not be possible
Need to mention challenges in use cases section
Paul: reminded that there will be a separate
requirement
section
# 214 Should gateways figure things out completely or
just punt
endpoints to a closer gateway?
Core gateway configuring is a solution, so
premature
Also in #213
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
