On Wed, 6 Jun 2012, Markku Savela wrote:
On 06/06/2012 06:11 PM, Paul Wouters wrote:
Apart from the RFC stating so, what is the reasoning behind favouring
an "arbitrary top down list" over longest prefix match?
For example, if your policy only specifies remote or local port,
like 80 (to cover all HTTP traffic, regarless of origin). It
would be hard to see how longest match would apply to it?
You first match on the longest prefix. If you have multiple candidates,
you match on the most specific traffic selector, favouring protocol over
ports.
That seems more predictable and stable then "whatever connection loaded
first"?
Paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
