Thank you for this draft.
I found your writing very clear and direct.
Reading the beginning of the draft, I want to suggest a change in
terminology. Rather than "Private IP Address", I would to suggest that
either the terms:
"Protected IP address" or
"Inner IP address" or
"Intranet IP address"wow, punting the transfer of IP addresses to a routing protocol seems a big punt.... I think that it needs to be specified in the ADVPN protocol, not left up to implementations. I wonder if some of the message types in the ADVPN fixed header, such as the keepalive items, can not be satisfied with existing IKEv2 message types? I also wonder if your messages take into account NAT traversal? Couldn't TSx payloads be used rather than the TrafficFlowPayload? I think that once an ADC spoke learns of the traffic flow, that it will initiate to the appropriate other spoke and do full IKEv2, including authentication? I think that I have missed where the ADC spoke is told by the ADC client where it is supposed to redirect to. -- Michael Richardson <[email protected]>, Sandelman Software Works
pgp0Qicdk_bgO.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
