Hi,
In reviewing the discussions over the past few weeks, there appear to be a
number of issues concerning draft-sathyanarayan-ipsecme-advpn-03 that require
further clarification.
It would be useful for the working group if the following aspects of
draft-sathyanarayan-ipsecme-advpn-03 were clarified:
1. scaling & general networking:
1.1 It does appear this proposal has a limit of 256 networks. Is this correct
? How do nodes negotiate SA's when there are more than 256 prefixes on each
side ? For reference, RFC5996 does not offer the ability to negotiate more than
256 prefixes in the TSi TSr payloads.
1.2 What happens when a prefix administratively changes from behind one
branch to another ? How do servers get notified about that ?
1.3 How is VLSM taken into consideration (Variable Length Subnet Masking).
E.g. long prefix behind one branch and a short prefix behind another
1.4 How does a hub decide which Security Association to use when to spoke
devices decide to advertise the same prefix ?
2. multicast:
2.1 There does not appear to be a specification of Multicast in this proposal.
This is a key requirement for some of the ADVPN sponsors. How does multicast
work ?
2.2 How are SA's negotiated and how do applications request multicast traffic
to be sent ?
3.interoperability. draft-sathyanarayan-ipsecme-advpn-03 does not mention how
a server/hub learns about networks behind other servers
3.1 what are the steps a server should take to establish a network with other
servers
3.2 how is topology and reachability information exchanged between servers
Thank you,
Frederic Detienne
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
