Benjamin Schwartz <i...@bemasc.net> wrote:
>> Benjamin Schwartz <i...@bemasc.net> wrote: > In Transport Mode, the
>> thought is mainly to _avoid_ traffic > engineering, and instead be
>> able to deploy RISAV with confidence that > your existing TE will not
>> be altered.
>>
>> I thought you replaced the destination address with that of the ASBR?
>>
> In Tunnel Mode (ESP), the source and destination addresses are
> replaced. (By default, they are "contact IPs", i.e. ACS addresses, but
> ASBR addresses can be substituted using IKEv2 Active Session Redirect.)
> In Transport Mode (AH), they are unmodified.
> My understanding is that this is how ESP and AH are conventionally
> used.
Yes/no.
If the destination address of the packet is still the real destination, and
not the ASBR, then the packet isn't for the ASBR, and won't get processed by
it.
So, either your transport mode has to change the destination address on the
packet, and recover/store the real one somewhere (much like SR6 does), or,
it's really some kind of L2 function going on here, and not really IPsec at
all.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
