In the existing deployment, how does the LISP ITR know that the LISp
traffic should use the IPSec tunnel. I can imagine several possibilities:
1) All traffic to that destination from this source address uses the
IPSec tunnel
2) All LISp encapsualted traffic to that ETR uses the IPSec Tunnel
3) There is some LISP attribute that provides the correlation.
It would seem that as a general mechanism this should probably be addressed.
I also think that the document should be more explicit about what the
resulting message stack looks like. (I have a guess, but readers should
not have to guess.)
Yours,
Joel
On 2/12/14, 12:04 PM, Fabio Maino wrote:
Hi Joel,
This describes how LISP is used today in combination with IPsec
(typically GDOI is used to simplify key distribution).
I think Dino's work is more forward looking, with two main goals: (1)
combine encryption with the LISP dataplane, for a more efficient
encoding on the wire, (2) take advantage of the LISP mapping system (and
possibly of some of the mechanisms in LISP-SEC) for key
derivation/distribution
Fabio
On 2/12/14, 8:54 AM, Joel M. Halpern wrote:
This draft seems to expect that IPSec tunnels will be set up by means
outside of LISP. That seems to contravene the premise of LISp that it
can operate without needing permanent / pre-established tunnel state.
Should this be tied to the work Dino described at the last IETF
meeting on using LISP to establish encryption for the LISP tunnel?
Yours,
Joel
On 2/12/14, 6:22 AM, Santiago Freitas (safreita) wrote:
Hi LISP Working Group,
Today we have submitted a draft that covers using LISP for Secure Hybrid
Cloud Extension.
The draft can be found at
http://www.ietf.org/id/draft-freitas-bellagamba-lisp-hybrid-cloud-usecase-00.txt
We would like to request your comments on it.
Also, we would like request a small slot on the upcoming IETF 89 meeting
to present an overview of the use case covered on the draft.
We look forward to your comments and for your feedback if we can have a
small slot to present an overview of this draft on IETF 89.
Sincerely,
Patrice and Santiago
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
