Yoav Nir wrote:
>> If you have the ID of entities you connect to (eg a hostname) then
>> things are easier to lookup then if you only know and IP address, and are
>> then given an ID. Because then you need to somehow verify the ID-IP set.
>> Otherwise, one
Hi, Paul
> On 19 Sep 2017, at 1:31, Paul Wouters wrote:
>
> On Mon, 18 Sep 2017, Linda Dunbar wrote:
>
>> If we need to use IPsec tunnels to connect a group of CPE devices, (as shown
>> in the figure I sent earlier), do you still need DNS? Or the Key
>> management will be
Paul,
If we need to use IPsec tunnels to connect a group of CPE devices, (as shown in
the figure I sent earlier), do you still need DNS? Or the Key management will
be managed by the "Zero Touch Deployment Service" in the figure below?
Thanks, Linda
-Original Message-
From: Paul
Paul Wouters wrote:
> See also Opportunistic IPsec, which is a way of creating a mesh with
> IPsec using some kind of central (X.509) or decentral (DNSSEC)
> authentication. See:
And it's important to note that the reverse map that is used doesn't have to
be the
On Thu, 14 Sep 2017, Mike Sullenberger (mls) wrote:
If you want to securely encrypt traffic between endpoints then you are going to
need to build point-point encrypted tunnels
between these endpoints, this is the main reason that SD-WAN implementations
use either a full-mesh or dynamic-mesh
For example, here is one vendor's implementation (I found on the web, if you
equate the "Public Cloud Platform" to the public internet in a shopping mall).
-Original Message-
From: Michael Richardson [mailto:mcr+i...@sandelman.ca]
Sent: Thursday, September 07, 2017 3:19 PM
To: Linda
Linda Dunbar wrote:
> Today, many vendors’ remote CPEs support ONUG’s SD-WAN “Zero-touch
> deployment” requirement, where the remote CPEs devices can be connected to
> its controller via barcode scan/email/etc.
Dunno.
I googled for ONUG SD-WAN Zero-Touch,