[prev in list] [next in list] [prev in thread] [next in thread]
List: ipng
Subject: (IPng 7235) Re: Last Call: Mobility Support in IPv6 to Propos
From: Richard Draves <richdr () microsoft ! com>
Date: 1999-02-23 19:49:25
[Download RAW message or body]
> >> A very concrete, simple example: consider a node SG. SG has two
> >> interfaces, an interface to the public network and an interface on
> >> a private network. Node A is on the public network and node B is
> >> on the private network. The SPD on SG requires all traffic through
> >> it to & from the public network to be protected with tunnel-mode
> >> ESP. This is a classic security gateway scenario. So in the normal
> >> case when node A sends a packet to node B, it will look
> >> like
> >> IPv6 hdr - src A, dst SG
> >> ESP
> >> IPv6 hdr - src A, dst B
> >> Transport hdr
>
> I thought that a tunnel interface would have a separate
> address from the public interface on node A. Therefore the
> message above would become:
>
> IPv6 hdr - src A, dst SG
> ESP with SG
> IPv6 hdr - src Atunnel, dst B
> Transport hdr
Ken, this is a generic IPsec security gateway example with no routing header
or mobility involved at this point. So I hope we can agree :-).
I don't see why node A needs two addresses? Although node A has a
tunnel-mode security association with SG, this does not imply that A has
some kind of tunnel interface with a separate address assigned to the tunnel
interface. Maybe some implementations will work that way, but it's certainly
not required or usual, I believe.
Thanks,
Rich
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to majordomo@sunroof.eng.sun.com
--------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic