On 16 Nov 2011, at 01:57, Praveen Sathyanarayan wrote: > Couple of clarification here. Juniper implementation of AC-VPN does not do > GRE over IPSec. It is IPSec alone for implementation (Route based VPN). > Yes, AC-VPN uses NHRP to do resolution just like DM-VPN. But in AC-VPN > there are proprietary messages. It uses standard messages, but has many > proprietary payloads. We believe NHRP is *necessary* but not *sufficient*. > Also the way Hub download PAD/SPD to spokes (so that they can talk to each > other directly) is not standard.
thank you for clarifying! > We believe, there is a requirement for standard so that we can interop > with other vendors. I think I can agree with that. fred > -- Praveen > > > > On 11/15/11 7:26 AM, "Yoav Nir" <y...@checkpoint.com> wrote: > > > On Nov 15, 2011, at 10:52 PM, Michael Richardson wrote: > >> >>>>>>> "Mark" == Mark Boltz <mark.bo...@stonesoft.com> writes: >> Mark> With all due respect to Cisco, the larger problem we're trying >> Mark> to address, is in part the fact that DMVPN and ACVPN are >> Mark> vendor specific implementations. And the goal of the >> Mark> implementation we're seeking is *large scale* P2P VPNs. >> >> Assume that they are available on a wide variety of platforms, what is >> broken in the technology? > > I don't know, but I've been told > that ACVPN and DMVPN both rely on NHRP and GRE tunnels. I have also heard > (and please someone correct me if I'm wrong) that they don't interoperate. > So the tools are apparently not enough. > >> Mark> Picture a hypothetical where a larger interest desires an >> Mark> IPsec VPN, in, say the airline industry. We're talking about >> Mark> several thousand aircraft from several manufacturers. All in >> >> We've been through all of this 15 years ago with AIAG's ANX. > > You really want to tout that experience as a success story? > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > > _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec