This issue was based on Michael Richardson's March 12, 2012 email where he said:
Finally, say my laptop is normally part of such a mesh (as a /32,/128 subnet). When I'm "trapped" behind a NAPT, I naturally use NAT-traversal to get out and join the MESH. Now, what happens if I come to the office, which is itself part of the MESH. This is not a new problem, btw, but normally I have only a single tunnel to bring up or down. Now that I have all these tunnels and policy. Should any of this MESH continue to be used? Are there some non-convex topologies where this can be important (should some traffic be double encrypted as a result?), or is it all just out of scope. (We dealt with these things as implementation challenges when combining an extruded IPsec tunnel with RFC4322. We had co-terminal tunnels of the near kind, which was solved, and co-terminal tunnels of the far kind, which we did not manage to implement) For the above, consider a laptop/tablet which might now have multiple exit routes via 3G+wifi+wired... and that it's moving. I hope that helps clarify the issue. If not, perhaps you and Michael can clarify and discuss it further. Thanks, Steve From: Vishwas Manral [mailto:vishwas.i...@gmail.com] Sent: Wednesday, March 21, 2012 3:23 PM To: Stephen Hanna Cc: IPsecme WG Subject: Re: [IPsec] [ipsecme] #216: Multiple interfaces or mobile endpoint Hi Steve, Branch routers have 3G/ 4G interfaces as backups for the primary interface and sometimes even multiple 3G/ 4G interfaces with no wired interface at all to the backend. I however do not see any issue that occurs as a result of this. Currently if an interface goes down the tunnel is torn down. Is the question about bonding the multiple interfaces instead? Thanks, Vishwas On Tue, Mar 20, 2012 at 6:36 PM, Stephen Hanna <sha...@juniper.net<mailto:sha...@juniper.net>> wrote: Another issue. Please comment. And don't miss Yaron's comment below. Thanks, Steve -----Original Message----- From: ipsecme issue tracker [mailto:t...@tools.ietf.org<mailto:t...@tools.ietf.org>] Sent: Tuesday, March 20, 2012 6:57 PM To: yaronf.i...@gmail.com<mailto:yaronf.i...@gmail.com>; draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org<mailto:draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org> Subject: [ipsecme] #216: Multiple interfaces or mobile endpoint #216: Multiple interfaces or mobile endpoint What if an endpoint has multiple interfaces and/or is mobile? Which tunnels should be torn down as this endpoint moves around, sometimes behind a gateway and sometimes not? Suggested Resolution: We should not specify this in the problem statement. It should be specified in the solution. YS: sounds like a requirement question to me. In fact we may be able to simplify things by making this issue an explicit non-goal. -- -------------------------+------------------------------------------------- Reporter: | Owner: draft-ietf-ipsecme-p2p-vpn- yaronf.ietf@... | problem@... Type: defect | Status: new Priority: normal | Milestone: Component: p2p-vpn- | Severity: - problem | Keywords: Resolution: | -------------------------+------------------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/216#comment:1> ipsecme <http://tools.ietf.org/ipsecme/> _______________________________________________ IPsec mailing list IPsec@ietf.org<mailto:IPsec@ietf.org> https://www.ietf.org/mailman/listinfo/ipsec
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec