Hi Yogendra, I guess the question being raised here is slightly different.
The question is should all traffic be first sent to a central point (Campus/ DC etc) inspected (IDS/ IPS/ Firewall) and then allowed to pass to others peers or should there be a direct connection between the peers too - in which case we would need to have distributed security appliances? In my view it is up to the security administrator to prefer a particular topology for particular communication. We could have some traffic always being sent through the hub (say over the MPLs backbone) while another is just sent directly over the Internet. Thanks, Vishwas On Wed, Mar 21, 2012 at 11:45 PM, yogendra pal <jntu...@gmail.com> wrote: > Why they may not use this technology ? Even today irrespective of the > topology, traffic is intercepted by lawful agencies by using different > mechanism (port mirroring, etc...) > > Thanks, > Yogendra Pal > Ericsson, India > > > On Wed, Mar 21, 2012 at 7:07 AM, Stephen Hanna <sha...@juniper.net> wrote: > >> Please comment. >> >> Steve >> >> -----Original Message----- >> From: ipsecme issue tracker [mailto:t...@tools.ietf.org] >> Sent: Tuesday, March 20, 2012 7:04 PM >> To: yaronf.i...@gmail.com; >> draft-ietf-ipsecme-p2p-vpn-prob...@tools.ietf.org >> Subject: [ipsecme] #219: Star topology as an admin choice >> >> #219: Star topology as an admin choice >> >> Some admins prefer a star topology so they can inspect traffic. They may >> not want to use this technology. >> >> Suggested Resolution: Mention this in the Security Considerations >> section. >> >> -- >> >> -------------------------+------------------------------------------------- >> Reporter: | Owner: draft-ietf-ipsecme-p2p-vpn- >> yaronf.ietf@… | problem@… >> Type: defect | Status: new >> Priority: normal | Milestone: >> Component: p2p-vpn- | Severity: - >> problem | >> Keywords: | >> >> -------------------------+------------------------------------------------- >> >> Ticket URL: <http://trac.tools.ietf.org/wg/ipsecme/trac/ticket/219> >> ipsecme <http://tools.ietf.org/ipsecme/> >> >> _______________________________________________ >> IPsec mailing list >> IPsec@ietf.org >> https://www.ietf.org/mailman/listinfo/ipsec >> > > > > -- > > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec > >
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec