Hi, I would like to start off by trying to resolve the issue. The notes from the IETF are attached below.
Description:Some admins prefer a star topology so they can inspect traffic. They may not want to use this technology. Detail arguments: My take is similar to what Yaron and Yaov seem to state. There is no reason to exclude star topology at all from the Problem statement/ requirements document. In fact both the proprietary solutions I know of allow for such a topology. I however understand that some of the functionality on the Hub (of the star) could be achieved by using PFP flags in the SPD entry. Suggested Resolution: State in the document that Star topology is not excluded from the solution. The problem of configuration is however mainly limited to the Hub. For every spoke added/ deleted/ modified the configuration on the Hub needs to be changed, which is not desirable. May be update Section 3.2 with the same too. Thanks, Vishwas =========================================================== Notes from meeting minutes: # 219 Star topology as an admin choice People don't need to use this if they don't want to Say this in the security considerations Yoav Nir: Has to be a requirement that any solution can implement different policies Yaron Sheffer: Agrees with Yoav, maybe becomes a use case Take this to the list
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec