On Jun 6, 2012, at 5:54 PM, Sheng Hsin Lo wrote: > Hello, > > Should the SPD search in IPsec support longest prefix match(LPM)? >
Hi The answer is no. The SPD is an ordered list of entries, and the first match is the one to follow. RFC 4301 defines a decorrelation algorithm (section 4.4.1 and appendix B) that remove overlaps for quicker searches, but that does not change the result fo the SPD search, which is first-match. Hope this helps Yoav _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
