On Tue, 03 Dec 2013 19:40:52 +0200
Yaron Sheffer <yaronf.i...@gmail.com> wrote:
> We would like to ask people who are *not* authors on any of the
> solution drafts to send a short message to the list, saying which of
> the three they prefer, and a few reasons for their choice.
>
> A quick process reminder: once we adopt a protocol, it becomes the
> starting point for the working group document. The WG can change the
> editor team and is free to make material changes to the protocol
> before it is published as RFC.
My preference is on draft-detienne-dmvpn-00 to be used as a BASIS:
- The model is layered properly.
- It does not try to make IKE a routing protocol, or SPD a full
blown routing table.
- Existing routing protocols can be used to setup active/backup
gateway nodes or multipath routes for given prefix, as well as
multicast routing (all these and more without additional IKE
extensions)
- Dynamic routing of prefixes, allowing simpler and more flexible
hub-to-hub configuration.
- Multiple inter-operable implementations exists.
- Large installations exists, proving scalability.
Granted, the current draft misses still a lot of details. Especially
useful would be to have exact specification on how "thin" client can
work without routing protocols (e.g. mode config push of static
routes), how to setup NHS topology, what security measures are needed
to make sure nodes cannot impersonate someone else.
DMVPN properly addresses the complex requirement in RFC7018 2.2.
"[...] the routing implications of gateway-to-gateway communication
need to be addressed." which I think is one of the hardest issues here.
- Timo
PS. Please do not reply to this email. It merely reflects my personal
preference and opinion as requested. Non-authors can freely write in
reply to the original poll explaining why they like something else;
authors can freely update their drafts and publish them on separate
thread.
And yes, I have bias towards DMVPN having implemented parts of it.
But I believe similar bias exists when IKE implementers prefer doing
everything in IKE.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
