Hi, In reviewing the discussions over the past few weeks, there appear to be a number of issues concerning draft-sathyanarayan-ipsecme-advpn-03 that require further clarification.
It would be useful for the working group if the following aspects of draft-sathyanarayan-ipsecme-advpn-03 were clarified: 1. scaling & general networking: 1.1 It does appear this proposal has a limit of 256 networks. Is this correct ? How do nodes negotiate SA's when there are more than 256 prefixes on each side ? For reference, RFC5996 does not offer the ability to negotiate more than 256 prefixes in the TSi TSr payloads. 1.2 What happens when a prefix administratively changes from behind one branch to another ? How do servers get notified about that ? 1.3 How is VLSM taken into consideration (Variable Length Subnet Masking). E.g. long prefix behind one branch and a short prefix behind another 1.4 How does a hub decide which Security Association to use when to spoke devices decide to advertise the same prefix ? 2. multicast: 2.1 There does not appear to be a specification of Multicast in this proposal. This is a key requirement for some of the ADVPN sponsors. How does multicast work ? 2.2 How are SA's negotiated and how do applications request multicast traffic to be sent ? 3.interoperability. draft-sathyanarayan-ipsecme-advpn-03 does not mention how a server/hub learns about networks behind other servers 3.1 what are the steps a server should take to establish a network with other servers 3.2 how is topology and reachability information exchanged between servers Thank you, Frederic Detienne _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec