Hi, I would like to re-iterate the importance of clarifying the points below as it is not possible to assess the performances, relevance and interoperability of draft-sathyanarayan-ipsecme-advpn-03 at this stage - - these are all important issues to potential users of this techology.
Thank you, Frederic Detienne On 13 Jan 2014, at 17:07, Frederic Detienne (fdetienn) <fdeti...@cisco.com> wrote: > Hi, > > In reviewing the discussions over the past few weeks, there appear to be a > number of issues concerning draft-sathyanarayan-ipsecme-advpn-03 that require > further clarification. > > It would be useful for the working group if the following aspects of > draft-sathyanarayan-ipsecme-advpn-03 were clarified: > > 1. scaling & general networking: > 1.1 It does appear this proposal has a limit of 256 networks. Is this > correct ? How do nodes negotiate SA's when there are more than 256 prefixes > on each side ? For reference, RFC5996 does not offer the ability to negotiate > more than 256 prefixes in the TSi TSr payloads. > > 1.2 What happens when a prefix administratively changes from behind one > branch to another ? How do servers get notified about that ? > > 1.3 How is VLSM taken into consideration (Variable Length Subnet Masking). > E.g. long prefix behind one branch and a short prefix behind another > > 1.4 How does a hub decide which Security Association to use when to spoke > devices decide to advertise the same prefix ? > > 2. multicast: > > 2.1 There does not appear to be a specification of Multicast in this > proposal. This is a key requirement for some of the ADVPN sponsors. How does > multicast work ? > > 2.2 How are SA's negotiated and how do applications request multicast traffic > to be sent ? > > 3.interoperability. draft-sathyanarayan-ipsecme-advpn-03 does not mention how > a server/hub learns about networks behind other servers > > 3.1 what are the steps a server should take to establish a network with other > servers > > 3.2 how is topology and reachability information exchanged between servers > > > Thank you, > > Frederic Detienne > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
