>
> 1.2 What happens when a prefix administratively changes from behind one
> branch to another ? How do servers get notified about that ?
>
> [PRAVEEN] That’s an interesting point Fred, and thanks for bringing it up.
> First, please refer the ADVPN_INFO Payload and PROTECTED_DOMAIN sections (3.6
> and 3.9, respectively) of
> http://tools.ietf.org/html/draft-sathyanarayan-ipsecme-advpn-03. As a general
> rule, each spoke can download updated PROTECTED_DOMAIN information
> periodically, which advertises everything behind the hub and all other spokes
> combined. Of course, this does not change if some subnet has moved from
> behind spoke A to behind another spoke, B. However, the Lifetime attribute of
> the ADVPN_INFO payload is key here. We could see this being employed in a
> straightforward manner to allow for this transition: a) the subnet can
> "disappear" and be unreachable for one Lifetime, or b) the original spoke can
> redirect to the new spoke.
It turns out I did read those sections and this is exactly what surprised me.
Your answer is even more surprising.
Before going any further, is this resource exclusively exchanged between hub &
spoke or also between spokes ?
thanks,
fred
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
