Hi
I am the an Architect for a Service Provider and we commonly deploy large scale Encryption Domains for Government and Security conscious Enterprise customers over typically insecure mediums such as Microwave Radio, xDSL, EFM and FTTC type products. Our preference is draft-detienne-dmvpn-00 to be used. Having multiple deployments of DMVPN, we find DMVPN a mature protocol with enhanced functionality required to deliver complex dynamic VPN networks. We would have some functional requirements in any dynamic encryption protocol, including: * Layer 2 functionality - the lack Layer 2 connectivity within ADVPN means we cannot run MPLS over encryption mechanisms presents significant challenges in delivering full service provider and large scale VRF deployments across encryption domains. In addition the lack of support for VPLS and EoMPLS functionality would cause a concern. * Multicast - Full native support for Multicast, including routing protocols and RPF checks are essential. We have multiple customer deployments where multicast support is a critical requirement as many business critical application run over Multicast. * Dynamic Routing Protocol/Metrics - The ability to deploy dynamic routing protocols with routing metrics and route computation is a fundamental requirement. We have concerns over the support IGP protocols, routing metrics and VLSM within ADVPN. * Rapid Spoke to Spoke tunnels - The ability to deploy rapid spoke to spoke tunnels for real time applications is essential, especially in a multi tiered hub deployment. We don't believe the deployment of ADVPN meets this requirement suitably. Our preference is clearly for DMVPN as it does not try to make IKE a routing protocol and supports all existing routing protocols, along with native Multicast Support and Layer 2 connectivity. DMVPN delivers all the functionality and protocol support we require to deploy dynamic VPN overlays. We would have concerns over any protocol that doesn't support these features. Regards, Jim The information contained in this e-mail and any files transmitted with it is confidential and may be subject to legal professional privilege. It is intended solely for the use of the addressee(s). If you are not the intended recipient of this e-mail, please note that any review, dissemination, disclosure, alteration, printing, copying or transmission of this e-mail and/or any file transmitted with it, is prohibited and may be unlawful. If you have received this e-mail by mistake, please promptly inform the sender by reply e-mail and delete the material. Whilst this e-mail message has been swept for the presence of computer viruses, eircom (UK) Limited does not, except as required by law, represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, viruses, interception or interference. eircom (UK) Limited. Private Company Limited by Shares. Registered in England and Wales. Registration Number 03478971. Registered Office - South Quay, Plaza 2, 183 Marsh Wall, London, E14 9SH.
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
