On May 19, 2012, at 3:53 PM, Yaron Sheffer wrote:
Hi Vishwas, Yoav,
Check Point (IIRC) supports communities of IPsec endpoints, arranged
either as a star or a full mesh. This is nice and simple to configure
but obviously does not cover all use cases. Some networks cannot be
represented
But this quickly reduces to hierarchical routing: consider 3
communities, C1, C2, C3. Connectivity is C1 == C2 == C3 (i.e. no
direct connectivity between C1 and C3). The connecting member between
C1 and C2 needs to know everybody in C1 and C2 - that's clear. But it
also needs to know endpoints
