Hello,
Should the SPD search in IPsec support longest prefix match(LPM)?
Thanks.
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
On Jun 6, 2012, at 5:54 PM, Sheng Hsin Lo wrote:
Hello,
Should the SPD search in IPsec support longest prefix match(LPM)?
Hi
The answer is no. The SPD is an ordered list of entries, and the first match is
the one to follow.
RFC 4301 defines a decorrelation algorithm (section 4.4.1
On Wed, 6 Jun 2012, Yoav Nir wrote:
Should the SPD search in IPsec support longest prefix match(LPM)?
Hi
The answer is no. The SPD is an ordered list of entries, and the first match is
the one to follow.
RFC 4301 defines a decorrelation algorithm (section 4.4.1 and appendix B) that
On 06/06/2012 06:11 PM, Paul Wouters wrote:
Apart from the RFC stating so, what is the reasoning behind favouring
an arbitrary top down list over longest prefix match?
For example, if your policy only specifies remote or local port,
like 80 (to cover all HTTP traffic, regarless of origin). It
On Wed, 6 Jun 2012, Markku Savela wrote:
On 06/06/2012 06:11 PM, Paul Wouters wrote:
Apart from the RFC stating so, what is the reasoning behind favouring
an arbitrary top down list over longest prefix match?
For example, if your policy only specifies remote or local port,
like 80 (to cover