Panwei (William) wrote:
> Hi Michael,
>> > At yesterday's meeting, I think people basically understood and >
>> accepted the problem statement itself, but also raised different >
>> ideas regarding to the solutions. We'll try to do more analysis > and
>> comparison of possib
Hi Michael,
> > At yesterday's meeting, I think people basically understood and
> > accepted the problem statement itself, but also raised different
> > ideas regarding to the solutions. We'll try to do more analysis
> > and comparison of possible solutions, includ
Panwei \(William\) wrote:
> At yesterday's meeting, I think people basically understood and
> accepted the problem statement itself, but also raised different ideas
> regarding to the solutions. We'll try to do more analysis and
> comparison of possible solutions, including what
quot; field or not?
Regards & Thanks!
Wei PAN (潘伟)
> -Original Message-
> From: Steffen Klassert
> Sent: Friday, March 15, 2024 5:31 PM
> To: Paul Wouters
> Cc: Panwei (William) ; ipsec@ietf.org WG
>
> Subject: Re: [IPsec] I-D Action:
> draf
On Mon, Mar 11, 2024 at 11:36:03AM -0400, Paul Wouters wrote:
> On Mon, 11 Mar 2024, Panwei (William) wrote:
>
> > Indeed, splitting the 32-bit SPI into two sub-fields, the VPN ID sub-field
> > and SPI sub-field, may also be one option. This solution doesn't need to
> > change the ESP packet for
On Mon, 11 Mar 2024, Panwei (William) wrote:
Indeed, splitting the 32-bit SPI into two sub-fields, the VPN ID sub-field and
SPI sub-field, may also be one option. This solution doesn't need to change the
ESP packet format, but it also has some disadvantages.
The first one is the scalable issue
Hi Paul,
Thanks for your quick comments. But I'm sorry for the late response due to I
was out of the office for a few days.
> I can see how you want an extra SPD selector for the VPN ID - but
> maybe call it Namespace ID or something else as VPN ID is confusing.
Thanks for pointing out
Initial thought while having morning coffee.
I can see how you want an extra SPD selector for the VPN ID - but maybe call it
Namespace ID or something else as VPN ID is confusing.
Your gateway that needs to support say 256 VPN IDs could split up its SPI range
so it can detect which VPN to send
Hi folks,
We've encountered a real problem when using IPsec in the Multi-VPN environment.
We find that separate IPsec tunnels (i.e., different IKE SAs and different
Child SAs) are needed for each VPN to distingue the traffic from different VPNs.
But, due to the number of peer devices and the numb
