Classification:UNCLASSIFIED Good catch!
I've also thought of an additional use case, as I extend / change a network within a data centre etc, it would be helpful if the crypto gateway could learn of the new networks (through routing perhaps) and make them available through the encrypted tunnels. Chris [This message has been sent by a mobile device] ----- Original Message ----- From: Mike Sullenberger [mailto:[email protected]] Sent: Monday, March 12, 2012 10:56 PM To: [email protected] <[email protected]> Cc: [email protected] <[email protected]>; Ulliott, Chris Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED Steve, I do not think changing the name to "Dynamic Mesh VPN" is a good idea. The first thing that is going to happen is that it is going to be shortened to "DMVPN" and then we have conflict with Cisco DMVPN, which would be confusing and also "DMVPN" is a registered trademark. It would be best to use some other synonym for "Dynamic Mesh". Mike. >Upon reflection, I can see how "Point to Point VPNs" is problematic >as a description of the problem. Really it's more about dynamically >creating SAs so that any endpoint or gateway can communicate directly >with any other, as permitted by policy. And how can we do this in a >manageable manner in a large-scale environment where endpoints are >mobile and configurations and policies change often? > >So "Dynamic Mesh VPNs" is fine with me. Whatever the WG feels is best. > >Thanks, > >Steve > >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf >> Of Ulliott, Chris >> Sent: Wednesday, March 07, 2012 4:53 PM >> To: '[email protected]' >> Subject: Re: [IPsec] P2P VPN draft UNCLASSIFIED >> >> Classification:UNCLASSIFIED >> >> How about "dynamic mesh VPNs" as a title as I think the dynamic part is >> key here and probably an important aspect of the use cases. >> >> Chris >> >> [This message has been sent by a mobile device] >> >> ----- Original Message ----- >> From: Yaron Sheffer [mailto:[email protected]] >> Sent: Wednesday, March 07, 2012 09:17 PM >> To: IPsecme WG <[email protected]> >> Subject: [IPsec] P2P VPN draft >> >> Hi Steve, >> >> a few initial comments. >> >> * The draft is short and clear. Thanks for that! >> * I have a problem with the title (and even more, with the "file >> name" of the draft). P2P is usually perceived as peer-to-peer, >> which skews the discussion towards one particular use case, that >> of endpoint-to-endpoint. I suggest to use "Mesh IPsec VPN" instead. >> * I am unclear about 2.2: so what if you "suddenly need to exchange a >> lot of data". How is it different from normal IP traffic load >> management? The text is simply too vague here. Ideally, should we >> expect the traffic to migrate to other gateways? To go directly >> between endpoints? To establish priorities on existing gateways? >> >> Thanks, >> >> Yaron +------------------------------------------------+ | Mike Sullenberger; DSE | | [email protected] .:|:.:|:. | | Customer Advocacy CISCO | +------------------------------------------------+ **************************************************************************** Communications with GCHQ may be monitored and/or recorded for system efficiency and other lawful purposes. Any views or opinions expressed in this e-mail do not necessarily reflect GCHQ policy. This email, and any attachments, is intended for the attention of the addressee(s) only. Its unauthorised use, disclosure, storage or copying is not permitted. If you are not the intended recipient, please notify [email protected]. This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 ext 30306 (non-secure) or email [email protected] **************************************************************************** The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
