Michael: Yoav talked about the non-GRE case. On Tue, Feb 25, 2020 at 05:44:10PM -0500, Michael Richardson wrote: > > Yoav Nir <ynir.i...@gmail.com> wrote: > > The profile specifies that the ACP nodes should use tunnel mode (when > > GRE is not used), because: IPsec tunnel mode is required because the > > ACP will route/forward packets received from any other ACP node across > > the ACP secure channels, and not only its own generated ACP packets. > > It's a VTI-type interface. > The TS should be for hostA<->hostB with protocol GRE. > It could be in tunnel or transport mode. > hostA and hostB are identified, btw, with IPv6 LL addresses. > > > If I understand the above paragraph correctly, both the source of the > > packet and the destination can be the IP address of any ACP node, > > neither of which are required to be the tunnel endpoints. This implies > > some sort of generic traffic selector. The draft should specify this, > > IMO > > The GRE layer and the routing protocol would take care of the ::/0<->::/0 > needs, not IPsec. > > -- > Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > >
> _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec -- --- t...@cs.fau.de _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
