Michael Richardson writes:
> Tero> How does that disagree in their definition of flow?
>
> A flow in the routing and ASIC space is an origin/destination IP address
> pair only. A microflow is the 5-tuple.
Never heard about microflow before.
Wikipedia says:
Applied to Internet routers,
Michael Richardson writes:
> >> It is? I'll bet 95% of actual transport mode IPsec has an L2TP
> >> layer inside.
>
> Tero> Inside one enterprise? I do not think so. I guess most of the
> Tero> IPsec traffic is VPN style tunnel mode, but as that is going
> Tero> over untrusted
Michael Richardson writes:
> >As end nodes might be able to
> > bypass those checks by using encrypted ESP instead of ESP-NULL, these
> > kinds of scenarios also require very specific policies to forbid such
> > circumvention.
>
> The question is, are these end-nodes malicious, or ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>As end nodes might be able to
> bypass those checks by using encrypted ESP instead of ESP-NULL, these
> kinds of scenarios also require very specific policies to forbid such
> circumvention.
The question is, are these end-nodes malicio
