On Fri, 2009-11-13 at 09:44 +0100, Tore Anderson wrote:
> * Jonathan Lassoff
>
> > Are there any applications that absolutely *have* to sit on the same
> > LAN/broadcast domain and can't be configured to use unicast or multicast
> > IP?
>
> FCoE comes to mind.
>
and in a similar vein, ATAoE
On Nov 14, 2009, at 9:58 PM, Steven Bellovin wrote:
On Nov 14, 2009, at 8:28 PM, David Barak wrote:
I've seen AH used as a "prove that this hasn't been through a NAT"
mechanism. In this context, it's pretty much perfect.
However, what I don't understand is where the dislike for it
orig
No - if you read the below pointers carefully it does specify that
ESP-Null is a MUST for OSPFv3 authentication protocol while AH is a
MAY. AH is mostly superfluous and complicates implementations.
Someone on the IPsec mailing list stated that at least two
implementations he was aware of u
Tore Anderson writes:
> * Jonathan Lassoff
>> Are there any applications that absolutely *have* to sit on the same
>> LAN/broadcast domain and can't be configured to use unicast or multicast
>> IP?
> FCoE comes to mind.
Doesn't FCoE need even more than that, i.e. "lossless" Ethernet with
end-to-e
This 100-line document contains 62% of what you need to know to avoid
annoying 10,000 people in your email to the NANOG list. It also contains
pointers to another 23%. Please take 5 minutes to read it before
you post [again].
General Information
===
About NANOG:http://
Owen DeLong wrote:
> I've never seen anyone use AH vs. ESP.
OSPFv3?
> I've always used ESP and so has
> every other IPSEC implementation I've seen anyone do.
>
> Owen
>
> On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
>
>> Hi,
>>
>> Interesting discussion on the utility of Authentication Heade
Does anyone have any practical long term experience with third party
alternatives to the (must be made from solid gold) Cisco SFP-GE-S module
that they'd like to share with me? I suppose I could just use compatible
GLC-SX-MM instead, but I kind of want to have DOM support.
~Seth
On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli wrote:
> Owen DeLong wrote:
>> I've never seen anyone use AH vs. ESP.
>
> OSPFv3?
Maybe I'm asking a dumb question, but why would one prefer AH over ESP
for OSPFv3?
RFC4552:
"In order to provide authentication to OSPFv3, implementations MUST
support ES
Bill Fehring wrote:
> On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli wrote:
>> Owen DeLong wrote:
>>> I've never seen anyone use AH vs. ESP.
>> OSPFv3?
>
> Maybe I'm asking a dumb question, but why would one prefer AH over ESP
> for OSPFv3?
Header protection... still doesn't provide replay protec
> Does anyone have any practical long term experience with third party
> alternatives to the (must be made from solid gold) Cisco SFP-GE-S module
> that they'd like to share with me? I suppose I could just use compatible
> GLC-SX-MM instead, but I kind of want to have DOM support.
There are plenty
10 matches
Mail list logo
