Thanks Neale, That is similar to my thinking as well. I think there is a good
case for both approaches.
For the use cases we have:
1) IKE responder
- commonly a central site with no statically configured tunnels
- possibly some enhancements to reduce the static config for remote peers
- requires
Hi Carl,
I think both options are viable. Perhaps 1) is preferable when IKE is a
responder and 2) when an initiator.
1) doesn't exist, but there are many other cases where VPP sends notifcation
events to the agent when it has discovred something - search for APIs named
want_*
For 2) it's imp
What is the current thinking on how IPIP tunnels should be configured (admin
state, routes etc) if they are created by IKE.
In the Linux kernel we statically create the tunnel, bring it admin up, route
packets over it. But it drops the packets
(triggering an IKE acquire) until a valid SA exists.
