Hi John, That is indeed an interesting point. Honestly in all of my personal and business interests I want to use any of those technologies (of course with RbR preference) for engineering SDWANs. So clearly Internet transit applies.
But then I have just one question: - In what context have we spent so many emails discussing "escaping packets to the Internet" or protecting infrastructure (SID addresses from "entering your network from Internet" ? Kind regards, R. On Tue, May 26, 2020 at 10:44 PM John Scudder <j...@juniper.net> wrote: > On May 26, 2020, at 3:52 PM, Sander Steffann <san...@steffann.nl> wrote: > > > Source and destination are in the same domain. Who says that the domain is > contiguous? Let's change the example to main and branch offices. Same > administrative domain, while still traversing the internet. > > > This is an interesting point. You can protect it with AH to address > security concerns about sending the CRH across the big-I Internet, too. I > feel like it provides another illustration of the “look at the benefits you > get if you work within an existing architecture instead of trying to invent > a whole new one” case. You didn’t have to invent a whole new security > architecture of your own — you fit into an existing architecture, and got > to inherit its security properties. > > $0.02, > > —John >
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
