headers
Vishwas Manral | 22 May 2012 02:14
Picon

Section 2.3: Endpoint-to-Gateway P2P VPN

Hi folks,

I have been trying to understand the use case for End-point to Gateway use case as written in the current draft.

Finding the closes gateway, seems to be rightly routing or ALTO (Application Level Transport Optimization) problem, rather than an IPsec one. Am I missing the point altogether?

Thanks,
Vishwas


_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply |
headers
Yaron Sheffer | 22 May 2012 07:04
Picon

Re: Section 2.3: Endpoint-to-Gateway P2P VPN

Hi Vishwas,

First, existing products are doing that, which means this is at least 
somewhat useful :-)

Making the decision on which gateway is closest seems to me out of 
scope. But informing the endpoint of which gateways are available to it 
can only be done at the IPsec-Discovery level, right?

Thanks,
	Yaron

On 05/22/2012 03:14 AM, Vishwas Manral wrote:
> Hi folks,
>
> I have been trying to understand the use case for End-point to Gateway
> use case as written in the current draft.
>
> Finding the closes gateway, seems to be rightly routing or ALTO
> (Application Level Transport Optimization) problem, rather than an IPsec
> one. Am I missing the point altogether?
>
> Thanks,
> Vishwas
>
>
>
>
> _______________________________________________
> IPsec mailing list
> IPsec <at> ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply |
headers
Vishwas Manral | 22 May 2012 07:10
Picon

Re: Section 2.3: Endpoint-to-Gateway P2P VPN

Hi Yaron,

I am not questioning the usefulness of the feature. I was just trying to figure what part is routing and which one can be dealt with in IPsec.

I will put the Discovery part as the use case here.

Thanks,
Vishwas

On Mon, May 21, 2012 at 10:04 PM, Yaron Sheffer <yaronf.ietf <at> gmail.com> wrote:
Hi Vishwas,

First, existing products are doing that, which means this is at least somewhat useful :-)

Making the decision on which gateway is closest seems to me out of scope. But informing the endpoint of which gateways are available to it can only be done at the IPsec-Discovery level, right?

Thanks,
       Yaron


On 05/22/2012 03:14 AM, Vishwas Manral wrote:
Hi folks,

I have been trying to understand the use case for End-point to Gateway
use case as written in the current draft.

Finding the closes gateway, seems to be rightly routing or ALTO
(Application Level Transport Optimization) problem, rather than an IPsec
one. Am I missing the point altogether?

Thanks,
Vishwas




_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply |
headers
Yoav Nir | 22 May 2012 08:16
Picon
Favicon

Re: Section 2.3: Endpoint-to-Gateway P2P VPN

Hi Vishwas

Especially for clients, routing doesn't always help. A lot of those corporate networks use non-routable
IP addresses. Of course you can use routing protocols once the client has connected to a gateway, but
routing protocols don't help you choose the right gateway to reach 192.168.5.82.

Even with routable addresses, routing tables and routing protocols pretty much give you only the next hop
at layer 3. They don't help you find the next VPN hop - an IKE/IPsec endpoint.

It is possible to connect to some (maybe pre-configured) gateway, and then run (modified?) routing
protocols over the tunnel and learn about more gateways through them. But this is getting deeply into the
solution space.

Yoav

On May 22, 2012, at 3:14 AM, Vishwas Manral wrote:

> Hi folks,
> 
> I have been trying to understand the use case for End-point to Gateway use case as written in the current draft.
> 
> Finding the closes gateway, seems to be rightly routing or ALTO (Application Level Transport
Optimization) problem, rather than an IPsec one. Am I missing the point altogether?
> 
> Thanks,
> Vishwas
Permalink | Reply |
headers
Vishwas Manral | 22 May 2012 19:39
Picon

Re: Section 2.3: Endpoint-to-Gateway P2P VPN

Hi Yoav,

I am sorry I was unclear.

I wasn't just talking about IP Routing, but also Application level Routing (ALTO). As an example I know ALTO is used in content delivery to get the content from the best content server (best is based on numerous factors - like latency, bandwidth, Autonomous System etc). In my view the scenarios we talk about a host looking for the closest gateway are similar.

I will add it to the document. As a solution we could look at ALTO as an option for the same.

Thanks,
Vishwas

On Mon, May 21, 2012 at 11:16 PM, Yoav Nir <ynir <at> checkpoint.com> wrote:
Hi Vishwas

Especially for clients, routing doesn't always help. A lot of those corporate networks use non-routable IP addresses. Of course you can use routing protocols once the client has connected to a gateway, but routing protocols don't help you choose the right gateway to reach 192.168.5.82.

Even with routable addresses, routing tables and routing protocols pretty much give you only the next hop at layer 3. They don't help you find the next VPN hop - an IKE/IPsec endpoint.

It is possible to connect to some (maybe pre-configured) gateway, and then run (modified?) routing protocols over the tunnel and learn about more gateways through them. But this is getting deeply into the solution space.

Yoav

On May 22, 2012, at 3:14 AM, Vishwas Manral wrote:

> Hi folks,
>
> I have been trying to understand the use case for End-point to Gateway use case as written in the current draft.
>
> Finding the closes gateway, seems to be rightly routing or ALTO (Application Level Transport Optimization) problem, rather than an IPsec one. Am I missing the point altogether?
>
> Thanks,
> Vishwas


_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
Permalink | Reply |

Gmane