ipsec February 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] question about IKEv2 Re-direct

Re: [IPsec] question about IKEv2 Re-direct

From: Richard Graveman <rfgraveman_at_nospam>
Date: Tue Feb 03 2009 - 06:20:26 GMT
To: Vijay Devarapalli <dvijay@gmail.com>


Hi Vijay,

Thanks for your reply.

>> I just read this draft and think your idea is useful. I have one
>> question (please excuse me if it's been answered):
>
> Its not been brought up before. But from the beginning the focus for
> this draft has always been on IKEv2 client-gateway scenarios.
>
>> Is there anything special about VPNs (or MIPv6) that limits the use of
>> this? Could you just say "IKEv2 Initiator" instead of "VPN client" and
>> "IKEv2 Responder" instead of "VPN Gateway" everywhere?
>
> The mechanism proposed in the draft can be used between any IKEv2
> initiator and responder without any changes to the protocol.

Thanks for the clarification. I think this is worth saying.

>> I have uses for IKEv2 that are neither VPNs nor MIPv6 and could
>> possibly benefit from this, but the terminology is somewhat
>> constraining.
>
> If you don't mind, can you share those use-cases/scenarios with us? I
> can't imagine a scenario where a re-direct would be useful between two
> IKEv2 peers.

Sure. My "client" and "server" happen to be running a peer-to-peer signaling protocol to handle GMPLS provisioning. It's a peer-to-peer protocol, because sometimes you "get a phone call" as well as "make a phone call." The "server" at the so-called Provider Edge (PE) has as natural an application of redirect as the remote-access-VPN case (planned downtime, load balancing, etc.)

Regards, Rich Graveman


IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.