|Main Archive Page > Month Archives > ipsec archives|
Thanks for your reply.
>> I just read this draft and think your idea is useful. I have one
>> question (please excuse me if it's been answered):
> Its not been brought up before. But from the beginning the focus for
> this draft has always been on IKEv2 client-gateway scenarios.
>> Is there anything special about VPNs (or MIPv6) that limits the use of
>> this? Could you just say "IKEv2 Initiator" instead of "VPN client" and
>> "IKEv2 Responder" instead of "VPN Gateway" everywhere?
> The mechanism proposed in the draft can be used between any IKEv2
> initiator and responder without any changes to the protocol.
Thanks for the clarification. I think this is worth saying.
>> I have uses for IKEv2 that are neither VPNs nor MIPv6 and could
>> possibly benefit from this, but the terminology is somewhat
> If you don't mind, can you share those use-cases/scenarios with us? I
> can't imagine a scenario where a re-direct would be useful between two
> IKEv2 peers.
Sure. My "client" and "server" happen to be running a peer-to-peer signaling protocol to handle GMPLS provisioning. It's a peer-to-peer protocol, because sometimes you "get a phone call" as well as "make a phone call." The "server" at the so-called Provider Edge (PE) has as natural an application of redirect as the remote-access-VPN case (planned downtime, load balancing, etc.)
Regards, Rich Graveman