|Main Archive Page > Month Archives > ipsec archives|
the charter, when defining the HA work item, specifies a precise scope:
"The scope is restricted to mechanism(s) that are visible to the peer,
and thus usually require interoperability between vendors. Mixed-vendor
clusters, and protocols between the cluster members, are explicitly out
of scope of this work item." But this scope is not explicitly delineated
in the draft, at least not in one place. So I suggest the following text
(I have incorporated the first few paragraphs of sec. 3):
3. Problem Statement
This section starts by scoping the problem, and goes on to list each of
the issues encountered while setting up a cluster of IPsec VPN gateways.
- This document will make no attempt to describe the problems in setting
up a generic cluster. It describes only problems related to the
- The problem of synchronizing the policy between cluster members is out
of scope, as this is an administrative issue that is not particular to
either clusters or to IPsec.
- The interesting scenario here is VPN, whether tunneled site-to-site or
remote access. Host-to-host transport mode is not expected to benefit
from this work.
- We do not describe in full the problems of the communication channel
between cluster members (the Synch Channel), nor do we intend to specify
anything in this space later. In other words, mixed-vendor clusters are
out of scope.
- The problem statement anticipates possible protocol-level solutions
between IKE/IPsec peers, in order to improve the availability and/or
performance of VPN clusters. One vendor's IPsec endpoint should be able
to work, optimally, with another vendor's cluster.
IPsec mailing list