The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] draft-ietf-mpls-in-ip-or-gre-04.txt
Hi Eric, On Wed, 28 Jan 2004, Eric Rosen wrote: > > > I think we also should focus on whether more detail is necessary > > to have multi-vendor interoperable implementations of MPLS over IPSec. > > Fair enough. Do you have an objection? > > Some comments on adding enough detail for multi-vendor interoperable implementations: 1. It will help to clarify the packet format after Transport mode is applied on the MPLS in IP or GRE packet. "The MPLS-in-IP or MPLS-in-GRE encapsulated packets should be considered as originating at the tunnel head and as being destined for the tunnel tail; IPsec transport mode SHOULD thus be used." Suggest inserting after the above: "The IP header of the MPLS-in-IP packet becomes the outer IP header of the resulting packet when IPsec transport mode is used to secure the MPLS-in-IP packet, by the ingress PE. This is followed by an IPsec header followed by the MPLS label stack. The IPsec header needs to set the payload type to MPLS by using the IP protocol number specified in section 3. If IPsec transport mode is applied on a MPLS-in-GRE packket, the GRE header follows the IPsec header." 2. Procedures at the egress PE should be spelled out. The above inserted text can be followed by something like: "The result of the IPsec 'outbound' processing at the egress PE is the recovering of a contained MPLS-in-IP/GRE packet. The egress PE will then strip off the encapsulating IP/GRE header to recover the MPLS packet, for MPLS switching purposes." It is to be noted that if a) A MPLS packet is received by an egress PE, with no IPsec encapsulation and b) An IPsec encapsulation was expected by the egress PE for that MPLS packet, it should be discarded. How this is achieved depends on the implementation." Thanks, rahul
|
|