Use of Ipsec Transport Mode for Dynamic Routing

By Touch, J.

Book Id: WPLBN0000694043
Format Type: PDF eBook:
File Size: 0.1 MB
Reproduction Date: 2005

Title:	Use of Ipsec Transport Mode for Dynamic Routing
Author:	Touch, J.
Volume:
Language:	English
Subject:	Fine Arts, Language, Sociology
Collections:	Technical eBooks and Manuals Collection, Technical eBooks Collection
Historic Publication Date:
Publisher:


Citation APA MLA Chicago Touch, B. J. (n.d.). Use of Ipsec Transport Mode for Dynamic Routing. Retrieved from http://gutenberg.cc/

Description
Technical Reference Publication

Excerpt
Abstract: OSPF is a link-state intra-domain routing protocol used in IP networks. OSPF behavior over demand circuits (DC) is optimized in RFC 1793 to minimize the amount of overhead traffic. A part of the OSPF demand circuit extensions is the Hello suppression mechanism. This technique allows a demand circuit to go down when no interesting traffic is going through the link. However, it also introduces a problem, where it becomes impossible to detect an OSPF-inactive neighbor over such a link. This memo introduces a new mechanism called neighbor probing to address the above problem.

Table of Contents
Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Document History . . . . . . . . . . . . . . . . . . . . 3 2. Problem Description. . . . . . . . . . . . . . . . . . . . . . 4 2.1. IPsec Overview . . . . . . . . . . . . . . . . . . . . . 5 2.2. Forwarding Example . . . . . . . . . . . . . . . . . . . 6 2.3. Problem 1: Forwarding Issues . . . . . . . . . . . . . . 7 2.4. Problem 2: Source Address Selection . . . . . . . . . . 8 3. IIPtran: IPIP Tunnel Devices + IPsec Transport Mode . . . . . 9 3.1. IIPtran Details . . . . . . . . . . . . . . . . . . . . 10 3.2. Solving Problem 1: Forwarding Issues . . . . . . . . . . 11 3.3. Solving Problem 2: Source Address Selection . . . . . . 12 4. Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.1. Other Proposed Solutions . . . . . . . . . . . . . . . . 12 4.1.1. Alternative 1: IPsec with Interface SAs. . . . . 13 4.1.2. Alternative 2: IPsec with Initial Forwarding Lookup. . . . . . . . . . . . . . . . 13 4.1.3. Alternative 3: IPsec with Integrated Forwarding . . . . . . . . . . . . . . . . . . . 14 4.2. Discussion . . . . . . . . . . . . . . . . . . . . . . . 14 4.2.1. VN Routing Support and Complexity . . . . . . . 14 4.2.2. Impact on the IPsec Architecture . . . . . . . . 15 4.2.3. Policy Enforcement and Selectors . . . . . . . . 16 4.2.4. IKE Impact . . . . . . . . . . . . . . . . . . . 19 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 6. Summary and Recommendations . . . . . . . . . . . . . . . . . 20 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 8.1. Normative References . . . . . . . . . . . . . . . . . . 20 8.2. Informative References . . . . . . . . . . . . . . . . . 21 A. Encapsulation/Decapsulation Issues . . . . . . . . . . . . . . 22 A.1. Encapsulation Issues . . . . . . . . . . . . . . . . . . 22 A.2. Decapsulation Issues . . . . . . . . . . . . . . . . . . 23 A.3. Appendix Summary . . . . . . . . . . . . . . . . . . . . 23 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 24 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 25