Joe, >... > > >> >> This almost sounds like a MIDCOM-style solution. I think this would >> be a very big change to the current IPsec architecture, probably out >> of scope for this WG. > >I agree, however I wonder if that sort of issue was already present in >the BITW variants in 4301 anyway (to ensure, e.g., that packets arriving > on different links with the same IP address didn't collide on SPI >allocations). This might be a problem if each interface had a distinct IPsec implementation, not just a distinct SPD. However, I know of no such devices, and thus no instances of problems of this sort. With just one SAD for a BITW device, SPI assignment is centralized and thus the problem you cite is avoided. Steve
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.