[IPsec] One comment to this draft//Fwd: I-D Action: draft-ietf-ipsecme-ad-vpn-problem-06.txt

Toby Mao <yumao9@gmail.com> Sat, 27 April 2013 03:10 UTC

Return-Path: <yumao9@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C7A5F21F9D73 for <ipsec@ietfa.amsl.com>; Fri, 26 Apr 2013 20:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 256x--ex6Ifc for <ipsec@ietfa.amsl.com>; Fri, 26 Apr 2013 20:10:38 -0700 (PDT)
Received: from mail-ia0-x22c.google.com (mail-ia0-x22c.google.com [IPv6:2607:f8b0:4001:c02::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 0868C21F9D70 for <ipsec@ietf.org>; Fri, 26 Apr 2013 20:10:37 -0700 (PDT)
Received: by mail-ia0-f172.google.com with SMTP id i20so4276957ian.3 for <ipsec@ietf.org>; Fri, 26 Apr 2013 20:10:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to:cc :content-type; bh=hp1onqEPzWxhr9Ol7fyVBNolEFXRCxHQ8Xr1wruDbC4=; b=RDkmgTshZ7Tieo6LMXOxGBVStdj9TwmYFMVfhtuYaKGR35npeiZduQ+V+kDCbpB1IV ZuL9+Gf+pcYUfF2FjMLnTRURRtcnHTrVvvnA6prieTlYjv+nCkcCemxPYdYfqV2QPwpD WplyoC73Uqm8OjyuiYI2zjpqu+N/ApBFUg1xhk6wKIjq51yCQ733UjuN+B9yppykWziF QkEg4VLvDLoJGJ6PmJhPeDu1cCQln7yamfiHY/GMmkuYuUSya4fSSxw7d8XfLLjNiZww LDy2/sBDLq/CbuA31PSRVmwu9IsZ1GQ1toUqB/gBOSOZ1znVsVXD2u9h624+nC/u/e2q RCow==
MIME-Version: 1.0
X-Received: by with SMTP id r14mr3419826igw.85.1367032237663; Fri, 26 Apr 2013 20:10:37 -0700 (PDT)
Received: by with HTTP; Fri, 26 Apr 2013 20:10:37 -0700 (PDT)
Date: Sat, 27 Apr 2013 11:10:37 +0800
Message-ID: <CAPPa=knYfWjqfGEhXrFNafhfKuOrMKM-VPC8zGJj+FYy64-FHQ@mail.gmail.com>
From: Toby Mao <yumao9@gmail.com>
To: IPsecme WG <ipsec@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bd75594ec2f3004db4efeb3"
Cc: "maoyu@h3c.com" <maoyu@h3c.com>
Subject: [IPsec] One comment to this draft//Fwd: I-D Action: draft-ietf-ipsecme-ad-vpn-problem-06.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Apr 2013 03:10:38 -0000

I agree with almost all the requirements in the
draft-ietf-ipsecme-ad-vpn-problem. However, I think one more requirement
should be added in the Section 4.1.

The ADVPN solution SHOULD be able to implement Quality of Service (QoS) to
regulate the traffic in the ADVPN topology. ADVPN peer SHOULD NOT send
excessive traffic to the other members of ADVPN. The traffic for each ADVPN
peer CAN be measured individually for shaping and policing.

Best regards,

---------- Forwarded message ----------
From: <internet-drafts@ietf.org>
Date: Mon, Apr 22, 2013 at 9:03 PM
Subject: [IPsec] I-D Action: draft-ietf-ipsecme-ad-vpn-problem-06.txt
To: i-d-announce@ietf.org
Cc: ipsec@ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts
 This draft is a work item of the IP Security Maintenance and Extensions
Working Group of the IETF.

        Title           : Auto Discovery VPN Problem Statement and
        Author(s)       : Steve Hanna
                          Vishwas Manral
        Filename        : draft-ietf-ipsecme-ad-vpn-problem-06.txt
        Pages           : 11
        Date            : 2013-04-22

   This document describes the problem of enabling a large number of
   systems to communicate directly using IPsec to protect the traffic
   between them.  It then expands on the requirements, for such a

   Manual configuration of all possible tunnels is too cumbersome in
   many such cases.  In other cases the IP address of endpoints change
   or the endpoints may be behind NAT gateways, making static
   configuration impossible.  The Auto Discovery VPN solution will
   address these requirements.

The IETF datatracker status page for this draft is:

There's also a htmlized version available at:

A diff from the previous version is available at:

Internet-Drafts are also available by anonymous FTP at:

IPsec mailing list