Architecture for the Use of PE-PE IPsec Tunnels in BGP/MPLS IP VPNs
draft-ietf-l3vpn-ipsec-2547-05

Document Type Expired Internet-Draft (l3vpn WG)
Last updated 2008-09-12 (latest revision 2005-08-08)
Stream IETF
Intended RFC status Experimental
Formats
Expired & archived
plain text pdf html
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Telechat date
Responsible AD Ross Callon
Send notices to tme@multicasttech.com, danny@arbor.net, rcallon@juniper.net

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-l3vpn-ipsec-2547-05.txt

Abstract

In BGP/MPLS IP Virtual Private Networks (VPNs), VPN data packets traveling from one Provider Edge (PE) router to another generally carry two MPLS labels, an "inner" label that corresponds to a VPN- specific route, and an "outer" label that corresponds to a Label Switched Path (LSP) between the PE routers. In some circumstances, it is desirable to support the same type of VPN architecture, but using an IPsec Security Association in place of that LSP. The "outer" MPLS label would thus be replaced by an IP/IPsec header. This enables the VPN packets to be carried securely over non-MPLS networks, using standard IPsec authentication and/or encryption functions to protect them. This draft specifies the procedures which are specific to support of BGP/MPLS IP VPNs using the IPsec encapsulation.

Authors

Eric Rosen (erosen@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)