Architecture for the Use of PE-PE IPsec Tunnels in BGP/MPLS IP VPNs
draft-ietf-l3vpn-ipsec-2547-05
Document | Type |
Expired Internet-Draft
(l3vpn WG)
Expired & archived
|
|
---|---|---|---|
Author | Eric C. Rosen | ||
Last updated | 2015-10-14 (Latest revision 2005-08-08) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Experimental | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Expired (IESG: Dead) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Ross Callon | ||
Send notices to | danny@arbor.net, tme@multicasttech.com |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
In BGP/MPLS IP Virtual Private Networks (VPNs), VPN data packets traveling from one Provider Edge (PE) router to another generally carry two MPLS labels, an "inner" label that corresponds to a VPN- specific route, and an "outer" label that corresponds to a Label Switched Path (LSP) between the PE routers. In some circumstances, it is desirable to support the same type of VPN architecture, but using an IPsec Security Association in place of that LSP. The "outer" MPLS label would thus be replaced by an IP/IPsec header. This enables the VPN packets to be carried securely over non-MPLS networks, using standard IPsec authentication and/or encryption functions to protect them. This draft specifies the procedures which are specific to support of BGP/MPLS IP VPNs using the IPsec encapsulation.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)