Skip to main content

Architecture for the Use of PE-PE IPsec Tunnels in BGP/MPLS IP VPNs
draft-ietf-l3vpn-ipsec-2547-05

Document Type Expired Internet-Draft (l3vpn WG)
Expired & archived
Author Eric C. Rosen
Last updated 2015-10-14 (Latest revision 2005-08-08)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Experimental
Formats
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired (IESG: Dead)
Action Holders
(None)
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Ross Callon
Send notices to danny@arbor.net, tme@multicasttech.com

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

In BGP/MPLS IP Virtual Private Networks (VPNs), VPN data packets traveling from one Provider Edge (PE) router to another generally carry two MPLS labels, an "inner" label that corresponds to a VPN- specific route, and an "outer" label that corresponds to a Label Switched Path (LSP) between the PE routers. In some circumstances, it is desirable to support the same type of VPN architecture, but using an IPsec Security Association in place of that LSP. The "outer" MPLS label would thus be replaced by an IP/IPsec header. This enables the VPN packets to be carried securely over non-MPLS networks, using standard IPsec authentication and/or encryption functions to protect them. This draft specifies the procedures which are specific to support of BGP/MPLS IP VPNs using the IPsec encapsulation.

Authors

Eric C. Rosen

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)