Name: draft-ietf-l3vpn-ipsec-2547-03
Title: Use of PE-PE IPsec in RFC2547 VPNs
State: Active
Authors: Eric Rosen, Jeremy De Clercq, Chandru Sargor
Group: Layer 3 Virtual Private Networks (l3vpn)
Date: 2004-09-30
In BGP/MPLS IP Virtual Private Networks (VPNs), VPN data packets traveling
from one Provider Edge (PE) router to another generally carry two MPLS
labels, an inner label that corresponds to a VPN- specific route, and an
outer label that corresponds to a Label Switched Path (LSP) between the PE
routers. In some circumstances, it is desirable to support the same type of
VPN architecture, but using an IPsec Security Association in place of that
LSP. The outer MPLS label would thus be replaced by an IP/IPsec header.
This enables the VPN packets to be carried securely over non-MPLS networks,
using standard IPsec authentication and/or encryption functions to protect
them. This draft specifies the procedures which are specific to support of
BGP/MPLS IP VPNs using the IPsec encapsulation.
[sh-index] Back to list of manuals
|
| |
