Re: ProxyARP and IPSec - H. Peter Anvin

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Andy Gay <andy@andynet.net>, David Miller <davem@davemloft.net>,
	tgraf@suug.ch, netdev@vger.kernel.org
Subject: Re: ProxyARP and IPSec
Date: Fri, 25 Aug 2006 21:16:15 -0700	[thread overview]
Message-ID: <44EFCB0F.5080506@zytor.com> (raw)
In-Reply-To: <20060824125046.GA25439@ms2.inr.ac.ru>

Alexey Kuznetsov wrote:
> Hello!
> 
>> I'm thinking that David definitely has a point about having a usability 
>> problem, though.  All other kind of tunnels have endpoint devices 
>> associated with them, and that would make all these kinds of problems go 
>> away, 
> 
> Yes, when you deal with sane practical setups, this approach is the only
> reasonable one.
> 
> Unfortunately, IPsec is not something totally sane and practical :-),
> "security gateway" case is small part of it and "routing" viewpoint
> clashes fatally with another requirements. Pure result is that we use approach
> where it is possible to do everything with some efforts, rather than approach
> which is simple and intuitive, but does not allow to do many things.
> 

Fair enough.  However, that does beg a question: is there any sane way 
to create the pseudo-device model on top of the current model, as a 
convenience layer?  That way you could get the best of both.

	-hpa

next prev parent reply	other threads:[~2006-08-26  4:17 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-23  0:31 ProxyARP and IPSec H. Peter Anvin
2006-08-23 19:14 ` Thomas Graf
2006-08-23 22:14   ` David Miller
2006-08-23 23:18     ` Alexey Kuznetsov
2006-08-24  1:12       ` H. Peter Anvin
2006-08-24  1:14         ` H. Peter Anvin
2006-08-24  2:20           ` Andy Gay
2006-08-24  4:14             ` H. Peter Anvin
2006-08-24 12:50               ` Alexey Kuznetsov
2006-08-26  4:16                 ` H. Peter Anvin [this message]
2006-09-02 15:36                   ` Stephen J. Bevan
2006-09-02 17:30                     ` H. Peter Anvin
2006-09-02 20:54                       ` Stephen J. Bevan
2006-09-05  5:17                         ` H. Peter Anvin
2006-09-04 22:27                       ` Alexey Kuznetsov
2006-09-05  5:12                         ` H. Peter Anvin
2006-09-05  9:05                           ` Alexey Kuznetsov
2006-09-22 20:36                             ` David Miller
2006-09-23  4:22                               ` Stephen J. Bevan
2006-09-06  2:25                         ` Stephen J. Bevan
2006-08-24 10:50     ` Thomas Graf
2006-09-07 22:28       ` H. Peter Anvin
2006-09-08  7:37         ` Thomas Graf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44EFCB0F.5080506@zytor.com \
    --to=hpa@zytor.com \
    --cc=andy@andynet.net \
    --cc=davem@davemloft.net \
    --cc=kuznet@ms2.inr.ac.ru \
    --cc=netdev@vger.kernel.org \
    --cc=tgraf@suug.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.