RFC 4891:Using IPsec to Secure IPv6-in-IPv4 Tunnel...
RFC-Ref

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

SPD

Click on the red underlined text to get to the source

1. Introduction
... packet formats and Security Policy Database (SPD) entries. Section 6 gives recommendations. Appendices further discuss tunnel mode usage and ...


5. IPsec Configuration Details
... This section describes the SPD entries for setting up the IPsec transport mode SA ...
... SA is not modeled as an interface (e.g., as of this writing, popular in many open source implementations), the SPD entries for protecting all traffic between the two endpoints ...
... traffic multicast traffic would need to be identified, possibly resulting in a long list of SPD entries. The second requirement is difficult to satisfy, because the traffic ...
... addresses are assigned on interfaces (rather than configured in SPDs) for proper source address selection. ...
... IPsec processing. The following SPD entries assume that there are two routers, Router1 and Router2, with tunnel endpoint ...
... IPV4-TEP1 and IPV4-TEP2, respectively. (In other scenarios, the SPDs are set up similarly.) ...
... up similarly.) Router1's SPD: Next Layer ...
... transport) Router2's SPD: Next Layer ...
... transport) In both SPD entries, "IKE" refers to UDP destination port ...
... Peer Authorization Database (PAD) provides the link between SPD and the key management daemon [RFC4306 ...


6. Recommendations
... In Appendix A, we also explore what it would take to use so-called Specific SPD (SSPD) tunnel mode. Such usage is more complicated because IPv6 prefixes ...


7. Security Considerations
... keys and also through the application of policies dictated by the Security Policy Database (SPD). The NAT traversal ...


11. Appendix A. Using Tunnel Mode
... methods. We note that, in this context, only the so-called Specific SPD (SSPD) model (without a tunnel interface ...
... depending on the implementation: 1. "Generic SPDs": some implementations model the tunnel mode SA as an IP interface ...
... tunnel. This mode is similar to transport mode. The SPDs must be interface-specific. However, because IKE uses ...
... not feasible. 2. "Specific SPDs": some implementations do not model the tunnel mode SA as an IP interface. Traffic ...
... IP interface. Traffic selection is based on specific SPD entries, e.g., "2001:db8:1::/48 <-> 2001:db8: 2::/48". As the IPsec session ...
... more difficult compared with transport mode and, depending on implementation, may need to be reflected in SPDs. ...
... A.2. Specific SPD for Host-to-Host Scenario ...
... The following SPD entries assume that there are two hosts, Host1 and Host2, whose IPv6 addresses ...
... Host1's SPD: Next Layer ...
... IPV4-TEP2}) Host2's SPD: Next Layer ...
... A.3. Specific SPD for Host-to-Router Scenario ...
... The following SPD entries assume that the host has the IPv6 address ...
... IPV6-PREF/48 to the host, the corresponding SPD entries can be derived by replacing IPV6- EP1 with IPV6 ...
... Please note the bypass entry for host's SPD, absent in router's SPD. ...
... host's SPD, absent in router's SPD. While this might be an implementation matter for host-to-router ...
... Host's SPD: Next Layer ...
... Router's SPD: Next Layer ...

6 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org