Editor's note:  These minutes have not been edited.


    VTP - BOF
    37th IETF - San Jose, Ca.
    12/11/96

    Reported by: Pat Henkle, US Robotics Access Corp.


    No one bashed the agenda

    Larger Font requested

    Poor lighting

    Make presentation available over the net.
    FTP://elroy.usr.com/pub/ietf/vtp.ppt   and  vtp.ps

    Document name is Draft-calhoun-vtp-protocol-00.txt

    Why do we think that PPP can not be used over cable networks - shared
    media model

    Focus on the differences from layer 2 tunneling

    Performance w/ distributed PPP processing is a key differentiator

    Idea to actually have the "more trusted" router to initiate tunnels
    for security control

    Support for less than 128 bit keys - export issues need to be
    considered. This is only a problem with encryption, not
    authentication.

    Fit w/ multi link bundles should be included - helps address multi
    link latency issues when tunneling accross network.

    Mobile IP comparison - does not address Roaming users

    Should review Bill Simpson's security associations w / tunnels for
    consideration of some of those ideas.  Does not address
    multi-protocol.

    Interest?
    Why not merge w/ l2tp - time to market, PPP focus, SECURITY is
    important

    Complexity advantages of VTP over l2tp need to be articulated

    Discussion of multi-link bundle challenges with l2tp and pptp
    latency problem
    lost packets over Internet


    Consider using SA identifier in AH header w/ IPSEC

    Comparissons

    l2tp                VTP                   IPSEC (tunnel mode)
    complexity          simplicity            ?
    5 messages          2 messages            ?
    NAS/router          NAS/router            NAS/router
    router/router       -                     router/router
    IPSEC friendly      IPSEC friendly        -
    possible multilink  possible multilink    -
      latency issue       improved latency    -
    Distributed PPP       Central PPP
    dogleg eliminator


    VTP may be easier to on clients which do not already have PPP. Sme of
    these are low powered CPU. Also, VTP would facilitate tunnel
    redirection since there is less state information than for L2TP
    tunnels..

    Remove specific KDC scheme - point to others i.e., ISAKMP

    must use IPSEC to be considered

    consider tunnel redundancy / redirection

    VTP and IPSEC very similar - need to refine comparissons

    Strawman poll

    how many folks think PPP should be REQUIRED to do tunneling?
        -  very few
    how many folks think PPP should NOT be REQUIRED to do tunneling?
        - most

    NEXT STEPS
    explore l2tp w/o PPP requirement to get distributed PPP

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.