[mpls-linux-general] Running MPLS on top of IPSec : Resolved
Status: Beta
Brought to you by:
jleu
Menu
▾
▴
[mpls-linux-general] Running MPLS on top of IPSec : Resolved
|
From: Murthy S. A. <msa...@cs...> - 2003-04-24 14:46:18
|
A few days back , i posted a query asking if anybody had experience doing this . There was one response, suggesting I use the IpSecN interface IDs (instead of thephysical interface IDs) when setting up the MPLS LSPs. What I have realized since, is that one does NOT have to do ANYTHING special to be able to get this to run. It will work automatically. The reason being, IPSec works at layer 3 (it is essenetially IP in IP) and MPLS works below layer 3 (and above 2). Therefore, as long as we make sure we associate the same physical interface with IpSec (through 'left'/'right' and 'leftgateway'/'rightgateway' in ipsec.conf - for freeswan) and with MPLS (when we set the 'push' instructions), packets automatically go in the order IP<-->IPSec<-->MPLS<------>Ethernet<-->wire L3 L3 L2.5(?) L2 I was able to get this to work in a lab setting. Just thought I will share this info with the group. Murthy Andukuri |
