The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Re: ipsec
Pranja, IPsec will run over MPLS quite happily. Think of it this way: IPsec encapsulates the data and perhaps the original header as well (by way of encryption), and adds a new header. The data of this new packet is the old packet and header encrypted. From the point of view of the network, it is just data, just bits and bytes. From the IPsec customer side, it sees just a regular IP connection to a Service Provider. Everybody carries on just as normal - after the customer router does the IPsec encapsulation. How you deal with the IPsec encapsulation is a different issue from MPLS. That still may require third-party verification, and certainly does require both customer sides to have the proper IPsec setup and relationship between them. The introduction of MPLS is the middle is not seen by the customer IPsec any more than normal IP traffic is bothered by or sees MPLS in the middle. Encryption and decryption can occur anywhere on the customer site you want it to happen, even on the CE router. Two separate processes, MPLS and IPsec, but IPsec is still just IP to the MPLS functions. I hope this helps. Roger Williams At 04:44 PM 5/23/2002, you wrote: Hi------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|