Open Stack

On 17 April 2013 00:42, Yi Yang <yyos1999 at gmail.com> wrote:

> 1. IMHO, we should separate IPSec/SSL VPN use cases from MPLS VPN cases,
> as the former adopts a server-client model while the latter doesn't.
>

Thirded.  There are any number of VPNs where the VPN is set up by some form
of mutual agreement - no negotiation, no connection, merely one end sending
packets in an agreed format and simultaneously agreeing to process incoming
ones.

The categorisations I would choose are:

1. VPN by mutual agreement (and where the connection cannot, typically, be
rejected) - this would include MPLS, GRE, l2tpv3 and VLANs
2. VPN where we provide one set of credentials to the far end, the VPN must
be activated and may drop and be reactivated, and the connection is
authorised or rejected on those credentials
3. VPN where we're an endpoint with (possibly) many sets of credentials and
we authorise incoming connections.

(2) and (3) would presumably be the same set of protocols and include
openvpn, ipsec and friends.

I'm not sure that that covers all the cases, so please chime in with your
counterexamples.

-- 
Ian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130417/dbc0bf1e/attachment.html>