From owner-freebsd-stable Tue Jul 18 14:36:57 2000 Delivered-To: freebsd-stable@freebsd.org Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by hub.freebsd.org (Postfix) with ESMTP id 9CD5A37B80B for ; Tue, 18 Jul 2000 14:36:55 -0700 (PDT) (envelope-from touch@ISI.EDU) Received: from isi.edu (ras02.isi.edu [128.9.176.102]) by boreas.isi.edu (8.9.3/8.9.3) with ESMTP id OAA15714; Tue, 18 Jul 2000 14:36:44 -0700 (PDT) Message-ID: <3974BFE9.8789DB61@isi.edu> Date: Tue, 18 Jul 2000 13:36:57 -0700 From: Joe Touch X-Mailer: Mozilla 4.73 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: itojun@iijlab.net Cc: snap-users@kame.net, Lars Eggert , stable@freebsd.org, xbone@ISI.EDU, touch@ISI.EDU Subject: Re: (KAME-snap 2950) Re: KAME/FreeBSD-stable merge References: <17780.963892204@coconut.itojun.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG itojun@iijlab.net wrote: > > >The current KAME code does not support multiple tunnels between two > >hosts on a single interface. This restores that capability, which is > >required for setting up different overlay networks which use the same > >pairs of hosts. > > if you consider inbound packets, it does not make sense to have > multiple tunnel interfaces for the same pair of outer addresses . There are two alternatives: #1- multiple tunnels with the same outer wrapper #2- aliases on a GIF The analogy of #2 is ethernet with aliases; a single outer wrapper (ethernet MAC address) on different inner IP src/dest pairs. We note that it is feasible and possible to assign multiple ethernets the same MAC address with different IP addresses, resulting in #1. We are currently trying to determine if aliases suffice, and will post our results when tests are complete. However, we consider aliases _much_ more of a 'hack' than generalizing the capability of GIF tunnels. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message