Re: I-D: Simple Configured Tunnel Setup Procedure

[Pekka Savola <pekkas@netcore.fi>]

On Fri, 21 Nov 2003, Gert Doering wrote:
> On Fri, Nov 21, 2003 at 04:29:24PM +0000, Ole Troan wrote:
> > I do like the idea (but)... if the 'S' in STEP means simple to deploy
> > then couldn't you achieve the same by just using L2TP? the user runs
> > the LAC the ISP the LNS. IPv6/PPP/L2TP/UDP tunnelling between
> > them. the ISP would typically have the required infrastructure
> > already. authentication is defined and it should do NAT traversal.
> 
> Been there, done that, works :-)
> 
> The drawback is that it's only "simple" if you have an existing L2TP
> infrastructure (that already can do IPv6).

I haven't really looked into L2TP myself, but I have a similar
impression than Gert -- L2TP -based system would be simple if all the
parties were already using L2TP.  

The simplicity is just borne by a different set of folks.  The current
STEP proposal (except for UDP encapsulation which is pretty trivial)  
has zero code changes and zero new software needed at the client side,
and very little to do at the ISP side. The ISP does have to hook the
system up to its lease/RADIUS/etc. databases somehow and/or implement
a small piece of code at the router that creates a tunnel dynamically
from a received packet.  So most of the work is done using unspecified
management methods.  For ISPs knowing what to do this should be
straightforward -- for those that don't, there might have to be some
additional ways to make it easier..

However, I would not want to discount L2TP as a solution.  Could
someone describe the infrastructure required a bit -- both at the
user, router and the other parts?

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings