[AG-TECH] MSB and Linux

Tony Rimovsky tony at ncsa.uiuc.edu
Thu Aug 16 22:47:55 CDT 2001 

First -- that particular application (tunneling commodity Internet
traffic into I2) is a clear violation of the I2 Acceptable Use Policy.
If you have to play with this, fine.  Do it between hosts on I2
enabled networks.


Second -- while VPN tuneling to make multicast "work" is expedient, it
is shortsighted and works against getting real multicast deployed.
This is particularly true if Microsoft were to promote it as a
standard practice as part of a conference bridging solution.  In fact,
it could practically kill future interdomain multicast deployment.

A far better solution would be for microsoft to provide solid
multicast apps, tools, IGMPv3, etc.. and then promote native multicast
routing.  



On Thu, Aug 16, 2001 at 05:53:24PM -0700, Jay Beavers wrote:
> FYI, I've just confirmed that if you install VPN on Windows XP Server,
> place it on the Internet2, and have it hand out Internet2 addresses, you
> can VPN into the box from an Internet1 computer and send/receive
> multicast RTP traffic.
> 
> This gets us dial-up style authentication on an individual
> username/password basis and is also compatible with hardware
> authentication systems such as smart cards.
> 
> This is the technique we'll be trying at Microsoft Research for our
> Internet2/Corporate Network conference bridging.
> 
>  - jcb
> 
> -----Original Message-----
> From: Toerless Eckert [mailto:eckert at cisco.com] 
> Sent: Sunday, August 12, 2001 5:43 PM
> To: Robert Olson
> Cc: Bill Nickless; Mark Hereld; kabev; ag-tech at mcs.anl.gov; Toerless
> Eckert
> Subject: Re: [AG-TECH] MSB and Linux
> 
> On Sun, Aug 12, 2001 at 07:28:45PM -0500, Robert Olson wrote:
> > Did he know if the VPN boxes did indeed support multicast? Perhaps we 
> > should look into what it might take (say, for the porta-ag..)
> 
> Well, i wasn't really thinking about VPN boxes directly, i was rather
> thinking about L2TP tunnel
> into an aggregation router (or some dedicated VPN box, right, but yes -
> i do not know if those support
> ip multicast). The main point is to have the tunnel endpoint software
> available on the
> designated end system platform, and L2TP seems to be the most commonly
> available, but Bill
> also said that with your particular platform (Linux at least in one
> system, GRE might also be
> an option. The advantage of L2TP for larger scaling setups is the dialup
> style user authentication
> you can typically configure, whereas GRE is always statically configured
> and authentication is only
> via ip address of the remote endpoint.
> 
> Cheers
> 	Toerless

More information about the ag-tech mailing list