However, although tunnels provide the VPN, managing them within the framework of multicast IP routing prevents some complex problems. The Mbone has grown as a Virtual Network using tunnels, but there have been a number of problems related to the fact that all the tunnels have to be manually administered. If a metric is badly set then a site can disappear and appear unreachable. If tunnels are used to connect sites together as a single domain for multicast, then a lot of work must be done to ensure that the domain remains convex; i.e. there is no better route to the sites than through the tunnels.10.5 If there is, then administratively scoped traffic won't be able to reach the other site. If the traffic doesn't reach the site then it is useless.
Next: Firewalls
Up: Network level solutions
Previous: Administrative Address Scoping
Jon CROWCROFT
1998-12-03