1 \subsection{006: SAs entries should be capable of overlapping}
3 \subsubsection{006: Definition of requirement }
5 Currently klips1 apparently identifies a tunnel by what {\bf remote} subnet it
6 serves. That means that if a new tunnel is brought up serving the same
7 subnet, it supersedes the previous one.
9 A more complex semantic is required, and a way to express it:
12 \item sometimes you do want the new tunnel to supersede the old one.
13 \item sometimes you want the new tunnel to operate in parallel, using
14 equal-cost multipath, for load sharing.
15 \item sometimes you want the new tunnel to just sit there in standby mode,
23 \subsubsection{006: response}
25 This is a misfeature, and is hereby deprecated.
27 Rollover of SAs is necessary for functional long-term opportunism.
29 %Possibly constructive suggestion (to be filed under some OTHER
30 %heading): We could have family lineages: Within each family lineage,
31 %parents would be replaced by children as the former expire. They would
32 %keep the "family name". The name could be derived perhaps from the name of
33 %the CONN declartion in the .conf file.
35 %To implement load-sharing, mobility, and failover, we could have multiple
36 %families serving the same remote subnet.