Hi, Thus wrote Ahmed Abu-Abed (ahmed@tamkien.com):
I believe implementing line rate IPSEC on a CPE requires silicon that accelerates the crypto algorithms, and this may be a good
Depends on your line rate. Up to 10Mbps, with i386 family CPUs of 400Mhz or better, the CPU on its own will do fine.
So making IPSEC optional is more practical to LIRs needing low cost CPE solutions.
Another option would be for LIRs looking for ultra low cost routers to take some that don't make the requirements list. Or take CPEs that flag themselves as "fulfilling RIPE-501 except IPSEC". Just because RIPE-501 exists does not mean that devices that don't fulfil it will suddenly evaporate, right? Again, the purpose of such a list is that a device that fulfils it will cover most reasonable needs. If we strike every feature off that somebody said "oh well I think I can do without that" about, it will become a useless "remotely resembling functional" description. Arguing that practically nobody would want their CPE to do IPSEC because everybody does host based IPSEC would be a better approach, but I would offer that that's going to be patently untrue if you look at company users and not private-person-residential users. regards, spz -- spz@serpens.de (S.P.Zeidler)