Hello all,

I have the following question (== misunderstanding from my part?)
w.r.t. openbgp support for dynamic keying: I was living under the
impression (hope?) that the said support means not only that the keys
for the BGP peering session per se are established dynamically but
also that the SPD itself is kept in sync with the coresp. BGP routing
info i.e. bgp updates the IPsec flows to be consistent with the BGP
routing info exchanged with the said peer.

In my current setup I have bgpd setting up the flows for the peering
session (on top of an "isakmpd -Ka"), routing tables are updated
correctly at both peers _through_ the IPsec tunnel but the SPD
entries/IPsec flows for these networks are not set up. As a
consequence the traffic between those nets doesn't go through the
IPsec tunnel but is routed "as usual" (i.e. via the physical iface).

To sum up, the question is: Is it me doing smth wrong and this
supposed to work or is this feature not supported (*ahem*... yet).

TIA for any hints and suggestions and (most kindly) pointers to
relevant resources. I (think I've) done my homework and the usual
googling and nothing of relevance showed up. But (of course) I might
have missed smth...


Rgrds,

Florian