[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
> From: solo@BBN.COM
> In the discussions of SAID "structure" there are a couple of cases
> which I haven't been able to reconcile. I agree that in general,
> SAIDs are assigned by the destination for unicast traffic.
> doesn't seem to always translate to multicast traffic.
> In such a case, absent any structure to the
> SAID, it is possible that it will collide with an SAID I have
> assigned. I thought it was this case that argued for some bit (either
> "originator assigned" or "multicast group") in the SAID.
In this case, the "bit" is actually the whole Destination field. You
already know whether the Destination is a multicast address.
I don't see how it could possibly conflict. If you have joined the
multicast group properly, you will know the SAID (or SAIDs) for that
group. If you just assign SAIDs willy nilly, why of course you will
have a conflict!
Did you actually read ESP?
A session between two nodes will normally have two SAID values (one
in each direction). The nodes use the combination of SAID and IP
Destination to distinguish the correct association.
By having the Destination select the SAID value, conflicts are
avoided between manually configured and automatically configured
Security Associations (when using a key management protocol).
A given Destination is not necessarily in control of the
negotiation process. In the case of multicast groups, a single
node or cooperating subset of the multicast group may work on
behalf of the entire group to set up a Security Association.