Re: IPSEC and NAT

[Robert Moskowitz <rgm3@chrysler.com>]

At 07:04 AM 8/27/97 -0400, Paul Ferguson wrote:

Actually, I was one of the proposers of using the precedence bits at
Memphis; and I am sure that it came up before.  However, you can't do
enough with 3 bits, IMHO.  This might be the greatest driver to IPv6, or at
least IPv4 in secure IPv6 tunnels!  IPv6 with things like Flow ID should
have enough exposed fields to to class of service. 

BTW, how is this for a totally backward view of IPngtran?

>At 06:37 AM 8/27/97 -0400, Robert Moskowitz wrote:
>
>>
>>Who is ready to tackle IPsec and Class of service???????
>>
>
>Shouldn't be a problem, since IPsec doesn't munge the IP Precedence
>bits. If you haven't been following the discussion over in intserv,
>and missed the intserv differentiated service meeting in Munich, this
>has been an ongoing discussion on how to provide differing levels of
>service -- something 'looser' than RSVP and state maintenance. There
>is strong consensus that a 'drop preference' can be implemented using
>something like the IP Precedence bits in conjunction with a weighted
>congestion avoidance mechanism in the network core, so that when
>congestion does occur in the network, you basically get differing
>levels of best effort -- someone's traffic will get dropped before
>someone else's.
>
>Outside of the scope of IPSec, I know, but you asked.  :-)
>
>- paul
>
>
>
Robert Moskowitz
Chrysler Corporation
(810) 758-8212

---

Follow-Ups:

• Re: IPSEC and NAT
• From: Paul Ferguson <pferguso@cisco.com>

References:

• Re: IPSEC and NAT
• From: Robert Moskowitz <rgm3@chrysler.com>
• Re: IPSEC and NAT
• From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
• Re: IPSEC and NAT
• From: Paul Ferguson <pferguso@cisco.com>

---

• Prev by Date: Re: IPSEC and NAT
• Next by Date: Re: Is tunnel IP address included in SA?
• Prev by thread: Re: IPSEC and NAT
• Next by thread: Re: IPSEC and NAT
• Index(es):
  • Main
  • Thread