[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phase 2 and ports



Jan Vilhuber wrote:

> > I remember in the last IETF Steven Bellovin gave a talk about a similar
> > problem for SCTP (one of the signaling protocols). There the problem was
> > with several IP addresses. If somebody's going to extend ID payloads,
> > such extensions should cover both issues.
> >
> Is 'several ip-addresses' not covered by the id-payload? You can do
> IPV$_ADD_RANGE, _SUBNET and simply ADDR. Does this not cover it? Is it
> because either the addresses are not consecutive? Or are they not known a
> priori? Can you elaborate a bit more, so I can make sure if my new payload
> (which I'm already designing) will cover this?

I think the issue was that you have, say, two IP addresses on two different
subnets for reliability reasons. Hence the addresses are not a range or
subnet, but rather a set. Perhaps they *could* be covered by some larger subnet
in *some* network situations. Or covered with several SAs. But these people
who would use that sort of thing were worried about performance and delays
of the nxn case if n equals the redundancy number.

Skip Booth wrote:

>> >    ports they are going to use. On a side note, it's always kind of bothered
>> >    me that we need 2 ID payloads. I assume this is so we can reuse the ID
>> 
>> Isn't this because, say, L2TP client is has a wildcard port number and
>> the server a fixed one?
>Actually the server starts on a fixed port and then may move to a dynamic port
>on its reply.

Yes, that problem too exists for L2TP. I wasn't trying to say L2TP uses
fixed ports, I was trying to make a point about why we had 2 ID payloads.
I should have used another example than L2TP.

Jari