Re: src addr/SPI coupling

["jshukla" <jshukla@earthlink.net>]

----- Original Message ----- 
From: "Michael Thomas" <mat@cisco.com>
 >    OK, that changes the sense of the problem, but not
 >    the original question. Why does there need to be
 >    any dependency on the destination address to 
 >    select the right SA? This still seems like it 

To make sure that SA is unique!? SPI is only
32 bits long and there is a finite chance of 
collision. 

         SPI is chosen by the destination of
SA who makes sure that it does not have two
identical SPIs (it does not prevent the source
from having the same SPI for another SA).
         The source of SA uses the destination 
address along with SPI to make sure that 
SA is unique (in the event there is a collision and 
the source ends up having two SAs that share 
a common SPI).

 >    could run into trouble on the mobile node 
 >    incoming traffic if the destination address
 >    were "wrong" (which is, I think, the way a
 >    naive stack might view it.)
 > 
 >       Mike

It will surely run into trouble. BTW, this 
problem is similar to the NAT problem. 


regards,
Jayant

---

Follow-Ups:

• Re: src addr/SPI coupling
• From: Michael Thomas <mat@cisco.com>

References:

• src addr/SPI coupling
• From: Michael Thomas <mat@cisco.com>
• Re: src addr/SPI coupling
• From: Jan Vilhuber <vilhuber@cisco.com>
• Re: src addr/SPI coupling
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: src addr/SPI coupling
• Next by Date: Re: src addr/SPI coupling
• Prev by thread: RE: src addr/SPI coupling
• Next by thread: Re: src addr/SPI coupling
• Index(es):
  • Main
  • Thread