Re: SOI: selector exclusion lists/ranges

[Michael Thomas <mat@cisco.com>]

Again, I'm pleased as punch if they're part of the
proposed protocols. I just want them to also be
reflected in the requirements so that we all agree
what are features vs. misfeatures, etc.

	 Mike

Dan Harkins writes:
 >   The Traffic Selector Payload consists of a list of Traffic Selector
 > Substructures each of which have start-port and end-port entries.
 > So you can specify ports 1-78 and 80-1023 if you wanted to protect
 > all ports less than 1024 except 79.
 > 
 >   They can't represent things that fall outside of a selector since
 > they are designed to represent the selector itself. But I think they
 > can do what you want. Check out section 7.13 in the IKEv2 draft.
 > 
 >   Note that while IKEv2 can express this an RFC2401-compliant IPsec
 > implementation could not have a selector like this for IKEv2 to 
 > represent. The restriction in RFC2401 was because of a limitation in
 > RFC2408 though so hopefully a rev of RFC2401 will include port ranges.
 > 
 >   Dan.
 > 
 > On Tue, 27 Nov 2001 12:09:14 PST you wrote
 > > 
 > > Thus I think we should have a requirement which
 > > states:
 > > 
 > > "The protocol MUST have the ability to express
 > >  port ranges for flow selectors, as well as have
 > >  the ability to selectively enumerate ports which
 > >  fall outside of the flow selector."
 > > 
 > >       Mike

---

References:

• SOI: selector exclusion lists/ranges
• From: Michael Thomas <mat@cisco.com>
• Re: SOI: selector exclusion lists/ranges
• From: Dan Harkins <dharkins@tibernian.com>

---

• Prev by Date: Re: SOI: selector exclusion lists/ranges
• Next by Date: Re: SOI: selector exclusion lists/ranges
• Next by thread: Re: Status of ID: IPsec Flow Monitoring MIB
• Index(es):
  • Main
  • Thread