[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT Traversal

To: Stephen Kent <kent@bbn.com>
Subject: RE: NAT Traversal
From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Date: Thu, 7 Mar 2002 09:13:16 -0800 (PST)
cc: <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.33.0203070834280.9072-100000@cypher.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Thu, 7 Mar 2002, Chinna N.R. Pellacuru wrote:

> On Wed, 6 Mar 2002, Stephen Kent wrote:
>
> > That minimal or non-existent impact stands in stark contrast to a
> > proposal to reduce the space by a factor of 65K.
> >
> > Steve
> >
>
> Point taken. We propose to folks who want to use our proposal to reduce
> the SPI space by 16 bits, but not give up their flexibility of using
> different tunnel endpoints to demux incoming ESP/AH traffic.
>

That way people can use a SPI as:

           SPI: the 16-bit value used to distinguish among different
           SAs terminating at the same destination and using the same
           IPsec protocol.

The tunnel endpoint discussion is a different one than this one. So, for
each peer an IPsec implementation is peering with, we can still have 64k
SPIs that are generated locally.

So, an IPsec implementation is in no way restricted to a total of 64k
total SPIs but are restricted to a total of 64k SPIs to a particular peer
(a particular remote tunnel endpoint).

    chinna

chinna narasimha reddy pellacuru
s/w engineer

Follow-Ups:
- RE: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- RE: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: RE: NAT Traversal
Next by Date: Re: NAT Traversal
Prev by thread: RE: NAT Traversal
Next by thread: RE: NAT Traversal
Index(es):
- Date
- Thread