[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Choosing between IKEv2 and JFK

To: Michael Thomas <mat@cisco.com>
Subject: Re: Choosing between IKEv2 and JFK
From: Jan Vilhuber <vilhuber@cisco.com>
Date: Mon, 11 Mar 2002 10:41:42 -0800 (PST)
cc: Michael Richardson <mcr@sandelman.ottawa.on.ca>, <ipsec@lists.tislabs.com>
In-Reply-To: <15500.57682.612507.727625@thomasm-u1.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

On Mon, 11 Mar 2002, Michael Thomas wrote:
>  >   Not that I can see. It requires that the QoS level be negotiated, but this
>  > is an additional "parameter", rather like an cipher algorithm.
>
>    Within IKE??? I don't see it. If not IKE, whose
>    parameter are you talking about here?
>

Instead of negotiating (tunnel from A to B), as you can do now, you'd
have to be able to negotiate (tunnel from A to B with tos-bits
010101). IKE currently can't do that. I believe that's what mcr is
saying..

Note that (IMO) this says nothing of policing, admission control,
etc. It's merely a tunnel we're negotiating. It's up to some local
policy manager on the endpoints (not IKE!) to decide whether this is
an allowable tunnel for the user (and whether the user/endpoint is
allowed to send traffic under Qos-level 010101 to begin with). IKE
should care about NONE of those things. IKE gets told "negotiate this
tunnel for me" and IKE goes and does it.

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

Follow-Ups:
- Re: Choosing between IKEv2 and JFK
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:
- Re: Choosing between IKEv2 and JFK
  - From: Michael Thomas <mat@cisco.com>

Prev by Date: Re: Problem about reassembly and fragmentation
Next by Date: Re: How's IPSEC implementation tested
Prev by thread: Re: Choosing between IKEv2 and JFK
Next by thread: Re: Choosing between IKEv2 and JFK
Index(es):
- Date
- Thread