[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Draft ipsec agendas
William,
I cannot open the link of the draft.
For performance reason, I would prefer tunnel mode since it requires fewer
operation, and we only support tunnel mode.
Our current products can support upto 350Mb/s for single TCP session and
1Gb/b for aggregate sessions. I think many vendors can do more than 100Mb/s
these days.
Michael Shieh
-----Original Message-----
From: William Dixon [mailto:wdixon@windows.microsoft.com]
Sent: Tuesday, March 19, 2002 4:36 PM
To: Theodore Ts'o; ipsec@lists.tislabs.com
Cc: iscsi-security@external.cisco.com
Subject: RE: Draft ipsec agendas
Ted, is there 2 or 3 minutes to update the IPsec WG on one outcome of
the recent IP Storage using IPsec discussion ? I'm happy to squeeze in
where someone finishes early. I mainly want to poll the audience of
implementers to see what IPsec GW implementation can accept and run an
IPSec tunnel SA for a single or aggregate of TCP connections at
100Mbits/sec & 1Gbit/sec 3DES/SHA1 for the following selector:
Possible Quick Mode proposal of an IP storage initiator to IPSec GW:
Src IP = initiator real IP
Dst IP = target real IP (the target is behind the gateway, not the GW IP
itself)
Protocol = TCP
Src Port = * or <dynamically allocated port>
Dst Port = wellknown (e.g. 3260 for iSCSI)
The polling of vendors is important to determine if the target community
can achieve their goal of bolting on a commercial IPsec security gateway
in front of a (single or group of) IP storage target(s), perhaps find
those that could be used for interop testing in 3 months.
I am still thinking transport mode is more appropriate choice for
securing IP Storage TCP connections, but nevertheless, we should
determine if IPsec GWs vendors can deal with a tunnel like this, and
what the tunnel mode alternative is if they can't.
Interested folks can see latest draft, but I don't think this version
made cutoff for submission and isn't current with yesterday's discussion
yet.
http://www.drizzle.com/~aboba/RDMA/draft-ietf-ips-security-11.txt
Thx,
Wm