[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [saag] Re:
hi david
> Phil,
>
> Agreed most of your observations.
>
> In addition to that, I would like to point out that
> RSVP is bandwidth reservation protocol for guarantee IP packet delivery in
> timely fashion.
actually it is a signaling protocol. it does not really reserve bandwidth or
any other qos things. this is the purpose of the underlying qos mechanisms.
> It can be used for 1-to-1 or 1-to-many and initiated by the
> receiver to set
> up a simplex flow.
good point. so far we haven't mentioned the rsvp multicast implications for
security.
> Each hop along the RSVP reserved path has to commit the bandwidth.
> For IP security point of view, each hop along the reserved/requested path
> have to trust each other
> for the bandwidth committed is vital to the router's behavior.
i would like to add that not all nodes have to trust each other directly.
instead the chain-of-trust principle uses the transitive trust relationship
between the individual nodes along the path to establish the end-to-end
trust rel..
>
> The (D)DOS attack to any RSVPable router can not be protected by IPSec v1.
to which dos attack are you exactly referring?
> For other sec protection, IPSec's secured data channel has to be
> established first
> before RSVP signaling message.
yes.
> It has to be done hop by hop - not just between flow sender and receiver.
true, it cannot be done end-to-end because of various reasons including:
- rsvp message modification along the path
- route pinning
etc.
>
> As for protecting flow itself (after RSVP has set up the flow), IPSec can
> set up only between sender and receiver...
> However, I don't think this is what this thread is interested.
yes - the protection of data traffic after the rsvp signaling took place
using ipsec is a different issue.
>
> Scalability could be an issue to setup IPSec channel for all hops
> along the
> requested/flow path.
the question of scalability depends how many rsvp aware nodes along the path
you have.
futhermore ipsec (in a hop-by-hop manner) may also be used for a specific
part in the network (for example between two network providers) whereas
other parts use the rsvp built-in integrity object.
> If "no IPSec -> no RSVP" is not an issue, it seems ok. :-)
i am not quite sure what you mean with this statement.
ciao
hannes