[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Protocol and port fields in selectors
sakari.poussa@nokia.com wrote:
> Steve& Joe, thank you for your responses.
>
> The reason why I am asking this is that
> in 3GPP/IMS the SIP signaling between the mobile
> phone and SIP-proxy (P-CSCF) is protected with an IPSec SA.
> The SA is not negotiated with IKE but with a sip-sec-agree
> negotiation. In the resulting IPSec SA, the protocol is
> wildcard and the src/dst addresses and ports specified. The
> rationale is to have a single SA to protect the SIP traffic
> running on top of UDP and TCP.
>
> It seems that some implementations support this scenario
> while others don't.
Hi, Sakari,
Agreed on your last point. There might be utility to saying "TCP or
UDP", e.g., for NFS, DNS or similar traffic that might use either. For
most other protocols, although both ports are allocated, only one is
generally used.
It seems dangerous to let the transport protocol field completely float
but to pin down the port number. There is no universal allocation of
ports except relative to a transport protocol; there is no guarantee
that new transport protocols (DCP, SCTP, etc.) will allocate ports with
the same meaning.
At best, though, it seems like this cuts the database down by a factor
of 2; is there that much utility to such an optimization?
Joe