RE: QoS and IKEv2

[Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>]

"Jesse Alpert" <jalpert@checkpoint.com> wrote:

>Again, it seems to me it might be easier to explicitly include this (PHB)
>information in the TS payload. This requires modifications to the IKEv2
>draft.
>
>Thanks again,
>Jesse
>
>

Thank you for noticing that, Jesse. The problem (to summarize
without diffserv acronyms) is that IKEv2 says that two
child-SAs with the same traffic selectors are redundant,
and extra ones should be closed. But it also says that
you might want several between the same endpoints with
the same traffic selectors for different QOS.

I'd propose that there should be some way to create
multiple SAs with the same traffic selectors, and
that it's not necessary to negotiate what QOS things
go over which ones. It's up to the sender to
decide that. And there might in the future be
other reasons to create multiple SAs and
we wouldn't be able to tell the difference
based solely on the fields in the traffic
selector (protocol type, address, and port).

So I'd propose one more field in the traffic
selector for "uniquifier". Alice can create
multiple child-SAs to Bob with the same
traffic selectors, as long as they have different
uniquifiers.

The only function of the uniquifier is so that
the multiple SAs won't look redundant to Bob.
Which traffic gets sent over which SA is up
to the sender.

Radia