[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: QoS and IKEv2

To: radia.perlman@sun.com, ipsec@lists.tislabs.com
Subject: RE: QoS and IKEv2
From: Black_David@emc.com
Date: Mon, 10 Mar 2003 11:27:30 -0500
Sender: owner-ipsec@lists.tislabs.com

Radia and Jesse,

Comments embedded ...

Thanks, --David

> >Again, it seems to me it might be easier to explicitly include this (PHB)
> >information in the TS payload. This requires modifications to the IKEv2
> >draft.
> >
> >Thanks again,
> >Jesse
> 
> Thank you for noticing that, Jesse. The problem (to summarize
> without diffserv acronyms) is that IKEv2 says that two
> child-SAs with the same traffic selectors are redundant,
> and extra ones should be closed. But it also says that
> you might want several between the same endpoints with
> the same traffic selectors for different QOS.
> 
> I'd propose that there should be some way to create
> multiple SAs with the same traffic selectors, and
> that it's not necessary to negotiate what QOS things
> go over which ones. It's up to the sender to
> decide that. And there might in the future be
> other reasons to create multiple SAs and
> we wouldn't be able to tell the difference
> based solely on the fields in the traffic
> selector (protocol type, address, and port).

Part of the sender deciding that might involve some
sort of QoS protocol or protocol feature run through the
SA to get some sort of agreement between the ends.  Two
examples are RSVP using the DCLASS object (RFC 2996) and
L2TP using its DiffServ Extension (RFC 3308); these function
in somewhat different fashions to achieve similar ends.
This functional difference is among the reasons for keeping
IKE out of this QoS negotiation area.

Some discussion of leaving QoS negotiation and the like
to protocols that run through the CHILD SA after
it's been created would be a good thing for the IKEv2
draft, including these two examples.  

> So I'd propose one more field in the traffic
> selector for "uniquifier". Alice can create
> multiple child-SAs to Bob with the same
> traffic selectors, as long as they have different
> uniquifiers.
> 
> The only function of the uniquifier is so that
> the multiple SAs won't look redundant to Bob.
> Which traffic gets sent over which SA is up
> to the sender.
> 
> Radia

Prev by Date: Re: bidding down attach on NAT-T
Next by Date: Re: bidding down attach on NAT-T
Prev by thread: RE: QoS and IKEv2
Next by thread: RE: QoS and IKEv2
Index(es):
- Date
- Thread