[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: QoS selectors (was LAST CALL: IKE)

To: mduffy@quarrytech.com, ipsec@lists.tislabs.com
Subject: RE: QoS selectors (was LAST CALL: IKE)
From: Black_David@emc.com
Date: Thu, 26 Jun 2003 15:02:38 -0400
Sender: owner-ipsec@lists.tislabs.com

Mark,

> I would argue that in tunnel mode it is basically a local matter for the 
> sender how it wants to initialize the DiffServ bits in the outer 
> header.  It might be "set to k" or "copy from inner" but could also be 
> anything else.  So the cases to be considered might be a somewhat
different 
> set than you have below but the important points are the same.

Yes, RFC 2983 contains more on this topic.

> I do not see a need however for the receiver to know exactly what the 
> sender is doing or to know which DiffServ bits to expect on a given SA.

I agree, and in particular this is the basic response to Charles Lynn's
concern:

	Consider the receiver.  If the receiver has the same "policy"
	as the sender, then it will also want to have multiple SAs.
	Since, to its knowledge, none of the existing SAs from the
	initiator have DiffServ markings, and it wants to use them,
	then it will setup its own SAs back to the original initiator.

The DiffServ marking policy can be different in each direction, even
across a common set of paired SAs.  There's nothing wrong with
CREATE_CHILD_SA setting up an SA that is used to carry routing
traffic (e.g., Class Selector/IP Precedence 6) in one direction
and best effort traffic in the reverse as long as the routing
traffic in the reverse direction doesn't get mixed with the best
effort traffic on the same SA.

> I also think there might be significant difficulties in trying to
negotiate 
> DiffServ whatevers (DSCPs or PHB-IDs) as selectors in the traditional
sense 
> (described in my earlier email in this thread).  So I would opt for
letting 
> the sender make a local choice which SA to send on, and all the receiver 
> needs to do is support multiple "redundant" SAs.

I completely agree.  IKEv2 has enough challenges; there's no need
to add QoS negotiation.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@emc.com        Mobile: +1 (978) 394-7754
----------------------------------------------------

Prev by Date: Re: Suggested wording for weak key lengths in IKEv2
Next by Date: Re: Suggested wording for weak key lengths in IKEv2
Prev by thread: RE: QoS selectors (was LAST CALL: IKE)
Next by thread: RE: QoS selectors (was LAST CALL: IKE)
Index(es):
- Date
- Thread