[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: QoS selectors (was LAST CALL: IKE)
In my understanding, everything that we today call "selectors" are
negotiated in IKE, used at the IPsec sender to decide how to send packets,
and used at the IPsec receiver to decide whether to accept packets.
If we agree that it is a local matter for the sender to decide which
packets to send on which of n "redundant" SAs (whether this decision is
based on DiffServ codepoint/PHB or whatever) then I would propose we don't
call whatever rules govern that selectors. I think to do so would create
confusion vs the exisiting concept of selectors.
Moreover, if it is a local matter at the sender I don't see any need to
standardize it at all. Let's just say you are allowed to have "redundant"
SAs (with the same properties) and the sender can use whichever of those
SAs it wants to to send any given packet. For the current discussion that
decision would be to send packets of different Ordered Aggregates [RFC
3260] on different SAs but it could be for any other reason as well. (Load
balancing across encryption hardware units, perhaps?)
--Mark