[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: QoS selectors (was LAST CALL: IKE)

In my understanding, everything that we today call "selectors" are 
negotiated in IKE, used at the IPsec sender to decide how to send packets, 
and used at the IPsec receiver to decide whether to accept packets.

If we agree that it is a local matter for the sender to decide which 
packets to send on which of n "redundant" SAs (whether this decision is 
based on DiffServ codepoint/PHB or whatever) then I would propose we don't 
call whatever rules govern that selectors.  I think to do so would create 
confusion vs the exisiting concept of selectors.

Moreover, if it is a local matter at the sender I don't see any need to 
standardize it at all.  Let's just say you are allowed to have "redundant" 
SAs (with the same properties) and the sender can use whichever of those 
SAs it wants to to send any given packet.  For the current discussion that 
decision would be to send packets of different Ordered Aggregates [RFC 
3260] on different SAs but it could be for any other reason as well.  (Load 
balancing across encryption hardware units, perhaps?)