[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: revised IPsec processing model

To: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Subject: Re: revised IPsec processing model
From: Stephen Kent <kent@bbn.com>
Date: Mon, 21 Jul 2003 22:19:01 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <20030722020419.422BF793@starfruit.itojun.org>
References: <20030722020419.422BF793@starfruit.itojun.org>
Sender: owner-ipsec@lists.tislabs.com

At 11:04 +0900 7/22/03, Jun-ichiro itojun Hagino wrote:
>  >Thanks for the additional info. As Bill & Markus pointed out, the VID
>>is not the same as an address, in the sense discussed above. It is an
>>identifier largely internal to IPsec. Does Bill's suggestion of how
>>to accommodate the VID address your concerns?
>
>	i see, i guess we need to find some term other than "virtual 
>interface".
>
>	my another concern is that the text talks too much about implementation
>	details - for instance, SPD cache implementation could vary by
>	implementation to implementation.  with our implementation we cache
>	SPD on connected tcp/udp control block (inpcb).
>	maybe put less (but sufficient) text in 2401bis, and add VID 
>and caching
>	details as appendix?
>
>itojun

There is no need to focus on caching in a host, because you can use 
the tcp/udp blocks, as you note. But for BITS, BITW, and security 
gateways, caching is critical and thus requires discussion.  I will 
revise the text to make clear this distinction.

Steve

References:
- Re: revised IPsec processing model
  - From: Jun-ichiro itojun Hagino <itojun@iijlab.net>

Prev by Date: Re: revised IPsec processing model
Next by Date: Re: revised IPsec processing model: Q: VID and forwarding function
Prev by thread: Re: revised IPsec processing model
Next by thread: Re: revised IPsec processing model
Index(es):
- Date
- Thread