[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] Qos issue related to rfc2401bis



> In section 4.1 it says that IPsec implementation must permit
> establishment and maintanance of multiple SA's between a given
> sender and receiver,with the same selectors, it means to say that,
> do we need to create the SA's according to the flow and class of
> service as adding one parameter in the SA whitch indicates class of
> service and will be searched for SA for an inbound packet.  

if you read further, you'll see that qos markings generated before
IPsec is applies are used as a pseudo-selector and get passed through
to the encrypted packet.

qos is used to select/generate multiple SA's during outbound
processing, but is ignored for ipsec purposes for inbound processing.

so it's purely a local matter for the sender.

						- Bill



_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec