[bmwg] updated ipsec docs
Merike Kaeo <kaeo@merike.com> Fri, 03 April 2009 18:35 UTC
Return-Path: <kaeo@merike.com>
X-Original-To: bmwg@core3.amsl.com
Delivered-To: bmwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BB2753A694C for <bmwg@core3.amsl.com>; Fri, 3 Apr 2009 11:35:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.469
X-Spam-Level:
X-Spam-Status: No, score=-1.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhqkI1DND2EN for <bmwg@core3.amsl.com>; Fri, 3 Apr 2009 11:35:40 -0700 (PDT)
Received: from b.mail.sonic.net (b.mail.sonic.net [64.142.19.5]) by core3.amsl.com (Postfix) with ESMTP id 0CA653A6811 for <bmwg@ietf.org>; Fri, 3 Apr 2009 11:35:39 -0700 (PDT)
Received: from [192.168.66.51] ([65.102.159.229]) (authenticated bits=0) by b.mail.sonic.net (8.13.8.Beta0-Sonic/8.13.7) with ESMTP id n33IaghR009358 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <bmwg@ietf.org>; Fri, 3 Apr 2009 11:36:42 -0700
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Transfer-Encoding: 7bit
Message-Id: <52BEEFEC-4331-4227-894C-E3EDEE55FDBA@merike.com>
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
To: bmwg@ietf.org
From: Merike Kaeo <kaeo@merike.com>
Date: Fri, 03 Apr 2009 11:36:42 -0700
X-Mailer: Apple Mail (2.753.1)
Subject: [bmwg] updated ipsec docs
X-BeenThere: bmwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Benchmarking Methodology Working Group <bmwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bmwg>
List-Post: <mailto:bmwg@ietf.org>
List-Help: <mailto:bmwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bmwg>, <mailto:bmwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2009 18:35:40 -0000
The new version of the ipsec terminology (draft-ietf-bmwg-ipsec-
term-11.txt) and ipsec methodology (draft-ietf-bmwg-ipsec-
meth-04.txt) documents were posted today.
The following modifications were done from the previous versions and
address all the comments made in the last year.
additions/changes for term-11 draft:
- change definition of IPsec Server to IPsec Gateway and in the issue
section state
"IPsec Gateways are also sometimes referred to as 'IPsec Servers'
or 'VPN
Concentrators'
- added NAT traversal to security context under IKE context as a MUST
- changed 'IPsec Tunnel Capacity' to explicitly state that each IPsec SA
is associated with exactly 1 IKE SA
- IPsec througput definition - delete second paragraph in discussion
- Changed Phase 1 DoS resiliency rate definition to generalize on a
rate of
measurement that is to be measured as a graph of valid IKE Phase 1
tunnel
attempts per second (TAPS) and the percentage of failure
additions/changes for meth-04 draft:
- added text under 'Frame Type' section to explicitly recommend
testing Nat-Traversal scenario which requires UDP encapsulation.
- changed text 'Testing of AH Transforms 1 and 2 MUST be supported'
to 'If AH is supported by the DUT/SUT testing of AH Transforms 1 and
2 MUST be supported'
- added clarification text to section 9.1 on throughput baseline and
reference to IPsec SA traffic selectors
- modified section 9.1 language on reporting format to get rid of
terms 'advertising copy' and 'product datasheet' and any references
to publications requirements
- modified text in all frame loss test procedures to mention 'nominal
device throughput' rather than 'frame rate on input media
- add text for 11.2 topology section to address scenario with an
asymmetric topology
- added single tunnel, maximum throughput case in section 14 as a MUST
- modified text in 15.1 to change test procedure so that it would
quantify the measure
- modified text in 15.2 to make scalability point explicit and
clarify reporting format text
- added text in sections 12.1, 12.2 and 15.1 to address the case
where you can have less than n IKE Phase 1 policies configured to
still have offered traffic create n IKE SAs
Thanks to Yaron Sheffer for his help on the xml conversions which I
now finally have a hang of.
- merike
- [bmwg] updated ipsec docs Merike Kaeo
- Re: [bmwg] updated ipsec docs Al Morton
- [bmwg] WGLC: draft-ietf-bmwg-ipsec term-11 and me… Al Morton