Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07
"Bottorff, Paul" <paul.bottorff@hpe.com> Wed, 14 July 2021 23:12 UTC
Return-Path: <prvs=08298b4889=paul.bottorff@hpe.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B978B3A0C19 for <ipsec@ietfa.amsl.com>; Wed, 14 Jul 2021 16:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hpe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvnMcVqA-gXf for <ipsec@ietfa.amsl.com>; Wed, 14 Jul 2021 16:12:46 -0700 (PDT)
Received: from mx0a-002e3701.pphosted.com (mx0a-002e3701.pphosted.com [148.163.147.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A5513A0844 for <ipsec@ietf.org>; Wed, 14 Jul 2021 16:12:45 -0700 (PDT)
Received: from pps.filterd (m0150242.ppops.net [127.0.0.1]) by mx0a-002e3701.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16EN8Jm9025414; Wed, 14 Jul 2021 23:12:44 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=oa0t4/vaURfAkhUT323GYRxim7TIIolaKuHBDHXvCic=; b=QSmwX3KQOf5KtIfSjsU/o7bpH7pUBsesiCg9gVWiE/sSL1VzTDJ7CYU2Q7716QYWBJ8j GpUD9Zex6LC0K0L4imRsqQqy/8xz/48pBa+DYfNkrxgtana/dpOPI1l3SckT9OHvdt08 cpGrzy6AU3XxpS0mzy7rrf1BwYh62tIQ+xWrDrhfeTwezx7lcSRP1LeezpUyEzRJKDtt JOdacmVJ3OaB7xq/LUkEJIORpzYUVDB1CKUVJl/unSj98ICggbXjHM9sNY2KGtmjmwlW nlmN58CLER/sIPZ5dM/1rzrUArzi0uvWtKjCEspx7KgWDNqHL35crJd6JBN+gKBARdgf nQ==
Received: from g2t2353.austin.hpe.com (g2t2353.austin.hpe.com [15.233.44.26]) by mx0a-002e3701.pphosted.com with ESMTP id 39t1x741a0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Jul 2021 23:12:44 +0000
Received: from G1W8108.americas.hpqcorp.net (g1w8108.austin.hp.com [16.193.72.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by g2t2353.austin.hpe.com (Postfix) with ESMTPS id F158565; Wed, 14 Jul 2021 23:12:42 +0000 (UTC)
Received: from G9W8453.americas.hpqcorp.net (2002:10d8:a0d3::10d8:a0d3) by G1W8108.americas.hpqcorp.net (2002:10c1:483c::10c1:483c) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 14 Jul 2021 23:12:42 +0000
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (15.241.52.11) by G9W8453.americas.hpqcorp.net (16.216.160.211) with Microsoft SMTP Server (TLS) id 15.0.1497.18 via Frontend Transport; Wed, 14 Jul 2021 23:12:42 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GRRVDiCObSc/4DxvxwdxoXSrOBvREn9odxgNu4GwhT829NbPjs5W4yoqLxNOa5gmAGLU4BeIESBVNiwOvMFPh8zSW6vneNl+WlyvX3gpz8I/311KVB5AdAKxubO7k/iEM0rWpwpjFalmSGI3DE0YtcG7pCPRsmlt/S/g8OUztNUgM/3HaT9bfeQhtDUSD2YN5zyKxztkhOfR6nyLufRal4uJh83x0l1CYHnuRLuDWpilDlNRV84dPaPnk/eol/8SvMQlynt+5A/rJTAh3xkwY3RmibvOlUU7vdddC88pa4LpcDANbE8oEvAHzsjSnKV5s3pMRjtQ6N4AvaBwBqJMgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GOo9tngObtM+l5C+JsHdjNedZa1hcGjqyULs0sEf3U0=; b=jVXKOLfgFYbIzIrl3X0uDr/GOZoUghNRJ2qtw8rsVFjb2SSzW44VgEmDlhNwj8mQgecsFw/Reg54m6xxVHfzoz/wPcs6LZL05/awoCIa4tMacqlC5saPYXHGrHFZ8SNvko6jnZkOJv02I5Z2S+5NT1YXBNpuDZ+S47QRSwG8sPwQGDIVnmIkJMMfRhRpdFOGamyvtOMm1kfZyAFFCKzh57Xtehrsi+o/QyewuPvhklELOU/+TNilm059FMZxNHnN3Q0XsdP/CBaBeBwkVdJ6dkzBIBsMDWm+OjqjbaT0nhm+jtRLMVSQolhy+5lv3dEgCXOSbLPaS8bFXmrasZJS+Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Received: from CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7507::23) by CS1PR8401MB0951.NAMPRD84.PROD.OUTLOOK.COM (2a01:111:e400:7510::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4308.21; Wed, 14 Jul 2021 23:12:41 +0000
Received: from CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a4ff:aeb9:d100:6536]) by CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM ([fe80::a4ff:aeb9:d100:6536%9]) with mapi id 15.20.4308.027; Wed, 14 Jul 2021 23:12:41 +0000
From: "Bottorff, Paul" <paul.bottorff@hpe.com>
To: "Bottorff, Paul" <paul.bottorff@hpe.com>, Valery Smyslov <smyslov.ietf@gmail.com>, 'Tero Kivinen' <kivinen@iki.fi>, "antony.antony@secunet.com" <antony.antony@secunet.com>, 'IPsec' <ipsec@ietf.org>
Thread-Topic: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07
Thread-Index: AdciaiROLLoGnn3oQyW5+9ys0PMxKgJRErFpANOS/JYCNRDTH6tGNXFQq2XEr5DWKZkDwA==
Date: Wed, 14 Jul 2021 23:12:41 +0000
Message-ID: <CS1PR8401MB119239134AD78A9B30754AE4FE139@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM>
References: <CS1PR8401MB11928BE251D4B6E05184D941FE619@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <20210331103220.GA21137@moon.secunet.de> <CS1PR8401MB119267E038AFBDFD996F0441FE7C9@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <24678.19440.553333.890224@fireball.acr.fi> <036401d72786$91047b90$b30d72b0$@gmail.com> <CS1PR8401MB11924CD1BF4CC233523180F3FE7A9@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <CS1PR8401MB11924CD1BF4CC233523180F3FE7A9@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: hpe.com; dkim=none (message not signed) header.d=none;hpe.com; dmarc=none action=none header.from=hpe.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 968b0c06-e859-49c4-c448-08d9471ce134
x-ms-traffictypediagnostic: CS1PR8401MB0951:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <CS1PR8401MB0951792C95BDD53821C27D25FE139@CS1PR8401MB0951.NAMPRD84.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:3173;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ybqf43mheu6BlIMWKZM3bmo3XqM59PM1fcuW4qX2Bkw1pPxnbuCMEOiiDybSZQxQO5ljH8LUnbXksOAC8d4VqrBB/TcLUg1qLfHc8Qyjz1aWrbE+31VuCmpxCXl74J6Jk5DS0dvQUwCWVNRtjjEdDvmvO3GnTsBBx4Og7WD3fivekNS0t5dUO1ghDKK8W/Xr3NiALoFqmd3fXHgpS9O+YrcS/A4mxskeEb9EYnCtfZlmdZpoj+0iNNCHpT6NHqxuKi+SkrqRHghv1Py40gj+DbJ1EsIE45PeUSr2/3wCxuljR2Bnf4eGyJqwIgDlzTOe3dPuRtNWjNgtup9Ao0BDJq5RT2+I1TTUqSviCYlqVqAapzbvZ2pa7ENpC1ahsf1Hto8I0Avrpz7wMVbO2yEeV01crYCA+hvDAOgZ6BOTc9HKmObAGb9Z1TMfuimIZDF+LJ9gBT8y9Z3M/rxROA3c6z7c3kEaVcjoq9e7s9nshOs8QVaPoMKpiePcwZAXKC92KofPuDuPROfH1enF2Zc7XTznFU2otSZPVNp37xvWpK5Z9jR5yisjbR5N4tO5QWcvoVBK/bZw6Y2XgH4sfMs+Zv0KnxSPnIh6woM+Z9Di2YSKWyLm0foJOydsRjgzKrXBAz2DrwKqj9nrzA2ZdLVCxS7HhvkCapx3WHisD6VFWZSCfthv7Yv1qu+45/BlvmEMCW13ED6THt8kci7n/JLKb1g7tmGLEVnmv927rSea9LkRnOVxkZdJoxR4OGXOV9Xet42R+geQC8+cN9qTE6Jh36vz5sHqSf8pTIG54MRpl6c=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(39860400002)(396003)(136003)(376002)(346002)(53546011)(26005)(186003)(66446008)(2906002)(8936002)(122000001)(9686003)(7696005)(55236004)(38100700002)(71200400001)(478600001)(6506007)(316002)(966005)(55016002)(33656002)(52536014)(66556008)(66946007)(76116006)(5660300002)(110136005)(8676002)(64756008)(86362001)(83380400001)(66476007)(38070700004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4yUri4HoLJDytfxxYiCGs8ZJ12dlY0MOzT8up+yIc+Tqd6rkCn/WehMSP2l6/9wqpIN8c3e56Br1o4liYzNk7qAGuehEQiiGls5BSUxmBer6EIGSBh5G0LVOn1ikYWD/eKt5VQwa36phHLjWQhMupCQLwL4TXesM6uUIxrr9EYrhKwp9Xxay4F0wcLOjE5NSyDSjX2+9VWw9m4MpIvAmXmorXLwOn3yX6nseddSp305m7zdbl4gM736ZW6a4iDIQDIe7zbd+z/iq/i3VFh90Zcp80W4PNpSxjNry1CaD0nTNf0YPYQefdLfCKK/eofAyjgTusGlYN4irXpyHy7sT0f8NdolL0Bx+p9OW41+iFPoDkhqA9TVtkditGEqnG2tBSveAjC4EKO7vH1ixpQurAlSh0Po5RUKIwfv5meu674RO0VUrR7lZsXZFPiSNYFlVPvt3n+V7xpHshqTR6wbHePG5yFAPVpcwSAUK4uYScFaPGtbsFYmTZP3VnhjuVRkN0URE2bqFZUPxoTcFjZSJ5te1E9/2NF4otUO1V15O5zPLbWRK4YaOiZeVhliW18Kw0A0b+mdfJKIt2QMS7+TYuU+EbXUbtC4xT/T0y85gW6kS65QCqWhmUmJZs3diVe0yOU8tpZlkySW3JqA0lQV2/ZUzQKif7EuLezzcV5GAY7VnfXuHAsxdwKkeQKKSPwjaZrhXIxtgAP3f9XHYrUc6NCsPUrgv7rIH4MtCTrtsgrfuVXVLrfNGY3NDo0lpFmvgZo+X7D2wP4HxxWer1/F8kqoo8SA78ea5oKg310uA/WEkNXVtL8KmJYVFNKSJkyECKyhnEEXRnVN2gAKHHluPR7MYo1vDxTqjip27bUe/2RyX8aJrgQKKFuN52SJdJanZo64ldVUUx3VfREM8rkg7v//B4l8H7yliw0Vp5UDRVxMEHC+SHXisg1u4NRQBmzj2YY3YJ9u1+OpDDTOtCXzR189MhXLUnnAxf3cG7nN66MGPc9BxhyvFcQxcPCknJr+8p5Q6/KeUcvavQn/zLTdjkq0iYaSZ/PqYka7JmiBib8iIZOY89fx/B2OJRBmLWM0Kv4A//w4SmWn9y/nTRSVr+Tgx2PXsnry5BJ28b0jxWmH+xkOG9auK930q70SNcGWnsQZMCAsmotRkPWgTNfaCTVsQPjokQslMID4WEgLecxKqzmChj0h0p7sCwJSpYGKQyZgu3hTKkEL5rQao1zqETf+k9eye61C/LPs1Qq0sKv7JByvAT+dDvRHUzQzNcqDe14mLph4OKfoELNbyCfp8T2ObWGScxNcrtWiDB8POBC8Fu1O48tic+yXRfLiv2JcI
Content-Type: text/plain; charset="us-ascii"
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 968b0c06-e859-49c4-c448-08d9471ce134
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2021 23:12:41.1514 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: IO0m5eKTsdNj01SBVsd07zhknQrueGnJvhtFUr82ZVKBXQU6vscIUqLwY2cQv3hNzDzsBZcWMi6GqvEtV/8qvQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CS1PR8401MB0951
X-OriginatorOrg: hpe.com
X-Proofpoint-GUID: lAD5bF-Sbhtote3MT9-PagGpYnPxDYTQ
X-Proofpoint-ORIG-GUID: lAD5bF-Sbhtote3MT9-PagGpYnPxDYTQ
Content-Transfer-Encoding: quoted-printable
X-Proofpoint-UnRewURL: 1 URL was un-rewritten
MIME-Version: 1.0
X-HPE-SCL: -1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-14_11:2021-07-14, 2021-07-14 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 spamscore=0 clxscore=1011 adultscore=0 mlxscore=0 malwarescore=0 bulkscore=0 priorityscore=1501 phishscore=0 impostorscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107140141
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/3lbnl8mOmg0Xv3_4qZHffYtx1bg>
Subject: Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2021 23:12:51 -0000
Hi Antony, Tero, Valery: I've put forward draft-bottorff-ipsecme-mtdcuc-ipsec-lb-00 to show the use case for esp in udp load balancing I'm concerned with. This case does not require NAT traversal. With that said I've spent some time looking into NAT traversal and believe it is possible to combine LB and NAT. To do so the responder must not respond with the source port received in the ESP in UDP packets. Instead, the responder should use the port received by the responder in the IKE exchanges. I believe this means turning off dynamic port updating when combining NAT with LB, which does mean that a change in the NAT mapping for IKE packets (resulting from a NAT timeout or reset) could result in packets being lost, however this event would be rare. Though there may be ways to cover this boundary case I don't believe it is worth the effort to fix this problem to support long term use of IPv4. Though my application is not concerned with RSS, it does seems using MOBIKE to generate entropy for RSS is very clumsy since this requires assigning new IP addresses just to force entropy. The LB proposal seems the best way forward for a general RSS solution. Cheers, Paul -----Original Message----- From: IPsec [mailto:ipsec-bounces@ietf.org] On Behalf Of Bottorff, Paul Sent: Friday, April 2, 2021 2:59 PM To: Valery Smyslov <smyslov.ietf@gmail.com>; 'Tero Kivinen' <kivinen@iki.fi> Cc: 'IPsec' <ipsec@ietf.org>; antony.antony@secunet.com Subject: Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Hi Valery: Agreed that LB only needs control of the source port to provide entropy. Our application is for traversal of highly meshed data centre fabrics. We encapsulate and de-encapsulate at the server using smart NICs and so don't have any impact on RSS or host software (nor improvement over their standard operation). We perform the encapsulation/de-encapsulation after the ESP packet is formed. Since encapsulation occurs after and de-encapsulation occurs before the IPsec stack, IPsec does not see any of the new port assignments so we don't have any issues with the SADB or IKE. Cheers, Paul -----Original Message----- From: Valery Smyslov [mailto:smyslov.ietf@gmail.com] Sent: Thursday, April 1, 2021 11:08 PM To: 'Tero Kivinen' <kivinen@iki.fi>; Bottorff, Paul <paul.bottorff@hpe.com> Cc: 'IPsec' <ipsec@ietf.org>; antony.antony@secunet.com Subject: RE: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Hi Tero, > For the load balancing I think it is enough for just one of the ports > to be different, thus initiator could simply allocate n random source > port numbers, and initiate IKE from each of them to responder, and > then create SAs for each of them separately, thus allowing load > balancing using UDP encapsulation using existing hardware. RFC 7791 + MOBIKE can be used to clone IKE SA and move it to a different local IP+port. Regards, Valery. > -- > kivinen@iki.fi > > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > INVALID URI REMOVED > man_listinfo_ipsec&d=DwICAg&c=C5b8zRQO1miGmBeVZ2LFWg&r=CCwOcKkISkWxd8Y > my11M8VW3U6Peq8aJ_DDlgVbQW5E&m=ykseXYzNH5MG1guNwTPMGiGby4o46mBhv92vwoS > pb0U&s=nCqbPzmEc1xdTkL0jPmKmNgH252j3dURPVnH8bt4OtE&e= _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
- [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Antony Antony
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Antony Antony
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tero Kivinen
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Valery Smyslov
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tobias Brunner
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tobias Brunner
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters