IETF Logo Mail Archive

[IPsec] 答复: New Version Notification for draft-xu-ipsecme-esp-in-udp-lb-00.txt

Xuxiaohu <xuxiaohu@huawei.com> Thu, 03 November 2016 03:36 UTC

Return-Path: <xuxiaohu@huawei.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DDE412968A for <ipsec@ietfa.amsl.com>; Wed, 2 Nov 2016 20:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.718
X-Spam-Level:
X-Spam-Status: No, score=-5.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onf8GRCxvONC for <ipsec@ietfa.amsl.com>; Wed, 2 Nov 2016 20:36:57 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E900F12946F for <ipsec@ietf.org>; Wed, 2 Nov 2016 20:36:56 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml701-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CZO90122; Thu, 03 Nov 2016 03:36:53 +0000 (GMT)
Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml701-cah.china.huawei.com (10.201.5.93) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 3 Nov 2016 03:36:52 +0000
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0235.001; Thu, 3 Nov 2016 11:36:48 +0800
From: Xuxiaohu <xuxiaohu@huawei.com>
To: Yoav Nir <ynir.ietf@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Thread-Topic: [IPsec] New Version Notification for draft-xu-ipsecme-esp-in-udp-lb-00.txt
Thread-Index: AQHSM2gb01BpbARQ5EG6ZJX9p7ME46DDW/lw///ayQCAAiYlgIAABlQAgAE66AA=
Date: Thu, 03 Nov 2016 03:36:48 +0000
Message-ID: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE2BB281C7@NKGEML515-MBX.china.huawei.com>
References: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE2BB272FF@NKGEML515-MBX.china.huawei.com> <ACF099F0-FA39-42A0-A4A7-A2E6CCBF136A@gmail.com> <18805.1478103581@obiwan.sandelman.ca> <0D919BEB-8335-4E5F-8C83-62E92FC518DB@gmail.com>
In-Reply-To: <0D919BEB-8335-4E5F-8C83-62E92FC518DB@gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.184.181]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020202.581AB0D6.00AC, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: c4a6b5dd76c3ff94bb2f6e597920df23
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/AZwKDGuwFzNqaKwO2AxKryzm6xQ>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>
Subject: [IPsec] 答复: New Version Notification for draft-xu-ipsecme-esp-in-udp-lb-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 03:36:59 -0000

Hi Yoav and Michael,

Thanks for your comments.

If I understand it correctly, the dest port number of 4500 has been dedicated for the NAT traversal usage as described in RFC3948 where " the Source Port and Destination Port MUST be the same as that used by IKE traffic", therefore, it'd better for us to request a new dest port for the load-balancing usage as described in this draft.

Best regards,
Xiaohu

> -----邮件原件-----
> 发件人: Yoav Nir [mailto:ynir.ietf@gmail.com]
> 发送时间: 2016年11月3日 0:42
> 收件人: Michael Richardson
> 抄送: Xuxiaohu; ipsec@ietf.org
> 主题: Re: [IPsec] New Version Notification for
> draft-xu-ipsecme-esp-in-udp-lb-00.txt
> 
> 
> > On 2 Nov 2016, at 18:19, Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
> >
> >
> > Yoav Nir <ynir.ietf@gmail.com> wrote:
> >> 4 Why do we need a new port? What goes wrong if the packets go to
> >> port 4500?
> >
> > I think that TE/load-balancer in the network calculates the same tuple
> > hash and so takes the same path. (Presuming that it ignores the source
> > UDP port)
> 
> I don’t follow. The draft requests a new destination port from IANA. Let’s
> assume it is 14500.
> 
> What is the difference between having every gateway send traffic with the
> 5-tuple (me, random_port, UDP, you, 4500) and having every gateway send
> traffic with the 5-tuple (me, random_port, UDP, you, 14500) ?
> 
> Sending UDP-encapsulated traffic from a random port works today, and has the
> advantage that middleboxes trying to classify traffic already know what it is.
> 
> Yoav
> .
>

v2.23.0 | Report a Bug | By Email