Re: [IPsec] Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Aseem Choudhary <achoudhary@aviatrix.com> Mon, 14 August 2023 08:39 UTC
Return-Path: <achoudhary@aviatrix.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24AC8C1516EA; Mon, 14 Aug 2023 01:39:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aviatrix.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yrqc8f_Oz5FQ; Mon, 14 Aug 2023 01:39:45 -0700 (PDT)
Received: from outbound-ip7a.ess.barracuda.com (outbound-ip7a.ess.barracuda.com [209.222.82.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7837BC1516E3; Mon, 14 Aug 2023 01:39:45 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx-outbound8-155.us-east-2a.ess.aws.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 14 Aug 2023 08:39:44 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d8jPOv5FaNhdQMYQQFakH6o1nOMZMUvgVkMOo8ilnKJD+oi9vTrrgaNC9KeA/010bZoNuZ4I9JZqWwJhWHv629KjemXhunZeETUU9r53X1wNhknIrDwxFdIYS9v2j2pykA0UPLjOV4L5qL4vJeaiSrnNXvC8RT7gXXWnrrEqYWGCQi/sNSKAqzpuLayaT69sjQZisDZ1I//jtyxfBao9sqxxjeZ+CLI+XEzfDNhdWE3zRdEECNnYKsUVVLQdnnBSZ3UXfPcd5qjGeM4OV7P6pD4xtuZUlz/tM2aCgt+yhFfavaf09dZr3aH2q4s/KIWFN1uLDWIr8ZnWgAheKu5w4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yU/XCxSNutZv5CNq5thkiSDZRXVtqT0qQAPA1sgctvw=; b=IaAOvwnLhkgbGcDx790DDqL1n1NhucuTW21XotFRufvaRY/ojbgbUdddMNUzH3C8XYf+ZBG5Y3FoDQLZDWyT+TO4i5q0vbJn/7x86sKG9XH5+nNXoI+fjyPBAOeTSVSGGwYwo6hArL+AtlPAZdNTZr0mGQpywEinDBtRw1hiq5IUn+r/9OuGKheovbfbdQkQl0gLL1h4Q1GL6Lyq1gONtpEHCs63v88yqtV3AjTKv/lNrQDMNnK3Dj+A1Jh3pkgDUCYk2zUZTcZuhKvSYkzq2EJmIMaDh0YKyJlOFC6L9e2+ic18dVZXPJaF7RSo/JUsa8JmPwXWAA1dcY0xynqL2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aviatrix.com; dmarc=pass action=none header.from=aviatrix.com; dkim=pass header.d=aviatrix.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aviatrix.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yU/XCxSNutZv5CNq5thkiSDZRXVtqT0qQAPA1sgctvw=; b=RgsiYHoQjZykDOWNYacEHG/4GaRa346MH4EVW033Ipx2Y7sVpO72Nm3RB2XhPK6S794zYRpDTViz9DO9jZtmWA1t0udEDwbQNNtaxXidToycxfVAp/tERe9TTjefDwNeG5X7kXxAgmkrP4AmNAcQYuZhycqxJ4wzswb3CiE3cok=
Received: from MW3PR11MB4697.namprd11.prod.outlook.com (2603:10b6:303:2c::15) by MW6PR11MB8437.namprd11.prod.outlook.com (2603:10b6:303:249::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.24; Mon, 14 Aug 2023 08:39:42 +0000
Received: from MW3PR11MB4697.namprd11.prod.outlook.com ([fe80::2c98:1660:47d3:6b7]) by MW3PR11MB4697.namprd11.prod.outlook.com ([fe80::2c98:1660:47d3:6b7%4]) with mapi id 15.20.6678.022; Mon, 14 Aug 2023 08:39:42 +0000
From: Aseem Choudhary <achoudhary@aviatrix.com>
To: "draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org" <draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Thread-Index: AQHZznvw3YK9W6++MEKLvhHk3j6Rh6/pd/u/
Date: Mon, 14 Aug 2023 08:39:42 +0000
Message-ID: <MW3PR11MB46973C26EDCC5F3A382387F8AB17A@MW3PR11MB4697.namprd11.prod.outlook.com>
References: <MW3PR11MB4697F948E5F548FE4A1E6590AB17A@MW3PR11MB4697.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB4697F948E5F548FE4A1E6590AB17A@MW3PR11MB4697.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=aviatrix.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW3PR11MB4697:EE_|MW6PR11MB8437:EE_
x-ms-office365-filtering-correlation-id: df19b4e2-dcfa-4ef2-c2cd-08db9ca2017b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cm/fnAbpcbupDfuP71X8J4R2o4KEQT89y9sg/gIaOn1ZU1/sJroc5vmRh6PRNnaMSr7StGuB0Y1AylpK1bkZ5aG7quafc4xFUZzNoA2p/I+BJX1XBs2YKw537lWzeY26x/f52A7VDlzimlNrOqs1BiqeIgpZQZbhCzYhoV99xzGKqQATP63Ttm/TwiFmd++klKanIOn/dMdbdi/5iMAmvXEJwpfFy6cctjP6I8BFgOb/CgvIupSdLhHjclSCLx05UiipQ8R1fhdR8AhQmFYB2ur86k95xdqjxsFP88pSRNOQIBrJn3GiN9X8gYN9gx+2B+toJR1PZJyUDeuqn8uTSMJNhOPBTBjQJEgbC3EppZJFxsKQCkL1vYr/z/JUZkuvM++QctQ+FT/1AsSkd8BjS6EQzpr4SPO4+NZw/Gyl2o0b89SAVnhBgcQap4Xvtg8S3qeAlSvaESBQNfiANO/vUraBTbbnc+0xvtzap2J0ufzJ8xI43c1O8MxJNoUZajOYhXr4c4uqVha3WxIwHuZ8nIocJqfLaRdckn1g942fHdyreuvheJ5qXFoHR3IKsI6SwkUqZcKKrjCCE9lsbuQPTALgKYDpgYJiEBKH7i55tVM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW3PR11MB4697.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(39840400004)(376002)(346002)(136003)(396003)(451199021)(1800799006)(186006)(38100700002)(55016003)(7696005)(71200400001)(478600001)(122000001)(52536014)(38070700005)(5660300002)(2906002)(4744005)(33656002)(86362001)(6916009)(4326008)(64756008)(66446008)(66476007)(66556008)(66946007)(450100002)(76116006)(41300700001)(8936002)(8676002)(316002)(2940100002)(6506007)(53546011)(83380400001)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 54IwEUQXtWl7YlxKvYKoeTrE/eQjy+PmTjq5v41KqzF9bwyn7xx9wxL86ZCFfIwFDdMnUUFbV0NRyhRuasyuH6kUdvBWrEsBYT2qY9OoBEt4xw54a3tzL6EIHnGRTQrDTnwtl/LJP+3waxG88Hcr7uBECHqKIxX4JwBhLSbch8LJnxzwvKusu3hHris2ndel+Vb9TXKfvUij9s3vMTQooX/gPRqnZrb/oBgmIkLlkSP7IVw3oq6efyJxbsQxkwiY4L2NbcZ9tALHGjccJVyMYAmiWc5N66m/gxpxNq/ghgKfXHoYNFzEYNnb/qhV8JaIyCzesjtHQoM50tWep9PDsGqsACEYZi2nm2Gj/uziOQhI7gMI5fwlFxYsBh4NQZX5UmpxOvPAqQ9SLfAB0cd/uiOp3gf+gUOx19tInIdJO2RVNnQ7YtiOtPBirfZvmYfxbP0HldPfq7qyfT/mnkdrXVnZTyPRD13MsA/HOKvZzqvqqPmuLYh0mOLkXZYmIdBqLrs7FrY5M2kzVZuQBo/DdFZDi0JZsH96SxOMLu1s5b4nuO4D0TGaYyT9bWL4MIDgdpegtsaAOzPznGjRnBdBFfOn6EK81wz1DLRG3nD46PxrPDPEdPjUEU3hkTY1tjCGUFion+gN2fBMv2c4qJm8XwzpNbtAnmlJJT+9Dr2alnIiMUpXh/h8NeqRKyNvOxNDLyPuluAbf+pgUkypgVXJEc/pZwD4MNuMFGscV8pfVGXTnLV19t5S/JfdrTOLuOmQmP4WTPGJ/10U3DHdG6dBau/y5Z2Auu1EnIyc6exgcFU1RRLCgytyHucbuDDzaoZjnZIkgMXpy5LhZbFHCBLV9/9XNI2GbHXXaHTtMMQqxurtJxeSeRdmVIyvH2223phaCKAGlO9WyiqircT75OjEAjXgA/pMvDjiGu179yqvTDXdUdrYIrZBXyRiNN+QefcmTGxQLRKXNFnOosk4yJZnUpHlDhuLMPp++y8IMfd39ikpTKSE70Wr6trWhFz6/27PEM+RWdsnU7xHfKxFN0wVa4uYn9jBfZg97xoQjNDhR7tlPdyQ+OT+rMY9AD9xqOwOtLxZZ/ZRtZvNXty4UctbiV0dMZKQSi8P2HQqj6tAGxYCChE7axoeI3O8aq6aBvvTqXaQ5ZiTywHkZYN5RIX/G3vehKtxw4zJyd5FnXeFld3JO7TU6/7Lg031d8Sgztv8Jne7c5M5j0wiyE7FZvlxMnh705GV5QaxWb5/ErkzG+KnezvhNvRlSSDUpJnQYtkfIpRDgXxZzxjpILcBIGO0uYggaygVdPDIx017vc45JMJvnB2SASTdOCimbjBo1Ikqou+ZpsnWUy3EWVB8SAjNx9ySIey3tF80KpQCJJQq/4eVYYMX/z6+aZasH9UYKRuzFNtfT9LI3aidNsOkhaffizf/xemFuY0/ZLN++kR8T2f2MhlS9o/qUjvn07GenjCZYOIPXMNAy+Th0BX4lGaVb5vGVFWN3u6Vude9gMtJ7ic0MMsupWYW3a89VWcZyFSnnEqi9R3L5B6aXRYH3YHyulKmeSzizL76miLSBBf1DKPw8u4zeSEvaHWYxghQxwyVvfY50xrCUFnZeCmfiARHwUhLKJ+f/taBE43jYpJfaO4qIw1WGOirhVoU1vL8WRO3OxFo1O0dja5AWASTdShnrCn3dnFV1XRkIVd3rUQi67g=
Content-Type: multipart/alternative; boundary="_000_MW3PR11MB46973C26EDCC5F3A382387F8AB17AMW3PR11MB4697namp_"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: dUhlWOsbJt/D2ufchwmphNa/UnkdJwp92NGf18KOwvwkT9k2n9u1yfUSHhyhdekAKkngMKLbjO71AV6ziPS2v3wgHs7vOTVgTrr/AJyuJRqpuF3ihBNJi+ga7wuLIXhQFfis9hDdJe97Wdw4XDaybiTrXiKapL9ZatY9bnqljff/KlvXCC3MQyb9MBKCcUVfxV8yxbpZxew+wp/RVcPC/BFj6ifZH1EMbWFu6OWNgCe/q+yQ5LU98nJFzSrjQS2yMHXrBu1A7J65HU1gBhIZ2zIOm373UtwKd9cYlcx9s+UphjUfFosxbwUyPuh63SXX8F3gOYCynHUnDuur8ezSg9Ijwta3JJRHGVIPM3gxxGJ65yts92W69aRCxiZPo/WFyXzW7iJHEq1WHe66WMCBaAvCs279fN10aF0zZsz9KAuz8nr90V0xWmKVwis/hMsvTiyEl0Kf26YjeWPCVu9mokrJNYPb3OKMNDvsQWobHYpMTcMITaxCNWIv7m8eF1NR8Ig6j2wTR9fm+mNuLe8CJgQJPrtb9yFWFLclZZiCR/efd7bE28PXWIjqRSgq3SrDibPv2yZs0j+HtjxFk1zVoO+yCEGdUWAc0AerPusTlXPULRROHLiWy9Djf3WDVCNpmKdpGFNtHzTED6PV1fTkXwQUJ0rCicgeRkxPChONIr978JrtOpn8mAMEEqs/Rufs9yuxUoXoOx2J/Q5C6FmmraYpswA594UvmiFKzUIiLmmYFxGMN4AWMzg2ZiqxTOFy2lFYd4uP5X2GddV9Ygq5ZvTg/3Nz79krGBVdkydhYAc=
X-OriginatorOrg: aviatrix.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW3PR11MB4697.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: df19b4e2-dcfa-4ef2-c2cd-08db9ca2017b
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2023 08:39:42.6045 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4780055e-ce37-4f02-b33d-fdad8493a4b6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rH/K9da6KDlV7bad3kzyF1LHcg3hRDKqDbrSXhv6EKtYKVFOkMCzR4oryyPUHEGnuOkuMkC9lW8KlfHdOnst+w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR11MB8437
X-BESS-ID: 1692002383-102203-9852-1514-1
X-BESS-VER: 2019.1_20230807.1901
X-BESS-Apparent-Source-IP: 104.47.70.103
X-BESS-Parts: H4sIAAAAAAACAzXLuw7CMAyF4Xfx3MH1JTF9FcRgO0FdEAMZkFDfnQztcvTrSN /9B/07YIMxd4H3BzZTmrHPj9OKIEdk+NrUm3BN0e7VMUIQjuXi+3idXMt6+WaKQdKTGb 0SPQW7mdR2K6mFBI7HH1iAr2eAAAAA
X-BESS-Outbound-Spam-Score: 0.00
X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.250135 [from cloudscan13-233.us-east-2a.ess.aws.cudaops.com] Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message 0.00 BSF_BESS_OUTBOUND META: BESS Outbound
X-BESS-Outbound-Spam-Status: SCORE=0.00 using domain:214149 scores of KILL_LEVEL=7.0 tests=HTML_MESSAGE, BSF_BESS_OUTBOUND
X-BESS-BRTS-Status: 1
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/FMcCammaO11Yu93AsXyiYJ4nEnI>
Subject: Re: [IPsec] Questions for draft-ponchon-ipsecme-anti-replay-subspaces
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 08:39:51 -0000
Fixed typo in address. From: Aseem Choudhary <achoudhary@aviatrix.com> Date: Monday, August 14, 2023 at 1:33 AM To: draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org <draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org> Cc: ipsecme@ietf.org <ipsecme@ietf.org> Subject: Questions for draft-ponchon-ipsecme-anti-replay-subspaces Hello Authors, Thanks for writing the document. It is good work! Few questions: 1. Looks like packet mapping to subspaces either for the CPU core or QoS or combination is tunnel source local decision. Since packet along the path can be marked/remarked reclassified, mapped to different queues, reordering is still possible. 2. Since subspace is 16 bit, any plan/suggestion favor/against to split space for CPU and QoS? 3. Any implementation experience/plan with strongSwan? -thanks, Aseem
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Aseem Choudhary
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Paul Ponchon (pponchon)
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Aseem Choudhary
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Paul Wouters
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Michael Rossberg
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Aseem Choudhary
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Pierre Pfister (ppfister)
- Re: [IPsec] Questions for draft-ponchon-ipsecme-a… Aseem Choudhary