Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07
Tobias Brunner <tobias@strongswan.org> Fri, 16 July 2021 06:51 UTC
Return-Path: <tobias@strongswan.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD92F3A285F for <ipsec@ietfa.amsl.com>; Thu, 15 Jul 2021 23:51:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O2nQcfmMLkcf for <ipsec@ietfa.amsl.com>; Thu, 15 Jul 2021 23:51:37 -0700 (PDT)
Received: from mail.strongswan.org (sitav-80046.hsr.ch [152.96.80.46]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 805893A285E for <ipsec@ietf.org>; Thu, 15 Jul 2021 23:51:36 -0700 (PDT)
Received: from [IPv6:2a01:8b81:5407:c100:1167:3b51:5981:7a21] (unknown [IPv6:2a01:8b81:5407:c100:1167:3b51:5981:7a21]) by mail.strongswan.org (Postfix) with ESMTPSA id 4A1FD40158; Fri, 16 Jul 2021 08:51:34 +0200 (CEST)
To: "Bottorff, Paul" <paul.bottorff@hpe.com>, Valery Smyslov <smyslov.ietf@gmail.com>, 'Tero Kivinen' <kivinen@iki.fi>, "antony.antony@secunet.com" <antony.antony@secunet.com>, 'IPsec' <ipsec@ietf.org>
References: <CS1PR8401MB11928BE251D4B6E05184D941FE619@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <20210331103220.GA21137@moon.secunet.de> <CS1PR8401MB119267E038AFBDFD996F0441FE7C9@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <24678.19440.553333.890224@fireball.acr.fi> <036401d72786$91047b90$b30d72b0$@gmail.com> <CS1PR8401MB11924CD1BF4CC233523180F3FE7A9@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <CS1PR8401MB119239134AD78A9B30754AE4FE139@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM> <f0cf6bca-f3b8-c991-2257-90def87f40c9@strongswan.org> <CS1PR8401MB11925D7FE5542E0E14F86F6CFE129@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM>
From: Tobias Brunner <tobias@strongswan.org>
Message-ID: <7cd40215-563d-9860-62fa-4110f1bd3895@strongswan.org>
Date: Fri, 16 Jul 2021 08:51:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CS1PR8401MB11925D7FE5542E0E14F86F6CFE129@CS1PR8401MB1192.NAMPRD84.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/SZN31uQVLqMXMHO8bVmIKojvlv8>
Subject: Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 06:51:40 -0000
Hi Paul, > The ports used for IKE packets would not be randomized since IKE would not use source port for LB and so should be stable at the NAT. I was not referring to the IKE but the ESP packets sent by the responder to the natted IKE port for LB. Wasn't that what you were proposing? Regards, Tobias
- [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Antony Antony
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Antony Antony
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tero Kivinen
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Valery Smyslov
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tobias Brunner
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Tobias Brunner
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Bottorff, Paul
- Re: [IPsec] draft-xu-ipsecme-esp-in-udp-lb-07 Paul Wouters