IETF Logo Mail Archive

Re: [IPsec] New Version Notification for draft-xu-ipsecme-esp-in-udp-lb-00.txt

Yoav Nir <ynir.ietf@gmail.com> Wed, 02 November 2016 16:42 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA8A01296C8 for <ipsec@ietfa.amsl.com>; Wed, 2 Nov 2016 09:42:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7P0W2cril1HM for <ipsec@ietfa.amsl.com>; Wed, 2 Nov 2016 09:42:26 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7271296DA for <ipsec@ietf.org>; Wed, 2 Nov 2016 09:42:25 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id a197so152558384wmd.0 for <ipsec@ietf.org>; Wed, 02 Nov 2016 09:42:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=k2WKtF01MmmauBHkBLBWJpjDMtCFYT7bJzKLABfhMdY=; b=dpek6NmuWTaH9W1jBtusQoVqJT33/mb1ggppYZwjbISeOMy1j45qcqmWKbxKX44vUQ YtL4Hx/ZZ7aNL5sWHc7d5QM1KFjmapkdlsKa6rYirVZ4MUY62JQh/XzGI51vSbJBcJzw /66Rwjc8We8+LtA5xMplFWQRyQt5wArs1GMJDV1i403nXRQsEWICB26eUxozsPUBO8h8 XlGT9CdB8NdGdFOfMyZM/JLiguz3i9c49cbWEUT1bgAfsU8Z483THaNs8AtjPvg8uxJC wWELmnsnIQVXmdjwnblfl1scy7DFgUm0I4LREGcLIcL/lqbG6q6coiuUhQjbZMiBBG6P vslQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=k2WKtF01MmmauBHkBLBWJpjDMtCFYT7bJzKLABfhMdY=; b=eyZgD0HtaTDKahoVk4fKOpdkEQ+vzbl4DXKQuNhmeaqpve5t0PrlhKnNWtGWyJ8bmr HmQCYnOPfjkYQMcH3XDIu+LzklYDkjhHZLYDDEkyqVC1sbaH8jw93ia7iVyzIAyyV8Pr dRaYa/DxpA8gnwc8Nq9zf8SpWlQ2wwoOhWvcjYEohzCJNC+ceu1UL2EyXlYCbSg81XF6 A0Lb/yyG6dO43hNEHvasUtNVXntVUpG0Yo0awG0XNGhDTBx/zFif3z44b8KPFfmbx4SM NLTAOUyYNeGhO351KKvyaA8jSUP9w/Lt6nX0wGmamCWs7tj5YQEpqFXgNOef2zTzuLC3 BKgQ==
X-Gm-Message-State: ABUngvcSe8Ln4QbcSH5OCx3fse6MvAKZLQdyY4G7V/WI/guvGW0HKTawZod0VWKR7sRAkw==
X-Received: by 10.194.222.169 with SMTP id qn9mr3694361wjc.62.1478104944233; Wed, 02 Nov 2016 09:42:24 -0700 (PDT)
Received: from macbook-pro-2.mshome.net ([109.253.128.232]) by smtp.gmail.com with ESMTPSA id f4sm37318314wmd.15.2016.11.02.09.42.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Nov 2016 09:42:23 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <18805.1478103581@obiwan.sandelman.ca>
Date: Wed, 02 Nov 2016 18:42:20 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D919BEB-8335-4E5F-8C83-62E92FC518DB@gmail.com>
References: <1FEE3F8F5CCDE64C9A8E8F4AD27C19EE2BB272FF@NKGEML515-MBX.china.huawei.com> <ACF099F0-FA39-42A0-A4A7-A2E6CCBF136A@gmail.com> <18805.1478103581@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ShecsvIbolmtzUtcb0PG0GcOST8>
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, Xuxiaohu <xuxiaohu@huawei.com>
Subject: Re: [IPsec] New Version Notification for draft-xu-ipsecme-esp-in-udp-lb-00.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 16:42:28 -0000

> On 2 Nov 2016, at 18:19, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Yoav Nir <ynir.ietf@gmail.com> wrote:
>> 4 Why do we need a new port? What goes wrong if the
>> packets go to port 4500?
> 
> I think that TE/load-balancer in the network calculates the same tuple hash
> and so takes the same path. (Presuming that it ignores the source UDP port)

I don’t follow. The draft requests a new destination port from IANA. Let’s assume it is 14500. 

What is the difference between having every gateway send traffic with the 5-tuple (me, random_port, UDP, you, 4500) and having every gateway send traffic with the 5-tuple (me, random_port, UDP, you, 14500) ?

Sending UDP-encapsulated traffic from a random port works today, and has the advantage that middleboxes trying to classify traffic already know what it is.

Yoav
.

v2.41.0 | Report a Bug | By Email | System Status