RE: Another field for traffic selector?
"Paul Knight" <paul.knight@nortelnetworks.com> Wed, 12 March 2003 19:54 UTC
Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA18446 for <ipsec-archive@lists.ietf.org>; Wed, 12 Mar 2003 14:54:36 -0500 (EST)
Received: by lists.tislabs.com (8.9.1/8.9.1) id MAA22887 Wed, 12 Mar 2003 12:38:28 -0500 (EST)
Message-ID: <6204FDDE129D364D8040A98BCCB290EF048B54AC@zbl6c004.corpeast.baynetworks.com>
From: Paul Knight <paul.knight@nortelnetworks.com>
To: jeremy.de_clercq@alcatel.be, Radia Perlman - Boston Center for Networking <Radia.Perlman@sun.com>
Cc: ipsec@lists.tislabs.com, Marco Carugi <marco.carugi@nortelnetworks.com>
Subject: RE: Another field for traffic selector?
Date: Wed, 12 Mar 2003 12:34:09 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C2E8BD.96822610"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk
Hi Radia and Jeremy, I'll second Jeremy's support for this. The need for including something like a VPN-ID as a traffic selector has been discussed in at least two individual drafts in the PPVPN WG: - draft-knight-ppvpn-vr-protocol-00.txt (Protocol Actions for Virtual Router VPNs) - draft-duffy-ppvpn-ipsec-vlink-00.txt (Framework for IPsec Protected Virtual Links for PPVPNs) I would definitely support adding extensibility or flexibility to the encoding of the traffic selector, since even for VPN-ID, there is still not a universal format. (RFC 2685 specifies 7 bytes; RFC 2547 has a Target VPN or Route Target which is 8 bytes.) I think the field should accommodate these sizes when VPN-ID is used as a selector. It may be possible to use a smaller field, but the signaling to negotiate a smaller field and ensure its uniqueness would probably be more burdensome than simply having a field which can accommodate current VPN-IDs. Draft-knight-ppvpn-vr-protocol-00.txt suggests: The Traffic Selector (TS) payload proposed in [IKE-V2] may be suitable for this purpose [carrying the VPN-ID]. The TS Payload specifies address ranges, and thus does not appear to be a clear fit for specifying a single VPN-ID, but it may be possible to define an additional TS Type with semantics suitable for the VPN-ID. Also, as a quick response to Sankar's question: (How are the packets coming out of a tunnel verified to ensure they match the negotiated virtual net? [....] Is Virtual net field expected to be part of ipsec headers also?) Yes, I think including a VPN-ID in the IPsec header is needed to map the packets to the VPN. Regards, Paul "The world is a jungle in general, and the networking game contributes many animals." - RFC 826 > -----Original Message----- > From: jeremy.de_clercq@alcatel.be > [mailto:jeremy.de_clercq@alcatel.be] > Sent: Wednesday, March 12, 2003 3:19 AM > To: Radia Perlman - Boston Center for Networking > Cc: ipsec@lists.tislabs.com; Carugi, Marco [CTF:0000:EXCH] > Subject: Re: Another field for traffic selector? > > > > > I'm not sure what to call it, or what size it ought to be. Other > > protocols need to solve this problem. The "VLAN tag" is > used in 802. > > "Partition ID" is used in infiniband. I've heard the name "virtual > > router ID" for something, but I think that's a terrible name (since > > it's a virtual net, not a virtual router). If anyone can suggest an > > already-recognized name for this concept, an > already-recognized size > > of the field, and an already-recognized numbering scheme, we should > > adopt it. Otherwise, I'd suggest the name "virtual net", > size 2 bytes, > > and a numbering scheme that is local to F1 and F2 (someone > > would configure it compatibly at the two ends and map it > > to specific customer nets). > > For some VPN approaches, the PPVPN WG refers to the "Virtual > Private Networks Identifier" defined in RFC 2685. > > > So, there are two issues: > > a) I think we need to add this field to the traffic selector in IKE > > 1. I support this idea, and > 2. if it is accepted by the ipsec community, I propose to > allign with the ppvpn wg. > > thanks, > Jeremy. > > > > b) If at this late date extra things (this plus the uniquifier) are > > coming up as needing to be in the traffic selector, perhaps the > > encoding of traffic selector should be more flexible, so that new > > fields can be added in the future. > > > > Radia >
- Re: Another field for traffic selector? jeremy.de_clercq
- Another field for traffic selector? Radia Perlman - Boston Center for Networking
- Re: Another field for traffic selector? sankar ramamoorthi
- Re: Another field for traffic selector? Scott G. Kelly
- RE: Another field for traffic selector? Paul Knight
- Another field for traffic selector? Michael Thomas
- Re: Another field for traffic selector? Lars Eggert
- RE: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? Yu-Shun Wang
- RE: Another field for traffic selector? Radia Perlman - Boston Center for Networking
- RE: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? sankar ramamoorthi
- RE: Another field for traffic selector? Claudio Lordello
- Re: Another field for traffic selector? Shane Amante
- Re: Another field for traffic selector? Henry Spencer
- Re: Another field for traffic selector? Mark Duffy
- RE: Another field for traffic selector? Michael Thomas
- Re: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? Lars Eggert
- Re: Another field for traffic selector? Yu-Shun Wang
- Re: Another field for traffic selector? Scott G. Kelly
- Re: Another field for traffic selector? Joe Touch
- Re: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? Scott G. Kelly
- Re: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? Markku Savela
- Re: Another field for traffic selector? Scott G. Kelly
- Re: Another field for traffic selector? Scott G. Kelly
- Re: Another field for traffic selector? Radia Perlman - Boston Center for Networking
- Re: Another field for traffic selector? Derek Atkins
- Re: Another field for traffic selector? Radia Perlman - Boston Center for Networking
- RE: Another field for traffic selector? Cambria, Michael (Michael)
- Re: Another field for traffic selector? Mark Duffy
- Re: RE: Another field for traffic selector? Radia.Perlman
- Re: Another field for traffic selector? Derek Atkins
- Re: Another field for traffic selector? Derek Atkins
- RE: Another field for traffic selector? Cambria, Michael (Michael)
- Re: Another field for traffic selector? Mark Duffy
- Re: Another field for traffic selector? Geoff Keating