Re: [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-01
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 16 July 2019 18:23 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE18B120CF6 for <ipsec@ietfa.amsl.com>; Tue, 16 Jul 2019 11:23:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uKagTL0uwz2 for <ipsec@ietfa.amsl.com>; Tue, 16 Jul 2019 11:23:51 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DFCE120CF3 for <ipsec@ietf.org>; Tue, 16 Jul 2019 11:23:51 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id CA3D53808A; Tue, 16 Jul 2019 14:23:47 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 84940B52; Tue, 16 Jul 2019 14:23:50 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Sandeep Kampati <sandeepkampati@huawei.com>
cc: "ipsec@ietf.org" <ipsec@ietf.org>, "Meduri S S Bharath (A)" <MeduriS.Bharath@huawei.com>, "Shengde (DOPRA VISP)" <shengde@huawei.com>
In-Reply-To: <2DA788A5A7D91747AEA54B502558D73828253F93@DGGEMM505-MBX.china.huawei.com>
References: <21677.1562175502@localhost> <2DA788A5A7D91747AEA54B502558D73828253F93@DGGEMM505-MBX.china.huawei.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Tue, 16 Jul 2019 14:23:50 -0400
Message-ID: <14449.1563301430@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/ktfpwiw6pClj_6N7509fVfQWQJk>
Subject: Re: [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-payloads-opt-01
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 18:23:55 -0000
I wasn't sure from your reply if you agreed with my numbers, or wanted to revise them. I think some numbers should go into the document, do you? Sandeep Kampati <sandeepkampati@huawei.com> wrote: > Most if deployment scenario what I observed is initiator is sending at > least 5 cryptographic suits, in some deployment scenarios they are > sending 120 cryptographic suites 5 suites makes sense. 120 does not sense to me, do you know what the combinatorics involved are? Since the gateway picks one and replies, the situation where the gateway wants to continue with the same one, there doesn't seem to be that much savings. > If more cryptographic suites are configured the saving with will > increase exponential. I don't think it's *exponential*, I think it's linear per connection :-) If you want to count savings per gateway, then it's O(n*m) where n=number of clients, m=number of suites. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-payload… Michael Richardson
- Re: [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-pay… Sandeep Kampati
- Re: [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-pay… Michael Richardson
- Re: [IPsec] draft-kampati-ipsecme-ikev2-sa-ts-pay… Paul Wouters