IETF Logo Mail Archive

Re: [IPsec] Questions for draft-ponchon-ipsecme-anti-replay-subspaces

"Paul Ponchon (pponchon)" <pponchon@cisco.com> Mon, 14 August 2023 17:00 UTC

Return-Path: <pponchon@cisco.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FDBAC1519A1; Mon, 14 Aug 2023 10:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.604
X-Spam-Level:
X-Spam-Status: No, score=-9.604 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="Zwq4xKbV"; dkim=pass (1024-bit key) header.d=cisco.com header.b="oAko+GRA"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CFaWcqyPBXbl; Mon, 14 Aug 2023 10:00:12 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B62EEC1516E1; Mon, 14 Aug 2023 10:00:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=16671; q=dns/txt; s=iport; t=1692032411; x=1693242011; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=9+Q8JCh/oI+Ezu8wtHPueL2c7Mj/e4ZZuqSr0Sw/hoM=; b=Zwq4xKbVf4McxuRzweOhDHoBKRByqVbcBOiRgCX+NEsRtHcuIsT0R2Fq 1Y89ALvxuLVI7MJgaUOjuJDQT2A9+iQMt0ekf4h+IhpgcjsHdiTU8100s V/QlrSg42hSAi2Skezx7oJrJuhz+sUP6ZOEhmZOgQ/pvUA1fIp3ByohYA g=;
X-IPAS-Result: A0BVAgAMXdpkmIgNJK1agQklgSqBMDFSdAJZKhJHiB0DhS2IYJ18gSUDVg8BAQENAQFEBAEBhQYChl0CJTQJDgECAgIBAQEBAwIDAQEBAQEBAwEBBQEBAQIBBwQUAQEBAQEBAQEeGQUQDieFaA2GBQIBAxIbEwEBNwEPAgEIDjgyJQIEDgUIDAcHglwBghZIAwGdVwGBQAKKJniBNIEBggkBAQYEBbJsCYFCh2caAWVlg2OETScbgUlEgViCaD6CYgKBOCqEEoIuhxGCXIJ8ggkYLgMEMoEQDAmLfCqBCAhfgW89Ag1VCwtjgRWCRwICEScTE0pxGwMHA4EEEC8HBDIdBwYJFxgXJQZRBy0kCRMVQASBeIFWCoEGPxUOEYJOKzY4GUuCZgkVBjpQeBAuBBQYgQwIBEslHxUeOBESGQ0DCHsdAjQ8AwUDBDYKFQ0LIQUUQwNIBkYDRB1AAwttPTUUGwUEZlkFnUUKgQOBU4FWBENwARoWToEWApI9Qo4VjjuUZAqEC6E6F6h5YpgqIKJdhRwCBAIEBQIOAQEGgWM6gVtwFYMiUhkPjjmDW495djsCBwsBAQMJiG+CWQEB
IronPort-PHdr: A9a23:p3CDMR1F9GTL1s+AsmDPZ1BlVkEcU/3cJAUZ7N8gk71RN/3l9JX5N 0uZ7vJo3xfFXoTevupNkPGe87vhVmoJ/YubvTgcfYZNWR4IhYRenwEpDMOfT0yuBPXrdCc9W s9FUQwt5Gm1ZHBcA922fFjOuju35D8WFA/4MF9tPuPzEY7Viey81vu5/NvYZAAbzDa4aKl5e Q2/th6Z9tFDmJZrMK831hrPrzNEev8Dw2RuKBPbk0P359y7+9ho9CE4hg==
IronPort-Data: A9a23:1yP/kqoTQ7zc93XJi7RkEkwNHK9eBmInZRIvgKrLsJaIsI4StFCzt garIBnSa/uDYWL2e9ggPY62o0MGvsTVx9c3TgtlqH00F3kSpePIVI+TRqvS04x+DSFioGZPt Zh2hgzodZhsJpPkjk7xdOCn9xGQ7InQLlbGILas1htZG0k8EU/NtTo5w7Ri2t4x3YDja++wk YqaT/P3aQfNNwFcagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDf3Zw0/Df2VhNrXSq 9AvY12O1jixEx8FUrtJm1tgG6EAaua60QOm0hK6V0U+6/RPjnRa70o1CBYTQXVupi+QrYh88 spQrMGzalwXGZ/vietIBnG0EwkmVUFH0LbDJX76usuJwgidNXDt2P5pSkoxOOX0+M4uXjoIr qJecWtLN0vd7w616OrTpu1EntwkKsLrO4U3sXB7xjafBvEjKXzGa/ySvIAIjGZu36iiG97uQ O42KgRuMC3YZkZgNg8QIbBvkuyB0yyXnzpw8QLJ+vVfD3Lo5A1py7XmGNvYZtLMQt9a9m6Uv GvI4yHhBRcRNNuZjDud6X+ng+KKlCXnWccIGaW8/+8vm0CZ3XQaAxANE1Kmvfm+kFWWWt9DJ QoT4CVGkEQp3EWvSt+4VBqirTvf+BUdQNFXVeY97Wlh15Y4/S6rP0UeVwwZZeY5qdZrRh9x6 Hi7vMLmUGkHXKKudVqR8bKdrDWXMCcTLHMfaSJscefjy4S4yG3Upk+RJuuPAJJZnfWuQmmhm WDiQDwWwuRN05JWi81X6Hia21qRSo71ohnZD+k9dkuh6g5/DGJOT9P1sQCBhRqswXrwc7Vsl HEAn87b5+cUANTW0ieMW+4KWrqu4p5p0QEwY3YxQvHNFBz0pBZPmLy8Bhkley+F1e5YIVfUj Lf741852XOqFCLCgVVLS4ywEd826qPrCM7oUPvZBvIXPMkoJVLeoHoyOB/It4wIrKTKufxvU Xt8WZj0ZUv29Yw8pNZLb75HiORylnxWKZ37FMiip/hY7VZuTCfFFehaWLd/Rus496iD6B7E6 MpSMtDi9vmseLOWX8UjyqZKdQpiBSFiXfje8pUHHsbdeVAOMD96VJfsLUYJJtYNc1J9zLmYp xlQmyZwlTLCuJEwAVnSMi87Nu63A84XQLBSFXVEAGtEEkMLOO6HxKwebJAwO7Ig8YReITRcF pHpp+3o7ixzdwn6
IronPort-HdrOrdr: A9a23:VMDwVammz/jHxAefqP9gh7uDPXTpDfOeimdD5ihNYBxZY6Wkfp +V/cjzhCWbtN9OYh4dcIi7Sda9qBPnn6Kc4eEqTNCftXrdyRWVxeBZnMbfKljbexEWmdQtrp uIH5IObeEYSGIK8foSgzPIX+rIouP3ipxA7N22pxwAPGIaCZ2IrT0JdzpzeXcGIjWucKBJbK Z0kfA33gZIF05nCvhTAENpY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC b4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKvy/VXEO0aGSAWQR4Z vxSiQbToFOArTqDyWISC7WqkrdOfAVmjjfIBGj8D3eSIfCNUMH4oJ69PJkm13imgUdVBUW6t MS44pf3KAnVC/ojWDz4cPFWAptkVfxqX0+kfQLh3gaSocGbqRNxLZvtH+9Pa1wah4S0rpXWd VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFojvA3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki94KLf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg2fwqaWGLEDQI+1llu1EU+fHNcnW2AW4OSITr/c=
X-Talos-CUID: 9a23:5te4aG0xq5y8Y7rw1sq5K7xfKPkIaGTvlHrqPFKhVGVKE4Oye3yB9/Yx
X-Talos-MUID: 9a23:KpBKYAvyz+tI7yIRIs2ntBZGG4RW4viXEEVWvplevOCmZCJ7EmLI
X-IronPort-Anti-Spam-Filtered: true
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-2.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 17:00:10 +0000
Received: from rcdn-opgw-1.cisco.com (rcdn-opgw-1.cisco.com [72.163.7.162]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 37EH09fO007954 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 14 Aug 2023 17:00:10 GMT
Authentication-Results: rcdn-opgw-1.cisco.com; dkim=pass (signature verified) header.i=@cisco.com; spf=Pass smtp.mailfrom=pponchon@cisco.com; dmarc=pass (p=quarantine dis=none) d=cisco.com
X-IronPort-AV: E=Sophos;i="6.01,173,1684800000"; d="scan'208,217";a="261936"
Received: from mail-bn7nam10lp2107.outbound.protection.outlook.com (HELO NAM10-BN7-obe.outbound.protection.outlook.com) ([104.47.70.107]) by rcdn-opgw-1.cisco.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Aug 2023 17:00:09 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mdJd+nQZSRR8mgE2mkK3T2xOViuD29a0VD0dU38j8nNA4sXchW6hafJA4Hte+W5jE8z6x+jiwrfXbvfnj4QVKG17+thjnWFW4gB+r+Y7aCwp5cwNweV88kjGOCV9vc3rz2G+RWo6EU4Du6TF2+55dOuKldzbbcQSbXyhoXK5UuI1w+/WOJx8H7XEB8WnZWH444GK3uaIJEpcfD5KiL22+7Vt7g/OwyBUf3D8c+Y8iia1/d2n08COpRCRTf6zof5/6kDLrP6NMDOUh3hmqbYpy8fIkYS34Bfi8lsdI35cSH0PS72K57TXuKrVlOvmAUdV+y2UKWcBaudkVW0FXICZRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tfKSlFzavDgIo15H2wNL8EYV9sNQUt5hGmTNseNH5HI=; b=E2Hn9tGAKhtYbwVMc8D6xp/+abDWwRerWFa36rbzM80/3XGWns//KqCNskIveck6SuER7VcT1KO9ISRHHDMnTXAX1NyMivKf4xzEg1rhYktGtBlr4lwtNlnmnECuBpzALcdq9/4sUncQhXDhOKK+g9F+11t52wh9sOFxM4AFHR9ZIy28vEElbCjIyicCCmC9Qjbw8BeuPdVNuw/haDWd9er+7B+Hk0cd+wzMiqGHSKKLKMJeUv79JZ4gmt5t8IuM3cb5xt8FDmCSeAAdtJGk7cAnhLVdr1XKcT40Y9xFYdApAtg+DT9uI918etG2AULg/S6rN1JvSIjJKSaaqK/CxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tfKSlFzavDgIo15H2wNL8EYV9sNQUt5hGmTNseNH5HI=; b=oAko+GRAKlJpXBJEEQgbuJ4XLNj+KlYuXTxq2xn4nElbdhNmtxhoAVryJyNkJEPhTGn8mofcdUhAPfw1zpul2ijG7u5MFe9YZDM4JzjrQQgQB6pnEsv+5SfgA6uCLP0/snD4fAjYljyiOSteOHo90FVn4THQV8OPOYvc82RHgFI=
Received: from DM6PR11MB4531.namprd11.prod.outlook.com (2603:10b6:5:2a5::19) by PH7PR11MB5959.namprd11.prod.outlook.com (2603:10b6:510:1e2::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6678.24; Mon, 14 Aug 2023 17:00:07 +0000
Received: from DM6PR11MB4531.namprd11.prod.outlook.com ([fe80::4ef0:8b76:4e84:c06a]) by DM6PR11MB4531.namprd11.prod.outlook.com ([fe80::4ef0:8b76:4e84:c06a%5]) with mapi id 15.20.6678.025; Mon, 14 Aug 2023 17:00:07 +0000
From: "Paul Ponchon (pponchon)" <pponchon@cisco.com>
To: Aseem Choudhary <achoudhary@aviatrix.com>, "draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org" <draft-ponchon-ipsecme-anti-replay-subspaces.authors@ietf.org>
CC: "ipsec@ietf.org" <ipsec@ietf.org>
Thread-Topic: Questions for draft-ponchon-ipsecme-anti-replay-subspaces
Thread-Index: AQHZznvw3YK9W6++MEKLvhHk3j6Rh6/qA1KJ
Date: Mon, 14 Aug 2023 17:00:07 +0000
Message-ID: <DM6PR11MB453129152AC683BA4AE8464FCB17A@DM6PR11MB4531.namprd11.prod.outlook.com>
References: <MW3PR11MB4697F948E5F548FE4A1E6590AB17A@MW3PR11MB4697.namprd11.prod.outlook.com>
In-Reply-To: <MW3PR11MB4697F948E5F548FE4A1E6590AB17A@MW3PR11MB4697.namprd11.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR11MB4531:EE_|PH7PR11MB5959:EE_
x-ms-office365-filtering-correlation-id: c79d4fa1-ac30-47a1-3e7e-08db9ce7e9a7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4gdAEu3UAfsWa6ZSv+atkpLkMpAXkh/BW8zpKNFvi+a3PqJ9IM2A32LUbPi5Hx+Mp9uyAkEA9vlw2ggV04l/BZymNW2PTbkceT3GzrS0kw1qlQUdh4+dsBVg+STI6E1DXnU0OM2viVGNULz5Q8AcvNmEttUeKriy3nnJEyQ/cs603HAwaM1uvkvyL5B3N1wcSCx907D9vAnD8UxFPsphy8jXZUwKk+rpSwGVd0zobS5QeOJ24kH2sqt3egjPd7EfG53u+2+uWeLSjlwkhdFO+/NCdZ/RaTvASqo5GqaYf/V2HOJeZH68i91BEFZc8qfDrInMGuRSaF5O2fixsOGUell5esV0DJLSnBJGfrjlH+tLbgJ+sLI0ynwZqSu2BSk3ZyyexWPnlMb7IGsfs51HFMK/OlTxl9wGt38VmYEQXoe+WGRm/koEsPzysdzytiLpUmI7D/Th+v7aghla/TNVA2NtwlDXmQ8MK76rjPQhWbbbhFk+n9nzMwiesO0zLTl3qGag3W+DLHkpwmEzqmJdyAHDlW4o8JFqRNgI5gCdlNt0u8VfF2a9icjDDyAE0izYeiXUMCs7sLfSI+9P+T+ZGepFAgBwocFaJ6VgGvfFNlrg26HdFm1/LoVWzcCRHiJ9
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4531.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(136003)(366004)(396003)(39860400002)(346002)(376002)(451199021)(186006)(1800799006)(86362001)(55016003)(66899021)(2906002)(7696005)(71200400001)(6506007)(26005)(110136005)(316002)(122000001)(64756008)(66446008)(66476007)(66556008)(76116006)(478600001)(38100700002)(41300700001)(38070700005)(66946007)(9686003)(5660300002)(4326008)(8676002)(52536014)(8936002)(83380400001)(33656002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zG96BYHefN3dyZqUnpOqHqjdMfcUDfcyAiKEqlfJeoKPJtmR1JH+sd6ZJ2xFIrkP8LtkKtF1jJGCcmgJwXIaPNLKGFVIEnrWLcj/3THqe2pzwPbNIaWrP5E7CXIRUGuXVtGpcFrwOBRLsw1NZ8In0Js3/U/hbkGGXrPt4E+JXyHGSk33qSgLPHzJ4PZWWqiJIX7ndliTviu0EqpDSrIi/B+skGB0aCpTpdBnBRnxqZjgG7iQ39QB+LqFlIwROWDcBiBlzF8YwiVG62RopJI329tdD7FEwz2GDqVIFjMGK3nH5V3/pl4Jkgc6SoCS2GnsSU5BmyLU3CjPkp0oAbENywlYNC5TCtSQU/yD6gyphswT+2InKVdKmEI4eY3yzetPc8m0CZ5h0GaUxeiynjIDu6kuyuKdlN4jdp5M4Kfo6wij4qCCgyjGYK7prPbUPzF66oZv+5jWgg8OjqlobysMwMqD8OPxDUw4+HVLXvqgrCOLt+u7m60HTIenKBFxE9k0y8QsgTJFmwuZxTAB87fM+Z9qMylP7xGLZ/xOjFgRTlX+Z9rLiJKl1zHqfLG9C/5EEwcundc++JEBE611Wbz5A7BBjOjEOnnrtMQy3IRS+Haen4v4jfCKd6naq8oRstVkT3dfU9WU58Zqz4kIvJepMtjddz1CyFsu76ja8pR4y531mvb+c2HmWP1WEf+osTidKLNyNdpWvbdF9cxFTHNKnMKqKnSh2w3YEDRtoAGusGVljX13laIatPYXqPszD02PMhYPaZBxzvGFx/6TUE5l4KJ9sMxGMc4SjTlVLvjq++66F+rjtH5ohcLcoZ6zzmr3aDrwIplL5ta3VAjBD0zp0cg65kU0Be/9479H4hIQH05cTZWDlHFTfmap4S1YilsA3HPMYfPc4Vp7XwkopFNJTUmSQBk+NNFCyNThyTbPrYfIOFqftqMZP3Ns4PyuOTa9Zv6cipOp6lDxNVjb4ehcRM7gG3qYRkueAcSxzbmDamVU2kI5q/eUIWCsn1Bd10ZeR34vQxhfCrw0WoobxVoFnlcUcb3JzEFPSjBaFswyGt3FP0JHhiByuaoBJPzNK0TTqP6GVfCl8H9iwKoTAUlrFS4+W7tt3tF5fdXYVv4SzWpM4NzSfumyTlothfpeIqQHqJ2GheKrfVjXfNmo3Xn36xmTShijaRFwDV3YrZPI+FOt88UaWc+s63Gd5dLYGgflLkM9fJySpwkvXij6occoFK/5ujLRqZiHo04xtaJFQPhN0baopjh6gzUMTJwdJPLU2Tc4Kvs5Twze0Quhcv6Z0vEE0Y/C03kXVrLo7zDXjt86rEh+m0uPj9KhPVxiaOU/OoXBXa6CjyUP3PkTsi3q4MvqIinx2AYWgVJKCqNge8cLjg2Au0PWDaKt3VUcvzAmaJda4OsSMU8qEBp4qDhTzG/BDA1g+NsyqWnIvS7WLaMi25F2sdVOhbMSuC5b3LcE21z7iZpCQYHZ3VgNKPa8UeIoduw5f0SJDdiiMuNPYJfYDHHlMCw0ZTO1xwTaNo2smj2meALYekrDeRDMlXiTUNDFy8J+jmUfdVyaDEVauotxJCz+PsdaKmewoJDTEIanMqExsKFbJ8CX379GtcNGpA==
Content-Type: multipart/alternative; boundary="_000_DM6PR11MB453129152AC683BA4AE8464FCB17ADM6PR11MB4531namp_"
MIME-Version: 1.0
X-OriginatorOrg: cisco.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4531.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c79d4fa1-ac30-47a1-3e7e-08db9ce7e9a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2023 17:00:07.4003 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tzaZF0jlgTTVHwJeJem9aBmx81bH/Bze/5ifzgNWi13VBYJea8sA6qb3U/CnzUQBR2u8neuK11qc9o9CCCKHZQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5959
X-Outbound-SMTP-Client: 72.163.7.162, rcdn-opgw-1.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/x2UE41Hqr1rHtib29aX3l6L7U7Q>
Subject: Re: [IPsec] Questions for draft-ponchon-ipsecme-anti-replay-subspaces
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2023 17:00:17 -0000

Hi Aseem,
Thanks for your questions.

1. Yes, you're correct there is still reordering potentially happening between the endpoints of the tunnel. However, the intention behind using the subspace is to limit the potential reordering of packets at the tunnel endpoints. By assigning packets to specific subspaces based on factors such as CPU core or QoS, the aim is to manage and mitigate the reordering within each subspace, thereby improving the utilisation of multiple cores and QoS classes at the endpoint. The reordering happening in between the endpoint is less easily controllable and just like with using an SA today, would be handled by the replay window of each subspaces but they don’t need to be very big.

2. At the moment, we are leaning towards not splitting the subspace for CPU and QoS, as this could introduce unnecessary complexity and overhead in maintaining and managing unused subspaces. We however don’t impose any constraint on how to use the subspace IDs as long as they are between 0 and <max negotiated subspaces> - 1. We are actively exploring the best approach to distributing the subspaces between sender and receiver. Any insights or suggestions from the community on this matter would be highly appreciated.

3. While we haven't implemented this solution with strongSwan, we are currently working on an implementation for the IPsec stack of VPP. We have updated the latest version of the draft to reflect what we found during the implementation. While the main focus remains on defining a proper way to distribute subspaces to maximise the performance and compatibility aspects in the open-source implementation.

Thank you for your feedback and questions. We appreciate your interest and welcome any additional input or insights you may have.
Paul

Aseem Choudhary <achoudhary@aviatrix.com> writes:

Hello Authors,

Thanks for writing the document. It is good work!

Few questions:


1.       Looks like packet mapping to subspaces either for the CPU core or QoS or combination is tunnel source local decision. Since packet along the path can be marked/remarked reclassified, mapped to different queues, reordering is still possible.

2.       Since subspace is 16 bit, any plan/suggestion favor/against to split space for CPU and QoS?

3.       Any implementation experience/plan with  strongSwan?

-thanks,
Aseem

v2.23.0 | Report a Bug | By Email