IETF Logo Mail Archive

Re: [mpls] FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt

Mark Tinka <mark.tinka@seacom.mu> Sun, 12 January 2014 12:15 UTC

Return-Path: <mark.tinka@seacom.mu>
X-Original-To: mpls@ietfa.amsl.com
Delivered-To: mpls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5408E1AE044 for <mpls@ietfa.amsl.com>; Sun, 12 Jan 2014 04:15:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.589
X-Spam-Level:
X-Spam-Status: No, score=-0.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_AFFORDABLE=1, HOST_MISMATCH_COM=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HFdIYcvCdyku for <mpls@ietfa.amsl.com>; Sun, 12 Jan 2014 04:15:09 -0800 (PST)
Received: from the-host.seacom.mu (ge-0.ln-01-jnb.za.seacomnet.com [41.87.104.245]) by ietfa.amsl.com (Postfix) with ESMTP id BF45B1AE038 for <mpls@ietf.org>; Sun, 12 Jan 2014 04:15:08 -0800 (PST)
Received: from localhost ([127.0.0.1] helo=the-host.localnet) by the-host.seacom.mu with esmtp (Exim 4.80.1) (envelope-from <mark.tinka@seacom.mu>) id 1W2JwP-0007KF-3P; Sun, 12 Jan 2014 14:14:57 +0200
From: Mark Tinka <mark.tinka@seacom.mu>
Organization: SEACOM
To: mpls@ietf.org, erosen@cisco.com
Date: Sun, 12 Jan 2014 14:14:56 +0200
User-Agent: KMail/1.13.6 (Linux/2.6.37.6-24-desktop; KDE/4.6.0; i686; ; )
References: <6925.1389369966@erosen-linux>
In-Reply-To: <6925.1389369966@erosen-linux>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart10531304.FC2U0uHNGl"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Content-Transfer-Encoding: 7bit
Message-Id: <201401121414.56516.mark.tinka@seacom.mu>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [mpls] FW: I-D Action: draft-farrelll-mpls-opportunistic-encrypt-00.txt
X-BeenThere: mpls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mark.tinka@seacom.mu
List-Id: Multi-Protocol Label Switching WG <mpls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mpls>, <mailto:mpls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mpls/>
List-Post: <mailto:mpls@ietf.org>
List-Help: <mailto:mpls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mpls>, <mailto:mpls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jan 2014 12:15:10 -0000

On Friday, January 10, 2014 06:06:06 PM Eric Rosen wrote:

> I think encryption at the network layer is much more
> complicated to do at scale than is encryption at the
> data link layer.  There's just a lot more to figure out
> on a per-packet basis, and the system design becomes
> more complex.

This is one of my major concerns with this draft. 
Implementation is likely to make the forwarding plane very 
complex to the extent that if any vendor is brave enough to 
support this, they will, in all likelihood, develop a 
completely separate line card that employes this kind of 
security, while building the generalized line cards in 
parallel. Want to guess which one is more likely to be 
affordable/sellable?

Optical vendors are providing low-latency encryption at the 
link layer, but I suspect that will not succeed much (in the 
service provider market, anyway) because Ethernet speeds are 
growing at a very fast rate; and it's hard enough to scale 
that before one considers how adding security in the data 
plane affects the same.

Mark.

v2.23.0 | Report a Bug | By Email