IETF Logo Mail Archive

Re: [tcmtf] Answers to possible questions in the BOF

"Jose Saldana" <jsaldana@unizar.es> Mon, 01 July 2013 09:47 UTC

Return-Path: <jsaldana@unizar.es>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A619E21F9CE2 for <tcmtf@ietfa.amsl.com>; Mon, 1 Jul 2013 02:47:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Level:
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n+fJ3KPNVxDv for <tcmtf@ietfa.amsl.com>; Mon, 1 Jul 2013 02:47:01 -0700 (PDT)
Received: from isuela.unizar.es (isuela.unizar.es [155.210.1.53]) by ietfa.amsl.com (Postfix) with ESMTP id 6469E21F9CDC for <tcmtf@ietf.org>; Mon, 1 Jul 2013 02:47:00 -0700 (PDT)
Received: from usuarioPC (gtc1pc12.cps.unizar.es [155.210.158.17]) by isuela.unizar.es (8.13.8/8.13.8/Debian-3) with ESMTP id r619kulb020656; Mon, 1 Jul 2013 11:46:57 +0200
From: Jose Saldana <jsaldana@unizar.es>
To: jltornos@unizar.es
References: <007e01ce70c9$fe1a0aa0$fa4e1fe0$@unizar.es> <009901ce725a$d1623360$74269a20$@unizar.es> <2543ED38-A2FF-49D7-85E0-4790A31415BC@cisco.com> <20130628105725.lmag0xgqsgogggww@webmail.unizar.es>
In-Reply-To: <20130628105725.lmag0xgqsgogggww@webmail.unizar.es>
Date: Mon, 01 Jul 2013 11:46:58 +0200
Organization: Universidad de Zaragoza
Message-ID: <011a01ce763f$eddffde0$c99ff9a0$@unizar.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHxl5HfJe4XxEPJrqhURPk2/vEH5gJG8kQSAT8jBAUB238Z4JjePvHA
Content-Language: es
X-Mail-Scanned: Criba 2.0 + Clamd & Bogofilter
Cc: tcmtf@ietf.org
Subject: Re: [tcmtf] Answers to possible questions in the BOF
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: jsaldana@unizar.es
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 09:47:06 -0000

Hi, Jose Luis.

Regarding security, we can also think about "Unified threat management"
(http://en.wikipedia.org/wiki/Unified_Threat_Management), an appliance used
for connecting remote offices, creating VPNs.

If we merge this concept with "WAN optimization"
(http://en.wikipedia.org/wiki/WAN_optimization), we can have a device next
to the router, which can use TCM-TF.

Considering that security headers, if a new header has to be added to each
packet, then the obtained savings by multiplexing can be even higher.
Perhaps we could do a preliminary study of the expected (asymptotic)
bandwidth savings which could be obtained on each case:

- IPSec
	- transport mode
	- tunnel mode

	- Authentication header
	- Encrypt header

More options?


Perhaps we could consider 20 packets, and calculate:

Number of bytes for a tunnel including 20 packets / Number of bytes for a 20
tunnels

Would it be very complicated? I am not a security expert...

Jose

> -----Mensaje original-----
> De: jltornos@unizar.es [mailto:jltornos@unizar.es]
> Enviado el: viernes, 28 de junio de 2013 10:57
> Para: Dan Wing
> CC: jsaldana@unizar.es; tcmtf@ietf.org
> Asunto: Re: [tcmtf] Answers to possible questions in the BOF
> 
> Hi all,
> 
> Few days ago Julian talked about TCM-TF's security and now I've read in
the
> link included by Dan, saying that the gain obtained when multiplexing
Ipsec-
> encrypted packets is 20-to-1. We have been looking for more information
> about this issue and thinking about a way to reduce the needed  bandwidth
> in IPsec flows.
> 
> The main idea is to find a way to change the authentication of the
individual
> packets and merge all of them in a unique authentication.
> Thus, instead of using 20 IPsec tunnels, we would have a single tunnel
> including 20 flows. Is this something similar than how Cisco gets the
> improvement?
> 
> José Luis
> 
> 
> 
> Dan Wing <dwing@cisco.com> ha escrito:
> 
> >
> > On Jun 26, 2013, at 3:49 AM, Jose Saldana <jsaldana@unizar.es> wrote:
> >
> >> Question 4: Is TCM-TF interesting for the Industry? Should the IETF
> >> standardize this?
> >>
> >> Answer:
> >>
> >> 1) TCM-TF intends to update RFC4170, which optimizes RTP VoIP
> >> traffic. So if RFC4170 was interesting, why not updating it?
> >>
> >> 2) TCM-TF can be useful in order to save bandwidth in many cases:
> >>
> >> - Aggregation network of *network operators*: We are saving
> >> bandwidth by optimizing and putting together traffic flows. Is this
> >>  interesting for a network operator? What about overprovisioning?
> >> The idea is that there are places and moments in which a number of
> >> flows based on small packets are in the same place and at the same
> >> moment. Then, TCM-TF can be applied in order to provide
> >> flexibility. We are not optimizing the overall Internet traffic, we
> >>  are optimizing specific flows with very tight delay requirements,
> >> which network operators have to take care of in a special way.
> >> www.huawei.com/ilink/en/download/HW_193034
> >>
> >> - *End to end* optimization: Nowadays, many appliances are used to
> >> connect remote offices of the same company (creating a VPN). So if
> >> a tunnel exists, why not optimizing this traffic when possible? We
> >> would save bandwidth in the access network, where it can be scarce.
> >>
> >> - Wireless and satellite scenarios.
> >
> > "Cisco adds IP multiplexing to mobile satellite package", April
> > 2012,
> > http://www.networkworld.com/news/2012/040912-cisco-ip-multiplexing-
> 258
> > 082.html
> >
> >
> >
> >>
> >>
> >> Any other thoughts? Any other scenarios in mind? Potential
beneficiaries?
> >
> > Some networks, today, use cRTP (RFC2508) on their access links.
> > This gives bandwidth savings on the access link, but consumes
> > considerable CPU horsepower on the aggregation router (to perform
> > cRTP), but provides no bandwidth savings across the network core.
> > If, instead, the bandwidth could be saved on the access link, across
> >  the core, and on the far-end access link -- all without the CPU
> > impact on the aggregation router -- it is a considerable win.
> >
> > -d
> >
> >
> >
> >>
> >>
> >> Jose
> >>
> >> De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En
> >> nombre de Jose Saldana
> >> Enviado el: lunes, 24 de junio de 2013 13:00
> >> Para: tcmtf@ietf.org
> >> Asunto: [tcmtf] Answers to possible questions in the BOF
> >>
> >> I would like to start a thread about possible questions people may
> >> ask in the BOF. Obviously, we also need answers, so we should
> >> cooperate.
> >>
> >> This is different from the "questions to ask in the BOF". This will
> >> be discussed separately.
> >>
> >> Thanks!
> >>
> >> Jose
> >>
> >> _______________________________________________
> >> tcmtf mailing list
> >> tcmtf@ietf.org
> >> https://www.ietf.org/mailman/listinfo/tcmtf
> >
> >
> 
>

v2.23.0 | Report a Bug | By Email