Re: [tcmtf] Answers to possible questions in the BOF
"Jose Saldana" <jsaldana@unizar.es> Wed, 03 July 2013 15:58 UTC
Return-Path: <jsaldana@unizar.es>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2879011E81C8 for <tcmtf@ietfa.amsl.com>; Wed, 3 Jul 2013 08:58:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aS-vOP30LT5d for <tcmtf@ietfa.amsl.com>; Wed, 3 Jul 2013 08:58:41 -0700 (PDT)
Received: from isuela.unizar.es (isuela.unizar.es [155.210.1.53]) by ietfa.amsl.com (Postfix) with ESMTP id 048C711E81D2 for <tcmtf@ietf.org>; Wed, 3 Jul 2013 08:58:36 -0700 (PDT)
Received: from usuarioPC (gtc1pc12.cps.unizar.es [155.210.158.17]) by isuela.unizar.es (8.13.8/8.13.8/Debian-3) with ESMTP id r63FwSrx013950; Wed, 3 Jul 2013 17:58:28 +0200
From: Jose Saldana <jsaldana@unizar.es>
To: 'jsalazar' <jsalazar@unizar.es>, tcmtf@ietf.org
References: <007e01ce70c9$fe1a0aa0$fa4e1fe0$@unizar.es> <009901ce725a$d1623360$74269a20$@unizar.es> <2543ED38-A2FF-49D7-85E0-4790A31415BC@cisco.com> <20130628105725.lmag0xgqsgogggww@webmail.unizar.es> <EFFB6AC1-BF9A-47D9-B5B8-3DD34A508FE8@cisco.com> <95d1a818ab88cf76070677949afba188@unizar.es>
In-Reply-To: <95d1a818ab88cf76070677949afba188@unizar.es>
Date: Wed, 03 Jul 2013 17:58:31 +0200
Organization: Universidad de Zaragoza
Message-ID: <007101ce7806$2d215860$87640920$@unizar.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHxl5HfJe4XxEPJrqhURPk2/vEH5gJG8kQSAT8jBAUB238Z4AIljoQ2AbET9qCYwxNQwA==
Content-Language: es
X-Mail-Scanned: Criba 2.0 + Clamd & Bogofilter
Subject: Re: [tcmtf] Answers to possible questions in the BOF
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: jsaldana@unizar.es
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2013 15:58:45 -0000
Hi, Jose Luis. Good point. Regarding security, we could establish this classification: 1- Adding security to TCM: I have a number of non-secured flows traveling through a “dangerous” network segment (perhaps a tunnel between appliances connecting remote offices of a company), and I want not only traffic optimization but also security. In this case, I can simply use IPsec on the tunnel. 2- Using TCM for optimizing already secured communications: I have a bunch of already secured flows. Which is the best way for tunneling, compressing and multiplexing them? Two subcases: 2a- I can use TCM normally, but not only compress IP, TCP or UDP headers, but also security headers using a header compression method. Some possibilities for compressing security headers: - ROHCoIPsec, RFC5856 (http://tools.ietf.org/html/rfc5856) - RFC5225 http://tools.ietf.org/html/rfc5225 2b- But I can save more bandwidth if the TCM-ingress optimizer (TCM-IO) is able to: - rebuild the packets to their native form - TCM-optimize them - put them into a single security tunnel I have three phases (let's suppose I have 20 communications): Origin 1 Origin 2 <----20 secured flows --------> TCM-IO <------1 tunnel------> TCM-EO <-------- 20 secured flows----> destination 1, 2, 20 ... Origin 20 I have an advantage: In the shared network path, I use a single tunnel instead of 20 different tunnels. But I have some additional requirements: I need processing capacity in the TCM optimizers, and the endpoints should trust them. Is this classification correct? Any other options? Any other requirements? It is time for "security experts". Jose > -----Mensaje original----- > De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En nombre de > jsalazar > Enviado el: lunes, 01 de julio de 2013 20:50 > Para: tcmtf@ietf.org > Asunto: Re: [tcmtf] Answers to possible questions in the BOF > > Hi all: > Mmmmmmm. Since I see tcm-tf as a service, I can design the service with > added security features that the type of communication is requiring. I think > we have to be clear what we are expressing when we are talking about > secure tcm-tf: Ensuring the service tcm-tf or applying the tcm-tf service for > secure communications. > The first possibility is not a great technological sophistication and the second > one might consider the first one as a possible additional service. Therefore, > every time we use the term "secure tcm-tf" should think the second option, > for generality. > On the other hand, we must also keep in mind that whenever users employ > secure tcm-tf, they must trust the service fully and consider delegating the > use of their keys (including private ones) to tcm-tf. > > Regards. > > JL > > "I see them falling out the skies like eagles > All mirrored glass and shattered egos" > > Simple Minds. > > El 2013-07-01 18:55, Dan Wing escribió: > > On Jun 28, 2013, at 1:57 AM, jltornos@unizar.es wrote: > > > > Hi all, > > > > Few days ago Julian talked about TCM-TF's security and now I've read in > > the link included by Dan, saying that the gain obtained when > > multiplexing Ipsec-encrypted packets is 20-to-1. We have been looking > > for more information about this issue and thinking about a way to > > reduce the needed bandwidth in IPsec flows. > > > > The main idea is to find a way to change the authentication of the > > individual packets and merge all of them in a unique authentication. > > Thus, instead of using 20 IPsec tunnels, we would have a single tunnel > > including 20 flows. Is this something similar than how Cisco gets the > > improvement? > > > > We would not be able to change IPsec any more than we could change > > TCP, so I would not look at how to change IPsec authentication. > > > > However, if there are a bunch of IPsec packets sharing a common path, > > I could see them being successfully multiplexed into one larger packet > > at one tunnel endpoint and then de-multiplexed at the other tunnel > > endpoint. This can provide a packet per second reduction. I don't > > think there are enough bytes in an IPsec header to bother trying to do > > IPsec header compression (SPI and sequence number are only 64 bits). > > > > -d > > > > > > > > José Luis > > > > > > > > Dan Wing <dwing@cisco.com> ha escrito: > > > > > > On Jun 26, 2013, at 3:49 AM, Jose Saldana <jsaldana@unizar.es> wrote: > > > > Question 4: Is TCM-TF interesting for the Industry? Should the IETF > > standardize this? > > > > Answer: > > > > 1) TCM-TF intends to update RFC4170, which optimizes RTP VoIP traffic. > > So if RFC4170 was interesting, why not updating it? > > > > 2) TCM-TF can be useful in order to save bandwidth in many cases: > > > > - Aggregation network of *network operators*: We are saving bandwidth > > by optimizing and putting together traffic flows. Is this interesting > > for a network operator? What about overprovisioning? The idea is that > > there are places and moments in which a number of flows based on small > > packets are in the same place and at the same moment. Then, TCM-TF can > > be applied in order to provide flexibility. We are not optimizing the > > overall Internet traffic, we are optimizing specific flows with very > > tight delay requirements, which network operators have to take care of > > in a special way. > > www.huawei.com/ilink/en/download/HW_193034 > > > > - *End to end* optimization: Nowadays, many appliances are used to > > connect remote offices of the same company (creating a VPN). So if a > > tunnel exists, why not optimizing this traffic when possible? We would > > save bandwidth in the access network, where it can be scarce. > > > > - Wireless and satellite scenarios. > > > > "Cisco adds IP multiplexing to mobile satellite package", April 2012, > > http://www.networkworld.com/news/2012/040912-cisco-ip-multiplexing- > 258082.html > > > > > > > > > > > > Any other thoughts? Any other scenarios in mind? Potential > > beneficiaries? > > > > Some networks, today, use cRTP (RFC2508) on their access links. This > > gives bandwidth savings on the access link, but consumes considerable > > CPU horsepower on the aggregation router (to perform cRTP), but > > provides no bandwidth savings across the network core. If, instead, > > the bandwidth could be saved on the access link, across the core, and > > on the far-end access link -- all without the CPU impact on the > > aggregation router -- it is a considerable win. > > > > -d > > > > > > > > > > > > Jose > > > > De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En nombre > > de Jose Saldana > > Enviado el: lunes, 24 de junio de 2013 13:00 > > Para: tcmtf@ietf.org > > Asunto: [tcmtf] Answers to possible questions in the BOF > > > > I would like to start a thread about possible questions people may ask > > in the BOF. Obviously, we also need answers, so we should cooperate. > > > > This is different from the "questions to ask in the BOF". This will be > > discussed separately. > > > > Thanks! > > > > Jose > > > > _______________________________________________ > > tcmtf mailing list > > tcmtf@ietf.org > > https://www.ietf.org/mailman/listinfo/tcmtf > > > > > > > > > > > > > > _______________________________________________ > > tcmtf mailing list > > tcmtf@ietf.org > > https://www.ietf.org/mailman/listinfo/tcmtf > > _______________________________________________ > tcmtf mailing list > tcmtf@ietf.org > https://www.ietf.org/mailman/listinfo/tcmtf
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- [tcmtf] Answers to possible questions in the BOF Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Julián Fernández-Navajas
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Julián Fernández-Navajas
- Re: [tcmtf] Answers to possible questions in the … Mirko Sužnjević
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … DAVID FLOREZ RODRIGUEZ
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Tomaso.deCola
- Re: [tcmtf] Answers to possible questions in the … jltornos
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Michael Ramalho (mramalho)
- Re: [tcmtf] Answers to possible questions in the … jsalazar
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Michael Ramalho (mramalho)
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- [tcmtf] Fwd: RE: Answers to possible questions in… jsalazar
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Diego R. Lopez
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … gorry
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … jltornos
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Spencer Dawkins
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Diego R. Lopez