Re: [tcmtf] Answers to possible questions in the BOF
"Jose Saldana" <jsaldana@unizar.es> Wed, 10 July 2013 07:50 UTC
Return-Path: <jsaldana@unizar.es>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE4EE21F9BCB for <tcmtf@ietfa.amsl.com>; Wed, 10 Jul 2013 00:50:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.268
X-Spam-Level:
X-Spam-Status: No, score=-6.268 tagged_above=-999 required=5 tests=[AWL=0.331, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7ua92MocqA5 for <tcmtf@ietfa.amsl.com>; Wed, 10 Jul 2013 00:50:49 -0700 (PDT)
Received: from ortiz.unizar.es (ortiz.unizar.es [155.210.1.52]) by ietfa.amsl.com (Postfix) with ESMTP id 01DA521F9BA8 for <tcmtf@ietf.org>; Wed, 10 Jul 2013 00:50:48 -0700 (PDT)
Received: from usuarioPC (gtc1pc12.cps.unizar.es [155.210.158.17]) by ortiz.unizar.es (8.13.8/8.13.8/Debian-3) with ESMTP id r6A7oYM8021190; Wed, 10 Jul 2013 09:50:35 +0200
From: Jose Saldana <jsaldana@unizar.es>
To: "'Muthu Arul Mozhi Perumal (mperumal)'" <mperumal@cisco.com>, "'Dan Wing (dwing)'" <dwing@cisco.com>
References: <007e01ce70c9$fe1a0aa0$fa4e1fe0$@unizar.es> <009901ce725a$d1623360$74269a20$@unizar.es> <2543ED38-A2FF-49D7-85E0-4790A31415BC@cisco.com> <20130628105725.lmag0xgqsgogggww@webmail.unizar.es> <EFFB6AC1-BF9A-47D9-B5B8-3DD34A508FE8@cisco.com> <E721D8C6A2E1544DB2DEBC313AF54DE22417E050@xmb-rcd-x02.cisco.com> <23E6BFC1-4D3C-48A5-A9A2-3BD32863F9A6@cisco.com> <E721D8C6A2E1544DB2DEBC313AF54DE22417FD51@xmb-rcd-x02.cisco.com>
In-Reply-To: <E721D8C6A2E1544DB2DEBC313AF54DE22417FD51@xmb-rcd-x02.cisco.com>
Date: Wed, 10 Jul 2013 09:50:37 +0200
Organization: Universidad de Zaragoza
Message-ID: <007901ce7d42$2d49fc20$87ddf460$@unizar.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHxl5HfJe4XxEPJrqhURPk2/vEH5gJG8kQSAT8jBAUB238Z4AIljoQ2An0f44UBvevVIgGBEpi6mK06z0A=
Content-Language: es
X-Mail-Scanned: Criba 2.0 + Clamd & Bogofilter
Cc: tcmtf@ietf.org, jltornos@unizar.es
Subject: Re: [tcmtf] Answers to possible questions in the BOF
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: jsaldana@unizar.es
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2013 07:50:53 -0000
Muthu, But in this case you have two security layers: the original flows use IPsec, and you are adding another IPsec tunnel including all the compressed ones. Am I right? Would this be necessary? Jose > -----Mensaje original----- > De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En nombre de > Muthu Arul Mozhi Perumal (mperumal) > Enviado el: jueves, 04 de julio de 2013 15:42 > Para: Dan Wing (dwing) > CC: tcmtf@ietf.org; jltornos@unizar.es; jsaldana@unizar.es > Asunto: Re: [tcmtf] Answers to possible questions in the BOF > > |My read of it was: apply ROHC at the endpoint ("inner headers") and > |then do IPsec. That is, compress and then encrypt. > > Right, Dan. I was thinking the (inner) headers of the packets going over the > same IPSec tunnel could first be compressed, multiplex, then encrypted and > sent over that tunnel: > > -------------------------------------------- > |outer IP hdr| ESP | MUX | ROHCoIPsec|Data1| > | | | hdr | hdr1 | | > -------------------------------------------- > ---------------------- > | ROHCoIPsec | Data2 | > | hdr2 | | > ---------------------- > ------------------------------------- > | ROHCoIPsec | Data3 | ESP | ESP| > | hdr3 | |Trailer| ICV| > ------------------------------------- > <-----------Encrypted--------> > > Muthu > > |-----Original Message----- > |From: Dan Wing (dwing) > |Sent: Thursday, July 04, 2013 12:26 AM > |To: Muthu Arul Mozhi Perumal (mperumal) > |Cc: jltornos@unizar.es; tcmtf@ietf.org; jsaldana@unizar.es > |Subject: Re: [tcmtf] Answers to possible questions in the BOF > | > | > |On Jul 3, 2013, at 11:51 AM, Muthu Arul Mozhi Perumal (mperumal) > <mperumal@cisco.com> wrote: > | > |> |However, if there are a bunch of IPsec packets sharing a common > |> |path, I could see them being successfully multiplexed into one > |> |larger packet at one tunnel endpoint and then de-multiplexed at the > other tunnel endpoint. > |> |This can provide a packet per second reduction. I don't think there > |> |are enough bytes in an IPsec header to bother trying to do IPsec > |> |header compression (SPI and sequence number are only 64 bits). > |> > |> Actually, RFC5856 describes how ROHC can be used over IPSec > (ROHCoIPsec). > | > |My read of it was: apply ROHC at the endpoint ("inner headers") and > |then do IPsec. That is, compress and then encrypt. > | > |-d > | > | > |> Combining it with multiplexing the entire packets could provide > |> significant reduction in the header > |overhead, especially for IPv6, I think. > |> > |> Muthu > |> > |> |-----Original Message----- > |> |From: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] On > |> |Behalf Of Dan Wing (dwing) > |> |Sent: Monday, July 01, 2013 10:25 PM > |> |To: jltornos@unizar.es > |> |Cc: tcmtf@ietf.org; jsaldana@unizar.es > |> |Subject: Re: [tcmtf] Answers to possible questions in the BOF > |> | > |> | > |> |On Jun 28, 2013, at 1:57 AM, jltornos@unizar.es wrote: > |> | > |> |> Hi all, > |> |> > |> |> Few days ago Julian talked about TCM-TF's security and now I've > |> |> read in the link included by Dan, > |> |saying that the gain obtained when multiplexing Ipsec-encrypted > |> |packets is 20-to-1. We have been looking for more information about > |> |this issue and thinking about a way to reduce the needed > |bandwidth > |> |in IPsec flows. > |> |> > |> |> The main idea is to find a way to change the authentication of the > |> |> individual packets and merge > |all > |> |of them in a unique authentication. Thus, instead of using 20 IPsec > |> |tunnels, we would have a single tunnel including 20 flows. Is this > something similar than how Cisco gets the improvement? > |> | > |> |We would not be able to change IPsec any more than we could change > |> |TCP, so I would not look at how > |to > |> |change IPsec authentication. > |> | > |> |However, if there are a bunch of IPsec packets sharing a common > |> |path, I could see them being successfully multiplexed into one > |> |larger packet at one tunnel endpoint and then de-multiplexed at > |the > |> |other tunnel endpoint. This can provide a packet per second > |> |reduction. I don't think there are enough bytes in an IPsec header > |> |to bother trying to do IPsec header compression (SPI and sequence > number are only 64 bits). > |> | > |> |-d > |> | > |> | > |> |> > |> |> José Luis > |> |> > |> |> > |> |> > |> |> Dan Wing <dwing@cisco.com> ha escrito: > |> |> > |> |>> > |> |>> On Jun 26, 2013, at 3:49 AM, Jose Saldana <jsaldana@unizar.es> > wrote: > |> |>> > |> |>>> Question 4: Is TCM-TF interesting for the Industry? Should the IETF > standardize this? > |> |>>> > |> |>>> Answer: > |> |>>> > |> |>>> 1) TCM-TF intends to update RFC4170, which optimizes RTP VoIP > |> |>>> traffic. So if RFC4170 was > |> |interesting, why not updating it? > |> |>>> > |> |>>> 2) TCM-TF can be useful in order to save bandwidth in many cases: > |> |>>> > |> |>>> - Aggregation network of *network operators*: We are saving > |> |>>> bandwidth by optimizing and > |putting > |> |together traffic flows. Is this interesting for a network operator? What > about overprovisioning? > |The > |> |idea is that there are places and moments in which a number of > |> |flows based on small packets are in the same place and at the same > |> |moment. Then, TCM-TF can be applied in order to provide > |flexibility. > |> |We are not optimizing the overall Internet traffic, we are > |> |optimizing specific flows with very > |tight > |> |delay requirements, which network operators have to take care of in a > special way. > |> |>>> www.huawei.com/ilink/en/download/HW_193034 > |> |>>> > |> |>>> - *End to end* optimization: Nowadays, many appliances are used > |> |>>> to connect remote offices of > |the > |> |same company (creating a VPN). So if a tunnel exists, why not > |> |optimizing this traffic when > |possible? > |> |We would save bandwidth in the access network, where it can be > scarce. > |> |>>> > |> |>>> - Wireless and satellite scenarios. > |> |>> > |> |>> "Cisco adds IP multiplexing to mobile satellite package", April > |> |>> 2012, > |> |http://www.networkworld.com/news/2012/040912-cisco-ip- > multiplexing-2 > |> |58082.html > |> |>> > |> |>> > |> |>> > |> |>>> > |> |>>> > |> |>>> Any other thoughts? Any other scenarios in mind? Potential > beneficiaries? > |> |>> > |> |>> Some networks, today, use cRTP (RFC2508) on their access links. This > gives bandwidth savings > |on > |> |the access link, but consumes considerable CPU horsepower on the > aggregation router (to perform > |> |cRTP), but provides no bandwidth savings across the network core. If, > instead, the bandwidth > |could > |> |be saved on the access link, across the core, and on the far-end > |> |access link -- all without the > |CPU > |> |impact on the aggregation router -- it is a considerable win. > |> |>> > |> |>> -d > |> |>> > |> |>> > |> |>> > |> |>>> > |> |>>> > |> |>>> Jose > |> |>>> > |> |>>> De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En > |> |>>> nombre de Jose Saldana Enviado el: lunes, 24 de junio de 2013 > |> |>>> 13:00 > |> |>>> Para: tcmtf@ietf.org > |> |>>> Asunto: [tcmtf] Answers to possible questions in the BOF > |> |>>> > |> |>>> I would like to start a thread about possible questions people > |> |>>> may ask in the BOF. Obviously, > |we > |> |also need answers, so we should cooperate. > |> |>>> > |> |>>> This is different from the "questions to ask in the BOF". This will be > discussed separately. > |> |>>> > |> |>>> Thanks! > |> |>>> > |> |>>> Jose > |> |>>> > |> |>>> _______________________________________________ > |> |>>> tcmtf mailing list > |> |>>> tcmtf@ietf.org > |> |>>> https://www.ietf.org/mailman/listinfo/tcmtf > |> |>> > |> |>> > |> |> > |> |> > |> |> > |> | > |> |_______________________________________________ > |> |tcmtf mailing list > |> |tcmtf@ietf.org > |> |https://www.ietf.org/mailman/listinfo/tcmtf > > _______________________________________________ > tcmtf mailing list > tcmtf@ietf.org > https://www.ietf.org/mailman/listinfo/tcmtf
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- [tcmtf] Answers to possible questions in the BOF Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Julián Fernández-Navajas
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Julián Fernández-Navajas
- Re: [tcmtf] Answers to possible questions in the … Mirko Sužnjević
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … DAVID FLOREZ RODRIGUEZ
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Tomaso.deCola
- Re: [tcmtf] Answers to possible questions in the … jltornos
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Michael Ramalho (mramalho)
- Re: [tcmtf] Answers to possible questions in the … jsalazar
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Michael Ramalho (mramalho)
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- [tcmtf] Fwd: RE: Answers to possible questions in… jsalazar
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Diego R. Lopez
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … gorry
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … jltornos
- Re: [tcmtf] Answers to possible questions in the … Muthu Arul Mozhi Perumal (mperumal)
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Spencer Dawkins
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Dan Wing
- Re: [tcmtf] Answers to possible questions in the … Jose Saldana
- Re: [tcmtf] Answers to possible questions in the … Diego R. Lopez