IETF Logo Mail Archive

Re: [tcmtf] Answers to possible questions in the BOF

"Jose Saldana" <jsaldana@unizar.es> Wed, 10 July 2013 07:50 UTC

Return-Path: <jsaldana@unizar.es>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE4EE21F9BCB for <tcmtf@ietfa.amsl.com>; Wed, 10 Jul 2013 00:50:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.268
X-Spam-Level:
X-Spam-Status: No, score=-6.268 tagged_above=-999 required=5 tests=[AWL=0.331, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7ua92MocqA5 for <tcmtf@ietfa.amsl.com>; Wed, 10 Jul 2013 00:50:49 -0700 (PDT)
Received: from ortiz.unizar.es (ortiz.unizar.es [155.210.1.52]) by ietfa.amsl.com (Postfix) with ESMTP id 01DA521F9BA8 for <tcmtf@ietf.org>; Wed, 10 Jul 2013 00:50:48 -0700 (PDT)
Received: from usuarioPC (gtc1pc12.cps.unizar.es [155.210.158.17]) by ortiz.unizar.es (8.13.8/8.13.8/Debian-3) with ESMTP id r6A7oYM8021190; Wed, 10 Jul 2013 09:50:35 +0200
From: Jose Saldana <jsaldana@unizar.es>
To: "'Muthu Arul Mozhi Perumal (mperumal)'" <mperumal@cisco.com>, "'Dan Wing (dwing)'" <dwing@cisco.com>
References: <007e01ce70c9$fe1a0aa0$fa4e1fe0$@unizar.es> <009901ce725a$d1623360$74269a20$@unizar.es> <2543ED38-A2FF-49D7-85E0-4790A31415BC@cisco.com> <20130628105725.lmag0xgqsgogggww@webmail.unizar.es> <EFFB6AC1-BF9A-47D9-B5B8-3DD34A508FE8@cisco.com> <E721D8C6A2E1544DB2DEBC313AF54DE22417E050@xmb-rcd-x02.cisco.com> <23E6BFC1-4D3C-48A5-A9A2-3BD32863F9A6@cisco.com> <E721D8C6A2E1544DB2DEBC313AF54DE22417FD51@xmb-rcd-x02.cisco.com>
In-Reply-To: <E721D8C6A2E1544DB2DEBC313AF54DE22417FD51@xmb-rcd-x02.cisco.com>
Date: Wed, 10 Jul 2013 09:50:37 +0200
Organization: Universidad de Zaragoza
Message-ID: <007901ce7d42$2d49fc20$87ddf460$@unizar.es>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHxl5HfJe4XxEPJrqhURPk2/vEH5gJG8kQSAT8jBAUB238Z4AIljoQ2An0f44UBvevVIgGBEpi6mK06z0A=
Content-Language: es
X-Mail-Scanned: Criba 2.0 + Clamd & Bogofilter
Cc: tcmtf@ietf.org, jltornos@unizar.es
Subject: Re: [tcmtf] Answers to possible questions in the BOF
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: jsaldana@unizar.es
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>, <mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2013 07:50:53 -0000

Muthu,

But in this case you have two security layers: the original flows use IPsec,
and you are adding another IPsec tunnel including all the compressed ones.
Am I right? Would this be necessary?

Jose

> -----Mensaje original-----
> De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En nombre de
> Muthu Arul Mozhi Perumal (mperumal)
> Enviado el: jueves, 04 de julio de 2013 15:42
> Para: Dan Wing (dwing)
> CC: tcmtf@ietf.org; jltornos@unizar.es; jsaldana@unizar.es
> Asunto: Re: [tcmtf] Answers to possible questions in the BOF
> 
> |My read of it was:  apply ROHC at the endpoint ("inner headers") and
> |then do IPsec.  That is, compress and then encrypt.
> 
> Right, Dan. I was thinking the (inner) headers of the packets going over
the
> same IPSec tunnel could first be compressed, multiplex, then encrypted and
> sent over that tunnel:
> 
> --------------------------------------------
> |outer IP hdr| ESP | MUX | ROHCoIPsec|Data1|
> |            |     | hdr |   hdr1    |     |
> --------------------------------------------
>                           ----------------------
>                           | ROHCoIPsec | Data2 |
>                           |    hdr2    |       |
>                           ----------------------
>                           -------------------------------------
>                           | ROHCoIPsec |  Data3  | ESP   | ESP|
>                           |    hdr3    |         |Trailer| ICV|
>                           -------------------------------------
>                     <-----------Encrypted-------->
> 
> Muthu
> 
> |-----Original Message-----
> |From: Dan Wing (dwing)
> |Sent: Thursday, July 04, 2013 12:26 AM
> |To: Muthu Arul Mozhi Perumal (mperumal)
> |Cc: jltornos@unizar.es; tcmtf@ietf.org; jsaldana@unizar.es
> |Subject: Re: [tcmtf] Answers to possible questions in the BOF
> |
> |
> |On Jul 3, 2013, at 11:51 AM, Muthu Arul Mozhi Perumal (mperumal)
> <mperumal@cisco.com> wrote:
> |
> |> |However, if there are a bunch of IPsec packets sharing a common
> |> |path, I could see them being successfully multiplexed into one
> |> |larger packet at one tunnel endpoint and then de-multiplexed at the
> other tunnel endpoint.
> |> |This can provide a packet per second reduction.  I don't think there
> |> |are enough bytes in an IPsec header to bother trying to do IPsec
> |> |header compression (SPI and sequence number are only 64 bits).
> |>
> |> Actually, RFC5856 describes how ROHC can be used over IPSec
> (ROHCoIPsec).
> |
> |My read of it was:  apply ROHC at the endpoint ("inner headers") and
> |then do IPsec.  That is, compress and then encrypt.
> |
> |-d
> |
> |
> |> Combining it with multiplexing the entire packets could provide
> |> significant reduction in the header
> |overhead, especially for IPv6, I think.
> |>
> |> Muthu
> |>
> |> |-----Original Message-----
> |> |From: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] On
> |> |Behalf Of Dan Wing (dwing)
> |> |Sent: Monday, July 01, 2013 10:25 PM
> |> |To: jltornos@unizar.es
> |> |Cc: tcmtf@ietf.org; jsaldana@unizar.es
> |> |Subject: Re: [tcmtf] Answers to possible questions in the BOF
> |> |
> |> |
> |> |On Jun 28, 2013, at 1:57 AM, jltornos@unizar.es wrote:
> |> |
> |> |> Hi all,
> |> |>
> |> |> Few days ago Julian talked about TCM-TF's security and now I've
> |> |> read in the link included by Dan,
> |> |saying that the gain obtained when multiplexing Ipsec-encrypted
> |> |packets is 20-to-1. We have been looking for more information about
> |> |this issue and thinking about a way to reduce the needed
> |bandwidth
> |> |in IPsec flows.
> |> |>
> |> |> The main idea is to find a way to change the authentication of the
> |> |> individual packets and merge
> |all
> |> |of them in a unique authentication. Thus, instead of using 20 IPsec
> |> |tunnels, we would have a single tunnel including 20 flows. Is this
> something similar than how Cisco gets the improvement?
> |> |
> |> |We would not be able to change IPsec any more than we could change
> |> |TCP, so I would not look at how
> |to
> |> |change IPsec authentication.
> |> |
> |> |However, if there are a bunch of IPsec packets sharing a common
> |> |path, I could see them being successfully multiplexed into one
> |> |larger packet at one tunnel endpoint and then de-multiplexed at
> |the
> |> |other tunnel endpoint.  This can provide a packet per second
> |> |reduction.  I don't think there are enough bytes in an IPsec header
> |> |to bother trying to do IPsec header compression (SPI and sequence
> number are only 64 bits).
> |> |
> |> |-d
> |> |
> |> |
> |> |>
> |> |> José Luis
> |> |>
> |> |>
> |> |>
> |> |> Dan Wing <dwing@cisco.com> ha escrito:
> |> |>
> |> |>>
> |> |>> On Jun 26, 2013, at 3:49 AM, Jose Saldana <jsaldana@unizar.es>
> wrote:
> |> |>>
> |> |>>> Question 4: Is TCM-TF interesting for the Industry? Should the
IETF
> standardize this?
> |> |>>>
> |> |>>> Answer:
> |> |>>>
> |> |>>> 1) TCM-TF intends to update RFC4170, which optimizes RTP VoIP
> |> |>>> traffic. So if RFC4170 was
> |> |interesting, why not updating it?
> |> |>>>
> |> |>>> 2) TCM-TF can be useful in order to save bandwidth in many cases:
> |> |>>>
> |> |>>> - Aggregation network of *network operators*: We are saving
> |> |>>> bandwidth by optimizing and
> |putting
> |> |together traffic flows. Is this  interesting for a network operator?
What
> about overprovisioning?
> |The
> |> |idea is that there are places and moments in which a number of
> |> |flows based on small packets are in the same place and at the same
> |> |moment. Then, TCM-TF can be applied in order to provide
> |flexibility.
> |> |We are not optimizing the overall Internet traffic, we  are
> |> |optimizing specific flows with very
> |tight
> |> |delay requirements,  which network operators have to take care of in a
> special way.
> |> |>>> www.huawei.com/ilink/en/download/HW_193034
> |> |>>>
> |> |>>> - *End to end* optimization: Nowadays, many appliances are used
> |> |>>> to  connect remote offices of
> |the
> |> |same company (creating a VPN). So if  a tunnel exists, why not
> |> |optimizing this traffic when
> |possible?
> |> |We  would save bandwidth in the access network, where it can be
> scarce.
> |> |>>>
> |> |>>> - Wireless and satellite scenarios.
> |> |>>
> |> |>> "Cisco adds IP multiplexing to mobile satellite package", April
> |> |>> 2012,
> |> |http://www.networkworld.com/news/2012/040912-cisco-ip-
> multiplexing-2
> |> |58082.html
> |> |>>
> |> |>>
> |> |>>
> |> |>>>
> |> |>>>
> |> |>>> Any other thoughts? Any other scenarios in mind? Potential
> beneficiaries?
> |> |>>
> |> |>> Some networks, today, use cRTP (RFC2508) on their access links.
This
> gives bandwidth savings
> |on
> |> |the access link, but consumes  considerable CPU horsepower on the
> aggregation router (to perform
> |> |cRTP), but provides no bandwidth savings across the network core.
If,
> instead, the bandwidth
> |could
> |> |be saved on the access link, across  the core, and on the far-end
> |> |access link -- all without the
> |CPU
> |> |impact on the aggregation router -- it is a considerable win.
> |> |>>
> |> |>> -d
> |> |>>
> |> |>>
> |> |>>
> |> |>>>
> |> |>>>
> |> |>>> Jose
> |> |>>>
> |> |>>> De: tcmtf-bounces@ietf.org [mailto:tcmtf-bounces@ietf.org] En
> |> |>>> nombre de Jose Saldana Enviado el: lunes, 24 de junio de 2013
> |> |>>> 13:00
> |> |>>> Para: tcmtf@ietf.org
> |> |>>> Asunto: [tcmtf] Answers to possible questions in the BOF
> |> |>>>
> |> |>>> I would like to start a thread about possible questions people
> |> |>>> may  ask in the BOF. Obviously,
> |we
> |> |also need answers, so we should  cooperate.
> |> |>>>
> |> |>>> This is different from the "questions to ask in the BOF". This
will  be
> discussed separately.
> |> |>>>
> |> |>>> Thanks!
> |> |>>>
> |> |>>> Jose
> |> |>>>
> |> |>>> _______________________________________________
> |> |>>> tcmtf mailing list
> |> |>>> tcmtf@ietf.org
> |> |>>> https://www.ietf.org/mailman/listinfo/tcmtf
> |> |>>
> |> |>>
> |> |>
> |> |>
> |> |>
> |> |
> |> |_______________________________________________
> |> |tcmtf mailing list
> |> |tcmtf@ietf.org
> |> |https://www.ietf.org/mailman/listinfo/tcmtf
> 
> _______________________________________________
> tcmtf mailing list
> tcmtf@ietf.org
> https://www.ietf.org/mailman/listinfo/tcmtf

v2.23.0 | Report a Bug | By Email